/**
* displayCategoryPagination
*
* @param string $sql
* @param int $page
* @param int $perPage
* @param string $url
* @param mixed $params
*
* @return void
*/
function displayCategoryPagination($sql, $page, $perPage, $url, $params = null)
{
// Remove the LIMIT from the $sql statement
$findLimit = strpos($sql, 'LIMIT');
if ($findLimit !== false) {
$sql = substr($sql, 0, strpos($sql, 'LIMIT'));
}
if (is_null($params)) {
$rows = $this->fcmsDatabase->getRows($sql);
} else {
$rows = $this->fcmsDatabase->getRows($sql, $params);
}
if ($rows === false) {
$this->fcmsError->displayError();
return;
}
$count = count($rows);
$total = ceil($count / $perPage);
displayPages("index.php{$url}", $page, $total);
}
/**
* displayPolls
*
* @return void
*/
function displayPolls()
{
$this->displayHeader();
$this->fcmsAlert->displayPoll($this->fcmsUser->id);
$page = getPage();
$from = $page * 10 - 10;
$sql = "SELECT `id`, `question`, `started`\n FROM fcms_polls \n ORDER BY `started` DESC \n LIMIT {$from}, 10";
$rows = $this->fcmsDatabase->getRows($sql);
if ($rows === false) {
$this->fcmsError->displayError();
$this->displayFooter();
return;
}
echo '
<h3>' . T_('Past Polls') . '</h3>
<table class="zebra-striped">
<thead>
<tr>
<th>' . T_('Question') . '</th>
<th>' . T_('Created') . '</th>
<th>' . T_('Actions') . '</th>
</tr>
</thead>
<tbody>';
if (count($rows) > 0) {
foreach ($rows as $r) {
echo '
<tr>
<td>' . cleanOutput($r['question']) . '</td>
<td>' . $r['started'] . '</td>
<td>
<form action="polls.php" method="post">
<a class="btn" href="?editpoll=' . $r['id'] . '">' . T_('Edit') . '</a>
<input type="submit" name="delsubmit" class="btn danger delpoll" value="' . T_('Delete') . '" title="' . T_('Delete') . '"/>
<input type="hidden" name="pollid" value="' . $r['id'] . '"/>
</form>
</td>
</tr>';
}
// Remove the LIMIT from the $sql statement
// used above, so we can get the total count
$sql = substr($sql, 0, strpos($sql, 'LIMIT'));
$rows = $this->fcmsDatabase->getRows($sql);
if ($rows === false) {
$this->fcmsError->displayError();
$this->displayFooter();
return;
}
$count = count($rows);
$total_pages = ceil($count / 10);
displayPages("polls.php", $page, $total_pages);
} else {
echo '<tr><td colspan="3">' . T_('No Previous Polls') . '</td></tr>';
}
echo '
</tbody>
</table>';
$this->displayFooter();
}
/**
* displayLatestCategoriesForm
*
* @return void
*/
function displayLatestCategoriesForm()
{
$this->displayHeader();
$page = getPage();
$perPage = 10;
$from = $page * $perPage - $perPage;
$sql = "SELECT * \n FROM (\n SELECT p.`id`, p.`date`, p.`filename`, c.`name`, p.`user`, p.`category`,\n e.`thumbnail`, p.`external_id`\n FROM `fcms_gallery_photos` AS p\n LEFT JOIN `fcms_category` AS c ON p.`category` = c.`id`\n LEFT JOIN `fcms_gallery_external_photo` AS e ON p.`external_id` = e.`id`\n ORDER BY `date` DESC\n ) AS sub\n GROUP BY `category`\n ORDER BY `date` DESC \n LIMIT {$from}, {$perPage}";
$rows = $this->fcmsDatabase->getRows($sql);
if ($rows === false) {
$this->fcmsError->displayError();
$this->displayFooter();
return;
}
if (count($rows) <= 0) {
echo '
<p>' . T_('No photos have been added yet.') . '</p>';
$this->displayFooter();
return;
}
$message = '';
if (isset($_SESSION['success'])) {
$message = '<div class="alert-message success">';
$message .= '<a class="close" href="#" onclick="$(this).up(\'div\').hide(); return false;">×</a>';
$message .= T_('Changes Updated Successfully') . '</div>';
unset($_SESSION['success']);
}
echo '
' . $message . '
<form id="check_all_form" name="check_all_form" action="gallery.php" method="post">
<ul class="unstyled clearfix">';
foreach ($rows as $row) {
$count = $this->fcmsPhotoGallery->getCategoryPhotoCount($row['category']);
$photoSrc = $this->fcmsPhotoGallery->getPhotoSource($row);
echo '
<li>
<label for="' . $row['category'] . '">
<b>' . cleanOutput($row['name']) . '</b><br/>
<i>' . sprintf(T_('%d photos'), $count) . '</i><br/>
<img src="' . $photoSrc . '" alt="' . cleanOutput($row['name']) . '"/><br/>
<input type="checkbox" id="' . $row['category'] . '" name="bulk_actions[]" value="' . $row['category'] . '"/>
</label>
<p>
<a href="?edit=' . $row['category'] . '">' . T_('Edit') . '</a>
</p>
</li>';
}
echo '
</ul>
<p><input type="submit" class="btn danger" id="deleteAll" name="deleteAll" value="' . T_('Delete Selected') . '"/></p>
</form>';
// Pagination
// Remove the LIMIT from the $sql statement
// used above, so we can get the total count
$sql = substr($sql, 0, strpos($sql, 'LIMIT'));
$rows = $this->fcmsDatabase->getRows($sql);
if ($rows === false) {
$this->fcmsError->displayError();
$this->displayFooter();
return;
}
$count = count($rows);
$total_pages = ceil($count / $perPage);
displayPages("gallery.php", $page, $total_pages);
$this->displayFooter();
}
if (DB_numRows($query) > 0) {
if ($_POST['draftoption'] == 1) {
$draftoption = 1;
} else {
$draftoption = 0;
}
DB_query("UPDATE {$_TABLES['nexcontent_pages']} SET is_draft = '{$draftoption}' WHERE id = '{$pageid}'");
}
echo COM_siteHeader('none');
echo COM_startBlock("Site Content Management", '', 'blockheader.thtml', true);
echo displayPages($catid);
break;
default:
echo COM_siteHeader('none');
echo COM_startBlock("Site Content Management", '', 'blockheader.thtml', true);
if ($catid > 0) {
$sql = "SELECT id FROM {$_TABLES['nexcontent_pages']} WHERE id='{$catid}' ";
$sql .= COM_getPermSQL('AND');
$query = DB_query($sql);
if (DB_numRows($query) > 0) {
echo displayPages($catid);
} else {
echo "<br>You do not have permissions to this page";
}
} else {
echo displayPages($catid);
}
break;
}
echo COM_endBlock();
echo COM_siteFooter();
/**
* showDocuments
*
* @param int $page
* @return void
*/
function showDocuments($page = 1)
{
$from = $page * 25 - 25;
$sql = "SELECT `id`, `name`, `description`, `user`, `date` \n FROM `fcms_documents` AS d \n ORDER BY `date` DESC \n LIMIT {$from}, 25";
$rows = $this->fcmsDatabase->getRows($sql);
if ($rows === false) {
$this->fcmsError->displayError();
return;
}
if (count($rows) > 0) {
echo '
<script type="text/javascript" src="ui/js/tablesort.js"></script>
<table id="docs" class="sortable">
<thead>
<tr>
<th class="sortfirstasc">' . T_('Document') . '</th>
<th>' . T_('Description') . '</th>
<th>' . T_('Uploaded By') . '</th>
<th>' . T_('Date Added') . '</th>
</tr>
</thead>
<tbody>';
foreach ($rows as $r) {
$date = fixDate(T_('m/d/Y h:ia'), $this->fcmsUser->tzOffset, $r['date']);
echo '
<tr>
<td>
<a href="?download=' . cleanOutput($r['name']) . '">' . cleanOutput($r['name']) . '</a>';
if ($this->fcmsUser->access < 3 || $this->fcmsUser->id == $r['user']) {
echo '
<form method="post" action="documents.php">
<div>
<input type="hidden" name="id" value="' . (int) $r['id'] . '"/>
<input type="hidden" name="name" value="' . cleanOutput($r['name']) . '"/>
<input type="submit" name="deldoc" value="' . T_('Delete') . '" class="delbtn" title="' . T_('Delete this Document') . '"/>
</div>
</form>';
}
echo '
</td>
<td>' . cleanOutput($r['description']) . '</td>
<td>' . getUserDisplayName($r['user']) . '</td>
<td>' . $date . '</td>
</tr>';
}
echo '
</tbody>
</table>';
// Pages
$sql = "SELECT count(`id`) AS c \n FROM `fcms_documents`";
$row = $this->fcmsDatabase->getRow($sql);
if ($row === false) {
$this->fcmsError->displayError();
return;
}
$docscount = isset($row['c']) ? $row['c'] : 0;
$total_pages = ceil($docscount / 25);
displayPages('documents.php', $page, $total_pages);
} else {
echo '
<div class="blank-state">
<h2>' . T_('Nothing to see here') . '</h2>
<h3>' . T_('Currently no one has shared any documents.') . '</h3>
<h3><a href="?adddoc=yes">' . T_('Why don\'t you share a document now?') . '</a></h3>
</div>';
}
}
/**
* displayMemberList
*
* Displays the list of members, by default list all or list based on search results.
*
* @param int $page which page to display
* @param string $fname search parameter for first name
* @param string $lname search parameter for last name
* @param string $uname search parameter for username
*
* @return void
*/
function displayMemberList($page, $fname = '', $lname = '', $uname = '')
{
$valid_search = 0;
$perPage = 30;
$from = $page * $perPage - $perPage;
$view = 'members';
$url = '?view=members';
$allActive = '';
$membersActive = '';
$nonActive = '';
if (isset($_GET['view'])) {
if ($_GET['view'] == 'all') {
$view = 'all';
$url = '?view=all';
$allActive = 'active';
} elseif ($_GET['view'] == 'non') {
$view = 'non';
$url = '?view=non';
$nonActive = 'active';
} else {
$membersActive = 'active';
}
} else {
$membersActive = 'active';
}
// Display the add link, search box and table header
echo '
<ul class="tabs">
<li class="' . $allActive . '"><a href="?view=all">' . T_('All') . '</a></li>
<li class="' . $membersActive . '"><a href="?view=members">' . T_('Members') . '</a></li>
<li class="' . $nonActive . '"><a href="?view=non">' . T_('Non-Members') . '</a></li>
<li class="action"><a href="?create=member">' . T_('Create Member') . '</a></li>
</ul>
<form method="post" action="members.php' . $url . '" name="search_frm" id="search_frm">
<div>
<input type="text" name="fname" id="fname" placeholder="' . T_('First Name') . '" title="' . T_('First Name') . '" value="' . cleanOutput($fname) . '"/>
<input type="text" name="lname" id="lname" placeholder="' . T_('Last Name') . '" title="' . T_('Last Name') . '" value="' . cleanOutput($lname) . '"/>
<input type="text" name="uname" id="uname" placeholder="' . T_('Username') . '" title="' . T_('Username') . '" value="' . cleanOutput($uname) . '"/>
<input type="submit" id="search" name="search" value="' . T_('Search') . '"/>
</div>
</form>
<p> </p>
<form method="post" action="members.php">
<table class="tablesorter">
<thead>
<tr>
<th>' . T_('ID') . '</th>
<th>' . T_('Username') . '</th>
<th>' . T_('Last Name') . '</th>
<th>' . T_('First Name') . '</th>
<th class="nosort">
<a class="help u" title="' . T_('Get Help using Access Levels') . '" href="../help.php#adm-access">' . T_('Access Level') . '</a>
</th>
<th class="nosort">' . T_('Member?') . '</th>
<th class="nosort">' . T_('Active?') . '</th>
<th class="nosort"> </th>
</tr>
</thead>
<tbody>';
// prevent sql injections - only allow letters, numbers, a space and the % sign
if (strlen($fname) > 0) {
if (!preg_match('/^[A-Za-z0-9%\\s]+$/', $fname)) {
$valid_search++;
}
}
if (strlen($lname) > 0) {
if (!preg_match('/^[A-Za-z0-9%\\s]+$/', $lname)) {
$valid_search++;
}
}
if (strlen($uname) > 0) {
if (!preg_match('/^[A-Za-z0-9%\\s]+$/', $uname)) {
$valid_search++;
}
}
$params = array();
$sql = "SELECT *\n FROM `fcms_users` ";
if ($view == 'members') {
$sql .= "WHERE (\n (`phpass` != 'NONMEMBER' AND `phpass` != 'PRIVATE')\n OR\n (`phpass` IS NULL AND `password` != 'NONMEMBER' AND `password` != 'PRIVATE')\n ) ";
} elseif ($view == 'non') {
$sql .= "WHERE (\n `phpass` = 'NONMEMBER'\n OR (`phpass` IS NULL AND `password` = 'NONMEMBER')\n )";
}
// Search - one or valid search parameters
if ($valid_search < 1) {
if (strlen($fname) > 0) {
$sql .= $view == 'all' ? "WHERE `fname` LIKE ? " : "AND `fname` LIKE ? ";
$params[] = "%{$fname}%";
}
if (strlen($lname) > 0) {
$sql .= $view == 'all' ? "WHERE `lname` LIKE ? " : "AND `lname` LIKE ? ";
$params[] = "%{$lname}%";
}
if (strlen($uname) > 0) {
$sql .= $view == 'all' ? "WHERE `username` LIKE ? " : "AND `username` LIKE ? ";
$params[] = "%{$uname}%";
}
$sql .= "ORDER BY `id` LIMIT {$from}, {$perPage}";
$rows = $this->fcmsDatabase->getRows($sql, $params);
} else {
$sql .= "ORDER BY `id`\n LIMIT {$from}, {$perPage}";
$rows = $this->fcmsDatabase->getRows($sql);
}
if ($rows === false) {
$this->fcmsError->displayError();
return;
}
// Display the member list
foreach ($rows as $r) {
$member = $r['phpass'] == 'NONMEMBER' ? T_('No') : T_('Yes');
if (is_null($r['phpass'])) {
$member = $r['password'] == 'NONMEMBER' ? T_('No') : T_('Yes');
}
$active = $r['activated'] <= 0 ? T_('No') : T_('Yes');
if ($r['id'] > 1) {
echo '
<tr>
<td><b>' . (int) $r['id'] . '</b>:</td>
<td><a href="?edit=' . (int) $r['id'] . '">' . cleanOutput($r['username']) . '</a></td>
<td>' . cleanOutput($r['lname']) . '</td>
<td>' . cleanOutput($r['fname']) . '</td>
<td>';
echo $this->displayAccessType($r['access']);
echo '</td>
<td style="text-align:center">' . $member . '</td>
<td style="text-align:center">' . $active . '</td>
<td style="text-align:center"><input type="checkbox" name="massupdate[]" value="' . (int) $r['id'] . '"/></td>
</tr>';
} else {
echo '
<tr>
<td><b>' . (int) $r['id'] . '</b>:</td>
<td><b>' . cleanOutput($r['username']) . '</b></td>
<td>' . cleanOutput($r['lname']) . '</td>
<td>' . cleanOutput($r['fname']) . '</td>
<td>1. ' . T_('Admin') . '</td>
<td style="text-align:center">' . T_('Yes') . '</td>
<td style="text-align:center">' . T_('Yes') . '</td>
<td> </td>
</tr>';
}
}
echo '
</tbody>
</table>
<p style="text-align:right">
<input type="submit" class="btn primary" name="activateAll" id="activateAll" value="' . T_('Activate Selected') . '"/>
<input type="submit" class="btn" name="inactivateAll" id="inactivateAll" value="' . T_('Inactivate Selected') . '"/>
<input type="submit" class="btn danger" name="deleteAll" id="deleteAll" value="' . T_('Delete Selected') . '"/>
</p>
</form>';
// Remove the LIMIT from the $sql statement
// used above, so we can get the total count
$sql = substr($sql, 0, strpos($sql, 'LIMIT'));
if ($valid_search < 1) {
$mrows = $this->fcmsDatabase->getRows($sql, $params);
} else {
$mrows = $this->fcmsDatabase->getRows($sql);
}
if ($mrows === false) {
$this->fcmsError->displayError();
return;
}
$count = count($mrows);
$total_pages = ceil($count / $perPage);
displayPages("members.php?view={$view}", $page, $total_pages);
}