function blocks_search_edit($row)
{
// Break out options from our content field
$vars = getVarsFrom_search_Content($row);
$search_modules = '';
$d = opendir('includes/search/');
while ($f = readdir($d)) {
if (substr($f, -3, 3) == 'php') {
include 'includes/search/' . $f;
}
}
closedir($d);
$output = new pnHTML();
//$output->TableStart();
$output->TableRowStart();
$output->TableColStart(1, 'left', 'top');
$output->Text(_SEARCH_SHOW_BTN);
$output->TableColEnd();
$output->TableColStart(1, 'left', 'top');
$output->FormCheckbox(_SEARCH_DISPLAY_BTN, $vars[_SEARCH_DISPLAY_BTN], '1', 'checkbox');
$output->TableColEnd();
$output->TableRowEnd();
$output->TableRowStart();
$output->TableColStart(1, 'left', 'top');
$output->Text(_SEARCH_OPTIONS);
$output->TableColEnd();
$output->TableColStart(1, 'left', 'top');
$output->setInputMode(_PNH_VERBATIMINPUT);
foreach ($search_modules as $mods) {
$output->Text($mods['func_opt']($vars));
}
$output->TableColEnd();
$output->TableRowEnd();
// $output->TableEnd();
return $output->getOutput();
}
function modules_adminmenu()
{
$output = new pnHTML();
if (!pnSecAuthAction(0, 'Modules::', '::', ACCESS_ADMIN)) {
$output->Text(_MODULESNOAUTH);
return $output->GetOutput();
}
$output->Text(pnGetStatusMsg());
$output->Linebreak(2);
$output->TableStart(_MODULES);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$columns = array();
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'list')), _LIST);
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'regenerate', array('authid' => pnSecGenAuthKey()))), _REGENERATE);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddRow($columns);
$output->SetInputMode(_PNH_PARSEINPUT);
$output->TableEnd();
return $output->GetOutput();
}
function postcalendar_adminapi_buildAMPMSelect($args)
{
extract($args);
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$options = array();
if (pnModGetVar(__POSTCALENDAR__, 'time24hours')) {
return false;
} else {
$options[0]['id'] = 'AM';
$options[0]['selected'] = '';
$options[0]['name'] = 'AM';
$options[1]['id'] = 'PM';
$options[1]['selected'] = '';
$options[1]['name'] = 'PM';
}
$output->FormSelectMultiple('pc_ampm', $options);
return $output->GetOutput();
}
function search_weblinks()
{
list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
if (empty($active_weblinks)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['links_links_column'];
$query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['url']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_users()
{
list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
if (empty($active_users)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['users_column'];
$query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['uname']} LIKE '{$word}' OR ";
$query .= "{$column['name']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['uname']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// some basic authcheck - might result in a wrong count...
if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
$output = new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = "";
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= " AND (";
$start_flag = true;
}
if ($flag) {
$query .= " OR ";
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ") ";
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= " AND (";
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= " OR ";
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ") ";
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != "") {
if (!$no_flag) {
$query .= " AND (";
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ") ";
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= " AND";
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = "1";
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_author=" . $stories_author;
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= "&bool=" . $bool;
if (isset($q)) {
$url .= "&q=" . $q;
}
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text("<li>");
if (!empty($row['topicid'])) {
$output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - ");
}
if (!empty($row['catid'])) {
$output->Text("<a href=\"modules.php?op=modload&name=News&file=index&catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: ");
}
if ($row['story_title'] == '') {
$row['story_title'] = 'No Title';
}
$output->Text('<i><a class="pn-normal" href="modules.php?op=modload&name=News&file=article&sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* display block
*/
function admin_messages_messagesblock_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!isset($row['title'])) {
$row['title'] = '';
}
if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) {
return;
}
$messagestable = $pntable['message'];
$messagescolumn =& $pntable['message_column'];
if (pnConfigGetVar('multilingual') == 1) {
$currentlang = pnUserGetLang();
$querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')";
} else {
$querylang = '';
}
$sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return;
}
$output = new pnHTML();
while (list($mid, $title, $content, $date, $view) = $result->fields) {
$result->MoveNext();
$show = 0;
if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) {
switch ($view) {
case 1:
// Message for everyone
$show = 1;
break;
case 2:
// Message for users
if (pnUserLoggedIn()) {
$show = 1;
}
break;
case 3:
// Messages for non-users
if (!pnUserLoggedIn()) {
$show = 1;
}
break;
case 4:
// Messages for administrators of any description
if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
$show = 1;
}
break;
}
}
if ($show) {
list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content));
$output->TableStart('', '', 0);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$ttitle = $output->Linebreak();
$ttitle .= $output->Text($title);
$ttitle .= $output->Linebreak(2);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center');
$output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left');
$output->SetInputMode(_PNH_PARSEINPUT);
$output->TableEnd();
}
}
if ($output->output != "") {
// Don't want a title
$row['title'] = '';
$row['content'] = $output->GetOutput();
return themesideblock($row);
}
}
/**
* search events
*/
function postcalendar_user_search()
{
if (!(bool) PC_ACCESS_OVERVIEW) {
return _POSTCALENDARNOAUTH;
}
$tpl = new pcSmarty();
$k = formData("pc_keywords", "R");
//from library/formdata.inc.php
$k_andor = pnVarCleanFromInput('pc_keywords_andor');
$pc_category = pnVarCleanFromInput('pc_category');
$pc_facility = pnVarCleanFromInput('pc_facility');
$pc_topic = pnVarCleanFromInput('pc_topic');
$submit = pnVarCleanFromInput('submit');
$event_dur_hours = pnVarCleanFromInput('event_dur_hours');
$event_dur_minutes = pnVarCleanFromInput('event_dur_minutes');
$start = pnVarCleanFromInput('start');
$end = pnVarCleanFromInput('end');
// get list of categories for the user to choose from
$categories = postcalendar_userapi_getCategories();
$cat_options = '';
foreach ($categories as $category) {
$selected = "";
if ($pc_category == $category[id]) {
$selected = " SELECTED ";
}
//modified 8/09 by BM to allow translation if applicable
$cat_options .= "<option value=\"{$category['id']}\" {$selected}>" . xl_appt_category($category[name]) . "</option>";
}
$tpl->assign_by_ref('CATEGORY_OPTIONS', $cat_options);
$tpl->assign('event_dur_hours', $event_dur_hours);
$tpl->assign('event_dur_minutes', $event_dur_minutes);
// create default start and end dates for the search form
if (isset($start) && $start != "") {
$tpl->assign('DATE_START', $start);
} else {
$tpl->assign('DATE_START', date("m/d/Y"));
}
if (isset($end) && $end != "") {
$tpl->assign('DATE_END', $end);
} else {
$tpl->assign('DATE_END', date("m/d/Y", strtotime("+7 Days", time())));
}
// then override the setting if we have a value from the submitted form
$ProviderID = pnVarCleanFromInput("provider_id");
if (is_numeric($ProviderID)) {
$tpl->assign('ProviderID', $ProviderID);
} elseif ($ProviderID == "_ALL_") {
} else {
$tpl->assign('ProviderID', "");
}
$provinfo = getProviderInfo();
$tpl->assign('providers', $provinfo);
// build a list of provider-options for the select box on the input form -- JRM
$provider_options = "<option value='_ALL_' ";
if ($ProviderID == "_ALL_") {
$provider_options .= " SELECTED ";
}
$provider_options .= ">" . xl('All Providers') . "</option>";
foreach ($provinfo as $provider) {
$selected = "";
// if we don't have a ProviderID chosen, pick the first one from the
// pc_username Session variable
if ($ProviderID == "") {
// that variable stores the 'username' and not the numeric 'id'
if ($_SESSION['pc_username'][0] == $provider['username']) {
$selected = " SELECTED ";
}
} else {
if ($ProviderID == $provider['id']) {
$selected = " SELECTED ";
}
}
$provider_options .= "<option value=\"" . $provider['id'] . "\" " . $selected . ">";
$provider_options .= $provider['lname'] . ", " . $provider['fname'] . "</option>";
}
$tpl->assign_by_ref('PROVIDER_OPTIONS', $provider_options);
// build a list of facility options for the select box on the input form -- JRM
$facilities = getFacilities();
$fac_options = "<option value=''>" . xl('All Facilities') . "</option>";
foreach ($facilities as $facility) {
$selected = "";
if ($facility['id'] == $pc_facility) {
$selected = " SELECTED ";
}
$fac_options .= "<option value=\"" . $facility['id'] . "\" " . $selected . ">";
$fac_options .= $facility['name'] . "</option>";
}
$tpl->assign_by_ref('FACILITY_OPTIONS', $fac_options);
$PatientID = pnVarCleanFromInput("patient_id");
// limit the number of results returned by getPatientPID
// this helps to prevent the server from stalling on a request with
// no PID and thousands of PIDs in the database -- JRM
// the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc
$plistlimit = 500;
if (is_numeric($PatientID)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit)));
} else {
$tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit)));
}
$event_endday = pnVarCleanFromInput("event_endday");
$event_endmonth = pnVarCleanFromInput("event_endmonth");
$event_endyear = pnVarCleanFromInput("event_endyear");
$event_startday = pnVarCleanFromInput("event_startday");
$event_startmonth = pnVarCleanFromInput("event_startmonth");
$event_startyear = pnVarCleanFromInput("event_startyear");
if ($event_startday > $event_endday) {
$event_endday = $event_startday;
}
if ($event_startmonth > $event_endmonth) {
$event_endmonth = $event_startmonth;
}
if ($event_startyear > $event_endyear) {
$event_endyear = $event_startyear;
}
$tpl->assign('patient_id', $PatientID);
$tpl->assign('provider_id', $ProviderID);
$tpl->assign("event_category", pnVarCleanFromInput("event_category"));
$tpl->assign("event_subject", pnVarCleanFromInput("event_subject"));
$output = new pnHTML();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata = $output->FormSelectMultiple('event_startday', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data);
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata = $output->FormSelectMultiple('event_startmonth', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata .= $output->FormSelectMultiple('event_startday', $sel_data);
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear));
$formdata .= $output->FormSelectMultiple('event_startyear', $sel_data);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTimeStart', $formdata);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata = $output->FormSelectMultiple('event_endday', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data);
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata = $output->FormSelectMultiple('event_endmonth', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata .= $output->FormSelectMultiple('event_endday', $sel_data);
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear));
$formdata .= $output->FormSelectMultiple('event_endyear', $sel_data);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTimeEnd', $formdata);
$output = null;
if (_SETTING_DISPLAY_TOPICS) {
$topics = postcalendar_userapi_getTopics();
$top_options = '';
foreach ($topics as $topic) {
$top_options .= "<option value=\"{$topic['id']}\">{$topic['text']}</option>";
}
$tpl->assign_by_ref('TOPIC_OPTIONS', $top_options);
}
//=================================================================
// Find out what Template we're using
//=================================================================
$template_name = _SETTING_TEMPLATE;
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Output the search form
//=================================================================
$tpl->assign('FORM_ACTION', pnModURL(__POSTCALENDAR__, 'user', 'search'));
//=================================================================
// Perform the search if we have data
//=================================================================
if (!empty($submit) && strtolower($submit) == "find first") {
// not sure how we get here...
$searchargs = array();
$searchargs['start'] = pnVarCleanFromInput("event_startmonth") . "/" . pnVarCleanFromInput("event_startday") . "/" . pnVarCleanFromInput("event_startyear");
$searchargs['end'] = pnVarCleanFromInput("event_endmonth") . "/" . pnVarCleanFromInput("event_endday") . "/" . pnVarCleanFromInput("event_endyear");
$searchargs['provider_id'] = pnVarCleanFromInput("provider_id");
$searchargs['faFlag'] = true;
//print_r($searchargs);
//echo "<br />";
//set defaults to current week if empty
if ($searchargs['start'] == "//") {
$searchargs['start'] = date("m/d/Y");
}
if ($searchargs['end'] == "//") {
$searchargs['end'] = date("m/d/Y", strtotime("+7 Days", strtotime($searchargs['start'])));
}
//print_r($searchargs);
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
//print_r($eventsByDate);
$found = findFirstAvailable($eventsByDate);
$tpl->assign('available_times', $found);
//print_r($_POST);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
}
if (!empty($submit) && strtolower($submit) == "listapps") {
// not sure how we get here...
$searchargs = array();
$searchargs['start'] = date("m/d/Y");
$searchargs['end'] = date("m/d/Y", strtotime("+1 year", strtotime($searchargs['start'])));
$searchargs['patient_id'] = pnVarCleanFromInput("patient_id");
$searchargs['listappsFlag'] = true;
$sqlKeywords .= "(a.pc_pid = '" . pnVarCleanFromInput("patient_id") . "' )";
$searchargs['s_keywords'] = $sqlKeywords;
//print_r($searchargs);
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
//print_r($eventsByDate);
$tpl->assign('appointments', $eventsByDate);
//print_r($_POST);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
} elseif (!empty($submit)) {
// we get here by searching via the PostCalendar search
$sqlKeywords = '';
$keywords = explode(' ', $k);
// build our search query
foreach ($keywords as $word) {
if (!empty($sqlKeywords)) {
$sqlKeywords .= " {$k_andor} ";
}
$sqlKeywords .= '(';
$sqlKeywords .= "pd.lname LIKE '%{$word}%' OR ";
$sqlKeywords .= "pd.fname LIKE '%{$word}%' OR ";
$sqlKeywords .= "u.lname LIKE '%{$word}%' OR ";
$sqlKeywords .= "u.fname LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_title LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_hometext LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_location LIKE '%{$word}%'";
$sqlKeywords .= ') ';
}
if (!empty($pc_category)) {
$s_category = "a.pc_catid = '{$pc_category}'";
}
if (!empty($pc_topic)) {
$s_topic = "a.pc_topic = '{$pc_topic}'";
}
$searchargs = array();
if (!empty($sqlKeywords)) {
$searchargs['s_keywords'] = $sqlKeywords;
}
if (!empty($s_category)) {
$searchargs['s_category'] = $s_category;
}
if (!empty($s_topic)) {
$searchargs['s_topic'] = $s_topic;
}
// some new search parameters introduced in the ajax_search form... JRM March 2008
// the ajax_search form has form parameters for 'start' and 'end' already built in
// so use them if available
$tmpDate = pnVarCleanFromInput("start");
if (isset($tmpDate) && $tmpDate != "") {
$searchargs['start'] = pnVarCleanFromInput("start");
} else {
$searchargs['start'] = "//";
}
$tmpDate = pnVarCleanFromInput("end");
if (isset($tmpDate) && $tmpDate != "") {
$searchargs['end'] = pnVarCleanFromInput("end");
} else {
$searchargs['end'] = "//";
}
// we can limit our search by provider -- JRM March 2008
if (isset($ProviderID) && $ProviderID != "") {
// && $ProviderID != "_ALL_") {
$searchargs['provider_id'] = array();
array_push($searchargs['provider_id'], $ProviderID);
}
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
// we can limit our search by facility -- JRM March 2008
if (isset($pc_facility) && $pc_facility != "") {
$searchargs['pc_facility'] = $pc_facility;
}
//print_r($eventsByDate);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
}
$tpl->caching = false;
$tpl->assign('STYLE', $GLOBALS['style']);
$pageSetup =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'pageSetup');
if (pnVarCleanFromInput("no_nav") == 1) {
$return = $pageSetup . $tpl->fetch($template_name . '/user/findfirst.html');
} elseif (pnVarCleanFromInput("no_nav") == 2) {
$return = $pageSetup . $tpl->fetch($template_name . '/user/listapps.html');
} else {
$return = $pageSetup . $tpl->fetch($template_name . '/user/search.html');
}
return $return;
}
/**
* $Id$
*
* PostCalendar::PostNuke Events Calendar Module
* Copyright (C) 2002 The PostCalendar Team
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
function smarty_function_pc_filter($args, &$smarty)
{
extract($args);
unset($args);
if (empty($type)) {
$smarty->trigger_error("pc_filter: missing 'type' parameter");
return;
}
$Date = postcalendar_getDate();
if (!isset($y)) {
$y = substr($Date, 0, 4);
}
if (!isset($m)) {
$m = substr($Date, 4, 2);
}
if (!isset($d)) {
$d = substr($Date, 6, 2);
}
$tplview = pnVarCleanFromInput('tplview');
$viewtype = pnVarCleanFromInput('viewtype');
$pc_username = pnVarCleanFromInput('pc_username');
if (!isset($viewtype)) {
$viewtype = _SETTING_DEFAULT_VIEW;
}
$types = explode(',', $type);
$output = new pnHTML();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$mdir = pnVarPrepForOS($modinfo['directory']);
unset($modinfo);
$pcTemplate = pnVarPrepForOS(_SETTING_TEMPLATE);
if (empty($pcTemplate)) {
$pcTemplate = 'default';
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
//================================================================
// build the username filter pulldown
//================================================================
if (in_array('user', $types)) {
@define('_PC_FORM_USERNAME', true);
$sql = "SELECT DISTINCT users.username, users.lname, users.fname\n\t \t\t\tFROM {$pntable['postcalendar_events']}, users where users.id=pc_aid\n\t\t\t\tORDER BY pc_aid";
$result = $dbconn->Execute($sql);
if ($result !== false) {
$useroptions = "<select multiple='multiple' size='3' name=\"pc_username[]\" class=\"{$class}\">";
$useroptions .= "<option value=\"\" class=\"{$class}\">" . _PC_FILTER_USERS . "</option>";
$selected = $pc_username == '__PC_ALL__' ? 'selected="selected"' : '';
$useroptions .= "<option value=\"__PC_ALL__\" class=\"{$class}\" {$selected}>" . _PC_FILTER_USERS_ALL . "</option>";
for (; !$result->EOF; $result->MoveNext()) {
$sel = $pc_username == $result->fields[0] ? 'selected="selected"' : '';
$useroptions .= "<option value=\"" . $result->fields[0] . "\" {$sel} class=\"{$class}\">" . $result->fields[1] . ", " . $result->fields[2] . "</option>";
}
$useroptions .= '</select>';
$result->Close();
}
}
//================================================================
// build the category filter pulldown
//================================================================
if (in_array('category', $types)) {
@define('_PC_FORM_CATEGORY', true);
$category = pnVarCleanFromInput('pc_category');
$categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
$catoptions = "<select name=\"pc_category\" class=\"{$class}\">";
$catoptions .= "<option value=\"\" class=\"{$class}\">" . _PC_FILTER_CATEGORY . "</option>";
foreach ($categories as $c) {
$sel = $category == $c['id'] ? 'selected="selected"' : '';
$catoptions .= "<option value=\"{$c['id']}\" {$sel} class=\"{$class}\">" . xl_appt_category($c[name]) . "</option>";
}
$catoptions .= '</select>';
}
//================================================================
// build the topic filter pulldown
//================================================================
if (in_array('topic', $types) && _SETTING_DISPLAY_TOPICS) {
@define('_PC_FORM_TOPIC', true);
$topic = pnVarCleanFromInput('pc_topic');
$topics = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getTopics');
$topoptions = "<select name=\"pc_topic\" class=\"{$class}\">";
$topoptions .= "<option value=\"\" class=\"{$class}\">" . _PC_FILTER_TOPIC . "</option>";
foreach ($topics as $t) {
$sel = $topic == $t['id'] ? 'selected="selected"' : '';
$topoptions .= "<option value=\"{$t['id']}\" {$sel} class=\"{$class}\">{$t['text']}</option>";
}
$topoptions .= '</select>';
} else {
$topoptions = '';
}
//================================================================
// build it in the correct order
//================================================================
if (!isset($label)) {
$label = _PC_TPL_VIEW_SUBMIT;
}
$submit = "<input type=\"submit\" valign=\"middle\" name=\"submit\" value=\"{$label}\" class=\"{$class}\" />";
$orderArray = array('user' => $useroptions, 'category' => $catoptions, 'topic' => $topoptions, 'jump' => $submit);
if (isset($order)) {
$newOrder = array();
$order = explode(',', $order);
foreach ($order as $tmp_order) {
array_push($newOrder, $orderArray[$tmp_order]);
}
foreach ($orderArray as $key => $old_order) {
if (!in_array($key, $newOrder)) {
array_push($newOrder, $orderArray[$old_order]);
}
}
$order = $newOrder;
} else {
$order = $orderArray;
}
foreach ($order as $element) {
echo $element;
}
if (!in_array('user', $types)) {
echo $output->FormHidden('pc_username', $pc_username);
}
}
/**
* $Id$
*
* PostCalendar::PostNuke Events Calendar Module
* Copyright (C) 2002 The PostCalendar Team
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
function smarty_function_pc_date_select($args)
{
$print = pnVarCleanFromInput('print');
$tplview = pnVarCleanFromInput('tplview');
$viewtype = pnVarCleanFromInput('viewtype');
if (!isset($viewtype)) {
$viewtype = _SETTING_DEFAULT_VIEW;
}
$Date = postcalendar_getDate();
if (!isset($y)) {
$y = substr($Date, 0, 4);
}
if (!isset($m)) {
$m = substr($Date, 4, 2);
}
if (!isset($d)) {
$d = substr($Date, 6, 2);
}
if (!isset($args['day']) || strtolower($args['day']) == 'on') {
$args['day'] = true;
@define('_PC_FORM_DATE', true);
} else {
$args['day'] = false;
}
if (!isset($args['month']) || strtolower($args['month']) == 'on') {
$args['month'] = true;
@define('_PC_FORM_DATE', true);
} else {
$args['month'] = false;
}
if (!isset($args['year']) || strtolower($args['year']) == 'on') {
$args['year'] = true;
@define('_PC_FORM_DATE', true);
} else {
$args['year'] = false;
}
if (!isset($args['view']) || strtolower($args['view']) == 'on') {
$args['view'] = true;
@define('_PC_FORM_VIEW_TYPE', true);
} else {
$args['view'] = false;
}
$dayselect = $monthselect = $yearselect = $viewselect = '';
$output = new pnHTML();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if ($args['day'] === true) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $d));
$dayselect = $output->FormSelectMultiple('jumpday', $sel_data);
}
if ($args['month'] === true) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $m));
$monthselect = $output->FormSelectMultiple('jumpmonth', $sel_data);
}
if ($args['year'] === true) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $y));
$yearselect = $output->FormSelectMultiple('jumpyear', $sel_data);
}
if ($args['view'] === true) {
$sel_data = array();
$sel_data[0]['id'] = 'day';
$sel_data[0]['selected'] = $viewtype == 'day';
$sel_data[0]['name'] = _CAL_DAYVIEW;
$sel_data[1]['id'] = 'week';
$sel_data[1]['selected'] = $viewtype == 'week';
$sel_data[1]['name'] = _CAL_WEEKVIEW;
$sel_data[2]['id'] = 'month';
$sel_data[2]['selected'] = $viewtype == 'month';
$sel_data[2]['name'] = _CAL_MONTHVIEW;
$sel_data[3]['id'] = 'year';
$sel_data[3]['selected'] = $viewtype == 'year';
$sel_data[3]['name'] = _CAL_YEARVIEW;
$viewselect = $output->FormSelectMultiple('viewtype', $sel_data);
}
if (!isset($args['label'])) {
$args['label'] = _PC_JUMP_MENU_SUBMIT;
}
$jumpsubmit = '<input type="submit" valign="middle" name="submit" value="' . $args['label'] . '" />';
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$orderArray = array('day' => $dayselect, 'month' => $monthselect, 'year' => $yearselect, 'view' => $viewselect, 'jump' => $jumpsubmit);
if (isset($args['order'])) {
$newOrder = array();
$order = explode(',', $args['order']);
foreach ($order as $tmp_order) {
array_push($newOrder, $orderArray[$tmp_order]);
}
foreach ($orderArray as $key => $old_order) {
if (!in_array($key, $newOrder)) {
array_push($newOrder, $orderArray[$old_order]);
}
}
$order = $newOrder;
} else {
$order = $orderArray;
}
foreach ($order as $element) {
echo $element;
}
}
function dplink_adminmenu()
{
$theme = pnUserGetTheme();
pnThemeLoad($theme);
// Create output object
$output = new pnHTML();
// Security check
if (!pnSecAuthAction(0, 'dplink::', '::', ACCESS_ADMIN)) {
$output->Text(pnVarPrepHTMLDisplay(_SHIMLINKNOAUTH));
return $output->GetOutput();
}
//Title
ob_start();
OpenTable();
$oTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($oTable);
$output->Title(pnVarPrepHTMLDisplay('<b>' . _SHIMLINK . '</b>'));
$output->Text(pnVarPrepHTMLDisplay(_SHIMLINKMODIFYCONFIG));
ob_start();
CloseTable();
$cTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($cTable);
// Start form
$output->FormStart(pnModURL('dplink', 'admin', 'updateconfig'));
// Add an authorisation ID
$output->FormHidden('authid', pnSecGenAuthKey());
// Start the table that holds the information to be modified.
ob_start();
OpenTable();
$oTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($oTable);
$output->TableStart();
// dplink location
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(pnVarPrepHTMLDisplay(_MODSUBJECT));
$row[] = $output->FormText('url', pnModGetVar('dplink', 'url'), 50, 50);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddrow($row, 'left');
// Warning
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWARNING));
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddrow($row, 'left');
// Use I-frame
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWRAP));
$row[] = $output->FormCheckbox('use_wrap', pnModGetVar('dplink', 'use_wrap'));
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddrow($row, 'left');
// Open in New >Window
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWINDOW));
$row[] = $output->FormCheckbox('use_window', pnModGetVar('dplink', 'use_window'));
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddrow($row, 'left');
$output->TableEnd();
ob_start();
CloseTable();
$cTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($cTable);
// End form
//$output->Linebreak(1);
ob_start();
OpenTable();
$oTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($oTable);
$output->Text('<div align="center"><br>');
$output->FormSubmit(pnVarPrepHTMLDisplay(_SHIMLINKUPDATE));
$output->Text('<br><br></div>');
ob_start();
CloseTable();
$cTable = ob_get_contents();
ob_end_clean();
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text($cTable);
$output->FormEnd();
// Return the output that has been generated by this function
$output->SetOutputMode(_PNH_KEEPOUTPUT);
return $output->GetOutput();
}
/**
* Main administration menu
*/
function template_adminmenu()
{
// Create output object - this object will store all of our output so that
// we can return it easily when required
$output = new pnHTML();
// Display status message if any. Note that in future this functionality
// will probably be in the theme rather than in this menu, but this is the
// best place to keep it for now
$output->Text(pnGetStatusMsg());
$output->Linebreak(2);
// Start options menu
$output->TableStart(_TEMPLATE);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
// Menu options. These options are all added in a single row, to add
// multiple rows of options the code below would just be repeated
$columns = array();
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'new')), _NEWTEMPLATE);
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'view')), _VIEWTEMPLATE);
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modifyconfig')), _EDITTEMPLATECONFIG);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddRow($columns);
$output->SetInputMode(_PNH_PARSEINPUT);
$output->TableEnd();
// Return the output that has been generated by this function
return $output->GetOutput();
}
function search_sections()
{
list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q');
if (empty($active_sections)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$seccol =& $pntable['seccont_column'];
$query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n FROM {$pntable['seccont']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$seccol['title']} LIKE '{$word}' OR \n";
$query .= "{$seccol['content']} LIKE '{$word}')\n";
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')";
}
$query .= " ORDER BY {$seccol['artid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_sections=1&bool={$bool}&q={$q}";
$output->Text('<ul>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we know about the section id so let's get the section name
$column2 =& $pntable['sections_column'];
$result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
list($secname) = $result2->fields;
if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid={$row['id']}\">{$row['title']}</a><br></li>");
}
$result->MoveNext();
}
$output->Text('</ul>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function search_faqs()
{
list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
if (empty($active_faqs)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['faqanswer_column'];
$faqcatcol =& $pntable['faqcategories_column'];
$query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// faqs
$query .= "{$column['question']} LIKE '{$word}' OR \n";
$query .= "{$column['answer']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
}
$query .= " ORDER BY {$column['id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>");
}
$result->MoveNext();
}
$output->Text('</ul>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function postcalendar_admin_categoryLimitsUpdate()
{
if (!PC_ACCESS_ADMIN) {
return _POSTCALENDAR_NOAUTH;
}
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit');
$updates = array();
if (isset($id)) {
foreach ($id as $k => $i) {
$found = false;
if (count($del)) {
foreach ($del as $d) {
if ($i == $d) {
$found = true;
break;
}
}
}
if (!$found) {
$start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0));
$end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0));
$update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}";
array_push($updates, $update_sql);
}
}
}
$dels = implode(",", $del);
$delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})";
$e = $msg = '';
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) {
$e .= 'UPDATE FAILED';
}
if (isset($dels)) {
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) {
$e .= 'DELETE FAILED';
}
}
if (isset($newLimit) && $newLimit > 0) {
$start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0));
$end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0));
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) {
$e .= 'INSERT FAILED';
}
}
if (empty($e)) {
$msg = 'DONE';
}
$output->Text(postcalendar_admin_categoryLimits($msg, $e));
return $output->GetOutput();
}
/**
* composite function for generic confirmation of action
*
* @param string $confirm_text Confirmation message to display
* @param string $confirm_url URL to go to if confirm button is clicked
* @param string $cancel_text Link text cor the cancel message
* @param string $cancel_url URL to go to is action is canceled
* @param array $arg An array of args to create hidden fields for
*
* @access public
*/
function ConfirmAction($confirm_text, $confirm_url, $cancel_text, $cancel_url, $arg = array())
{
$compoutput = new pnHTML();
$compoutput->FormStart($confirm_url);
$compoutput->Text($confirm_text);
$compoutput->Linebreak(2);
$arg['confirm'] = 1;
$arg['authid'] = pnSecGenAuthKey();
$arg['confirmation'] = 1;
$compoutput->FormHidden($arg);
$compoutput->FormSubmit(_CONFIRM);
$compoutput->Linebreak(2);
$compoutput->URL($cancel_url, $cancel_text);
$compoutput->FormEnd();
if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) {
$compoutput->SetOutputMode(_PNH_RETURNOUTPUT);
return $compoutput->PrintPage();
} else {
$compoutput->SetOutputMode(_PNH_RETURNOUTPUT);
$this->output .= $compoutput->GetOutput();
}
}
/**
* postcalendar_userapi_buildSubmitForm()
* create event submit form
*/
function postcalendar_userapi_buildSubmitForm($args, $admin = false)
{
$_SESSION['category'] = "";
if (!PC_ACCESS_ADD) {
return _POSTCALENDARNOAUTH;
}
extract($args);
unset($args);
//since we seem to clobber category
$cat = $category;
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
// set up Smarty
$tpl = new pcSmarty();
$tpl->caching = false;
$template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate');
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Setup the correct config file path for the templates
//=================================================================
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$modir = pnVarPrepForOS($modinfo['directory']);
$modname = $modinfo['displayname'];
$all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
//print_r($all_categories);
unset($modinfo);
$tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/";
//=================================================================
// PARSE MAIN
//=================================================================
$tpl->assign('webroot', $GLOBALS['web_root']);
$tpl->assign_by_ref('TPL_NAME', $template_name);
$tpl->assign('FUNCTION', pnVarCleanFromInput('func'));
$tpl->assign_by_ref('ModuleName', $modname);
$tpl->assign_by_ref('ModuleDirectory', $modir);
$tpl->assign_by_ref('category', $all_categories);
$tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER);
$tpl->assign('EventTitle', _PC_EVENT_TITLE);
$tpl->assign('Required', _PC_REQUIRED);
$tpl->assign('DateTimeTitle', _PC_DATE_TIME);
$tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT);
$tpl->assign('TimedEventTitle', _PC_TIMED_EVENT);
$tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION);
$tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS);
$tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES);
$tpl->assign('EventDescTitle', _PC_EVENT_DESC);
//the double book variable comes from the eventdata array that is
//passed here and extracted, injection is not an issue here
if (is_numeric($double_book)) {
$tpl->assign('double_book', $double_book);
}
//pennfirm begin patient info handling
$ProviderID = pnVarCleanFromInput("provider_id");
if (is_numeric($ProviderID)) {
$tpl->assign('ProviderID', $ProviderID);
$tpl->assign('provider_id', $ProviderID);
} elseif (is_numeric($event_userid) && $event_userid != 0) {
$tpl->assign('ProviderID', $event_userid);
$tpl->assign('provider_id', $event_userid);
} else {
if ($_SESSION['userauthorized'] == 1) {
$tpl->assign('ProviderID', $_SESSION['authUserID']);
} else {
$tpl->assign('ProviderID', "");
}
}
$provinfo = getProviderInfo();
$tpl->assign('providers', $provinfo);
$PatientID = pnVarCleanFromInput("patient_id");
// limit the number of results returned by getPatientPID
// this helps to prevent the server from stalling on a request with
// no PID and thousands of PIDs in the database -- JRM
// the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc
$plistlimit = 500;
if (is_numeric($PatientID)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit)));
} elseif (is_numeric($event_pid)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit)));
} else {
$tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit)));
}
$tpl->assign('event_pid', $event_pid);
$tpl->assign('event_aid', $event_aid);
$tpl->assign('event_category', pnVarCleanFromInput("event_category"));
if (empty($event_patient_name)) {
$patient_data = getPatientData($event_pid, $given = "lname, fname");
$event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname'];
}
$tpl->assign('patient_value', $event_patient_name);
//=================================================================
// PARSE INPUT_EVENT_TITLE
//=================================================================
$tpl->assign('InputEventTitle', 'event_subject');
$tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject));
//=================================================================
// PARSE SELECT_DATE_TIME
//=================================================================
// It seems that with Mozilla at least, <select> fields that are disabled
// do not get passed as form data. Therefore we ignore $double_book so
// that the fields will not be disabled. -- Rod 2005-03-22
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear));
$formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTime', $formdata);
$tpl->assign('InputAllday', 'event_allday');
$tpl->assign('ValueAllday', '1');
$tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : '');
$tpl->assign('InputTimed', 'event_allday');
$tpl->assign('ValueTimed', '0');
$tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : '');
$tpl->assign('STYLE', $GLOBALS['style']);
//=================================================================
// PARSE SELECT_END_DATE_TIME
//=================================================================
$output->SetOutputMode(_PNH_RETURNOUTPUT);
//if there is no end date we want the box to read todays date instead of jan 01 1994 :)
if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) {
$event_endmonth = $month;
$event_endday = $day;
$event_endyear = $year;
}
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear));
$formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectEndDate', $formdata);
//=================================================================
// PARSE SELECT_TIMED_EVENT
//=================================================================
$stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem));
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, '');
$timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, '');
if (!_SETTING_TIME_24HOUR) {
$ampm = array();
$ampm[0]['id'] = pnVarPrepForStore(_AM_VAL);
$ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM);
$ampm[1]['id'] = pnVarPrepForStore(_PM_VAL);
$ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM);
if ($event_startampm == "AM" || $event_startampm == _AM_VAL) {
$ampm[0]['selected'] = 1;
} else {
$ampm[1]['selected'] = 1;
}
$timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, '');
} else {
$timed_ampm = '';
}
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectTimedHours', $timed_hours);
$tpl->assign('SelectTimedMinutes', $timed_minutes);
$tpl->assign('SelectTimedAMPM', $timed_ampm);
$tpl->assign('event_startday', $event_startday);
$tpl->assign('event_startmonth', $event_startmonth);
$tpl->assign('event_startyear', $event_startyear);
$tpl->assign('event_starttimeh', $event_starttimeh);
$tpl->assign('event_starttimem', $event_starttimem);
$tpl->assign('event_startampm', $event_startampm);
$tpl->assign('event_dur_hours', $event_dur_hours);
$tpl->assign('event_dur_minutes', $event_dur_minutes);
//=================================================================
// PARSE SELECT_DURATION
//=================================================================
$event_dur_hours = (int) $event_dur_hours;
for ($i = 0; $i <= 24; $i += 1) {
$TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
}
$tpl->assign('TimedDurationHours', $TimedDurationHours);
$tpl->assign('InputTimedDurationHours', 'event_dur_hours');
$found_time = false;
for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) {
$TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
if ($TimedDurationMinutes[$i]['selected'] == 'selected') {
$found_time = true;
}
}
if (!$found_time) {
$TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes));
}
$tpl->assign('TimedDurationMinutes', $TimedDurationMinutes);
$tpl->assign('hidden_event_dur_minutes', $event_dur_minutes);
$tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes');
//=================================================================
// PARSE INPUT_EVENT_DESC
//=================================================================
$tpl->assign('InputEventDesc', 'event_desc');
if (empty($pc_html_or_text)) {
$display_type = substr($event_desc, 0, 6);
if ($display_type == ':text:') {
$pc_html_or_text = 'text';
$event_desc = substr($event_desc, 6);
} elseif ($display_type == ':html:') {
$pc_html_or_text = 'html';
$event_desc = substr($event_desc, 6);
} else {
$pc_html_or_text = 'text';
}
unset($display_type);
}
$tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc));
$eventHTMLorText = "<select name=\"pc_html_or_text\">";
if ($pc_html_or_text == 'text') {
$eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>";
} else {
$eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>";
}
if ($pc_html_or_text == 'html') {
$eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>";
} else {
$eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>";
}
$eventHTMLorText .= "</select>";
$tpl->assign('EventHTMLorText', $eventHTMLorText);
//=================================================================
// PARSE select_event_topic_block
//=================================================================
$tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS);
if ((bool) _SETTING_DISPLAY_TOPICS) {
$a_topics =& postcalendar_userapi_getTopics();
$topics = array();
foreach ($a_topics as $topic) {
array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text']));
}
unset($a_topics);
// only show this if we have topics to show
if (count($topics) > 0) {
$tpl->assign('topics', $topics);
$tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC);
$tpl->assign('InputEventTopic', 'event_topic');
}
}
//=================================================================
// PARSE select_event_type_block
//=================================================================
$categories = array();
foreach ($all_categories as $category) {
array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc']));
}
// only show this if we have categories to show
// you should ALWAYS have at least one valid category
if (count($categories) > 0) {
$tpl->assign('categories', $categories);
$tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY);
$tpl->assign('InputEventCategory', 'event_category');
$tpl->assign('hidden_event_category', $event_category);
}
//=================================================================
// PARSE event_sharing_block
//=================================================================
$data = array();
if (_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE));
array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC));
array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY));
}
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL));
}
$sharing = array();
foreach ($data as $cell) {
array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1]));
}
//pennfirm get list of providers from openemr code in calendar.inc
$tpl->assign("user", getCalendarProviderInfo());
$tpl->assign('sharing', $sharing);
$tpl->assign('EventSharingTitle', _PC_SHARING);
$tpl->assign('InputEventSharing', 'event_sharing');
//=================================================================
// location information
//=================================================================
$tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION);
$tpl->assign('InputLocation', 'event_location');
$tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location));
$tpl->assign('EventStreetTitle', _PC_EVENT_STREET);
$tpl->assign('InputStreet1', 'event_street1');
$tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1));
$tpl->assign('InputStreet2', 'event_street2');
$tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2));
$tpl->assign('EventCityTitle', _PC_EVENT_CITY);
$tpl->assign('InputCity', 'event_city');
$tpl->assign('ValueCity', pnVarPrepForDisplay($event_city));
$tpl->assign('EventStateTitle', _PC_EVENT_STATE);
$tpl->assign('InputState', 'event_state');
$tpl->assign('ValueState', pnVarPrepForDisplay($event_state));
$tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL);
$tpl->assign('InputPostal', 'event_postal');
$tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal));
//=================================================================
// contact information
//=================================================================
$tpl->assign('EventContactTitle', _PC_EVENT_CONTACT);
$tpl->assign('InputContact', 'event_contname');
$tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname));
$tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE);
$tpl->assign('InputPhone', 'event_conttel');
$tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel));
$tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL);
$tpl->assign('InputEmail', 'event_contemail');
$tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail));
$tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE);
$tpl->assign('InputWebsite', 'event_website');
$tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website));
$tpl->assign('EventFeeTitle', _PC_EVENT_FEE);
$tpl->assign('InputFee', 'event_fee');
$tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee));
//=================================================================
// Repeating Information
//=================================================================
$tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER);
$tpl->assign('NoRepeatTitle', _PC_NO_REPEAT);
$tpl->assign('RepeatTitle', _PC_REPEAT);
$tpl->assign('RepeatOnTitle', _PC_REPEAT_ON);
$tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH);
$tpl->assign('EndDateTitle', _PC_END_DATE);
$tpl->assign('NoEndDateTitle', _PC_NO_END);
$tpl->assign('InputNoRepeat', 'event_repeat');
$tpl->assign('ValueNoRepeat', '0');
$tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : '');
$tpl->assign('InputRepeat', 'event_repeat');
$tpl->assign('ValueRepeat', '1');
$tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH);
$keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH);
$repeat_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreq', 'event_repeat_freq');
if (empty($event_repeat_freq) || $event_repeat_freq < 1) {
$event_repeat_freq = 1;
}
$tpl->assign('InputRepeatFreqVal', $event_repeat_freq);
$tpl->assign('repeat_freq', $repeat_freq);
unset($in);
$in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR);
$keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR);
$repeat_freq_type = array();
foreach ($in as $k => $v) {
array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type');
$tpl->assign('repeat_freq_type', $repeat_freq_type);
$tpl->assign('InputRepeatOn', 'event_repeat');
$tpl->assign('ValueRepeatOn', '2');
$tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST);
$keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST);
$repeat_on_num = array();
foreach ($in as $k => $v) {
array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnNum', 'event_repeat_on_num');
$tpl->assign('repeat_on_num', $repeat_on_num);
unset($in);
$in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT);
$keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT);
$repeat_on_day = array();
foreach ($in as $k => $v) {
array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnDay', 'event_repeat_on_day');
$tpl->assign('repeat_on_day', $repeat_on_day);
unset($in);
$in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR);
$keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR);
$repeat_on_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq');
if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) {
$event_repeat_on_freq = 1;
}
$tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq);
$tpl->assign('repeat_on_freq', $repeat_on_freq);
$tpl->assign('MonthsTitle', _PC_MONTHS);
//=================================================================
// PARSE INPUT_END_DATE
//=================================================================
$tpl->assign('InputEndOn', 'event_endtype');
$tpl->assign('ValueEndOn', '1');
$tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : '');
//=================================================================
// PARSE INPUT_NO_END
//=================================================================
$tpl->assign('InputNoEnd', 'event_endtype');
$tpl->assign('ValueNoEnd', '0');
$tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : '');
$qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']);
$tpl->assign('qstring', $qstring);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$authkey = $output->FormHidden('authid', pnSecGenAuthKey());
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />";
if (isset($data_loaded)) {
$form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />";
$tpl->assign('FormHidden', $form_hidden);
}
$form_submit = '<input type=hidden name="form_action" value="commit"/>
' . $authkey . '<input type="submit" name="submit" value="go">';
$tpl->assign('FormSubmit', $form_submit);
// do not cache this page
if ($admin) {
$output->Text($tpl->fetch($template_name . '/admin/submit.html'));
} elseif (pnVarCleanFromInput("no_nav") == 1) {
$output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html'));
} else {
$output->Text($tpl->fetch($template_name . '/user/submit.html'));
}
$output->Text(postcalendar_footer());
return $output->GetOutput();
}
function search_comments()
{
list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
if (empty($active_comments)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['comments_column'];
$query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
$query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['subject']} LIKE '{$word}' OR ";
$query .= "{$column['comment']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['subject']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if ($row[pid] != 0) {
// comment with parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>");
} else {
// comment without parent posting
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* modify block settings
*/
function template_firstblock_modify($blockinfo)
{
// Create output object
$output = new pnHTML();
// Get current content
$vars = pnBlockVarsFromContent($blockinfo['content']);
// Defaults
if (empty($vars['numitems'])) {
$vars['numitems'] = 5;
}
// Create row
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(_NUMITEMS);
$row[] = $output->FormText('numitems', pnVarPrepForDisplay($vars['numitems']), 5, 5);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
// Add row
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddRow($row, 'left');
$output->SetInputMode(_PNH_PARSEINPUT);
// Return output
return $output->GetOutput();
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['name']} LIKE '{$word}' OR \n";
$query .= "{$column['homepage']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
}
if (empty($file)) {
$file = "index";
}
include 'includes/legacy.php';
switch ($op) {
case 'modload':
define("LOADED_AS_MODULE", "1");
// added for the module/system seperation [class007]
if (file_exists('modules/' . pnVarPrepForOS($name) . '/' . pnVarPrepForOS($file) . '.php')) {
include 'modules/' . pnVarPrepForOS($name) . '/' . pnVarPrepForOS($file) . '.php';
} else {
// Failed to load the module
$output = new pnHTML();
//$output->StartPage();
$output->Text('Failed to load module ' . $module);
$output->EndPage();
$output->PrintPage();
exit;
}
break;
default:
// Failed to load the module
$output = new pnHTML();
//$output->StartPage();
$output->Text('Sorry, you cannot access this file directly...');
$output->EndPage();
$output->PrintPage();
break;
}
}
function search_reviews()
{
list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q');
if (empty($active_reviews)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$revcol =& $pntable['reviews_column'];
$comcol =& $pntable['reviews_comments_column'];
$query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// reviews
$query .= "{$revcol['title']} LIKE '{$word}' OR \n";
$query .= "{$revcol['text']} LIKE '{$word}' OR \n";
$query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n";
$query .= "{$revcol['cover']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url']} LIKE '{$word}' OR \n";
$query .= "{$revcol['url_title']} LIKE '{$word}' OR \n";
// reviews_comments
$query .= "{$comcol['comments']} LIKE '{$word}'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')";
}
$query .= " ORDER BY {$revcol['date']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
