<?php
// This is the main page for reports. It checks for permissions and then
// loads the report_sub_<type>.php file. We use separate files since different
// fields might include different secondary parameters.
// These sub files contain forms that are handled by report_<type>.php
if (!permissions("Herald") >= 1) {
// User lacks the right permissions
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
// this page wasn't reached through a form submission
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
$cxn = open_db_browse();
// Open the db connection which is now live for the subforms
// Generate the report.
// Build the query based on the parameters: this will be a massive if statement.
$report = $_POST["id_report"];
switch ($report) {
case "1":
// Obsidian report
$report_name = "List of all Awards awarded";
$filename = "data";
$qshow = "SELECT concat('<a href=''edit_person.php?id=',Persons.id_person,'''>',name_person,'</a>') " . "as 'SCA Name', ";
$qfile = "SELECT name_person as 'SCA Name', ";
$query = " name_award as Award, date_award as 'Date Awarded',\n name_group as 'Group', name_kingdom as Kingdom \n from Persons, Awards, Groups, Kingdoms, Persons_Awards\n where Persons_Awards.id_person = Persons.id_person\n and Persons_Awards.id_award = Awards.id_award\n and Persons.id_group = Groups.id_group\n and Awards.id_kingdom = Kingdoms.id_kingdom\n order by name_person, name_award;";
break;
default:
}
if (isset($_GET['part_name']) && is_string($_GET['part_name'])) {
// We got here through the add_person link on search.php
// echo "Arrived from person.php";
$part_name = $_GET["part_name"];
} elseif (isset($_POST['part_name']) && is_string($_POST['part_name'])) {
// We got here from form submission
// echo "Arrived as form submission";
$part_name = $_POST["part_name"];
} else {
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
$cxn = open_db_browse();
// Build list of groups for add_person page.
if ($_SERVER['REQUEST_METHOD'] == 'POST' && permissions("Any") >= 3) {
//echo "Now adding ".$_POST["SCA_name"]." to the database.<br>";
$query_head = "INSERT INTO Persons(name_person";
$query_tail = " VALUES(";
// Since SCA name is required, we can assume it's set
$sca_name = sanitize_mysql($_POST["SCA_name"]);
$query_tail = $query_tail . "'{$sca_name}'";
//mundane_name -> name_mundane_person
if (isset($_POST["mundane_name"]) && !empty($_POST["mundane_name"]) && is_string($_POST["mundane_name"])) {
$mundane_name = sanitize_mysql($_POST["mundane_name"]);
$query_head = $query_head . ",name_mundane_person";
$query_tail = $query_tail . ",'{$mundane_name}'";
}
//email -> email_person
if (isset($_POST["email"]) && !empty($_POST["email"]) && is_string($_POST["email"])) {
$email = sanitize_mysql($_POST["email"]);
<?php
session_start();
include_once 'ressources/class.templates.inc';
include_once 'ressources/class.ldap.inc';
include_once 'ressources/class.user.inc';
include_once 'ressources/class.mysql.inc';
include_once 'ressources/class.backup.inc';
if (isset($_GET["uid"]) && !isset($_GET["userid"])) {
$_GET["userid"] = $_GET["uid"];
}
if (!permissions()) {
$tpl = new templates();
echo "alert('" . $tpl->javascript_parse_text("{ERROR_NO_PRIVS}") . "');";
die;
exit;
}
if (isset($_GET["ListDirectory"])) {
ListDirectory();
exit;
}
if (isset($_GET["popup"])) {
popup();
exit;
}
if (isset($_GET["tasks-list"])) {
tasks_list();
exit;
}
if (isset($_GET["connect"])) {
connect();
break;
case 'edit':
if (permissions('users', 'group', 'edit')) {
$sql = new MySQLObject();
$sql->query("UPDATE " . $q->table('users_groups') . " SET `name` = '" . $sql->escape($_POST['group_header']) . "',`description` = '" . $sql->escape($_POST['group_description']) . "' WHERE (`gid` = " . intval($_GET['gid']) . ")");
global $tpl;
$tpl->queue[0][] = '
global $mod;
$mod->modules[\'users\']->group_edit();';
} else {
$syslog->permissions_error('{L_PERMISSIONS_USERS_GROUP_EDIT}');
die;
}
break;
case 'delete':
if (permissions('users', 'group', 'delete')) {
if (isset($_GET['gid'])) {
$sql = new MySQLObject();
if ($sql->query("DELETE FROM " . $q->table('users_groups') . " WHERE (`gid` = " . intval($_GET['gid']) . ")")) {
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=users§ion=groups');
$syslog->alert_success('{L_ALERT_USERS_GROUP_DELETE_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_USERS_GROUP_DELETE_ERROR}');
die;
}
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_USERS_GROUP_DELETE}');
die;
}
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
if (permissions("Herald") < 3) {
//echo var_dump($_SESSION);
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
if (isset($_GET['idpa']) && is_numeric($_GET['idpa']) & isset($_GET['id']) && is_numeric($_GET['id'])) {
// We got here through the edit link on person.php
// echo "Arrived from person.php";
$id_person_award = $_GET["idpa"];
$id_person = $_GET["id"];
} elseif (isset($_POST['idpa']) && is_numeric($_POST['idpa']) && isset($_POST['id']) && is_numeric($_POST['id'])) {
// We got here from form submission and hence will be deleting the info
// echo "Arrived as form submission";
$id_person_award = $_POST["idpa"];
$id_person = $_POST["id"];
} else {
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
$cxn = open_db_browse();
$query = "SELECT id_person_award, name_person, name_award, " . "date_award, name_kingdom, name_event, Events.id_event " . "from Persons, Persons_Awards, Awards, Kingdoms, Events " . "WHERE Persons.id_person = Persons_Awards.id_person " . "AND Persons_Awards.id_award = Awards.id_award " . "AND Awards.id_kingdom = Kingdoms.id_kingdom " . "AND Persons_Awards.id_event = Events.id_event " . "AND id_person_award={$id_person_award} " . "ORDER by date_award";
$result = mysqli_query($cxn, $query) or die("Couldn't execute query");
if (mysqli_num_rows($result) != 1) {
echo "Couldn't find award";
die;
} else {
$syslog->alert_error('{L_ALERT_PAGES_PAGE_EDIT_ERROR}');
die;
}
} else {
$syslog->alert_error('{L_ALERT_PAGES_PAGE_EDIT_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_PAGES_PAGE_EDIT}');
die;
}
break;
case 'delete':
if (permissions('pages', 'page', 'delete')) {
if (isset($_GET['pid'])) {
$sql = new MySQLObject();
if ($sql->query("SELECT `pid`,`path` FROM " . $sql->table('pages') . " WHERE (`pid` = " . intval($_GET['pid']) . ")")) {
$page = $sql->fetch_one();
if ($sql->query("DELETE FROM " . $sql->table('pages') . " WHERE (`pid` = " . intval($_GET['pid']) . ")")) {
if ($sql->query("UPDATE " . $sql->table('pages') . " SET `parent` = -1 WHERE (`parent` = " . $page->pid . ")")) {
$sql->query("DELETE FROM " . $sql->table('menu') . " WHERE (`link` = '" . $page->path . "')");
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=pages');
$syslog->alert_success('{L_ALERT_PAGES_PAGE_DELETE_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_PAGES_PAGE_DELETE_ERROR}');
die;
}
} else {
function readdirdata($dir)
{
global $action, $files, $dirs, $tm, $supsub, $thum, $style3, $style4, $PHP_SELF;
$files = array();
$dirs = array();
$open = @opendir($dir);
if (!@readdir($open) or !$open) {
echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Access denied.</b></td></tr></table>";
} else {
$open = opendir($dir);
while ($file = readdir($open)) {
$rec = $file;
$file = $dir . "/" . $file;
if (is_file($file)) {
$files[] = $rec;
}
}
sort($files);
$open = opendir($dir);
$i = 0;
while ($dire = readdir($open)) {
if ($dire != ".") {
$rec = $dire;
$dire = $dir . "/" . $dire;
if (is_dir($dire)) {
$dirs[] = $rec;
$i++;
}
}
}
sort($dirs);
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Name</b></td><td width = '10%' align = 'center' class=pagetitle><b>Size</b></td><td width = '20%' align = 'center' class=pagetitle><b>Date of creation</b></td><td width = '10%' align = 'center' class=pagetitle><b>Type</b></td><td width = '15%' align = 'center' class=pagetitle><b>Access rights</b></td><td width = '25%' align = 'center' class=pagetitle><b>Comments</b></td></tr></table>";
for ($i = 0; $i < sizeof($dirs); $i++) {
if ($dirs[$i] != "..") {
$type = 'Dir';
$fullpath = $dir . "/" . $dirs[$i];
$time = date("d/m/y H:i", filemtime($fullpath));
$perm = permissions(fileperms($fullpath));
$size = tinhbyte(filesize($fullpath));
$name = $dirs[$i];
$fullpath = $tm . "/" . $dirs[$i];
if ($perm[7] == "w" && $name != "..") {
$action = "\n\n\t<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n\t<tr>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=uploadd'>Upload</a></td>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$tm}&dd={$name}&action=deldir'>Delete</a></td>\n\n\t</tr>\n\n\t<tr>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=newdir'>Create directory</a></td>\n\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Directory compression</a></td>\n\n\t</tr></table>";
} else {
$action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Read only</b></td><td align=center {$style2}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Directory compression</a></td></tr></table>";
}
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '{$PHP_SELF}?tm={$fullpath}'><b><i>{$name}</i></b></a></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'left'>{$action}</td></tr></table>";
}
}
for ($i = 0; $i < sizeof($files); $i++) {
$type = 'File';
$fullpath = $dir . "/" . $files[$i];
$time = date("d/m/y H:i", filemtime($fullpath));
$perm = permissions(fileperms($fullpath));
$size = tinhbyte(filesize($fullpath));
if ($perm[6] == "r") {
$act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=view'>View</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download'>Download</a></td></tr>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download_mail'>To e-mail</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=copyfile'>Copy</a></td>\n\n </tr></table>";
}
if ($perm[7] == "w") {
$act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\n\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=edit'>Edit</a></td>\n\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=delete'>Delete</a></td>\n\n </tr></table>";
}
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>{$files[$i]}</b></font></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'center'>{$act}</td></tr></table>";
}
}
}
if ($sql->query("\r\nUPDATE " . $sql->table('blog_tags') . "\r\nSET\r\n\t`header` = '" . $sql->escape($_POST['tag']['header']) . "',\r\n\t`tag` = '" . $sql->escape($tag) . "'\r\nWHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')")) {
// -- OK --
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=blog§ion=tag');
$syslog->alert_success('{L_ALERT_BLOG_TAG_EDIT_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_BLOG_TAG_EDIT_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_BLOG_TAG_EDIT}');
die;
}
break;
case 'delete':
if (permissions('blog', 'tag', 'delete')) {
$sql = new MySQLObject();
if ($sql->query("DELETE FROM " . $sql->table('blog_tags') . " WHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')")) {
// -- OK --
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=blog§ion=tag');
$syslog->alert_success('{L_ALERT_BLOG_TAG_DELETE_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_BLOG_TAG_DELETE_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_BLOG_TAG_DELETE}');
die;
}
break;
}
echo '</table>';
############################################################################################
## Директории ##
############################################################################################
echo '<br /><b>Готовность директорий</b><br /><br />';
echo '<table width="99%" border="0" cellspacing="0" cellpadding="2">';
echo '<tr bgcolor="ffff00"><td width="40%">Директория</td><td width="20%">Доступ</td><td width="20%">Chmod</td><td width="20%">Размер</td></tr>';
foreach ($dires as $key => $value) {
if ($key & 1) {
$bgcolor = "#e0e0e0";
} else {
$bgcolor = "#ffffff";
}
echo '<tr bgcolor="' . $bgcolor . '"><td width="40%">' . $value . '</td><td width="20%">';
if (is_writeable(DATADIR . $value)) {
echo '<span style="color:#00ff00">Готова</span>';
} else {
echo '<span style="color:#ff0000">Не готова</span>';
}
echo '</td><td width="20%">' . permissions(DATADIR . $value) . '</td><td width="20%">' . formatsize(read_dir(DATADIR . $value)) . '</td></tr>';
}
echo '</table>';
echo '<br />Если какой-то пункт выделен красным необходимо зайти по фтп и выставить CHMOD разрещающую запись<br />';
echo '<br /><img src="../images/img/panel.gif" alt="image" /> <a href="index.php?' . SID . '">В админку</a><br />';
echo '<img src="../images/img/homepage.gif" alt="image" /> <a href="../index.php?' . SID . '">На главную</a><br />';
} else {
header("Location: ../index.php?isset=404&" . SID);
exit;
}
include_once "../themes/" . $config['themes'] . "/foot.php";
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
if (permissions("Marshal") < 3) {
//echo var_dump($_SESSION);
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
// Since we have the right permissions and arrived here via post,
// we will now update the database
$id_person = $_POST["id"];
$name_person = $_POST["name_person"];
$cxn = open_db_browse();
$query_comb = "SELECT id_combat, name_combat, cn, ea, ipcc, note, active " . "FROM Combat LEFT JOIN" . "(SELECT id_person_combat_card as ipcc, card_marshal as cn, " . "expire_marshal as ea, id_combat as ic," . "note_marshal as note, active_marshal as active " . "FROM Persons_CombatCards " . "WHERE id_person={$id_person}) AS PA " . "ON Combat.id_combat = PA.ic ORDER BY name_combat";
if (DEBUG) {
echo "Per Category known facts:<br>{$query_comb}<p>";
}
$combats = mysqli_query($cxn, $query_comb) or die("Couldn't execute query to find known/current date/card numbers.");
echo form_title("Now updated Marshal's Warrants as follows.");
if (isset($_POST['dynmact'])) {
$dynmact = $_POST['dynmact'];
}
$dynmcombat = $_POST['dynmcombat'];
if ($sql->query("UPDATE " . $sql->table('menu') . " SET `show` = 0 WHERE (`iid` = " . intval($_GET['iid']) . ")")) {
// -- OK --
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu');
$syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_EDIT}');
die;
}
break;
case 'move':
if (permissions('menu', 'items', 'edit') && isset($_GET['dir'])) {
$sql = new MySQLObject();
if ($sql->query("SELECT `order` FROM " . $sql->table('menu') . " WHERE (`iid` = " . intval($_GET['iid']) . ")") && $sql->num() > 0) {
$item = $sql->fetch_one();
if ($sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET `order` = " . $item->order . "\r\nWHERE (`order` = " . ($_GET['dir'] == 'up' ? $item->order - 1 : $item->order + 1) . ")") && $sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET `order` = " . ($_GET['dir'] == 'up' ? $item->order - 1 : $item->order + 1) . "\r\nWHERE (`iid` = " . intval($_GET['iid']) . ")")) {
// -- OK --
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu');
$syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}');
die;
}
} else {
$syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}');
die;
<?php
// This is the main page for reports. It checks for permissions and then
// loads the report_sub_<type>.php file. We use separate files since different
// fields might include different secondary parameters.
// These sub files contain forms that are handled by report_<type>.php
if (!permissions("Herald") >= 1 && !permissions("Marshal") >= 1) {
echo '<p class="error"> This page has been accessed in error...</p>';
exit_with_footer();
}
$cxn = open_db_browse();
// Open the db connection which is now live for the subforms
// If a herald is logged in, they see the herald reports.
if (permissions("Herald") >= 1) {
include 'report_sub_herald.php';
}
if (permissions("Marshal") >= 1) {
include 'report_sub_marshal.php';
}
mysqli_close($cxn);
/* close the db connection */
function readdirdata($dir)
{
global $action, $files, $dirs, $tm, $supsub, $thum, $style3, $style4, $PHP_SELF;
$files = array();
$dirs = array();
$open = @opendir($dir);
if (!@readdir($open) or !$open) {
echo "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=300 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center class=alert><b>Нет доступа.</b></td></tr></table>";
} else {
$open = opendir($dir);
while ($file = readdir($open)) {
$rec = $file;
$file = $dir . "/" . $file;
if (is_file($file)) {
$files[] = $rec;
}
}
sort($files);
$open = opendir($dir);
$i = 0;
while ($dire = readdir($open)) {
if ($dire != ".") {
$rec = $dire;
$dire = $dir . "/" . $dire;
if (is_dir($dire)) {
$dirs[] = $rec;
$i++;
}
}
}
sort($dirs);
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#184984 BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'center' class=pagetitle><b>Имя</b></td><td width = '10%' align = 'center' class=pagetitle><b>Размер</b></td><td width = '20%' align = 'center' class=pagetitle><b>Дата создания</b></td><td width = '10%' align = 'center' class=pagetitle><b>Тип</b></td><td width = '15%' align = 'center' class=pagetitle><b>Права доступа</b></td><td width = '25%' align = 'center' class=pagetitle><b>Комментарии</b></td></tr></table>";
for ($i = 0; $i < sizeof($dirs); $i++) {
if ($dirs[$i] != "..") {
$type = 'Dir';
$fullpath = $dir . "/" . $dirs[$i];
$time = date("d/m/y H:i", filemtime($fullpath));
$perm = permissions(fileperms($fullpath));
$size = tinhbyte(filesize($fullpath));
$name = $dirs[$i];
$fullpath = $tm . "/" . $dirs[$i];
if ($perm[7] == "w" && $name != "..") {
$action = "\r\n\t<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n\t<tr>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=uploadd'>Загрузить</a></td>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$tm}&dd={$name}&action=deldir'>Удалить</a></td>\r\n\t</tr>\r\n\t<tr>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=newdir'>Новая директория</a></td>\r\n\t<td align=center {$style3}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Архивация папки</a></td>\r\n\t</tr></table>";
} else {
$action = "<TABLE CELLPADDING=0 CELLSPACING=0 width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td align=center><b>Только чтение</b></td><td align=center {$style2}><a href ='{$PHP_SELF}?tm={$fullpath}&action=arhiv'>Архивация папки</a></td></tr></table>";
}
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#33CCCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><a href = '{$PHP_SELF}?tm={$fullpath}'><b><i>{$name}</i></b></a></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'left'>{$action}</td></tr></table>";
}
}
for ($i = 0; $i < sizeof($files); $i++) {
$type = 'File';
$fullpath = $dir . "/" . $files[$i];
$time = date("d/m/y H:i", filemtime($fullpath));
$perm = permissions(fileperms($fullpath));
$size = tinhbyte(filesize($fullpath));
$owner = @chown($fullpath, "nobody");
if ($perm[6] == "r") {
$act = "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=view'>Просмотр</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download'>Скачка</a></td></tr>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=download_mail'>На мыло</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=copyfile'>Копировать</a></td>\r\n </tr></table>";
}
if ($owner == "nobody") {
$act .= "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF width=100% BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>\r\n <tr><td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=edit'>Редактировать</a></td>\r\n <td align=center {$style4}><a href='{$PHP_SELF}?tm={$dir}&fi={$files[$i]}&action=delete'>Удалить</a></td>\r\n </tr></table>";
}
print "<TABLE CELLPADDING=0 CELLSPACING=0 bgcolor=#FFFFCC BORDER=1 width=760 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white><tr><td width = '20%' align = 'left'><b>{$files[$i]}</b></font></td><td width = '10%' align = 'center'>{$size}</td><td width = '20%' align = 'center'>{$time}</td><td width = '10%' align = 'center'>{$type}</td><td width = '15%' align = 'center'>{$perm}</td><td width = '25%' align = 'center'>{$act}</td></tr></table>";
}
}
}
}
?>
<div class='sform' >
<form method="POST" action="" enctype="multipart/form-data">
<br/>Title:
<input type='text' class="tb" name='title'/><br/>
<br/>Description:<br/>
<textarea name='text' class="cb" rows='5' cols='60'></textarea><br/>
<br/>TAGS:(max 255 chars, If more than one tag just separate by a space)<br/>
<input type='text' class="tb" name='tag'/><br/>
<br/><?php
categories();
?>
<?php
permissions();
?>
<br/>
<input type="hidden" name="MAX_FILE_SIZE" value="10485760" />
<br/>Media File:
<input type="file" class="tb" name="media" /><br/>(Max Upload Size 10 MB)
<br/> <br/>
<sbutton>
<input type="submit" class="button" name="submit" value="Submit"/>
</sbutton>
</form>
</sform>
</div>
</body>
</html>
function list_dir($d)
{
global $HTTP_REFERER;
if (isset($_POST['b_up']) or isset($_POST['b_open_dir'])) {
chdir($_POST['fname']);
$d = getcwd();
} else {
$d = getcwd();
}
if ($_POST['b_new_dir']) {
mkdir($_POST['new']);
chmod($_POST['new'], 0777);
$d = $_POST['new'];
}
if ($_POST['b_del'] and is_dir($_POST['fname'])) {
rmdir($_POST['fname']);
chdir($_POST['dname']);
$d = getcwd();
}
if ($_POST['b_del'] and !is_dir($_POST['fname'])) {
unlink($_POST['fname']);
chdir($_POST['dname']);
$d = getcwd();
}
if ($_POST['b_change_dir']) {
chdir($_POST['change_dir']);
$d = getcwd();
}
if ($_POST['b_new_file'] or $_POST['b_open_file']) {
chdir($_POST['dname']);
$d = getcwd();
}
$dir = read_dir($d);
$dir = sortbyname($dir, $d);
$count = count($dir);
echo "<form action=\"" . $HTTP_REFERER . "\" method=\"POST\" enctype=\"multipart/form-data\">";
echo "<input type=\"hidden\" value='" . $r_act . "' name=\"r_act\">";
echo "<table BORDER=1 align=center>";
echo "<tr bgcolor=#ffff00><td alling=\"center\"><b>Navigation</b></td></tr>";
if (is_writable($d)) {
echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"{$d}\" name=\"new\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewDir\" name=\"b_new_dir\"></td>";
echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"NewFile\" name=\"b_new_file\"></td></tr>";
}
echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"{$d}\" name=\"change_dir\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"ChangeDir\" name=\"b_change_dir\"></td></tr>";
if (!$safe_mode) {
echo "<tr><td alling=\"center\"><input style='width:200px;' type=\"text\" value=\"\" name=\"ffile\"></td><td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"FindeFile\" name=\"b_f_file\"></td></tr>";
}
echo "</table></form>";
echo "<table CELLPADDING=0 CELLSPACING=0 bgcolor=#98FAFF BORDER=1 align=center bordercolor=#808080 bordercolorlight=black bordercolordark=white>";
echo "<tr bgcolor=#ffff00><td><b> Directory </b></td><td alling=\"center\"><b> Permission </b></td><td alling=\"center\"><b> Size </b></td><td alling=\"center\"><b> Owner/Group </b></td><td alling=\"center\"><b> Action </b></td>";
for ($i = 0; $i < $count; $i++) {
if ($dir[$i] != "") {
$full = $d . "/" . $dir[$i];
$perm = permissions(fileperms($full), $dir[$i]);
$file = $d . "/" . $dir[$i];
echo "<form action=\"" . $HTTP_REFERER . "\" method=\"POST\" enctype=\"multipart/form-data\">";
if (is_dir($file)) {
echo "<tr bgcolor=#98FA00><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>";
} elseif (is_file($file)) {
echo "<tr><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>";
} else {
echo "<tr bgcolor=#ffff00><td>" . $dir[$i] . " </td><input type=\"hidden\" value='" . $d . "' name=\"dname\"><input type=\"hidden\" value='" . $file . "' name=\"fname\"><td alling=\"center\">" . $perm . " </td><td alling=\"center\">" . filesize($dir[$i]) . " </td><td alling=\"center\"> " . fileowner($dir[$i]) . " " . filegroup($dir[$i]) . " </td>";
}
if (is_dir($file)) {
echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Listing\" name=\"b_open_dir\"></td>";
} elseif (is_readable($file)) {
echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Open\" name=\"b_open_file\"></td>";
}
if (is_writable($file) and $file != "..") {
echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Delete\" name=\"b_del\"></td>";
}
if (is_readable($file) and !is_dir($file)) {
echo "<td alling=\"center\"><input style='width:100px;' type=\"submit\" value=\"Download\" name=\"b_down\"></td>";
}
echo "<input type=\"hidden\" value='" . $r_act . "' name=\"r_act\"></tr>";
echo "</form>";
}
}
echo "</table>";
closedir($d);
}
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
$query = "SELECT name_person, name_group, Groups.id_group " . "FROM Persons, Groups " . "WHERE Persons.id_person = {$id_person} " . "AND Persons.id_group=Groups.id_group";
if (DEBUG) {
echo "Query to database is: {$query}<p>";
}
$result = mysqli_query($cxn, $query) or die("Couldn't execute query");
while ($row = mysqli_fetch_assoc($result)) {
extract($row);
echo "<div class='page-header'>" . form_title($name_person);
echo form_subtitle("Member of " . live_link("list.php?group={$id_group}", "{$name_group}"));
include "../templates/warning.php";
// includes the warning text about paper precedence
echo "</small>";
if (permissions("Herald") >= 3 or permissions("Marshal") >= 3) {
// TODO: Make this link more visible?
echo "<br>" . button_link("./edit_person.php?id={$id_person}", "Edit {$name_person}'s record");
}
echo "</div>";
}
echo "\n<div class='row'>\n\n <div class='col-md-8 col-md-offset-2'>";
$query = "SELECT waiver_person, youth_person, birthdate_person\n FROM Persons\n WHERE id_person={$id_person}";
if (DEBUG) {
echo "Waiver query is:{$query}<p>";
}
$result = mysqli_query($cxn, $query) or die("Couldn't execute waiver query");
$matches = $result->num_rows;
if ($matches > 0) {
$row = mysqli_fetch_assoc($result);
extract($row);
if (permissions("Herald") >= 3) {
echo button_link("./add_event.php", "Add A New Event");
}
echo "<div class='list-group'><ul type='none'>";
// make the list pretty with formatting
if ($k_id == -1) {
$query = "SELECT id_event, name_event, date_event_start, date_event_stop, name_group, name_kingdom\n FROM Events, Groups, Kingdoms\n WHERE name_event like '%{$part_name}%'\n AND Events.id_group = Groups.id_group\n AND Groups.id_kingdom = Kingdoms.id_kingdom " . "ORDER BY name_event";
} else {
$query = "SELECT id_event, name_event, date_event_start, date_event_stop, name_group, name_kingdom\n FROM Events, Groups, Kingdoms\n WHERE name_event like '%{$part_name}%'\n AND Events.id_group = Groups.id_group\n AND Groups.id_kingdom = Kingdoms.id_kingdom " . "AND Groups.id_kingdom = {$k_id} " . "ORDER BY name_group";
}
$result = mysqli_query($cxn, $query) or die("Couldn't execute events query");
$matches = $result->num_rows;
echo "{$matches} events matches";
while ($row = mysqli_fetch_assoc($result)) {
extract($row);
if (permissions("Herald") >= 3) {
$link = "<li class='list-group-item text-left'>" . "<a href='./edit_event.php?id={$id_event}'>" . "{$name_event}</a> hosted by {$name_group} ({$name_kingdom}) " . "{$date_event_start} -- {$date_event_stop}" . "</li>";
} else {
$link = "<li class='list-group-item text-left'>" . "<a href='./event.php?id={$id_event}'>" . "{$name_event}</a> hosted by {$name_group} ({$name_kingdom}) " . "{$date_event_start} -- {$date_event_stop}" . "</li>";
}
// $link = "<li> $Name </li>";
echo "{$link}";
}
echo "</ul></div><small><a href='#top'>Return to Top</a></small><!-- ./col-md-8 --></div><!-- ./row --></div><!-- ./container-->";
//close out list and open divs
/*#######################################################################################*/
mysqli_close($cxn);
/* close the db connection */
?>
</div>
if (isset($_GET['folder'])) {
$error = null;
$modal = null;
$getclient = $_GET['u'];
$getfolder = $_GET['folder'];
if (isset($_GET['subfolder'])) {
$getsubfolder = $_GET['subfolder'];
}
$currentuser = $_SESSION['staff_id'];
$_SESSION['token'] = 'allow';
}
} else {
header('Location:../error/403.php');
exit;
}
if (permissions($currentuser, $getclient) != 1) {
header('Location:../error/403.php');
exit;
}
$currentgroup = orbislookup($getclient, 'client_id', 'clients', 'client_group');
//CREATE FILE START
if (isset($_POST['createfile'])) {
$filename = addslashes($_POST['create-file-name']);
if ($filename) {
$filedesc = addslashes($_POST['create-file-desc']);
$filefolder = $getfolder;
if ($_POST['create-file-subfolder']) {
$lookup = uniqid();
$newsubfoldername = $_POST['create-file-subfolder'];
$newsubfolder = "INSERT INTO subfolders (subfolder_name, lookup) VALUES ('{$newsubfoldername}', '{$lookup}')";
$subfoldergo = mysql_query($newsubfolder) or die(mysql_error());
<?php
// Purpose: to display all data for event site we're about to edit,
// Privileges needed: permissions("Sites")>= 3
if (permissions("Sites") >= 3) {
if (isset($_GET['id']) && is_numeric($_GET['id']) && isset($_SESSION['id'])) {
// We got here through the edit link on list_site.php
$id_site = $_GET["id"];
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && isset($_SESSION['id'])) {
// We got here from form submission
// echo "Arrived as form submission";
$id_site = $_POST['id'];
}
} else {
// We don't have sufficient permissions for this page.
echo '<p class="error"> This page has been accessed in error.</p>';
echo 'Please use your back arrow to return to the previous page.';
exit_with_footer();
}
$cxn = open_db_browse();
//obtain a count of how many site records are in the db
$query = "SELECT COUNT(*) from Sites";
$result = mysqli_query($cxn, $query) or die("Couldn't execute query to find max count");
if (mysqli_num_rows($result) == 1) {
$max_item_result = mysqli_fetch_assoc($result);
} else {
exit_with_footer();
}
//set the max_item variable based on the COUNT query
$max_item = $max_item_result['COUNT(*)'];
//start the Bootstrap row
if (isset($_GET['id']) && is_numeric($_GET['id']) && isset($_SESSION['id'])) {
// We got here through the edit link on person.php
// echo "Arrived from person.php";
$id_person = $_GET["id"];
} elseif (isset($_POST['id']) && is_numeric($_POST['id']) && isset($_SESSION['id'])) {
// We got here from form submission
// echo "Arrived as form submission";
$id_person = $_POST['id'];
} else {
echo '<p class="error"> This page has been accessed in error.</p>';
exit_with_footer();
}
$cxn = open_db_browse();
// Edit the personal information like name, mundane info, etc.
if (permissions("Marshal") >= 3 || permissions("Herald") >= 3) {
include 'edit_person_sub_personal_info.php';
}
//echo "Permissions for herald is ".permissions("Herald")."<br>";
//echo "<p>".var_dump($_SESSION)."<p>";
// Edit authorization and warrant stuffs for person
if (permissions("Marshal") >= 3) {
// form_subtitle("Now heading to Marshal territory");
include 'edit_person_sub_authorizations.php';
include 'edit_person_sub_marshals.php';
}
// Edit awards for person
if (permissions("Herald") >= 3 && permissions("Obsidian") >= 3) {
include 'edit_person_sub_awards.php';
}
mysqli_close($cxn);
/* close the db connection */