function admin__check_login($username, $password) { global $lang; $pars = array(':adminname' => $username); $query = "SELECT * FROM " . table('admin') . " \n WHERE adminname= :adminname"; $admin = orsee_query($query, $pars); $continue = true; $not_allowed = false; $locked = false; if ($continue) { if (!isset($admin['admin_id'])) { $continue = false; log__admin('login_admin_wrong_username', 'used_username:'******'id'); } } if ($continue) { $admin = admin__check_has_lockout($admin); if ($admin['locked']) { $continue = false; log__admin('login_admin_locked_out', 'username:'******'locked'); } } if ($continue) { $check_pw = crypt_verify($password, $admin['password_crypt']); if (!$check_pw) { $continue = false; log__admin('login_admin_wrong_password', 'username:'******'wrong_pw'); } } if ($continue) { $expadmindata = $admin; // load admin rights $expadmindata['rights'] = admin__load_admin_rights($expadmindata['admin_type']); if (!$expadmindata['rights']['login'] || $expadmindata['disabled'] == 'y') { $continue = false; $not_allowed = true; //message('not_allowed'); } } if ($continue) { $_SESSION['expadmindata'] = $expadmindata; $done = admin__track_successful_login($admin); return true; } else { //if ($locked) message(lang('error_locked_out')); if ($not_allowed) { message(lang('error_not_allowed_to_login')); } return false; } }
if (isset($_REQUEST['edit']) && $_REQUEST['edit']) { $continue = true; if (!$_REQUEST['upload_name']) { $continue = false; message(lang('error_no_upload_file_name')); } if ($continue) { $upload['session_id'] = $_REQUEST['session_id']; $upload['upload_type'] = $_REQUEST['upload_type']; $upload['upload_name'] = $_REQUEST['upload_name']; $done = orsee_db_save_array($upload, "uploads", $upload['upload_id'], "upload_id"); if ($done) { message(lang('changes_saved')); $target = "file: " . $upload_id; $target .= $experiment_id ? ", experiment:" . $experiment['experiment_name'] : ", general"; log__admin("file_upload", $target); if ($experiment_id) { redirect('admin/download_main.php?experiment_id=' . urlencode($experiment_id)); } else { redirect('admin/download_main.php'); } $proceed = false; } } } } if ($proceed) { //form for editing file echo '<center>'; show_message(); echo ' <form method="post" action="download_edit.php">
$sitem['content_name'] = time(); } if ($new_id == "content_shortcut") { $sitem['content_name'] = trim($_REQUEST['content_shortcut']); } if ($new) { $id = lang__insert_to_lang($sitem); $done = true; } else { $done = orsee_db_save_array($sitem, "lang", $id, "lang_id"); } if (!$new && $new_id == "time") { $sitem['content_name'] = trim($_REQUEST['content_shortcut']); } if ($done) { log__admin($item . "_edit", "lang_id:" . $sitem['content_type'] . ',' . $sitem['content_name']); message(lang('changes_saved')); if ($new) { redirect('admin/lang_item_main.php?&item=' . $item); } else { redirect('admin/lang_item_edit.php?id=' . $id . '&item=' . $item); } } else { message(lang('database_error')); redirect('admin/lang_item_edit.php?id=' . $id . '&item=' . $item); } } else { $titem = $_REQUEST; if ($new_id == "content_shortcut") { $titem['content_name'] = $_REQUEST['content_shortcut']; }
$deletion_message = lang('email_mailbox_deleted'); break; } echo '<center>'; if ($reallydelete) { $pars = array(':id' => $id); $query = "DELETE FROM " . table('lang') . "\n WHERE lang_id= :id"; $result = or_query($query, $pars); // there should be a miore sophisticarted way of doing this if ($reset_part_field) { $pars = array(':content_name' => $titem['content_name']); $query = "UPDATE " . table('participants') . "\n SET " . $reset_part_field . "='0'\n WHERE " . $reset_part_field . "= :content_name"; $result = or_query($query, $pars); } message($deletion_message); log__admin($item . "_delete", "lang_id:" . $titem['content_type'] . ',' . $titem['content_name']); redirect('admin/lang_item_main.php?item=' . $item); } } if ($proceed) { // form echo ' <CENTER> <TABLE class="or_formtable"> <TR><TD colspan=2> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center"> ' . $header . ' - ' . $titem[$headervar] . ' </TD> </TR></TABLE> </TD></TR> <TR>
$pars = array(); foreach ($_REQUEST['experimenter_list'] as $a => $d) { $pars[] = array(':a' => $a, ':d' => $d); } $query = "UPDATE " . table("admin") . "\n SET experimenter_list= :d\n WHERE admin_id= :a"; $done = or_query($query, $pars); } if (isset($_REQUEST['admin_type']) && is_array($_REQUEST['admin_type'])) { $pars = array(); foreach ($_REQUEST['admin_type'] as $a => $d) { $pars[] = array(':a' => $a, ':d' => $d); } $query = "UPDATE " . table("admin") . "\n SET admin_type= :d\n WHERE admin_id= :a"; $done = or_query($query, $pars); } log__admin("admin_show_edit"); message(lang('changes_saved')); redirect("admin/admin_show.php"); $proceed = false; } } } if ($proceed) { echo '<center><br> ' . button_link('admin_edit.php?new=true', lang('create_new'), 'plus-circle'); echo '<br> <FORM action="' . thisdoc() . '" method="POST">'; echo '<table class="or_listtable"><thead>'; if (check_allow('admin_edit')) { echo '<tr style="background: ' . $color['list_header_background'] . '; color: ' . $color['list_header_textcolor'] . ';">
// load languages $languages = get_languages(); if ($job_name) { $job = orsee_db_load_array("cron_jobs", $job_name, "job_name"); } else { $job = array('job_name' => '', 'enabled' => 'n', 'job_last_exec' => 0, 'job_time' => ''); } $continue = true; if (isset($_REQUEST['edit']) && $_REQUEST['edit']) { if (!$_REQUEST['job_name']) { message(lang('name_for_cronjob_required')); $continue = false; } if ($continue) { $done = orsee_db_save_array($_REQUEST, "cron_jobs", $job_name, "job_name"); log__admin("cronjob_edit", $_REQUEST['job_name']); message(lang('changes_saved')); redirect("admin/cronjob_edit.php?job_name=" . $job_name); $proceed = false; } else { $job = $_REQUEST; } } } if ($proceed) { // form echo '<CENTER>'; show_message(); echo ' <FORM action="cronjob_edit.php">
if (!$bulk[$inv_lang . '_body']) { message(lang('body_of_message') . ': ' . lang('missing_language') . ": " . $inv_lang); $continue = false; } } if ($continue) { $bulk_id = time(); $pars = array(); foreach ($inv_langs as $inv_lang) { $pars[] = array(':bulk_id' => $bulk_id, ':inv_lang' => $inv_lang, ':subject' => $bulk[$inv_lang . '_subject'], ':body' => $bulk[$inv_lang . '_body']); } $query = "INSERT INTO " . table('bulk_mail_texts') . " \n\t\t\t\t\tSET bulk_id= :bulk_id,\n\t\t\t\t\tlang= :inv_lang,\n\t\t\t\t\tbulk_subject= :subject,\n\t\t\t\t\tbulk_text= :body"; $done = or_query($query, $pars); $done = experimentmail__send_bulk_mail_to_queue($bulk_id, $plist_ids); message($number . ' ' . lang('xxx_bulk_mails_sent_to_mail_queue')); log__admin("bulk_mail", "recipients:" . $number); redirect('admin/'); } } } if ($proceed) { echo '<center> <TABLE class="or_page_subtitle" style="background: ' . $color['page_subtitle_background'] . '; color: ' . $color['page_subtitle_textcolor'] . '; width: 80%"> <TR><TD align="center">' . $number . ' ' . lang('recipients') . '</TD></TR></TABLE> '; show_message(); // form echo '<FORM action="' . thisdoc() . '" method="post"> <TABLE class="or_formtable" style="width: 80%">'; foreach ($inv_langs as $inv_lang) { if (count($inv_langs) > 1) {
message(lang('error_new_password_must_be_different_from_old_password')); $continue = false; } } if (!preg_match('/' . $settings['admin_password_regexp'] . '/', $password)) { message(lang('error_password_does_not_meet_requirements')); $continue = false; } if ($continue == false) { message(lang('error_password_not_changed')); redirect("admin/admin_pw.php"); } else { admin__set_password($password, $expadmindata['admin_id']); message(lang('password_changed_log_in_again')); log__admin("admin_password_change", $expadmindata['adminname']); log__admin("logout"); admin__logout(); redirect("admin/admin_login.php?pw=true"); } $proceed = false; } } if ($proceed) { echo '<center><BR>'; show_message(); echo ' <form action="admin_pw.php" method="POST"> <table class="or_formtable" style="max-width: 50%"> <tr> <td> ' . lang('old_password') . ':
if (!in_array($inst_lang, $inv_langs)) { $sitem[$inst_lang] = $sitem[$settings['public_standard_language']]; } } // is unknown or known? if (!$id) { $done = lang__insert_to_lang($sitem); } else { $done = orsee_db_save_array($sitem, "lang", $id, "lang_id"); } if ($done) { message(lang('mail_text_saved')); } else { message(lang('database_error')); } log__admin("experiment_customize_session_reminder", "experiment:" . $experiment['experiment_name']); if ($save_preview) { redirect('admin/experiment_customize_reminder.php?experiment_id=' . $experiment_id . '&show_preview=true'); } else { redirect('admin/experiment_customize_reminder.php?experiment_id=' . $experiment_id); } } } if ($proceed) { $pars = array(':experiment_id' => $experiment_id); $query = "SELECT * from " . table('lang') . "\n WHERE content_type='experiment_session_reminder_mail'\n AND content_name= :experiment_id"; $experiment_mail = orsee_query($query, $pars); $session = experimentmail__preview_fake_session_details($experiment_id); if ($show_preview) { echo '<TABLE class="or_formtable" style="width: 80%;">'; echo '<TR><TD colspan=2>
$pars_update[] = array(':value' => $ovalue, ':name' => $oname, ':style' => $style); } else { $pars_new[] = array(':value' => $ovalue, ':name' => $oname, ':style' => $style, ':now' => $now); $now++; } } if (count($pars_update) > 0) { $query = "UPDATE " . table('options') . "\n SET option_value= :value\n WHERE option_name= :name\n AND option_style= :style\n AND option_type= 'color'"; $done = or_query($query, $pars_update); } if (count($pars_new) > 0) { $query = "INSERT INTO " . table('options') . " SET\n option_id= :now,\n option_name= :name,\n option_value= :value,\n option_style= :style,\n option_type= 'color'"; $done = or_query($query, $pars_new); } message(lang('changes_saved')); log__admin("options_colors_edit", "style:" . $style); redirect('admin/options_colors.php?style=' . $style); } } if ($proceed) { if (check_allow('settings_edit_colors')) { echo ' <FORM action="options_colors.php" method=post> <INPUT type=hidden name="style" value="' . $style . '">'; } echo '<TABLE class="or_formtable" style="width: 80%;">'; if (check_allow('settings_edit_colors')) { echo ' <TR> <TD colspan=2 align=center> <INPUT class="button" type=submit name="change" value="' . lang('change') . '">
} if ($proceed) { $question = faq__load_question($faq_id); $answer = faq__load_answer($faq_id); // load languages $languages = get_languages(); if ($reallydelete) { $pars = array(':faq_id' => $faq_id); $query = "DELETE FROM " . table('lang') . "\n WHERE content_type='faq_question'\n AND content_name= :faq_id"; $result = or_query($query, $pars); $query = "DELETE FROM " . table('lang') . "\n WHERE content_type='faq_answer'\n AND content_name= :faq_id"; $result = or_query($query, $pars); $query = "DELETE FROM " . table('faqs') . "\n WHERE faq_id= :faq_id"; $result = or_query($query, $pars); message(lang('faq_deleted')); log__admin("faq_delete", "faq_id:" . $faq_id); redirect('admin/faq_main.php'); } } if ($proceed) { // form echo ' <center> <FORM action="faq_delete.php"> <INPUT type=hidden name="faq_id" value="' . $faq_id . '"> <TABLE class="or_formtable"> <TR><TD colspan="2"> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center"> "' . $question[lang('lang')] . '" </TD>
} elseif ($send || $sendall) { // send mails! $allow = check_allow('experiment_invite_participants', 'experiment_mail_participants.php?experiment_id=' . $experiment_id); if ($allow) { $whom = $sendall ? "all" : "not-invited"; $measure_start = getmicrotime(); $sent = experimentmail__send_invitations_to_queue($experiment_id, $whom); message($sent . ' ' . lang('xxx_inv_mails_added_to_mail_queue')); $measure_end = getmicrotime(); message(lang('time_needed_in_seconds') . ': ' . round($measure_end - $measure_start, 5)); log__admin("experiment_send_invitations", "experiment:" . $experiment['experiment_name']); redirect("admin/experiment_mail_participants.php?experiment_id=" . $experiment_id); } } else { message(lang('mail_text_saved')); log__admin("experiment_edit_invitation_mail", "experiment:" . $experiment['experiment_name']); redirect('admin/' . thisdoc() . '?experiment_id=' . $experiment_id); } } } if ($proceed) { $pars = array(':experiment_id' => $experiment_id); $query = "SELECT * from " . table('lang') . " \n\t\t\tWHERE content_type='experiment_invitation_mail' \n\t\t\tAND content_name= :experiment_id"; $experiment_mail = orsee_query($query, $pars); if (!isset($experiment_mail['lang_id'])) { $experiment_mail = array('lang_id' => ''); foreach ($inv_langs as $inv_lang) { $experiment_mail[$inv_lang] = ''; } } // form
$ok = true; $pars = array(); $in_clause = ""; } if ($ok) { $query = "SELECT participant_id, email\n FROM " . table('participants') . "\n WHERE status_id='0' " . $in_clause; $result = or_query($query, $pars); while ($line = pdo_fetch_assoc($result)) { $del_emails[$line['participant_id']] = $line['email']; } $query = "DELETE FROM " . table('participants') . "\n WHERE status_id='0' " . $in_clause; $done = or_query($query, $pars); $number = pdo_num_rows($done); message($number . ' ' . lang('xxx_temp_participants_deleted')); foreach ($del_emails as $participant_id => $email) { log__admin("participant_unconfirmed_delete", "participant_id: " . $participant_id . ', email: ' . $email); } redirect("admin/participants_unconfirmed.php"); } } } if ($proceed) { echo '<center>'; echo '<FORM action="participants_unconfirmed.php" method="POST">'; $posted_query = array('query' => array(0 => array("statusids_multiselect" => array("not" => "", "ms_status" => "0")))); $query_array = query__get_query_array($posted_query['query']); $query = query__get_query($query_array, 0, array(), 'creation_time DESC', false); echo '<BR> <TABLE width="80%" border="0"> <TR><TD> <TABLE width="100%" border="0">
if ($proceed) { if (isset($_REQUEST['reallydelete']) && $_REQUEST['reallydelete']) { $reallydelete = true; } else { $reallydelete = false; } $allow = check_allow('admin_delete', 'admin_edit.php?admin_id=' . $admin_id); } if ($proceed) { $admin = orsee_db_load_array("admin", $admin_id, "admin_id"); echo '<center>'; if ($reallydelete) { $pars = array(':admin_id' => $admin_id); $query = "DELETE FROM " . table('admin') . "\n WHERE admin_id= :admin_id"; $result = or_query($query, $pars); log__admin("admin_delete", $admin['adminname']); message(lang('admin_deleted') . ': ' . $admin['adminname']); redirect('admin/admin_show.php'); $proceed = false; } } if ($proceed) { // form $num_experiments = experiment__count_experiments("experimenter LIKE :adminname", array(':adminname' => '%|' . $admin['adminname'] . '|%')); if ($num_experiments > 0) { echo lang('admin_delete_warning'); } echo ' <TABLE class="or_formtable"> <TR><TD colspan="2"> <TABLE width="100%" border=0 class="or_panel_title"><TR>
if (isset($line['new_budget_id'])) { $budget_id = $line['new_budget_id']; } else { $budget_id = 1; } } else { $new = false; } $budget = $_REQUEST; $budget['budget_id'] = $budget_id; if (!$budget['budget_limit']) { $budget['budget_limit'] = NULL; } $done = orsee_db_save_array($budget, "budgets", $budget_id, "budget_id"); message(lang('changes_saved')); log__admin("payments_budget_edit", "budget_id:" . $budget['budget_id']); //redirect ("admin/payments_budget_edit.php?budget_id=".$budget_id); } else { $budget = $_REQUEST; } } } if ($proceed) { // form echo '<CENTER>'; show_message(); echo ' <FORM action="payments_budget_edit.php">'; if (isset($budget_id)) { echo '<INPUT type=hidden name="budget_id" value="' . $budget_id . '">'; }
} else { $time_changed = false; } if (!isset($_REQUEST['addit'])) { if ($_REQUEST['registration_end_hours'] != $edit['registration_end_hours'] || $time_changed) { $_REQUEST['reg_notice_sent'] = "n"; message(lang('reg_time_extended_but_notice_sent')); } if (($_REQUEST['session_reminder_hours'] != $edit['session_reminder_hours'] || $time_changed) && isset($edit['session_reminder_sent']) && $edit['session_reminder_sent'] == "y") { message(lang('session_reminder_changed_but_notice_sent')); } } $edit = $_REQUEST; $done = orsee_db_save_array($edit, "sessions", $edit['session_id'], "session_id"); if ($done) { log__admin("session_edit", "session:" . session__build_name($edit, $settings['admin_standard_language']) . "\nsession_id:" . $edit['session_id']); message(lang('changes_saved')); redirect('admin/session_edit.php?session_id=' . $edit['session_id']); } else { lang('database_error'); redirect('admin/session_edit.php?session_id=' . $edit['session_id']); } } } if ($proceed) { // form if (isset($_REQUEST['copy']) && $_REQUEST['copy']) { $session_id = ""; } if (!$session_id) { $addit = true;
} $subpools = subpools__get_subpools(); if (!isset($subpools[$merge_with])) { redirect("admin/subpool_main.php"); } else { // transaction? $pars = array(':subpool_id' => $subpool_id); $query = "DELETE FROM " . table('subpools') . " \n\t\t\t\t\tWHERE subpool_id= :subpool_id"; $result = or_query($query, $pars); $pars = array(':subpool_id' => $subpool_id); $query = "DELETE FROM " . table('lang') . "\n\t\t\t\t\tWHERE content_name= :subpool_id \n\t\t\t\t\tAND content_type='subjectpool'"; $result = or_query($query, $pars); $pars = array(':subpool_id' => $subpool_id, ':merge_with' => $merge_with); $query = "UPDATE " . table('participants') . " \n\t\t\t\t\tSET subpool_id= :merge_with \n\t\t\t\t\tWHERE subpool_id= :subpool_id"; $result = or_query($query, $pars); log__admin("subjectpool_delete", "subjectpool:" . $subpool['subpool_name']); message(lang('subpool_deleted_part_moved_to') . ' "' . $subpools[$merge_with]['subpool_name'] . '".'); redirect("admin/subpool_main.php"); } } } if ($proceed) { // form echo ' <CENTER> <FORM action="subpool_delete.php"> <INPUT type=hidden name="subpool_id" value="' . $subpool_id . '"> <TABLE class="or_formtable"> <TR><TD colspan="2"> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center"> ' . lang('delete_subpool') . ' "' . $subpool['subpool_name'] . '"
function log__show_log($log) { global $limit; if (!$limit) { $limit = 50; } if (isset($_REQUEST['os']) && $_REQUEST['os'] > 0) { $offset = $_REQUEST['os']; } else { $offset = 0; } global $lang, $color; $pars = array(); if (isset($_REQUEST['action']) && $_REQUEST['action']) { $aquery = " AND action=:action "; $pars[':action'] = $_REQUEST['action']; } else { $aquery = ""; } if (isset($_REQUEST['id']) && $_REQUEST['id']) { $idquery = " AND id=:id "; $pars[':id'] = $_REQUEST['id']; } else { $idquery = ""; } if (isset($_REQUEST['target']) && $_REQUEST['target']) { $tquery = " AND target LIKE :target "; $pars[':target'] = '%' . $_REQUEST['target'] . '%'; } else { $tquery = ""; } $logtable = table('participants_log'); switch ($log) { case "participant_actions": $logtable = table('participants_log'); $secondtable = " LEFT JOIN " . table('participants') . " ON id=participant_id "; break; case "experimenter_actions": $logtable = table('admin_log'); $secondtable = " LEFT JOIN " . table('admin') . " ON id=admin_id "; break; case "regular_tasks": $logtable = table('cron_log'); $secondtable = " LEFT JOIN " . table('admin') . " ON id=admin_id "; break; } if (isset($_REQUEST['delete']) && $_REQUEST['delete'] && isset($_REQUEST['days']) && $_REQUEST['days']) { $allow = check_allow('log_file_' . $log . '_delete', 'statistics_show_log.php?log=' . $log); if (isset($_REQUEST['days']) && $_REQUEST['days'] == "all") { $where_clause = ""; } else { $now = time(); $dsec = (int) $_REQUEST['days'] * 24 * 60 * 60; $dtime = $now - $dsec; $where_clause = " WHERE timestamp < " . $dtime; } $query = "DELETE FROM " . $logtable . $where_clause; $done = or_query($query); $number = pdo_num_rows($done); message($number . ' ' . lang('xxx_log_entries_deleted')); if ($number > 0) { log__admin("log_delete_entries", "log:" . $log . "\ndays:" . $_REQUEST['days']); } redirect("admin/statistics_show_log.php?log=" . $log); } $pars[':offset'] = $offset; $pars[':limit'] = $limit; $query = "SELECT * FROM " . $logtable . $secondtable . "\n WHERE id IS NOT NULL " . $aquery . $idquery . $tquery . " ORDER BY timestamp DESC\n LIMIT :offset , :limit "; $result = or_query($query, $pars); $num_rows = pdo_num_rows($result); echo '<TABLE width=80% border=0> <TR><TD width=50%>'; //echo '<FONT class="small">'.lang('query').': '.$query.'</FONT><BR><BR>'; echo '</TD> <TD align=right width=50%>'; if (check_allow('log_file_' . $log . '_delete')) { echo ' <FORM action="statistics_show_log.php"> <INPUT type=hidden name="log" value="' . $log . '"> ' . lang('delete_log_entries_older_than') . ' <select name="days"> <option value="all">' . lang('all_entries') . '</option>'; $ddays = array(1, 7, 30, 90, 180, 360); if (isset($_REQUEST['days']) && $_REQUEST['days']) { $selected = $_REQUEST['days']; } else { $selected = 90; } foreach ($ddays as $day) { echo '<option value="' . $day . '"'; if ($day == $selected) { echo ' SELECTED'; } echo '>' . $day . ' '; if ($day == 1) { echo lang('day'); } else { echo lang('days'); } echo '</option> '; } echo ' </select><input type=submit name="delete" value="' . lang('delete') . '">'; } echo '</TD></TR></TABLE>'; if ($offset > 0) { echo '[' . log__link('os=' . ($offset - $limit)) . lang('previous') . '</A>]'; } else { echo '[' . lang('previous') . ']'; } echo ' '; if ($num_rows >= $limit) { echo '[' . log__link('os=' . ($offset + $limit)) . lang('next') . '</A>]'; } else { echo '[' . lang('next') . ']'; } echo '<TABLE class="or_listtable" style="width: 90%;">'; // header echo '<thead> <TR style="background: ' . $color['list_header_background'] . '; color: ' . $color['list_header_textcolor'] . ';"> <TD> ' . lang('date_and_time') . ' </TD> <TD>'; if ($log == 'participant_actions') { echo lang('lastname') . ', ' . lang('firstname'); } elseif ($log == 'experimenter_actions' || $log == 'regular_tasks') { echo lang('experimenter'); } if (isset($_REQUEST['id']) && $_REQUEST['id']) { echo ' ' . log__link('id=', 'os=0') . '<FONT class="small">[' . lang('unrestrict') . ']</FONT></A>'; } echo ' </TD><TD>' . lang('action'); if (isset($_REQUEST['action']) && $_REQUEST['action']) { echo ' ' . log__link('action=', 'os=0') . '<FONT class="small">[' . lang('unrestrict') . ']</FONT></A>'; } echo ' </TD><TD>' . lang('target'); if (isset($_REQUEST['target']) && $_REQUEST['target']) { echo ' ' . log__link('target=', 'os=0') . '<FONT class="small">[' . lang('unrestrict') . ']</FONT></A>'; } echo ' </TD></TR> </thead> <tbody>'; $shade = false; while ($line = pdo_fetch_assoc($result)) { echo '<tr class="small"'; if ($shade) { echo ' bgcolor="' . $color['list_shade1'] . '"'; } else { echo 'bgcolor="' . $color['list_shade2'] . '"'; } echo '> <TD>' . ortime__format($line['timestamp'], 'hide_seconds:false', lang('lang')) . '</TD> <TD>'; if ($log == 'participant_actions') { if ($line['participant_id']) { echo $line['lname'] . ', ' . $line['fname'] . ' <A HREF="participants_edit.php?participant_id=' . $line['participant_id'] . '"><FONT class="small">[' . lang('edit') . ']</FONT></A>'; } else { echo $line['id']; } } elseif ($log == 'experimenter_actions' || $log == 'regular_tasks') { echo $line['adminname']; } if (!isset($_REQUEST['id']) || $_REQUEST['id'] != $line['id']) { echo ' ' . log__restrict_link('id', $line['id']); } echo ' </TD><TD>' . $line['action']; if (!isset($_REQUEST['action']) || $_REQUEST['action'] != $line['action']) { echo ' ' . log__restrict_link('action', $line['action']); } echo ' </TD><TD>' . nl2br(stripslashes($line['target'])); if (!isset($_REQUEST['target']) || $_REQUEST['target'] != $line['target'] && $log != 'regular_tasks') { echo ' ' . log__restrict_link('target', $line['target']); } echo ' </TD></TR>'; if ($shade) { $shade = false; } else { $shade = true; } } echo '</tbody></TABLE>'; return $num_rows; }
function mailqueue__show_mailqueue($experiment_id = "", $limit = -1) { global $lang, $color, $options, $proceed; if ($proceed) { $pars = array(); if ($limit == -1 && $experiment_id && isset($options['mailqueue_experiment_number_of_entries_per_page']) && $options['mailqueue_experiment_number_of_entries_per_page']) { $limit = $options['mailqueue_experiment_number_of_entries_per_page']; } elseif ($limit == -1 && isset($options['mailqueue_number_of_entries_per_page']) && $options['mailqueue_number_of_entries_per_page']) { $limit = $options['mailqueue_number_of_entries_per_page']; } else { $limit = 100; } if (isset($_REQUEST['os']) && $_REQUEST['os'] > 0) { $offset = $_REQUEST['os']; } else { $offset = 0; } if ($experiment_id) { $equery = " AND experiment_id=:experiment_id "; $pars[':experiment_id'] = $experiment_id; } else { $equery = ""; } if (isset($_REQUEST['deleteall']) && $_REQUEST['deleteall']) { $dall = true; } else { $dall = false; } if (isset($_REQUEST['deleteallonpage']) && $_REQUEST['deleteallonpage']) { $dallpage = true; } else { $dallpage = false; } if (isset($_REQUEST['deletesel']) && $_REQUEST['deletesel']) { $dsel = true; } else { $dsel = false; } } if ($proceed) { if ($dall || $dallpage || $dsel) { if ($experiment_id) { $allow = check_allow('mailqueue_edit_experiment', 'experiment_mailqueue_show?experiment_id=' . $experiment_id); } else { $allow = check_allow('mailqueue_edit_all', 'mailqueue_show.php'); } $where_clause = " WHERE mail_id IS NOT NULL " . $equery; $ok = false; if ($dall) { $ok = true; } if ($dallpage) { $tallids = array(); if (isset($_REQUEST['allids']) && trim($_REQUEST['allids'])) { $tallids = explode(",", trim($_REQUEST['allids'])); } if (count($tallids) > 0) { $i = 0; $parnames = array(); foreach ($tallids as $id) { $i++; $tparname = ':mailid' . $i; $parnames[] = $tparname; $pars[$tparname] = $id; } $where_clause .= " AND mail_id IN (" . implode(",", $parnames) . ") "; $ok = true; } else { message(lang('error__mailqueue_delete_no_emails_selected')); $ok = false; } } if ($dsel) { $dids = array(); if (isset($_REQUEST['del']) && is_array($_REQUEST['del'])) { foreach ($_REQUEST['del'] as $k => $v) { if ($v == 'y') { $dids[] = $k; } } } if (count($dids) > 0) { $i = 0; $parnames = array(); foreach ($dids as $id) { $i++; $tparname = ':mailid' . $i; $parnames[] = $tparname; $pars[$tparname] = $id; } $where_clause .= " AND mail_id IN (" . implode(",", $parnames) . ") "; $ok = true; } else { message(lang('error__mailqueue_delete_no_emails_selected')); $ok = false; } } if ($ok) { $query = "DELETE FROM " . table('mail_queue') . $where_clause; //echo $query; $done = or_query($query, $pars); $number = pdo_num_rows($done); message($number . ' ' . lang('xxx_emails_deleted_from_queue')); if ($experiment_id) { if ($number > 0) { log__admin("mailqueue_delete_entries", "Experiment: " . $experiment_id . ", Count: " . $number); } } else { if ($number > 0) { log__admin("mailqueue_delete_entries", "Count: " . $number); } } } if ($experiment_id) { redirect("admin/experiment_mailqueue_show.php?experiment_id=" . $experiment_id); } else { redirect("admin/mailqueue_show.php"); } } } if ($proceed) { $pars = array(); if ($experiment_id) { $equery = " AND experiment_id=:experiment_id "; $pars[':experiment_id'] = $experiment_id; } else { $equery = ""; } $pars[':offset'] = $offset; $pars[':limit'] = $limit; $query = "SELECT * FROM " . table('mail_queue') . "\n WHERE mail_id IS NOT NULL " . $equery . " ORDER BY timestamp DESC\n LIMIT :offset , :limit"; $result = or_query($query, $pars); $num_rows = pdo_num_rows($result); if ($experiment_id && check_allow('mailqueue_edit_experiment')) { echo '<FORM action="experiment_mailqueue_show.php" method="POST"> <INPUT type="hidden" name="experiment_id" value="' . $experiment_id . '">'; } elseif (check_allow('mailqueue_edit_all')) { echo '<FORM action="mailqueue_show.php" method="POST">'; } echo '<TABLE width=90% border=0> <TR><TD width=50%>'; //echo '<FONT class="small">'.lang('query').': '.$query.'</FONT><BR><BR>'; echo ' </TD> <TD align=right width=50%>'; if (check_allow('mailqueue_edit_all')) { echo ' <TABLE width="100%" border="0"> <TR><TD width="33%" align="right"> <input class="button" type=submit name="deleteall" value="' . lang('delete_all') . '"> </TD><TD width="33%" align="right"> <input class="button" type=submit name="deleteallonpage" value="' . lang('delete_all_on_page') . '"> </TD><TD width="33%" align="right"> <input class="button" type=submit name="deletesel" value="' . lang('delete_selected') . '"> </TD></TR> </TABLE> '; } echo '</TD></TR></TABLE>'; if ($offset > 0) { echo '[' . log__link('os=' . ($offset - $limit)) . lang('previous') . '</A>]'; } else { echo '[' . lang('previous') . ']'; } echo ' '; if ($num_rows >= $limit) { echo '[' . log__link('os=' . ($offset + $limit)) . lang('next') . '</A>]'; } else { echo '[' . lang('next') . ']'; } echo '<TABLE class="or_listtable" style="width: 90%;"><thead>'; // header echo ' <thead> <TR style="background: ' . $color['list_header_background'] . '; color: ' . $color['list_header_textcolor'] . ';"> <TD>' . lang('id') . '</TD> <TD>' . lang('date_and_time') . '</TD> <TD>' . lang('email_type') . '</TD> <TD>' . lang('email_recipient') . '</TD> <TD>' . lang('reference') . '</TD> <TD>' . lang('error') . '</TD>'; if (check_allow('mailqueue_edit_all')) { echo '<TD> ' . lang('select_all') . ' <INPUT id="selall" type="checkbox" name="selall" value="y"> <script language="JavaScript"> $("#selall").change(function() { if (this.checked) { $("input[name*=\'del[\']").each(function() { this.checked = true; }); } else { $("input[name*=\'del[\']").each(function() { this.checked = false; }); } }); </script> </TD>'; } echo ' </TR> </thead> <tbody> '; $shade = false; $ids = array(); $experiment_ids = array(); $entries = array(); while ($line = pdo_fetch_assoc($result)) { $ids[] = $line['mail_id']; if ($line['experiment_id']) { $experiment_ids[] = $line['experiment_id']; } $entries[] = $line; } $experiments = experiment__load_experiments_for_ids($experiment_ids); foreach ($entries as $line) { echo '<TR'; if ($shade) { $shade = false; } else { $shade = true; } if ($shade) { echo ' bgcolor="' . $color['list_shade1'] . '"'; } else { echo ' bgcolor="' . $color['list_shade2'] . '"'; } echo '> <TD>' . $line['mail_id'] . '</TD> <TD>' . ortime__format($line['timestamp'], 'hide_second:false', lang('lang')) . '</TD> <TD>' . $line['mail_type'] . '</TD> <TD>' . $line['mail_recipient'] . '</TD> <TD>'; $reference = array(); if ($line['experiment_id']) { $reference[] = 'Experiment: <A HREF="experiment_show.php?experiment_id=' . $line['experiment_id'] . '">' . $experiments[$line['experiment_id']]['experiment_name'] . '</A>'; } if ($line['session_id']) { $reference[] = 'Session: <A HREF="session_edit.php?session_id=' . $line['session_id'] . '">' . $line['session_id'] . '</A>'; } if ($line['bulk_id']) { $reference[] = 'Bulk email: ' . $line['bulk_id']; } echo implode('<BR>', $reference); echo '</TD> <TD>' . $line['error'] . '</TD>'; if (check_allow('mailqueue_edit_all')) { echo '<TD><INPUT type="checkbox" name="del[' . $line['mail_id'] . ']" value="y"></TD'; } echo '</TR>'; } echo '</tbody></TABLE>'; if (check_allow('mailqueue_edit_all')) { echo '<INPUT type="hidden" name="allids" value="' . implode(",", $ids) . '">'; echo '</FORM>'; } return $num_rows; } }
if (count($dids) > 0) { $i = 0; $parnames = array(); foreach ($dids as $id) { $i++; $tparname = ':query_id' . $i; $parnames[] = $tparname; $pars[$tparname] = $id; } $pars[':query_type'] = $type; $query = "DELETE FROM " . table('queries') . "\n WHERE query_type=:query_type\n AND query_id IN (" . implode(",", $parnames) . ") "; $done = or_query($query, $pars); $number = pdo_num_rows($done); message($number . ' ' . lang('xxx_queries_deleted')); if ($number > 0) { log__admin("query_delete", "Type: " . $type . ", Count: " . $number); } redirect("admin/options_saved_queries.php?type=" . $type); } else { message(lang('error__query_delete_no_queries_selected')); redirect("admin/options_saved_queries.php?type=" . $type); } } } if ($proceed) { $pars = array(); $pars[':query_type'] = $type; $query = "SELECT * FROM " . table('queries') . "\n WHERE query_type = :query_type\n ORDER BY query_time DESC"; $result = or_query($query, $pars); $num_rows = pdo_num_rows($result); $titles = array('participants_search_active' => 'saved_queries_for_active_participants', 'participants_search_all' => 'saved_queries_for_all_participants');
$title = "regular_tasks"; include "header.php"; if ($proceed) { $allow = check_allow('regular_tasks_show', 'options_main.php'); } if ($proceed) { if (isset($_REQUEST['exec']) && $_REQUEST['exec'] && isset($_REQUEST['job_name']) && $_REQUEST['job_name']) { $allow = check_allow('regular_tasks_run', 'cronjob_main.php'); if ($proceed) { $cronjob = $_REQUEST['job_name']; $now = time(); $function_name = 'cron__' . $cronjob; $done = $function_name(); // save and log job $ready = cron__save_and_log_job($cronjob, $now, $done); log__admin("cronjob_run", $cronjob); message(lang('ran_cronjob_xxx') . ' ' . $cronjob); redirect('admin/' . thisdoc()); } } } if ($proceed) { echo '<center><BR>'; if (check_allow('regular_tasks_add')) { echo button_link('cronjob_edit.php?addit=true', lang('create_new'), 'plus-circle') . '<BR>'; } echo '<BR> <table class="or_listtable"><thead> <TR style="background: ' . $color['list_header_background'] . '; color: ' . $color['list_header_textcolor'] . ';"> <TD></TD> <TD>' . lang('enabled?') . '</TD>
} if ($proceed && $reallydelete) { // update participants and admin $tables = array('participants', 'admin'); foreach ($tables as $table) { $pars = array(':slang' => $slang, ':tlang' => $tlang); $query = "UPDATE " . table($table) . " SET language= :slang WHERE language= :tlang"; $done = or_query($query, pars); } message(lang('updated_language_settings')); // delete language column $query = "ALTER TABLE " . table('lang') . "\n DROP column " . $tlang; $done = or_query($query); // bye, bye message(lang('language_deleted') . ': ' . $tlang); log__admin("language_delete", "language:" . $tlang); redirect('admin/lang_main.php'); } if ($proceed) { // confirmation form echo '<center>'; echo ' <FORM action="lang_lang_delete.php"> <INPUT type=hidden name="elang" value="' . $tlang . '"> <INPUT type=hidden name="nlang" value="' . $slang . '"> <TABLE class="or_formtable"> <TR><TD colspan=2> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center"> ' . lang('delete_language') . ' ' . $lang_names[$tlang] . ' (' . $tlang . ')
$query = "INSERT into " . table('participate_at') . " \n \t \t\t\t\tSET participant_id= :participant_id,\n \t \t\t\tsession_id= :session_id, \n \t \t\t\texperiment_id= :experiment_id,\n \t \t\t\tpstatus_id=0"; $done2 = or_query($query, $pars); } if (isset($done2) && $done2) { message(lang('registered_participant_for') . ' <A HREF="experiment_participants_show.php?experiment_id=' . $session['experiment_id'] . '&session_id=' . $session['session_id'] . '">' . session__build_name($session) . '</A>.'); } } else { message(lang('no_session_selected'), 'message_error'); } } if ($done) { if (isset($_REQUEST['participant_id']) && $_REQUEST['participant_id']) { log__admin("participant_edit", "participant_id:" . $participant['participant_id']); } else { log__admin("participant_create", "participant_id:" . $participant['participant_id']); } $form = false; $addition = ""; if ($hide_header) { $addition .= "&hide_header=true"; } redirect("admin/participants_edit.php?participant_id=" . $participant['participant_id'] . $addition); } else { message(lang('database_error')); } } } } if ($proceed) { if ($participant_id && $continue) {
$pars = array(':pubs_string' => $pubs_string, ':option_id' => $now + 1); $query = "INSERT INTO " . table('options') . " \n\t\t\t\t\t\tSET option_id=:option_id,\n\t\t\t\t\t\toption_type='general',\n\t\t\t\t\t\toption_name='language_enabled_public',\n\t\t\t\t\t\toption_value= :pubs_string"; $done = or_query($query, $pars); } $query = "SELECT * FROM " . table('options') . "\n\t\t\t\t\tWHERE option_type='general' AND option_name='language_enabled_participants'"; $result2 = orsee_query($query); if (isset($result2['option_id'])) { $pars = array(':parts_string' => $parts_string); $query = "UPDATE " . table('options') . " SET option_value= :parts_string \n\t\t\t\t\t\tWHERE option_type='general' AND option_name='language_enabled_participants'"; $done = or_query($query, $pars); } else { $pars = array(':parts_string' => $parts_string, ':option_id' => $now + 2); $query = "INSERT INTO " . table('options') . " \n\t\t\t\t\t\tSET option_id=:option_id,\n\t\t\t\t\t\toption_type='general',\n\t\t\t\t\t\toption_name='language_enabled_participants',\n\t\t\t\t\t\toption_value= :parts_string"; $done = or_query($query, $pars); } log__admin("language_availability_edit"); message(lang('changes_saved')); redirect("admin/lang_main.php"); } } } if ($proceed) { echo '<center>'; echo ' <BR><BR> <TABLE border=0 width=80%> <TR>'; if (check_allow('lang_symbol_add')) { echo ' <TD> ' . button_link('lang_symbol_edit.php?go=true', lang('add_symbol'), 'plus-circle') . ' </TD>';
// check for errors $continue = true; if (!$_REQUEST['lang_name']) { message(lang('error_no_language_name')); $continue = false; } // add language if ($continue) { $pars = array(':lang_name' => $_REQUEST['lang_name']); $query = "UPDATE " . table('lang') . " SET " . $tlang . "= :lang_name \n WHERE content_type='lang' AND content_name='lang_name'"; $done = or_query($query, $pars); $pars = array(':lang_icon_base64' => $_REQUEST['lang_icon_base64']); $query = "UPDATE " . table('lang') . " SET " . $tlang . "= :lang_icon_base64 \n WHERE content_type='lang' AND content_name='lang_icon_base64'"; $done = or_query($query, $pars); message(lang('changes_saved')); log__admin("language_edit", "language:" . $tlang); redirect("admin/lang_lang_edit.php?elang=" . $tlang); } $tlang_name = $_REQUEST['lang_name']; } } if ($proceed) { show_message(); echo '<center>'; echo '<FORM action="lang_lang_edit.php"> <INPUT type=hidden name="elang" value="' . $tlang . '"> <TABLE class="or_formtable"> <TR><TD colspan="3"> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center">
$search = ''; } if (isset($_REQUEST['letter']) && $_REQUEST['letter']) { $letter = $_REQUEST['letter']; } else { $letter = 'a'; } if (isset($_REQUEST['alter_lang']) && $_REQUEST['alter_lang'] && isset($_REQUEST['symbols']) && is_array($_REQUEST['symbols'])) { $pars = array(); foreach ($_REQUEST['symbols'] as $symbol => $content) { $pars[] = array(':content' => trim($content), ':symbol' => $symbol); } $query = "UPDATE " . table('lang') . " \n\t\t\t\tSET " . $el . "= :content \n\t\t\t\tWHERE content_name= :symbol \n\t\t\t\tAND content_type='lang'"; $done = or_query($query, $pars); message(lang('changes_saved')); log__admin("language_edit_symbols", "language:" . $edlang); redirect('admin/lang_edit.php?el=' . $el . '&letter=' . $letter . '&search=' . $search); } } if ($proceed) { if ($search) { $letter = ""; $lpars = array(':search1' => '%' . $search . '%', ':search2' => '%' . $search . '%', ':search3' => '%' . $search . '%'); $lquery = "select * from " . table('lang') . "\n \t\twhere content_type='lang'\n \t\tand (content_name LIKE :search1\n or " . lang('lang') . " LIKE :search2\n or " . $el . " LIKE :search3)\n AND content_name NOT IN ('lang','lang_name','lang_icon_base64') \n order by content_name"; } else { $search = ""; $lpars = array(':letter' => $letter); $lquery = "select * from " . table('lang') . "\n \t\twhere content_type='lang' \n \t\tand left(content_name,1)= :letter \n \t\tAND content_name NOT IN ('lang','lang_name','lang_icon_base64')\n\t\t\t\torder by content_name"; } echo '<FORM action="lang_edit.php"> <INPUT type=hidden name="el" value="' . $el . '">
if (!$faq_id) { $new_faq_id = time(); $faq['faq_id'] = $new_faq_id; $faq['evaluation'] = 0; $done = orsee_db_save_array($faq, "faqs", $faq['faq_id'], "faq_id"); $question['content_name'] = $new_faq_id; $question['content_type'] = "faq_question"; $done = lang__insert_to_lang($question); $answer['content_name'] = $new_faq_id; $answer['content_type'] = "faq_answer"; $done = lang__insert_to_lang($answer); log__admin("faq_create", "faq_id:" . $new_faq_id); } else { $done = orsee_db_save_array($question, "lang", $question['lang_id'], "lang_id"); $done = orsee_db_save_array($answer, "lang", $answer['lang_id'], "lang_id"); log__admin("faq_edit", "faq_id:" . $faq_id); } message(lang('changes_saved')); redirect('admin/faq_edit.php?faq_id=' . $question['content_name']); } } } if ($proceed) { show_message(); // form echo '<center>'; echo ' <FORM action="faq_edit.php" METHOD=POST> <INPUT type=hidden name="faq_id" value="' . $faq_id . '"> <TABLE class="or_formtable"> <TR><TD colspan="3">
$reallydelete = true; } else { $reallydelete = false; } $symbol = orsee_db_load_array("lang", $lang_id, "lang_id"); if (!isset($symbol['lang_id'])) { redirect("admin/lang_main.php"); } } if ($proceed) { if ($reallydelete) { $pars = array(':lang_id' => $lang_id); $query = "DELETE FROM " . table('lang') . " \n \t\tWHERE lang_id= :lang_id"; $result = or_query($query, $pars); message(lang('symbol_deleted')); log__admin("language_symbol_delete", "lang_id:lang," . $symbol['content_name']); redirect('admin/lang_edit.php'); } } if ($proceed) { // form echo '<center>'; echo ' <TABLE class="or_formtable"> <TR><TD colspan="2"> <TABLE width="100%" border=0 class="or_panel_title"><TR> <TD style="background: ' . $color['panel_title_background'] . '; color: ' . $color['panel_title_textcolor'] . '" align="center"> ' . lang('delete_symbol') . ' ' . $symbol['content_name'] . ' </TD> </TR></TABLE> </TD></TR>
$subpool = orsee_db_load_array("subpools", 1, "subpool_id"); } } if ($proceed) { if (isset($_REQUEST['edit']) && $_REQUEST['edit']) { $t['item_details']['current_draft'] = $_REQUEST['current_draft']; $t['item_details'] = property_array_to_db_string($t['item_details']); $done = orsee_db_save_array($t, "objects", $t['item_id'], "item_id"); log__admin("pform_templates_edit", "item_name:" . $t['item_name']); message(lang('changes_saved')); redirect('admin/options_profile_template_edit.php?item_name=' . $item_name . '&subpool_id=' . $subpool_id); } elseif (isset($_REQUEST['activate']) && $_REQUEST['activate']) { $t['item_details']['current_template'] = $t['item_details']['current_draft']; $t['item_details'] = property_array_to_db_string($t['item_details']); $done = orsee_db_save_array($t, "objects", $t['item_id'], "item_id"); log__admin("pform_templates_activate", "item_name:" . $t['item_name']); message(lang('template_draft_activated')); redirect('admin/options_profile_template_edit.php?item_name=' . $item_name . '&subpool_id=' . $subpool_id); } } if ($proceed) { if (!isset($t['item_details']['current_template'])) { $t['item_details']['current_template'] = ''; } if (!isset($t['item_details']['current_draft'])) { $t['item_details']['current_draft'] = $t['item_details']['current_template']; } echo '<center> <TABLE class="or_page_subtitle" style="background: ' . $color['page_subtitle_background'] . '; color: ' . $color['page_subtitle_textcolor'] . '; width: 98%"> <TR><TD align="center">' . lang('edit_participant_profile_form_template') . ' ' . $t['item_name'] . '</TD></TR></TABLE> <BR>';
} if ($proceed) { if (isset($_REQUEST['reallydelete']) && $_REQUEST['reallydelete']) { $reallydelete = true; } else { $reallydelete = false; } $allow = check_allow('events_delete', 'events_edit.php?event_id=' . $event_id); } if ($proceed) { $space = orsee_db_load_array("events", $event_id, "event_id"); if ($reallydelete) { $pars = array('event_id' => $event_id); $query = "DELETE FROM " . table('events') . "\n WHERE event_id= :event_id"; $result = or_query($query, $pars); log__admin("events_delete", "event_id:" . $event_id); message(lang('lab_reservation_deleted')); redirect('admin/calendar_main.php'); } } if ($proceed) { // form echo ' <CENTER> <TABLE> <TR> <TD colspan=2> ' . lang('do_you_really_want_to_delete') . ' <BR><BR>'; dump_array($space); echo ' </TD>