emitTop('Peanut Butter -> Latest Posts', $_SERVER['PHP_SELF']); if (isset($_GET['start'])) { escapes('start', $_GET['start']); } else { escapes('start', 0); } $where = ''; $matchColl = new MatchCollection("AND"); $owner = '+ALL'; $project = '+ALL'; if (isset($_GET['owner']) && $_GET['owner'] != '+ALL') { escapes('owner', $_GET['owner']); $matchColl->addMatch(new Match('user', $mowner)); } if (isset($_GET['project']) && $_GET['project'] != '+ALL') { escapes('project', $_GET['project']); $matchColl->addMatch(new Match('name', $mproject)); } $whereSQL = $matchColl->toSQL(); mysqlSetup(); $sqlquery = "SELECT DISTINCT `user` " . "FROM `pb_blog` ORDER BY `user` ASC"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); ?> <table> <tr> <td> <form name="selectOwner" method="get" action="<?php echo $_SERVER['PHP_SELF']; ?> ">
<?php require_once 'includes/globals.inc'; if (isset($_GET['projid'])) { $projid = $_GET['projid']; $projinfo = getProjInfoFromId($projid); $name = $projinfo[0]; $owner = $projinfo[1]; escapes('projid', $projid); escapes('name', $name); escapes('owner', $owner); $isNews = isNews($projid); emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/'); if ($name == '') { errAndDie('Project not found.'); } } else { emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']); errAndDie('Required Information not specified.'); } if ($userType != ADMIN && $userType != SITEADMIN) { errAndDie('Sorry, only admins/siteadmins may edit projects.'); } if ($userType == ADMIN && $owner != $userName) { errAndDie('Sorry, you may only edit your own project.'); } mysqlSetup(); $sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); $count = mysql_num_rows($result); $row = mysql_fetch_assoc($result);
<?php require_once 'includes/globals.inc'; emitTop('Peanut Butter -> News', $_SERVER['PHP_SELF']); mysqlSetup(); $sqlquery = "SELECT `title`,`user`,`added`,`modified`,`text`,`id` FROM `pb_blog` " . " WHERE `projid` = '-1' ORDER BY `modified` DESC LIMIT 10"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); $count = mysql_num_rows($result); if (isset($_GET['start'])) { escapes('start', $_GET['start']); } else { escapes('start', 0); } print "<h3>News:</h3>\n"; if ($count > NUM_ENTRIES) { $showCount = NUM_ENTRIES; } else { $showCount = $count; } print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n"; print "<p>"; $self = $_SERVER['PHP_SELF']; if ($userType == ADMIN || $userType == SITEADMIN) { print '<a href="postNew.php?projid=-1">New Post</a> '; print '<a href="postManagement.php?projid=-1">Manage Posts</a><br /><br />'; } /*** ** Set up links for "newest" "previous" and "next", based upon where we are ** in the results **/ if (!$start) {
if ($userType == VISITOR) { errAndDie('Sorry, visitors may not edit posts.'); } mysqlSetup(); $sqlquery = "SELECT `title`,`text`,`user`,`projid` FROM `pb_blog`" . " WHERE `id` = '{$mpostid}'"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); if (!($row = mysql_fetch_row($result))) { print '<h3>Post not found.</h3>'; emitBottom(); die; } $user = $row[2]; if ($userType == NORMAL && $userName != $user) { errAndDie('Sorry, you may only edit your own posts.'); } escapes('projid', $row[3]); $projinfo = getProjInfoFromId($projid); $name = $projinfo[0]; ?> <h2>Editing Post for: <?php echo $name; ?> </h2> <?php $title = htmlentities($row[0]); $text = $row[1]; ?> <form name="postEdit" method="post" action="postSave.php?projid=<?php echo $urlprojid; ?>
errAndDie('Required information not specified.'); } if ($userType == VISITOR) { errAndDie('Sorry, visitors may not delete posts.'); } mysqlSetup(); escapes('userName', $userName); if ($userType == NORMAL) { $sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}' AND `user` = '{$muserName}'"; } else { $sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}'"; } $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); if (!($row = mysql_fetch_assoc($result))) { errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.'); } if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) { errAndDie('Admins can only delete their own news posts.'); } $projid = $row['projid']; $isNews = isNews($projid); escapes('projid', $projid); $sqlquery = "DELETE FROM `pb_blog` WHERE `id` = '{$mpostid}'"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); print '<h3>Post Deleted.</h3>'; if (!$isNews) { print "<p><a href=\"projectInfo.php?projid={$urlprojid}\">Back to project page.</a></p>"; } else { print "<p><a href=\"news.php\">Peanut Butter News</a></p>"; } emitBottom();
<?php require_once 'includes/globals.inc'; $refer = $_GET['refer']; $printForm = 1; if (isset($_POST['loginName']) && isset($_POST['loginPass'])) { mysqlSetup(); escapes('loginName', $_POST['loginName']); escapes('loginPass', $_POST['loginPass']); $sqlquery = "SELECT `category` FROM `pb_users` WHERE `name` = '{$mloginName}' AND " . "`password` = '{$mloginPass}'"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); if (!mysql_num_rows($result)) { emitTop('Peanut Butter -> Login', $refer); ?> <p><em>Invalid username/password.</em></p> <?php } else { $printForm = 0; $row = mysql_fetch_row($result); session_start('login'); $_SESSION['loggedIn'] = 1; $_SESSION['userName'] = $loginName; $_SESSION['userType'] = $row[0]; session_write_close(); emitTop('Peanut Butter -> Logged In', $refer); ?> <script type="text/javascript"> document.location = "<?php echo $refer; ?> ";
<?php require_once 'includes/globals.inc'; if (isset($_GET['postid'])) { $postid = $_GET['postid']; escapes('postid', $postid); emitTop('Peanut Butter -> Posts -> Confirm Delete', '/pb/'); } else { emitTop('Peanut Butter -> Posts -> Confirm Delete [ERROR]', $_SERVER['PHP_SELF']); errAndDie('Required information not specified.'); } if ($userType == VISITOR) { errAndDie('Sorry, visitors may not delete posts.'); } mysqlSetup(); escapes('userName', $userName); if ($userType == NORMAL) { $sqlquery = "SELECT `name` AS `project`,B.`added`,B.`modified`,B.`title`,B.`text`,B.`user` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON " . "`pb_projects`.`id` = B.`projid` WHERE B.`id` = '{$mpostid}' AND " . "`user` = '{$muserName}'"; } else { $sqlquery = "SELECT `name` AS `project`,B.`added`,B.`modified`,B.`title`,B.`text`,B.`user` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON " . "`pb_projects`.`id` = B.`projid` WHERE B.`id` = '{$mpostid}'"; } $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); if (!($row = mysql_fetch_assoc($result))) { errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.'); } if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) { errAndDie('Admins can only delete their own news posts.'); } ?> <h2>Post contents:</h2> <table>
print "\t<th align=\"left\">{$key}</th>\n"; print "\t<td>{$value}</td>\n"; print "</tr>\n"; } } ?> </table> <?php if (isset($_GET['start'])) { escapes('start', $_GET['start']); } else { escapes('start', 0); } escapes('name', $name); $sqlquery = "SELECT B.`title`,B.`user`,B.`added`,B.`modified`,B.`text`,`pb_projects`.`name` AS `project`,B.`id` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON `pb_projects`.`id` = `projid` " . "WHERE `projid` = '{$mprojid}'" . "ORDER BY `modified` DESC LIMIT {$mstart}," . ($start + NUM_ENTRIES + 1); $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); $count = mysql_num_rows($result); if ($count > NUM_ENTRIES) { $showCount = NUM_ENTRIES; } else { $showCount = $count; } print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n"; if ($userType != VISITOR) { ?> <a href="postNew.php?projid=<?php echo $urlprojid; ?> ">New Post</a><?php
<th>Delete Post</th> </tr> <?php $sqlquery = "SELECT `title`,`user`,`added`,`modified`,`id` FROM `pb_blog` " . " WHERE `projid` = '{$mprojid}' ORDER BY `modified` DESC"; mysqlSetup(); $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); $count = mysql_num_rows($result); if (!$count) { print "<h3>No entries.</h3>"; } else { while ($row = mysql_fetch_row($result)) { print "<tr>"; foreach ($row as $value) { print "\t<td>{$value}</td>\n"; } $postid = $row[4]; escapes('postid', $postid); $title = urlencode($row[0]); $user = urlencode($row[1]); print "\t<td><a href=\"postEdit.php?postid={$urlpostid}\">Edit</a></td>\n"; print "\t<td><a href=\"postConfirmDelete.php?postid={$urlpostid}\">Delete</a></td>\n"; } } mysql_close(); ?> </table> <?php emitBottom();
<tr> <?php mysqlSetup(); if (!isset($_POST['newsearch'])) { $sqlquery = "SELECT `terms`,`name` FROM `pb_searches` WHERE `id` = '{$mid}'"; $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error()); if (!($row = mysql_fetch_assoc($result))) { print '<h3>Query not found.</h3>'; emitBottom(); die; } escapes('keywords', $row['terms']); escapes('name', $row['name']); } else { escapes('keywords', $_POST['keywords']); escapes('name', $_POST['name']); } print "\t<th>Name:</th>\n"; print "\t<td><input type=\"text\" name=\"keyname\" size=\"80\" value=\"{$name}\" /></td>\n"; print "</tr><tr>\n"; print "\t<th>Keywords:</th>\n"; print "\t<td><input type=\"text\" name=\"keywords\" value=\"{$keywords}\" size=\"100\"/></td>\n"; print "</tr>\n</table>\n"; print "<input type=\"submit\" name=\"newsearch\" value=\"Try Search\" />"; print "<input type=\"submit\" name=\"savesearch\" value=\"Save Search\" />"; print "</form>\n"; if ($keywords != '') { mysqlSetup(); $matchColl = new MatchCollection("AND"); $words = explode(',', $mkeywords); foreach ($words as $word) {