function autocomplete_users_data($where = NULL)
{
restrict_access('A');
//Because that's a lot of names you're dumping to the browser.
$search = call_user_func_array('user_data', func_get_args());
$result = array();
foreach ($search as $user) {
$result[] = array('label' => $user['name'] . ' (' . $user['id'] . ')', 'category' => $user['category']);
}
return $result;
}
<?php
/*
* Admin/User_List.php
* LHS Math Club Website
*
* Shows a list of users
*/
require_once '../.lib/functions.php';
restrict_access('A');
show_page();
function show_page()
{
global $use_rel_external_script;
// direct page_header to include some javascript that will make links
$use_rel_external_script = true;
// marked as rel="external" open in a new tab while remaining XHTML-valid
page_header('User List');
// Generate code for the different tables of users included in the body
$captains_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="C" ORDER BY yog ASC, name');
$other_admins_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="A" ORDER BY yog ASC, name');
$members_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="R" AND approved="1" ORDER BY yog ASC, name');
$alumni_table = generate_user_table('SELECT id, name, email, yog FROM users WHERE permissions="L" ORDER BY yog DESC, name');
$banned_users_table = generate_user_table('SELECT id, name, email, yog, creation_date, DATE_FORMAT(creation_date, "%M %e, %Y") AS formatted_creation FROM users WHERE approved="-1" ORDER BY creation_date DESC');
// The Pending Approval Table is different
$pending_approval_table = <<<HEREDOC
<table class="contrasting">
<tr>
<th>Name</th>
<th>Email Address</th>
<th>YOG</th>
<?php
/*
* My_Scores.php
* LHS Math Club Website
*
* Displays the user's contest scores
*/
require_once '.lib/functions.php';
restrict_access('RA');
show_page();
function show_page()
{
page_header('My Scores');
echo <<<HEREDOC
<h1>My Scores</h1>
HEREDOC;
$query = 'SELECT test_scores.score AS score, tests.name AS name, tests.total_points AS total, DATE_FORMAT(tests.date, "%M %e, %Y") AS formatted_date' . ' FROM test_scores' . ' INNER JOIN tests ON tests.test_id=test_scores.test_id' . ' WHERE test_scores.user_id="' . mysqli_real_escape_string(DB::get(), $_SESSION['user_id']) . '" AND archived="0"' . ' ORDER BY tests.date DESC';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) > 0) {
echo <<<HEREDOC
<h4>Recent Tests</h4>
<table class="contrasting">
<tr>
<th>Test</th>
<th>Score</th>
<th>Date</th>
</tr>
HEREDOC;
<?php
/*
* Account/Register.php
* LHS Math Club Website
*
* Allows users to create an account on the website.
*/
require_once '../.lib/functions.php';
restrict_access('X');
// only for logged-out users
//Expire any pre-approved-email invitation if it's past the expiration (15 min).
if (isset($_SESSION['PREAPPROVED_expiry']) && $_SESSION['PREAPPROVED_expiry'] < time()) {
header('Location: Signout');
}
if (isset($_POST['do_register'])) {
process_form();
} else {
show_form();
}
/*
* show_form($err, $selected_field)
*
* Shows the registration form, with optional error message.
*
* $selected_field is the name of the field to put the cursor into; if the
* form was already submitted but had errors, the cursor goes into the
* problematic field, for convenience.
*/
function show_form()
{
<?php
/*
* Account/My_Profile.php
* LHS Math Club Website
*
* Allows users to view and change their stored personal information
*/
require_once '../.lib/functions.php';
restrict_access('RLA');
set_login_data($_SESSION['user_id']);
// visiting this page will cause your cached data to reload
if (isset($_POST['do_change_email'])) {
change_email();
} else {
if (isset($_POST['do_change_cell'])) {
change_cell();
} else {
if (isset($_POST['do_change_password'])) {
change_password();
} else {
if (isset($_GET['Email'])) {
show_change_email_page('', 'email');
} else {
if (isset($_GET['Cell'])) {
show_change_cell_page('', 'cell');
} else {
if (isset($_GET['Password'])) {
show_change_password_page('');
} else {
if (isset($_GET['Mailings'])) {
<?php
/*
* About.php
* LHS Math Club Website
*/
require_once '.lib/functions.php';
restrict_access('XRLA');
//Privacy control.
$benjamin_tidor = 'Benjamin T.';
if (isset($_SESSION['user_id'])) {
$benjamin_tidor = '<a href="http://tidor.net" rel="external">Benjamin Tidor</a>';
}
page_title('About');
?>
<h1>About</h1>
<h3>LHS Math Club Website</h3>
Written in <a href="http://www.php.net/" rel="external">PHP</a> 2008-2012 by <?php
echo $benjamin_tidor;
?>
<br />
With design assistance from <a href="http://teddomain.zzl.org/" rel="external">Ted Zhu</a><br />
Heavily revised and updated by <a href="http://clive.io" rel="external">Clive Chan</a> 2013-present<br />
and well-maintained by all LHSMATH webmasters.<br />
<br />
All pages consist of <a href="http://validator.w3.org/check?uri=referer" rel="external">valid XHTML 1.0</a>
and <a href="http://jigsaw.w3.org/css-validator/check/referer?profile=css3" rel="external">CSS 3</a><br />
<br /><br />
<?php
/*
* Account/Approve.php
* LHS Math Club Website
*
* When a user has completed registration, this page prompts them to print
* out an information page and give it to a captain to approve their
* account.
*/
require_once '../.lib/functions.php';
restrict_access('P');
show_page();
function show_page()
{
$query = 'SELECT * FROM users WHERE id="' . $_SESSION['user_id'] . '" LIMIT 1';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
$cell = format_phone_number($row['cell']);
if ($cell == '') {
$cell = 'None';
}
page_title('Approve');
?>
<h1>Account Approval</h1>
Your account has been verified, but it must be approved by a captain. Please print this page and bring it to practice.<br />
<br />
<div class="scrhide">
<span class="b">ID: </span><?php
echo $row['id'];
<?php
/*
* Account/Verify_Email.php
* LHS Math Club Website
*
* After users register, they must click a link in a verification email in
* order to activate their account. This page sends that email and gives
* users the option of resending it.
*/
require_once '../.lib/functions.php';
restrict_access('E');
if (isset($_GET['code'])) {
verify_code();
} else {
if (isset($_SESSION['ACCOUNT_do_send_verification_email'])) {
send_verification_email();
} else {
if (isset($_POST['do_resend_verification_email']) && $_POST['xsrf_token'] == $_SESSION['xsrf_token']) {
send_verification_email();
} else {
show_page();
}
}
}
/*
* show_page($re_sent)
* - $re_sent: if the message has just been resent
*
* Shows a message to users who have not yet verified their email address.
*/
function show_email_sent_page()
{
restrict_access('X');
if (time() >= $_SESSION['ACCOUNT_password_reset_time'] + 300) {
// that page stops being displayed after 5 minutes.
unset($_SESSION['ACCOUNT_sent_password_reset']);
// On a public computer, you wouldn't want your email address
unset($_SESSION['ACCOUNT_password_reset_time']);
// hanging around indefinitely.
unset($_SESSION['ACCOUNT_password_reset_email']);
show_request_page('', 'email');
return;
}
page_header('Password Reset');
echo <<<HEREDOC
<h1>Password Reset</h1>
A confirmation message has been sent to <span class="b">{$_SESSION['ACCOUNT_password_reset_email']}</span>.
Please click on the link in the message to continue.
HEREDOC;
}
<?php
/*
* Admin/Super_Admin.php
* LHS Math Club Website
*/
require_once '../.lib/functions.php';
restrict_access('+');
if (isset($_POST['do_superadmin_elevate'])) {
process_form();
} else {
show_page('');
}
function show_page($err)
{
// If an error message is given, put it inside this div
if ($err != '') {
$err = "\n <div class=\"error\">{$err}</div><br />\n";
}
page_header('Super-Admin');
echo <<<HEREDOC
<h1>Super-Admin</h1>
If you accidentally lose access to all the Admin accounts, create a new account,
log in as LHSMATH, and make the new account an Admin (you'll need the ID from
the page that you're supposed to print).<br />
<br />{$err}
<span class="b">Elevate Account</span>
<form method="post" action="{$_SERVER['REQUEST_URI']}">
<table>
<tr>
function do_download()
{
if (isset($_GET['Backup'])) {
restrict_access('A');
$time = (int) $_GET['Backup'];
$code = $_GET['Code'];
if (!preg_match('#[a-z0-9]{4}#', $code)) {
trigger_error('Invalid backup', E_USER_ERROR);
}
$name = 'db-backup-' . $time . '-' . $code . '.sql';
$file = './.content/backups/' . $name;
} else {
$query = 'SELECT filename, permissions FROM files WHERE file_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) != 1) {
trigger_error('Incorrect number of categories match ID', E_USER_ERROR);
}
$row = mysqli_fetch_assoc($result);
if ($row['permissions'] == 'P') {
restrict_access('XLRA');
} else {
if ($row['permissions'] == 'M') {
restrict_access('LRA');
} else {
// 'A'
restrict_access('A');
}
}
if ($row['permissions'] == 'C' && !isset($_SESSION['is_captain'])) {
page_header('Download');
echo <<<HEREDOC
<h1>Access Blocked</h1>
<div>The captains have requested that you not view this file.</div>
HEREDOC;
die;
}
$name = $row['filename'];
$file = './.content/uploads/' . $name;
}
if (file_exists($file)) {
$encoding = 'application/octet-stream';
if (preg_match('#\\.pdf$#', $name)) {
$encoding = 'application/pdf';
}
header('Content-Description: File Transfer');
header('Content-Type: ' . $encoding);
header('Content-Disposition: inline; filename="' . $name . '"');
header('Content-Transfer-Encoding: binary');
header('Expires: 0');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
header('Content-Length: ' . filesize($file));
cancel_templateify();
ob_clean();
readfile($file);
flush();
} else {
trigger_error('File does not exist', E_USER_ERROR);
}
}
function backstage_access()
{
if (backstage_is_open()) {
restrict_access('RLA');
} else {
restrict_access('A');
}
}
<?php
/*
* Account/Banned.php
* LHS Math Club Website
*
* Displays a message to banned users.
*/
if (!defined('FUNCTIONSPHP')) {
require_once '../.lib/functions.php';
}
//If functions hasn't been included, get functions.
//(if it has been, that means someone's including this file, so rootpath may be messed up and the require will fail)
restrict_access('B');
page_title('Banned');
?>
<h1>Banned</h1>
You have been banned from the Math Club system.
