<?php include "global.inc.php"; include "exhibit_permissions.inc.php"; __https(); _page_header("Exhibit: Roll Permissions Manager."); _page_menu("exhibit"); if ($__user['Username'] != 'ADMIN_USER_ACCOUNT') { _page_section("error.png", "Whoops. Don't know what you are trying to do."); _page_footer(); exit; } $action = $_REQUEST['action']; if ($action == "") { $action = "rolls"; } switch ($action) { case 'groups': $groupid = $_REQUEST['groupid']; $name = $_REQUEST['name']; $description = $_REQUEST['description']; $subaction = $_REQUEST['subaction']; switch ($subaction) { case ' ADD GROUP ': _page_sechead("exhibit.png", "Group Management"); _set_groups("add", $name, $description, 0); break; case ' DELETE ': _page_sechead("exhibit.png", "Group Management"); _set_groups("delete", $name, $description, $groupid); break;
$keywords[] = $keyword2; } if ($keyword3 != "") { $keywords[] = $keyword3; } if (sizeof($keywords) >= 1) { _generate_search_images($source, $keywords[0], True); $search_text = "(All) " . $keywords[0]; for ($x = 1; $x < sizeof($keywords); $x++) { __query("TRUNCATE TABLE exhibit_" . $target, "", ""); _generate_search_comparison($source, $keywords[$x], $target); $temp_table = $target; $target = $source; $source = $temp_table; $search_text .= ", " . $keywords[$x]; } } // source will always contain final results due to for loop. $search_query = "SELECT * FROM exhibit_" . $source . " WHERE " . _user_permissions($__user['Username'], 'query') . " GROUP BY ImageID, iPhotoLibraryID LIMIT 1000"; _display_search($search_query, $search_text); __query("DROP TABLE exhibit_" . $source, "", ""); __query("DROP TABLE exhibit_" . $target, "", ""); } } elseif ($roll and $library) { _display_images($roll, $library, $__user['Username']); } else { _display_rolls($__user['Username']); } _page_section("search.png", "Search for photos"); _draw_search_key(); _page_footer();
function _display_groups() { global $__dbc; global $table_format; $group_query = "SELECT * FROM exhibit_Groups"; $group_results = __query($group_query, "", ""); echo $table_format . "<td>Group Name</td><td>Description</td><td> </td>" . "<td> </td>"; $table = array(); while ($row = mysql_fetch_array($group_results)) { $name = "<td><form action=\"" . $_SERVER[PHP_SELF] . "\" method=\"post\">" . "<input type=\"hidden\" name=\"action\" value=\"groups\">" . "<input type=\"hidden\" name=\"groupid\" " . "value=\"" . $row['ID'] . "\">" . "<input type=\"text\" size=\"10\" name=\"name\" " . "value=\"" . $row['GroupName'] . "\"></td>"; $description = "<td><input type=\"text\" size=\"50\" name=\"description\" " . "value=\"" . $row['GroupDescription'] . "\"></td>"; $edit = "<td><input type=\"submit\" name=\"subaction\" value=\" UPDATE \">" . "</td>"; $delete = "<td><input type=\"submit\" name=\"subaction\" " . "value=\" DELETE \"></form></td>"; $table[] = array($name, $description, $edit, $delete); } _print_rows($table); echo "\n\t\t\t\t\t</table>\n"; _page_section("exhibit.png", "Add A New Group"); echo $table_format . "<td>Group Name</td><td>Description</td><td> </td>"; $name = "<td><form action=\"" . $_SERVER[PHP_SELF] . "\" method=\"post\">" . "<input type=\"hidden\" name=\"action\" value=\"groups\">" . "<input type=\"text\" size=\"10\" name=\"name\" value=\"\"></td>"; $description = "<td><input type=\"text\" size=\"50\" name=\"description\" " . "value=\"\"></td>"; $blank = "<td> </td>"; $add = "<td><input type=\"submit\" name=\"subaction\" value=\" ADD GROUP \">" . "</form></td>"; _print_rows(array(array($name, $description, $blank, $add))); echo "\n\t\t\t\t\t</table>\n"; }