$forum = $_GET['forum']; if (empty($action)) { $content .= "<table>"; $qFindForums = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}' AND disabled = 0"); while ($rFindForums = db_fetch($qFindForums)) { $link_start = "<a href=?module=forum&action=viewForum&forum={$rFindForums->ID}>"; $content .= "<tr><td>"; $content .= $link_start . $rFindForums->name . "</a>"; $content .= "</td><td>"; $content .= $link_start . $rFindForums->description . "</a>"; $content .= "</td></tr>"; } // End rFindForums $content .= "</table>"; } elseif ($action == "viewForum" && isset($forum)) { if (acl_access("forum", $forum, $sessioninfo->eventID) && $sessioninfo->userID > 1) { $content .= "<a href=?module=forum&action=newThread&forum={$forum}>" . lang("Start new thread", "forum") . "</a>"; } $content .= "<table>"; $qFindThreads = db_query("SELECT * FROM " . $sql_prefix . "_forumThreads WHERE forumID = '" . db_escape($forum) . "' AND threadDeleted = 0 ORDER BY lastPost DESC"); while ($rFindThreads = db_fetch($qFindThreads)) { $link_start = "<a href=?module=forum&action=viewThread&thread={$rFindThreads->ID}>"; $content .= "<tr><td>"; $content .= $link_start . $rFindThreads->threadTopic . "</a>"; $content .= "</td><td>"; $qFindLastPost = db_query("SELECT * FROM " . $sql_prefix . "_forumPosts WHERE threadID = '{$rFindThreads->ID}' ORDER BY postTimestamp DESC LIMIT 0,1"); $rFindLastPost = db_fetch($qFindLastPost); $content .= lang("Last post by: ", "forum"); $content .= user_profile($rFindLastPost->postAuthor); $content .= " " . date("Y-m-d H:m:s", $rFindLastPost->postTimestamp); $content .= "</td></tr>\n\n";
<?php // TODO: Allow toggling wakeup-service (js) (default: false) $usertable = $sql_prefix . "_users"; $ticketstable = $sql_prefix . "_tickets"; $sleeperstable = $sql_prefix . "_sleepers"; if (!config('enable_sleepers', $sessioninfo->eventID)) { die(_('Module not activated')); } require __DIR__ . "/WakeupManager.php"; $wakeupManager = new WakeupManager($sessioninfo->eventID, $sleeperstable); $acl_access = acl_access('sleepers', "", $sessioninfo->eventID); if ($acl_access != 'Admin' and $acl_access != 'Write') { die(_('No access')); } $content .= "<h2>" . _('Sleepers') . "</h2>\n"; if ($action == 'addsleeper') { $userid = $_GET['userid']; if (empty($userid) or !is_numeric($userid)) { header('Location: ?module=sleepers'); die; } if (!user_exists($userid) || is_user_sleeping($userid) == true) { header('Location: ?module=sleepers'); die; } $q = sprintf('INSERT INTO %s (eventID, userID) VALUES (%s, %s)', $sleeperstable, $sessioninfo->eventID, db_escape($userid)); db_query($q); $log['userID'] = $userid; log_add("sleepers", "addsleeper", serialize($log)); header('Location: ?module=sleepers');
<?php /** * Arrival module, this is a rewrite of the old module. */ $ticketManager = TicketManager::getInstance(); $usertable = $sql_prefix . "_users"; $ticketstable = $sql_prefix . "_tickets"; $tickettypestable = $sql_prefix . "_ticketTypes"; $thisModule = "arrival"; $action = isset($_GET['action']) ? $_GET['action'] : null; $acl_ticket = acl_access("ticketadmin", "", $sessioninfo->eventID); $acl_seating = acl_access("seating", "", $sessioninfo->eventID); // Check if user has permission to tickets if ($acl_ticket == 'No') { printNoAccessError(); } $content .= "\n <h1 class=\"page-title\">" . _("Arrival") . "</h1>\n <div class=\"arrival\">"; switch ($action) { //================================================================================== // Ticket detail display case "changeuser": $ticketID = isset($_GET['ticket']) && is_numeric($_GET['ticket']) ? intval($_GET['ticket']) : -1; if ($ticketID < 1) { $content .= "<p>Ugyldig parametere</p>"; } else { $ticket = $ticketManager->getTicket($ticketID); $changeType = isset($_GET['type']) ? $_GET['type'] : 'user'; /* HANDLERS */ if (isset($_GET['set']) && is_numeric($_GET['set']) == true && intval($_GET['set']) > 0) { $ret = "index.php?module={$thisModule}&action=ticketdetail&ticket=" . $ticketID . "&changed=" . $changeType;
<?php $action = $_GET['action']; if (!config("users_may_register")) { die("users may not register yet"); } if (!($sessioninfo->userID <= 1 or acl_access("userAdmin", "", $sessioninfo->eventID) != 'No')) { header('Location: index.php'); die; } if ($action == "register") { $username = $_POST['username']; $pass1 = $_POST['pass1']; $pass2 = $_POST['pass2']; $EMail = $_POST['EMail']; $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $gender = $_POST['gender']; $birthDay = $_POST['birthDay']; $birthMonth = $_POST['birthMonth']; $birthYear = $_POST['birthYear']; $address = $_POST['address']; $postnumber = $_POST['postnumber']; $cellphone = $_POST['cellphone']; if (empty($username)) { $register_invalid = lang("Please provide a username", "register"); } if (strlen($username) <= 1) { $register_invalid = lang("Please provide a username", "register"); } if (!strchr($email, "@") && strchr($email, ".")) {
db_query("INSERT INTO " . $sql_prefix . "_userPreferences\n\t\t\t\tSET userID = '" . db_escape($userID) . "',\n\t\t\t\tname = '{$prefname}',\n\t\t\t\tvalue = '" . db_escape($POST) . "'"); $log_old[$prefname] = "FALSE"; $log_new[$prefname] = $POST; } else { db_query("UPDATE " . $sql_prefix . "_userPreferences SET value = '" . db_escape($POST) . "'\n\t\t\t\tWHERE userID = '" . db_escape($userID) . "'\n\t\t\t\tAND name = '{$prefname}'"); $rFindPref = db_fetch($qFindPref); $log_old[$prefname] = $rFindPref->value; $log_new[$prefname] = $POST; } } // End for log_add("edituser", "doEditPreferences", serialize($log_new), serialize($log_old)); header("Location: ?module=edituserinfo&action=editPreferences&user={$userID}&change=success"); } elseif ($action == "profilePicture" && isset($_GET['user'])) { $user = $_GET['user']; $userAdmin_acl = acl_access("userAdmin", "", 1); if ($user == $sessioninfo->userID) { } elseif ($userAdmin_acl == 'Admin' || $userAdmin_acl == 'Write') { } else { die(lang("Not access to edit profile picture", "edituserinfo")); } $qFindProfile = db_query("SELECT * FROM " . $sql_prefix . "_files WHERE extra = '" . db_escape($user) . "' AND file_type = 'profilepic'"); if (db_num($qFindProfile) > 0) { $rFindProfile = db_fetch($qFindProfile); $content .= "<img src='{$rFindProfile->file_path}'>"; } $content .= '<form enctype="multipart/form-data" action="upload.php" method="POST">'; $content .= '<input type="hidden" name="file_type" value="profilepic" />'; $content .= _("Choose file to upload: "); $content .= "<input name=uploadfile type=file />"; $content .= "<input type=submit value='" . _("Upload picture") . "' />";
} // End else $content .= "</td></tr>"; } // End for } // End if acl_access(globaladmin); $content .= "</table>"; } elseif ($action == "doChangeRights" && !empty($_GET['groupID']) && !empty($_GET['accessmodule'])) { $newright = $_REQUEST['groupRight']; $groupID = $_GET['groupID']; $accessmodule = $_GET['accessmodule']; if (acl_access("eventadmin", "", $eventID) != 'Admin') { die("Sorry, you have to be eventadmin to give eventrights"); } if (in_array($accessmodule, $globalaccess) && acl_access("globaladmin", "", 0) != 'Admin') { die("Sorry, you have to be globaladmin to give globalrights"); } if (in_array($accessmodule, $globalaccess)) { $event = 1; } else { $event = $eventID; } $qCheckExisting = db_query("SELECT * FROM " . $sql_prefix . "_ACLs\n\t\tWHERE groupID = '" . db_escape($groupID) . "'\n\t\tAND accessmodule = '" . db_escape($accessmodule) . "'\n\t\tAND eventID = {$event}"); if (db_num($qCheckExisting) == 0) { db_query("INSERT INTO " . $sql_prefix . "_ACLs SET groupID = '" . db_escape($groupID) . "',\n\t\t\taccessmodule = '" . db_escape($accessmodule) . "',\n\t\t\taccess = '" . db_escape($newright) . "',\n\t\t\teventID = {$event}"); } else { db_query("UPDATE " . $sql_prefix . "_ACLs SET access = '" . db_escape($newright) . "'\n\t\t\tWHERE accessmodule = '" . db_escape($accessmodule) . "'\n\t\t\tAND groupID = '" . db_escape($groupID) . "'\n\t\t\tAND eventID = {$event}"); } // End else $log_new['groupID'] = $groupID;
<?php $acl_access = acl_access("sendSMS", "", 1); if ($acl_access != 'Write' && $acl_access != 'Admin') { die("No access to SMS"); } $action = $_GET['action']; if (empty($action)) { $design_head .= "<script type='text/javascript'>\n\t\t\t function checkLength(from, where) {\n\t\t\t\t\t\t var len = document.getElementById(from).value.length;\n\t\t\t\t\t\t document.getElementById(where).innerHTML = len;\n\t\t\t\t\t\t\t} \n\t\t\t\t\t\t</script>\n\t\t\t\t\t\t "; $content .= "<h2>" . _("Create SMS") . "</h2>"; $content .= "<table>"; $content .= "<form method='POST' action='?module=SMS&action=previewSMS'>\n"; $content .= "<tr><td>"; $content .= _("Select recipient(s):") . " <select name='toSmsList'>"; for ($i = 0; $i < count($smsList); $i++) { $content .= "<option value='{$i}'>" . $smsList[$i]['name'] . "</option>\n"; } $content .= "</select></td></tr>"; $content .= "<tr><td>"; # FIXME? Hardcoded textarea width and height $content .= "<textarea style='margin-top: 10px; width: 300px; height: 200px;' onkeyup='checkLength(\"message\", \"count\");' onkeydown='checkLength(\"message\", \"count\");' id='message' name='message'></textarea>"; $content .= "</td></tr><tr><td>"; $content .= "<input type='submit' value='" . _("Preview SMS") . "'>"; $content .= "</td></tr>"; $content .= "<tr><th>"; $content .= _("Number of characters entered:") . " "; $content .= "<span id='count'>0</span>"; $content .= "</th></tr>"; $content .= "</form></table>"; } elseif ($action == "previewSMS" && isset($_POST['toSmsList'])) { $toSmsList = $_POST['toSmsList'];
<?php $action = $_GET['action']; $acl_access = acl_access("crewlist", "", $sessioninfo->eventID); if ($acl_access == 'No') { die("No access"); } if (empty($action)) { // add design-file $qGetCrewMembers = db_query("SELECT DISTINCT gm.userID FROM " . $sql_prefix . "_group_members gm \n\t\tJOIN " . $sql_prefix . "_ACLs acl ON acl.groupID=gm.groupID\n\t\tWHERE acl.accessmodule = 'crewlist' AND acl.access != 'No' AND acl.eventID = '{$sessioninfo->eventID}'"); $totalcrewmembers = db_num($qGetCrewMembers); $content .= "<h2>" . _("Crewlist") . "</h2>\n"; $content .= '<table class="table">'; $content .= "<thead><tr><th>"; $content .= lang("Name", "crewlist"); $content .= "</th><th>"; $content .= lang("Nick", "crewlist"); $content .= "</th><th>"; $content .= lang("EMail", "crewlist"); $content .= "</th><th>"; $content .= lang("Cellphone", "crewlist"); $content .= "</th><th>"; $content .= lang("Access", "crewlist"); $content .= "</th></tr></thead><tbody>"; $listrowcount = 1; while ($rGetCrewMembers = db_fetch($qGetCrewMembers)) { $qCrewinfo = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '{$rGetCrewMembers->userID}'"); $rCrewinfo = db_fetch($qCrewinfo); $content .= "<tr class='crewlistRow" . $listrowcount . "'><td>"; $content .= $rCrewinfo->firstName . " " . $rCrewinfo->lastName; $content .= "</td><td>";
<?php // FIXME: using nonexistant acl "logview" to make this globaladmin-only until we get global acls working if (acl_access("logview", "", $sessioninfo->eventID) != 'No') { $action = $_GET['action']; $design_head .= "<link rel='stylesheet' type='text/css' href='templates/shared/logs.css' />"; if (!isset($action)) { // FIXME: Hardcoding number of logentries to show: $num_of_rows = 30; $content .= "<h2>" . lang("Last 30 logentries", "logs") . "</h2>"; $content .= "<table class='logs'>"; $content .= "<tr>"; $content .= "<th>" . lang("Log", "logs") . "#</th>"; $content .= "<th>" . lang("Timestamp", "logs") . "</th>"; $content .= "<th>" . lang("User", "logs") . "</th>"; $content .= "<th>" . lang("Logmodule", "logs") . "</th>"; $content .= "<th>" . lang("Logtype", "logs") . "</th>"; $content .= "<th>" . lang("IP", "logs") . " / " . lang("Host", "logs") . "</th>"; $content .= "<th>" . lang("URL", "logs") . "</th>"; $content .= "</tr>"; $logquery = sprintf('SELECT ID, userID, INET_NTOA(userIP) as userIP, userHost, eventID, logModule, logFunction, logTextNew, logTextOld, logURL, logTime FROM %s_logs ORDER BY ID DESC LIMIT %s', $sql_prefix, $num_of_rows); $logresult = db_query($logquery); $numrow = 1; while ($log = db_fetch($logresult)) { $userip = $log->userIP; if (!empty($log->userHost) && $log->userHost != "NULL") { $userip .= " (" . $log->userHost . ")"; } $content .= "<tr class='logrow" . $numrow . "' onClick='location.href=\"index.php?module=logs&action=details&id=" . $log->ID . "\"' >"; $content .= "<td>" . $log->ID . "</td>"; $content .= "<td>" . $log->logTime . "</td>";
<?php $eventID = $sessioninfo->eventID; if (acl_access("ticketadmin", "", $eventID) != 'Admin') { die("You do not have ticketadmin-rights"); } $action = $_GET['action']; if (!isset($action) || $action == "editticket") { $qListTickets = db_query("SELECT * FROM " . $sql_prefix . "_ticketTypes WHERE eventID = '{$eventID}'"); if (db_num($qListTickets) != 0 && $action != 'editticket') { $content .= '<table>'; $content .= '<tr><th>' . lang("Ticketnumber", "ticketadmin"); $content .= '</th><th>' . lang("Ticketname", "ticketadmin"); $content .= '</th><th>' . lang("Tickettype", "ticketadmin"); $content .= '</th><th>' . lang("Price", "ticketadmin"); $content .= '</th><th>' . lang("Number of tickets", "ticketadmin"); $content .= '</th><th>' . lang("Sold tickets of type (total/seated/paid)", "ticketadmin"); $content .= '</th></tr>'; while ($rListTickets = db_fetch($qListTickets)) { $content .= "<tr><td>\n"; $content .= $rListTickets->ticketTypeID; $content .= "</td><td>\n"; $content .= "<a href=\"?module=ticketadmin&action=editticket&editticket={$rListTickets->ticketTypeID}\">\n"; $content .= $rListTickets->name; $content .= "</a></td><td>\n"; $content .= lang($rListTickets->type, "ticketadmin"); $content .= "</td><td>\n"; $content .= $rListTickets->price; $content .= "</td><td>\n"; $content .= $rListTickets->maxTickets; $content .= "</td><td class=tdLink onClick='location.href=\"?module=ticketadmin&action=listTickets&tickettype={$rListTickets->ticketTypeID}\"'>\n";
<?php $acl = acl_access("dashboard", "", $sessioninfo->eventID); if ($acl == 'No') { die(_("No access to dashboard")); } $action = $_GET['dashboard']; if (empty($action)) { $design_head .= "<meta http-equiv='refresh' content='10'>"; $content .= "<table border=1 style='font-size: 200%;'>"; $content .= "<tr><th>"; $content .= _("Tickets sold"); $content .= "</th><th>"; $content .= _("Kiosk sales"); $content .= "</th></tr>"; $content .= "<tr><td>"; // Security $content .= "<b>" . _("Money earned") . "</b>: "; $qCountTicketsPrice = db_query("SELECT SUM(price) AS price FROM " . $sql_prefix . "_tickets t \n\tJOIN " . $sql_prefix . "_ticketTypes tt \n\tON tt.ticketTypeID=t.ticketType \n\tWHERE t.paid='yes' AND tt.eventID = '{$sessioninfo->eventID}'"); $rCountTicketsPrice = db_fetch($qCountTicketsPrice); if ($rCountTicketsPrice->price > 0) { $content .= $rCountTicketsPrice->price; } else { $content .= "0"; } $content .= "<br />"; $content .= "<b>" . _("Tickets sold") . "</b>: "; $qCountTicketsSold = db_query("SELECT COUNT(*) AS amount FROM " . $sql_prefix . "_tickets t\n\tJOIN " . $sql_prefix . "_ticketTypes tt\n\tON tt.ticketTypeID=t.ticketType\n\tWHERE t.paid='yes' AND tt.eventID = '{$sessioninfo->eventID}'"); $rCountTicketsSold = db_fetch($qCountTicketsSold); $content .= $rCountTicketsSold->amount; $content .= "</td><td>";
$qCheckUser = db_query("SELECT COUNT(*) AS count FROM " . $sql_prefix . "_group_members\n\t\tWHERE userID = '" . db_escape($userID) . "'\n\t\tAND groupID = " . db_escape($groupID)); $rCheckUser = db_fetch($qCheckUser); if ($rCheckUser->count != 0) { header("Location: ?module=groups&action=addGroupMember&groupID={$groupID}&errormsg=" . lang("User already member of group", "groups")); } else { db_query("INSERT INTO " . $sql_prefix . "_group_members SET\n\t\t\tgroupID = " . db_escape($groupID) . ",\n\t\t\tuserID = " . db_escape($userID) . ",\n\t\t\taccess = 'Read'"); $log_new['userID'] = $userID; $log_new['groupID'] = $groupID; log_add("groups", "addmember", serialize($log_new)); header("Location: ?module=groups&action=listGroup&groupID={$groupID}"); } // End else } elseif ($action == 'doChangeGroupRights' && !empty($groupID) && !empty($_GET['userID'])) { // Do test of users group-rights if (acl_access("grouprights", $groupID, 1) != 'Admin') { if (acl_access("eventadmin", "", $sessioninfo->eventID) != 'Admin') { die("Sorry, you need admin-rights to do this!"); } } $access = $_POST['groupRights']; $log_new['userID'] = $_GET['userID']; $log_new['groupID'] = $groupID; if ($access == "No") { db_query("DELETE FROM " . $sql_prefix . "_group_members WHERE groupID = '" . db_escape($groupID) . "'\n\t\t\tAND userID = '" . db_escape($_GET['userID']) . "'"); log_add("groups", "changeGroupRights_remove", serialize($log_new)); } else { db_query("UPDATE " . $sql_prefix . "_group_members\n\t\t\tSET access = '" . db_escape($access) . "'\n\t\t\tWHERE groupID = '" . db_escape($groupID) . "'\n\t\t\tAND userID = '" . db_escape($_GET['userID']) . "'"); $log_new['access'] = $access; log_add("groups", "changeGroupRights", serialize($log_new)); } // End else
<?php if (acl_access("translate", 0, 0) != 'Admin') { die("You do not have access to translate-interface"); } $action = $_GET['action']; $language = $_GET['language']; $mode = $_GET['mode']; if (empty($mode)) { $mode = "untranslated"; } if (!isset($action)) { switch ($mode) { case "untranslated": $queryWhere = "language = '" . db_escape($language) . "' AND translated IS NULL AND ignoreExport = 0"; break; default: $queryWhere = "1"; // Default to anything break; } // End switch $qGetTranslateList = db_query("SELECT * FROM " . $sql_prefix . "_lang WHERE " . $queryWhere); $content .= '<table>'; while ($rGetTranslateList = db_fetch($qGetTranslateList)) { $content .= "<form method=POST action=?module=translate&action=changeTranslation&language={$language}&translationID={$rGetTranslateList->ID}>\n"; $content .= "<tr><td>"; $content .= $rGetTranslateList->string; $content .= "</td><td>"; $content .= "<textarea name=translated cols=50 rows=3>{$rGetTranslateList->translated}</textarea>"; $content .= "</td><td>";
<?php $acl = acl_access("kiosk_admin", "", $sessioninfo->eventID); if ($acl == 'No') { die("No access!"); } $action = $_GET['action']; if (empty($action)) { $content .= "<ul>"; $content .= "<li><a href=?module=kioskadmin&action=wareTypes>" . lang("Admin waretypes") . "</a></li>\n"; $content .= "<li><a href=?module=kioskadmin&action=wares>" . lang("Admin wares") . "</a></li>\n"; $content .= "<li><a href=?module=kioskadmin&action=credit>" . _("Admin credit") . "</a></li>\n"; $content .= "</ul>"; $content .= "<ul>"; $content .= "<li><a href=?module=kioskadmin&action=printBarcodes>" . lang("Print barcodes") . "</a></li>\n"; $content .= "</ul>"; } elseif ($action == "wareTypes") { $content .= "<p><a href=\"?module=kioskadmin\">" . _("Back to kioskadmin overview") . "</a></p>"; $content .= "<h2>" . _("Kiosk Ware types") . "</h2>"; $qWareTypes = db_query("SELECT * FROM " . $sql_prefix . "_kiosk_waretypes"); if (db_num($qWareTypes) > 0) { $content .= "<table class='better-table kioskware-types'><tr><th style='width: 80%'>" . _("Name") . "</th><th>" . _("Actions") . "</th></tr>"; while ($rWareTypes = db_fetch($qWareTypes)) { $content .= "<tr>"; $content .= "<td class='tdLink' onClick='location.href=\"?module=kioskadmin&action=editWareType&wareType={$rWareTypes->ID}\"'>"; $content .= $rWareTypes->typeName . "</td><td>"; // Edit button $content .= "<form style='display:inline;' action='?module=kioskadmin&action=editWaretype&wareType=" . $rWareTypes->ID . "' method='post'><input type='submit' value='" . _("Edit") . "' /></form>"; // Delete button $content .= " <form style='display:inline;' action='?module=kioskadmin&action=rmWaretype&wareType=" . $rWareTypes->ID . "' method='post'><input type='submit' value='" . _("Remove") . "' /></form>"; $content .= "</td></tr>";
<?php $acl_access = acl_access("seatadmin", "", $sessioninfo->eventID); $action = $_GET['action']; $type = $_POST['type']; if ($acl_access != 'Admin') { die("Sorry, you do not have access to this!"); } if ($action == "updateSeat") { if ($type == "d" or $type == "w" or $type == "o" or $type == "b" or $type == "n") { $action = "doUpdateSeat"; } elseif ($type == "a") { // type is area, we need to do something about this /* FIXME */ } elseif ($type == "p" && !isset($_POST['seatpassword'])) { // type is password-protected seat // $seatcontent .= "<form method=POST action=?module=seatadmin&action=doUpdateSeat>\n"; $seatcontent .= "<p class=\"nopad\"><input type=\"text\" name=\"seatpassword\" />\n"; $seatcontent .= "<input type=\"submit\" value='" . lang("Set password", "seatadmin") . "'></p>"; // $seatcontent .= "</form>"; } elseif ($type == "p" && isset($_POST['seatpassword'])) { $action = "doUpdateSeat"; } elseif ($type == "g" && !isset($_POST['group'])) { // type is group-protected $seatcontent .= "<select name=\"group\">\n"; $qGroups = db_query("SELECT ID,groupname,groupType FROM " . $sql_prefix . "_groups\n\t\t\tWHERE\n\t\t\t(eventID = 1 AND groupType = 'clan')\n\t\t\tOR\n\t\t\t(eventID = {$sessioninfo->eventID} AND groupType = 'access')\n\t\t\tORDER BY groupname ASC\n\t\t\t"); while ($rGroups = db_fetch($qGroups)) { $seatcontent .= "<option value=\"{$rGroups->ID}\">"; $seatcontent .= $rGroups->groupname . " (" . $rGroups->groupType . ")"; $seatcontent .= "</option>\n"; }
log_add("wannabeadmin", "changeQuestion", serialize($log_new)); header("Location: ?module=wannabeadmin&action=questions"); } elseif ($action == "listApplications") { $design_head .= '<link href="templates/shared/wannabe.css" rel="stylesheet" type="text/css">'; $content .= "<table><tr>"; $content .= "<th>" . lang("Applicant", "wannabeadmin") . "</th>"; $qListCrews = db_query("SELECT * FROM " . $sql_prefix . "_wannabeCrews WHERE eventID = '{$sessioninfo->eventID}'"); while ($rListCrews = db_fetch($qListCrews)) { $content .= "<th>{$rListCrews->crewname}</th>\n"; $crewlist[] = $rListCrews->ID; } $qListApplications = db_query("SELECT DISTINCT userID FROM " . $sql_prefix . "_wannabeResponse res\n\t\tJOIN " . $sql_prefix . "_wannabeQuestions ques ON res.questionID=ques.ID WHERE ques.eventID = {$eventID}"); if (db_num($qListApplications) != 0) { while ($rListApplications = db_fetch($qListApplications)) { $content .= "<tr><td"; if (acl_access("crewlist", "", $sessioninfo->eventID, $rListApplications->userID, 0) != 'No') { $content .= " class='wannabeCommentStyle1'"; } $content .= ">"; $content .= "<a href=\"?module=wannabeadmin&action=viewApplication&user={$rListApplications->userID}\">"; $content .= display_username($rListApplications->userID); $content .= "</a></td>\n"; for ($i = 0; $i < count($crewlist); $i++) { #$qListMyComment = db_query("SELECT * FROM ".$sql_prefix."_wannabeComment WHERE crewID = '$crewlist[$i]' AND adminID = '$sessioninfo->userID' AND userID = '$rListApplications->userID'"); #$rListMyComment = db_fetch($qListMyComment); $qListAvgScore = db_query("SELECT ROUND(AVG(approval), 0) AS approval FROM " . $sql_prefix . "_wannabeComment WHERE crewID = '{$crewlist[$i]}' AND userID = '{$rListApplications->userID}'"); $rListAvgScore = db_fetch($qListAvgScore); $content .= "<td class=wannabeCommentStyle" . $rListAvgScore->approval . ">"; $content .= "</td>\n"; } // End for
<?php $design_head .= "<link rel='stylesheet' href='templates/shared/useradmin.css' type='text/css' />"; $acl_useradmin = acl_access("userAdmin", "", 1); // Checking if no access to useradmin if ($acl_useradmin == 'No') { header('Location: index.php?emsg="No access"'); die; } // else, got atleast read-access to userAdmin: $action = $_GET['action']; if (!isset($action) or empty($action)) { $content .= "<h2>" . lang("User administration", "useradmin") . "</h2>"; $content .= "<form action='index.php' method='GET'>\n"; $content .= "<input type='hidden' name='module' value='useradmin' />\n"; $content .= "<input type='hidden' name='action' value='listall' />\n"; $content .= "<input type='submit' value='" . lang("View all users", "useradmin") . "' />\n"; $content .= "</form>\n\n"; $content .= "<h3>Regular search</h3>\n"; $content .= "Searches for nick, first or last name and email address\n"; $content .= "<form method='GET' action='index.php'>\n"; $content .= "<input type='hidden' name='module' value='useradmin' />\n"; $content .= "<input type='hidden' name='action' value='search' />\n"; $content .= "<input type='text' name='search' />\n"; $content .= " <input type='submit' value='" . lang("Search", "useradmin") . "' />\n"; $content .= "</form>\n\n"; // $content .= "<h3>Detailed search</h3>"; // $content .= "Search for users with tickets for a specific event"; } elseif ($action == 'listall' || $action == 'search') { $content .= "<h2>" . lang("List of all users", "useradmin") . "</h2>"; $content .= "<a href='index.php?module=useradmin'>" . lang("Back to user administration", "useradmin") . "</a>";
// Signing on user #die(" case "FFA": // Signing on user db_query("INSERT INTO " . $sql_prefix . "_compoSignup SET\n\t\t\t\tcompoID = '" . db_escape($compo) . "',\n\t\t\t\tuserID = '" . db_escape($sessioninfo->userID) . "'"); break; } // End switch header("Location: ?module=compos&action=listSignedup&compo={$compo}"); } elseif ($action == "removeSignup" && isset($compo)) { $qCompoInfo = db_query("SELECT * FROM " . $sql_prefix . "_compos WHERE ID = '" . db_escape($compo) . "'"); $rCompoInfo = db_fetch($qCompoInfo); switch ($rCompoInfo->type) { case "clan": $clanID = $_POST['clanID']; $acl = acl_access("grouprights", $clanID, "", $sessioninfo->userID); if ($acl == 'Admin' || $acl == 'Write') { db_query("DELETE FROM " . $sql_prefix . "_compoSignup\n\t\t\t\t\tWHERE compoID = '" . db_escape($compo) . "'\n\t\t\t\t\tAND clanID = '" . db_escape($clanID) . "'"); } // End if acl == Admin||Write break; case "1on1": // Remove user // Remove user case "FFA": // Remove user db_query("DELETE FROM " . $sql_prefix . "_compoSignup WHERE\n\t\t\t\tcompoID = '" . db_escape($compo) . "' AND\n\t\t\t\tuserID = '" . db_escape($sessioninfo->userID) . "'"); break; } // End switch header("Location: ?module=compos&action=listSignedup&compo={$compo}");
<?php $request = \Symfony\Component\HttpFoundation\Request::createFromGlobals(); $acl = acl_access("kiosk_sales", "", $sessioninfo->eventID); if ($acl == 'No') { $content .= "Error, no access!"; return; } $kiosk = new \Lancms\Kiosk\LanKiosk(); $kioskSession = \Lancms\Kiosk\LanKioskSession::create(null, null); $kioskGui = new \Lancms\Kiosk\KioskGui(); $kioskGui->prepare($kioskSession); $action = $request->query->getAlnum("action"); if (!$request->query->has("action")) { $kioskGui->front(); } elseif ($action == "endSession") { $kioskGui->endSession(); } elseif ($action == "addWare") { $kioskGui->addWare(); } elseif ($action == "removeWare") { $kioskGui->removeWare(); } elseif ($action == "sell") { if ($_POST['credit'] == 'yes' and $sessioninfo->kioskSaleTo > 1) { $credit = 1; } else { $credit = 0; } $qCreateSale = db_query("INSERT INTO " . $sql_prefix . "_kiosk_sales \n SET salesPerson = '{$sessioninfo->userID}',\n saleTime = '" . time() . "',\n soldTo = '" . $sessioninfo->kioskSaleTo . "',\n credit = '{$credit}',\n eventID = '{$sessioninfo->eventID}'"); $qSaleID = db_query("SELECT ID FROM " . $sql_prefix . "_kiosk_sales \n WHERE salesPerson = '{$sessioninfo->userID}' \n AND eventID = '{$sessioninfo->eventID}'\n ORDER BY ID DESC LIMIT 0,1"); $rSaleID = db_fetch($qSaleID); $saleID = $rSaleID->ID;
$content .= "</td>"; } // End else if ($rFindTicket->status != 'deleted' && $acl_ticket == ('Write' || 'Admin')) { $content .= "<td class='tdLink arrival-actions-common' style='background-color: orange;'"; $content .= " onClick='location.href=\"?module=arrival&action=deleteTicket&ticketID={$ticket}\"'>"; $content .= lang("Delete ticket", "arrival"); $content .= "</td>"; } elseif ($rFindTicket->status == 'deleted') { $content .= "<td class='arrival-actions-common' style='background-color: red;'>"; $content .= lang("Deleted", "arrival"); $content .= "</td>"; } $content .= "</tr></table>\n\n"; $content .= "<br />\n"; $userACL = acl_access("userAdmin", "", 1); if ($userACL == 'Write' || $userACL == 'Admin') { $content .= sprintf("<form method='POST' action='?module=edituserinfo&action=editUserinfo&user=%s'><input type='submit' value='%s' /></form>\n", $rFindTicket->user, _('Edit userinfo')); } //XXX: Should extra access be needed for changing owner? $content .= sprintf("<form method='POST' action='?module=arrival&action=changeowner&ticket=%d'><input type='submit' value='%s' /></form>\n", $rFindTicket->ticketID, _('Change owner')); $content .= sprintf("<form method='POST' action='?module=arrival&action=changeuser&ticket=%d'><input type='submit' value='%s' /></form>\n", $rFindTicket->ticketID, _('Change user')); } elseif ($action == "changeowner" && isset($_GET['ticket'])) { $ticket = $_GET['ticket']; $toUser = isset($_GET['toUser']) ? $_GET['toUser'] : null; $query = isset($_POST['query']) ? $_POST['query'] : null; if ($toUser) { db_query("UPDATE " . $sql_prefix . "_tickets SET owner = '" . db_escape($toUser) . "' WHERE ticketID = '" . db_escape($ticket) . "'"); header("Location: ?module=arrival&action=ticketdetail&ticket={$ticket}"); } $content .= "<h2>" . _("Search for new owner") . "</h2>\n";
<?php $action = $_GET['action']; $list = $_GET['list']; $option = $_GET['option']; if (!empty($list)) { $acl = acl_access("listing", $list, $sessioninfo->eventID); if ($acl == 'No') { die("No access"); } } $globalacl = acl_access("listing", "", $sessioninfo->eventID); if (!isset($action)) { $content .= "<table>"; for ($i = 0; $i < count($listingtype); $i++) { $content .= "<tr><td>"; if ($listingtype[$i]['option'] == 1) { $do_action = 'option'; } else { $do_action = 'viewlist'; } $content .= "<a href=?module=listing&action={$do_action}&list={$i}>"; $content .= $listingtype[$i]['name'] . "</a>"; $content .= "</td></tr>"; } $content .= "</table>"; } elseif ($action == "option" && isset($list)) { $content .= "<form method=GET>\n"; $content .= "<input type=hidden name='module' value='listing'>\n"; $content .= "<input type=hidden name='action' value='viewlist'>\n"; $content .= "<input type=hidden name='list' value='{$list}'>\n";
<?php $action = $_REQUEST['action']; if (acl_access("globaladmin", "", 0) != "Admin") { die("You do not have propper rights!"); } if (!isset($action)) { $content .= "<table>"; $content .= "<tr><th>" . lang("Event name", "globaladmin"); $content .= "</th><th>"; $content .= lang("Admin this event", "globaladmin"); $content .= "</th><th>" . lang("Set event public", "globaladmin"); $content .= "</th><th>" . _("Is open"); $content .= "</th><th>" . _("Design"); $content .= "</th></tr>\n\n"; $qListEvents = db_query("SELECT * FROM " . $sql_prefix . "_events WHERE ID != 1"); $rownum = 1; while ($rListEvents = db_fetch($qListEvents)) { if ($rownum == 3) { $rownum = 1; } $content .= "<tr class='row" . $rownum . "'><td>"; $content .= $rListEvents->eventname; $content .= "</td><td>"; $content .= "<a href=\"?module=events&action=setCurrentEvent&eventID={$rListEvents->ID}\">"; $content .= lang("Set active", "globaladmin"); $content .= "</a>"; $content .= "</td><td>"; if ($rListEvents->eventPublic == 1) { $content .= "<a href=\"?module=globaladmin&eventID={$rListEvents->ID}&action=setPrivate\">" . lang("Public", "globaladmin") . "</a>"; } else {
<?php $manager = NewsArticleManger::getInstance(); $acl = acl_access("news", "", $sessioninfo->eventID); $global_acl = acl_access("news", "", 1); $content .= "<div class=\"newsadmin\">"; if ($action == "newsadmin" && ($acl == 'Admin' || $acl == 'Write')) { $articles = $manager->getArticles($sessioninfo->eventID); if (count($articles) > 0) { $content .= "<h2>" . _("Manage news articles") . "</h2>"; $content .= "<table class='better-table'><tbody><tr><th>" . _("Name") . "</th><th>" . _("Actions") . "</th></tr>"; foreach ($articles as $article) { $content .= "\n\t\t\t<tr>\n\t\t\t\t<td>" . $article->getHeader() . "\n\t\t\t\t" . ($article->isActive() ? " <span style=\"color:#01B501; font-style:italic;\">(" . _("Published") . ")</span>" : " <span style=\"color:#EA0505; font-style:italic;\">(" . _("Draft") . ")</span>") . "\n\t\t\t\t" . ($article->isGlobal() ? " <span style=\"color:#E29405; font-style:italic;\">(" . _("Global") . ")</span>" : "") . "\n\t\t\t\t</td>\n\t\t\t\t<td>\n\t\t\t\t\t<button onclick=\"window.location = '?module={$module}&action=editArticle&articleID=" . $article->getArticleID() . "';\">" . _("Edit") . "</button>\n\t\t\t\t\t<button onclick=\"window.location = '?module={$module}&action=deleteArticle&articleID=" . $article->getArticleID() . "';\">" . _("Delete") . "</button>\n\t\t\t\t</td>\n\t\t\t</tr>\n\n"; } // end foreach $content .= "</tbody></table>\n\n"; } // end if $content .= "<div class=\"create-form\"><h2>" . _("Create new article") . "</h2>"; $content .= "<form method=\"post\" action=\"?module=news&action=doAddArticle\">\n"; $content .= "<input type=\"text\" name=\"articleHeader\" placeholder=\"" . _("Article header...") . "\" />\n"; $content .= "<input type=\"submit\" value='" . lang("Add new article", "news") . "' />\n"; $content .= "</form></div>"; $content .= ""; } elseif ($action == "doAddArticle" && ($acl == 'Admin' || $acl == 'Write')) { $header = $_POST['articleHeader']; $global_article = $_POST['global_article']; // Check if the article should be global, and set var if (($global_acl == 'Admin' || $global_acl == 'Write') && $global_article == 'on') { $global_article = true; } else {
<?php $userid = $_GET['user']; $useradminread = acl_access("userAdmin", "", 1); $userR = db_query("SELECT * FROM " . $sql_prefix . "_users WHERE ID = '" . db_escape($userid) . "'"); $user = db_fetch($userR); $border = "style='border: solid 1px black; border-collapse: collapse;'"; $content .= "<table {$border}>\n"; $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Name'), $border, $user->firstName . " " . $user->lastName); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Nick'), $border, $user->nick); if ($useradminread != "No") { $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Email'), $border, $user->EMail); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Cellphone'), $border, $user->cellphone); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Gender'), $border, _($user->gender)); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Birthday'), $border, $user->birthDay . ". " . $user->birthMonth . " " . $user->birthYear); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Address'), $border, $user->street); $content .= sprintf("<tr><th %s>%s</th><td %s>%s</td></tr>\n", $border, _('Postnumber'), $border, $user->postNumber); } $qFindGroups = db_query("SELECT g.groupname,e.eventname FROM (" . $sql_prefix . "_groups g JOIN " . $sql_prefix . "_group_members gm ON gm.groupID=g.ID) JOIN " . $sql_prefix . "_events e ON g.eventID=e.ID WHERE gm.userID = '" . $user->ID . "'"); if (db_num($qFindGroups)) { $content .= "<tr><th>"; $content .= _("Groupmemberships"); $content .= "</th><td><ul>"; while ($rFindGroups = db_fetch($qFindGroups)) { $content .= "<li>" . $rFindGroups->eventname . " – " . $rFindGroups->groupname . "</li>\n"; } $content .= "</ul></td></tr>\n\n\n"; } $content .= "</table>\n"; if ($useradminread != "No") { $content .= "<br />\n";
function seating_rights($seatX, $seatY, $ticketID, $eventID, $password = 0) { global $sql_prefix; global $sessioninfo; $qSeatInfo = db_query("SELECT * FROM " . $sql_prefix . "_seatReg WHERE eventID = '{$eventID}'\n AND seatX = '{$seatX}' AND seatY = '{$seatY}'"); $rSeatInfo = db_fetch($qSeatInfo); $seating_enabled = config("seating_enabled", $eventID); $returncode = 0; // Check event-rights $acl_event_seating = acl_access("seating", "", $eventID); // Check if the seat is already taken $qCheckAlreadySeated = db_query("SELECT seatingID FROM " . $sql_prefix . "_seatReg_seatings WHERE\n eventID = '{$eventID}' AND seatX = '{$seatX}' AND seatY = '{$seatY}'"); if (db_num($qCheckAlreadySeated) != 0) { $returncode = FALSE; } elseif ($acl_event_seating == 'Admin' || $acl_event_seating == 'Write') { $returncode = TRUE; } elseif ($seating_enabled == 1) { // Seating is enabled for this event? // Get info about the ticket $qTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE eventID = '{$eventID}' AND\n\tticketID = '{$ticketID}'"); $rTicketInfo = db_fetch($qTicketInfo); if ($rTicketInfo->owner == $sessioninfo->userID || $rTicketInfo->user == $sessioninfo->userID) { $type = $rSeatInfo->type; switch ($type) { case 'd': // Seat is a normal seat $returncode = 1; break; case 'g': // Groupprotected. Check if access to group if (acl_access("grouprights", $rSeatInfo->extra, "", $sessioninfo->userID) != 'No') { $returncode = 1; } break; case 'p': // Password-protected. Check if password correct if ($password == $rSeatInfo->extra) { $returncode = 1; } #die("password: $password, matching against $rSeatInfo->extra"); break; case 'r': // Right-protected. Check if the user has that right. if (acl_access($rSeatInfo->extra, "", "", $sessioninfo->userID) != 'No') { $returncode = 1; } default: die("type: " . $type); } // End switch($type) } // End if rTicketInfo->owner || user == session-userID } // End elseif(config(seating_enabled)) return $returncode; }
$qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'"); $rFindTicket = db_fetch($qFindTicket); if ($sessioninfo->userID != $rFindTicket->owner && acl_access("seating", "", $sessioninfo->eventID) != 'Admin') { } else { db_query("UPDATE " . $sql_prefix . "_tickets SET user = '******' WHERE ticketID = '" . db_escape($ticket) . "'"); } $logmsg['new_user'] = $toOwner; $logmsg['ticket'] = $ticket; log_add("ticketorder", "changeUser", serialize($logmsg)); header("Location: ?module=ticketorder"); } elseif (($action == "cancelTicket" || $action == "doCancelTicket") && isset($_GET['ticket'])) { $ticket = $_GET['ticket']; $qGetTicketInfo = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'"); $rGetTicketInfo = db_fetch($qGetTicketInfo); $allow_cancel = false; if (acl_access("ticketadmin", "", $sessioninfo->eventID) == ('Admin' || 'Write')) { $allow_cancel = true; } elseif ($sessioninfo->userID == $rGetTicketInfo->owner) { $allow_cancel = true; } if ($action == "cancelTicket" && $allow_cancel == true) { $content .= lang("Are you sure you wish to delete this ticket?", "ticketorder"); $content .= "<br><a href=?module=ticketorder>" . lang("No, this would be a mistake", "ticketorder") . "</a> - "; $content .= "<a href=?module=ticketorder&action=doCancelTicket&ticket={$ticket}>" . lang("Yes, I don't need it", "ticketorder") . "</a>"; } elseif ($action == "doCancelTicket" && $allow_cancel == true) { // Delete the ticket db_query("DELETE FROM " . $sql_prefix . "_tickets WHERE ticketID = '" . db_escape($ticket) . "'"); $logmsg[] = $rGetTicketInfo->ticketID; $logmsg[] = $rGetTicketInfo->ticketType; $logmsg[] = $rGetTicketInfo->owner; $logmsg[] = $rGetTicketInfo->user;
<?php $acl = acl_access("infoscreen", "", $sessioninfo->eventID); if ($acl == 'No' || $acl == 'Read') { die("No access to infoscreens"); } $action = $_GET['action']; $slidetable = $sql_prefix . "_infoscreensSlides"; $queuetable = $sql_prefix . "_infoscreensQueues"; $screentable = $sql_prefix . "_infoscreens"; if (empty($action)) { $content .= "<h2>" . _("Infoscreens") . "</h2>\n"; $content .= "<p>" . _('Remember that all slides must be considered public!') . "</p>\n"; #### START - screens #### $content .= "<div style='border: solid 1px black; border-collapse: collapse; padding: 10px;'>\n"; $content .= "<h3>" . _('Screens') . "</h3>"; $qFindScreens = db_query("SELECT * FROM " . $sql_prefix . "_infoscreens WHERE eventID = '{$sessioninfo->eventID}'"); $nFindScreens = db_num($qFindScreens); if ($nFindScreens > 0) { $content .= "<table style='border: solid 1px black; border-collapse: collapse;'>"; $content .= sprintf("<tr><th>%s</th><th>%s</th><th>%s</th></tr>", _("Name"), _("Preview"), _("Remove")); while ($rFindScreens = db_fetch($qFindScreens)) { $content .= "<tr><td style='border: solid 1px black; border-collapse: collapse;'>"; $content .= $rFindScreens->name; $content .= "</td><td style='border: solid 1px black; border-collapse: collapse; padding: 3px;'>\n"; $content .= "<a href='party.php?s={$rFindScreens->ID}'>" . _("Link to screen") . "</a></td>"; // Show remove button if has admin acl. if ($acl == 'Admin') { $content .= "<td style='border: solid 1px black; border-collapse: collapse; padding: 3px;'>"; $content .= "<form action='?module=infoscreens&action=rmScreen' method='post'>"; $content .= "<input type='hidden' name='screenID' value='{$rFindScreens->ID}'>";
<?php $eventID = $sessioninfo->eventID; $acl_access = acl_access("FAQ", "", $eventID); $action = $_GET['action']; $faqID = $_GET['faqID']; #if($acl_access == "No") # die("You do not have access to this!"); if ($action == "read") { // Read FAQs for current event. $qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ \n\t\tWHERE eventID = '" . db_escape($eventID) . "'"); while ($rFAQs = db_fetch($qFAQs)) { $content .= "<br /><a name=#" . $rFAQs->ID . " href=?module=FAQ&action=read&faqID={$rFAQs->ID}>"; $content .= $rFAQs->question; $content .= "</a>\n\n"; if ($faqID == $rFAQs->ID) { // The user has requested to view the current FAQ-ID $content .= "<br /><br />{$rFAQs->answer}"; } // End if $faqID == $rFAQs->ID } // End while $rFAQs = db_fetch() } elseif ($action == "adminFAQs") { // Do ACL-check if you have rights to do this if ($acl_access != 'Admin') { die("You have to have admin-rights to administer FAQs"); } $qFAQs = db_query("SELECT * FROM " . $sql_prefix . "_FAQ\n\t\tWHERE eventID = '" . db_escape($eventID) . "'"); if (db_num($qFAQs) != 0) { $content .= '<table>'; while ($rFAQs = db_fetch($qFAQs)) {
$bgcolor = 'green'; } $content .= "<tr bgcolor='{$bgcolor}'><td>"; $content .= $rFindSoldTickets->resellerTicketID; $content .= "</td><td>"; $content .= $rFindSoldTickets->resellerID; $content .= "</td><td>"; $content .= date("Y/m/d H:i", $rFindSoldTickets->saleTime); $content .= "</td></tr>"; } // End while $content .= "</table>"; } elseif ($action == "addTicket" && !empty($_GET['type'])) { $amount = $_POST['amount']; $type = $_GET['type']; if (acl_access("reseller", $type, $sessioninfo->eventID) == 'No') { die("No access to this ticketType"); } while ($amount) { $md5 = md5(rand(0, 10000)); $string = strtoupper(substr($md5, 0, 10)); $qCheckAlreadyUsed = db_query("SELECT * FROM " . $sql_prefix . "_ticketReseller WHERE resellerTicketID = '{$string}'"); if (db_num($qCheckAlreadyUsed) == 0) { // Key is not already used, use it db_query("INSERT INTO " . $sql_prefix . "_ticketReseller \n\t\t\t\tSET resellerTicketID = '{$string}',\n\t\t\t\tticketType = '" . db_escape($type) . "',\n\t\t\t\teventID = '{$sessioninfo->eventID}',\n\t\t\t\tresellerID = '{$sessioninfo->userID}',\n\t\t\t\tsaleTime = '" . time() . "'\n\t\t\t"); $content .= "<h1>" . $string . "</h1><br />"; $amount--; } // End if } // End while
<?php $action = $_GET['action']; $acl = acl_access("forum", "", $sessioninfo->eventID); if ($acl != 'Admin') { die("No access to forumadmin"); } $forumID = $_GET['forumID']; if (!isset($action) || $action == "editForum" && isset($_GET['forumID'])) { $qFindForums = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}'"); $content .= "<table>"; while ($rFindForums = db_fetch($qFindForums)) { $content .= "<tr><td class=tdLink onClick='location.href=\"?module=forumadmin&action=editForum&forumID={$rFindForums->ID}\"'>{$rFindForums->name}</td>"; if ($rFindForums->disabled == 0) { $lang_text = lang("Enabled"); } else { $lang_text = lang("Disabled"); } $content .= "<td><a href=?module=forumadmin&action=enableddisabled&forumID={$rFindForums->ID}>{$lang_text}</a>"; $content .= "</td></tr>\n"; } // End while $content .= "</table>\n\n"; if ($action == "editForum") { $qFindForum = db_query("SELECT * FROM " . $sql_prefix . "_forums WHERE eventID = '{$sessioninfo->eventID}' \n\t\t\tAND ID = '" . db_escape($_GET['forumID']) . "'"); $rFindForum = db_fetch($qFindForum); $content .= "<form method=POST action='?module=forumadmin&action=editForum&forumID=" . $_GET['forumID'] . "'>\n"; $submit_text = lang("Change forum"); } else { $content .= "<form method=POST action='?module=forumadmin&action=addForum'>\n"; $submit_text = lang("Add forum");