emitTop('Peanut Butter -> Latest Posts', $_SERVER['PHP_SELF']);
if (isset($_GET['start'])) {
escapes('start', $_GET['start']);
} else {
escapes('start', 0);
}
$where = '';
$matchColl = new MatchCollection("AND");
$owner = '+ALL';
$project = '+ALL';
if (isset($_GET['owner']) && $_GET['owner'] != '+ALL') {
escapes('owner', $_GET['owner']);
$matchColl->addMatch(new Match('user', $mowner));
}
if (isset($_GET['project']) && $_GET['project'] != '+ALL') {
escapes('project', $_GET['project']);
$matchColl->addMatch(new Match('name', $mproject));
}
$whereSQL = $matchColl->toSQL();
mysqlSetup();
$sqlquery = "SELECT DISTINCT `user` " . "FROM `pb_blog` ORDER BY `user` ASC";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
?>
<table>
<tr>
<td>
<form name="selectOwner" method="get" action="<?php
echo $_SERVER['PHP_SELF'];
?>
">
<?php
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
<?php
require_once 'includes/globals.inc';
emitTop('Peanut Butter -> News', $_SERVER['PHP_SELF']);
mysqlSetup();
$sqlquery = "SELECT `title`,`user`,`added`,`modified`,`text`,`id` FROM `pb_blog` " . " WHERE `projid` = '-1' ORDER BY `modified` DESC LIMIT 10";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
if (isset($_GET['start'])) {
escapes('start', $_GET['start']);
} else {
escapes('start', 0);
}
print "<h3>News:</h3>\n";
if ($count > NUM_ENTRIES) {
$showCount = NUM_ENTRIES;
} else {
$showCount = $count;
}
print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n";
print "<p>";
$self = $_SERVER['PHP_SELF'];
if ($userType == ADMIN || $userType == SITEADMIN) {
print '<a href="postNew.php?projid=-1">New Post</a> ';
print '<a href="postManagement.php?projid=-1">Manage Posts</a><br /><br />';
}
/***
** Set up links for "newest" "previous" and "next", based upon where we are
** in the results
**/
if (!$start) {
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not edit posts.');
}
mysqlSetup();
$sqlquery = "SELECT `title`,`text`,`user`,`projid` FROM `pb_blog`" . " WHERE `id` = '{$mpostid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_row($result))) {
print '<h3>Post not found.</h3>';
emitBottom();
die;
}
$user = $row[2];
if ($userType == NORMAL && $userName != $user) {
errAndDie('Sorry, you may only edit your own posts.');
}
escapes('projid', $row[3]);
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
?>
<h2>Editing Post for: <?php
echo $name;
?>
</h2>
<?php
$title = htmlentities($row[0]);
$text = $row[1];
?>
<form name="postEdit" method="post" action="postSave.php?projid=<?php
echo $urlprojid;
?>
errAndDie('Required information not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not delete posts.');
}
mysqlSetup();
escapes('userName', $userName);
if ($userType == NORMAL) {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}' AND `user` = '{$muserName}'";
} else {
$sqlquery = "SELECT * FROM `pb_blog` WHERE `id` = '{$mpostid}'";
}
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.');
}
if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) {
errAndDie('Admins can only delete their own news posts.');
}
$projid = $row['projid'];
$isNews = isNews($projid);
escapes('projid', $projid);
$sqlquery = "DELETE FROM `pb_blog` WHERE `id` = '{$mpostid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print '<h3>Post Deleted.</h3>';
if (!$isNews) {
print "<p><a href=\"projectInfo.php?projid={$urlprojid}\">Back to project page.</a></p>";
} else {
print "<p><a href=\"news.php\">Peanut Butter News</a></p>";
}
emitBottom();
<?php
require_once 'includes/globals.inc';
$refer = $_GET['refer'];
$printForm = 1;
if (isset($_POST['loginName']) && isset($_POST['loginPass'])) {
mysqlSetup();
escapes('loginName', $_POST['loginName']);
escapes('loginPass', $_POST['loginPass']);
$sqlquery = "SELECT `category` FROM `pb_users` WHERE `name` = '{$mloginName}' AND " . "`password` = '{$mloginPass}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!mysql_num_rows($result)) {
emitTop('Peanut Butter -> Login', $refer);
?>
<p><em>Invalid username/password.</em></p>
<?php
} else {
$printForm = 0;
$row = mysql_fetch_row($result);
session_start('login');
$_SESSION['loggedIn'] = 1;
$_SESSION['userName'] = $loginName;
$_SESSION['userType'] = $row[0];
session_write_close();
emitTop('Peanut Butter -> Logged In', $refer);
?>
<script type="text/javascript">
document.location = "<?php
echo $refer;
?>
";
<?php
require_once 'includes/globals.inc';
if (isset($_GET['postid'])) {
$postid = $_GET['postid'];
escapes('postid', $postid);
emitTop('Peanut Butter -> Posts -> Confirm Delete', '/pb/');
} else {
emitTop('Peanut Butter -> Posts -> Confirm Delete [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required information not specified.');
}
if ($userType == VISITOR) {
errAndDie('Sorry, visitors may not delete posts.');
}
mysqlSetup();
escapes('userName', $userName);
if ($userType == NORMAL) {
$sqlquery = "SELECT `name` AS `project`,B.`added`,B.`modified`,B.`title`,B.`text`,B.`user` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON " . "`pb_projects`.`id` = B.`projid` WHERE B.`id` = '{$mpostid}' AND " . "`user` = '{$muserName}'";
} else {
$sqlquery = "SELECT `name` AS `project`,B.`added`,B.`modified`,B.`title`,B.`text`,B.`user` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON " . "`pb_projects`.`id` = B.`projid` WHERE B.`id` = '{$mpostid}'";
}
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
errAndDie('You are unable to access this post unless you own it or are an admin/siteadmin.');
}
if ($userType == ADMIN && $row['projid'] == -1 && $userName != $row['user']) {
errAndDie('Admins can only delete their own news posts.');
}
?>
<h2>Post contents:</h2>
<table>
print "\t<th align=\"left\">{$key}</th>\n";
print "\t<td>{$value}</td>\n";
print "</tr>\n";
}
}
?>
</table>
<?php
if (isset($_GET['start'])) {
escapes('start', $_GET['start']);
} else {
escapes('start', 0);
}
escapes('name', $name);
$sqlquery = "SELECT B.`title`,B.`user`,B.`added`,B.`modified`,B.`text`,`pb_projects`.`name` AS `project`,B.`id` " . "FROM `pb_blog` AS B LEFT JOIN `pb_projects` ON `pb_projects`.`id` = `projid` " . "WHERE `projid` = '{$mprojid}'" . "ORDER BY `modified` DESC LIMIT {$mstart}," . ($start + NUM_ENTRIES + 1);
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
if ($count > NUM_ENTRIES) {
$showCount = NUM_ENTRIES;
} else {
$showCount = $count;
}
print "<h3>Posts " . ($start + 1) . "-" . ($start + $showCount) . "</h3>\n";
if ($userType != VISITOR) {
?>
<a href="postNew.php?projid=<?php
echo $urlprojid;
?>
">New Post</a><?php
<th>Delete Post</th>
</tr>
<?php
$sqlquery = "SELECT `title`,`user`,`added`,`modified`,`id` FROM `pb_blog` " . " WHERE `projid` = '{$mprojid}' ORDER BY `modified` DESC";
mysqlSetup();
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
if (!$count) {
print "<h3>No entries.</h3>";
} else {
while ($row = mysql_fetch_row($result)) {
print "<tr>";
foreach ($row as $value) {
print "\t<td>{$value}</td>\n";
}
$postid = $row[4];
escapes('postid', $postid);
$title = urlencode($row[0]);
$user = urlencode($row[1]);
print "\t<td><a href=\"postEdit.php?postid={$urlpostid}\">Edit</a></td>\n";
print "\t<td><a href=\"postConfirmDelete.php?postid={$urlpostid}\">Delete</a></td>\n";
}
}
mysql_close();
?>
</table>
<?php
emitBottom();
<tr>
<?php
mysqlSetup();
if (!isset($_POST['newsearch'])) {
$sqlquery = "SELECT `terms`,`name` FROM `pb_searches` WHERE `id` = '{$mid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
if (!($row = mysql_fetch_assoc($result))) {
print '<h3>Query not found.</h3>';
emitBottom();
die;
}
escapes('keywords', $row['terms']);
escapes('name', $row['name']);
} else {
escapes('keywords', $_POST['keywords']);
escapes('name', $_POST['name']);
}
print "\t<th>Name:</th>\n";
print "\t<td><input type=\"text\" name=\"keyname\" size=\"80\" value=\"{$name}\" /></td>\n";
print "</tr><tr>\n";
print "\t<th>Keywords:</th>\n";
print "\t<td><input type=\"text\" name=\"keywords\" value=\"{$keywords}\" size=\"100\"/></td>\n";
print "</tr>\n</table>\n";
print "<input type=\"submit\" name=\"newsearch\" value=\"Try Search\" />";
print "<input type=\"submit\" name=\"savesearch\" value=\"Save Search\" />";
print "</form>\n";
if ($keywords != '') {
mysqlSetup();
$matchColl = new MatchCollection("AND");
$words = explode(',', $mkeywords);
foreach ($words as $word) {
