function member_csv($conditions) { # FIXME No support for conditions right now global $SEMESTER, $CHOIR, $USER; if (!isOfficer($USER)) { die("Access denied"); } $cols = array("firstName", "prefName", "lastName", "email", "phone", "section", "location", "major", "hometown", "section"); if ($conditions != '()') { $conditions = ' and ' . $conditions; } $sql = "SELECT `member`.`lastName`, `member`.`firstName`, `member`.`prefName`, `member`.`email`, `member`.`phone`, `member`.`location`, `member`.`major`, `member`.`hometown`, `sectionType`.`name` as `section` FROM `member`, `activeSemester`, `sectionType` where `member`.`email` = `activeSemester`.`member` and `activeSemester`.`semester` = '{$SEMESTER}' and `activeSemester`.`choir` = '{$CHOIR}' and `sectionType`.`id` = `activeSemester`.`section` ORDER BY `member`.`lastName` asc, `member`.`firstName` asc"; $members = mysql_query($sql); $ret = '"' . join('","', $cols) . "\"<br>"; while ($row = mysql_fetch_array($members)) { $vals = array(); foreach ($cols as $col) { array_push($vals, addslashes($row[$col])); } $ret .= '"' . join('","', $vals) . "\"<br>"; } return $ret; }
function actionOptions($userEmail) { $officerOptions = ''; if (isOfficer($userEmail)) { $officerOptions .= ' <li><a href="#addAnnouncement">Make an Announcement</a></li>'; } if (hasPosition($userEmail, "Treasurer") || isUber($userEmail)) { $officerOptions .= ' <li><a href="#money">Add Transactions</a></li>'; } if (isUber($userEmail)) { $officerOptions .= ' <li><a href="#absenceRequest">Absence Requests</a></li> <li><a href="#ties">Ties</a></li> <li><a href="#semester">Edit Semester</a></li> <li><a href="#officers">Edit Officers</a></li> <li><a href="#doclinks">Edit Document Links</a></li> <li><a href="#dues">Edit Dues</a></li> <li><a href="#timeMachine">Past Semesters</a></li>'; } echo $officerOptions; }
div#tabbox { padding: 10px; } button.action { margin-right: 10px; } </style> <?php require_once 'functions.php'; if (!$USER) { die("You must be logged in to view member profiles."); } $officer = isOfficer($USER); $uber = isUber($USER); $email = mysql_real_escape_string($_GET['person']); $query = mysql_query("select `email` from `member` where `email` = '{$email}'"); if (mysql_num_rows($query) == 0) { die("No such user"); } function basic_info($person) { global $officer, $uber; $member = mysql_fetch_array(mysql_query("select * from `member` where `email` = '{$person}'")); $about = getMemberAttribute('about', $person); if ($about == '') { $about = "I don't have a quote"; } $html .= "<img class='profile' src='" . profilePic($person) . "'>";
<?php require_once 'functions.php'; if (!$USER || !isOfficer($USER)) { die("DENIED"); } $name = mysql_real_escape_string($_POST['name']); $sql = "DELETE FROM `semester` WHERE `semester`='{$name}' LIMIT 1"; if (mysql_query($sql)) { echo "<br><h3>Removal Results</h3><br>{$name} was removed from the database.<br>"; } else { echo "<br><h3>Removal Results</h3><br>Something went wrong.<br>"; }
function todoBlock($userEmail, $form, $list) { $html = ''; if ($form) { if (isOfficer($userEmail)) { $html .= "<p>\n\t\t\t\tNames: <input id='multiTodo'>\n\t\t\t\tTodo: <br /><input id='todoText'>\n\t\t\t\t<br /><button class='btn' id='multiTodoButton'>Add Todo</button>\n\t\t\t</p>"; } else { $html .= "<p>\n\t\t\t\t<input id='newTodo'>\n\t\t\t\t<button class='btn' id='newTodoButton'>Add Todo</button>\n\t\t\t</p>"; } } if ($list) { $html .= "<div id='todos'>"; //$sql = "SELECT * FROM `todoMembers` where memberID='$userEmail' ORDER BY todoID ASC;"; $sql = "select todo.id, todo.text from `todo`, `todoMembers` where todo.id = todoMembers.todoID and todo.completed = '0' and todoMembers.memberID = '{$userEmail}' order by todo.id asc"; $todos = mysql_query($sql); while ($row = mysql_fetch_array($todos, MYSQL_ASSOC)) { $id = $row['id']; //$row['todoID']; $text = $row['text']; //$text['text']; $html .= "<div class='block'><label class='checkbox'><input type='checkbox' id='{$id}'> {$text}</label></div>"; } $html .= "</div>"; } return $html; }
$required[] = "choir"; } if ($user == $email) { $required[] = "registration"; } if (isset($_POST["onCampus"])) { $_POST["onCampus"] = 1; } else { $_POST["onCampus"] = 0; } foreach ($required as $field) { if (!isset($_POST[$field]) || $_POST[$field] == "") { die("Missing value for property \"{$field}\"."); } } if (!isOfficer($user)) { foreach ($restricted as $field) { if (isset($_POST[$field])) { die("Permission denied to set property \"{$field}\"."); } } } $newemail = mysql_real_escape_string($_POST["email"]); $validEmail = "/^([a-zA-Z0-9])+([a-zA-Z0-9\\._-])*@([a-zA-Z0-9_-])+([a-zA-Z0-9\\._-]+)+\$/"; if (!preg_match($validEmail, $_POST["email"])) { die("Invalid email"); } $oldsect = 0; $newsect = mysql_real_escape_string($_POST["section"]); if ($user) { $query = mysql_query("select `section` from `activeSemester` where `member` = '{$newemail}' and `semester` = '{$SEMESTER}' and `choir` = '{$CHOIR}'");
$result = mysql_query($sql); //echo $sql; //echo $result; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $html .= "<div class='carpool block' id='" . $row['carpoolID'] . "'>"; $driver = $row['driver']; //$shouldAttend=''; //$isConfirmed =''; //$passengerSpots=0; $emails = prefFullNameFromEmail($driver) . ' <' . $driver . '>'; $shouldAttend = shouldAttend($driver, $eventNo) == true ? '<span class="label label-info">should</span>' : '<span class="label label-important">shouldn\'t</span>'; $isConfirmed = isConfirmed($driver, $eventNo) == true ? '<span class="label label-info">confirmed</span>' : '<span class="label label-warning">unconfirmed</span>'; $passengerSpots = passengerSpots($driver) !== "0" ? "<span class='badge badge-info'>" . passengerSpots($driver) . "</span>" : ""; $livesAt = "<span class='label'>" . livesAt($driver) . "</span>"; $phoneNumber = "<a href='tel:" . phoneNumber($driver) . "'>" . phoneNumber($driver) . "</a>"; if (isOfficer($USER)) { $html .= "<div class='driver block'><div class='person' id='" . $driver . "'><table>\n\t\t<tr>\n\t\t\t<td class='carpoolLives'>" . $livesAt . "</td>\n\t\t\t<td class='carpoolName'><a href='#profile:{$driver}'>" . prefFullNameFromEmail($driver) . "</a></td>\n\t\t\t<td class='carpoolSpots'>" . $passengerSpots . "</td>\n\t\t\t<td class='carpoolShould'>" . $phoneNumber . "</td>\n\t\t\t<td class='carpoolConfirmed'>" . $isConfirmed . "</td>\n\t\t</tr>\n\t\t</table></div></div>"; } else { $html .= "\n\t\t\t<tr>\n\t\t\t\t<td class='carpoolLives'>" . $livesAt . "</td>\n\t\t\t\t<td class='carpoolName'>" . prefFullNameFromEmail($driver) . "</td>\n\t\t\t\t<td class='carpoolSpots'>" . $passengerSpots . "</td>\n\t\t\t\t<td class='carpoolShould'>" . $phoneNumber . "</td>\n\t\t\t\t<td class='carpoolConfirmed'>" . $isConfirmed . "</td>\n\t\t\t</tr>\n\t\t\t</table></div></div>\n\t\t\t"; } //$passengers = array(); $carpoolDetails = getCarpoolDetails($row['carpoolID']); $html .= "<div class='passengers block'>"; while ($passenger = mysql_fetch_array($carpoolDetails)) { //$passengers[] = $passenger['memberID']; if ($passenger['memberID'] !== $driver) { //$shouldAttend=''; //$isConfirmed =''; //$passengerSpots=0; $emails .= ', ' . prefFullNameFromEmail($passenger['memberID']) . ' <' . $passenger['memberID'] . '>'; if (shouldAttend($passenger['memberID'], $eventNo)) {
$sql = "SELECT * FROM `carpool` WHERE eventNo={$eventNo};"; $result = mysql_query($sql); //echo $sql; //echo $result; while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $html .= "<div class='carpool block' id='" . $row['carpoolID'] . "'>"; $driver = $row['driver']; //$shouldAttend=''; //$isConfirmed =''; //$passengerSpots=0; $shouldAttend = shouldAttend($driver, $eventNo) == true ? '<span class="label label-info">should</span>' : '<span class="label label-important">shouldn\'t</span>'; $isConfirmed = isConfirmed($driver, $eventNo) == true ? '<span class="label label-info">confirmed</span>' : '<span class="label label-warning">unconfirmed</span>'; $passengerSpots = passengerSpots($driver) !== "0" ? "<span class='badge badge-info'>" . passengerSpots($driver) . "</span>" : ""; $livesAt = "<span class='label'>" . livesAt($driver) . "</span>"; $phoneNumber = "<a href='tel:" . phoneNumber($driver) . "'>" . phoneNumber($driver) . "</a>"; if (isOfficer($userEmail)) { $html .= "<div class='driver block'><div class='person' id='" . $driver . "'><table>\n\t\t<tr>\n\t\t\t<td class='carpoolLives'>" . $livesAt . "</td>\n\t\t\t<td class='carpoolName'><a href='mailto:{$driver}'>" . prefFullNameFromEmail($driver) . "</a></td>\n\t\t\t<td class='carpoolSpots'>" . $passengerSpots . "</td>\n\t\t\t<td class='carpoolShould'>" . $phoneNumber . "</td>\n\t\t\t<td class='carpoolConfirmed'>" . $isConfirmed . "</td>\n\t\t</tr>\n\t\t</table></div></div>"; } else { $html .= "\n\t\t\t<tr>\n\t\t\t\t<td class='carpoolLives'>" . $livesAt . "</td>\n\t\t\t\t<td class='carpoolName'>" . prefFullNameFromEmail($driver) . "</td>\n\t\t\t\t<td class='carpoolSpots'>" . $passengerSpots . "</td>\n\t\t\t\t<td class='carpoolShould'>" . $phoneNumber . "</td>\n\t\t\t\t<td class='carpoolConfirmed'>" . $isConfirmed . "</td>\n\t\t\t</tr>\n\t\t\t</table></div></div>\n\t\t\t"; } //$passengers = array(); $carpoolDetails = getCarpoolDetails($row['carpoolID']); $html .= "<div class='passengers block'>"; while ($passenger = mysql_fetch_array($carpoolDetails)) { //$passengers[] = $passenger['memberID']; if ($passenger['memberID'] !== $driver) { //$shouldAttend=''; //$isConfirmed =''; //$passengerSpots=0; $shouldAttend = shouldAttend($passenger['memberID'], $eventNo) == true ? '<span class="label label-info">should</span>' : '<span class="label label-important">shouldn\'t</span>'; $isConfirmed = isConfirmed($passenger['memberID'], $eventNo) == true ? '<span class="label label-info">confirmed</span>' : '<span class="label label-warning">unconfirmed</span>';
$users = explode(',', $userlist); $query = "insert into `todo` (text, completed) values(\"{$msg}\", 0)"; if (mysql_query($query)) { echo "OK"; } else { exit(1); } //max(id) should be different --TH /*$query = "select max(id) where `text` = \"$msg\" and `completed` = 0"; $results = mysql_query($query); if (mysql_query($query)) echo "OK"; else exit(1); $res_arr = mysql_fetch_array($results); $id = $res_arr['id']; */ $id = mysql_insert_id(); if (!isOfficer($USER)) { foreach ($users as $user) { } } foreach ($users as $user) { $query = "insert into `todoMembers` (memberID, todoID) values(\"{$user}\", \"{$id}\")"; echo $user; echo $id; echo $query; if (mysql_query($query)) { echo "OK"; } else { exit(1); } }
<div class="span3 block" id=repertoire_list><?php require_once 'functions.php'; if (!$CHOIR) { die("Not logged in"); } # FIXME $results = mysql_query("select `id`, `title` from `song` where `current` = 1 and `choir` = '{$CHOIR}' order by `title` asc"); if (!$results) { die("Database query failed."); } if ($USER && isOfficer($USER)) { echo "<div style=\"padding-top: 5px\"><button class=btn style=\"padding: 5px; width: 100%\" id=repertoire_add>Add Song...</button></div>"; } echo "<style>td.repertoire_head { font-size: 12pt; font-weight: bold; }</style>"; echo "<table class=\"table\" id=repertoire_table>"; if (mysql_num_rows($results)) { echo "<tr><td class=repertoire_head>Current Repertoire</td></tr>"; } while ($result = mysql_fetch_array($results)) { echo "<tr><td id=\"row_{$result['0']}\" class=repertoire_row>{$result['1']}</td></tr>"; } if (mysql_num_rows($results)) { echo "<tr><td class=repertoire_head>Other Repertoire</td></tr>"; } $results = mysql_query("select `id`, `title` from `song` where `current` = 0 and `choir` = '{$CHOIR}' order by `title` asc"); if (!$results) { die("Database query failed."); } while ($result = mysql_fetch_array($results)) { echo "<tr><td id=\"row_{$result['0']}\" class=repertoire_row>{$result['1']}</td></tr>"; }
function rosterPropList($type) { global $USER; $officer = isOfficer($USER); $uber = isUber($USER); $cols = array("#" => 10, "Name" => 260, "Section" => 80, "Contact" => 180, "Location" => 200); if ($officer) { $cols["Enrollment"] = 40; } if ($uber || hasPosition($USER, "Treasurer")) { $cols["Balance"] = 60; $cols["Dues"] = 60; $cols["Tie"] = 40; } if ($uber) { $cols["Gigs"] = 40; $cols["Score"] = 60; } if ($type == 'print') { unset($cols["Contact"]); unset($cols["Location"]); unset($cols["Balance"]); } return $cols; }
function announcements($userEmail) { global $CHOIR; $html = "<p class='lead'>Announcements <small>–Obviously each thing is the most important thing.</small></p>"; //announcement block //Show only announcements less than a month old and unarchived $sql = "SELECT * FROM `announcement` WHERE date_add(timePosted, INTERVAL 1 MONTH) > now() and `choir` = '{$CHOIR}' AND `archived`=0 ORDER BY `timePosted` DESC LIMIT 0, 3"; $result = mysql_query($sql); while ($announcement = mysql_fetch_array($result)) { $timestamp = strtotime($announcement['timePosted']); $dayPosted = date('M j, Y', $timestamp); $timePosted = date('g:i a', $timestamp); $op = $announcement['memberID']; $mid = $announcement['announcementNo']; $name = prefNameFromEmail($op); if (isOfficer($userEmail)) { $html .= "<div class='block' id='announce" . $mid . "'><p><b>{$dayPosted} {$timePosted}</b><i class='icon-remove archiveButton' onclick='archiveAnnouncement(" . $mid . ")' style='float: right'></i><br />" . $announcement['announcement'] . "<br /><small style='color:grey'>—{$name}</small></p></div>"; } else { $html .= "<div class='block'><p><b>{$dayPosted} {$timePosted}</b><br />" . $announcement['announcement'] . "<br /><small style='color:grey'>—{$name}</small></p></div>"; } } $html .= "<button type='button' id='allAnnounceButton' class='btn' href='#annoucnements'>See All Announcements</button>"; return $html; }
<td><span class="eventDetailsValue">' . $gigDetails['contactPhone'] . '</span></td> </tr> <tr> <td class="eventDetialsKey">Price:</td> <td><span class="eventDetailsValue">' . $gigDetails['price'] . '</span></td> </tr> </table> </div> '; } $html = $html . ' <table class="table no-highlight"> <tr> <td colspan="2"><div class="btn" id="attendingButton">see who\'s attending</div></td> </tr> <tr> <td colspan="2"><div class="btn" id="carpoolsButton">carpools</div></td> </tr> '; if (isOfficer($userEmail) || positionFromEmail($userEmail) == 'Section Leader' && getEventType($eventDetails['type']) == "Sectional") { $html = $html . ' <tr> <td><div class="btn" id="attendanceButton" onclick="updateEventAttendance(\'' . $eventNo . '\');">update attendance</div></td> </tr> <tr> <td id="editButtonTd"><div class="btn" id="editButton">edit details</div></td> </tr> '; } $html = $html . '</table>'; echo $html;
<?php require_once 'functions.php'; $id = mysql_real_escape_string($_POST['id']); $type = $_POST['type']; //if (! $USER) die("You must be logged in to view minutes."); if (isset($type)) { if ($type == "name") { $res = mysql_fetch_array(mysql_query("select `name` from `minutes` where `id` = '{$id}'")); echo $res[0]; } else { die("Unknown type"); } exit(0); } $query = "select count(`public`) as `n` from `minutes` where `id` = '{$id}'"; $result = mysql_fetch_array(mysql_query($query)); if ($result['n'] == 0) { die("The minutes you requested do not exist."); } else { if ($result['n'] > 1) { die("Ambiguous request."); } } if (isOfficer($USER) && !isset($_POST['public'])) { $query = "select `private` from `minutes` where `id` = '{$id}'"; } else { $query = "select `public` from `minutes` where `id` = '{$id}'"; } $result = mysql_fetch_array(mysql_query($query)); echo $result[0];
<?php require_once 'functions.php'; if (!isset($USER) || !isOfficer($USER)) { die("ACCESS_DENIED"); } $action = $_POST['action']; if ($action == 'gigcheck') { $sql = "update `variables` set `gigCheck` = " . ($_POST['value'] == '0' ? '0' : '1'); if (!mysql_query($sql)) { die(mysql_error()); } echo "OK"; } else { if ($action == 'gigreq') { $num = mysql_real_escape_string($_POST['value']); if (!isset($num)) { die("MISSING_PARAM"); } //if (! mysql_query("update `variables` set `gigRequirement` = '$num'")) die(mysql_error()); if (!mysql_query("update `semester` set `gigreq` = '{$num}' where `semester` = '{$SEMESTER}'")) { die(mysql_error()); } echo "OK"; } else { die("BAD_ACTION"); } } ?>