case "ingest": $db = new Querier(); // check if we already have a record like this $our_id = scrubData($_REQUEST["foreign_id"]); $qcheck = "SELECT video_id FROM video WHERE foreign_id = '" . $our_id . "'"; //print $qcheck; $rcheck = $db->query($qcheck); if (count($rcheck) == 0) { $qinsert = "INSERT INTO video (title, description, source, foreign_id, duration, date, display)\n values(\"" . $_POST["title"] . "\", \"" . $_POST["description"] . "\", \"" . $_POST["source"] . "\", \"" . $_POST["foreign_id"] . "\", \"" . $_POST["duration"] . "\", \"" . $_POST["upload_date"] . "\",\n 1 \n )"; // print_r ($qinsert); $rinsert = $db->exec($qinsert); $video_id = $db->last_id(); } else { // Do an update $db = new Querier(); $qupdate = "UPDATE video \n SET title = " . $db->quote(scrubData($_POST['title'])) . ",\n description = " . $db->quote(scrubData($_POST['description'], 'richtext')) . ",\n source = " . $db->quote(scrubData($_POST['source'])) . " ,\n foreign_id = " . $db->quote(scrubData($_POST['foreign_id'])) . ",\n duration = " . $db->quote(scrubData($_POST['duration'])) . " ,\n date = " . $db->quote(scrubData($_POST['upload_date'])) . " ,\n WHERE foreign_id = " . $our_id; //print_r ($qupdate); $rupdate = $db->exec($qupdate); $video_id = $rupdate[0]; } // insert/update image // get small thumbnail $image = curl_get($_POST["thumbnail_small"]); //$image = file_get_contents($_POST["thumbnail_small"]); $new_image = "../../assets/images/video_thumbs/" . $video_id . "_small.jpg"; file_put_contents($new_image, $image); // get medium thumbnail (actually the youtube one is pretty large) $image = curl_get($_POST["thumbnail_medium"]); //$image = file_get_contents($_POST["thumbnail_medium"]); $new_image = "../../assets/images/video_thumbs/" . $video_id . "_medium.jpg"; file_put_contents($new_image, $image);
$feedback = $record->getMessage(); } else { $feedback = "There is no record by that ID."; } } if (isset($_POST["submit_record"])) { // 1. Make sure we have minimum non-dupe data // 1a. Make sure there is a title, location, and subject if ($_POST["title"] == "" || $_POST["location"][0] == "" || $_POST["subject"][0] == "") { echo "<div class=\"feedback\">" . _("You must have a title, location, and subject. Please go back and fix these omissions. And turn on JavaScript, for goodness sakes!") . "</div><br /><br />"; exit; } // 1b. IF THIS IS AN INSERT make sure the title isn't an exact dupe if ($_POST["title_id"] == "") { $db = new Querier(); $qDupe = "SELECT title_id, title FROM title WHERE title LIKE " . $db->quote($_POST["title"]); $dupetitleArray = $db->query($qDupe); if ($dupetitleArray) { echo _("There is already a record with this title: ") . "<a href=\"record.php?record_id=" . $dupetitleArray[0] . "\">" . $dupetitleArray[1] . "</a>. " . _("Maybe do a search and make sure it doesn't already exist?"); return FALSE; } } // Submit form $record = new Record($_POST["title_id"], "post"); ////////////////////////////////// // Is this an Insert or an update? ////////////////////////////////// if ($_POST["title_id"] == "") { $record->insertRecord(); $ok_record_id = $record->getRecordId(); } else {
*/ use SubjectsPlus\Control\Querier; $subsubcat = ""; $subcat = "admin"; $page_title = "Admin Departments"; $feedback = ""; //print_r($_POST); include "../includes/header.php"; include "../includes/autoloader.php"; // Connect to database $db = new Querier(); if (isset($_POST["add_department"])) { //////////////// // Insert title table //////////////// $qInsertDept = "INSERT INTO department (name, telephone, department_sort, email, url) VALUES (\n\t\t" . $db->quote(scrubData($_POST["department"])) . ", \n\t\t" . $db->quote(scrubData($_POST["telephone"])) . ", \n\t\t0,\n " . $db->quote(scrubData($_POST["email"])) . ", \n " . $db->quote(scrubData($_POST["url"])) . "\n\t\t)"; $rInsertDept = $db->exec($qInsertDept); if ($rInsertDept) { $feedback = _("Thy Will Be Done. Department list updated."); } else { $feedback = _("Thwarted! Something has gone wrong with insert. Contact the admin."); } } if (isset($_POST["update_departments"])) { ////////////////////////////////// // Get the new dept data + sort order ////////////////////////////////// // wipe out existing departments ////////////////////// // Create new array of results /////////////////////
function writeTable($qualifier, $subject_id = '', $description_search = 0) { global $IconPath; global $proxyURL; $db = new Querier(); // sanitize submission $subject_id = scrubData($subject_id); // Prepare conditions $condition1 = ""; $condition2 = ""; $condition3 = ""; switch ($qualifier) { case "Num": $condition1 = "WHERE left(title, 1) REGEXP '[[:digit:]]+'"; $condition2 = "WHERE left(alternate_title, 1) REGEXP '[[:digit:]]+'"; break; case "All": $condition1 = "WHERE title != ''"; $condition2 = "WHERE alternate_title != ''"; break; case "bysub": if (isset($subject_id)) { //get title ids in pluslets' resource token connected to subject $lobjGuide = new Guide($subject_id); $lobjTitleIds = $lobjGuide->getRelatedTitles(); $condition1 = "WHERE (subject_id = {$subject_id}"; $condition1 .= count($lobjTitleIds) > 0 ? "\nOR t.title_id IN (" . implode(',', $lobjTitleIds) . ")" : ""; $condition1 .= ")"; $condition2 = "WHERE subject_id = {$subject_id}"; } else { $condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%"); $condition2 = "WHERE alternate_title LIKE " . $db->quote("%" . $qualifier . "%"); } break; case "bytype": if (isset($_GET["type"])) { $condition1 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"])); $condition2 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"])); $condition3 = "and alternate_title NOT NULL"; } break; case "search": $condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%"); // If you uncomment the next line, it will search description field $condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%"); $condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%"); break; default: // This is the simple output by letter and also the search if (strlen($qualifier) == 1) { // Is like the first letter $condition1 = "WHERE title LIKE " . $db->quote($qualifier . "%"); } else { $condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%"); } if ($description_search == 1) { // If you uncomment the next line, it will search description field $condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%") . ")"; } $condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%"); } $q1 = "SELECT distinct left(t.title,1) as initial, t.title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition1}\n AND eres_display = 'Y'\n ORDER BY newtitle"; $q2 = "SELECT distinct left(t.alternate_title,1) as initial, t.alternate_title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition2}\n\t\t AND eres_display = 'Y'\n {$condition3}\n\n\t\t ORDER BY newtitle"; $r = $db->query($q1); $num_rows = count($r); if ($num_rows == 0) { return "<div class=\"no_results\">" . _("Sorry, there are no results at this time.") . "</div>"; } // prepare header $items = "<table width=\"98%\" class=\"item_listing\">"; $row_count = 0; $colour1 = "oddrow"; $colour2 = "evenrow"; foreach ($r as $myrow) { $row_colour = $row_count % 2 ? $colour1 : $colour2; $patterns = "/'|\"/"; $replacements = ""; $item_title = $myrow[1]; if ($myrow["pre"] != "") { $item_title = $myrow["pre"] . " " . $item_title; } $safe_title = trim(preg_replace($patterns, $replacements, $item_title)); $blurb = $myrow["description"]; $bib_id = $myrow[5]; /// CHECK RESTRICTIONS /// if ($myrow['4'] == 2 or $myrow['4'] == 3) { $url = $proxyURL . $myrow[3]; $rest_icons = "restricted"; } elseif ($myrow['4'] == 4) { $url = $myrow[3]; $rest_icons = "restricted"; } else { $url = $myrow[3]; $rest_icons = ""; // if you want the unlocked icon to show, enter "unrestricted" here } $current_ctags = explode("|", $myrow["ctags"]); // add our $rest_icons info to this array at the beginning array_unshift($current_ctags, $rest_icons); $icons = showIcons($current_ctags); /// Check for Help Guide /// if ($myrow["helpguide"] != "") { $helpguide = " <a href=\"" . $myrow["helpguide"] . "\"><img src=\"{$IconPath}/help.gif\" border=\"0\" alt=\"" . _("Help Guide") . "\" title=\"" . _("Help Guide") . "\" /></a>"; } else { $helpguide = ""; } //Check if there is a display note if ($myrow["display_note"] == NULL) { $display_note_text = ""; } else { $display_note_text = "<br /><strong>" . _("Note:") . " </strong>" . $myrow['display_note']; } $bonus = "{$blurb}<br />"; if ($blurb != "") { $information1 = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\"><img src=\"{$IconPath}/information.png\" border=\"0\" alt=\"" . _("more information") . "\" title=\"" . _("more information") . "\" /></span>"; // This is new details link; you can use the one above if you prefer $information = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\">" . _("about") . "</span>"; } else { $information = ""; } $target = targetBlanker(); $items .= self::generateLayout($row_colour, $url, $target, $item_title, $information, $information1, $icons, $helpguide, $display_note_text, $bonus); $row_count++; } $items .= "</table>"; return $items; }
//depending on step, display content switch ($lintStep) { case 0: //first setup config with site configurations $lobjConfig->displaySetupSiteConfigForm(); break; case 1: //on POST and second step, write configuration and install if (isset($_POST['submit_setup_site_config'])) { $lobjConfig->setNewConfigValues(); if (!$lobjConfig->writeConfigFile()) { //error message $lobjConfig->displayMessage(_("Something went wrong and could not save configurations.")); } else { //include again if config variables have changed include_once 'includes/config.php'; //new installer instance and install and on success show complete page $lobjInstaller = new Installer(); if ($lobjInstaller->install()) { $administrator_email = $_POST['administrator_email']; $db = new Querier(); $db->exec("UPDATE staff SET staff.email=" . $db->quote($administrator_email) . " WHERE staff.staff_id = 1"); $lobjInstaller->displayInstallationCompletePage(); $_SESSION['firstInstall'] = 1; } } } break; } } include_once "includes/footer.php";
////////////////////// // date and time stuff ////////////////////// $today = getdate(); $month = $today['month']; $mday = $today['mday']; $year = $today['year']; $this_year = date("Y"); $todaycomputer = date('Y-m-d H:i:s'); if (isset($_POST['the_suggestion']) && $_POST['skill'] == $stk_answer) { // clean submission and enter into db! Don't show page again. if ($this_name == "") { $this_name = "Anonymous"; } // Make a safe query $query = sprintf("INSERT INTO talkback (`question`, `q_from`, `date_submitted`, `display`, `tbtags`, `answer`) VALUES (%s, %s, %s, 'No', %s, %s)", $db->quote($this_comment), $db->quote($this_name), $db->quote($todaycomputer), $db->quote($set_filter), $db->quote("")); //print $query; $db->query($query); if ($query) { $stage_one = "ok"; } if (isset($debugger) && $debugger == "yes") { print "<p class=\"debugger\">{$query}<br /><strong>from</strong> this file</p>"; } // Send an email if this is turned on if ($send_email_notification == 1) { ini_set("SMTP", $email_server); ini_set("sendmail_from", $sent_from); /* here the subject and header are assembled */ $subject = "Talk Back"; $header = "Return-Path: {$sent_from}\n";
public function getSearch() { $db = new Querier(); $quoted_search = $db->quote('%' . $this->_search . '%'); return $quoted_search; }
p.body LIKE '%" . $location_hint . "/" . $shortName . "%'"; //print $findGuidesQuery; $findGuidesResult = $querier->query($findGuidesQuery); $guides = array(); // for the list of guides in which the file appears if ($findGuidesResult) { foreach ($findGuidesResult as $row) { $guideName = $row['subject']; $guideId = $row['subject_id']; $guides["$guideId"] = $guideName; } } */ $db = new Querier(); $findGuidesQuery = "\n\t\t\t\tSELECT st.fname, st.lname, s.subject, s.subject_id\n\t\t\t\tFROM pluslet p INNER JOIN pluslet_section ps\n\t\t\t\tON p.pluslet_id = ps.pluslet_id\n\t\t\t\tINNER JOIN section sec\n\t\t\t\tON ps.section_id = sec.section_id\n\t\t\t\tINNER JOIN tab t\n\t\t\t\tON sec.tab_id = t.tab_id\n\t\t\t\tINNER JOIN subject s\n\t\t\t\tON t.subject_id = s.subject_id\n\t\t\t\tINNER JOIN staff_subject ss\n\t\t\t\tON s.subject_id = ss.subject_id\n\t\t\t\tINNER JOIN staff st\n\t\t\t\tON ss.staff_id = st.staff_id\n\t\t\t\tWHERE p.body LIKE " . $db->quote('%' . $location_hint . "/" . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . trim(" \\ ") . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . trim(" \\ ") . "image" . trim(" \\ ") . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . "/image/" . $shortName . '%'); $findGuidesResult = $querier->query($findGuidesQuery); $guides = array(); // for the list of guides in which the file appears if ($findGuidesResult) { foreach ($findGuidesResult as $row) { $owner = $row['fname'] . " " . $row['lname']; $guideName = $row['subject']; $guideId = $row['subject_id']; $guides["{$guideId}"] = $guideName; } } else { $owner = ''; } if (empty($guides)) { // the file is an orphan--flag it!
function listCollections($search = "", $display = "default", $show_children = "false") { $db = new Querier(); $whereclause = ""; global $guide_path; if ($search != "") { $search = scrubData($search); $whereclause .= " WHERE subject LIKE '%" . $db->quote($search) . "%'"; } $q = "SELECT collection_id, title, description, shortform FROM {$whereclause} collection ORDER BY title"; $r = $db->query($q); $num_rows = count($r); $switch_row = round($num_rows / 2); $layout = ""; //print $q; $row_count = 1; $colour1 = "oddrow"; $colour2 = "evenrow"; if ($num_rows < 1) { return; } switch ($display) { case "default": $list_collections = "<table class=\"item_listing\" width=\"98%\">"; foreach ($r as $myrow) { $row_colour = $row_count % 2 ? $colour1 : $colour2; $guide_location = "collection.php?d=" . $myrow[3]; $list_collections .= "<tr class=\"zebra {$row_colour}\" style=\"height: 1.5em;\">\n <td><a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a>\n <div style=\"font-size: .9em;\">{$myrow['2']}</div></td></tr>\n"; $row_count++; } $list_collections .= "</table>"; break; case "2col": // for 2 col $col_1 = "<div class=\"pure-u-1 pure-u-md-1-2\"><ul class=\"guide-listing\">"; $col_2 = "<div class=\"pure-u-1 pure-u-md-1-2\"><ul class=\"guide-listing\">"; foreach ($r as $myrow) { $icon = "fa-plus-square"; $title_hover = "See all guides in this collection"; $guide_location = "collection.php?d=" . $myrow[3]; $list_bonus = "<p class=\"collection-description\">{$myrow['2']}</p><ul class=\"collection_list\">"; // Here, we want to show the guides associated with that collection if ($show_children != "false") { // get all kids $q2 = "SELECT s.subject_id, s.subject, s.shortform FROM subject s, collection_subject cs, collection c \n WHERE s.subject_id = cs.subject_id AND cs.collection_id = c.collection_id AND c.collection_id = {$myrow['0']} AND s.active = 1 ORDER BY cs.sort"; $r2 = $db->query($q2); $num_rows2 = count($r2); foreach ($r2 as $mysubguide) { $guide_location2 = $guide_path . $mysubguide[2]; $list_bonus .= "<li><a href=\"{$guide_location2}\">{$mysubguide['1']}</a></li>"; } } $our_item = "<li title=\"{$title_hover}\"><i class=\"fa {$icon}\"></i> <a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a>\n <div class=\"guide_list_bonus\">{$list_bonus}</ul></div>\n </li>"; if ($row_count <= $switch_row) { // first col $col_1 .= $our_item; } else { // even $col_2 .= $our_item; } $row_count++; } // end foreach $col_1 .= "</ul></div>"; $col_2 .= "</ul></div>"; $layout .= "<div class=\"pure-g guide_list\"><div class=\"pure-u-1 guide_list_header\"><a name=\"section-Collection\"></a><h3>" . _("Guide Collections") . "</h3></div><div class=\"pure-u-1 guide-list-expand\">Expand/Hide All</div>" . $col_1 . $col_2 . "</div>"; $list_collections = $layout; break; } return $list_collections; }
function listGuides($search = "", $type = "all") { $db = new Querier(); $andclause = ""; global $guide_path; if ($search != "") { $search = scrubData($search); $andclause .= " AND subject LIKE '%" . $db->quote($search) . "%'"; } if ($type != "all") { $andclause .= " AND type=" . $db->quote($type) . ""; } $q = "SELECT shortform, subject, type FROM subject WHERE active = '1' " . $andclause . " ORDER BY subject"; // $r = $db->query($q); //print $q; $row_count = 0; $colour1 = "oddrow"; $colour2 = "evenrow"; $db = new Querier(); $list_guides = "<table class=\"item_listing\" width=\"98%\">"; foreach ($db->query($q) as $myrow) { $row_colour = $row_count % 2 ? $colour1 : $colour2; $guide_location = $guide_path . $myrow[0]; $list_guides .= "<tr class=\"zebra {$row_colour} type-{$myrow['2']}\" style=\"height: 1.5em;\">\n <td><a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a> \n <div class=\"list_bonus\"></div></td>\n <td class=\"subject\">{$myrow[2]}</td>\n </tr>\n"; $row_count++; } $list_guides .= "</table>"; return $list_guides; }
$social_and_search = ' <div id="guide_nav_tools"> <form id="guide_search" class="pure-form"><!-- AddToAny BEGIN --> <div class="a2a_kit" style="float: left !important;"> <a class="a2a_dd" href="http://www.addtoany.com/share_save"><img src="../assets/images/icons/plus-26.png" border="0" alt="Share" /></a> <a class="a2a_button_twitter"><img src="../assets/images/icons/twitter-26.png" border="0" alt="Twitter" /></a> <a class="a2a_button_facebook"><img src="../assets/images/icons/facebook-26.png" border="0" alt="Facebook" /></a> </div> <script type="text/javascript" src="//static.addtoany.com/menu/page.js"></script> <!-- AddToAny END --> <input id="sp_search" class="find-guide-input ui-autocomplete-input" type="text" placeholder="' . _("Find in Guide") . '" autocomplete="off"/></form> </div> '; if ($check_this) { // get name of quide $q = "select subject, subject_id, extra, description, keywords, redirect_url, header from subject where shortform = " . $db->quote($check_this); //print $q; //$r = $db->query($q); $r = $db->query($q, PDO::FETCH_ASSOC); // If this guide doesn't exist, send them away if (count($r) == 0) { header("location:index.php"); } $redirect_url = $r[0]["redirect_url"]; if (!is_null($redirect_url) && !empty($redirect_url)) { header("Location:{$redirect_url}"); } $subject_name = $r[0]["subject"]; $this_id = $r[0]["subject_id"]; $header_type = $r[0]["header"]; // check for description and keywords, which may be blank since they were added v2
function modifyDB($id, $type) { $db = new Querier(); /* print "<pre>"; print_r($_POST); print "</pre>"; */ // Uses the data from the POST vars to update $pluslet_title = isset($_POST["pluslet_title"]) ? $_POST["pluslet_title"] : ''; $pluslet_body = isset($_POST["pluslet_body"]) ? $_POST["pluslet_body"] : ''; $pluslet_type = isset($_POST["item_type"]) ? $_POST["item_type"] : ''; $pluslet_extra = isset($_POST["special"]) ? $_POST["special"] : ''; $pluslet_hide_titlebar = $_POST["boxsetting_hide_titlebar"]; $pluslet_collapse_body = $_POST["boxsetting_collapse_titlebar"]; $pluslet_favorite_box = $_POST["favorite_box"]; $pluslet_target_blank_links = $_POST['boxsetting_target_blank_links']; if (isset($_POST["boxsetting_titlebar_styling"])) { $pluslet_titlebar_styling = $_POST["boxsetting_titlebar_styling"]; } else { $pluslet_titlebar_styling = null; } // If clone isn't set, set to 0 if (isset($_POST["clone"])) { $pluslet_clone = $_POST["clone"]; } else { $pluslet_clone = 0; } // let's not have those errant slashes if (get_magic_quotes_gpc()) { $pluslet_title = stripcslashes(stripcslashes($pluslet_title)); $pluslet_body = stripslashes(stripslashes($pluslet_body)); $pluslet_extra = stripslashes(stripslashes($pluslet_extra)); } else { $pluslet_title = stripcslashes($pluslet_title); $pluslet_body = stripslashes($pluslet_body); $pluslet_extra = stripslashes($pluslet_extra); } switch ($type) { case "insert": $q = sprintf("INSERT INTO pluslet (title, body, type, clone, extra, hide_titlebar, collapse_body, titlebar_styling, favorite_box, target_blank_links) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $db->quote($pluslet_extra), $db->quote($pluslet_hide_titlebar), $db->quote($pluslet_collapse_body), $db->quote($pluslet_titlebar_styling), $db->quote($pluslet_favorite_box), $db->quote($pluslet_target_blank_links)); $db = new Querier(); $r = $db->exec($q); if ($r) { $id = $db->last_id(); } else { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "update": // update pluslet table //print "$pluslet_extra"; //$q = sprintf("UPDATE pluslet set title = '%s', body = '%s', type = '%s', extra = '%s' WHERE pluslet_id = '$id'", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $pluslet_extra); $q = "UPDATE pluslet SET\n title=" . $db->quote($pluslet_title) . ",\n body=" . $db->quote($pluslet_body) . ",\n type=" . $db->quote($pluslet_type) . ",\n extra=" . $db->quote($pluslet_extra) . ",\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'"; $r = $db->exec($q); //print $q; if ($r === FALSE) { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "settings": // update pluslet table for only settings $q = "UPDATE pluslet SET\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'"; $r = $db->exec($q); //print $q; if ($r === FALSE) { print "<p>There was a problem with your insert:</p>"; print "<p>{$q}</p>"; $id = false; } break; case "delete": $q = "DELETE FROM pluslets WHERE pluslet_id = '{$id}'"; $r = $db->query($q); break; } return $id; }
use SubjectsPlus\Control\Staff; use SubjectsPlus\Control\Querier; $subsubcat = ""; $subcat = "admin"; $page_title = "Admin Source Types"; //print_r($_POST); include "../includes/header.php"; $db = new Querier(); //init $ourlist = ""; $feedback = ""; if (isset($_POST["add_source"])) { //////////////// // Insert title table //////////////// $qInsertSource = "INSERT INTO source (source, rs) VALUES (\n\t\t" . $db->quote(scrubData($_POST["source"])) . ", \n\t\t0\n\t\t)"; $rInsertSource = $db->query($qInsertSource); $feedback = _("Thy Will Be Done. Source list updated."); } if (isset($_POST["update_sources"])) { ////////////////////////////////// // Get the source dept data + sort order ////////////////////////////////// ////////////////////// // Create new array of results ///////////////////// $a = $_POST["source_id"]; $b = $_POST["source"]; $result = array_combine($a, $b); // Loop through array, update departments table $row_count = 1;
$statement->execute(); $stage_one = "ok"; if (isset($debugger) && $debugger == "yes") { // print "<p class=\"debugger\">$query<br /><strong>from</strong> this file</p>"; } // Send an email if this is turned on if ($send_email_notification == 1) { ini_set("SMTP", $email_server); ini_set("sendmail_from", $sent_from); /* here the subject and header are assembled */ $subject = _("New Comment via SubjectsPlus"); $header = "Return-Path: {$sent_from}\n"; $header .= "From: {$sent_from}\n"; $header .= "Content-Type: text/html; charset=iso-8859-1;\n\n"; $message = "<html><body style=\"margin:0;\">\n\t\t\t\t\t<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#d4d4d4\" style=\"height: 100%;\">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td valign=\"top\" align=\"center\">\n\t\t\t\t\t\t<table cellpadding=\"0\" cellspacing=\"0\" bgcolor=\"#FFFFFF\" style=\"width:600px; height:auto;\" border=\"0\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"40\" valign=\"top\" bgcolor=\"#d4d4d4\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"120\" valign=\"middle\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <p style=\"font-size:28px; color:#444; font-family:Helvetica, sans-serif;\">" . _("New Comment Awaits Response") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/calendar.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"150\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Received:") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"380\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#858585; font-family:Helvetica, sans-serif;\">{$month} {$mday}, {$year}</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/contact.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"150\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Contact:") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"380\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#858585; font-family:Helvetica, sans-serif;\">"; $message .= $db->quote($this_name); $message .= "</p></td>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"65\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/comment.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"530\" valign=\"middle\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Comment:") . "</p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \t\t\t\t\t\t \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"60\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td> \n\t\t\t\t\t\t <td width=\"530\" valign=\"top\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:20px; color:#858585; font-family:Helvetica, sans-serif;\">"; $message .= $db->quote($this_comment); $message .= "</p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"50\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"50\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"175\" height=\"50\" valign=\"middle\" bgcolor=\"#FFFFFF\"> </td> \n\t\t\t\t\t\t <td width=\"250\" height=\"50\" valign=\"middle\" align=\"center\" bgcolor=\"#858585\">\n\t\t\t\t\t\t <p style=\"font-size:28px; color:#FFF; font-family:Helvetica, sans-serif;\"><a href=\"http://sp.library.miami.edu/control/talkback\" target=\"_blank\" style=\"color: #FFF; text-decoration:none;\"><span style=\"color: #FFF; text-decoration:none;\">" . _("Reply Now") . "</span></a></p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"175\" height=\"50\" valign=\"middle\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"30\" valign=\"bottom\" align=\"center\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t \t<p style=\"font-size:14px; color:#858585; font-family:Helvetica, sans-serif;\">" . _("You will be required to log in") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"100\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"70\" valign=\"middle\" align=\"center\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/subjectsplus-footer.jpg\" width=\"276\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t</table> \n\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</body>\n\t\t\t\t\t\t</html>"; // begin assembling actual message $success = mail($send_to, "{$subject}", $message, $header); // The below is just for testing purposes if ($success) { $stage_two = "ok"; //print "mail sent to $send_to"; } else { $stage_two = "fail"; //print "mail didn't go to $send_to"; } } if ($stage_one == "ok" && $stage_two == "ok") {
*/ use SubjectsPlus\Control\Querier; $subsubcat = ""; $subcat = "admin"; $page_title = "Admin Guide Collections"; $feedback = ""; //var_dump($_POST); include "../includes/header.php"; include "../includes/autoloader.php"; // Connect to database $db = new Querier(); if (isset($_POST["add_collection"])) { //////////////// // Insert title table //////////////// $qInsertGuideCollection = "INSERT INTO collection (title, description, shortform) VALUES (\n\t\t" . $db->quote(scrubData($_POST["title"])) . ", \n\t\t" . $db->quote(scrubData($_POST["description"])) . ", \n " . $db->quote(scrubData($_POST["shortform"])) . "\n\t\t)"; //print $qInsertGuideCollection; $rInsertGuideCollection = $db->exec($qInsertGuideCollection); if ($rInsertGuideCollection) { $feedback = _("Thy Will Be Done. Guide Collection list updated."); } else { $feedback = _("Thwarted! Something has gone wrong with insert. Contact the admin."); } } if (isset($_POST["update_collections"])) { // get our vars and tidy them $our_collection_id = scrubData($_POST["update_collections"]); // remove all assocations for this collection + this suject $qEmpty = "DELETE FROM collection_subject WHERE collection_id = '{$our_collection_id}'"; //print $qEmpty; $rEmpty = $db->exec($qEmpty);
public function search() { $db = new Querier(); $connection = $db->getConnection(); $search_param = "%" . $this->param . "%"; $subject_id = $this->subject_id; switch ($this->collection) { case "home": $statement = $connection->prepare("SELECT subject_id AS 'id', subject AS 'matching_text',subject AS 'label', description as 'additional_text', shortform AS 'short_form', 'Subject Guide' as 'content_type', '' as 'additional_id', '' as 'parent' FROM subject\n WHERE description LIKE :search_term\n OR subject LIKE :search_term\n OR keywords LIKE :search_term\n UNION\n SELECT p.pluslet_id, p.title,p.title AS 'label', su.subject_id AS 'parent_id', su.shortform, 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE :search_term\n OR p.title LIKE :search_term\n UNION\n SELECT faq_id AS 'id', question AS 'matching_text',question AS 'label', answer as 'additional_text','' AS 'short_form','FAQ' as 'content_type', '' as 'additional_id', '' as 'parent' FROM faq\n WHERE question LIKE :search_term\n OR answer LIKE :search_term\n OR keywords LIKE :search_term\n UNION\n SELECT talkback_id AS 'id', question AS 'matching_text' ,question AS 'label', answer as 'additional_text','' AS 'short_form', 'Talkback' as 'content_type', '' as 'additional_id', '' as 'parent' FROM talkback\n WHERE question LIKE :search_term\n OR answer LIKE :search_term\n UNION\n SELECT staff_id AS 'id', email AS 'matching_text' ,email AS 'label', fname as 'additional_text','' AS 'short_form', 'Staff' as 'content_type', '' as 'additional_id', '' as 'parent' FROM staff\n WHERE fname LIKE :search_term\n OR lname LIKE :search_term\n OR email LIKE :search_term\n OR tel LIKE :search_term\n UNION\n SELECT department_id AS 'id', name AS 'matching_text' , name AS 'label', telephone as 'additional_text','' AS 'short_form', 'Department' as 'content_type', '' as 'additional_id','' as 'parent' FROM department\n WHERE name LIKE :search_term\n OR telephone LIKE :search_term\n UNION\n SELECT video_id AS 'id', title AS 'matching_text' ,title AS 'label', description as 'additional_text','' AS 'short_form', 'Video' as 'content_type', '' as 'additional_id', '' as 'parent' FROM video\n WHERE title LIKE :search_term\n OR description LIKE :search_term\n OR vtags LIKE :search_term"); break; case "guides": $statement = $connection->prepare("SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form' \n FROM subject \n WHERE active = '1'\n AND (subject LIKE :search_term\n OR shortform LIKE :search_term\n OR description LIKE :search_term\n OR keywords LIKE :search_term\n OR type LIKE :search_term)\n "); break; case "all_guides": $statement = $connection->prepare("SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form'\n FROM subject\n WHERE (subject LIKE :search_term\n OR shortform LIKE :search_term\n OR description LIKE :search_term\n OR keywords LIKE :search_term\n OR type LIKE :search_term)\n ORDER BY subject\n "); break; case "guide": $statement = $connection->prepare("SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type',p.type as 'type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE :search_term\n \t\t\t AND t.subject_id = :subject_id"); $statement->bindParam(":subject_id", $subject_id); break; case "current_guide": $statement = $connection->prepare("SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type',p.type as 'type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.title LIKE :search_term\n \t\t\t AND t.subject_id = :subject_id"); $statement->bindParam(":subject_id", $subject_id); break; case "records": $statement = $connection->prepare("SELECT DISTINCT title.title_id as 'id','Record' as 'content_type', title.title as 'label', location.location as 'location_url'\nFROM title\nINNER JOIN location_title\nON title.title_id = location_title.title_id\nINNER JOIN location\nON location.location_id = location_title.location_id\nAND title.title LIKE :search_term"); break; case "azrecords": $statement = $connection->prepare("SELECT DISTINCT title.title_id as 'id','Record' as 'content_type', title.title as 'label', location.location as 'location_url'\nFROM title\nINNER JOIN location_title \nON title.title_id = location_title.title_id\nINNER JOIN location\nON location.location_id = location_title.location_id\nAND eres_display = 'Y'\nAND title.title LIKE :search_term"); break; case "faq": $statement = $connection->prepare("SELECT faq_id AS 'id',question AS 'label', LEFT(question, 55), \n \t\t'FAQ' as 'content_type' FROM faq WHERE question LIKE :search_term"); break; case "talkback": $statement = $connection->prepare("SELECT talkback_id AS 'id',question AS 'label','Talkback' \n \t\tas content_type, LEFT(question, 55) FROM talkback WHERE question LIKE :search_term"); break; case "admin": $statement = $connection->prepare("SELECT staff_id AS 'id',email AS 'label','Staff' \n \t\tas 'content_type', CONCAT(fname, ' ', lname, ' (', email, ')') as fullname \n \t\tFROM staff WHERE (fname LIKE :search_term) OR (lname LIKE :search_term)"); break; case "pluslet": $statement = $connection->prepare("SELECT p.pluslet_id AS 'pluslet_id', p.title,p.title AS 'label',p.type as 'type', p.pluslet_id AS 'id', su.shortform as 'short_form', 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.title LIKE :search_term\n \t\t\t\n \t\t\t\t"); break; case "my_pluslets": $statement = $connection->prepare("SELECT p.pluslet_id AS 'pluslet_id', p.title,p.title AS 'label',p.type as 'type', p.pluslet_id AS 'id', su.shortform as 'short_form', 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n INNER JOIN staff_subject AS st_sub\n ON st_sub.subject_id = su.subject_id\n WHERE p.title LIKE :search_term\n AND st_sub.staff_id = :staff_id\n \t\t\t\n \t\t\t\t"); $statement->bindParam(":staff_id", $this->staff_id); break; } $search_param = '%' . $search_param . '%'; $statement->bindParam(":search_term", $search_param); $statement->execute(); $result = $statement->fetchAll(); $arr = array(); $i = 0; // This takes the results and creates an array that will be turned into JSON foreach ($result as $myrow) { //add no title label if empty $myrow['label'] = empty($myrow['label']) ? '[no title]' : $myrow['label']; $arr[$i]['label'] = html_entity_decode($myrow['label']); if (isset($myrow['content_type'])) { if (isset($myrow['id'])) { $arr[$i]['id'] = $myrow['id']; } $arr[$i]['content_type'] = $myrow['content_type']; if (isset($myrow['location_url'])) { $arr[$i]['location_url'] = $myrow['location_url']; } if (isset($myrow['short_form'])) { $arr[$i]['shortform'] = $myrow['short_form']; } if (isset($myrow['matching_text'])) { $arr[$i]['value'] = $myrow['matching_text']; } if (isset($myrow['parent'])) { $arr[$i]['parent'] = $myrow['parent']; } if (isset($myrow['additional_id'])) { $arr[$i]['parent_id'] = $myrow['additional_id']; } switch ($myrow['content_type']) { case "Record": $arr[$i]['label'] = html_entity_decode($myrow['label']); if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'record.php?record_id=' . $myrow['id']; } else { $db = new Querier(); $record_url_sql = "SELECT location, title\n FROM location l, title t, location_title lt \n WHERE t.title_id = lt.title_id\n AND l.location_id = lt.location_id AND t.title_id = " . $db->quote($myrow['id']) . " "; $record_url_result = $db->query($record_url_sql); if (isset($record_url_result[0]['location'])) { $arr[$i]['url'] = $record_url_result[0]['location']; } else { $arr[$i]['url'] = ''; } } break; case "Subject Guide": if ($this->getSearchPage() == "control") { $arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['id']; } else { $arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form']; } break; case "FAQ": $arr[$i]['label'] = html_entity_decode($myrow['label']); $arr[$i]['url'] = 'faq.php?faq_id=' . $myrow['id']; break; case "Pluslet": if ($this->getSearchPage() == "control") { $arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['label'] = html_entity_decode($myrow['label']); if (isset($myrow['type'])) { $arr[$i]['type'] = $myrow['type']; } if (isset($arr[$i]['pluslet_id'])) { $arr[$i]['pluslet_id'] = $myrow['id']; } } else { $arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['tab_index'] = $myrow['additional_id']; $arr[$i]['pluslet_id'] = $myrow['id']; } break; case "Talkback": $arr[$i]['label'] = html_entity_decode($myrow['label']); if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'talkback.php?talkback_id=' . $myrow['id']; } else { $arr[$i]['url'] = 'talkback.php'; } break; case "Staff": if ($myrow['fullname'] != null) { $arr[$i]['label'] = $myrow['fullname']; } else { $arr[$i]['label'] = ""; } if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'user.php?staff_id=' . $myrow['id']; } else { $name = explode('@', $myrow['label']); $arr[$i]['url'] = 'staff_details.php?name=' . $name[0]; } break; } } else { $arr[$i]['value'] = $myrow[0]; } $i++; } $response = json_encode($arr); return $response; }
// Get the name of the collection $query = "SELECT name, description FROM faqpage WHERE faqpage_id = '{$postvar_coll_id}'"; $db = new Querier(); $name = $db->query($query); $page_title = "FAQS: {$name[0][0]}"; $intro = stripslashes(htmlspecialchars_decode($name[0][1])); } elseif ($postvar_faq_id != "") { $displaytype = "single"; $page_title = "Library FAQs"; } else { $displaytype = "splashpage"; $page_title = "Library FAQs"; } include "includes/header_um.php"; if ($displaytype == "search") { $full_query = "SELECT faq_id, question, answer, keywords\n\tFROM `faq`\n\tWHERE (question like " . $db->quote("%" . $search_clause . "%") . " OR answer like " . $db->quote("%" . $search_clause . "%") . " OR keywords like " . $db->quote("%" . $search_clause . "%") . ")\n\tGroup BY question"; $intro = "<p>Search for <strong>{$search_clause}</strong>.</p>"; } elseif ($displaytype == "all") { $full_query = "SELECT distinct faq_id, question, answer, keywords\n\tFROM `faq`\n\tORDER BY question"; $intro = ""; } elseif ($displaytype == "bysubject") { $full_query = "SELECT f.faq_id, question, answer, f.keywords, subject\n\tFROM `faq` f, faq_subject fs, subject s\n\tWHERE f.faq_id = fs.faq_id\n\tAND fs.subject_id = s.subject_id\n\tAND s.subject_id = '{$postvar_subject_id}'\n\tORDER BY question"; $intro = ""; } elseif ($displaytype == "single") { $full_query = "SELECT faq_id, question, answer, keywords\n\tFROM `faq`\n\tWHERE faq_id = '{$postvar_faq_id}'"; $intro = ""; } elseif ($displaytype == "collection") { $full_query = "SELECT f.faq_id, question, answer, keywords\n\tFROM faq f, faq_faqpage ff, faqpage fp\n\tWHERE f.faq_id = ff.faq_id\n\tAND fp.faqpage_id = ff.faqpage_id\n\tAND fp.faqpage_id = '{$postvar_coll_id}'\n\tORDER BY fp.name, question"; $intro = ""; } else { // This is the default
function dupeCheck() { $db = new Querier(); // returns TRUE is there is already an item with that subject or shortform if ($this->_subject_id == "") { // INSERT $qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform)); } else { // UPDATE $qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform)) . " AND subject_id != " . $this->_subject_id; } //print $qcheck; $db = new Querier(); $rcheck = $db->query($qcheck); $this->_debug .= "<p>Dupe check: {$qcheck}</p>"; if (count($rcheck) == 0) { return FALSE; } else { return TRUE; } }
function modifyLocation() { $db = new Querier(); foreach ($this->_location_id as $key => $value) { // wipe entry in location_title if ($value == "") { // Blank location, do an insert $qInsertLoc = "INSERT INTO location (format, call_number, location, access_restrictions, eres_display, display_note, ctags, helpguide) VALUES (\n\t\t\t\t'" . scrubData($this->_format[$key], "integer") . "',\n\t\t\t\t" . $db->quote(scrubData($this->_call_number[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_location[$key])) . ",\n\t\t\t\t'" . scrubData($this->_access_restrictions[$key], "integer") . "',\n\t\t\t\t'" . scrubData($this->_eres_display[$key]) . "',\n\t\t\t\t" . $db->quote(scrubData($this->_display_note[$key], "richtext")) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_ctags[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_helpguide[$key])) . "\n\t\t\t\t)"; $rInsertLoc = $db->exec($qInsertLoc); $this->_debug .= "<p>5a. insert location loop: {$qInsertLoc}</p>"; if (!$rInsertLoc) { echo blunDer("We have a problem with the insert locations query: {$qInsertLoc}"); } $current_location_id = $db->last_id(); } else { // Existing location, do an update $qUpLoc = "UPDATE location SET format = '" . scrubData($this->_format[$key], "integer") . "', call_number = '" . scrubData($this->_call_number[$key]) . "', location = '" . scrubData($this->_location[$key]) . "', access_restrictions = '" . scrubData($this->_access_restrictions[$key], "integer") . "', eres_display = '" . scrubData($this->_eres_display[$key]) . "', display_note = '" . scrubData($this->_display_note[$key], "richtext") . "', ctags = " . $db->quote(scrubData($this->_ctags[$key])) . ", helpguide = " . $db->quote(scrubData($this->_helpguide[$key])) . " WHERE location_id = " . scrubData($this->_location_id[$key], "integer"); $rUpLoc = $db->exec($qUpLoc); $this->_debug .= "<p>5b. update location loop: {$qUpLoc}</p>"; if ($rUpLoc === FALSE) { echo blunDer("We have a problem with the update locations query: {$qUpLoc}"); } $current_location_id = scrubData($this->_location_id[$key]); $this->_debug .= "<p>current loc id = {$current_location_id}"; } // If/else over, now do an insert to location_title $qInsertLocTitle = "INSERT INTO location_title (title_id, location_id) VALUES (\n\t" . scrubData($this->_title_id, "integer") . ",\n\t{$current_location_id}\n\t)"; $this->_debug .= "<p>6. insert into location_title: {$qInsertLocTitle}</p>"; $rInsertLocTitle = $db->exec($qInsertLocTitle); if (!$rInsertLocTitle) { echo blunDer("We have a problem with the insert location_title query: {$qInsertLocTitle}"); } } }
public function search() { $db = new Querier(); $search_param = $db->quote("%" . $this->param . "%"); $subject_id = $db->quote($this->subject_id); switch ($this->collection) { case "home": $q = "SELECT subject_id AS 'id', subject AS 'matching_text',subject AS 'label', description as 'additional_text', shortform AS 'short_form', 'Subject Guide' as 'content_type', '' as 'additional_id', '' as 'parent' FROM subject\n WHERE description LIKE " . $search_param . "\n OR subject LIKE " . $search_param . "\n OR keywords LIKE " . $search_param . "\n UNION\n SELECT p.pluslet_id, p.title,p.title AS 'label', su.subject_id AS 'parent_id', su.shortform, 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE " . $search_param . "\n OR p.title LIKE " . $search_param . "\n\n UNION\n SELECT faq_id AS 'id', question AS 'matching_text',question AS 'label', answer as 'additional_text','' AS 'short_form','FAQ' as 'content_type', '' as 'additional_id', '' as 'parent' FROM faq\n WHERE question LIKE " . $search_param . "\n OR answer LIKE " . $search_param . "\n OR keywords LIKE " . $search_param . "\n UNION\n SELECT talkback_id AS 'id', question AS 'matching_text' ,question AS 'label', answer as 'additional_text','' AS 'short_form', 'Talkback' as 'content_type', '' as 'additional_id', '' as 'parent' FROM talkback\n WHERE question LIKE " . $search_param . "\n OR answer LIKE " . $search_param . "\n UNION\n SELECT staff_id AS 'id', email AS 'matching_text' ,email AS 'label', fname as 'additional_text','' AS 'short_form', 'Staff' as 'content_type', '' as 'additional_id', '' as 'parent' FROM staff\n WHERE fname LIKE " . $search_param . "\n OR lname LIKE " . $search_param . "\n OR email LIKE " . $search_param . "\n OR tel LIKE " . $search_param . "\n UNION\n SELECT department_id AS 'id', name AS 'matching_text' , name AS 'label', telephone as 'additional_text','' AS 'short_form', 'Department' as 'content_type', '' as 'additional_id','' as 'parent' FROM department\n WHERE name LIKE " . $search_param . "\n OR telephone LIKE " . $search_param . "\n UNION\n SELECT video_id AS 'id', title AS 'matching_text' ,title AS 'label', description as 'additional_text','' AS 'short_form', 'Video' as 'content_type', '' as 'additional_id', '' as 'parent' FROM video\n WHERE title LIKE " . $search_param . "\n OR description LIKE " . $search_param . "\n OR vtags LIKE " . $search_param; break; case "guides": $q = "SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form' FROM subject WHERE subject LIKE " . $search_param . "OR shortform LIKE " . $search_param . "OR description LIKE " . $search_param . "OR keywords LIKE " . $search_param . "OR type LIKE " . $search_param; break; case "guide": $q = "SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE " . $search_param . " AND t.subject_id = " . $subject_id; break; case "records": $q = "SELECT title_id AS 'id', 'Record' as 'content_type',title AS 'label', title FROM title WHERE title LIKE " . $search_param; break; case "faq": $q = "SELECT faq_id AS 'id',question AS 'label', LEFT(question, 55), 'FAQ' as 'content_type' FROM faq WHERE question LIKE " . $search_param; break; case "talkback": $q = "SELECT talkback_id AS 'id',question AS 'label','Talkback' as content_type, LEFT(question, 55) FROM talkback WHERE question LIKE " . $search_param; break; case "admin": $q = "SELECT staff_id AS 'id',email AS 'label','Staff' as 'content_type', CONCAT(fname, ' ', lname, ' (', email, ')') as fullname FROM staff WHERE (fname LIKE " . $search_param . ") OR (lname LIKE " . $search_param . ")"; break; } //print_r ($q); $result = $db->query($q); $arr = array(); $i = 0; // This takes the results and creates an array that will be turned into JSON foreach ($result as $myrow) { //add no title label if empty $myrow['label'] = empty($myrow['label']) ? '[no title]' : $myrow['label']; $arr[$i]['label'] = $myrow['label']; if (isset($myrow['content_type'])) { $arr[$i]['id'] = $myrow['id']; if (isset($myrow['short_form'])) { $arr[$i]['shortform'] = $myrow['short_form']; } if (isset($myrow['matching_text'])) { $arr[$i]['value'] = $myrow['matching_text']; } if (isset($myrow['content_type'])) { $arr[$i]['content_type'] = $myrow['content_type']; } if (isset($myrow['parent'])) { $arr[$i]['parent'] = $myrow['parent']; } if (isset($myrow['additional_id'])) { $arr[$i]['parent_id'] = $myrow['additional_id']; } switch ($myrow['content_type']) { case "Record": $arr[$i]['label'] = $myrow['label']; if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'record.php?record_id=' . $myrow['id']; } else { $db = new Querier(); $record_url_sql = "SELECT location, title\n\t\t\t\tFROM location l, title t, location_title lt \n\t\t\t\tWHERE t.title_id = lt.title_id\n\t\t\t\tAND l.location_id = lt.location_id AND t.title_id = " . $db->quote($myrow['id']) . " "; $record_url_result = $db->query($record_url_sql); if (isset($record_url_result[0]['location'])) { $arr[$i]['url'] = $record_url_result[0]['location']; } else { $arr[$i]['url'] = ''; } } break; case "Subject Guide": if ($this->getSearchPage() == "control") { $arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['id']; } else { $arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form']; } break; case "FAQ": $arr[$i]['label'] = $myrow['label']; $arr[$i]['url'] = 'faq.php?faq_id=' . $myrow['id']; break; case "Pluslet": if ($this->getSearchPage() == "control") { $arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['label'] = $myrow['label']; } else { $arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id']; $arr[$i]['tab_index'] = $myrow['additional_id']; } break; case "Talkback": $arr[$i]['label'] = $myrow['label']; if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'talkback.php?talkback_id=' . $myrow['id']; } else { $arr[$i]['url'] = 'talkback.php'; } break; case "Staff": $arr[$i]['label'] = $myrow['fullname']; if ($this->getSearchPage() == "control") { $arr[$i]['url'] = 'user.php?staff_id=' . $myrow['id']; } else { $name = explode('@', $myrow['label']); $arr[$i]['url'] = 'staff_details.php?name=' . $name[0]; } break; } } else { $arr[$i]['value'] = $myrow[0]; } $i++; } $response = json_encode($arr); return $response; }
*/ use SubjectsPlus\Control\Querier; $subsubcat = ""; $subcat = "admin"; $page_title = "Admin FAQ Collections"; // print_r($_POST); include "../includes/header.php"; $db = new Querier(); //init $ourlist = ""; $feedback = ""; if (isset($_POST["add_collection"])) { //////////////// // Insert title table //////////////// $qInsert = "INSERT INTO faqpage (name, description) VALUES (\n\t\t" . $db->quote(scrubData($_POST["new_coll_name"])) . ", ''\n\t\t)"; $rInsert = $db->exec($qInsert); if ($rInsert !== FALSE) { $feedback = _("Thy Will Be Done. Updated."); } else { $feedback = _("Thwarted! Something has gone wrong with the insert. Contact the admin."); } } if (isset($_POST["update_collections"])) { ////////////////////////////////// // Get the source dept data + sort order ////////////////////////////////// ////////////////////// // Create new array of results ///////////////////// $a = $_POST["faqpage_id"];