Beispiel #1
0
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
    if ($name == '') {
        errAndDie('Project not found.');
    }
} else {
    emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
    errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
    errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
    errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
?>
<h2>Edit Project: <?php 
Beispiel #2
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Posts -> New Post', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
    if ($name == '') {
        print '<h3>Project not found.</h3>';
        emitBottom();
        die;
    }
} else {
    errAndDie('Project not specified.');
}
if ($userType == VISITOR) {
    errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
    errAndDie('Sorry, only admins may create news posts.');
}
?>
<h2>New Post for: <?php 
echo $name;
?>
Beispiel #3
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['name'])) {
    $name = $_GET['name'];
    emitTop('Peanut Butter -> Delete User: '******'/pb/');
} else {
    emitTop('Peanut Butter -> Delete User [ERROR]', $_SERVER['PHP_SELF']);
    print '<h3>Required information not specified.</h3>';
    emitBottom();
    die;
}
if ($userType != SITEADMIN) {
    print '<h3>Sorry, only siteadmins may delete users.</h3>';
    emitBottom();
    die;
}
if (isset($_GET['confirmed'])) {
    mysqlSetup();
    $mname = mysql_escape_string($name);
    $sqlquery = "DELETE FROM `pb_users` WHERE `name` = '{$mname}'";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    print '<h3>User Deleted.</h3>';
    print "<p><a href=\"accountManagement.php\">Back to Account Management</a></p>";
} else {
    $urlname = urlencode($name);
    print "<p><a href=\"" . $_SERVER['PHP_SELF'] . "?name={$urlname}&amp;confirmed=1\">Delete user '{$name}'.</a></p>";
}
emitBottom();
Beispiel #4
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['postid'])) {
    $postid = $_GET['postid'];
    escapes('postid', $postid);
    emitTop('Peanut Butter -> Posts -> Delete', '/pb/');
} else {
    emitTop('Peanut Butter -> Posts -> Delete [ERROR]', $_SERVER['PHP_SELF']);
    errAndDie('Required information not specified.');
}
if ($userType == VISITOR) {
    errAndDie('Sorry, visitors may not delete posts.');
}
mysqlSetup();
escapes('userName', $userName);
if ($userType == NORMAL) {
    $sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}' AND `user` = '{$muserName}'";
} else {
    $sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}'";
}
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
    errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.');
}
if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) {
    errAndDie('Admins can only delete their own news posts.');
}
$projid = $row['projid'];
$isNews = isNews($projid);
escapes('projid', $projid);
Beispiel #5
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Account -> Management', $_SERVER['PHP_SELF']);
if ($userType == SITEADMIN) {
    ?>
	<h2>Site users</h2>

	<table class="list">
	<thead>
		<tr>
			<th>User</th>
			<th>User Type</th>
			<th>Created</th>
			<th>Delete User</th>
			<th>Promote/Demote User</th>
		</tr>
	</thead>
	<tbody>

	<?php 
    mysqlSetup();
    $sqlquery = "SELECT `name`,`category`,`created` FROM `pb_users` ORDER BY `name` ASC";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    $rownum = 0;
    while ($row = mysql_fetch_row($result)) {
        print "<tr>";
        $style = '';
        if ($rownum++ % 2 == 0) {
            $style = ' class="greyed"';
        }
Beispiel #6
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> News', $_SERVER['PHP_SELF']);
mysqlSetup();
$sqlquery = "SELECT `title`,`user`,`added`,`modified`,`text`,`id` FROM `pb_blog` " . " WHERE `projid` = '-1' ORDER BY `modified` DESC LIMIT 10";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
if (isset($_GET['start'])) {
    escapes('start', $_GET['start']);
} else {
    escapes('start', 0);
}
print "<h3>News:</h3>\n";
if ($count > NUM_ENTRIES) {
    $showCount = NUM_ENTRIES;
} else {
    $showCount = $count;
}
print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n";
print "<p>";
$self = $_SERVER['PHP_SELF'];
if ($userType == ADMIN || $userType == SITEADMIN) {
    print '<a href="postNew.php?projid=-1">New Post</a>&nbsp;';
    print '<a href="postManagement.php?projid=-1">Manage Posts</a><br /><br />';
}
/***
**	Set up links for "newest" "previous" and "next", based upon where we are
**  in the results
**/
if (!$start) {
Beispiel #7
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Posts -> Save Post for: ' . $name, '/pb/');
    if ($name == '') {
        print '<h3>Project not found.</h3>';
        emitBottom();
        die;
    }
} else {
    errAndDie('Project not specified.');
}
if ($userType == VISITOR) {
    errAndDie('Sorry, visitors may not post.');
}
if ($isNews && ($userType != ADMIN && $userType != SITEADMIN)) {
    errAndDie('Sorry, only admins/siteadmins may post news events.');
}
if (!isset($_POST['text']) || !isset($_POST['title'])) {
    errAndDie('Missing data.');
}
mysqlSetup();
Beispiel #8
0
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Projects -> Info: ' . $name, $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
    if ($name == '') {
        errAndDie('Project not found.');
    }
} else {
    emitTop('Peanut Butter -> Projects -> Info [ERROR]', $_SERVER['PHP_SELF']);
    errAndDie('Project id not specified.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects` WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if ($row = mysql_fetch_assoc($result)) {
    $name = $row['name'];
    ?>
<h2><?php 
    echo $name;
    if ($userType == SITEADMIN || $userType == ADMIN && $row['owner'] == $userName) {
        print "&nbsp;<a href=\"projectEdit.php?projid={$urlprojid}\">Edit</a>";
        print "&nbsp;<a href=\"projectDelete.php?projid={$urlprojid}\">Delete</a>";
    }
    ?>
Beispiel #9
0
        if (!($row = mysql_fetch_row($result))) {
            $keyerr = 1;
        } else {
            $keywords = $row[0];
            $keyowner = $row[1];
            $_SESSION['keyname'] = $keyname;
            $_SESSION['owner'] = $keyowner;
            $_SESSION['words'] = $keywords;
            $sqlquery = "UPDATE `pb_searches` SET `lastused` = NOW() WHERE `name` " . " = '{$mKeyname}' LIMIT 1";
            $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
        }
        mysql_close();
    }
}
session_write_close();
emitTop('Peanut Butter -> Projects -> Overview', $_SERVER['PHP_SELF']);
$noStatus = TRUE;
$statusSelected = array();
foreach ($statusEnum as $status) {
    if (isset($_GET[str_replace(' ', '_', $status)])) {
        $noStatus = FALSE;
        $statusSelected[] = $status;
    }
}
if ($noStatus) {
    $statusSelected = $statusEnum;
}
if ($keyerr) {
    print '<p><em>Keyword search name not found.</em></p>';
}
$selOwner = isset($_GET['owner']) ? $_GET['owner'] : '+ALL';
Beispiel #10
0
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Posts -> Management', $_SERVER['PHP_SELF'] . "?projid={$urlprojid}");
    if ($name == '') {
        print '<h3>Project not found.</h3>';
        emitBottom();
        die;
    }
} else {
    emitTop('Peanut Butter -> Posts -> Management [ERROR]', $_SERVER['PHP_SELF']);
    errAndDie('Project not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
    errAndDie('Sorry, only admins/siteadmins can manage posts.');
}
if (!$isNews && $userType == ADMIN && $userName != $owner) {
    errAndDie('Sorry, admins can only manage posts for their own projects.');
}
?>

<h2>Posts for: <?php 
echo $name;
?>
</h2>
<?php 
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> REMOVE', $_SERVER['PHP_SELF']);
if ($userType != ADMIN && $userType != SITEADMIN) {
    print '<h3>Sorry, only admins/siteadmins can remove searches.</h3>';
    emitBottom();
    die;
}
if (!isset($_GET['age'])) {
    errAndDie('No age specified.');
}
$age = mysql_escape_string($_GET['age']);
$urlage = urlencode($_GET['age']);
if (isset($_GET['confirm'])) {
    mysqlSetup();
    $sqlquery = "DELETE FROM `pb_searches` WHERE `lastused` < SUBDATE(NOW(),{$age})";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    print "<h3>Searches removed.</h3>";
    print '<a href="projectManagement.php">Back to Project Management</a>';
} else {
    mysqlSetup();
    $sqlquery = "SELECT `name`,`owner`,`lastused` FROM `pb_searches` WHERE " . "`lastused` < SUBDATE(NOW(),{$age}) ORDER BY `name` ASC";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    $count = mysql_num_rows($result);
    $es = '';
    if ($count != 1) {
        $es = 'es';
    }
    print "<h3>{$count} search{$es} older than {$age} days:</h3>\n";
    if ($count) {
Beispiel #12
0
<?php

require_once 'includes/globals.inc';
session_start('login');
unset($_SESSION['loggedIn']);
unset($_SESSION['userName']);
unset($_SESSION['userType']);
session_write_close();
emitTop('Peanut Butter -> Logged Out', '/pb/');
?>

<h2>You have been logged out.</h2>

<?php 
if (isset($_GET['refer'])) {
    print '<p><a href="' . $_GET['refer'] . '">Back to last page</a></p>';
}
?>
<a href="/pb/">Main Page</a>

<?php 
emitBottom();
Beispiel #13
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Searches -> New/Edit', $_SERVER['PHP_SELF']);
if ($userType == VISITOR) {
    errAndDie('Sorry, you must be registered to make searches.');
}
if (!isset($_GET['id'])) {
    errAndDie('No search specified.');
}
escapes('id', $_GET['id']);
if (isset($_POST['savesearch'])) {
    mysqlSetup();
    if (!isset($_POST['keywords']) || !isset($_POST['keyname']) || $_POST['keywords'] == '' || $_POST['keyname'] == '') {
        print '<h3>Missing information.</h3>';
    } else {
        escapes('keywords', $_POST['keywords']);
        escapes('keyname', $_POST['keyname']);
        escapes('username', $userName);
        mysqlSetup();
        $sqlquery = "UPDATE `pb_searches` SET `name` = '{$mkeyname}', `owner` = " . "'{$musername}', `terms` = '{$mkeywords}', `lastused` = NOW() WHERE " . "`id` = '{$mid}' LIMIT 1";
        $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
        print '<h3>Search has been saved.</h3>';
        print '<a href="projectManagement.php">Back to Project Management</a>';
        emitBottom();
        die;
    }
}
?>

<h3>Enter keywords, separated by commas:</h3>
Beispiel #14
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> New Project', $_SERVER['PHP_SELF']);
if ($userType != ADMIN && $userType != SITEADMIN) {
    print '<h3>Sorry, only admins/siteadmins may create new projects.</h3>';
    emitBottom();
    die;
}
?>
<h2>New Project</h2>

<form name="projectNew" method="post" action="projectSave.php">

<table>
<tr>
	<th>Name:</th>
	<td><input type="text" size="80" name="name" /></td>
</tr>
<tr>
	<th>Desciption:</th>
	<td><textarea name="description" cols="80" rows="10"></textarea></td>
</tr>
<tr>
	<th>Keywords:</th>
	<td><input type="text" size="80" name="keywords" /></td>
</tr>
<tr>
	<th>Status:</th>
	<td>
	<select name="status">
Beispiel #15
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['name']) && isset($_GET['type'])) {
    $name = $_GET['name'];
    $type = $_GET['type'];
    emitTop('Peanut Butter -> Change User: '******'/pb/');
} else {
    emitTop('Peanut Butter -> Change User [ERROR]', $_SERVER['PHP_SELF']);
    print '<h3>Required information not specified.</h3>';
    emitBottom();
    die;
}
if ($userType != SITEADMIN) {
    print '<h3>Sorry, only siteadmins may change user privileges.</h3>';
    emitBottom();
    die;
}
if ($type == 'promote') {
    mysqlSetup();
    $mname = mysql_escape_string($name);
    $sqlquery = "UPDATE `pb_users` SET `category` = '" . ADMIN . "' WHERE `name` = '{$mname}'";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    print '<h3>User promoted.</h3>';
    print "<p><a href=\"accountManagement.php\">Back to Account Management</a></p>";
    mysql_close();
} elseif ($type == 'demote') {
    mysqlSetup();
    $mname = mysql_escape_string($name);
    $sqlquery = "UPDATE `pb_users` SET `category` = '" . NORMAL . "' WHERE `name` = '{$mname}'";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
Beispiel #16
0
            ?>

		<h2>Registration</h2>

		<h3>You have successfully registered and are now logged in.</h3>

	<?php 
        }
    }
} elseif (isset($_POST['regName']) || isset($_POST['regPass']) || isset($_POST['regPass2'])) {
    ?>
<p><em>Missing information.</em></p>
<?php 
}
if ($printForm) {
    emitTop('Peanut Butter -> Registration', $_SERVER['PHP_SELF']);
    ?>

<h2>Registration</h2>

<p>You must register to post comments to projects.</p>
<p><em>NOTE: Do <b>not</b> use your Infineon passwords here.</em></p>

<form name="registerForm" method="post" action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
">
<h3>Please enter username and password</h3>

<table>
<tr>
Beispiel #17
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> New Keyword Search', $_SERVER['PHP_SELF']);
if ($userType == VISITOR) {
    print '<h3>Sorry, you must be registered to make searches.</h3>';
    emitBottom();
    die;
}
if (isset($_POST['savesearch'])) {
    mysqlSetup();
    if (!isset($_POST['keywords']) || !isset($_POST['keyname']) || $_POST['keywords'] == '' || $_POST['keyname'] == '') {
        print '<h3>Missing information.</h3>';
    } else {
        $mKeywords = mysql_escape_string($_POST['keywords']);
        $mKeyname = mysql_escape_string($_POST['keyname']);
        $mUsername = mysql_escape_string($userName);
        mysqlSetup();
        $sqlquery = "INSERT INTO `pb_searches` (`name`,`owner`,`terms`,`lastused`) " . "VALUES ('{$mKeyname}','{$mUsername}','{$mKeywords}',NOW())";
        $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
        print '<h3>Search has been saved.</h3>';
        print '<a href="projectOverview.php">Back to Project Overview</a>';
        emitBottom();
        die;
    }
}
?>

<h3>Enter keywords, separated by commas:</h3>
<form name="newkeywords" method="post" action="<?php 
echo $_SERVER['PHP_SELF'];
Beispiel #18
0
	</script>

	<?php 
        emitBottom();
        ?>

<?php 
    }
    mysql_close();
} elseif (isset($_POST['loginName']) || isset($_POST['loginPass'])) {
    ?>
<p><em>Missing information.</em></p>
<?php 
}
if ($printForm) {
    emitTop('Peanut Butter -> Login Form', $refer);
    ?>
<form name="loginForm" method="post" action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
?refer=<?php 
    echo $refer;
    ?>
">
<h3>Please enter username and password</h3>

<table>
<tr>
	<th>Username:</th>
	<td><input type="text" name="loginName" size="15" /></td>
</tr>
Beispiel #19
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Latest Posts', $_SERVER['PHP_SELF']);
if (isset($_GET['start'])) {
    escapes('start', $_GET['start']);
} else {
    escapes('start', 0);
}
$where = '';
$matchColl = new MatchCollection("AND");
$owner = '+ALL';
$project = '+ALL';
if (isset($_GET['owner']) && $_GET['owner'] != '+ALL') {
    escapes('owner', $_GET['owner']);
    $matchColl->addMatch(new Match('user', $mowner));
}
if (isset($_GET['project']) && $_GET['project'] != '+ALL') {
    escapes('project', $_GET['project']);
    $matchColl->addMatch(new Match('name', $mproject));
}
$whereSQL = $matchColl->toSQL();
mysqlSetup();
$sqlquery = "SELECT DISTINCT `user` " . "FROM `pb_blog` ORDER BY `user` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
?>

<table>
<tr>
<td>
<form name="selectOwner" method="get" action="<?php 
Beispiel #20
0
<?php

require_once 'includes/globals.inc';
emitTop('Peanut Butter -> Save Project', '/pb/');
if (!isset($_POST['name']) || !isset($_POST['description']) || !isset($_POST['keywords']) || !isset($_POST['status']) || !isset($_POST['progress']) || !isset($_POST['priority'])) {
    errAndDie('Missing data.');
}
$name = $_POST['name'];
if (projectExists($name) && !isset($_POST['modified'])) {
    errAndDie('Project already exists.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
    errAndDie('Sorry, only admins/siteadmins may save projects.');
}
$mName = mysql_escape_string($name);
$urlname = urlencode($name);
$mOwner = mysql_escape_string($userName);
$mDescription = mysql_escape_string($_POST['description']);
$mKeywords = mysql_escape_string($_POST['keywords']);
$mStatus = mysql_escape_string($_POST['status']);
$mProgress = mysql_escape_string($_POST['progress']);
$mPriority = mysql_escape_string($_POST['priority']);
$mNotes = !isset($_POST['notes']) ? '' : mysql_escape_string($_POST['notes']);
$mDeadline = !isset($_POST['deadline']) ? '' : mysql_escape_string($_POST['deadline']);
if ($mPriority < 1 || $mPriority > 10) {
    if ($mPriority > 10) {
        $mPriority = 10;
    } elseif ($mPriority < 1) {
        $mPriority = 1;
    }
    print "<h3>'priority' has been changed to: {$mPriority}</h3>";