RunQuery($sSQL);
}
}
}
if (isset($_POST["SaveChanges"])) {
$bErrorFlag = false;
$bDuplicateFound = false;
// Get the original list of options..
$sSQL = "SELECT mid, name FROM menuconfig_mcf WHERE parent='{$menu}' ORDER BY sortorder";
$rsList = RunQuery($sSQL);
$numRows = mysql_num_rows($rsList);
for ($row = 1; $row <= $numRows; $row++) {
$aRow = mysql_fetch_array($rsList, MYSQL_BOTH);
$aOldNameFields[$row] = $aRow["name"];
$aNameFields[$row] = FilterInput($_POST[$row . "name"]);
$amid[$row] = FilterInput($_POST[$row . "mid"]);
}
for ($row = 1; $row <= $numRows; $row++) {
if (strlen($aNameFields[$row]) == 0) {
$aNameError[$row] = 1;
$bErrorFlag = true;
} elseif ($row < $numRows) {
$aNameErrors[$row] = 0;
for ($rowcmp = $row + 1; $rowcmp <= $numRows; $rowcmp++) {
if ($aNameFields[$row] == $aNameFields[$rowcmp]) {
$bDuplicateNameError[$row] = gettext("Name cannot be duplicated");
$aNameError[$row] = 2;
$bErrorFlag = true;
break;
}
}
function ValidateInput()
{
global $rsParameters;
global $_POST;
global $vPOST;
global $aErrorText;
//Initialize the validated post array, error text array, and the error flag
$vPOST = array();
$aErrorText = array();
$bError = false;
//Are there any parameters to loop through?
if (mysql_num_rows($rsParameters)) {
mysql_data_seek($rsParameters, 0);
}
while ($aRow = mysql_fetch_array($rsParameters)) {
extract($aRow);
//Is the value required?
if ($qrp_Required && strlen(trim($_POST[$qrp_Alias])) < 1) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value is required.");
} else {
//Validate differently depending on the contents of the qrp_Validation field
switch ($qrp_Validation) {
//Numeric validation
case "n":
//Is it a number?
if (!is_numeric($_POST[$qrp_Alias])) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value must be numeric.");
} else {
//Is it more than the minimum?
if ($_POST[$qrp_Alias] < $qrp_NumericMin) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value must be at least ") . $qrp_NumericMin;
} elseif ($_POST[$qrp_Alias] > $qrp_NumericMax) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value cannot be more than ") . $qrp_NumericMax;
}
}
$vPOST[$qrp_Alias] = FilterInput($_POST[$qrp_Alias], 'int');
break;
//Alpha validation
//Alpha validation
case "a":
//Is the length less than the maximum?
if (strlen($_POST[$qrp_Alias]) > $qrp_AlphaMaxLength) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value cannot be more than ") . $qrp_AlphaMaxLength . gettext(" characters long");
} elseif (strlen($_POST[$qrp_Alias]) < $qrp_AlphaMinLength) {
$bError = true;
$aErrorText[$qrp_Alias] = gettext("This value cannot be less than ") . $qrp_AlphaMinLength . gettext(" characters long");
}
$vPOST[$qrp_Alias] = FilterInput($_POST[$qrp_Alias]);
break;
default:
$vPOST[$qrp_Alias] = FilterInput($_POST[$qrp_Alias]);
break;
}
}
}
}
}
}
// If no errors, then update.
if (!$bErrorFlag) {
for ($iFieldID = 1; $iFieldID <= $numRows; $iFieldID++) {
if (array_key_exists($iFieldID, $aNameFields)) {
$sSQL = "UPDATE `volunteeropportunity_vol`\n\t SET `vol_Name` = '" . $aNameFields[$iFieldID] . "',\n\t `vol_Description` = '" . $aDescFields[$iFieldID] . "' WHERE `vol_ID` = '" . $aIDFields[$iFieldID] . "';";
RunQuery($sSQL);
}
}
}
} else {
if (isset($_POST["AddField"])) {
// Check if we're adding a VolOp
$newFieldName = FilterInput($_POST["newFieldName"]);
$newFieldDesc = FilterInput($_POST["newFieldDesc"]);
if (strlen($newFieldName) == 0) {
$bNewNameError = true;
} else {
// Insert into table
// there must be an easier way to get the number of rows in order to generate the last order number.
$sSQL = "SELECT * FROM `volunteeropportunity_vol`";
$rsOpps = RunQuery($sSQL);
$numRows = mysql_num_rows($rsOpps);
$newOrder = $numRows + 1;
$sSQL = "INSERT INTO `volunteeropportunity_vol` \n (`vol_ID` , `vol_Order` , `vol_Name` , `vol_Description`)\n VALUES ('', '" . $newOrder . "', '" . $newFieldName . "', '" . $newFieldDesc . "');";
RunQuery($sSQL);
$bNewNameError = false;
}
}
// Get data for the form as it now exists..
// Save Settings
if ($_POST['save']) {
$new_value = $_POST['new_value'];
$new_permission = $_POST['new_permission'];
$type = $_POST['type'];
ksort($type);
reset($type);
while ($current_type = current($type)) {
$id = key($type);
// Filter Input
if ($current_type == 'text' || $current_type == "textarea") {
$value = FilterInput($new_value[$id]);
} elseif ($current_type == 'number') {
$value = FilterInput($new_value[$id], "float");
} elseif ($current_type == 'date') {
$value = FilterInput($new_value[$id], "date");
} elseif ($current_type == 'boolean') {
if ($new_value[$id] != "1") {
$value = "";
} else {
$value = "1";
}
}
if ($new_permission[$id] != "TRUE") {
$permission = "FALSE";
} else {
$permission = "TRUE";
}
// Save new setting
$sSQL = "UPDATE userconfig_ucfg " . "SET ucfg_value='{$value}', ucfg_permission='{$permission}' " . "WHERE ucfg_id='{$id}' AND ucfg_per_id='0' ";
$rsUpdate = RunQuery($sSQL);
require "Include/Functions.php";
//Get the GroupID out of the querystring
$iGroupID = FilterInput($_GET["GroupID"], 'int');
$linkBack = FilterInput($_GET["linkBack"]);
$tName = FilterInput($_GET["Name"]);
//Set the page title
$sPageTitle = gettext("Schedule Group Meeting");
//Is this the second pass?
if (isset($_POST["Submit"])) {
$dDate = FilterInput($_POST["Date"]);
$iHour = FilterInput($_POST["Hour"]);
$iMinutes = FilterInput($_POST["Minutes"]);
$nNotifyAhead = FilterInput($_POST["NotifyAhead"]);
$tName = FilterInput($_POST["Name"]);
$tDescription = FilterInput($_POST["Description"]);
$nDuration = FilterInput($_POST["Duration"]);
// Validate Date
if (strlen($dDate) > 0) {
list($iYear, $iMonth, $iDay) = sscanf($dDate, "%04d-%02d-%02d");
if (!checkdate($iMonth, $iDay, $iYear)) {
$sDateError = "<span style=\"color: red; \">" . gettext("Not a valid Date") . "</span>";
$bErrorFlag = true;
}
}
//If no errors, then let's update...
if (!$bErrorFlag) {
//Get all the members of this group
$sSQL = "SELECT * FROM person_per, person2group2role_p2g2r WHERE per_ID = p2g2r_per_ID AND p2g2r_grp_ID = " . $iGroupID;
$rsGroupMembers = RunQuery($sSQL);
$calDbId = mysql_select_db($sWEBCALENDARDB);
$q = "SELECT MAX(cal_id) AS calID FROM webcal_entry";
echo gettext("Checked Out Time");
?>
</strong></td>
<td width="20%"><strong><?php
echo gettext("Checked Out By");
?>
</strong></td>
<td width="10%" nowrap><strong><?php
echo gettext("Action");
?>
</strong></td>
</tr>
<?php
if (isset($_POST["EventID"])) {
$EventID = FilterInput($_POST["EventID"], 'int');
$sSQL = "SELECT * FROM event_attend WHERE event_id = '{$EventID}' ";
// ORDER BY person_id";
$rsOpps = RunQuery($sSQL);
$numAttRows = mysql_num_rows($rsOpps);
if ($numAttRows != 0) {
$sRowClass = "RowColorA";
for ($na = 0; $na < $numAttRows; $na++) {
$attRow = mysql_fetch_array($rsOpps, MYSQL_BOTH);
extract($attRow);
//Get Person who is checked in
$sSQL = "SELECT * FROM person_per WHERE per_ID = {$person_id} ";
$perOpps = RunQuery($sSQL);
$perRow = mysql_fetch_array($perOpps, MYSQL_BOTH);
extract($perRow);
$sPerson = FormatFullName($per_Title, $per_FirstName, $per_MiddleName, $per_LastName, $per_Suffix, 3);
require "../Include/ReportFunctions.php";
require "../Include/ReportConfig.php";
// Security
if (!$_SESSION['bFinance'] && !$_SESSION['bAdmin']) {
Redirect("Menu.php");
exit;
}
$iBankSlip = FilterInput($_GET["BankSlip"]);
if (!$iBankSlip) {
$iBankSlip = FilterInput($_POST["report_type"]);
}
$output = FilterInput($_POST["output"]);
if (!$output) {
$output = "pdf";
}
$iDepositSlipID = FilterInput($_POST["deposit"], "int");
if (!$iDepositSlipID) {
$iDepositSlipID = $_SESSION['iCurrentDeposit'];
}
// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
// If no DepositSlipId, redirect to the menu
if (!$_SESSION['bAdmin'] && $bCSVAdminOnly && $output != "pdf" || !$iDepositSlipID) {
Redirect("Menu.php");
exit;
}
// SQL Statement
//Get the payments for this deposit slip
$sSQL = "SELECT plg_plgID, plg_date, SUM(plg_amount) as plg_sum, plg_CheckNo, plg_method, plg_comment, fun_Name, a.fam_Name AS FamilyName, a.fam_Address1, a.fam_Address2, a.fam_City, a.fam_State, a.fam_Zip FROM pledge_plg \n\t\tLEFT JOIN family_fam a ON plg_FamID = a.fam_ID\n\t\tLEFT JOIN donationfund_fun b ON plg_fundID = b.fun_ID\n\t\tWHERE plg_PledgeOrPayment = 'Payment' AND plg_depID = " . $iDepositSlipID . " GROUP BY CONCAT('Fam',plg_FamID,'Ck',plg_CheckNo) ORDER BY pledge_plg.plg_method DESC, pledge_plg.plg_date";
$rsPledges = RunQuery($sSQL);
// Exit if no rows returned
$iCountRows = mysql_num_rows($rsPledges);
$sTypeName = $_POST['EventTypeName'];
$iTypeID = $_POST['EventTypeID'];
$EventExists = $_POST['EventExists'];
$sEventTitle = FilterInput($_POST['EventTitle']);
$sEventDesc = FilterInput($_POST['EventDesc']);
$sEventStartDate = $_POST['EventStartDate'];
$sEventStartTime = $_POST['EventStartTime'];
if (empty($_POST['EventTitle'])) {
$bTitleError = true;
$iErrors++;
}
if (empty($_POST['EventDesc'])) {
$bDescError = true;
$iErrors++;
}
$sEventText = FilterInput($_POST['EventText']);
if (empty($_POST['EventStartDate'])) {
$bESDError = true;
$iErrors++;
}
if (empty($_POST['EventStartTime'])) {
$bESTError = true;
$iErrors++;
} else {
$aESTokens = explode(":", $_POST['EventStartTime']);
$iEventStartHour = $aESTokens[0];
$iEventStartMins = $aESTokens[1];
}
$sEventStart = $sEventStartDate . " " . $sEventStartTime;
$sEventEndDate = $_POST['EventEndDate'];
$sEventEndTime = $_POST['EventEndTime'];
$iFamily = FilterInput($_POST["Family"], 'int');
$sSQL = "UPDATE family_fam SET fam_scanCheck=\"" . $tScanString . "\" WHERE fam_ID = " . $iFamily;
RunQuery($sSQL);
}
//Get all the variables from the request object and assign them locally
$iFYID = FilterInput($_POST["FYID"], 'int');
$dDate = FilterInput($_POST["Date"]);
$nAmount = FilterInput($_POST["Amount"]);
$iSchedule = FilterInput($_POST["Schedule"]);
$iMethod = FilterInput($_POST["Method"]);
$sComment = FilterInput($_POST["Comment"]);
$iFundID = FilterInput($_POST["FundID"], 'int');
$tScanString = FilterInput($_POST["ScanInput"]);
$iAutID = FilterInput($_POST["AutoPay"]);
$nNonDeductible = FilterInput($_POST["NonDeductible"]);
$iEnvelope = FilterInput($_POST["Envelope"], 'int');
if ($iAutID == "") {
$iAutID = 0;
}
if ($iSchedule == '') {
$iSchedule = 'Once';
}
if ($nNonDeductible == '') {
$nNonDeductible = 0;
}
if (!$iCheckNo) {
$iCheckNo = "NULL";
}
$_SESSION['idefaultFY'] = $iFYID;
// Remember default fiscal year
$_SESSION['idefaultFundID'] = $iFundID;
case 'female':
case 'f':
case 'girl':
case 'woman':
case "2":
$sSQLpersonData .= "2, ";
break;
default:
$sSQLpersonData .= "0, ";
break;
}
break;
// Donation envelope.. make sure it's available!
// Donation envelope.. make sure it's available!
case 7:
$iEnv = FilterInput($aData[$col], 'int');
$sSQL = "SELECT '' FROM person_per WHERE per_Envelope = " . $iEnv;
$rsTemp = RunQuery($sSQL);
if (mysql_num_rows($rsTemp) == 0) {
$sSQLpersonData .= $iEnv . ", ";
} else {
$sSQLpersonData .= "NULL, ";
}
break;
// Birth date.. parse multiple date standards.. then split into day,month,year
// Birth date.. parse multiple date standards.. then split into day,month,year
case 19:
$sDate = $aData[$col];
$aDate = ParseDate($sDate, $iDateMode);
$sSQLpersonData .= $aDate[0] . "," . $aDate[1] . "," . $aDate[2] . ",";
break;
******************************************************************************/
require "../Include/Config.php";
require "../Include/Functions.php";
require "../Include/ReportFunctions.php";
require "../Include/ReportConfig.php";
// Security
if (!$_SESSION['bFinance'] && !$_SESSION['bAdmin']) {
Redirect("Menu.php");
exit;
}
// Filter values
$output = FilterInput($_POST["output"]);
$sDateStart = FilterInput($_POST["DateStart"], "date");
$sDateEnd = FilterInput($_POST["DateEnd"], "date");
$letterhead = FilterInput($_POST["letterhead"]);
$remittance = FilterInput($_POST["remittance"]);
// If CSVAdminOnly option is enabled and user is not admin, redirect to the menu.
if (!$_SESSION['bAdmin'] && $bCSVAdminOnly && $output != "pdf") {
Redirect("Menu.php");
exit;
}
$today = date("Y-m-d");
if (!$sDateEnd && $sDateStart) {
$sDateEnd = $sDateStart;
}
if (!$sDateStart && $sDateEnd) {
$sDateStart = $sDateEnd;
}
if (!$sDateStart && !$sDateEnd) {
$sDateStart = $today;
$sDateEnd = $today;
$dWeddingDate = "NULL";
}
// Validate Email
if (strlen($sEmail) > 0) {
if (checkEmail($sEmail) == false) {
$sEmailError = "<span style=\"color: red; \">" . gettext("Email is Not Valid") . "</span>";
$bErrorFlag = true;
} else {
$sEmail = $sEmail;
}
}
// Validate all the custom fields
$aCustomData = array();
while ($rowCustomField = mysql_fetch_array($rsCustomFields, MYSQL_BOTH)) {
extract($rowCustomField);
$currentFieldData = FilterInput($_POST[$fam_custom_Field]);
$bErrorFlag |= !validateCustomField($type_ID, $currentFieldData, $fam_custom_Field, $aCustomErrors);
// assign processed value locally to $aPersonProps so we can use it to generate the form later
$aCustomData[$fam_custom_Field] = $currentFieldData;
}
//If no errors, then let's update...
if (!$bErrorFlag) {
// Format the phone numbers before we store them
if (!$bNoFormat_HomePhone) {
$sHomePhone = CollapsePhoneNumber($sHomePhone, $sCountry);
}
if (!$bNoFormat_WorkPhone) {
$sWorkPhone = CollapsePhoneNumber($sWorkPhone, $sCountry);
}
if (!$bNoFormat_CellPhone) {
$sCellPhone = CollapsePhoneNumber($sCellPhone, $sCountry);
if (mysql_num_rows($rsExistingFamily) > 0) {
extract(mysql_fetch_array($rsExistingFamily));
$famid = $fam_ID;
if (array_key_exists($famid, $Families)) {
$Families[$famid]->AddMember($per_ID, $iGender, GetAge($iBirthMonth, $iBirthDay, $iBirthYear), $dWedding, $per_HomePhone, $iEnvelope);
}
} else {
$sSQL = "INSERT INTO family_fam (fam_ID,\n fam_Name, \n fam_Address1, \n fam_Address2, \n fam_City, \n fam_State, \n fam_Zip, \n fam_Country, \n fam_HomePhone, \n fam_WorkPhone, \n fam_CellPhone, \n fam_Email, \n fam_DateEntered, \n fam_EnteredBy)\n VALUES (NULL, " . "\"" . $per_LastName . "\", " . "\"" . $sAddress1 . "\", " . "\"" . $sAddress2 . "\", " . "\"" . $sCity . "\", " . "\"" . $sState . "\", " . "\"" . $sZip . "\", " . "\"" . $per_Country . "\", " . "\"" . $per_HomePhone . "\", " . "\"" . $per_WorkPhone . "\", " . "\"" . $per_CellPhone . "\", " . "\"" . $per_Email . "\"," . "\"" . date("YmdHis") . "\"," . "\"" . $_SESSION['iUserID'] . "\");";
RunQuery($sSQL);
$sSQL = "SELECT LAST_INSERT_ID()";
$rsFid = RunQuery($sSQL);
$aFid = mysql_fetch_array($rsFid);
$famid = $aFid[0];
$sSQL = "INSERT INTO `family_custom` (`fam_ID`) VALUES ('" . $famid . "')";
RunQuery($sSQL);
$fFamily = new Family(FilterInput($_POST["FamilyMode"], 'int'));
$fFamily->AddMember($per_ID, $iGender, GetAge($iBirthMonth, $iBirthDay, $iBirthYear), $dWedding, $per_HomePhone, $iEnvelope);
$Families[$famid] = $fFamily;
}
$sSQL = "UPDATE person_per SET per_fam_ID = " . $famid . " WHERE per_ID = " . $per_ID;
RunQuery($sSQL);
if ($bHasFamCustom) {
// Check if family_custom record exists
$sSQL = "SELECT fam_id FROM family_custom WHERE fam_id = {$famid}";
$rsFamCustomID = RunQuery($sSQL);
if (mysql_num_rows($rsFamCustomID) == 0) {
$sSQL = "INSERT INTO `family_custom` (`fam_ID`) VALUES ('" . $famid . "')";
RunQuery($sSQL);
}
// Build the family_custom SQL
$sSQLFamCustom = "UPDATE family_custom SET ";
//Are we adding or editing?
if ($iNoteID <= 0) {
$sSQL = "INSERT INTO note_nte (nte_per_ID, nte_fam_ID, nte_Private, nte_Text, nte_EnteredBy, nte_DateEntered) VALUES (" . $iPersonID . "," . $iFamilyID . "," . $bPrivate . ",'" . $sNoteText . "'," . $_SESSION['iUserID'] . ",'" . date("YmdHis") . "')";
} else {
$sSQL = "UPDATE note_nte SET nte_Private = " . $bPrivate . ", nte_Text = '" . $sNoteText . "', nte_DateLastEdited = '" . date("YmdHis") . "', nte_EditedBy = " . $_SESSION['iUserID'] . " WHERE nte_ID = " . $iNoteID;
}
//Execute the SQL
RunQuery($sSQL);
//Send them back to whereever they came from
Redirect($sBackPage);
}
} else {
//Are we adding or editing?
if (isset($_GET["NoteID"])) {
//Get the NoteID from the querystring
$iNoteID = FilterInput($_GET["NoteID"], 'int');
//Get the data for this note
$sSQL = "SELECT * FROM note_nte WHERE nte_ID = " . $iNoteID;
$rsNote = RunQuery($sSQL);
extract(mysql_fetch_array($rsNote));
//Assign everything locally
$sNoteText = $nte_Text;
$bPrivate = $nte_Private;
$iPersonID = $nte_per_ID;
$iFamilyID = $nte_fam_ID;
}
}
require "Include/Header.php";
?>
<form method="post">
case "number":
$sOrderSQL = "ORDER BY dep_ID DESC";
break;
case "closed":
$sOrderSQL = "ORDER BY dep_closed, dep_Date DESC, dep_ID DESC";
break;
default:
$sOrderSQL = " ORDER BY dep_Date DESC, dep_ID DESC";
break;
}
// Append a LIMIT clause to the SQL statement
$iPerPage = $_SESSION['SearchLimit'];
if (empty($_GET['Result_Set'])) {
$Result_Set = 0;
} else {
$Result_Set = FilterInput($_GET['Result_Set'], 'int');
}
$sLimitSQL = " LIMIT {$Result_Set}, {$iPerPage}";
// Build SQL query
$sSQL = "SELECT dep_ID, dep_Date, dep_Comment, dep_Closed, dep_Type FROM deposit_dep {$sCriteria} {$sOrderSQL} {$sLimitSQL}";
$sSQLTotal = "SELECT COUNT(dep_id) FROM deposit_dep {$sCriteria}";
// Execute SQL statement and get total result
$rsDep = RunQuery($sSQL);
$rsTotal = RunQuery($sSQLTotal);
list($Total) = mysql_fetch_row($rsTotal);
echo '<div align="center">';
echo '<form action="FindDepositSlip.php" method="get" name="ListNumber">';
// Show previous-page link unless we're at the first page
if ($Result_Set < $Total && $Result_Set > 0) {
$thisLinkResult = $Result_Set - $iPerPage;
if ($thisLinkResult < 0) {
*
******************************************************************************/
// Include the function library
require "Include/Config.php";
require "Include/Functions.php";
// Security: User must have Manage Groups & Roles permission
if (!$_SESSION['bManageGroups']) {
Redirect("Menu.php");
exit;
}
// Was the form submitted?
if (isset($_POST["Submit"]) && count($_SESSION['aPeopleCart']) > 0) {
// Get the GroupID
$iGroupID = FilterInput($_POST["GroupID"], 'int');
if (array_key_exists("GroupRole", $_POST)) {
$iGroupRole = FilterInput($_POST["GroupRole"], 'int');
} else {
$iGroupRole = 0;
}
// Loop through the session array
$iCount = 0;
while ($element = each($_SESSION['aPeopleCart'])) {
AddToGroup($_SESSION['aPeopleCart'][$element['key']], $iGroupID, $iGroupRole);
$iCount += 1;
}
$sGlobalMessage = $iCount . " records(s) successfully added to selected Group.";
Redirect("GroupView.php?GroupID=" . $iGroupID . "&Action=EmptyCart");
}
// Get all the groups
$sSQL = "SELECT * FROM group_grp ORDER BY grp_Name";
$rsGroups = RunQuery($sSQL);
if ($fund[0]) {
$sSQL .= " AND plg_fundID='{$fund['0']}' ";
}
} else {
$sSQL .= " AND (plg_fundID ='{$fund['0']}'";
for ($i = 1; $i < $count; $i++) {
$sSQL .= " OR plg_fundID='{$fund[$i]}'";
}
$sSQL .= ") ";
}
}
// Filter by Family
if (!empty($_POST["family"])) {
$count = 0;
foreach ($_POST["family"] as $famID) {
$fam[$count++] = FilterInput($famID, 'int');
}
if ($count == 1) {
if ($fam[0]) {
$sSQL .= " AND plg_FamID='{$fam['0']}' ";
}
} else {
$sSQL .= " AND (plg_FamID='{$fam['0']}'";
for ($i = 1; $i < $count; $i++) {
$sSQL .= " OR plg_FamID='{$fam[$i]}'";
}
$sSQL .= ") ";
}
}
// Get Criteria string
preg_match("/WHERE (plg_PledgeOrPayment.*)/i", $sSQL, $aSQLCriteria);
} else {
$sSQL .= " AND (plg_FamID='{$fam['0']}'";
for ($i = 1; $i < $count; $i++) {
$sSQL .= " OR plg_FamID='{$fam[$i]}'";
}
$sSQL .= " ) ";
}
}
if ($classList[0]) {
$sSQL .= " AND per_cls_ID IN " . $inClassList . " AND per_fam_ID NOT IN (SELECT DISTINCT per_fam_ID FROM person_per WHERE per_cls_ID IN " . $notInClassList . ")";
}
// Filter by Payment Method
if (!empty($_POST["method"])) {
$count = 0;
foreach ($_POST["method"] as $MethodItem) {
$aMethod[$count++] = FilterInput($MethodItem);
}
if ($count == 1) {
if ($aMethod[0]) {
$sSQL .= " AND plg_method='{$aMethod['0']}' ";
}
} else {
$sSQL .= " AND (plg_method='{$aMethod['0']}' ";
for ($i = 1; $i < $count; $i++) {
$sSQL .= " OR plg_method='{$aMethod[$i]}'";
}
$sSQL .= ") ";
}
}
// Add SQL ORDER
if ($sort == "deposit") {
AddGroupToPeopleCart(FilterInput($_GET["AddGroupToPeopleCart"], 'int'));
$sGlobalMessage = gettext("Group successfully added to the Cart.");
}
// Are they removing an entire group from the Cart?
if (isset($_GET["RemoveGroupFromPeopleCart"])) {
RemoveGroupFromPeopleCart(FilterInput($_GET["RemoveGroupFromPeopleCart"], 'int'));
$sGlobalMessage = gettext("Group successfully removed from the Cart.");
}
// Are they adding a person to the Cart?
if (isset($_GET["AddToPeopleCart"])) {
AddToPeopleCart(FilterInput($_GET["AddToPeopleCart"], 'int'));
$sGlobalMessage = gettext("Selected record successfully added to the Cart.");
}
// Are they removing a person from the Cart?
if (isset($_GET["RemoveFromPeopleCart"])) {
RemoveFromPeopleCart(FilterInput($_GET["RemoveFromPeopleCart"], 'int'));
$sGlobalMessage = gettext("Selected record successfully removed from the Cart.");
}
// Are they emptying their cart?
if ($_GET["Action"] == "EmptyCart") {
unset($_SESSION['aPeopleCart']);
$sGlobalMessage = gettext("Your cart has been successfully emptied.");
}
if (isset($_POST["BulkAddToCart"])) {
$aItemsToProcess = explode(",", $_POST["BulkAddToCart"]);
if (isset($_POST["AndToCartSubmit"])) {
if (isset($_SESSION['aPeopleCart'])) {
$_SESSION['aPeopleCart'] = array_intersect($_SESSION['aPeopleCart'], $aItemsToProcess);
}
} elseif (isset($_POST["NotToCartSubmit"])) {
if (isset($_SESSION['aPeopleCart'])) {
if (!$bErrorFlag) {
for ($iFieldID = 1; $iFieldID <= $numRows; $iFieldID++) {
if ($aSideFields[$iFieldID] == 0) {
$temp = 'left';
} else {
$temp = 'right';
}
$sSQL = "UPDATE person_custom_master\n\t\t\t\t\tSET `custom_Name` = '" . $aNameFields[$iFieldID] . "',\n\t\t\t\t\t\t`custom_Special` = " . $aSpecialFields[$iFieldID] . ",\n\t\t\t\t\t\t`custom_Side` = '" . $temp . "',\n\t\t\t\t\t\t`custom_FieldSec` = " . $aFieldSecurity[$iFieldID] . "\n\t\t\t\t\tWHERE `custom_Field` = '" . $aFieldFields[$iFieldID] . "';";
RunQuery($sSQL);
}
}
} else {
// Check if we're adding a field
if (isset($_POST["AddField"])) {
$newFieldType = FilterInput($_POST["newFieldType"], 'int');
$newFieldName = FilterInput($_POST["newFieldName"]);
$newFieldSide = $_POST["newFieldSide"];
$newFieldSec = $_POST["newFieldSec"];
if (strlen($newFieldName) == 0) {
$bNewNameError = true;
} elseif (strlen($newFieldType) == 0 || $newFieldType < 1) {
// This should never happen, but check anyhow.
// $bNewTypeError = true;
} else {
$sSQL = "SELECT custom_Name FROM person_custom_master";
$rsCustomNames = RunQuery($sSQL);
while ($aRow = mysql_fetch_array($rsCustomNames)) {
if ($aRow[0] == $newFieldName) {
$bDuplicateNameError = true;
break;
}
*
* InfoCentral is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
******************************************************************************/
require "../Include/Config.php";
require "../Include/Functions.php";
require "../Include/ReportFunctions.php";
require "../Include/ReportConfig.php";
$bOnlyCartMembers = $_POST["OnlyCart"];
$iGroupID = FilterInput($_POST["GroupID"], 'int');
$iMode = FilterInput($_POST["ReportModel"], 'int');
if ($iMode == 1) {
$iRoleID = FilterInput($_POST["GroupRole"], 'int');
} else {
$iRoleID = 0;
}
class PDF_Directory extends ChurchInfoReport
{
// Private properties
var $_Margin_Left = 0;
// Left Margin
var $_Margin_Top = 0;
// Top margin
var $_Char_Size = 12;
// Character size
var $_CurLine = 0;
var $_Column = 0;
var $_Font = "Times";
Redirect("Menu.php");
exit;
}
// default values to make the newer versions of php happy
$iFamilyID = 0;
$iPersonID = 0;
$iDonationFamilyID = 0;
$sMode = 'family';
if (!empty($_GET["FamilyID"])) {
$iFamilyID = FilterInput($_GET["FamilyID"], 'int');
}
if (!empty($_GET["PersonID"])) {
$iPersonID = FilterInput($_GET["PersonID"], 'int');
}
if (!empty($_GET["DonationFamilyID"])) {
$iDonationFamilyID = FilterInput($_GET["DonationFamilyID"], 'int');
}
if (!empty($_GET["mode"])) {
$sMode = $_GET["mode"];
}
if (isset($_GET["CancelFamily"])) {
Redirect("FamilyView.php?FamilyID={$iFamilyID}");
exit;
}
$DonationMessage = "";
// Move Donations from 1 family to another
if ($_SESSION['bFinance'] && isset($_GET["MoveDonations"]) && $iFamilyID && $iDonationFamilyID && $iFamilyID != $iDonationFamilyID) {
$today = date("Y-m-d");
$sSQL = "UPDATE pledge_plg SET plg_FamID='{$iDonationFamilyID}',\n\t\tplg_DateLastEdited ='{$today}', plg_EditedBy='" . $_SESSION["iUserID"] . "' WHERE plg_FamID='{$iFamilyID}'";
RunQuery($sSQL);
$sSQL = "UPDATE egive_egv SET egv_famID='{$iDonationFamilyID}',\n\t\tegv_DateLastEdited ='{$today}', egv_EditedBy='" . $_SESSION["iUserID"] . "' WHERE egv_famID='{$iFamilyID}'";
case "g":
$sTypeName = gettext("Group");
break;
default:
Redirect("Menu.php");
exit;
break;
}
//Set the page title
$sPageTitle = $sTypeName . ' ' . gettext("Property Editor");
//Was the form submitted?
if (isset($_POST["Submit"])) {
$sName = addslashes(FilterInput($_POST["Name"]));
$sDescription = addslashes(FilterInput($_POST["Description"]));
$iClass = FilterInput($_POST["Class"], 'int');
$sPrompt = FilterInput($_POST["Prompt"]);
//Did they enter a name?
if (strlen($sName) < 1) {
$sNameError = "<br><font color=\"red\">" . gettext("You must enter a Name") . "</font>";
$bError = True;
}
//Did they select a Type
if (strlen($iClass) < 1) {
$sClassError = "<br><font color=\"red\">" . gettext("You must select a Type") . "</font>";
$bError = True;
}
//If no errors, let's update
if (!$bError) {
//Vary the SQL depending on if we're adding or editing
if ($iPropertyID == "") {
$sSQL = "INSERT INTO property_pro (pro_Class,pro_prt_ID,pro_Name,pro_Description,pro_Prompt) VALUES ('" . $sType . "'," . $iClass . ",'" . $sName . "','" . $sDescription . "','" . $sPrompt . "')";
<p align="center">
<BR>
<input type="submit" class="icButton" name="Submit" <?php
echo 'value="' . gettext("Next") . '"';
?>
>
<input type="button" class="icButton" name="Cancel" <?php
echo 'value="' . gettext("Cancel") . '"';
?>
onclick="javascript:document.location='ReportList.php';">
</p>
</form>
<?php
} else {
$iGroupID = FilterInput($_POST['GroupID'], 'int');
?>
<form method="POST" action="Reports/GroupReport.php">
<input type="hidden" Name="GroupID" <?php
echo "value=\"" . $iGroupID . "\"";
?>
>
<input type="hidden" Name="GroupRole" <?php
if (array_key_exists('GroupRole', $_POST)) {
echo "value=\"" . $_POST['GroupRole'] . "\"";
}
?>
>
<input type="hidden" Name="OnlyCart" <?php
if (array_key_exists('OnlyCart', $_POST)) {
******************************************************************************/
// Show disable message if register_globals are turned on.
if (ini_get('register_globals')) {
echo "<h3>InfoCentral will not operate with PHP's register_globals option turned on.<BR>";
echo "This is for your own protection as the use of this setting could entirely undermine <BR>";
echo "all security. You need to either turn off register_globals in your php.ini or else<BR>";
echo "configure your web server to turn off register_globals for the InfoCentral directory.</h3>";
exit;
}
// Include the function library
require "Include/Config.php";
$bSuppressSessionTests = true;
require "Include/Functions.php";
// Get the UserID out of the form results
if (isset($_POST["User"])) {
$iUserID = FilterInput($_POST["User"], 'int');
} else {
$iUserID = 0;
}
// Is the user requesting to logoff or timed out?
if (isset($_GET["Logoff"]) || isset($_GET['timeout'])) {
$_COOKIE = array();
$_SESSION = array();
session_destroy();
}
// Initialize the variables
$sErrorText = "";
// Has the form been submitted?
if ($iUserID > 0) {
// Get the information for the selected user
$sSQL = "SELECT * FROM user_usr INNER JOIN person_per ON usr_per_ID = per_ID WHERE usr_per_ID = " . $iUserID;
$rsExistingTest = RunQuery($sSQL);
if (mysql_num_rows($rsExistingTest) == 0) {
$sSQL = "INSERT INTO record2property_r2p (r2p_record_ID,r2p_pro_ID,r2p_Value) VALUES ({$iRecordID},{$iPropertyID},'{$sValue}')";
RunQuery($sSQL);
}
} else {
$sSQL = "UPDATE record2property_r2p SET r2p_Value = '{$sValue}' WHERE r2p_record_ID = {$iRecordID} AND r2p_pro_ID = {$iPropertyID}";
RunQuery($sSQL);
}
}
// Was the form submitted?
if (isset($_POST["SecondPass"])) {
// Get the action (this will overwrite the value set at the top of the page, which is fine)
$sAction = $_POST["Action"];
// Get the value
$sValue = FilterInput($_POST["Value"]);
// Update the property
UpdateProperty($iRecordID, $sValue, $iPropertyID, $sAction);
// Set the Global Message
$_SESSION['sGlobalMessage'] = gettext("Property successfully assigned.");
// Back to the PersonView
Redirect($sBackPage);
}
// Get the name of the property
$sSQL = "SELECT pro_Name, pro_Prompt FROM property_pro WHERE pro_ID = " . $iPropertyID;
$rsProperty = RunQuery($sSQL);
$aRow = mysql_fetch_array($rsProperty);
$sPropertyName = $aRow["pro_Name"];
$sPrompt = $aRow["pro_Prompt"];
// If there's no prompt, then just do the insert
if (strlen($sPrompt) == 0) {
}
if (isset($_POST["MenuSubmit"])) {
//Assign everything locally
$sName = FilterInput($_POST["Name"]);
$sParent = FilterInput($_POST["NewParent"]);
$sOrigParent = FilterInput($_POST["OrigParent"]);
$bIsMenu = FilterInput($_POST["IsMenu"]);
$sContent = FilterInput($_POST["Content"]);
$sURI = FilterInput($_POST["uri"]);
$sStatusText = FilterInput($_POST["StatusText"]);
$sSecurityGroup = FilterInput($_POST["SecurityGroup"]);
$sSessionVar = FilterInput($_POST["SessionVar"]);
$bSVinText = FilterInput($_POST["SVinText"]);
$bSVinURI = FilterInput($_POST["SVinURI"]);
$sParmName = FilterInput($_POST["ParmName"]);
$bActive = FilterInput($_POST["Active"]);
// Verify menu item has already been added.
$sSQL = "SELECT '' FROM menuconfig_mcf WHERE mid = {$iMenuID}";
$rsCount = RunQuery($sSQL);
if (mysql_num_rows($rsCount) == 0) {
Redirect("MenuManager.php");
}
//Did they enter a Content?
if (strlen($sContent) < 1) {
$sContentError = gettext("Must provide menu text");
$bErrorFlag = True;
}
// if session variable is required on status text or uri, it has be defined
if ($bSVinText || $bSVinURI) {
if (strlen($sSessionVar) < 1) {
$sSessionVarError = gettext("Missing Session Variable name");
<?php
require "Include/Config.php";
require "Include/Functions.php";
require "Include/PersonFunctions.php";
$iGroupId = "-1";
$iGroupName = "Unknown";
if (isset($_GET['groupId'])) {
$iGroupId = FilterInput($_GET["groupId"], "int");
}
$sSQL = "select * from group_grp where grp_ID =" . $iGroupId;
$rsSundaySchoolClass = RunQuery($sSQL);
while ($aRow = mysql_fetch_array($rsSundaySchoolClass)) {
$iGroupName = $aRow['grp_Name'];
}
// Get all the groups
$sSQL = "select grp.grp_Name sundayschoolClass, kid.per_ID kidId, kid.per_Gender kidGender, kid.per_FirstName firstName, kid.per_Email kidEmail, kid.per_LastName LastName, kid.per_BirthDay birthDay, kid.per_BirthMonth birthMonth, kid.per_BirthYear birthYear, kid.per_CellPhone mobilePhone,\nfam.fam_HomePhone homePhone,\ndad.per_ID dadId, dad.per_FirstName dadFirstName, dad.per_LastName dadLastName, dad.per_CellPhone dadCellPhone, dad.per_Email dadEmail,\nmom.per_ID momId, mom.per_FirstName momFirstName, mom.per_LastName momLastName, mom.per_CellPhone momCellPhone, mom.per_Email momEmail,\nfam.fam_Email famEmail, fam.fam_Address1 Address1, fam.fam_Address2 Address2, fam.fam_City city, fam.fam_State state, fam.fam_Zip zip\n\nfrom person_per kid, family_fam fam\nleft Join person_per dad on fam.fam_id = dad.per_fam_id and dad.per_Gender = 1 and dad.per_fmr_ID = 1\nleft join person_per mom on fam.fam_id = mom.per_fam_id and mom.per_Gender = 2 and mom.per_fmr_ID = 2\n,`group_grp` grp, `person2group2role_p2g2r` person_grp\n\nwhere kid.per_fam_id = fam.fam_ID and person_grp.p2g2r_rle_ID = 2 and grp.grp_ID = " . $iGroupId . " and\ngrp_Type = 4 and grp.grp_ID = person_grp.p2g2r_grp_ID and person_grp.p2g2r_per_ID = kid.per_ID\norder by grp.grp_Name, fam.fam_Name";
$rsKids = RunQuery($sSQL);
$sSQL = "select count(*) numb, kid.per_BirthMonth birthMonth\nfrom person_per kid, `group_grp` grp, `person2group2role_p2g2r` person_grp\nwhere person_grp.p2g2r_rle_ID = 2 and grp.grp_ID = " . $iGroupId . " and grp_Type = 4 and grp.grp_ID = person_grp.p2g2r_grp_ID and person_grp.p2g2r_per_ID = kid.per_ID\ngroup by birthMonth;";
$rsKidsByMonth = RunQuery($sSQL);
$sSQL = "select count(*) numb, per_Gender\nfrom person_per kid, `group_grp` grp, `person2group2role_p2g2r` person_grp\nwhere person_grp.p2g2r_rle_ID = 2 and grp.grp_ID = " . $iGroupId . " and grp_Type = 4 and grp.grp_ID = person_grp.p2g2r_grp_ID and person_grp.p2g2r_per_ID = kid.per_ID\ngroup by kid.per_Gender";
$rsKidsByGender = RunQuery($sSQL);
$sSQL = "select person_per.*\nfrom person_per,`group_grp` grp, `person2group2role_p2g2r` person_grp\n\nwhere person_grp.p2g2r_rle_ID = 1 and grp.grp_ID = " . $iGroupId . " and grp_Type = 4 and grp.grp_ID = person_grp.p2g2r_grp_ID and person_grp.p2g2r_per_ID = per_ID\norder by per_FirstName";
$rsTeachers = RunQuery($sSQL);
$sPageTitle = gettext("Sunday School: " . $iGroupName);
$TeachersEmails = array();
$KidsEmails = array();
$ParentsEmails = array();
require "Include/Header.php";
?>
*
******************************************************************************/
//Include the function library
require "Include/Config.php";
require "Include/Functions.php";
// Security: User must have Manage Groups permission
if (!$_SESSION['bManageGroups']) {
Redirect("Menu.php");
exit;
}
//Set the page title
$sPageTitle = gettext("Group Editor");
//Get the GroupID from the querystring
$iGroupID = 0;
if (array_key_exists("GroupID", $_GET)) {
$iGroupID = FilterInput($_GET["GroupID"], 'int');
}
$bEmptyCart = array_key_exists("EmptyCart", $_GET) && $_GET["EmptyCart"] == "yes" && array_key_exists('aPeopleCart', $_SESSION) && count($_SESSION['aPeopleCart']) > 0;
$bNameError = False;
$bErrorFlag = False;
//Is this the second pass?
if (isset($_POST["GroupSubmit"])) {
//Assign everything locally
$sName = FilterInputArr($_POST, "Name");
$iGroupType = FilterInputArr($_POST, "GroupType", 'int');
$iDefaultRole = FilterInputArr($_POST, "DefaultRole", 'int');
$sDescription = FilterInputArr($_POST, "Description");
$bUseGroupProps = FilterInputArr($_POST, "UseGroupProps");
$cloneGroupRole = FilterInputArr($_POST, "cloneGroupRole", 'int');
$seedGroupID = FilterInputArr($_POST, "seedGroupID", 'int');
//Did they enter a Name?
* http://www.gnu.org/licenses
*
******************************************************************************/
// Include the function library
require "Include/Config.php";
$bNoPasswordRedirect = true;
// Subdue UserPasswordChange redirect to prevent looping
require "Include/Functions.php";
$bAdminOtherUser = false;
$bAdminOther = false;
$bError = false;
$sOldPasswordError = false;
$sNewPasswordError = false;
// Get the PersonID out of the querystring if they are an admin user; otherwise, use session.
if ($_SESSION['bAdmin'] && isset($_GET["PersonID"])) {
$iPersonID = FilterInput($_GET["PersonID"], 'int');
if ($iPersonID != $_SESSION['iUserID']) {
$bAdminOtherUser = true;
}
} else {
$iPersonID = $_SESSION['iUserID'];
}
// Was the form submitted?
if (isset($_POST["Submit"])) {
// Assign all the stuff locally
$sOldPassword = "";
if (array_key_exists("OldPassword", $_POST)) {
$sOldPassword = $_POST["OldPassword"];
}
$sNewPassword1 = $_POST["NewPassword1"];
$sNewPassword2 = $_POST["NewPassword2"];