case "ingest":
$db = new Querier();
// check if we already have a record like this
$our_id = scrubData($_REQUEST["foreign_id"]);
$qcheck = "SELECT video_id FROM video WHERE foreign_id = '" . $our_id . "'";
//print $qcheck;
$rcheck = $db->query($qcheck);
if (count($rcheck) == 0) {
$qinsert = "INSERT INTO video (title, description, source, foreign_id, duration, date, display)\n values(\"" . $_POST["title"] . "\", \"" . $_POST["description"] . "\", \"" . $_POST["source"] . "\", \"" . $_POST["foreign_id"] . "\", \"" . $_POST["duration"] . "\", \"" . $_POST["upload_date"] . "\",\n 1 \n )";
// print_r ($qinsert);
$rinsert = $db->exec($qinsert);
$video_id = $db->last_id();
} else {
// Do an update
$db = new Querier();
$qupdate = "UPDATE video \n SET title = " . $db->quote(scrubData($_POST['title'])) . ",\n description = " . $db->quote(scrubData($_POST['description'], 'richtext')) . ",\n source = " . $db->quote(scrubData($_POST['source'])) . " ,\n foreign_id = " . $db->quote(scrubData($_POST['foreign_id'])) . ",\n duration = " . $db->quote(scrubData($_POST['duration'])) . " ,\n date = " . $db->quote(scrubData($_POST['upload_date'])) . " ,\n WHERE foreign_id = " . $our_id;
//print_r ($qupdate);
$rupdate = $db->exec($qupdate);
$video_id = $rupdate[0];
}
// insert/update image
// get small thumbnail
$image = curl_get($_POST["thumbnail_small"]);
//$image = file_get_contents($_POST["thumbnail_small"]);
$new_image = "../../assets/images/video_thumbs/" . $video_id . "_small.jpg";
file_put_contents($new_image, $image);
// get medium thumbnail (actually the youtube one is pretty large)
$image = curl_get($_POST["thumbnail_medium"]);
//$image = file_get_contents($_POST["thumbnail_medium"]);
$new_image = "../../assets/images/video_thumbs/" . $video_id . "_medium.jpg";
file_put_contents($new_image, $image);
$feedback = $record->getMessage();
} else {
$feedback = "There is no record by that ID.";
}
}
if (isset($_POST["submit_record"])) {
// 1. Make sure we have minimum non-dupe data
// 1a. Make sure there is a title, location, and subject
if ($_POST["title"] == "" || $_POST["location"][0] == "" || $_POST["subject"][0] == "") {
echo "<div class=\"feedback\">" . _("You must have a title, location, and subject. Please go back and fix these omissions. And turn on JavaScript, for goodness sakes!") . "</div><br /><br />";
exit;
}
// 1b. IF THIS IS AN INSERT make sure the title isn't an exact dupe
if ($_POST["title_id"] == "") {
$db = new Querier();
$qDupe = "SELECT title_id, title FROM title WHERE title LIKE " . $db->quote($_POST["title"]);
$dupetitleArray = $db->query($qDupe);
if ($dupetitleArray) {
echo _("There is already a record with this title: ") . "<a href=\"record.php?record_id=" . $dupetitleArray[0] . "\">" . $dupetitleArray[1] . "</a>. " . _("Maybe do a search and make sure it doesn't already exist?");
return FALSE;
}
}
// Submit form
$record = new Record($_POST["title_id"], "post");
//////////////////////////////////
// Is this an Insert or an update?
//////////////////////////////////
if ($_POST["title_id"] == "") {
$record->insertRecord();
$ok_record_id = $record->getRecordId();
} else {
*/
use SubjectsPlus\Control\Querier;
$subsubcat = "";
$subcat = "admin";
$page_title = "Admin Departments";
$feedback = "";
//print_r($_POST);
include "../includes/header.php";
include "../includes/autoloader.php";
// Connect to database
$db = new Querier();
if (isset($_POST["add_department"])) {
////////////////
// Insert title table
////////////////
$qInsertDept = "INSERT INTO department (name, telephone, department_sort, email, url) VALUES (\n\t\t" . $db->quote(scrubData($_POST["department"])) . ", \n\t\t" . $db->quote(scrubData($_POST["telephone"])) . ", \n\t\t0,\n " . $db->quote(scrubData($_POST["email"])) . ", \n " . $db->quote(scrubData($_POST["url"])) . "\n\t\t)";
$rInsertDept = $db->exec($qInsertDept);
if ($rInsertDept) {
$feedback = _("Thy Will Be Done. Department list updated.");
} else {
$feedback = _("Thwarted! Something has gone wrong with insert. Contact the admin.");
}
}
if (isset($_POST["update_departments"])) {
//////////////////////////////////
// Get the new dept data + sort order
//////////////////////////////////
// wipe out existing departments
//////////////////////
// Create new array of results
/////////////////////
function writeTable($qualifier, $subject_id = '', $description_search = 0)
{
global $IconPath;
global $proxyURL;
$db = new Querier();
// sanitize submission
$subject_id = scrubData($subject_id);
// Prepare conditions
$condition1 = "";
$condition2 = "";
$condition3 = "";
switch ($qualifier) {
case "Num":
$condition1 = "WHERE left(title, 1) REGEXP '[[:digit:]]+'";
$condition2 = "WHERE left(alternate_title, 1) REGEXP '[[:digit:]]+'";
break;
case "All":
$condition1 = "WHERE title != ''";
$condition2 = "WHERE alternate_title != ''";
break;
case "bysub":
if (isset($subject_id)) {
//get title ids in pluslets' resource token connected to subject
$lobjGuide = new Guide($subject_id);
$lobjTitleIds = $lobjGuide->getRelatedTitles();
$condition1 = "WHERE (subject_id = {$subject_id}";
$condition1 .= count($lobjTitleIds) > 0 ? "\nOR t.title_id IN (" . implode(',', $lobjTitleIds) . ")" : "";
$condition1 .= ")";
$condition2 = "WHERE subject_id = {$subject_id}";
} else {
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" . $qualifier . "%");
}
break;
case "bytype":
if (isset($_GET["type"])) {
$condition1 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"]));
$condition2 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"]));
$condition3 = "and alternate_title NOT NULL";
}
break;
case "search":
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
// If you uncomment the next line, it will search description field
$condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%");
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%");
break;
default:
// This is the simple output by letter and also the search
if (strlen($qualifier) == 1) {
// Is like the first letter
$condition1 = "WHERE title LIKE " . $db->quote($qualifier . "%");
} else {
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
}
if ($description_search == 1) {
// If you uncomment the next line, it will search description field
$condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%") . ")";
}
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%");
}
$q1 = "SELECT distinct left(t.title,1) as initial, t.title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition1}\n AND eres_display = 'Y'\n ORDER BY newtitle";
$q2 = "SELECT distinct left(t.alternate_title,1) as initial, t.alternate_title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition2}\n\t\t AND eres_display = 'Y'\n {$condition3}\n\n\t\t ORDER BY newtitle";
$r = $db->query($q1);
$num_rows = count($r);
if ($num_rows == 0) {
return "<div class=\"no_results\">" . _("Sorry, there are no results at this time.") . "</div>";
}
// prepare header
$items = "<table width=\"98%\" class=\"item_listing\">";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$patterns = "/'|\"/";
$replacements = "";
$item_title = $myrow[1];
if ($myrow["pre"] != "") {
$item_title = $myrow["pre"] . " " . $item_title;
}
$safe_title = trim(preg_replace($patterns, $replacements, $item_title));
$blurb = $myrow["description"];
$bib_id = $myrow[5];
/// CHECK RESTRICTIONS ///
if ($myrow['4'] == 2 or $myrow['4'] == 3) {
$url = $proxyURL . $myrow[3];
$rest_icons = "restricted";
} elseif ($myrow['4'] == 4) {
$url = $myrow[3];
$rest_icons = "restricted";
} else {
$url = $myrow[3];
$rest_icons = "";
// if you want the unlocked icon to show, enter "unrestricted" here
}
$current_ctags = explode("|", $myrow["ctags"]);
// add our $rest_icons info to this array at the beginning
array_unshift($current_ctags, $rest_icons);
$icons = showIcons($current_ctags);
/// Check for Help Guide ///
if ($myrow["helpguide"] != "") {
$helpguide = " <a href=\"" . $myrow["helpguide"] . "\"><img src=\"{$IconPath}/help.gif\" border=\"0\" alt=\"" . _("Help Guide") . "\" title=\"" . _("Help Guide") . "\" /></a>";
} else {
$helpguide = "";
}
//Check if there is a display note
if ($myrow["display_note"] == NULL) {
$display_note_text = "";
} else {
$display_note_text = "<br /><strong>" . _("Note:") . " </strong>" . $myrow['display_note'];
}
$bonus = "{$blurb}<br />";
if ($blurb != "") {
$information1 = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\"><img src=\"{$IconPath}/information.png\" border=\"0\" alt=\"" . _("more information") . "\" title=\"" . _("more information") . "\" /></span>";
// This is new details link; you can use the one above if you prefer
$information = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\">" . _("about") . "</span>";
} else {
$information = "";
}
$target = targetBlanker();
$items .= self::generateLayout($row_colour, $url, $target, $item_title, $information, $information1, $icons, $helpguide, $display_note_text, $bonus);
$row_count++;
}
$items .= "</table>";
return $items;
}
//depending on step, display content
switch ($lintStep) {
case 0:
//first setup config with site configurations
$lobjConfig->displaySetupSiteConfigForm();
break;
case 1:
//on POST and second step, write configuration and install
if (isset($_POST['submit_setup_site_config'])) {
$lobjConfig->setNewConfigValues();
if (!$lobjConfig->writeConfigFile()) {
//error message
$lobjConfig->displayMessage(_("Something went wrong and could not save configurations."));
} else {
//include again if config variables have changed
include_once 'includes/config.php';
//new installer instance and install and on success show complete page
$lobjInstaller = new Installer();
if ($lobjInstaller->install()) {
$administrator_email = $_POST['administrator_email'];
$db = new Querier();
$db->exec("UPDATE staff SET staff.email=" . $db->quote($administrator_email) . " WHERE staff.staff_id = 1");
$lobjInstaller->displayInstallationCompletePage();
$_SESSION['firstInstall'] = 1;
}
}
}
break;
}
}
include_once "includes/footer.php";
//////////////////////
// date and time stuff
//////////////////////
$today = getdate();
$month = $today['month'];
$mday = $today['mday'];
$year = $today['year'];
$this_year = date("Y");
$todaycomputer = date('Y-m-d H:i:s');
if (isset($_POST['the_suggestion']) && $_POST['skill'] == $stk_answer) {
// clean submission and enter into db! Don't show page again.
if ($this_name == "") {
$this_name = "Anonymous";
}
// Make a safe query
$query = sprintf("INSERT INTO talkback (`question`, `q_from`, `date_submitted`, `display`, `tbtags`, `answer`) VALUES (%s, %s, %s, 'No', %s, %s)", $db->quote($this_comment), $db->quote($this_name), $db->quote($todaycomputer), $db->quote($set_filter), $db->quote(""));
//print $query;
$db->query($query);
if ($query) {
$stage_one = "ok";
}
if (isset($debugger) && $debugger == "yes") {
print "<p class=\"debugger\">{$query}<br /><strong>from</strong> this file</p>";
}
// Send an email if this is turned on
if ($send_email_notification == 1) {
ini_set("SMTP", $email_server);
ini_set("sendmail_from", $sent_from);
/* here the subject and header are assembled */
$subject = "Talk Back";
$header = "Return-Path: {$sent_from}\n";
public function getSearch()
{
$db = new Querier();
$quoted_search = $db->quote('%' . $this->_search . '%');
return $quoted_search;
}
p.body LIKE '%" . $location_hint . "/" . $shortName . "%'";
//print $findGuidesQuery;
$findGuidesResult = $querier->query($findGuidesQuery);
$guides = array(); // for the list of guides in which the file appears
if ($findGuidesResult) {
foreach ($findGuidesResult as $row) {
$guideName = $row['subject'];
$guideId = $row['subject_id'];
$guides["$guideId"] = $guideName;
}
}
*/
$db = new Querier();
$findGuidesQuery = "\n\t\t\t\tSELECT st.fname, st.lname, s.subject, s.subject_id\n\t\t\t\tFROM pluslet p INNER JOIN pluslet_section ps\n\t\t\t\tON p.pluslet_id = ps.pluslet_id\n\t\t\t\tINNER JOIN section sec\n\t\t\t\tON ps.section_id = sec.section_id\n\t\t\t\tINNER JOIN tab t\n\t\t\t\tON sec.tab_id = t.tab_id\n\t\t\t\tINNER JOIN subject s\n\t\t\t\tON t.subject_id = s.subject_id\n\t\t\t\tINNER JOIN staff_subject ss\n\t\t\t\tON s.subject_id = ss.subject_id\n\t\t\t\tINNER JOIN staff st\n\t\t\t\tON ss.staff_id = st.staff_id\n\t\t\t\tWHERE p.body LIKE " . $db->quote('%' . $location_hint . "/" . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . trim(" \\ ") . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . trim(" \\ ") . "image" . trim(" \\ ") . $shortName . '%') . "\n OR p.body LIKE " . $db->quote('%' . $location_hint . "/image/" . $shortName . '%');
$findGuidesResult = $querier->query($findGuidesQuery);
$guides = array();
// for the list of guides in which the file appears
if ($findGuidesResult) {
foreach ($findGuidesResult as $row) {
$owner = $row['fname'] . " " . $row['lname'];
$guideName = $row['subject'];
$guideId = $row['subject_id'];
$guides["{$guideId}"] = $guideName;
}
} else {
$owner = '';
}
if (empty($guides)) {
// the file is an orphan--flag it!
function listCollections($search = "", $display = "default", $show_children = "false")
{
$db = new Querier();
$whereclause = "";
global $guide_path;
if ($search != "") {
$search = scrubData($search);
$whereclause .= " WHERE subject LIKE '%" . $db->quote($search) . "%'";
}
$q = "SELECT collection_id, title, description, shortform FROM {$whereclause} collection ORDER BY title";
$r = $db->query($q);
$num_rows = count($r);
$switch_row = round($num_rows / 2);
$layout = "";
//print $q;
$row_count = 1;
$colour1 = "oddrow";
$colour2 = "evenrow";
if ($num_rows < 1) {
return;
}
switch ($display) {
case "default":
$list_collections = "<table class=\"item_listing\" width=\"98%\">";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$guide_location = "collection.php?d=" . $myrow[3];
$list_collections .= "<tr class=\"zebra {$row_colour}\" style=\"height: 1.5em;\">\n <td><a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a>\n <div style=\"font-size: .9em;\">{$myrow['2']}</div></td></tr>\n";
$row_count++;
}
$list_collections .= "</table>";
break;
case "2col":
// for 2 col
$col_1 = "<div class=\"pure-u-1 pure-u-md-1-2\"><ul class=\"guide-listing\">";
$col_2 = "<div class=\"pure-u-1 pure-u-md-1-2\"><ul class=\"guide-listing\">";
foreach ($r as $myrow) {
$icon = "fa-plus-square";
$title_hover = "See all guides in this collection";
$guide_location = "collection.php?d=" . $myrow[3];
$list_bonus = "<p class=\"collection-description\">{$myrow['2']}</p><ul class=\"collection_list\">";
// Here, we want to show the guides associated with that collection
if ($show_children != "false") {
// get all kids
$q2 = "SELECT s.subject_id, s.subject, s.shortform FROM subject s, collection_subject cs, collection c \n WHERE s.subject_id = cs.subject_id AND cs.collection_id = c.collection_id AND c.collection_id = {$myrow['0']} AND s.active = 1 ORDER BY cs.sort";
$r2 = $db->query($q2);
$num_rows2 = count($r2);
foreach ($r2 as $mysubguide) {
$guide_location2 = $guide_path . $mysubguide[2];
$list_bonus .= "<li><a href=\"{$guide_location2}\">{$mysubguide['1']}</a></li>";
}
}
$our_item = "<li title=\"{$title_hover}\"><i class=\"fa {$icon}\"></i> <a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a>\n <div class=\"guide_list_bonus\">{$list_bonus}</ul></div>\n </li>";
if ($row_count <= $switch_row) {
// first col
$col_1 .= $our_item;
} else {
// even
$col_2 .= $our_item;
}
$row_count++;
}
// end foreach
$col_1 .= "</ul></div>";
$col_2 .= "</ul></div>";
$layout .= "<div class=\"pure-g guide_list\"><div class=\"pure-u-1 guide_list_header\"><a name=\"section-Collection\"></a><h3>" . _("Guide Collections") . "</h3></div><div class=\"pure-u-1 guide-list-expand\">Expand/Hide All</div>" . $col_1 . $col_2 . "</div>";
$list_collections = $layout;
break;
}
return $list_collections;
}
function listGuides($search = "", $type = "all")
{
$db = new Querier();
$andclause = "";
global $guide_path;
if ($search != "") {
$search = scrubData($search);
$andclause .= " AND subject LIKE '%" . $db->quote($search) . "%'";
}
if ($type != "all") {
$andclause .= " AND type=" . $db->quote($type) . "";
}
$q = "SELECT shortform, subject, type FROM subject WHERE active = '1' " . $andclause . " ORDER BY subject";
// $r = $db->query($q);
//print $q;
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
$db = new Querier();
$list_guides = "<table class=\"item_listing\" width=\"98%\">";
foreach ($db->query($q) as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$guide_location = $guide_path . $myrow[0];
$list_guides .= "<tr class=\"zebra {$row_colour} type-{$myrow['2']}\" style=\"height: 1.5em;\">\n <td><a href=\"{$guide_location}\">" . htmlspecialchars_decode($myrow[1]) . "</a> \n <div class=\"list_bonus\"></div></td>\n <td class=\"subject\">{$myrow[2]}</td>\n </tr>\n";
$row_count++;
}
$list_guides .= "</table>";
return $list_guides;
}
$social_and_search = '
<div id="guide_nav_tools">
<form id="guide_search" class="pure-form"><!-- AddToAny BEGIN -->
<div class="a2a_kit" style="float: left !important;">
<a class="a2a_dd" href="http://www.addtoany.com/share_save"><img src="../assets/images/icons/plus-26.png" border="0" alt="Share" /></a>
<a class="a2a_button_twitter"><img src="../assets/images/icons/twitter-26.png" border="0" alt="Twitter" /></a>
<a class="a2a_button_facebook"><img src="../assets/images/icons/facebook-26.png" border="0" alt="Facebook" /></a>
</div>
<script type="text/javascript" src="//static.addtoany.com/menu/page.js"></script>
<!-- AddToAny END -->
<input id="sp_search" class="find-guide-input ui-autocomplete-input" type="text" placeholder="' . _("Find in Guide") . '" autocomplete="off"/></form>
</div>
';
if ($check_this) {
// get name of quide
$q = "select subject, subject_id, extra, description, keywords, redirect_url, header from subject where shortform = " . $db->quote($check_this);
//print $q;
//$r = $db->query($q);
$r = $db->query($q, PDO::FETCH_ASSOC);
// If this guide doesn't exist, send them away
if (count($r) == 0) {
header("location:index.php");
}
$redirect_url = $r[0]["redirect_url"];
if (!is_null($redirect_url) && !empty($redirect_url)) {
header("Location:{$redirect_url}");
}
$subject_name = $r[0]["subject"];
$this_id = $r[0]["subject_id"];
$header_type = $r[0]["header"];
// check for description and keywords, which may be blank since they were added v2
function modifyDB($id, $type)
{
$db = new Querier();
/* print "<pre>";
print_r($_POST);
print "</pre>"; */
// Uses the data from the POST vars to update
$pluslet_title = isset($_POST["pluslet_title"]) ? $_POST["pluslet_title"] : '';
$pluslet_body = isset($_POST["pluslet_body"]) ? $_POST["pluslet_body"] : '';
$pluslet_type = isset($_POST["item_type"]) ? $_POST["item_type"] : '';
$pluslet_extra = isset($_POST["special"]) ? $_POST["special"] : '';
$pluslet_hide_titlebar = $_POST["boxsetting_hide_titlebar"];
$pluslet_collapse_body = $_POST["boxsetting_collapse_titlebar"];
$pluslet_favorite_box = $_POST["favorite_box"];
$pluslet_target_blank_links = $_POST['boxsetting_target_blank_links'];
if (isset($_POST["boxsetting_titlebar_styling"])) {
$pluslet_titlebar_styling = $_POST["boxsetting_titlebar_styling"];
} else {
$pluslet_titlebar_styling = null;
}
// If clone isn't set, set to 0
if (isset($_POST["clone"])) {
$pluslet_clone = $_POST["clone"];
} else {
$pluslet_clone = 0;
}
// let's not have those errant slashes
if (get_magic_quotes_gpc()) {
$pluslet_title = stripcslashes(stripcslashes($pluslet_title));
$pluslet_body = stripslashes(stripslashes($pluslet_body));
$pluslet_extra = stripslashes(stripslashes($pluslet_extra));
} else {
$pluslet_title = stripcslashes($pluslet_title);
$pluslet_body = stripslashes($pluslet_body);
$pluslet_extra = stripslashes($pluslet_extra);
}
switch ($type) {
case "insert":
$q = sprintf("INSERT INTO pluslet (title, body, type, clone, extra, hide_titlebar, collapse_body, titlebar_styling, favorite_box, target_blank_links) VALUES (%s, %s, %s, %s, %s, %s, %s, %s, %s, %s)", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $db->quote($pluslet_extra), $db->quote($pluslet_hide_titlebar), $db->quote($pluslet_collapse_body), $db->quote($pluslet_titlebar_styling), $db->quote($pluslet_favorite_box), $db->quote($pluslet_target_blank_links));
$db = new Querier();
$r = $db->exec($q);
if ($r) {
$id = $db->last_id();
} else {
print "<p>There was a problem with your insert:</p>";
print "<p>{$q}</p>";
$id = false;
}
break;
case "update":
// update pluslet table
//print "$pluslet_extra";
//$q = sprintf("UPDATE pluslet set title = '%s', body = '%s', type = '%s', extra = '%s' WHERE pluslet_id = '$id'", $db->quote($pluslet_title), $db->quote($pluslet_body), $db->quote($pluslet_type), $db->quote($pluslet_clone), $pluslet_extra);
$q = "UPDATE pluslet SET\n title=" . $db->quote($pluslet_title) . ",\n body=" . $db->quote($pluslet_body) . ",\n type=" . $db->quote($pluslet_type) . ",\n extra=" . $db->quote($pluslet_extra) . ",\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'";
$r = $db->exec($q);
//print $q;
if ($r === FALSE) {
print "<p>There was a problem with your insert:</p>";
print "<p>{$q}</p>";
$id = false;
}
break;
case "settings":
// update pluslet table for only settings
$q = "UPDATE pluslet SET\n hide_titlebar = '{$pluslet_hide_titlebar}',\n collapse_body = '{$pluslet_collapse_body}',\n titlebar_styling = '{$pluslet_titlebar_styling}',\n favorite_box = '{$pluslet_favorite_box}',\n target_blank_links = '{$pluslet_target_blank_links}'\n WHERE pluslet_id ='{$id}'";
$r = $db->exec($q);
//print $q;
if ($r === FALSE) {
print "<p>There was a problem with your insert:</p>";
print "<p>{$q}</p>";
$id = false;
}
break;
case "delete":
$q = "DELETE FROM pluslets WHERE pluslet_id = '{$id}'";
$r = $db->query($q);
break;
}
return $id;
}
use SubjectsPlus\Control\Staff;
use SubjectsPlus\Control\Querier;
$subsubcat = "";
$subcat = "admin";
$page_title = "Admin Source Types";
//print_r($_POST);
include "../includes/header.php";
$db = new Querier();
//init
$ourlist = "";
$feedback = "";
if (isset($_POST["add_source"])) {
////////////////
// Insert title table
////////////////
$qInsertSource = "INSERT INTO source (source, rs) VALUES (\n\t\t" . $db->quote(scrubData($_POST["source"])) . ", \n\t\t0\n\t\t)";
$rInsertSource = $db->query($qInsertSource);
$feedback = _("Thy Will Be Done. Source list updated.");
}
if (isset($_POST["update_sources"])) {
//////////////////////////////////
// Get the source dept data + sort order
//////////////////////////////////
//////////////////////
// Create new array of results
/////////////////////
$a = $_POST["source_id"];
$b = $_POST["source"];
$result = array_combine($a, $b);
// Loop through array, update departments table
$row_count = 1;
$statement->execute();
$stage_one = "ok";
if (isset($debugger) && $debugger == "yes") {
// print "<p class=\"debugger\">$query<br /><strong>from</strong> this file</p>";
}
// Send an email if this is turned on
if ($send_email_notification == 1) {
ini_set("SMTP", $email_server);
ini_set("sendmail_from", $sent_from);
/* here the subject and header are assembled */
$subject = _("New Comment via SubjectsPlus");
$header = "Return-Path: {$sent_from}\n";
$header .= "From: {$sent_from}\n";
$header .= "Content-Type: text/html; charset=iso-8859-1;\n\n";
$message = "<html><body style=\"margin:0;\">\n\t\t\t\t\t<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#d4d4d4\" style=\"height: 100%;\">\n\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t<td valign=\"top\" align=\"center\">\n\t\t\t\t\t\t<table cellpadding=\"0\" cellspacing=\"0\" bgcolor=\"#FFFFFF\" style=\"width:600px; height:auto;\" border=\"0\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"40\" valign=\"top\" bgcolor=\"#d4d4d4\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"120\" valign=\"middle\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <p style=\"font-size:28px; color:#444; font-family:Helvetica, sans-serif;\">" . _("New Comment Awaits Response") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/calendar.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"150\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Received:") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"380\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#858585; font-family:Helvetica, sans-serif;\">{$month} {$mday}, {$year}</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/contact.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"150\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Contact:") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"380\" valign=\"bottom\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#858585; font-family:Helvetica, sans-serif;\">";
$message .= $db->quote($this_name);
$message .= "</p></td>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"65\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"40\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t <td width=\"50\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/comment.jpg\" width=\"40\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t <td width=\"530\" valign=\"middle\" height=\"40\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:22px; color:#444; font-family:Helvetica, sans-serif;\">" . _("Comment:") . "</p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" height=\"40\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \t\t\t\t\t\t \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"60\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td> \n\t\t\t\t\t\t <td width=\"530\" valign=\"top\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <p style=\"font-size:20px; color:#858585; font-family:Helvetica, sans-serif;\">";
$message .= $db->quote($this_comment);
$message .= "</p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"10\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"60\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"50\" valign=\"top\" align=\"center\" bgcolor=\"#FFFFFF\"> \n\t\t\t\t\t\t <table width=\"600\" height=\"50\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"175\" height=\"50\" valign=\"middle\" bgcolor=\"#FFFFFF\"> </td> \n\t\t\t\t\t\t <td width=\"250\" height=\"50\" valign=\"middle\" align=\"center\" bgcolor=\"#858585\">\n\t\t\t\t\t\t <p style=\"font-size:28px; color:#FFF; font-family:Helvetica, sans-serif;\"><a href=\"http://sp.library.miami.edu/control/talkback\" target=\"_blank\" style=\"color: #FFF; text-decoration:none;\"><span style=\"color: #FFF; text-decoration:none;\">" . _("Reply Now") . "</span></a></p>\n\t\t\t\t\t\t </td> \n\t\t\t\t\t\t <td width=\"175\" height=\"50\" valign=\"middle\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t </table>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"30\" valign=\"bottom\" align=\"center\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t \t<p style=\"font-size:14px; color:#858585; font-family:Helvetica, sans-serif;\">" . _("You will be required to log in") . "</p>\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"100\" valign=\"top\" bgcolor=\"#FFFFFF\"> </td>\n\t\t\t\t\t\t </tr> \n\t\t\t\t\t\t <tr>\n\t\t\t\t\t\t <td width=\"600\" height=\"70\" valign=\"middle\" align=\"center\" bgcolor=\"#FFFFFF\">\n\t\t\t\t\t\t <img src=\"http://sp.library.miami.edu/assets/images/email/subjectsplus-footer.jpg\" width=\"276\" height=\"40\" border=\"0\">\n\t\t\t\t\t\t </td>\n\t\t\t\t\t\t </tr>\n\t\t\t\t\t\t</table> \n\t\t\t\t\t\t</td>\n\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</body>\n\t\t\t\t\t\t</html>";
// begin assembling actual message
$success = mail($send_to, "{$subject}", $message, $header);
// The below is just for testing purposes
if ($success) {
$stage_two = "ok";
//print "mail sent to $send_to";
} else {
$stage_two = "fail";
//print "mail didn't go to $send_to";
}
}
if ($stage_one == "ok" && $stage_two == "ok") {
*/
use SubjectsPlus\Control\Querier;
$subsubcat = "";
$subcat = "admin";
$page_title = "Admin Guide Collections";
$feedback = "";
//var_dump($_POST);
include "../includes/header.php";
include "../includes/autoloader.php";
// Connect to database
$db = new Querier();
if (isset($_POST["add_collection"])) {
////////////////
// Insert title table
////////////////
$qInsertGuideCollection = "INSERT INTO collection (title, description, shortform) VALUES (\n\t\t" . $db->quote(scrubData($_POST["title"])) . ", \n\t\t" . $db->quote(scrubData($_POST["description"])) . ", \n " . $db->quote(scrubData($_POST["shortform"])) . "\n\t\t)";
//print $qInsertGuideCollection;
$rInsertGuideCollection = $db->exec($qInsertGuideCollection);
if ($rInsertGuideCollection) {
$feedback = _("Thy Will Be Done. Guide Collection list updated.");
} else {
$feedback = _("Thwarted! Something has gone wrong with insert. Contact the admin.");
}
}
if (isset($_POST["update_collections"])) {
// get our vars and tidy them
$our_collection_id = scrubData($_POST["update_collections"]);
// remove all assocations for this collection + this suject
$qEmpty = "DELETE FROM collection_subject WHERE collection_id = '{$our_collection_id}'";
//print $qEmpty;
$rEmpty = $db->exec($qEmpty);
public function search()
{
$db = new Querier();
$connection = $db->getConnection();
$search_param = "%" . $this->param . "%";
$subject_id = $this->subject_id;
switch ($this->collection) {
case "home":
$statement = $connection->prepare("SELECT subject_id AS 'id', subject AS 'matching_text',subject AS 'label', description as 'additional_text', shortform AS 'short_form', 'Subject Guide' as 'content_type', '' as 'additional_id', '' as 'parent' FROM subject\n WHERE description LIKE :search_term\n OR subject LIKE :search_term\n OR keywords LIKE :search_term\n UNION\n SELECT p.pluslet_id, p.title,p.title AS 'label', su.subject_id AS 'parent_id', su.shortform, 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE :search_term\n OR p.title LIKE :search_term\n UNION\n SELECT faq_id AS 'id', question AS 'matching_text',question AS 'label', answer as 'additional_text','' AS 'short_form','FAQ' as 'content_type', '' as 'additional_id', '' as 'parent' FROM faq\n WHERE question LIKE :search_term\n OR answer LIKE :search_term\n OR keywords LIKE :search_term\n UNION\n SELECT talkback_id AS 'id', question AS 'matching_text' ,question AS 'label', answer as 'additional_text','' AS 'short_form', 'Talkback' as 'content_type', '' as 'additional_id', '' as 'parent' FROM talkback\n WHERE question LIKE :search_term\n OR answer LIKE :search_term\n UNION\n SELECT staff_id AS 'id', email AS 'matching_text' ,email AS 'label', fname as 'additional_text','' AS 'short_form', 'Staff' as 'content_type', '' as 'additional_id', '' as 'parent' FROM staff\n WHERE fname LIKE :search_term\n OR lname LIKE :search_term\n OR email LIKE :search_term\n OR tel LIKE :search_term\n UNION\n SELECT department_id AS 'id', name AS 'matching_text' , name AS 'label', telephone as 'additional_text','' AS 'short_form', 'Department' as 'content_type', '' as 'additional_id','' as 'parent' FROM department\n WHERE name LIKE :search_term\n OR telephone LIKE :search_term\n UNION\n SELECT video_id AS 'id', title AS 'matching_text' ,title AS 'label', description as 'additional_text','' AS 'short_form', 'Video' as 'content_type', '' as 'additional_id', '' as 'parent' FROM video\n WHERE title LIKE :search_term\n OR description LIKE :search_term\n OR vtags LIKE :search_term");
break;
case "guides":
$statement = $connection->prepare("SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form' \n FROM subject \n WHERE active = '1'\n AND (subject LIKE :search_term\n OR shortform LIKE :search_term\n OR description LIKE :search_term\n OR keywords LIKE :search_term\n OR type LIKE :search_term)\n ");
break;
case "all_guides":
$statement = $connection->prepare("SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form'\n FROM subject\n WHERE (subject LIKE :search_term\n OR shortform LIKE :search_term\n OR description LIKE :search_term\n OR keywords LIKE :search_term\n OR type LIKE :search_term)\n ORDER BY subject\n ");
break;
case "guide":
$statement = $connection->prepare("SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type',p.type as 'type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE :search_term\n \t\t\t AND t.subject_id = :subject_id");
$statement->bindParam(":subject_id", $subject_id);
break;
case "current_guide":
$statement = $connection->prepare("SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type',p.type as 'type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.title LIKE :search_term\n \t\t\t AND t.subject_id = :subject_id");
$statement->bindParam(":subject_id", $subject_id);
break;
case "records":
$statement = $connection->prepare("SELECT DISTINCT title.title_id as 'id','Record' as 'content_type', title.title as 'label', location.location as 'location_url'\nFROM title\nINNER JOIN location_title\nON title.title_id = location_title.title_id\nINNER JOIN location\nON location.location_id = location_title.location_id\nAND title.title LIKE :search_term");
break;
case "azrecords":
$statement = $connection->prepare("SELECT DISTINCT title.title_id as 'id','Record' as 'content_type', title.title as 'label', location.location as 'location_url'\nFROM title\nINNER JOIN location_title \nON title.title_id = location_title.title_id\nINNER JOIN location\nON location.location_id = location_title.location_id\nAND eres_display = 'Y'\nAND title.title LIKE :search_term");
break;
case "faq":
$statement = $connection->prepare("SELECT faq_id AS 'id',question AS 'label', LEFT(question, 55), \n \t\t'FAQ' as 'content_type' FROM faq WHERE question LIKE :search_term");
break;
case "talkback":
$statement = $connection->prepare("SELECT talkback_id AS 'id',question AS 'label','Talkback' \n \t\tas content_type, LEFT(question, 55) FROM talkback WHERE question LIKE :search_term");
break;
case "admin":
$statement = $connection->prepare("SELECT staff_id AS 'id',email AS 'label','Staff' \n \t\tas 'content_type', CONCAT(fname, ' ', lname, ' (', email, ')') as fullname \n \t\tFROM staff WHERE (fname LIKE :search_term) OR (lname LIKE :search_term)");
break;
case "pluslet":
$statement = $connection->prepare("SELECT p.pluslet_id AS 'pluslet_id', p.title,p.title AS 'label',p.type as 'type', p.pluslet_id AS 'id', su.shortform as 'short_form', 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.title LIKE :search_term\n \t\t\t\n \t\t\t\t");
break;
case "my_pluslets":
$statement = $connection->prepare("SELECT p.pluslet_id AS 'pluslet_id', p.title,p.title AS 'label',p.type as 'type', p.pluslet_id AS 'id', su.shortform as 'short_form', 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n INNER JOIN staff_subject AS st_sub\n ON st_sub.subject_id = su.subject_id\n WHERE p.title LIKE :search_term\n AND st_sub.staff_id = :staff_id\n \t\t\t\n \t\t\t\t");
$statement->bindParam(":staff_id", $this->staff_id);
break;
}
$search_param = '%' . $search_param . '%';
$statement->bindParam(":search_term", $search_param);
$statement->execute();
$result = $statement->fetchAll();
$arr = array();
$i = 0;
// This takes the results and creates an array that will be turned into JSON
foreach ($result as $myrow) {
//add no title label if empty
$myrow['label'] = empty($myrow['label']) ? '[no title]' : $myrow['label'];
$arr[$i]['label'] = html_entity_decode($myrow['label']);
if (isset($myrow['content_type'])) {
if (isset($myrow['id'])) {
$arr[$i]['id'] = $myrow['id'];
}
$arr[$i]['content_type'] = $myrow['content_type'];
if (isset($myrow['location_url'])) {
$arr[$i]['location_url'] = $myrow['location_url'];
}
if (isset($myrow['short_form'])) {
$arr[$i]['shortform'] = $myrow['short_form'];
}
if (isset($myrow['matching_text'])) {
$arr[$i]['value'] = $myrow['matching_text'];
}
if (isset($myrow['parent'])) {
$arr[$i]['parent'] = $myrow['parent'];
}
if (isset($myrow['additional_id'])) {
$arr[$i]['parent_id'] = $myrow['additional_id'];
}
switch ($myrow['content_type']) {
case "Record":
$arr[$i]['label'] = html_entity_decode($myrow['label']);
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'record.php?record_id=' . $myrow['id'];
} else {
$db = new Querier();
$record_url_sql = "SELECT location, title\n FROM location l, title t, location_title lt \n WHERE t.title_id = lt.title_id\n AND l.location_id = lt.location_id AND t.title_id = " . $db->quote($myrow['id']) . " ";
$record_url_result = $db->query($record_url_sql);
if (isset($record_url_result[0]['location'])) {
$arr[$i]['url'] = $record_url_result[0]['location'];
} else {
$arr[$i]['url'] = '';
}
}
break;
case "Subject Guide":
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['id'];
} else {
$arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'];
}
break;
case "FAQ":
$arr[$i]['label'] = html_entity_decode($myrow['label']);
$arr[$i]['url'] = 'faq.php?faq_id=' . $myrow['id'];
break;
case "Pluslet":
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['label'] = html_entity_decode($myrow['label']);
if (isset($myrow['type'])) {
$arr[$i]['type'] = $myrow['type'];
}
if (isset($arr[$i]['pluslet_id'])) {
$arr[$i]['pluslet_id'] = $myrow['id'];
}
} else {
$arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['tab_index'] = $myrow['additional_id'];
$arr[$i]['pluslet_id'] = $myrow['id'];
}
break;
case "Talkback":
$arr[$i]['label'] = html_entity_decode($myrow['label']);
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'talkback.php?talkback_id=' . $myrow['id'];
} else {
$arr[$i]['url'] = 'talkback.php';
}
break;
case "Staff":
if ($myrow['fullname'] != null) {
$arr[$i]['label'] = $myrow['fullname'];
} else {
$arr[$i]['label'] = "";
}
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'user.php?staff_id=' . $myrow['id'];
} else {
$name = explode('@', $myrow['label']);
$arr[$i]['url'] = 'staff_details.php?name=' . $name[0];
}
break;
}
} else {
$arr[$i]['value'] = $myrow[0];
}
$i++;
}
$response = json_encode($arr);
return $response;
}
// Get the name of the collection
$query = "SELECT name, description FROM faqpage WHERE faqpage_id = '{$postvar_coll_id}'";
$db = new Querier();
$name = $db->query($query);
$page_title = "FAQS: {$name[0][0]}";
$intro = stripslashes(htmlspecialchars_decode($name[0][1]));
} elseif ($postvar_faq_id != "") {
$displaytype = "single";
$page_title = "Library FAQs";
} else {
$displaytype = "splashpage";
$page_title = "Library FAQs";
}
include "includes/header_um.php";
if ($displaytype == "search") {
$full_query = "SELECT faq_id, question, answer, keywords\n\tFROM `faq`\n\tWHERE (question like " . $db->quote("%" . $search_clause . "%") . " OR answer like " . $db->quote("%" . $search_clause . "%") . " OR keywords like " . $db->quote("%" . $search_clause . "%") . ")\n\tGroup BY question";
$intro = "<p>Search for <strong>{$search_clause}</strong>.</p>";
} elseif ($displaytype == "all") {
$full_query = "SELECT distinct faq_id, question, answer, keywords\n\tFROM `faq`\n\tORDER BY question";
$intro = "";
} elseif ($displaytype == "bysubject") {
$full_query = "SELECT f.faq_id, question, answer, f.keywords, subject\n\tFROM `faq` f, faq_subject fs, subject s\n\tWHERE f.faq_id = fs.faq_id\n\tAND fs.subject_id = s.subject_id\n\tAND s.subject_id = '{$postvar_subject_id}'\n\tORDER BY question";
$intro = "";
} elseif ($displaytype == "single") {
$full_query = "SELECT faq_id, question, answer, keywords\n\tFROM `faq`\n\tWHERE faq_id = '{$postvar_faq_id}'";
$intro = "";
} elseif ($displaytype == "collection") {
$full_query = "SELECT f.faq_id, question, answer, keywords\n\tFROM faq f, faq_faqpage ff, faqpage fp\n\tWHERE f.faq_id = ff.faq_id\n\tAND fp.faqpage_id = ff.faqpage_id\n\tAND fp.faqpage_id = '{$postvar_coll_id}'\n\tORDER BY fp.name, question";
$intro = "";
} else {
// This is the default
function dupeCheck()
{
$db = new Querier();
// returns TRUE is there is already an item with that subject or shortform
if ($this->_subject_id == "") {
// INSERT
$qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform));
} else {
// UPDATE
$qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform)) . " AND subject_id != " . $this->_subject_id;
}
//print $qcheck;
$db = new Querier();
$rcheck = $db->query($qcheck);
$this->_debug .= "<p>Dupe check: {$qcheck}</p>";
if (count($rcheck) == 0) {
return FALSE;
} else {
return TRUE;
}
}
function modifyLocation()
{
$db = new Querier();
foreach ($this->_location_id as $key => $value) {
// wipe entry in location_title
if ($value == "") {
// Blank location, do an insert
$qInsertLoc = "INSERT INTO location (format, call_number, location, access_restrictions, eres_display, display_note, ctags, helpguide) VALUES (\n\t\t\t\t'" . scrubData($this->_format[$key], "integer") . "',\n\t\t\t\t" . $db->quote(scrubData($this->_call_number[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_location[$key])) . ",\n\t\t\t\t'" . scrubData($this->_access_restrictions[$key], "integer") . "',\n\t\t\t\t'" . scrubData($this->_eres_display[$key]) . "',\n\t\t\t\t" . $db->quote(scrubData($this->_display_note[$key], "richtext")) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_ctags[$key])) . ",\n\t\t\t\t" . $db->quote(scrubData($this->_helpguide[$key])) . "\n\t\t\t\t)";
$rInsertLoc = $db->exec($qInsertLoc);
$this->_debug .= "<p>5a. insert location loop: {$qInsertLoc}</p>";
if (!$rInsertLoc) {
echo blunDer("We have a problem with the insert locations query: {$qInsertLoc}");
}
$current_location_id = $db->last_id();
} else {
// Existing location, do an update
$qUpLoc = "UPDATE location SET format = '" . scrubData($this->_format[$key], "integer") . "', call_number = '" . scrubData($this->_call_number[$key]) . "', location = '" . scrubData($this->_location[$key]) . "', access_restrictions = '" . scrubData($this->_access_restrictions[$key], "integer") . "', eres_display = '" . scrubData($this->_eres_display[$key]) . "', display_note = '" . scrubData($this->_display_note[$key], "richtext") . "', ctags = " . $db->quote(scrubData($this->_ctags[$key])) . ", helpguide = " . $db->quote(scrubData($this->_helpguide[$key])) . " WHERE location_id = " . scrubData($this->_location_id[$key], "integer");
$rUpLoc = $db->exec($qUpLoc);
$this->_debug .= "<p>5b. update location loop: {$qUpLoc}</p>";
if ($rUpLoc === FALSE) {
echo blunDer("We have a problem with the update locations query: {$qUpLoc}");
}
$current_location_id = scrubData($this->_location_id[$key]);
$this->_debug .= "<p>current loc id = {$current_location_id}";
}
// If/else over, now do an insert to location_title
$qInsertLocTitle = "INSERT INTO location_title (title_id, location_id) VALUES (\n\t" . scrubData($this->_title_id, "integer") . ",\n\t{$current_location_id}\n\t)";
$this->_debug .= "<p>6. insert into location_title: {$qInsertLocTitle}</p>";
$rInsertLocTitle = $db->exec($qInsertLocTitle);
if (!$rInsertLocTitle) {
echo blunDer("We have a problem with the insert location_title query: {$qInsertLocTitle}");
}
}
}
public function search()
{
$db = new Querier();
$search_param = $db->quote("%" . $this->param . "%");
$subject_id = $db->quote($this->subject_id);
switch ($this->collection) {
case "home":
$q = "SELECT subject_id AS 'id', subject AS 'matching_text',subject AS 'label', description as 'additional_text', shortform AS 'short_form', 'Subject Guide' as 'content_type', '' as 'additional_id', '' as 'parent' FROM subject\n WHERE description LIKE " . $search_param . "\n OR subject LIKE " . $search_param . "\n OR keywords LIKE " . $search_param . "\n UNION\n SELECT p.pluslet_id, p.title,p.title AS 'label', su.subject_id AS 'parent_id', su.shortform, 'Pluslet' AS 'content_type', t.tab_index as 'additional_id',su.subject as 'parent' FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE " . $search_param . "\n OR p.title LIKE " . $search_param . "\n\n UNION\n SELECT faq_id AS 'id', question AS 'matching_text',question AS 'label', answer as 'additional_text','' AS 'short_form','FAQ' as 'content_type', '' as 'additional_id', '' as 'parent' FROM faq\n WHERE question LIKE " . $search_param . "\n OR answer LIKE " . $search_param . "\n OR keywords LIKE " . $search_param . "\n UNION\n SELECT talkback_id AS 'id', question AS 'matching_text' ,question AS 'label', answer as 'additional_text','' AS 'short_form', 'Talkback' as 'content_type', '' as 'additional_id', '' as 'parent' FROM talkback\n WHERE question LIKE " . $search_param . "\n OR answer LIKE " . $search_param . "\n UNION\n SELECT staff_id AS 'id', email AS 'matching_text' ,email AS 'label', fname as 'additional_text','' AS 'short_form', 'Staff' as 'content_type', '' as 'additional_id', '' as 'parent' FROM staff\n WHERE fname LIKE " . $search_param . "\n OR lname LIKE " . $search_param . "\n OR email LIKE " . $search_param . "\n OR tel LIKE " . $search_param . "\n UNION\n SELECT department_id AS 'id', name AS 'matching_text' , name AS 'label', telephone as 'additional_text','' AS 'short_form', 'Department' as 'content_type', '' as 'additional_id','' as 'parent' FROM department\n WHERE name LIKE " . $search_param . "\n OR telephone LIKE " . $search_param . "\n UNION\n SELECT video_id AS 'id', title AS 'matching_text' ,title AS 'label', description as 'additional_text','' AS 'short_form', 'Video' as 'content_type', '' as 'additional_id', '' as 'parent' FROM video\n WHERE title LIKE " . $search_param . "\n OR description LIKE " . $search_param . "\n OR vtags LIKE " . $search_param;
break;
case "guides":
$q = "SELECT subject_id as 'id', subject,'Subject Guide' as 'content_type', subject AS 'label',shortform AS 'short_form' FROM subject WHERE subject LIKE " . $search_param . "OR shortform LIKE " . $search_param . "OR description LIKE " . $search_param . "OR keywords LIKE " . $search_param . "OR type LIKE " . $search_param;
break;
case "guide":
$q = "SELECT p.pluslet_id as 'id',su.shortform as 'short_form','Pluslet' as 'content_type', p.title, p.title AS 'label', ps.section_id, t.tab_index AS 'additional_id', t.subject_id, su.subject FROM pluslet AS p\n INNER JOIN pluslet_section AS ps\n ON ps.pluslet_id = p.pluslet_id\n INNER JOIN section AS s\n ON ps.section_id = s.section_id\n INNER JOIN tab AS t\n ON s.tab_id = t.tab_id\n INNER JOIN subject AS su\n ON su.subject_id = t.subject_id\n WHERE p.body LIKE " . $search_param . " AND t.subject_id = " . $subject_id;
break;
case "records":
$q = "SELECT title_id AS 'id', 'Record' as 'content_type',title AS 'label', title FROM title WHERE title LIKE " . $search_param;
break;
case "faq":
$q = "SELECT faq_id AS 'id',question AS 'label', LEFT(question, 55), 'FAQ' as 'content_type' FROM faq WHERE question LIKE " . $search_param;
break;
case "talkback":
$q = "SELECT talkback_id AS 'id',question AS 'label','Talkback' as content_type, LEFT(question, 55) FROM talkback WHERE question LIKE " . $search_param;
break;
case "admin":
$q = "SELECT staff_id AS 'id',email AS 'label','Staff' as 'content_type', CONCAT(fname, ' ', lname, ' (', email, ')') as fullname FROM staff WHERE (fname LIKE " . $search_param . ") OR (lname LIKE " . $search_param . ")";
break;
}
//print_r ($q);
$result = $db->query($q);
$arr = array();
$i = 0;
// This takes the results and creates an array that will be turned into JSON
foreach ($result as $myrow) {
//add no title label if empty
$myrow['label'] = empty($myrow['label']) ? '[no title]' : $myrow['label'];
$arr[$i]['label'] = $myrow['label'];
if (isset($myrow['content_type'])) {
$arr[$i]['id'] = $myrow['id'];
if (isset($myrow['short_form'])) {
$arr[$i]['shortform'] = $myrow['short_form'];
}
if (isset($myrow['matching_text'])) {
$arr[$i]['value'] = $myrow['matching_text'];
}
if (isset($myrow['content_type'])) {
$arr[$i]['content_type'] = $myrow['content_type'];
}
if (isset($myrow['parent'])) {
$arr[$i]['parent'] = $myrow['parent'];
}
if (isset($myrow['additional_id'])) {
$arr[$i]['parent_id'] = $myrow['additional_id'];
}
switch ($myrow['content_type']) {
case "Record":
$arr[$i]['label'] = $myrow['label'];
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'record.php?record_id=' . $myrow['id'];
} else {
$db = new Querier();
$record_url_sql = "SELECT location, title\n\t\t\t\tFROM location l, title t, location_title lt \n\t\t\t\tWHERE t.title_id = lt.title_id\n\t\t\t\tAND l.location_id = lt.location_id AND t.title_id = " . $db->quote($myrow['id']) . " ";
$record_url_result = $db->query($record_url_sql);
if (isset($record_url_result[0]['location'])) {
$arr[$i]['url'] = $record_url_result[0]['location'];
} else {
$arr[$i]['url'] = '';
}
}
break;
case "Subject Guide":
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['id'];
} else {
$arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'];
}
break;
case "FAQ":
$arr[$i]['label'] = $myrow['label'];
$arr[$i]['url'] = 'faq.php?faq_id=' . $myrow['id'];
break;
case "Pluslet":
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = getControlURL() . 'guides/guide.php?subject_id=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['label'] = $myrow['label'];
} else {
$arr[$i]['url'] = 'guide.php?subject=' . $myrow['short_form'] . '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['hash'] = '#box-' . $myrow['additional_id'] . '-' . $myrow['id'];
$arr[$i]['tab_index'] = $myrow['additional_id'];
}
break;
case "Talkback":
$arr[$i]['label'] = $myrow['label'];
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'talkback.php?talkback_id=' . $myrow['id'];
} else {
$arr[$i]['url'] = 'talkback.php';
}
break;
case "Staff":
$arr[$i]['label'] = $myrow['fullname'];
if ($this->getSearchPage() == "control") {
$arr[$i]['url'] = 'user.php?staff_id=' . $myrow['id'];
} else {
$name = explode('@', $myrow['label']);
$arr[$i]['url'] = 'staff_details.php?name=' . $name[0];
}
break;
}
} else {
$arr[$i]['value'] = $myrow[0];
}
$i++;
}
$response = json_encode($arr);
return $response;
}
*/
use SubjectsPlus\Control\Querier;
$subsubcat = "";
$subcat = "admin";
$page_title = "Admin FAQ Collections";
// print_r($_POST);
include "../includes/header.php";
$db = new Querier();
//init
$ourlist = "";
$feedback = "";
if (isset($_POST["add_collection"])) {
////////////////
// Insert title table
////////////////
$qInsert = "INSERT INTO faqpage (name, description) VALUES (\n\t\t" . $db->quote(scrubData($_POST["new_coll_name"])) . ", ''\n\t\t)";
$rInsert = $db->exec($qInsert);
if ($rInsert !== FALSE) {
$feedback = _("Thy Will Be Done. Updated.");
} else {
$feedback = _("Thwarted! Something has gone wrong with the insert. Contact the admin.");
}
}
if (isset($_POST["update_collections"])) {
//////////////////////////////////
// Get the source dept data + sort order
//////////////////////////////////
//////////////////////
// Create new array of results
/////////////////////
$a = $_POST["faqpage_id"];
