/**
* @return array[permission => array[role]]
*/
function getUserPermissions()
{
if (null === $this->permissionsCache) {
$this->permissionsCache = array();
$implicitRoles = array();
$isOfficer = false;
switch (GetUserLevel()) {
case 'admin':
$implicitRoles[] = 'LEVEL_ADMIN';
// Fall-thru
// Fall-thru
case 'editor':
$implicitRoles[] = 'LEVEL_EDITOR';
// Fall-thru
// Fall-thru
case 'office':
$implicitRoles[] = 'LEVEL_OFFICER';
$isOfficer = true;
}
// Don't waste a database query if the user isn't logged into the office.
// Most of the time this will probably be normal users with no permissions.
if ($isOfficer) {
$query = $this->db->query(' SELECT role_permission_permission_name AS permission,' . ' role_permission_role_name AS role' . ' FROM role_permissions' . ' LEFT JOIN user_roles' . ' ON user_role_role_name = role_permission_role_name' . ' AND user_role_user_entity_id = ?' . ' WHERE user_role_user_entity_id IS NOT NULL' . (empty($implicitRoles) ? '' : ' OR role_permission_role_name IN ("' . implode('","', $implicitRoles) . '")'), array($this->user_auth->entityId));
foreach ($query->result_array() as $row) {
$this->permissionsCache[$row['permission']][] = $row['role'];
}
}
}
return $this->permissionsCache;
}
/**
* @note POST data:
* - 'search' (search pattern, optional)
*/
function attentionlist($content_type_codename)
{
//check permissions
if (!CheckPermissions('office')) {
return;
}
//load Navbar frame
$this->_SetupNavbar($content_type_codename);
$this->main_frame->SetPage('attentionlist');
$content_type_fullname = $this->pr_model->GetContentTypeNiceName($content_type_codename);
$this->main_frame->SetTitleParameters(array('content_type' => $content_type_fullname));
//Load page properties stuff
$this->pages_model->SetPageCode('office_review_attention_list');
$data = array();
$data['page_information'] = $this->pages_model->GetPropertyWikiText('page_information');
$data['assigned_venues_text'] = $this->pages_model->GetPropertyWikiText('assigned_venues');
$data['revisions_needing_approval'] = $this->pages_model->GetPropertyWikiText('revisions_needing_approval');
$data['reviews_needing_approval'] = $this->pages_model->GetPropertyWikiText('reviews_needing_approval');
$data['list_text_information'] = $this->pages_model->GetPropertyWikiText('list_text_information');
$data['list_text_reviews'] = $this->pages_model->GetPropertyWikiText('list_text_reviews');
$data['list_text_tags'] = $this->pages_model->GetPropertyWikiText('list_text_tags');
$data['list_text_leagues'] = $this->pages_model->GetPropertyWikiText('list_text_leagues');
$data['list_text_photos'] = $this->pages_model->GetPropertyWikiText('list_text_photos');
$data['list_text_thumbnails'] = $this->pages_model->GetPropertyWikiText('list_text_thumbnails');
$data['content_type_codename'] = $content_type_codename;
///////////////Get Sidebar data
//Get Assigned Venues
$data['assigned_venues'] = $this->pr_model->GetUsersAssignedReviewVenues($this->user_auth->entityId, $content_type_codename);
//Get Leagues
$data['leagues'] = $this->leagues_model->getAllLeagues($content_type_codename);
$user_level = GetUserLevel();
if ($user_level == "editor" || $user_level == "admin") {
//Get Waiting Revisions, (only show if editor, otherwise they cant approve stuff anyway)
$data['waiting_revisions'] = $this->pr_model->GetWaitingVenueInformationRevisions($content_type_codename);
//Get Waiting Reviews, (only show if editor, otherwise they cant approve stuff anyway)
$data['waiting_review_revisions'] = $this->pr_model->GetWaitingVenueReviewRevisions($content_type_codename);
}
//////Get data for main page lists
$data['information_venues'] = $this->pr_model->GetWorstVenuesForInformation($content_type_codename, 5);
$data['reviews_venues'] = $this->pr_model->GetWorstVenuesForReviews($content_type_codename, 5);
$data['tags_venues'] = $this->pr_model->GetWorstVenuesForTags($content_type_codename, 5);
$data['leagues_venues'] = $this->pr_model->GetWorstVenuesForLeagues($content_type_codename, 5);
$data['photos_venues'] = $this->pr_model->GetWorstVenuesForPhotos($content_type_codename, 5);
$data['thumbnails_venues'] = $this->pr_model->GetVenuesWithoutThumbnails($content_type_codename, 'small');
//no limit, gets all
// Set up the public frame to use the directory view
$this->main_frame->SetContentSimple('office/reviews/reviewlist_overview', $data);
$this->main_frame->Load();
}
function __construct()
{
parent::Controller();
// Load models
$this->load->model('facebookticker_model');
// All functionality in this section requires office access or above
if (!CheckPermissions('office')) {
return;
}
// Retrieve access level
$this->access = GetUserLevel();
// Make it so that we only need to worry about two levels of access (admin == editor)
if ($this->access == 'admin') {
$this->access = 'editor';
}
}
function UpdatePassword($email, $newPwd)
{
$res = "-1";
$pwd = "";
$level = GetUserLevel($email);
if ($level == "A") {
// go to admin table.
$pwd = UpdatePasswordUtility($email, $newPwd, "Admin", "AdminEmail", "AdminPwd");
if ($pwd == "1") {
$res = "A";
} else {
if ($pwd == "-1") {
$res = "-A";
} else {
if ($pwd == "2") {
// user has not signed up
$res = "2";
} else {
$res = "-1";
}
}
}
} else {
if ($level == "B") {
// go to director table.
$pwd = UpdatePasswordUtility($email, $newPwd, "Director", "DirectorEmail", "DirectorPwd");
if ($pwd == "1") {
$res = "B";
} else {
if ($pwd == "-1") {
$res = "-B";
} else {
if ($pwd == "2") {
// not signed up yet!
$res = "2";
} else {
$res = "-1";
}
}
}
} else {
if ($level == "C") {
// go to mentor table.
$pwd = UpdatePasswordUtility($email, $newPwd, "Mentor", "MentorEmail", "MentorPwd");
if ($pwd == "1") {
$res = "C";
} else {
if ($pwd == "-1") {
$res = "-C";
} else {
if ($pwd == "2") {
$res = "2";
} else {
$res = "-1";
}
}
}
} else {
if ($level == "D") {
// go to mentee table.
$pwd = UpdatePasswordUtility($email, $newPwd, "Mentee", "MenteeEmail", "MenteePwd");
if ($pwd == "1") {
$res = "D";
} else {
if ($pwd == "-1") {
$res = "-D";
} else {
if ($pwd == "2") {
$res = "2";
} else {
$res = "-1";
}
}
}
} else {
if ($level == "") {
// user email not in the user table.
$res = "0";
} else {
if ($level == "-1") {
// error condition.
$res = "-1";
}
}
}
}
}
}
return $res;
}
" method="post">
<div class="BlueBox">
<h2>about</h2>
<div id="name_details">
<p>
Organisation name : <strong><?php
echo xml_escape($organisation['name']);
?>
</strong><br />
Organisation type : <strong><?php
echo xml_escape($organisation['type']);
?>
</strong><br />
</p>
<?php
if (PermissionsSubset('pr', GetUserLevel())) {
?>
<form>
<fieldset>
<input name="name_edit_button" type="button" onclick="document.getElementById('name_details').style.display = 'none'; document.getElementById('name_details_form').style.display = 'block';" value="Edit" class="button" />
</fieldset>
</form>
</div>
<div id="name_details_form" style="display: none;">
<form id="org_name" action="<?php
echo vip_url('directory/information/changename');
?>
" method="post">
<fieldset>
<label for="organisation_name">Name:</label>
<input type="text" name="organisation_name" id="organisation_name" value="<?php
/**
* @brief Load photo request details
*/
function view()
{
/// Make sure users have necessary permissions to view this page
if (!CheckPermissions('office')) {
return;
}
/// Get custom page content
$this->pages_model->SetPageCode('office_photos');
$request_id = $this->uri->segment(4);
if (!$request_id || !is_numeric($request_id)) {
redirect('/office/photos/');
} else {
/// Get all the information about the specified photo request
$data = $this->photos_model->GetPhotoRequestDetails($request_id);
if (!$data) {
/// If request doesn't exist then redirect
redirect('/office/photos/');
} else {
/// Get help text for current request status
$data['help_text'] = $this->pages_model->GetPropertyWikiText('help_' . $data['status']);
/// Check if there are any new suggested photos - ask for confirmation
/// @TODO:Ensure request is open for new suggestions
if (isset($_SESSION['img'])) {
foreach ($_SESSION['img'] as $image) {
$data['suggestion'][] = $image['list'];
}
$data['suggestion'] = array_unique($data['suggestion']);
$this->load->library('image');
/// Reset list of new suggestions
unset($_SESSION['img']);
}
/// Add any confirmed suggestions
/// @TODO: Don't allow duplicate suggestions
if ($this->input->post('r_suggest') == 'Suggest' && $this->input->post('imgid_number')) {
for ($i = 0; $i < $this->input->post('imgid_number'); $i++) {
if ($this->input->post('imgid_' . $i . '_allow') == 'y') {
$this->photos_model->SuggestPhoto($request_id, $this->input->post('imgid_' . $i . '_number'), $this->input->post('imgid_' . $i . '_comment'), $this->user_auth->entityId);
}
}
redirect('/office/photos/view/' . $request_id . '/');
}
/// Get suggested photos for request
$data['photos'] = $this->photos_model->GetSuggestedPhotos($request_id);
/// Get photographers that request can be assigned to
$data['photographers'] = $this->photos_model->GetPhotographers();
/// Get comments
if (is_numeric($data['comments_thread'])) {
$this->load->library('comment_views');
$this->comment_views->SetUri('/office/photos/view/' . $request_id . '/');
$data['comments'] = $this->comment_views->CreateStandard((int) $data['comments_thread'], 1);
}
/// Get current user's access level
$is_editor = GetUserLevel();
if ($is_editor == 'admin') {
/// Admin users are effectively editors
$is_editor = 'editor';
}
if ($data['status'] == 'assigned' && $data['assigned_id'] == $this->user_auth->entityId) {
$data['user_level'] = 'photographer';
} elseif ($is_editor == 'editor') {
$data['user_level'] = 'editor';
} elseif ($data['reporter_id'] == $this->user_auth->entityId) {
$data['user_level'] = 'reporter';
} else {
$data['user_level'] = 'everyone';
}
/* At this point $data['user_level'] should hold one of the following access levels:
* - editor
* - photographer
* - reporter
* - everyone
*/
/// Access matrix
$data['access']['details'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE);
$data['access']['ready'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE);
$data['access']['complete'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE);
$data['access']['cancel'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE);
if ($data['status'] == 'unassigned' || $data['status'] == 'assigned') {
$data['request_editable'] = TRUE;
} else {
$data['request_editable'] = FALSE;
$data['access']['details'] = array('editor' => FALSE, 'photographer' => FALSE, 'reporter' => FALSE, 'everyone' => FALSE);
}
$data['request_finished'] = FALSE;
if ($data['status'] == 'deleted' || $data['status'] == 'completed') {
$data['request_finished'] = TRUE;
}
if ($data['status'] == 'completed') {
$data['access']['details'] = array('editor' => TRUE, 'photographer' => TRUE, 'reporter' => TRUE, 'everyone' => FALSE);
}
/// Check if user is trying to cancel or (un)ready a request
$special_op = $this->uri->segment(5);
if ($special_op) {
if ($special_op == 'ready') {
if ($data['access']['ready'][$data['user_level']]) {
$this->photos_model->FlagRequestReady($request_id);
} else {
$this->main_frame->AddMessage('error', 'You do not have the necessary permissions to flag this request as being ready.');
}
redirect('/office/photos/view/' . $request_id);
} elseif ($special_op == 'unready') {
if ($data['access']['ready'][$data['user_level']]) {
$this->photos_model->FlagRequestReady($request_id, 0);
} else {
$this->main_frame->AddMessage('error', 'You do not have the necessary permissions to remove the ready flag on this request.');
}
redirect('/office/photos/view/' . $request_id);
} elseif ($special_op == 'cancel') {
if ($data['access']['cancel'][$data['user_level']]) {
$this->photos_model->CancelRequest($request_id);
} else {
$this->main_frame->AddMessage('error', 'You do not have the necessary permissions to cancel this photo request.');
}
redirect('/office/photos/view/' . $request_id);
} elseif ($special_op == 'select') {
if ($data['access']['complete'][$data['user_level']]) {
$this->photos_model->SelectPhoto($request_id, $this->uri->segment(6), $this->user_auth->entityId);
} else {
$this->main_frame->AddMessage('error', 'You do not have the necessary permissions to select the chosen photo for this photo request.');
}
redirect('/office/photos/view/' . $request_id);
}
}
/// Check if user is trying to edit request's details
if ($this->input->post('r_details') == 'Update') {
/// Check the have the necessary permissions to edit
if ($data['access']['details'][$data['user_level']]) {
$this->photos_model->ChangeDetails($request_id, $this->input->post('r_title'), $this->input->post('r_brief'));
$this->main_frame->AddMessage('success', 'Photo request details successfully changed.');
redirect('/office/photos/view/' . $request_id . '/');
} else {
$this->main_frame->AddMessage('error', 'You do not have the necessary permissions to edit the details for this photo request, or this request has been completed or cancelled.');
}
}
/// Check if trying to change assigned photographer
if ($this->input->post('r_assign') !== FALSE) {
if ($data['status'] == 'unassigned') {
if ($data['user_level'] == 'editor' && is_numeric($this->input->post('r_assignuser'))) {
$this->photos_model->AssignPhotographer($request_id, $this->input->post('r_assignuser'));
redirect('/office/photos/view/' . $request_id);
} else {
$this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'accepted');
redirect('/office/photos/view/' . $request_id);
}
} elseif ($data['status'] == 'assigned') {
if ($data['user_level'] == 'photographer') {
if ($data['assigned_status'] == 'requested') {
$this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'accepted');
redirect('/office/photos/view/' . $request_id);
} elseif ($data['assigned_status'] == 'accepted') {
$this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'declined');
redirect('/office/photos/view/' . $request_id);
}
} elseif ($data['user_level'] == 'editor') {
$this->photos_model->UnassignPhotographer($request_id);
redirect('/office/photos/view/' . $request_id);
}
}
} elseif ($this->input->post('r_decline') !== FALSE) {
if ($data['status'] == 'assigned' && $data['user_level'] == 'photographer' && $data['assigned_status'] == 'requested') {
$this->photos_model->AssignPhotographer($request_id, $this->user_auth->entityId, 'declined');
redirect('/office/photos/view/' . $request_id);
}
}
/// Load image helper to get suggested photos' thumbnails
$this->load->library('image');
/// Load main frame with view
$this->main_frame->SetContentSimple('office/photos/view', $data);
$this->main_frame->Load();
}
}
}
function _deleteArticle()
{
$xajax_response = new xajaxResponse();
$article_id = $this->uri->segment(3);
$data['article'] = $this->article_model->GetArticleDetails($article_id);
// Make it so we only have to worry about two levels of access as admins can do everything editors can
$data['user_level'] = GetUserLevel();
if ($data['user_level'] == 'admin') {
$data['user_level'] = 'editor';
}
// if (($data['user_level'] == 'editor') || ($this->requests_model->IsUserRequestedForArticle($article_id, $this->user_auth->entityId) == 'accepted')) {
if ($data['user_level'] == 'editor') {
$this->requests_model->DeleteArticle($article_id);
$this->main_frame->AddMessage('success', 'The article was successfully deleted.');
$xajax_response->addRedirect('/office/news');
} else {
$xajax_response->addAlert('You must be an editor to delete an article!');
}
return $xajax_response;
}
function contacts($action = "viewgroup", $business_card_group = -1)
{
if (!CheckPermissions('vip+pr')) {
return;
}
$organisation = VipOrganisation();
$this->pages_model->SetPageCode('viparea_directory_contacts');
$editor_level = PermissionsSubset('pr', GetUserLevel()) || PermissionsSubset('vip', GetUserLevel());
//The pr and vip has all the powers of the editor in the directory, but not in the calendar
//Get Data And toolbar
$data = $this->organisations->_GetOrgData($organisation);
$data['page_information'] = $this->pages_model->GetPropertyWikitext('page_information');
//Delete group
if ($this->input->post('group_deletebutton')) {
$cards = $this->directory_model->GetDirectoryOrganisationCardsByGroupId($this->input->post('group_id'), true);
if (empty($cards)) {
$result = $this->businesscards_model->RemoveOrganisationCardGroupById($this->input->post('group_id'));
if ($result == 1) {
$this->messages->AddMessage('success', 'Group was successfully removed.');
} else {
$this->messages->AddMessage('error', 'Group was not removed, the group does not exist.');
}
} else {
$this->messages->AddMessage('error', 'Group was not removed, you cannot remove groups with cards.');
}
//set things back to normal
redirect(vip_url('directory/contacts/'));
}
//rename group
if ($this->input->post('group_renamebutton')) {
$result = $this->businesscards_model->RenameOrganisationCardGroup($this->input->post('group_id'), $this->input->post('group_name'));
if ($result == 1) {
$this->messages->AddMessage('success', 'Group was successfully renamed.');
} else {
$this->messages->AddMessage('error', 'Group was not renamed, the group does not exist.');
}
redirect(vip_url('directory/contacts/viewgroup/' . $this->input->post('group_id')));
}
if ($action == "deletecard") {
//business_card_group is actually the card id for this action
if ($editor_level) {
$result = $this->businesscards_model->DeleteBusinessCard($business_card_group);
if ($result) {
$this->messages->AddMessage('success', 'The contact card was successfully deleted.');
} else {
$this->messages->AddMessage('error', 'The contact card was not removed, it does not exist.');
}
redirect(vip_url('directory/contacts/'));
} else {
$this->messages->AddMessage('error', 'You do not have permission to delete contact cards.');
}
}
if ($action == "approvecard") {
//business_card_group is actually the card id for this action
if ($editor_level) {
$result = $this->businesscards_model->ApproveBusinessCard($business_card_group);
if ($result) {
$this->messages->AddMessage('success', 'The contact card was successfully approved.');
} else {
$this->messages->AddMessage('error', 'The contact card was not approved, it does not exist.');
}
//set things back to normal
redirect(vip_url('directory/contacts/'));
} else {
$this->messages->AddMessage('error', 'You do not have permission to approve contact cards.');
}
}
//Add Groups
if ($this->input->post('add_group_button')) {
if (!empty($_POST["group_name"])) {
$max_order = $this->businesscards_model->SelectMaxGroupOrderById($data['organisation']['id']);
$post_data = array('group_name' => $_POST["group_name"], 'organisation_id' => $data['organisation']['id'], 'group_order' => $max_order + 1);
$this->businesscards_model->AddOrganisationCardGroup($post_data);
$this->messages->AddMessage('success', 'Group was successfully added.');
redirect(vip_url('directory/contacts/'));
}
}
if (!empty($_POST["card_addbutton"])) {
if (empty($_POST["card_name"]) || empty($_POST["card_title"])) {
$this->messages->AddMessage('error', 'Please include a name and a title for your contact card');
//add failed send the data back into the form
$data['card_form'] = $_POST;
} else {
//find user id if exist
if (!empty($_POST["card_username"])) {
//find user id from username
$user_id = $this->businesscards_model->GetUserIdFromUsername($_POST["card_username"]);
} else {
$user_id = "";
}
//Send message if username was given and no id found
if ($user_id == "" && !empty($_POST["card_username"])) {
$this->messages->AddMessage('error', 'The user ' . $_POST["card_username"] . ' was not found, you may have spelt the username incorrectly or the user is not on the yorker. You may wish to leave that field blank.');
//add failed send the data back into the form
$data['card_form'] = $_POST;
} else {
//add contact card
//@note start time, end time, order, and image id are all currently null and not in use.
$this->businesscards_model->NewBusinessCard($user_id, $_POST["group_id"], null, $_POST["card_name"], $_POST["card_title"], $_POST["card_about"], $_POST["card_course"], $_POST["email"], $_POST["phone_mobile"], $_POST["phone_internal"], $_POST["phone_external"], $_POST["postal_address"], 0, null, null, 1);
//@note the 1 in the last parameter forces the card to be published when it is created. Beta only.
$this->messages->AddMessage('success', 'The contact card was successfully added.');
}
redirect(vip_url('directory/contacts/viewgroup/' . $_POST["group_id"]));
}
}
if (!empty($data)) {
$this->_SetupOrganisationNavbar();
// Business Card Groups
$groups = $this->directory_model->GetDirectoryOrganisationCardGroups($organisation);
// translate into nice names for view
$data['organisation']['groups'] = array();
foreach ($groups as $group) {
$data['organisation']['groups'][] = array('name' => $group['business_card_group_name'], 'href' => vip_url('directory/contacts/viewgroup/' . $group['business_card_group_id']), 'id' => $group['business_card_group_id']);
if ($business_card_group == -1) {
$business_card_group = $group['business_card_group_id'];
}
$data['current_group']['id'] = $business_card_group;
if ($group['business_card_group_id'] == $business_card_group) {
$data['current_group']['name'] = $group['business_card_group_name'];
}
}
//Make sure there are some groups to prevent view break on none.
if (empty($groups)) {
$data['no_groups'] = true;
} else {
$data['no_groups'] = false;
}
// Members data
$members = $this->directory_model->GetDirectoryOrganisationCardsByGroupId($business_card_group, true);
// translate into nice names for view
$data['organisation']['cards'] = array();
foreach ($members as $member) {
$data['organisation']['cards'][] = array('user_id' => $member['business_card_user_entity_id'], 'id' => $member['business_card_id'], 'name' => $member['business_card_name'], 'title' => $member['business_card_title'], 'course' => $member['business_card_course'], 'blurb' => $member['business_card_blurb'], 'email' => $member['business_card_email'], 'image_id' => $member['business_card_image_id'], 'phone_mobile' => $member['business_card_mobile'], 'phone_internal' => $member['business_card_phone_internal'], 'phone_external' => $member['business_card_phone_external'], 'postal_address' => $member['business_card_postal_address'], 'approved' => $member['business_card_approved']);
}
//Put the view in edit mode
$data['organisation']['editmode'] = true;
// Set up the directory view
$the_view = $this->frames->view('directory/viparea_directory_view_members', $data);
// Set up the public frame
$this->main_frame->SetTitleParameters(array('organisation' => $data['organisation']['name']));
$this->main_frame->SetPage('contacts');
$this->main_frame->SetContent($the_view);
} else {
$this->load->library('custom_pages');
$this->main_frame->SetContent(new CustomPageView('directory_notindirectory', 'error'));
}
// Load the public frame view
$this->main_frame->Load();
}
function edit($game_id = -1)
{
if ($game_id == -1) {
redirect('office/games');
}
if (!CheckPermissions('office')) {
return;
}
$data['is_editor'] = PermissionsSubset('editor', GetUserLevel());
$this->pages_model->SetPageCode('office_games_edit');
$this->load->library('image');
$data['section_games_edit_page_info_title'] = $this->pages_model->GetPropertyText('section_games_edit_page_info_title');
$data['section_games_edit_page_info_text'] = $this->pages_model->GetPropertyWikiText('section_games_edit_page_info_text');
if (isset($_POST['game_title_field']) && isset($_POST['game_width_field']) && isset($_POST['game_height_field'])) {
if ($this->games_model->Edit_Game_Update($game_id, $_POST['game_title_field'], $_POST['game_width_field'], $_POST['game_height_field'], PermissionsSubset('editor', GetUserLevel()) and isset($_POST['game_activated_field']))) {
$this->main_frame->AddMessage('success', 'Changes saved!', FALSE);
} else {
$this->main_frame->AddMessage('error', 'Update failed!', FALSE);
}
}
$data['game'] = $this->games_model->Edit_Game_Get($game_id);
$data['game']['pathname'] = $this->config->item('static_web_address') . '/games/' . $data['game']['filename'];
$data['game']['image'] = $this->image->getImage($data['game']['image_id'], 'gamethumb', array('title' => $data['game']['title']));
$data['game_id'] = $game_id;
$this->main_frame->SetContentSimple('office/games/edit', $data);
$this->main_frame->Load();
}
function editinfo($campaign_id)
{
if (!CheckPermissions('office')) {
return;
}
//set the page code and load the required models
$this->pages_model->SetPageCode('office_campaign_edit');
$this->load->model('campaign_model', 'campaign_model');
//Get navigation bar and tell it the current page
$this->_SetupNavbar($campaign_id);
$this->main_frame->SetPage('info');
//get charity from given id
$data['campaign']['name'] = $this->campaign_model->GetCampaignNameID($campaign_id);
$data['campaign']['id'] = $campaign_id;
//get the current users id and office access
$data['user']['id'] = $this->user_auth->entityId;
$data['user']['is_editor'] = PermissionsSubset('editor', GetUserLevel());
// Set up the view
$the_view = $this->frames->view('office/campaign/info', $data);
// Set up the public frame
$this->main_frame->SetTitleParameters(array('name' => $data['campaign']['name']));
$this->main_frame->SetContent($the_view);
// Load the public frame view
$this->main_frame->Load();
}
/**
* @param $Level string:
* - 'public'
* - 'student'
* - 'organisation'
* - 'vip'
* - 'office'
* - 'pr'
* - 'editor'
* - 'admin'
* @param $RedirectDestination string URI to redirect to on success.
* @param $Organisation string Organisation codename to force.
* @return Whether successfully logged in yet
*
* @pre CheckPermissions has already been called.
*/
function LoginHandler($Level, $RedirectDestination, $Organisation = FALSE)
{
$CI =& get_instance();
$CI->load->library('messages');
$data = array('target' => $CI->uri->uri_string());
$login_id = '';
if ($Level === 'office') {
$page_code = 'login_office';
$login_id = 'office';
$success_msg = $CI->pages_model->GetPropertyText('login:success_office', TRUE);
// Find whether to fail
$data['failure'] = !$CI->user_auth->officeLogin;
if ($data['failure']) {
$data['failure_text'] = $CI->pages_model->GetPropertyWikitext('nooffice_text', $page_code);
}
} elseif ($Level === 'vip') {
$page_code = 'login_vip';
$login_id = 'vip';
$success_msg = $CI->pages_model->GetPropertyText('login:success_vip', TRUE);
$data['usernames'] = array();
$logins = $CI->user_auth->getOrganisationLogins();
// Find whether to fail
$data['failure'] = empty($logins);
if ($data['failure']) {
$data['failure_text'] = $CI->pages_model->GetPropertyWikitext('novip_text', $page_code);
}
// Default to an organisation?
if (is_string($Organisation)) {
// Default organisation is $Organisation
foreach ($logins as $login) {
$data['usernames'][$login['organisation_entity_id']] = $login['organisation_name'];
if ($login['organisation_directory_entry_name'] === $Organisation) {
$data['default_username'] = $login['organisation_entity_id'];
}
}
} else {
// Don't specify a default
foreach ($logins as $login) {
$data['usernames'][$login['organisation_entity_id']] = $login['organisation_name'];
}
}
} else {
$page_code = 'login_public';
$login_id = 'student';
$success_msg = $CI->pages_model->GetPropertyText('login:success_public', TRUE);
$data['username'] = $CI->user_auth->username;
$data['keep_login'] = !empty($CI->user_auth->username);
$data['failure'] = false;
}
$data['login_id'] = $login_id;
if ($CI->input->post('login_id') === $login_id) {
if ($login_id === 'student') {
$username = $CI->input->post('username');
} elseif ($login_id === 'vip') {
$entity_id = $CI->input->post('username');
}
$password = $CI->input->post('password');
$post_data = $CI->input->post('previous_post_data');
if (FALSE !== $post_data) {
$data['previous_post_data'] = $post_data;
}
try {
if ($Level === 'vip') {
// if office access say have been logged out of vip
if ($CI->user_auth->officeType !== 'None') {
$CI->user_auth->logoutOffice();
$left_office_message = $CI->pages_model->GetPropertyMessage('msg_left_office_message', $page_code);
if (FALSE !== $left_office_message) {
$CI->messages->AddMessage(new Message($left_office_message));
}
}
$CI->user_auth->loginOrganisation($password, $entity_id);
} elseif ($Level === 'office') {
// if vip access say have been logged out of office
if ($CI->user_auth->organisationLogin >= 0) {
$CI->user_auth->logoutOrganisation();
$left_vip_message = $CI->pages_model->GetPropertyMessage('msg_left_vip_message', $page_code);
if (FALSE !== $left_vip_message) {
$CI->messages->AddMessage(new Message($left_vip_message));
}
}
$CI->user_auth->loginOffice($password);
} else {
$keep_login = FALSE !== $CI->input->post('keep_login');
$CI->user_auth->login($username, $password, $keep_login);
if ($CI->user_auth->firstname == '' && $CI->user_auth->surname == '') {
$CI->messages->AddMessage('warning', $CI->pages_model->GetPropertyWikiText('login:no_name_set', TRUE));
}
if ($RedirectDestination == '' || $RedirectDestination == '/') {
$RedirectDestination = GetDefaultHomepage();
}
}
$CI->messages->AddMessage('success', '<p>' . $success_msg . '</p>');
if (FALSE !== $post_data) {
SetRedirectData($RedirectDestination, $post_data);
}
redirect($RedirectDestination);
return TRUE;
} catch (Exception $e) {
$CI->messages->AddMessage('error', '<p>' . $e->getMessage() . '</p>');
}
} else {
$post_data = GetRedirectData();
if (NULL !== $post_data) {
$data['previous_post_data'] = $post_data;
$CI->messages->AddMessage('information', '<p>The form data you submitted will be sent after you log in from this page. </p>');
}
$data['initial_username'] = '';
}
// Get various page properties used for displaying the login screen
$CI->pages_model->SetPageCode($page_code);
// Show "please log in" message if not failed
/*
if (!$data['failure']) {
$permission_message = $CI->pages_model->GetPropertyMessage('msg_permission_message');
if (FALSE !== $permission_message) {
$CI->messages->AddMessage(new Message($permission_message), FALSE);
}
}*/
// Title of login section of page
$section_title = $CI->pages_model->GetPropertyText('section_title');
if (!empty($section_title)) {
$data['title'] = $section_title;
}
// Main login message
$login_message = $CI->pages_model->GetPropertyText('login_message');
if (!empty($login_message)) {
$data['login_message'] = '<p>' . $login_message . '</p>';
}
// Items in the right bar
$data['rightbar'] = $CI->pages_model->GetPropertyArray('rightbar', array(array('pre' => '[', 'post' => ']', 'type' => 'int'), array('pre' => '.', 'type' => 'enum', 'enum' => array(array('title', 'text'), array('text', 'wikitext')))));
SetupMainFrame(GetUserLevel(), FALSE);
$CI->main_frame->SetContentSimple('login/login', $data);
$CI->main_frame->Load();
return FALSE;
}
unset($links[$i]);
}
}
if (count($links) == 0) {
return;
}
echo ' <ul' . ($firstMenu ? ' class="first"' : '') . '>' . "\n";
echo ' <li class="first">' . $title . '</li>' . "\n";
foreach ($links as $link) {
echo ' <li><a href="' . $link[1] . '">' . $link[0] . '</a></li>' . "\n";
}
echo ' </ul>' . "\n";
}
printMenu($this, 'Office', array(array('Office Home', '/office', ''), array('Office Chat', '/office/irc', 'IRC_CHAT'), array('My Bylines', '/office/bylines', 'BYLINES_VIEW')), true);
// Editor and Admins only
if (PermissionsSubset('editor', GetUserLevel())) {
printMenu($this, 'Admin', array(array('Announcements', '/office/announcements', 'ANNOUNCEMENT_VIEW'), array('Permissions', '/admin/permissions', 'PERMISSIONS_VIEW'), array('Manage Team', '/office/manage/members', 'MANAGE'), array('Manage VIPs', '/office/vipmanager', 'VIPMANAGER_VIEW'), array('Content Schedule', '/office/news/contentschedule', 'ARTICLE_VIEW'), array('Change Live Article', '/office/news/scheduledlive', 'ARTICLE_VIEW'), array('Comment Moderation', '/office/moderator', 'COMMENT_MODERATE'), array('Page Properties', '/admin/pages', 'PAGES_VIEW'), array('Statistics', '/office/stats', 'STATS_VIEW'), array('Feedback', '/admin/feedback', 'FEEDBACK_VIEW'), array('Article Types', '/office/articletypes', 'ARTICLETYPES_VIEW'), array('Special Articles', '/office/specials', 'ARTICLE_VIEW'), array('Facebook Articles', '/office/ticker', 'ARTICLE_VIEW'), array('Advertising', '/office/advertising', 'ADVERTISING_VIEW'), array('Polls', '/office/polls', 'POLLS_VIEW')));
}
printMenu($this, 'Sections', array(array('Uni News', '/office/news/uninews', 'ARTICLE_VIEW'), array('Features', '/office/news/features', 'ARTICLE_VIEW'), array('Lifestyle', '/office/news/lifestyle', 'ARTICLE_VIEW'), array('Arts', '/office/news/arts', 'ARTICLE_VIEW'), array('Sport', '/office/news/sport', 'ARTICLE_VIEW'), array('Blogs', '/office/news/blogs', 'ARTICLE_VIEW'), array('Food', '/office/news/food', 'ARTICLE_VIEW'), array('Videocasts', '/office/news/videocasts', 'ARTICLE_VIEW'), array('News Comment', '/office/news/comment', 'ARTICLE_VIEW'), array('Podcasts', '/office/podcasts', 'ARTICLE_VIEW')));
printMenu($this, 'Info + Reviews', array(array('Directory', '/office/prlist', ''), array('Food', '/office/reviewlist/foodreviews', ''), array('Drink', '/office/reviewlist/drinkreviews', ''), array('Review Tags', '/office/reviewtags', ''), array('Leagues', '/office/leagues', ''), array('PR System', '/office/pr/summary', ''), array('Campaigns', '/office/campaign', 'CAMPAIGN_VIEW'), array('Charities', '/office/charity', 'CHARITY_VIEW'), array('How Do I', '/office/howdoi', 'HOWDOI_VIEW'), array('Game Zone', '/office/games', 'GAMEZONE_VIEW')));
printMenu($this, 'Photos', array(array('Photo Requests', '/office/photos', 'GALLERY_VIEW'), array('Gallery', '/office/gallery', 'GALLERY_VIEW'), array('Homepage Banners', '/office/banners', 'BANNERS_VIEW')));
printMenu($this, 'Homepage', array(array('Quotes', '/office/quotes', 'QUOTES_VIEW'), array('Links', '/office/links', 'LINKS_VIEW'), array('Style Guide', '/office/guide', 'ARTICLE_VIEW')));
?>
<?php
if (isset($extra_menu_buttons) && !empty($extra_menu_buttons)) {
echo '<ul>';
foreach ($extra_menu_buttons as $key => $button) {
echo '<li' . (!$key ? ' class="first"' : '') . '>';
if (is_string($button)) {
echo $button;
} else {
function __construct()
{
parent::__construct('templates/list');
$config = get_instance()->config->item('comments');
$this->SetData('Mode', $config['edit']['moderator'] && PermissionsSubset('moderator', GetUserLevel()) ? 'mod' : null);
$this->SetData('Threaded', true);
$this->mMaxPerPage = $config['max_per_page'];
}
function _updateHeadlines($revision, $headline, $subheadline, $subtext, $blurb, $wiki, $create_cache, $fact_heading, $fact_text)
{
$this->load->library('image');
$xajax_response = new xajaxResponse();
$article_id = $this->uri->segment(3);
// Make it so we only have to worry about two levels of access as admins can do everything editors can
$data['user_level'] = GetUserLevel();
if ($data['user_level'] == 'admin') {
$data['user_level'] = 'editor';
}
if ($data['user_level'] == 'editor' || $this->requests_model->IsUserRequestedForArticle($article_id, $this->user_auth->entityId) == 'accepted') {
if (is_numeric($revision)) {
$headline = $this->input->xss_clean($headline);
$subheadline = $this->input->xss_clean($subheadline);
$subtext = $this->input->xss_clean($subtext);
$blurb = $this->input->xss_clean($blurb);
$wiki = $this->input->xss_clean($wiki);
$fact_heading = $this->input->xss_clean($fact_heading);
$fact_text = $this->input->xss_clean($fact_text);
$revision = $this->article_model->GetArticleRevisionToEdit($article_id, $this->user_auth->entityId, $revision);
$wiki_cache = '';
// if ($create_cache) {
$this->load->library('wikiparser');
$data['photo_requests'] = $this->photos_model->GetPhotoRequestsForArticle($article_id);
foreach ($data['photo_requests'] as $photo) {
$this->wikiparser->add_image_override($photo['photo_number'], $this->image->getThumb($photo['chosen_photo'], 'medium', true), $photo['title']);
}
$wiki_cache = $this->wikiparser->parse($wiki);
// }
if ($revision == 0) {
$revision = $this->article_model->CreateNewRevision($article_id, $this->user_auth->entityId, $headline, $subheadline, $subtext, $blurb, $wiki, $wiki_cache);
} else {
$this->article_model->UpdateRevision($revision, $headline, $subheadline, $subtext, $blurb, $wiki, $wiki_cache);
}
$this->article_model->UpdateRevisionFactBox($revision, $fact_heading, $fact_text);
$xajax_response->addScriptCall('headlinesUpdates', $revision, date('H:i:s'));
} else {
$xajax_response->addAlert('Invalid revision number, please try reloading the page.');
}
} else {
$xajax_response->addAlert('You do not have the permissions required to edit the details for this article!');
}
return $xajax_response;
}
/**
* ACTIVITY
*/
function getActivity($count = 30, $start_date = NULL)
{
if (empty($start_date)) {
$start_date = mktime();
}
$implicitRoles = array();
switch (GetUserLevel()) {
case 'admin':
$implicitRoles[] = 'LEVEL_ADMIN';
// Fall-thru
// Fall-thru
case 'editor':
$implicitRoles[] = 'LEVEL_EDITOR';
// Fall-thru
// Fall-thru
case 'office':
$implicitRoles[] = 'LEVEL_OFFICER';
}
$sql = 'SELECT notifications.notification_id AS id,
notifications.notification_type AS type,
notifications.notification_subject AS subject,
notifications.notification_wikitext_cache AS wikitext,
notifications.notification_user_entity_id AS user_id,
notifications.notification_byline_business_card_id AS byline_id,
UNIX_TIMESTAMP(notifications.notification_date) AS date,
notifications_recipients.notification_read AS opened,
CONCAT(users.user_firstname, " ", users.user_surname) AS user_name
FROM notifications
INNER JOIN users
ON notifications.notification_user_entity_id = users.user_entity_id
LEFT JOIN notifications_recipients
ON ( notifications_recipients.notification_id = notifications.notification_id
AND notifications_recipients.notification_user_entity_id = ?
)
WHERE notifications.notification_deleted = 0
AND ( notifications.notification_role IN
(
SELECT user_role_role_name
FROM user_roles
WHERE user_role_user_entity_id = ?
)
OR notifications.notification_role IN ("' . implode('","', $implicitRoles) . '")
OR notifications_recipients.notification_user_entity_id IS NOT NULL
OR notifications.notification_permission IN
(
SELECT role_permission_permission_name
FROM role_permissions
WHERE role_permission_role_name IN
(
SELECT user_role_role_name
FROM user_roles
WHERE user_role_user_entity_id = ?
)
OR role_permission_role_name IN ("' . implode('","', $implicitRoles) . '")
)
)
AND UNIX_TIMESTAMP(notifications.notification_date) <= ?
ORDER BY notifications.notification_date DESC
LIMIT 0, ?';
$query = $this->db->query($sql, array($this->user_auth->entityId, $this->user_auth->entityId, $this->user_auth->entityId, $start_date, $count));
return $query->result();
}
function update()
{
if (!CheckPermissions('office', false)) {
return;
}
// Allow admins to do this, in case somebody screws with permissions.
if (GetUserLevel() != 'admin') {
$requiredPermissions = array();
if (isset($_POST['roles'])) {
$requiredPermissions[] = 'PERMISSIONS_MODIFY_ROLES';
}
if (isset($_POST['users'])) {
$requiredPermissions[] = 'PERMISSIONS_MODIFY_USERS';
}
if (!CheckRolePermissions($requiredPermissions)) {
return;
}
} else {
$this->load->model('permissions_model');
}
// Confirm changes
if (isset($_POST['roles'])) {
$roleChangesPost = $_POST['roles'];
$roleChanges = array();
foreach ($roleChangesPost as $addrem => $changes) {
foreach ($changes as $change_info) {
if (isset($change_info['r']) && isset($change_info['p'])) {
$roleChanges[$addrem][$change_info['r']][] = $change_info['p'];
}
}
}
if (isset($roleChanges[1])) {
$this->permissions_model->removeRolePermissions($roleChanges[1]);
}
if (isset($roleChanges[0])) {
$this->permissions_model->addRolePermissions($roleChanges[0]);
}
}
if (isset($_POST['users'])) {
$userChangesPost = $_POST['users'];
$userChanges = array();
foreach ($userChangesPost as $addrem => $changes) {
foreach ($changes as $change_info) {
if (isset($change_info['u']) && isset($change_info['r'])) {
$userChanges[$addrem][$change_info['u']][] = $change_info['r'];
}
}
}
if (isset($userChanges[1])) {
$this->permissions_model->removeUserRoles($userChanges[1]);
}
if (isset($userChanges[0])) {
$this->permissions_model->addUserRoles($userChanges[0]);
}
}
}
function _article($article_type = 'uninews', $article_id = NULL, $CommentInclude = 0)
{
// Load public view
if (!CheckPermissions('public')) {
return;
}
$type_info = $this->News_model->getArticleTypeInformation($article_type);
if (count($type_info) == 0) {
$article_type = 'uninews';
$type_info = $this->News_model->getArticleTypeInformation($article_type);
}
// The precise article wasn't given so we should show the default.
// Redirect to the correct URL so that google doesn't index section pages.
// Get a minimum of information so the redirect is fast.
if ($article_id === NULL) {
list($content_codename, $article_id) = $this->News_model->GetDefaultArticleInfo($article_type);
if (is_numeric($article_id)) {
redirect('news/' . $content_codename . '/' . $article_id);
}
}
// Get the latest article ids from the model.
$latest_article_ids = $this->News_model->GetLatestId($article_type, 13);
if ($type_info['parent_id'] != NULL) {
$parent = $this->News_model->getArticleTypeCodename($type_info['parent_id']);
$this->pages_model->SetPageCode('news_' . $parent['content_type_codename']);
$this->main_frame->SetTitleParameters(array('section' => ' - ' . $type_info['name']));
} else {
$this->pages_model->SetPageCode('news_' . $article_type);
if ($type_info['has_children']) {
$this->main_frame->SetTitleParameters(array('section' => ''));
}
}
// Get page specific attributes
if ($article_type == 'uninews') {
$data['rss_feed_title'] = $this->pages_model->GetPropertyText('rss_feed_title');
}
// Get variable content based on article type
$data['article_type'] = $article_type;
$data['puffer_heading'] = $this->pages_model->GetPropertyText('puffer_heading');
$data['latest_heading'] = $this->pages_model->GetPropertyText('latest_heading');
$data['other_heading'] = $this->pages_model->GetPropertyText('other_heading');
$data['related_heading'] = $this->pages_model->GetPropertyText('related_heading');
$data['links_heading'] = $this->pages_model->GetPropertyText('links_heading');
// $latest_article_ids has already been found above
if ($type_info['has_children'] || $type_info['parent_id'] != NULL) {
$this->load->library('image');
if ($type_info['section'] == 'blogs') {
if ($type_info['parent_id'] != NULL) {
$temp_type = $parent['content_type_codename'];
}
if ($type_info['has_children']) {
$temp_type = $article_type;
}
$data['blogs'] = $this->News_model->getSubArticleTypes($temp_type);
foreach ($data['blogs'] as &$blog) {
$blog['image'] = '/image/' . $blog['image_codename'] . '/' . $blog['image'];
}
} else {
$temp_type = $article_type;
if ($type_info['parent_id'] != NULL) {
$temp_type = $parent['content_type_codename'];
}
$data['puffers'] = $this->News_model->getSubArticleTypes($temp_type);
foreach ($data['puffers'] as &$puffer) {
$puffer['image'] = '/image/' . $puffer['image_codename'] . '/' . $puffer['image'];
}
}
}
/// Get requested article id if submitted
$url_article_id = $article_id;
// Check if an article id was requested, if so check that the type of article it corresponds
// to is correct for the current news view, otherwise 404 (so that search engines do not index duplicate pages).
if ($url_article_id !== NULL) {
if (is_numeric($url_article_id) && $this->News_model->IdIsOfType($url_article_id, $article_type)) {
/// Check if requested article is already one of the IDs returned
$found_article = array_search($url_article_id, $latest_article_ids);
if ($found_article !== FALSE) {
/// If it is, remove it from the list
unset($latest_article_ids[$found_article]);
}
/// Put request article id onto front of array so that it becomes the main article
$latest_article_ids = array_merge(array($url_article_id), $latest_article_ids);
} else {
return show_404();
}
}
/// Get all of the latest article
if (isset($_SESSION['office_news_preview'])) {
$main_article = $this->News_model->GetFullArticle($latest_article_ids[0], '', '%W, %D %M %Y', $_SESSION['office_news_preview']);
$data['office_preview'] = 1;
unset($_SESSION['office_news_preview']);
} else {
/// If there are no articles for this particular section then show a page anyway
if (count($latest_article_ids) == 0) {
$main_article = array('placeholder' => true, 'id' => 0, 'date' => date('l, jS F Y'), 'location' => 0, 'public_thread_id' => NULL, 'heading' => $this->pages_model->GetPropertyText('news:no_articles_heading', TRUE), 'subheading' => NULL, 'subtext' => NULL, 'text' => $this->pages_model->GetPropertyWikitext('news:no_articles_text', TRUE), 'blurb' => NULL, 'authors' => array(), 'links' => array(), 'related_articles' => array(), 'fact_boxes' => array(), 'poll_id' => NULL);
} else {
$main_article = $this->News_model->GetFullArticle($latest_article_ids[0]);
/// Check if article requested doesn't exist
if ($main_article === NULL) {
redirect('/news/' . $article_type);
}
}
}
if ($main_article['poll_id'] !== NULL) {
$this->load->model('polls_model');
$poll_info = $this->polls_model->GetPollDetails($main_article['poll_id']);
//$poll_options = $this->polls_model->GetPollChoices($main_article['poll_id']);
$user_info = $this->polls_model->GetCompetitionContactDetails($this->user_auth->entityId);
if (!$poll_info['deleted'] && mktime() > $poll_info['start_time']) {
$poll_message = '';
if (!$this->user_auth->isLoggedIn) {
$poll_message = 'Please <a href="/login/main/news/' . $article_type . '/' . $article_id . '">login</a> to enter this competition.';
} elseif (!$this->user_auth->isUser) {
$poll_message = 'Sorry, organisations may not enter competitions. Please login as an individual to enter.';
} elseif ($this->user_auth->officeLogin) {
$poll_message = 'Sorry, members of The Yorker may not enter competitions.';
} elseif ($this->polls_model->HasUserVoted($main_article['poll_id'], $this->user_auth->entityId)) {
$poll_message = 'Thank you for entering this competition.';
} elseif (mktime() > $poll_info['finish_time']) {
$poll_message = 'Sorry, this competition is now closed.';
} elseif (!empty($_POST['york_score']) && !empty($_POST['lancs_score'])) {
/* Roses Special Competition */
//} elseif (isset($_POST['comp_answer'])) {
if ($user_info['user_firstname'] == '' || $user_info['user_surname'] == '') {
$this->messages->AddMessage('error', 'Please make sure you enter your name before entering this competition.');
//} elseif ($this->polls_model->IsChoicePartOfPoll($main_article['poll_id'], $_POST['comp_answer'])) {
// $this->polls_model->SetUserPollVote($main_article['poll_id'], $this->user_auth->entityId, $_POST['comp_answer']);
} else {
$this->load->model('roses_model');
$this->roses_model->enterComp($main_article['poll_id'], $this->user_auth->entityId, $_POST['york_score'], $_POST['lancs_score']);
$this->messages->AddMessage('success', 'You have successfully been entered into the competition.');
}
redirect('/news/' . $article_type . '/' . $article_id);
}
$main_article['article_poll'] = array('info' => $poll_info, 'message' => $poll_message, 'user' => $user_info);
$this->load->library('wikiparser');
$main_article['article_poll']['info']['question'] = $this->wikiparser->parse($main_article['article_poll']['info']['question']);
}
}
//Set page title to include headline
$this->main_frame->SetTitleParameters(array('headline' => $main_article['heading']));
/// Get some of the 2nd- and 3rd-latest articles
$news_previews = array();
for ($index = 1; $index <= 4 && $index < count($latest_article_ids); $index++) {
array_push($news_previews, $this->News_model->GetSummaryArticle($latest_article_ids[$index], "Right"));
}
/// Get less of the next 3 newest articles
$news_others = array();
for ($index = 5; $index < count($latest_article_ids); $index++) {
array_push($news_others, $this->News_model->GetSimpleArticle($latest_article_ids[$index], "Left"));
}
/// Get comments for article
if (is_numeric($main_article['public_thread_id'])) {
$this->load->library('comment_views');
if (FALSE === $CommentInclude) {
$CommentInclude = NULL;
}
$this->comment_views->SetUri('/news/' . $article_type . '/' . $latest_article_ids[0] . '/');
$data['comments'] = $this->comment_views->CreateStandard((int) $main_article['public_thread_id'], $CommentInclude);
}
$access_level = GetUserLevel();
if ($access_level == 'editor' || $access_level == 'admin') {
$data['editor_tools'] = true;
}
/// Gather all the data into an array to be passed to the view
$data['main_article'] = $main_article;
$data['news_previews'] = $news_previews;
$data['news_others'] = $news_others;
/// Facebook share link info
$this->main_frame->SetData('description', $main_article['blurb']);
$this->main_frame->SetData('medium_type', 'news');
if (isset($main_article['primary_photo_link'])) {
$this->main_frame->SetData('main_image', $main_article['primary_photo_link']);
}
// Set up the public frame
if ($article_type == 'videocasts') {
$this->main_frame->SetContentSimple('news/videocasts', $data);
} else {
$this->main_frame->SetContentSimple('news/news', $data);
}
// Load the public frame view (which will load the content view)
$this->main_frame->Load();
}
function information($ContextType, $organisation, $action = 'view', $revision_id = FALSE)
{
/// @todo add show all option backend
if (!CheckPermissions('office')) {
return;
}
$this->pages_model->SetPageCode('office_reviews_information');
$editor_level = PermissionsSubset('editor', GetUserLevel());
//Get navigation bar and tell it the current page
$data = $this->organisations->_GetOrgData($organisation);
$data['page_information'] = $this->pages_model->GetPropertyWikitext('page_information');
$data['context_type'] = $ContextType;
$this->_SetupNavbar($organisation, $ContextType);
$this->main_frame->SetPage('information');
//test to allow a person to view deleted revisions
$show_all_revisions = false;
if ($action == 'viewall') {
if ($editor_level) {
$show_all_revisions = true;
} else {
$this->messages->AddMessage('error', 'You do not have permission to view deleted revisions');
}
$action = 'view';
}
if ($action == 'assign') {
//There are two types of assignment. Url /assign/ where a user assigns themselfs. And by Posting a form, where an editor can assign anyone.
$this->load->model('pr_model');
$content_type_id = $this->pr_model->GetContentTypeId($ContextType);
if (isset($_POST['assign_reporter'])) {
//There is form post, so treat and check as an editor
if ($editor_level) {
if ($_POST['assign_reporter'] == 'unassign') {
$this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id);
$this->messages->AddMessage('success', 'The assigned user has been removed.');
} else {
$user_id = (int) $_POST['assign_reporter'];
//check for post
$this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id, $user_id);
$this->messages->AddMessage('success', 'The user has been assigned to the venue.');
}
} else {
$this->messages->AddMessage('error', 'Only aditors can assign someone else to a venue.');
}
} else {
//there is no form post, so assume its a writer wanting to assign themselfs.
$user_owns = $this->pr_model->IsUserAssignedToReviewVenue($ContextType, $organisation);
if ($user_owns) {
$this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id, $this->user_auth->entityId);
$this->messages->AddMessage('success', 'You have been assigned to this venue.');
} else {
$this->messages->AddMessage('error', 'This venue is already assigned to someone else!');
}
}
$revision_id = FALSE;
//have used this parameter for user id! Better clear it so other functions dont think i want a revision.
$action = 'view';
}
if ($action == 'unassign') {
//this action is only used by non editors wanting to unassign themselfs. Editors dont unassign people the reassign something to someone (inculding the null person)
//Check the user is unassigning themselfs only!
$this->load->model('pr_model');
$content_type_id = $this->pr_model->GetContentTypeId($ContextType);
$user_owns = $this->pr_model->IsUserAssignedToReviewVenue($ContextType, $organisation, $this->user_auth->entityId);
if ($user_owns) {
$this->pr_model->AssignReviewVenueToUser($data['organisation']['id'], $content_type_id);
$this->messages->AddMessage('success', 'You have been unassigned from this venue.');
} else {
$this->messages->AddMessage('error', 'You can only unassign yourself from a venue.');
}
$revision_id = FALSE;
$action = 'view';
}
if ($action == 'delete') {
if ($editor_level) {
if (TRUE) {
/// @todo Review context revision removal.
$this->messages->AddMessage('error', 'Removal of revisions is not yet available');
} else {
$result = $this->directory_model->FlagEntryRevisionAsDeletedById($organisation, $revision);
if ($result == 1) {
$this->messages->AddMessage('success', 'Directory revision successfully removed.');
} else {
$this->messages->AddMessage('error', 'Directory revision was not removed, revision does not exist or is live.');
}
}
} else {
$this->messages->AddMessage('error', 'You do not have permission to remove revisions.');
}
$action = 'view';
}
if ($action == 'restore') {
//Check Permissions
if ($editor_level) {
if (TRUE) {
/// @todo Review context revision restoration.
$this->messages->AddMessage('error', 'Restoration of revisions is not yet available');
} else {
//Send and get data
$result = $this->directory_model->FlagEntryRevisionAsDeletedById($organisation, $revision, false);
if ($result == 1) {
$this->messages->AddMessage('success', 'Directory revision was restored successfully.');
} else {
$this->messages->AddMessage('error', 'Directory revision was not restored it does not exist or it is not deleted.');
}
}
} else {
$this->messages->AddMessage('error', 'You do not have permission to restore revisions');
}
$action = 'view';
}
if ($action == 'publish') {
//Check Permissions
if ($editor_level) {
//Send and get data
$result = $this->review_model->PublishContextContentRevision($organisation, $ContextType, $revision_id);
if ($result) {
$this->messages->AddMessage('success', 'Review page revision was published successfully.');
} else {
$this->messages->AddMessage('error', 'Review page revision was not published as it does not exist or is already live.');
}
} else {
$this->messages->AddMessage('error', 'You do not have permission to publish revisions');
}
$action = 'view';
}
if ('preview' === $action) {
$here = site_url('office/reviews/' . $organisation . '/' . $ContextType . '/information');
$revision = $this->review_model->GetReviewContextContentRevisions($organisation, $ContextType, $revision_id === TRUE ? -1 : $revision_id);
if (!array_key_exists(0, $revision)) {
$action = 'view';
} else {
//Show a toolbar in a message for the preview.
$published = $revision[0]['published'];
$user_level = GetUserLevel();
$is_deleted = $revision[0]['deleted'];
if ($published) {
$message = 'This is a preview of the current published review page.<br />';
} else {
if ($is_deleted) {
$message = 'This is a preview of a <span class="red">deleted</span> review page revision.<br />';
} else {
$message = 'This is a preview of a review page revision.<br />';
}
}
$message .= '<a href="' . $here . '/view/' . $revision_id . '">Go Back</a>';
if ($published == false) {
if ($editor_level) {
$message .= ' | <a href="' . $here . '/publish/' . $revision_id . '">Publish This Revision</a>';
}
if ($is_deleted) {
if ($editor_level) {
$message .= ' | <a href="' . $here . '/restore/' . $revision_id . '">Restore This Revision</a>';
}
} else {
$message .= ' | <a href="' . $here . '/delete/' . $revision_id . '">Delete This Revision</a>';
}
}
$this->messages->AddMessage('information', $message);
$this->load->library('Review_views');
$this->review_views->SetRevision(is_numeric($revision_id) ? $revision_id : -1);
$this->review_views->DisplayReview($ContextType, $organisation);
}
}
if ('view' === $action) {
$this->load->model('requests_model');
$this->load->model('article_model');
// Insert main text from pages information (sample)
$data['main_text'] = $this->pages_model->GetPropertyWikitext('main_text');
// Handle submitted data
if ($this->input->post('reviewinfo_rating') != false) {
// Set up validation library
$this->load->library('validation');
$this->validation->set_error_delimiters('<li>', '</li>');
// Specify validation rules
$rules['reviewinfo_about'] = 'trim|required|xss_clean';
$rules['reviewinfo_rating'] = 'trim|required|numeric';
$rules['reviewinfo_js_rating'] = 'trim|required|numeric';
$rules['reviewinfo_use_js_rating'] = 'trim|required|numeric';
$rules['reviewinfo_quote'] = 'trim|required|xss_clean';
$rules['reviewinfo_recommended'] = 'trim|xss_clean';
$rules['reviewinfo_average_price'] = 'trim|xss_clean';
$rules['reviewinfo_serving_hours'] = 'trim|xss_clean';
$this->validation->set_rules($rules);
// Set field names for displaying in error messages
$fields['reviewinfo_about'] = 'blurb';
$fields['reviewinfo_rating'] = 'rating';
$fields['reviewinfo_js_rating'] = 'js_rating';
$fields['reviewinfo_use_js_rating'] = 'use_js_rating';
$fields['reviewinfo_quote'] = 'quote';
$fields['reviewinfo_recommended'] = 'recommended item';
$fields['reviewinfo_average_price'] = 'average price';
$fields['reviewinfo_serving_hours'] = 'serving hours';
$this->validation->set_fields($fields);
// Run validation
$errors = array();
if ($this->validation->run()) {
if ($this->input->post('reviewinfo_deal_expires') != false) {
if (!$this->input->post('reviewinfo_deal')) {
array_push($errors, 'Please enter deal information or remove the deal expiry date.');
}
if (strtotime($this->input->post('reviewinfo_deal_expires')) == false) {
array_push($errors, 'Please enter the deal expiry date in the format yyyy-mm-dd');
}
}
// If there are no errors, insert data into database
if (count($errors) == 0) {
//The rating could have come from the nice js or the ugly drop down list, check which was being used.
if ($this->input->post('reviewinfo_use_js_rating')) {
$rating = $this->input->post('reviewinfo_js_rating');
} else {
$rating = $this->input->post('reviewinfo_rating');
}
if ($this->review_model->SetReviewContextContent($organisation, $ContextType, $this->user_auth->entityId, $this->input->post('reviewinfo_about'), $this->input->post('reviewinfo_quote'), $this->input->post('reviewinfo_average_price'), $this->input->post('reviewinfo_recommended'), $rating, $this->input->post('reviewinfo_serving_hours'))) {
$this->messages->AddMessage('success', 'Review information updated.');
} else {
$this->messages->AddMessage('error', 'Review information could not be updated.');
}
}
}
// If there are errors, display them
if ($this->validation->error_string != '') {
$this->messages->AddMessage('error', 'We were unable to process the information you submitted for the following reasons:<ul>' . $this->validation->error_string . '</ul>');
} elseif (count($errors) > 0) {
$temp_msg = '';
foreach ($errors as $error) {
$temp_msg .= '<li>' . $error . '</li>';
}
$this->messages->AddMessage('error', 'We were unable to process the information you submitted for the following reasons:<ul>' . $temp_msg . '</ul>');
}
}
// Get revision data from model
$data['revisions'] = $this->review_model->GetReviewContextContentRevisions($organisation, $ContextType);
$data['show_all_revisions'] = $show_all_revisions;
$data['user_is_editor'] = $editor_level;
//get assigned user stuff
$data['reviewers'] = $this->requests_model->getReporters();
$data['assigned_user_you'] = $this->pages_model->GetPropertyWikitext('assigned_user_you');
$data['assigned_user_none'] = $this->pages_model->GetPropertyWikitext('assigned_user_none');
$data['assigned_user_editor'] = $this->pages_model->GetPropertyWikitext('assigned_user_editor');
// Get context contents from model
$data['main_revision'] = $this->review_model->GetReviewContextContents($organisation, $ContextType, $revision_id);
if ($data['main_revision'] == FALSE) {
//Error is not needed, as the blanks make it obvious that no review context exists. Nse500
//$this->messages->AddMessage('error', 'Review context '.$revision_id.' does not exist');
$data['main_revision']['content_id'] = 0;
$data['main_revision']['content_blurb'] = '';
$data['main_revision']['content_quote'] = '';
$data['main_revision']['average_price'] = '';
$data['main_revision']['recommended_item'] = '';
$data['main_revision']['content_rating'] = 5;
$data['main_revision']['serving_times'] = '';
$data['main_revision']['deal'] = '';
$data['main_revision']['deal_expires'] = '';
}
//get reviews for areas for attention
$temp_reviews = $this->review_model->GetOrgReviews($ContextType, $data['organisation']['id']);
if (is_array($temp_reviews)) {
foreach ($temp_reviews as $review) {
$temp['writers'] = $this->requests_model->GetWritersForArticle($review['id']);
$temp['article'] = $this->article_model->GetArticleHeader($review['id']);
$temp['article']['id'] = $review['id'];
$data['reviews'][] = $temp;
}
}
// Set up the public frame
$this->main_frame->SetContentSimple('office/reviews/office_review_information', $data);
}
$this->main_frame->SetTitleParameters(array('organisation' => $data['organisation']['name'], 'content_type' => ucfirst($ContextType)));
// Load the public frame view
$this->main_frame->Load();
}
/**
* @param $Permission string Permission level of page
* @pre user_auth library loaded.
*/
function GenerateToplinks($Permission)
{
$CI =& get_instance();
$UserLevel = GetUserLevel();
$top_links = array();
$log_out = array('log out', site_url('logout/main' . $CI->uri->uri_string()));
$username = $CI->user_auth->username;
$enter_office = array('enter office', site_url('office'));
$go_office = array('office', site_url('office'));
$enter_vip = array('enter VIP area', site_url('viparea'));
$go_vip = array('VIP area', site_url('viparea'));
switch ($UserLevel) {
case 'public':
if ($CI->uri->segment(1) !== 'login') {
$top_links[] = array('log in', site_url('login/main' . $CI->uri->uri_string()));
}
$top_links[] = array('register', site_url('/register'));
break;
case 'student':
$top_links[] = 'logged in as ' . $username;
if ($CI->user_auth->officeLogin) {
$top_links[] = $enter_office;
}
//@TODO: Should display to VIPs too, for now displayed to everyone nse500
//if ($CI->user_auth->officeLogin) {
$top_links[] = $enter_vip;
//}
$top_links[] = $log_out;
break;
case 'organisation':
case 'vip':
if ($Permission === 'public' || $Permission === 'student') {
$top_links[] = 'logged in as ' . $username;
$top_links[] = $go_vip;
if ($UserLevel === 'vip') {
$top_links[] = array('leave VIP area', site_url('logout/vip' . $CI->uri->uri_string()));
}
} elseif ($Permission === 'vip') {
$top_links[] = 'in VIP area of ' . VipOrganisationName(TRUE) . ' as ' . $username;
if ($UserLevel === 'vip') {
$top_links[] = array('leave VIP area', site_url('logout/vip'));
}
}
$top_links[] = $log_out;
break;
case 'office':
case 'editor':
case 'manage':
case 'admin':
if ($Permission === 'public' || $Permission === 'student') {
$top_links[] = 'logged in as ' . $username;
$top_links[] = $go_office;
$top_links[] = array('leave office', site_url('logout/office' . $CI->uri->uri_string()));
} elseif ($Permission === 'office' || $Permission === 'editor' || $Permission === 'admin') {
$top_links[] = 'in office as ' . $username;
$top_links[] = array('leave office', site_url('logout/office'));
} elseif ($Permission === 'pr') {
$top_links[] = 'in PR area of ' . VipOrganisationName(TRUE) . ' as ' . $username;
$top_links[] = array('office', site_url('office'));
$top_links[] = array('leave office', site_url('logout/office'));
} elseif ($Permission === 'manage') {
$top_links[] = 'in management area of ' . VipOrganisationName(TRUE) . ' as ' . $username;
$top_links[] = array('office', site_url('office'));
$top_links[] = array('leave office', site_url('logout/office'));
}
$top_links[] = $log_out;
break;
}
return $top_links;
/*
office | editor | admin
[public | student]
>enter office
if (office)
!you're still in office
'in office as %%username%%'
>leave office
*/
}
function admin($article_id = 1682, $entry_id = NULL)
{
if (!CheckPermissions('office')) {
return;
}
if (GetUserLevel() == 'editor' || GetUserLevel() == 'admin' || true) {
$this->load->model('roses_model');
$this->load->model('photos_model');
$this->load->library('image');
$this->load->library('wikiparser');
// Set winning team indicators
$this->wikiparser->add_image_override(-1, '<img src="/images/version2/rose_lancashire.png" alt="Lancaster" />', 'Lancaster Win');
$this->wikiparser->add_image_override(-2, '<img src="/images/version2/rose_yorkshire.png" alt="York Win" />', 'York Win');
$this->wikiparser->add_image_override(-3, '<img src="/images/version2/rose_draw.png" alt="Draw" />', 'Draw');
$photo_requests = $this->photos_model->GetPhotoRequestsForArticle($article_id);
foreach ($photo_requests as $photo) {
$this->wikiparser->add_image_override($photo['photo_number'], $this->image->getThumb($photo['photo_id'], $photo['photo_codename'], true), $photo['photo_caption']);
}
$data = array();
if ($this->roses_model->isLiveBlog($article_id)) {
if (is_numeric($entry_id) && !empty($_POST['edit' . $entry_id])) {
$blog_entry = $_POST['entry' . $entry_id];
$blog_entry_cache = $this->wikiparser->parse($blog_entry);
$this->roses_model->updateBlogEntry($entry_id, $blog_entry, $blog_entry_cache, $this->user_auth->entityId);
$this->_updateArticle($article_id, $this->user_auth->entityId);
$this->main_frame->AddMessage('success', 'Blog entry was successfully edited.');
redirect('/office/liveblog/admin/' . $article_id);
}
if (is_numeric($entry_id) && !empty($_POST['delete' . $entry_id])) {
$this->roses_model->deleteBlogEntry($entry_id);
$this->_updateArticle($article_id, $this->user_auth->entityId);
$this->main_frame->AddMessage('success', 'Blog entry was successfully deleted!');
redirect('/office/liveblog/admin/' . $article_id);
}
if (is_numeric($article_id) && !empty($_POST['postnew'])) {
$blog_entry = "'''" . date('H:i') . "''' " . $_POST['postcontent'];
$twitter_update = $_POST['postcontent'];
$blog_entry_cache = $this->wikiparser->parse($blog_entry);
$this->roses_model->addBlogEntry($article_id, $blog_entry, $blog_entry_cache, $this->user_auth->entityId);
$this->_updateArticle($article_id, $this->user_auth->entityId);
if (!empty($_POST['posttwitter'])) {
// Post to public Twitter feed
$TwitterFeed = new TwitterXML($this->config->item('twitter_feed_userid'), $this->config->item('twitter_feed_passwd'));
$TwitterFeed->updateStatus($twitter_update);
}
$this->main_frame->AddMessage('success', 'New Blog entry added.');
redirect('/office/liveblog/admin/' . $article_id);
}
$data['article_id'] = $article_id;
$data['content'] = $this->roses_model->getLiveBlog($article_id);
// Set up the content
$this->main_frame->SetContentSimple('office/liveblog/admin', $data);
$this->main_frame->Load();
} else {
$this->main_frame->AddMessage('error', 'Requested article ID is not setup for Live Blogging.');
redirect('/office/liveblog');
}
} else {
$this->main_frame->AddMessage('error', 'ACCESS DENIED');
redirect('/office/liveblog');
}
}
function Login($email, $pwd)
{
$res = "-1";
$login = "";
$team = "";
$level = GetUserLevel($email);
if ($level == "A") {
// go to admin table.
$login = LoginUtility($email, $pwd, "Admin", "AdminEmail", "AdminPwd");
if ($login == "1") {
$res = "A";
} else {
if ($login == "0") {
$res = "-A";
} else {
$res = "-1";
}
}
} else {
if ($level == "B") {
// go to director table.
$login = LoginUtility($email, $pwd, "Director", "DirectorEmail", "DirectorPwd");
if ($login == "1") {
$res = "B";
} else {
if ($login == "0") {
$res = "-B";
} else {
$res = "-1";
}
}
} else {
if ($level == "C") {
// go to mentor table.
$login = LoginUtility($email, $pwd, "Mentor", "MentorEmail", "MentorPwd");
if ($login == "1") {
$res = "C";
} else {
if ($login == "0") {
$res = "-C";
} else {
$res = "-1";
}
}
} else {
if ($level == "D") {
// go to mentee table.
// check if the given user email address is in the team table.
$team = CheckTeamMember($email);
$login = LoginUtility($email, $pwd, "Mentee", "MenteeEmail", "MenteePwd");
if ($login == "1") {
$res = "D";
} else {
if ($login == "0") {
$res = "-D";
} else {
$res = "-1";
}
}
} else {
if ($level == "") {
// user email not in the user table.
$res = "0";
} else {
if ($level == "-1") {
// error condition.
$res = "-1";
}
}
}
}
}
}
echo $res . " ~~ " . $team;
}
