<?php // This is the main page for reports. It checks for permissions and then // loads the report_sub_<type>.php file. We use separate files since different // fields might include different secondary parameters. // These sub files contain forms that are handled by report_<type>.php if (!permissions("Herald") >= 1) { // User lacks the right permissions echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { // this page wasn't reached through a form submission echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } $cxn = open_db_browse(); // Open the db connection which is now live for the subforms // Generate the report. // Build the query based on the parameters: this will be a massive if statement. $report = $_POST["id_report"]; switch ($report) { case "1": // Obsidian report $report_name = "List of all Awards awarded"; $filename = "data"; $qshow = "SELECT concat('<a href=''edit_person.php?id=',Persons.id_person,'''>',name_person,'</a>') " . "as 'SCA Name', "; $qfile = "SELECT name_person as 'SCA Name', "; $query = " name_award as Award, date_award as 'Date Awarded',\n name_group as 'Group', name_kingdom as Kingdom \n from Persons, Awards, Groups, Kingdoms, Persons_Awards\n where Persons_Awards.id_person = Persons.id_person\n and Persons_Awards.id_award = Awards.id_award\n and Persons.id_group = Groups.id_group\n and Awards.id_kingdom = Kingdoms.id_kingdom\n order by name_person, name_award;"; break; default:
} if (isset($_GET['part_name']) && is_string($_GET['part_name'])) { // We got here through the add_person link on search.php // echo "Arrived from person.php"; $part_name = $_GET["part_name"]; } elseif (isset($_POST['part_name']) && is_string($_POST['part_name'])) { // We got here from form submission // echo "Arrived as form submission"; $part_name = $_POST["part_name"]; } else { echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } $cxn = open_db_browse(); // Build list of groups for add_person page. if ($_SERVER['REQUEST_METHOD'] == 'POST' && permissions("Any") >= 3) { //echo "Now adding ".$_POST["SCA_name"]." to the database.<br>"; $query_head = "INSERT INTO Persons(name_person"; $query_tail = " VALUES("; // Since SCA name is required, we can assume it's set $sca_name = sanitize_mysql($_POST["SCA_name"]); $query_tail = $query_tail . "'{$sca_name}'"; //mundane_name -> name_mundane_person if (isset($_POST["mundane_name"]) && !empty($_POST["mundane_name"]) && is_string($_POST["mundane_name"])) { $mundane_name = sanitize_mysql($_POST["mundane_name"]); $query_head = $query_head . ",name_mundane_person"; $query_tail = $query_tail . ",'{$mundane_name}'"; } //email -> email_person if (isset($_POST["email"]) && !empty($_POST["email"]) && is_string($_POST["email"])) { $email = sanitize_mysql($_POST["email"]);
<?php session_start(); include_once 'ressources/class.templates.inc'; include_once 'ressources/class.ldap.inc'; include_once 'ressources/class.user.inc'; include_once 'ressources/class.mysql.inc'; include_once 'ressources/class.backup.inc'; if (isset($_GET["uid"]) && !isset($_GET["userid"])) { $_GET["userid"] = $_GET["uid"]; } if (!permissions()) { $tpl = new templates(); echo "alert('" . $tpl->javascript_parse_text("{ERROR_NO_PRIVS}") . "');"; die; exit; } if (isset($_GET["ListDirectory"])) { ListDirectory(); exit; } if (isset($_GET["popup"])) { popup(); exit; } if (isset($_GET["tasks-list"])) { tasks_list(); exit; } if (isset($_GET["connect"])) { connect();
break; case 'edit': if (permissions('users', 'group', 'edit')) { $sql = new MySQLObject(); $sql->query("UPDATE " . $q->table('users_groups') . " SET `name` = '" . $sql->escape($_POST['group_header']) . "',`description` = '" . $sql->escape($_POST['group_description']) . "' WHERE (`gid` = " . intval($_GET['gid']) . ")"); global $tpl; $tpl->queue[0][] = ' global $mod; $mod->modules[\'users\']->group_edit();'; } else { $syslog->permissions_error('{L_PERMISSIONS_USERS_GROUP_EDIT}'); die; } break; case 'delete': if (permissions('users', 'group', 'delete')) { if (isset($_GET['gid'])) { $sql = new MySQLObject(); if ($sql->query("DELETE FROM " . $q->table('users_groups') . " WHERE (`gid` = " . intval($_GET['gid']) . ")")) { $tpl->assign('REDIRECT_LOCATION', './acp.php?c=users§ion=groups'); $syslog->alert_success('{L_ALERT_USERS_GROUP_DELETE_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_USERS_GROUP_DELETE_ERROR}'); die; } } } else { $syslog->permissions_error('{L_PERMISSIONS_USERS_GROUP_DELETE}'); die; }
<?php /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ if (permissions("Herald") < 3) { //echo var_dump($_SESSION); echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } if (isset($_GET['idpa']) && is_numeric($_GET['idpa']) & isset($_GET['id']) && is_numeric($_GET['id'])) { // We got here through the edit link on person.php // echo "Arrived from person.php"; $id_person_award = $_GET["idpa"]; $id_person = $_GET["id"]; } elseif (isset($_POST['idpa']) && is_numeric($_POST['idpa']) && isset($_POST['id']) && is_numeric($_POST['id'])) { // We got here from form submission and hence will be deleting the info // echo "Arrived as form submission"; $id_person_award = $_POST["idpa"]; $id_person = $_POST["id"]; } else { echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } $cxn = open_db_browse(); $query = "SELECT id_person_award, name_person, name_award, " . "date_award, name_kingdom, name_event, Events.id_event " . "from Persons, Persons_Awards, Awards, Kingdoms, Events " . "WHERE Persons.id_person = Persons_Awards.id_person " . "AND Persons_Awards.id_award = Awards.id_award " . "AND Awards.id_kingdom = Kingdoms.id_kingdom " . "AND Persons_Awards.id_event = Events.id_event " . "AND id_person_award={$id_person_award} " . "ORDER by date_award"; $result = mysqli_query($cxn, $query) or die("Couldn't execute query"); if (mysqli_num_rows($result) != 1) { echo "Couldn't find award";
die; } else { $syslog->alert_error('{L_ALERT_PAGES_PAGE_EDIT_ERROR}'); die; } } else { $syslog->alert_error('{L_ALERT_PAGES_PAGE_EDIT_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_PAGES_PAGE_EDIT}'); die; } break; case 'delete': if (permissions('pages', 'page', 'delete')) { if (isset($_GET['pid'])) { $sql = new MySQLObject(); if ($sql->query("SELECT `pid`,`path` FROM " . $sql->table('pages') . " WHERE (`pid` = " . intval($_GET['pid']) . ")")) { $page = $sql->fetch_one(); if ($sql->query("DELETE FROM " . $sql->table('pages') . " WHERE (`pid` = " . intval($_GET['pid']) . ")")) { if ($sql->query("UPDATE " . $sql->table('pages') . " SET `parent` = -1 WHERE (`parent` = " . $page->pid . ")")) { $sql->query("DELETE FROM " . $sql->table('menu') . " WHERE (`link` = '" . $page->path . "')"); $tpl->assign('REDIRECT_LOCATION', './acp.php?c=pages'); $syslog->alert_success('{L_ALERT_PAGES_PAGE_DELETE_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_PAGES_PAGE_DELETE_ERROR}'); die; } } else {
function readdirdata($dir) { global $action, $files, $dirs, $tm, $supsub, $thum, $style3, $style4, $PHP_SELF; $files = array(); $dirs = array(); $open = @opendir($dir); if (!@readdir($open) or !$open) { echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>"; } else { $open = opendir($dir); while ($file = readdir($open)) { $rec = $file; $file = $dir . "/" . $file; if (is_file($file)) { $files[] = $rec; } } sort($files); $open = opendir($dir); $i = 0; while ($dire = readdir($open)) { if ($dire != ".") { $rec = $dire; $dire = $dir . "/" . $dire; if (is_dir($dire)) { $dirs[] = $rec; $i++; } } } sort($dirs); print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>"; for ($i = 0; $i < sizeof($dirs); $i++) { if ($dirs[$i] != "..") { $type = 'Dir'; $fullpath = $dir . "/" . $dirs[$i]; $time = date("d/m/y H:i", filemtime($fullpath)); $perm = permissions(fileperms($fullpath)); $size = tinhbyte(filesize($fullpath)); $name = $dirs[$i]; $fullpath = $tm . "/" . $dirs[$i]; if ($perm[7] == "w" && $name != "..") { $action = "\n\n\t<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n\t<tr>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=uploadd'>Upload</a></td>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$tm}&dd={$name}&action=deldir'>Delete</a></td>\n\n\t</tr>\n\n\t<tr>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=newdir'>Create directory</a></td>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Directory compression</a></td>\n\n\t</tr></table>"; } else { $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center {$style2}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Directory compression</a></td></tr></table>"; } print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '{$PHP_SELF}?tm={$fullpath}'><b><i>{$name}</i></b></a></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'left'>{$action}</td></tr></table>"; } } for ($i = 0; $i < sizeof($files); $i++) { $type = 'File'; $fullpath = $dir . "/" . $files[$i]; $time = date("d/m/y H:i", filemtime($fullpath)); $perm = permissions(fileperms($fullpath)); $size = tinhbyte(filesize($fullpath)); if ($perm[6] == "r") { $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=view'>View</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download'>Download</a></td></tr>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download_mail'>To e-mail</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=copyfile'>Copy</a></td>\n\n </tr></table>"; } if ($perm[7] == "w") { $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=edit'>Edit</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=delete'>Delete</a></td>\n\n </tr></table>"; } print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>{$files[$i]}</b></font></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'center'>{$act}</td></tr></table>"; } } }
if ($sql->query("\r\nUPDATE " . $sql->table('blog_tags') . "\r\nSET\r\n\t`header` = '" . $sql->escape($_POST['tag']['header']) . "',\r\n\t`tag` = '" . $sql->escape($tag) . "'\r\nWHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')")) { // -- OK -- $tpl->assign('REDIRECT_LOCATION', './acp.php?c=blog§ion=tag'); $syslog->alert_success('{L_ALERT_BLOG_TAG_EDIT_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_BLOG_TAG_EDIT_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_BLOG_TAG_EDIT}'); die; } break; case 'delete': if (permissions('blog', 'tag', 'delete')) { $sql = new MySQLObject(); if ($sql->query("DELETE FROM " . $sql->table('blog_tags') . " WHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')")) { // -- OK -- $tpl->assign('REDIRECT_LOCATION', './acp.php?c=blog§ion=tag'); $syslog->alert_success('{L_ALERT_BLOG_TAG_DELETE_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_BLOG_TAG_DELETE_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_BLOG_TAG_DELETE}'); die; } break;
} echo '</table>'; ############################################################################################ ## Директории ## ############################################################################################ echo '<br /><b>Готовность директорий</b><br /><br />'; echo '<table width="99%" border="0" cellspacing="0" cellpadding="2">'; echo '<tr bgcolor="ffff00"><td width="40%">Директория</td><td width="20%">Доступ</td><td width="20%">Chmod</td><td width="20%">Размер</td></tr>'; foreach ($dires as $key => $value) { if ($key & 1) { $bgcolor = "#e0e0e0"; } else { $bgcolor = "#ffffff"; } echo '<tr bgcolor="' . $bgcolor . '"><td width="40%">' . $value . '</td><td width="20%">'; if (is_writeable(DATADIR . $value)) { echo '<span style="color:#00ff00">Готова</span>'; } else { echo '<span style="color:#ff0000">Не готова</span>'; } echo '</td><td width="20%">' . permissions(DATADIR . $value) . '</td><td width="20%">' . formatsize(read_dir(DATADIR . $value)) . '</td></tr>'; } echo '</table>'; echo '<br />Если какой-то пункт выделен красным необходимо зайти по фтп и выставить CHMOD разрещающую запись<br />'; echo '<br /><img src="../images/img/panel.gif" alt="image" /> <a href="index.php?' . SID . '">В админку</a><br />'; echo '<img src="../images/img/homepage.gif" alt="image" /> <a href="../index.php?' . SID . '">На главную</a><br />'; } else { header("Location: ../index.php?isset=404&" . SID); exit; } include_once "../themes/" . $config['themes'] . "/foot.php";
<?php /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ if (permissions("Marshal") < 3) { //echo var_dump($_SESSION); echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } if ($_SERVER['REQUEST_METHOD'] != 'POST') { echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } // Since we have the right permissions and arrived here via post, // we will now update the database $id_person = $_POST["id"]; $name_person = $_POST["name_person"]; $cxn = open_db_browse(); $query_comb = "SELECT id_combat, name_combat, cn, ea, ipcc, note, active " . "FROM Combat LEFT JOIN" . "(SELECT id_person_combat_card as ipcc, card_marshal as cn, " . "expire_marshal as ea, id_combat as ic," . "note_marshal as note, active_marshal as active " . "FROM Persons_CombatCards " . "WHERE id_person={$id_person}) AS PA " . "ON Combat.id_combat = PA.ic ORDER BY name_combat"; if (DEBUG) { echo "Per Category known facts:<br>{$query_comb}<p>"; } $combats = mysqli_query($cxn, $query_comb) or die("Couldn't execute query to find known/current date/card numbers."); echo form_title("Now updated Marshal's Warrants as follows."); if (isset($_POST['dynmact'])) { $dynmact = $_POST['dynmact']; } $dynmcombat = $_POST['dynmcombat'];
if ($sql->query("UPDATE " . $sql->table('menu') . " SET `show` = 0 WHERE (`iid` = " . intval($_GET['iid']) . ")")) { // -- OK -- $tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu'); $syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_EDIT}'); die; } break; case 'move': if (permissions('menu', 'items', 'edit') && isset($_GET['dir'])) { $sql = new MySQLObject(); if ($sql->query("SELECT `order` FROM " . $sql->table('menu') . " WHERE (`iid` = " . intval($_GET['iid']) . ")") && $sql->num() > 0) { $item = $sql->fetch_one(); if ($sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET `order` = " . $item->order . "\r\nWHERE (`order` = " . ($_GET['dir'] == 'up' ? $item->order - 1 : $item->order + 1) . ")") && $sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET `order` = " . ($_GET['dir'] == 'up' ? $item->order - 1 : $item->order + 1) . "\r\nWHERE (`iid` = " . intval($_GET['iid']) . ")")) { // -- OK -- $tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu'); $syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}'); die; } } else { $syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}'); die;
<?php // This is the main page for reports. It checks for permissions and then // loads the report_sub_<type>.php file. We use separate files since different // fields might include different secondary parameters. // These sub files contain forms that are handled by report_<type>.php if (!permissions("Herald") >= 1 && !permissions("Marshal") >= 1) { echo '<p class="error"> This page has been accessed in error...</p>'; exit_with_footer(); } $cxn = open_db_browse(); // Open the db connection which is now live for the subforms // If a herald is logged in, they see the herald reports. if (permissions("Herald") >= 1) { include 'report_sub_herald.php'; } if (permissions("Marshal") >= 1) { include 'report_sub_marshal.php'; } mysqli_close($cxn); /* close the db connection */
function readdirdata($dir) { global $action, $files, $dirs, $tm, $supsub, $thum, $style3, $style4, $PHP_SELF; $files = array(); $dirs = array(); $open = @opendir($dir); if (!@readdir($open) or !$open) { echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Нет доступа.</b></td></tr></table>"; } else { $open = opendir($dir); while ($file = readdir($open)) { $rec = $file; $file = $dir . "/" . $file; if (is_file($file)) { $files[] = $rec; } } sort($files); $open = opendir($dir); $i = 0; while ($dire = readdir($open)) { if ($dire != ".") { $rec = $dire; $dire = $dir . "/" . $dire; if (is_dir($dire)) { $dirs[] = $rec; $i++; } } } sort($dirs); print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Имя</b></td><td width = '10%' align = 'center' class=pagetitle><b>Размер</b></td><td width = '20%' align = 'center' class=pagetitle><b>Дата создания</b></td><td width = '10%' align = 'center' class=pagetitle><b>Тип</b></td><td width = '15%' align = 'center' class=pagetitle><b>Права доступа</b></td><td width = '25%' align = 'center' class=pagetitle><b>Комментарии</b></td></tr></table>"; for ($i = 0; $i < sizeof($dirs); $i++) { if ($dirs[$i] != "..") { $type = 'Dir'; $fullpath = $dir . "/" . $dirs[$i]; $time = date("d/m/y H:i", filemtime($fullpath)); $perm = permissions(fileperms($fullpath)); $size = tinhbyte(filesize($fullpath)); $name = $dirs[$i]; $fullpath = $tm . "/" . $dirs[$i]; if ($perm[7] == "w" && $name != "..") { $action = "\r\n\t<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n\t<tr>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=uploadd'>Загрузить</a></td>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$tm}&dd={$name}&action=deldir'>Удалить</a></td>\r\n\t</tr>\r\n\t<tr>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=newdir'>Новая директория</a></td>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Архивация папки</a></td>\r\n\t</tr></table>"; } else { $action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Только чтение</b></td><td align=center {$style2}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Архивация папки</a></td></tr></table>"; } print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '{$PHP_SELF}?tm={$fullpath}'><b><i>{$name}</i></b></a></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'left'>{$action}</td></tr></table>"; } } for ($i = 0; $i < sizeof($files); $i++) { $type = 'File'; $fullpath = $dir . "/" . $files[$i]; $time = date("d/m/y H:i", filemtime($fullpath)); $perm = permissions(fileperms($fullpath)); $size = tinhbyte(filesize($fullpath)); $owner = @chown($fullpath, "nobody"); if ($perm[6] == "r") { $act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=view'>Просмотр</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download'>Скачка</a></td></tr>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download_mail'>На мыло</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=copyfile'>Копировать</a></td>\r\n </tr></table>"; } if ($owner == "nobody") { $act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=edit'>Редактировать</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=delete'>Удалить</a></td>\r\n </tr></table>"; } print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>{$files[$i]}</b></font></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'center'>{$act}</td></tr></table>"; } } }
} ?> <div class='sform' > <form method="POST" action="" enctype="multipart/form-data"> <br/>Title: <input type='text' class="tb" name='title'/><br/> <br/>Description:<br/> <textarea name='text' class="cb" rows='5' cols='60'></textarea><br/> <br/>TAGS:(max 255 chars, If more than one tag just separate by a space)<br/> <input type='text' class="tb" name='tag'/><br/> <br/><?php categories(); ?> <?php permissions(); ?> <br/> <input type="hidden" name="MAX_FILE_SIZE" value="10485760" /> <br/>Media File: <input type="file" class="tb" name="media" /><br/>(Max Upload Size 10 MB) <br/> <br/> <sbutton> <input type="submit" class="button" name="submit" value="Submit"/> </sbutton> </form> </sform> </div> </body> </html>
function list_dir($d) { global $HTTP_REFERER; if (isset($_POST['b_up']) or isset($_POST['b_open_dir'])) { chdir($_POST['fname']); $d = getcwd(); } else { $d = getcwd(); } if ($_POST['b_new_dir']) { mkdir($_POST['new']); chmod($_POST['new'], 0777); $d = $_POST['new']; } if ($_POST['b_del'] and is_dir($_POST['fname'])) { rmdir($_POST['fname']); chdir($_POST['dname']); $d = getcwd(); } if ($_POST['b_del'] and !is_dir($_POST['fname'])) { unlink($_POST['fname']); chdir($_POST['dname']); $d = getcwd(); } if ($_POST['b_change_dir']) { chdir($_POST['change_dir']); $d = getcwd(); } if ($_POST['b_new_file'] or $_POST['b_open_file']) { chdir($_POST['dname']); $d = getcwd(); } $dir = read_dir($d); $dir = sortbyname($dir, $d); $count = count($dir); echo "<form action=\"" . $HTTP_REFERER . "\" method=\"POST\" enctype=\"multipart/form-data\">"; echo "<input type=\"hidden\" value='" . $r_act . "' name=\"r_act\">"; echo "<table BORDER=1 align=center>"; echo "<tr bgcolor=#ffff00><td alling=\"center\"><b>Navigation</b></td></tr>"; if (is_writable($d)) { echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"{$d}\" name=\"new\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewDir\" name=\"b_new_dir\"></td>"; echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewFile\" name=\"b_new_file\"></td></tr>"; } echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"{$d}\" name=\"change_dir\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"ChangeDir\" name=\"b_change_dir\"></td></tr>"; if (!$safe_mode) { echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"\" name=\"ffile\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"FindeFile\" name=\"b_f_file\"></td></tr>"; } echo "</table></form>"; echo "<table CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>"; echo "<tr bgcolor=#ffff00><td><b> Directory </b></td><td alling=\"center\"><b> Permission </b></td><td alling=\"center\"><b> Size </b></td><td alling=\"center\"><b> Owner/Group </b></td><td alling=\"center\"><b> Action </b></td>"; for ($i = 0; $i < $count; $i++) { if ($dir[$i] != "") { $full = $d . "/" . $dir[$i]; $perm = permissions(fileperms($full), $dir[$i]); $file = $d . "/" . $dir[$i]; echo "<form action=\"" . $HTTP_REFERER . "\" method=\"POST\" enctype=\"multipart/form-data\">"; if (is_dir($file)) { echo "<tr bgcolor=#98FA00><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>"; } elseif (is_file($file)) { echo "<tr><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>"; } else { echo "<tr bgcolor=#ffff00><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>"; } if (is_dir($file)) { echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Listing\" name=\"b_open_dir\"></td>"; } elseif (is_readable($file)) { echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Open\" name=\"b_open_file\"></td>"; } if (is_writable($file) and $file != "..") { echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Delete\" name=\"b_del\"></td>"; } if (is_readable($file) and !is_dir($file)) { echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Download\" name=\"b_down\"></td>"; } echo "<input type=\"hidden\" value='" . $r_act . "' name=\"r_act\"></tr>"; echo "</form>"; } } echo "</table>"; closedir($d); }
echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } $query = "SELECT name_person, name_group, Groups.id_group " . "FROM Persons, Groups " . "WHERE Persons.id_person = {$id_person} " . "AND Persons.id_group=Groups.id_group"; if (DEBUG) { echo "Query to database is: {$query}<p>"; } $result = mysqli_query($cxn, $query) or die("Couldn't execute query"); while ($row = mysqli_fetch_assoc($result)) { extract($row); echo "<div class='page-header'>" . form_title($name_person); echo form_subtitle("Member of " . live_link("list.php?group={$id_group}", "{$name_group}")); include "../templates/warning.php"; // includes the warning text about paper precedence echo "</small>"; if (permissions("Herald") >= 3 or permissions("Marshal") >= 3) { // TODO: Make this link more visible? echo "<br>" . button_link("./edit_person.php?id={$id_person}", "Edit {$name_person}'s record"); } echo "</div>"; } echo "\n<div class='row'>\n\n <div class='col-md-8 col-md-offset-2'>"; $query = "SELECT waiver_person, youth_person, birthdate_person\n FROM Persons\n WHERE id_person={$id_person}"; if (DEBUG) { echo "Waiver query is:{$query}<p>"; } $result = mysqli_query($cxn, $query) or die("Couldn't execute waiver query"); $matches = $result->num_rows; if ($matches > 0) { $row = mysqli_fetch_assoc($result); extract($row);
if (permissions("Herald") >= 3) { echo button_link("./add_event.php", "Add A New Event"); } echo "<div class='list-group'><ul type='none'>"; // make the list pretty with formatting if ($k_id == -1) { $query = "SELECT id_event, name_event, date_event_start, date_event_stop, name_group, name_kingdom\n FROM Events, Groups, Kingdoms\n WHERE name_event like '%{$part_name}%'\n AND Events.id_group = Groups.id_group\n AND Groups.id_kingdom = Kingdoms.id_kingdom " . "ORDER BY name_event"; } else { $query = "SELECT id_event, name_event, date_event_start, date_event_stop, name_group, name_kingdom\n FROM Events, Groups, Kingdoms\n WHERE name_event like '%{$part_name}%'\n AND Events.id_group = Groups.id_group\n AND Groups.id_kingdom = Kingdoms.id_kingdom " . "AND Groups.id_kingdom = {$k_id} " . "ORDER BY name_group"; } $result = mysqli_query($cxn, $query) or die("Couldn't execute events query"); $matches = $result->num_rows; echo "{$matches} events matches"; while ($row = mysqli_fetch_assoc($result)) { extract($row); if (permissions("Herald") >= 3) { $link = "<li class='list-group-item text-left'>" . "<a href='./edit_event.php?id={$id_event}'>" . "{$name_event}</a> hosted by {$name_group} ({$name_kingdom}) " . "{$date_event_start} -- {$date_event_stop}" . "</li>"; } else { $link = "<li class='list-group-item text-left'>" . "<a href='./event.php?id={$id_event}'>" . "{$name_event}</a> hosted by {$name_group} ({$name_kingdom}) " . "{$date_event_start} -- {$date_event_stop}" . "</li>"; } // $link = "<li> $Name </li>"; echo "{$link}"; } echo "</ul></div><small><a href='#top'>Return to Top</a></small><!-- ./col-md-8 --></div><!-- ./row --></div><!-- ./container-->"; //close out list and open divs /*#######################################################################################*/ mysqli_close($cxn); /* close the db connection */ ?> </div>
if (isset($_GET['folder'])) { $error = null; $modal = null; $getclient = $_GET['u']; $getfolder = $_GET['folder']; if (isset($_GET['subfolder'])) { $getsubfolder = $_GET['subfolder']; } $currentuser = $_SESSION['staff_id']; $_SESSION['token'] = 'allow'; } } else { header('Location:../error/403.php'); exit; } if (permissions($currentuser, $getclient) != 1) { header('Location:../error/403.php'); exit; } $currentgroup = orbislookup($getclient, 'client_id', 'clients', 'client_group'); //CREATE FILE START if (isset($_POST['createfile'])) { $filename = addslashes($_POST['create-file-name']); if ($filename) { $filedesc = addslashes($_POST['create-file-desc']); $filefolder = $getfolder; if ($_POST['create-file-subfolder']) { $lookup = uniqid(); $newsubfoldername = $_POST['create-file-subfolder']; $newsubfolder = "INSERT INTO subfolders (subfolder_name, lookup) VALUES ('{$newsubfoldername}', '{$lookup}')"; $subfoldergo = mysql_query($newsubfolder) or die(mysql_error());
<?php // Purpose: to display all data for event site we're about to edit, // Privileges needed: permissions("Sites")>= 3 if (permissions("Sites") >= 3) { if (isset($_GET['id']) && is_numeric($_GET['id']) && isset($_SESSION['id'])) { // We got here through the edit link on list_site.php $id_site = $_GET["id"]; } elseif (isset($_POST['id']) && is_numeric($_POST['id']) && isset($_SESSION['id'])) { // We got here from form submission // echo "Arrived as form submission"; $id_site = $_POST['id']; } } else { // We don't have sufficient permissions for this page. echo '<p class="error"> This page has been accessed in error.</p>'; echo 'Please use your back arrow to return to the previous page.'; exit_with_footer(); } $cxn = open_db_browse(); //obtain a count of how many site records are in the db $query = "SELECT COUNT(*) from Sites"; $result = mysqli_query($cxn, $query) or die("Couldn't execute query to find max count"); if (mysqli_num_rows($result) == 1) { $max_item_result = mysqli_fetch_assoc($result); } else { exit_with_footer(); } //set the max_item variable based on the COUNT query $max_item = $max_item_result['COUNT(*)']; //start the Bootstrap row
if (isset($_GET['id']) && is_numeric($_GET['id']) && isset($_SESSION['id'])) { // We got here through the edit link on person.php // echo "Arrived from person.php"; $id_person = $_GET["id"]; } elseif (isset($_POST['id']) && is_numeric($_POST['id']) && isset($_SESSION['id'])) { // We got here from form submission // echo "Arrived as form submission"; $id_person = $_POST['id']; } else { echo '<p class="error"> This page has been accessed in error.</p>'; exit_with_footer(); } $cxn = open_db_browse(); // Edit the personal information like name, mundane info, etc. if (permissions("Marshal") >= 3 || permissions("Herald") >= 3) { include 'edit_person_sub_personal_info.php'; } //echo "Permissions for herald is ".permissions("Herald")."<br>"; //echo "<p>".var_dump($_SESSION)."<p>"; // Edit authorization and warrant stuffs for person if (permissions("Marshal") >= 3) { // form_subtitle("Now heading to Marshal territory"); include 'edit_person_sub_authorizations.php'; include 'edit_person_sub_marshals.php'; } // Edit awards for person if (permissions("Herald") >= 3 && permissions("Obsidian") >= 3) { include 'edit_person_sub_awards.php'; } mysqli_close($cxn); /* close the db connection */