Example #1
0
function removeAmount($db)
{
    $entryID = $_POST['entry-id'];
    $query = "SELECT qty FROM orders WHERE order_id = '{$entryID}'";
    $result = mysqli_query($db, $query);
    if (!$result) {
        die('Invalid query: ' . mysqli_error($db));
    }
    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
    if ($row['qty'] == 1) {
        deleteEntry($db);
    } else {
        $query = "UPDATE orders SET qty=qty-1 WHERE order_id='{$entryID}'";
        $result = mysqli_query($db, $query);
        if (!$result) {
            die('Invalid query: ' . mysqli_error($db));
        }
    }
}
function removeNewPortal()
{
    global $smcFunc;
    //Managing adkportal? remove it
    isAllowedTo('adk_portal');
    //Set it idremove
    $id_topic = (int) $_REQUEST['remove'];
    $sql = $smcFunc['db_query']('', '
		SELECT id_new
		FROM {db_prefix}topics
		WHERE id_topic = {int:topic}', array('topic' => $id_topic));
    if ($smcFunc['db_num_rows']($sql) == 0) {
        redirectexit();
    }
    list($id_new) = $smcFunc['db_fetch_row']($sql);
    $smcFunc['db_free_result']($sql);
    $smcFunc['db_query']('', '
		UPDATE {db_prefix}topics
		SET id_new = {int:new}
		WHERE id_topic = {int:t}', array('new' => 0, 't' => $id_topic));
    deleteEntry('adk_news', 'id = {int:id}', array('id' => $id_new));
    redirectexit('topic=' . $id_topic . '.0');
}
$login_status = getLoginState($get);
if ($login_status["status"] !== true) {
    $login_status["error"] = "Invalid user";
    $login_status["human_error"] = "You're not logged in as a valid user to edit this. Please log in and try again.";
    returnAjax($login_status);
}
switch ($admin_req) {
    # Stuff
    case "save":
        returnAjax(saveEntry($_REQUEST));
        break;
    case "new":
        returnAjax(newEntry($_REQUEST));
        break;
    case "delete":
        returnAjax(deleteEntry($_REQUEST));
        break;
    default:
        returnAjax(getLoginState($_REQUEST, true));
}
function saveEntry($get)
{
    /***
     * Save a new taxon entry
     ***/
    $data64 = $get["data"];
    $enc = strtr($data64, '-_', '+/');
    $enc = chunk_split(preg_replace('!\\015\\012|\\015|\\012!', '', $enc));
    $enc = str_replace(' ', '+', $enc);
    $data_string = base64_decode($enc);
    $data = json_decode($data_string, true);
Example #4
0
 if (inputExists($_POST, $unique_id) && $_POST[$unique_id] !== $_POST[$original_unique_id]) {
     checkDataUnique($database, $_POST, $table, $unique_id, $json_return);
 }
 checkDataValid($database, $_POST, 'itemType', 'primaryType', $json_return);
 //checkCombinedDataValid($database, $_POST, 'itemType', 'secondaryType', 'primaryType', $json_return, $exceptions);
 checkInputExists($_POST, 'description', $json_return);
 // add rpg
 $_POST['rpg'] = 'dales';
 // delete possibility from all subtables.
 // this is necessary if the edit has changed the primaryType.
 deleteEntry('ammunition', $_POST, $unique_id, $database, $json_return);
 deleteEntry('arcane', $_POST, $unique_id, $database, $json_return);
 deleteEntry('valuable', $_POST, $unique_id, $database, $json_return);
 deleteEntry('armor', $_POST, $unique_id, $database, $json_return);
 deleteEntry('consumable', $_POST, $unique_id, $database, $json_return);
 deleteEntry('weapon', $_POST, $unique_id, $database, $json_return);
 // now check individual item types
 if ($_POST['primaryType'] === 'Ammunition') {
     checkInputExists($_POST, 'quantityForValue', $json_return);
     checkInputExists($_POST, 'type', $json_return);
     if ($json_return['status'] === "OK") {
         insertInto('ammunition', $_POST, $exceptions, $primary_key, $database, $json_return);
     }
 } else {
     if ($_POST['primaryType'] === 'Arcane') {
         checkDataValid($database, $_POST, 'rarity', 'rarity', $json_return);
         if ($json_return['status'] === "OK") {
             insertInto('arcane', $_POST, $exceptions, $primary_key, $database, $json_return);
         }
     } else {
         if ($_POST['primaryType'] === 'Valuable') {
Example #5
0
    if (!Acl::check("group.editors")) {
        if (getUserIdOfEntry(getBlogId(), $suri['id']) != getUserId()) {
            Respond::ResultPage(-1);
            exit;
        }
    }
    if ($isAjaxRequest) {
        if (deleteEntry($blogid, $suri['id']) === true) {
            Respond::ResultPage(0);
        } else {
            Respond::ResultPage(-1);
        }
    } else {
        deleteEntry($blogid, $suri['id']);
        header("Location: " . $_SERVER['HTTP_REFERER']);
    }
} else {
    foreach (explode(',', $_POST['targets']) as $target) {
        // TeamBlog check
        if (!Acl::check('group.writers', 'entry.delete.' . $target)) {
            if (getUserIdOfEntry(getBlogId(), $suri['id']) != getUserId()) {
                Respond::ResultPage(-1);
                exit;
            }
        }
        if (!deleteEntry($blogid, $target)) {
            Respond::ResultPage(-1);
        }
    }
    Respond::ResultPage(0);
}
Example #6
0
function deleteicon()
{
    global $smcFunc, $context, $boarddir, $adkFolder;
    checkSession('get');
    if (!empty($_REQUEST['id']) && is_numeric($_REQUEST['id'])) {
        $id = (int) $_REQUEST['id'];
    } else {
        fatal_lang_error('adkfatal_wrong_icon_id', false);
    }
    $sql = $smcFunc['db_query']('', '
		SELECT icon 
		FROM {db_prefix}adk_icons
		WHERE id_icon = {int:icon}', array('icon' => $id));
    $row = $smcFunc['db_fetch_assoc']($sql);
    $smcFunc['db_free_result']($sql);
    if (file_exists($adkFolder['main'] . '/images/blocks/' . $row['icon'])) {
        @unlink($adkFolder['main'] . '/images/blocks/' . $row['icon']);
    }
    //Now DELETE DB
    deleteEntry('adk_icons', 'id_icon = {int:icon}', array('icon' => $id));
    redirectexit('action=admin;area=adkadmin;sa=manageicons;' . $context['session_var'] . '=' . $context['session_id']);
}
function displayCalendar($formframes, $mainforms = "", $viewHandles, $dateHandles, $filters, $viewPrefixes, $scopes, $hidden, $type = "month", $start = "", $multiPageData = "")
{
    global $xoopsDB, $xoopsUser;
    global $xoopsTpl;
    // Set some required variables
    $mid = getFormulizeModId();
    for ($i = 0; $i < count($formframes); $i++) {
        unset($fid);
        unset($frid);
        if ($mainforms[$i]) {
            list($fid, $frid) = getFormFramework($formframes[$i], $mainforms[$i]);
        } else {
            list($fid, $frid) = getFormFramework($formframes[$i]);
        }
        $fids[] = $fid;
        $frids[] = $frid;
    }
    $gperm_handler =& xoops_gethandler('groupperm');
    $member_handler =& xoops_gethandler('member');
    $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
    $uid = $xoopsUser ? $xoopsUser->getVar('uid') : 0;
    foreach ($fids as $thisFid) {
        // check that the user is allowed to see all the fids
        if (!($scheck = security_check($thisFid, "", $uid, "", $groups, $mid, $gperm_handler))) {
            print "<p>" . _NO_PERM . "</p>";
            return;
        }
    }
    $currentURL = getCurrentURL();
    // get the current view, ie: the month
    if ($_POST['calview']) {
        // if we're recieving a view from a form submission...
        $settings['calview'] = $_POST['calview'];
    } else {
        if (!$start) {
            // nothing passed from form, and no default value specified, so use current date
            $today = getDate();
            if ($today['mon'] < 10) {
                $today['mon'] = "0" . $today['mon'];
            }
            $settings['calview'] = $today['year'] . "-" . $today['mon'];
        } else {
            $settings['calview'] = $start;
        }
    }
    $settings['calfrid'] = $_POST['calfrid'];
    $settings['calfid'] = $_POST['calfid'];
    $settings['calhidden'] = $hidden;
    // check to see if a switch to a form has been requested
    $settings['ventry'] = $_POST['ventry'];
    if ($settings['ventry']) {
        if ($_POST['ventry'] == "addnew") {
            $this_ent = "";
            $dateOverride = $_POST['adddate'];
        } elseif ($_POST['ventry'] == "proxy") {
            // support for proxies not currently written
            $this_ent = "proxy";
        } else {
            $this_ent = $_POST['ventry'];
        }
        if ($_POST['calfrid']) {
            if (isset($multiPageData[$_POST['calfid']])) {
                if (is_numeric($multiPageData[$_POST['calfid']])) {
                    // numeric value indicates a screen id
                    $screenData = readScreenId($multiPageData[$_POST['calfid']], $_POST['calfid']);
                    if (is_array($screenData)) {
                        $multiPageData = $screenData;
                    }
                }
                include_once XOOPS_ROOT_PATH . "/modules/formulize/include/formdisplaypages.php";
                displayFormPages($_POST['calfrid'], $this_ent, $_POST['calfid'], $multiPageData[$_POST['calfid']]['pages'], $multiPageData[$_POST['calfid']]['conditions'], $multiPageData[$_POST['calfid']]['introtext'], $multiPageData[$_POST['calfid']]['thankstext'], $currentURL, _formulize_CAL_RETURNFROMMULTI, $settings, $dateOverride, $multiPageData[$_POST['calfid']]['printall']);
            } else {
                displayForm($_POST['calfrid'], $this_ent, $_POST['calfid'], $currentURL, "", $settings, "", $dateOverride, 1, 1);
                // first "" is the done text, second is the onetoonetitles, last two 1s are the overrides for multi form behaviour
            }
            return;
        } else {
            if (isset($multiPageData[$_POST['calfid']])) {
                if (is_numeric($multiPageData[$_POST['calfid']])) {
                    // numeric value indicates a screen id
                    $screenData = readScreenId($multiPageData[$_POST['calfid']], $_POST['calfid']);
                    if (is_array($screenData)) {
                        $multiPageData = $screenData;
                    }
                }
                include_once XOOPS_ROOT_PATH . "/modules/formulize/include/formdisplaypages.php";
                displayFormPages($_POST['calfid'], $this_ent, "", $multiPageData[$_POST['calfid']]['pages'], $multiPageData[$_POST['calfid']]['conditions'], $multiPageData[$_POST['calfid']]['introtext'], $multiPageData[$_POST['calfid']]['thankstext'], $currentURL, _formulize_CAL_RETURNFROMMULTI, $settings, $dateOverride, $multiPageData[$_POST['calfid']]['printall']);
            } else {
                displayForm($_POST['calfid'], $this_ent, "", $currentURL, "", $settings, "", $dateOverride, 1, 1);
                // "" is the done text
            }
            return;
        }
    }
    // handle deletion if requested, added sept 18 2005
    if ($_POST['delentry']) {
        deleteEntry($_POST['delentry'], $_POST['delfrid'], $_POST['delfid'], $gperm_handler, $member_handler, $mid);
    }
    // get the data for all the fids
    // 1. convert the scopes for each one
    // 2. do the extraction (filter by calview)
    include_once XOOPS_ROOT_PATH . "/modules/formulize/include/extract.php";
    for ($i = 0; $i < count($fids); $i++) {
        $scope = "";
        if ($scopes[$i]) {
            list($scope, $throwAwayCurrentView) = buildScope($scopes[$i], $member_handler, $gperm_handler, $uid, $groups, $fids[$i], $mid);
        }
        if (is_array($dateHandles[$i])) {
            $dateField = $dateHandles[$i][0];
            $dateField2 = $dateHandles[$i][1];
        } else {
            $dateField = $dateHandles[$i];
            $dateField2 = "";
        }
        if (!$frids[$i]) {
            $filterDH = $dateField;
            $filterDH2 = $dateField2;
        } else {
            $filterDH = $dateField;
            $filterDH2 = $dateField2;
        }
        // new, complex filter format is:
        // $filter[0][0] -- andor setting for filter 0
        // $filter[0][1] -- filter for filter 0
        $filter = array();
        $filter[0][0] = "OR";
        $filter[0][1] = $filterDH . "/**/" . $settings['calview'];
        if ($filterDH2) {
            $filter[0][1] .= "][" . $filterDH2 . "/**/" . $settings['calview'];
        }
        if ($filters[$i]) {
            $filter[1][0] = "AND";
            $filter[1][1] = $filters[$i];
        }
        $data[$i] = getData($frids[$i], $fids[$i], $filter, "AND", $scope);
        $data[$i] = resultSort($data[$i], $dateField);
    }
    // need the formatting magic to go here, to whip it all into a nice calendar
    // basic display of data is below
    // demonstrates linking to a form for updating/viewing that entry
    // demonstrates altering the calview setting to change months
    // need to do something a little more complex for adding a new entry, since we have to know for which fid/frid pair the add operation is being requested.
    // probably best to leave out adding for now and leave it as a future feature.  It can always be custom added within a pageworks page if necessary for a particular calendar
    $rights = $gperm_handler->checkRight("add_own_entry", $fid, $groups, $mid);
    // information to pass to the template
    global $calendarData;
    // initialize language constants
    global $arrayMonthNames;
    global $arrayWeekNames;
    global $dateMonthStartDay;
    $arrayMonthNames = array(_formulize_CAL_MONTH_01, _formulize_CAL_MONTH_02, _formulize_CAL_MONTH_03, _formulize_CAL_MONTH_04, _formulize_CAL_MONTH_05, _formulize_CAL_MONTH_06, _formulize_CAL_MONTH_07, _formulize_CAL_MONTH_08, _formulize_CAL_MONTH_09, _formulize_CAL_MONTH_10, _formulize_CAL_MONTH_11, _formulize_CAL_MONTH_12);
    if ($type == "mini_month") {
        $arrayWeekNames = array(_formulize_CAL_WEEK_1_3ABRV, _formulize_CAL_WEEK_2_3ABRV, _formulize_CAL_WEEK_3_3ABRV, _formulize_CAL_WEEK_4_3ABRV, _formulize_CAL_WEEK_5_3ABRV, _formulize_CAL_WEEK_6_3ABRV, _formulize_CAL_WEEK_7_3ABRV);
    } else {
        $arrayWeekNames = array(_formulize_CAL_WEEK_1, _formulize_CAL_WEEK_2, _formulize_CAL_WEEK_3, _formulize_CAL_WEEK_4, _formulize_CAL_WEEK_5, _formulize_CAL_WEEK_6, _formulize_CAL_WEEK_7);
    }
    // convert string date into parts
    $arrayDate = getdate(strtotime($settings['calview'] . "-01"));
    $dateMonth = $arrayDate["mon"];
    $dateDay = $arrayDate["mday"];
    $dateYear = $arrayDate["year"];
    // get the number of days in the month.
    $dateMonthDays = days_in_month($dateMonth, $dateYear);
    // get the month's first week start day.
    $dateMonthStartDay = $arrayDate["wday"];
    // get the number of weeks.
    $dateMonthWeeks = week_in_month($dateMonthDays) + 1;
    // intialize MONTH template information
    // each cell is an array:
    // [0] - is control information, where each entry is an array:
    //     [0] - day number
    //     [1] - send date
    // [1] - is an array containing all items, where each item is also an array:
    //     [0] - $ids[0]
    //     [1] - $frids[$i]
    //     [2] - $fids[$i]
    //     [3] - $textToDisplay
    //     [4] - true/false based on user's right to delete this item (based on either delete own, or delete others permission)
    if ($type == "month" || $type == "mini_month" || $type == "micro_month") {
        // initialize grid: convert the data set into a grid of 7 columns for
        //  days and a row for each week
        $displayDay = "";
        for ($intWeeks = 0; $intWeeks < $dateMonthWeeks; $intWeeks++) {
            $calendarData[$intWeeks] = array();
            for ($intDays = 0; $intDays < 7; $intDays++) {
                // check to see if the processing day is the start day.
                if ($intWeeks == 0 && $displayDay == "") {
                    if ($intDays == $dateMonthStartDay) {
                        $displayDay = 1;
                    }
                } else {
                    if ($displayDay != "") {
                        $displayDay++;
                        if ($displayDay > $dateMonthDays) {
                            $displayDay = "";
                        }
                    }
                }
                $calendarData[$intWeeks][$intDays] = array();
                $calendarData[$intWeeks][$intDays][0][0] = $displayDay;
                $calendarData[$intWeeks][$intDays][0][1] = $dateYear . "-" . $dateMonth . "-" . ($displayDay < 10 ? "0" . $displayDay : $displayDay);
                //$calendarData[$intWeeks][$intDays][1] = array();
            }
        }
        // Initialize template variables
        $xoopsTpl->assign('previousMonth', $dateMonth - 1 < 1 ? $dateYear - 1 . "-12" : $dateYear . "-" . ($dateMonth - 1 < 10 ? "0" . ($dateMonth - 1) : $dateMonth - 1));
        $xoopsTpl->assign('nextMonth', $dateMonth + 1 > 12 ? $dateYear + 1 . "-01" : $dateYear . "-" . ($dateMonth + 1 < 10 ? "0" . ($dateMonth + 1) : $dateMonth + 1));
        $monthSelector = array();
        $numberOfMonths = count($arrayMonthNames);
        for ($intMonth = 0; $intMonth < $numberOfMonths; $intMonth++) {
            $monthName = $arrayMonthNames[$intMonth];
            $monthSelector[$intMonth + 1 < 10 ? "0" . ($intMonth + 1) : $intMonth + 1] = $monthName;
        }
        $xoopsTpl->assign('monthSelector', $monthSelector);
        $yearSelector = array();
        $startYear = $dateYear - 4;
        $endYear = $dateYear + 3;
        for ($intYear = $startYear; $intYear <= $endYear; $intYear++) {
            $yearSelector[] = $intYear;
        }
        $xoopsTpl->assign('yearSelector', $yearSelector);
    }
    // process data set(s)
    for ($i = 0; $i < count($data); $i++) {
        foreach ($data[$i] as $id => $entry) {
            if (!$frids[$i]) {
                if (is_array($viewHandles[$i])) {
                    $formhandle = getFormHandleFromEntry($entry, $viewHandles[$i][0]);
                } else {
                    $formhandle = getFormHandleFromEntry($entry, $viewHandles[$i]);
                }
            } else {
                $formhandle = $mainforms[$i];
            }
            $ids = internalRecordIds($entry, $formhandle);
            if (is_array($viewHandles[$i])) {
                $needsep = 0;
                // make sure that no data is keep from previous processing
                $textToDisplay = "";
                foreach ($viewHandles[$i] as $thisVH) {
                    if ($needsep) {
                        $textToDisplay .= ", ";
                    }
                    $needsep = 1;
                    $textToDisplay .= display($entry, $thisVH);
                }
            } else {
                $textToDisplay = display($entry, $viewHandles[$i]);
            }
            if ($viewPrefixes[$i]) {
                $textToDisplay = $viewPrefixes[$i] . $textToDisplay;
            }
            $calendarDataItem = array();
            $calendarDataItem[0] = $ids[0];
            $calendarDataItem[1] = $frids[$i];
            $calendarDataItem[2] = $fids[$i];
            $calendarDataItem[3] = $textToDisplay;
            $calendarDataItem[4] = ($i == 0 and formulizePermHandler::user_can_delete_entry($fids[$i], display($entry, "uid"), $ids[0]));
            if ($type == "month" || $type == "mini_month" || $type == "micro_month") {
                if (is_array($dateHandles[$i])) {
                    $startValue = display($entry, $dateHandles[$i][0]);
                    $endValue = display($entry, $dateHandles[$i][1]);
                    if ($startValue && $endValue) {
                        $startDate = strtotime($startValue);
                        $endDate = strtotime($endValue);
                        for ($x = $startDate; $x <= $endDate; $x = $x + 86400) {
                            $arrayDate = getdate($x);
                            if ($arrayDate["mon"] == $dateMonth) {
                                $calendarData = assignItem($arrayDate, $calendarDataItem, $calendarData);
                            }
                        }
                    } else {
                        if ($startValue) {
                            $startDate = strtotime($startValue);
                            $arrayDate = getdate($startDate);
                            $calendarData = assignItem($arrayDate, $calendarDataItem, $calendarData);
                        } else {
                            $endDate = strtotime($endValue);
                            $arrayDate = getdate($endDate);
                            $calendarData = assignItem($arrayDate, $calendarDataItem, $calendarData);
                        }
                    }
                } else {
                    $currentDate = display($entry, $dateHandles[$i]);
                    $arrayDate = getdate(strtotime($currentDate));
                    $calendarData = assignItem($arrayDate, $calendarDataItem, $calendarData);
                }
            }
        }
    }
    // Initialize common template variables
    $xoopsTpl->assign('cal_type', $type);
    $xoopsTpl->assign('rights', $rights);
    $xoopsTpl->assign('frids', $frids[0]);
    $xoopsTpl->assign('fids', $fids[0]);
    $xoopsTpl->assign('addItem', _formulize_CAL_ADD_ITEM);
    $xoopsTpl->assign('rowStyleEven', true);
    $xoopsTpl->assign('MonthNames', $arrayMonthNames);
    $xoopsTpl->assign('WeekNames', $arrayWeekNames);
    $xoopsTpl->assign('dateMonthZeroIndex', $dateMonth - 1);
    $xoopsTpl->assign('dateMonth', $dateMonth);
    $xoopsTpl->assign('dateYear', $dateYear);
    $xoopsTpl->assign('currentURL', $currentURL);
    $xoopsTpl->assign('hidden', $hidden);
    $xoopsTpl->assign('calview', $settings['calview']);
    $xoopsTpl->assign('calendarData', $calendarData);
    $xoopsTpl->assign('delete', _formulize_DELETE);
    $xoopsTpl->assign('delconf', _formulize_DELCONF);
    // force template to be drawn
    $xoopsTpl->display("db:calendar_" . $type . ".html");
}
Example #8
0
if (isGET('draft') && isAdmin() && isValidEntry('drafts', GET('draft'))) {
    $draft = GET('draft');
    if (check('title') && check('content') && check('id')) {
        $post = newEntry(cleanMagic($_POST['id']));
        $postEntry['title'] = clean(cleanMagic($_POST['title']));
        $postEntry['content'] = cleanMagic($_POST['content']);
        $postEntry['locked'] = $_POST['locked'] === 'yes';
        $addedTags = $_POST['tags'] ? $_POST['tags'] : array();
        $postEntry['tags'] = $addedTags;
        saveEntry('posts', $post, $postEntry);
        foreach ($addedTags as $tag) {
            $tagEntry = readEntry('tags', $tag);
            $tagEntry['posts'][$post] = $post;
            saveEntry('tags', $tag, $tagEntry);
        }
        deleteEntry('drafts', $draft);
        redirect('view.php?post=' . $post);
    } else {
        $draftEntry = readEntry('drafts', $draft);
        $tagOptions = array();
        foreach (listEntry('tags') as $tag) {
            $tagEntry = readEntry('tags', $tag);
            $tagOptions[$tag] = $tagEntry['name'];
        }
        $out['title'] = $lang['publishPost'] . ': ' . $draftEntry['title'];
        $out['content'] .= '<form action="./publish.php?draft=' . $draft . '" method="post">
    <p>' . text('title', $draftEntry['title']) . '</p>
    <p>' . text('id', substr($draft, 20)) . '</p>
    <p>' . textarea('content', clean($draftEntry['content'])) . '</p>
    <p>' . select('locked', array('yes' => $lang['yes'], 'no' => $lang['no']), $postEntry['locked'] ? 'yes' : 'no') . '</p>
    <p>' . multiselect('tags', $tagOptions, $postEntry['tags']) . '</p>
Example #9
0
        if (isGET('comment') && (isAdmin() || isAuthor(GET('comment')))) {
            $comment = GET('comment');
            $commentEntry = readEntry('comments', $comment);
            deleteEntry('comments', $comment);
            $postEntry = readEntry('posts', $commentEntry['post']);
            unset($postEntry['comments'][$comment]);
            saveEntry('posts', $commentEntry['post'], $postEntry);
            redirect('view.php?post=' . $commentEntry['post'] . '#comments');
        } else {
            if (isGET('link') && isAdmin()) {
                deleteEntry('links', GET('link'));
                home();
            } else {
                if (isGET('tag') && isAdmin()) {
                    $tag = GET('tag');
                    $tagEntry = readEntry('tags', $tag);
                    deleteEntry('tags', $tag);
                    foreach ($tagEntry['posts'] as $post) {
                        $postEntry = readEntry('posts', $post);
                        $postEntry['tags'] = array_diff($postEntry['tags'], array($tag));
                        saveEntry('posts', $post, $postEntry);
                    }
                    home();
                } else {
                    home();
                }
            }
        }
    }
}
require 'templates/page.php';
function displayEntries($formframe, $mainform = "", $loadview = "", $loadOnlyView = 0, $viewallforms = 0, $screen = null)
{
    formulize_benchmark("start of drawing list");
    global $xoopsDB, $xoopsUser;
    // Set some required variables
    $mid = getFormulizeModId();
    list($fid, $frid) = getFormFramework($formframe, $mainform);
    $gperm_handler =& xoops_gethandler('groupperm');
    $member_handler =& xoops_gethandler('member');
    $groups = $xoopsUser ? $xoopsUser->getGroups() : array(0 => XOOPS_GROUP_ANONYMOUS);
    $uid = $xoopsUser ? $xoopsUser->getVar('uid') : "0";
    if (!($scheck = security_check($fid, "", $uid, "", $groups, $mid, $gperm_handler))) {
        print "<p>" . _NO_PERM . "</p>";
        return;
    }
    // must wrap security check in only the conditions in which it is needed, so we don't interfere with saving data in a form (which independently checks the security token)
    $formulize_LOESecurityPassed = (isset($GLOBALS['formulize_securityCheckPassed']) and $GLOBALS['formulize_securityCheckPassed']) ? true : false;
    if (($_POST['delconfirmed'] or $_POST['cloneconfirmed'] or $_POST['delviewid_formulize'] or $_POST['saveid_formulize'] or is_numeric($_POST['caid'])) and !$formulize_LOESecurityPassed) {
        $module_handler =& xoops_gethandler('module');
        $config_handler =& xoops_gethandler('config');
        $formulizeModule =& $module_handler->getByDirname("formulize");
        $formulizeConfig =& $config_handler->getConfigsByCat(0, $formulizeModule->getVar('mid'));
        $modulePrefUseToken = $formulizeConfig['useToken'];
        $useToken = $screen ? $screen->getVar('useToken') : $modulePrefUseToken;
        if (isset($GLOBALS['xoopsSecurity']) and $useToken) {
            $formulize_LOESecurityPassed = $GLOBALS['xoopsSecurity']->check();
        } else {
            // if there is no security token, then assume true -- necessary for old versions of XOOPS.
            $formulize_LOESecurityPassed = true;
        }
    }
    // check for all necessary permissions
    $add_own_entry = $gperm_handler->checkRight("add_own_entry", $fid, $groups, $mid);
    $delete_own_reports = $gperm_handler->checkRight("delete_own_reports", $fid, $groups, $mid);
    $delete_other_reports = $gperm_handler->checkRight("delete_other_reports", $fid, $groups, $mid);
    $update_other_reports = $gperm_handler->checkRight("update_other_reports", $fid, $groups, $mid);
    $update_own_reports = $gperm_handler->checkRight("update_own_reports", $fid, $groups, $mid);
    $view_globalscope = $gperm_handler->checkRight("view_globalscope", $fid, $groups, $mid);
    $view_groupscope = $gperm_handler->checkRight("view_groupscope", $fid, $groups, $mid);
    // Question:  do we need to add check here to make sure that $loadview is an available report (move function call from the generateViews function) and if it is not, then nullify
    // we may want to be able to pass in any old report, it's kind of like a way to override the publishing process.  Problem is unpublished reports or reports that aren't actually published to the user won't show up in the list of views.
    // [update: loaded views do not include the list of views, they have no interface at all except quick searches and quick sorts.  Since the intention is clearly for them to be accessed through pageworks, we will leave the permission control up to the application designer for now]
    $currentURL = getCurrentURL();
    // get title
    $displaytitle = getFormTitle($fid);
    // get default info and info passed to page....
    // clear any default search text that has been passed (because the user didn't actually search for anything)
    foreach ($_POST as $k => $v) {
        if (substr($k, 0, 7) == "search_" and $v == _formulize_DE_SEARCH_HELP) {
            unset($_POST[$k]);
            break;
            // assume this is only sent once, since the help text only appears in the first column
        }
    }
    // check for deletion request (set by 'delete selected' button)
    if ($_POST['delconfirmed'] and $formulize_LOESecurityPassed) {
        foreach ($_POST as $k => $v) {
            if (substr($k, 0, 7) == "delete_" and $v != "") {
                $delete_entry_id = substr($k, 7);
                // confirm user has permission to delete this entry
                if (formulizePermHandler::user_can_delete_entry($fid, $uid, $delete_entry_id)) {
                    $GLOBALS['formulize_deletionRequested'] = true;
                    // new syntax for deleteEntry, Sept 18 2005 -- used to handle deleting all unified display entries that are linked to this entry.
                    if ($frid) {
                        deleteEntry($delete_entry_id, $frid, $fid, $gperm_handler, $member_handler, $mid);
                    } else {
                        deleteEntry($delete_entry_id, "", $fid);
                    }
                }
            }
        }
    }
    // check for cloning request and if present then clone entries
    if ($_POST['cloneconfirmed'] and $formulize_LOESecurityPassed and $add_own_entry) {
        foreach ($_POST as $k => $v) {
            if (substr($k, 0, 7) == "delete_" and $v != "") {
                $thisentry = substr($k, 7);
                cloneEntry($thisentry, $frid, $fid, $_POST['cloneconfirmed']);
                // cloneconfirmed is the number of copies required
            }
        }
    }
    // handle deletion of view...reset currentView
    if ($_POST['delview'] and $formulize_LOESecurityPassed and ($delete_other_reports or $delete_own_reports)) {
        if (substr($_POST['delviewid_formulize'], 1, 4) == "old_") {
            $delviewid_formulize = substr($_POST['delviewid_formulize'], 5);
        } else {
            $delviewid_formulize = substr($_POST['delviewid_formulize'], 1);
        }
        if ($delete_other_reports or $xoopsUser->getVar('uid') == getSavedViewOwner($delviewid_formulize)) {
            // "get saved view owner" only works with new saved view format in 2.0 or greater, but since that is 2.5 years old now, should be good to go!
            if (substr($_POST['delviewid_formulize'], 1, 4) == "old_") {
                $sql = "DELETE FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id='" . $delviewid_formulize . "'";
            } else {
                $sql = "DELETE FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id='" . $delviewid_formulize . "'";
            }
            if (!($res = $xoopsDB->query($sql))) {
                exit("Error deleting report: " . $_POST['delviewid_formulize']);
            }
            unset($_POST['currentview']);
            $_POST['resetview'] = 1;
        }
    }
    // if resetview is set, then unset POST and then set currentview to resetview
    // intended for when a user switches from a locked view back to a basic view.  In that case we want all settings to be cleared and everything to work like the basic view, rather than remembering, for instance, that the previous view had a calculation or a search of something.
    // users who view reports (views) that aren't locked can switch back to a basic view and retain settings.  This is so they can make changes to a view and then save the updates.  It is also a little confusing to switch from a predefined view to a basic one but have the predefined view's settings still hanging around.
    // recommendation to users should be to lock the controls for all published views.
    // (this routine also invoked when a view has been deleted)
    $resetview = false;
    if ($_POST['resetview']) {
        $resetview = $_POST['currentview'];
        foreach ($_POST as $k => $v) {
            unset($_POST[$k]);
        }
        $_POST['currentview'] = $resetview;
    }
    // handle saving of the view if that has been requested
    // only do this if there's a saveid_formulize and they passed the security check, and any one of these:  they can update other reports, or this is a "new" view, or this is not a new view, and it belongs to them and they have update own reports permission
    if ($_POST['saveid_formulize'] and $formulize_LOESecurityPassed and ($update_other_reports or (is_numeric($_POST['saveid_formulize']) and ($update_own_reports and $xoopsUser->getVar('uid') == getSavedViewOwner($_POST['saveid_formulize'])) or $_POST['saveid_formulize'] == "new"))) {
        // gather all values
        //$_POST['currentview'] -- from save (they might have updated/changed the scope)
        //possible situations:
        // user replaced a report, so we need to set that report as the name of the dropdown, value is currentview
        // user made a new report, so we need to set that report as the name and the value is currentview
        // so name of the report gets sent to $loadedView, which also gets assigned to settings array
        // report is either newid or newname if newid is "new"
        // newscope goes to $_POST['currentview']
        //$_POST['oldcols'] -- from page
        //$_POST['asearch'] -- from page
        //$_POST['calc_cols'] -- from page
        //$_POST['calc_calcs'] -- from page
        //$_POST['calc_blanks'] -- from page
        //$_POST['calc_grouping'] -- from page
        //$_POST['sort'] -- from page
        //$_POST['order'] -- from page
        //$_POST['hlist'] -- passed from page
        //$_POST['hcalc'] -- passed from page
        //$_POST['lockcontrols'] -- passed from save
        //and quicksearches -- passed with the page
        // pubgroups -- passed from save
        $_POST['currentview'] = $_POST['savescope'];
        $saveid_formulize = $_POST['saveid_formulize'];
        $_POST['lockcontrols'] = $_POST['savelock'];
        $savegroups = $_POST['savegroups'];
        // put name into loadview
        if ($saveid_formulize != "new") {
            if (!strstr($saveid_formulize, "old_")) {
                // if it's not a legacy report...
                $sname = q("SELECT sv_name, sv_owner_uid FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id = \"" . substr($saveid_formulize, 1) . "\"");
                if ($sname[0]['sv_owner_uid'] == $uid) {
                    $loadedView = $saveid_formulize;
                } else {
                    $loadedView = "p" . substr($saveid_formulize, 1);
                }
            }
        }
        $savename = $_POST['savename'];
        if (get_magic_quotes_gpc()) {
            $savename = stripslashes($savename);
        }
        // flatten quicksearches -- one value in the array for every column in the view
        $allcols = explode(",", $_POST['oldcols']);
        foreach ($allcols as $thiscol) {
            $allquicksearches[] = $_POST['search_' . $thiscol];
        }
        // need to grab all hidden quick searches and then add any hidden columns to the column list...need to reverse this process when loading views
        foreach ($_POST as $k => $v) {
            if (substr($k, 0, 7) == "search_" and $v != "") {
                if (!in_array(substr($k, 7), $allcols) and substr($v, 0, 1) == "!" and substr($v, -1) == "!") {
                    $_POST['oldcols'] .= ",hiddencolumn_" . substr($k, 7);
                    $allquicksearches[] = $v;
                }
            }
        }
        $qsearches = implode("&*=%4#", $allquicksearches);
        $savename = formulize_db_escape($savename);
        $savesearches = formulize_db_escape($_POST['asearch']);
        //print $_POST['asearch'] . "<br>";
        //print "$savesearches<br>";
        $qsearches = formulize_db_escape($qsearches);
        if ($frid) {
            $saveformframe = $frid;
            $savemainform = $fid;
        } else {
            $saveformframe = $fid;
            $savemainform = "";
        }
        if ($saveid_formulize == "new" or strstr($saveid_formulize, "old_")) {
            if ($saveid_formulize == "new") {
                $owneruid = $uid;
                $moduid = $uid;
            } else {
                // get existing uid
                $olduid = q("SELECT report_uid FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id = '" . substr($saveid_formulize, 5) . "'");
                $owneruid = $olduid[0]['report_uid'];
                $moduid = $uid;
            }
            $savesql = "INSERT INTO " . $xoopsDB->prefix("formulize_saved_views") . " (" . "sv_name, " . "sv_pubgroups, " . "sv_owner_uid, " . "sv_mod_uid, " . "sv_formframe, " . "sv_mainform, " . "sv_lockcontrols, " . "sv_hidelist, " . "sv_hidecalc, " . "sv_asearch, " . "sv_sort, " . "sv_order, " . "sv_oldcols, " . "sv_currentview, " . "sv_calc_cols, " . "sv_calc_calcs, " . "sv_calc_blanks, " . "sv_calc_grouping, " . "sv_quicksearches, " . "sv_global_search" . ") VALUES (" . "\"" . formulize_db_escape($savename) . "\", " . "\"" . formulize_db_escape($savegroups) . "\", " . "\"" . formulize_db_escape($owneruid) . "\", " . "\"" . formulize_db_escape($moduid) . "\", " . "\"" . formulize_db_escape($saveformframe) . "\", " . "\"" . formulize_db_escape($savemainform) . "\", " . "\"" . formulize_db_escape($_POST['savelock']) . "\", " . "\"" . formulize_db_escape($_POST['hlist']) . "\", " . "\"" . formulize_db_escape($_POST['hcalc']) . "\", " . "\"" . formulize_db_escape($savesearches) . "\", " . "\"" . formulize_db_escape($_POST['sort']) . "\", " . "\"" . formulize_db_escape($_POST['order']) . "\", " . "\"" . formulize_db_escape($_POST['oldcols']) . "\", " . "\"" . formulize_db_escape($_POST['savescope']) . "\", " . "\"" . formulize_db_escape($_POST['calc_cols']) . "\", " . "\"" . formulize_db_escape($_POST['calc_calcs']) . "\", " . "\"" . formulize_db_escape($_POST['calc_blanks']) . "\", " . "\"" . formulize_db_escape($_POST['calc_grouping']) . "\", " . "\"" . formulize_db_escape($qsearches) . "\", " . "\"" . formulize_db_escape($_POST['global_search']) . "\"  " . ")";
        } else {
            // print "UPDATE " . $xoopsDB->prefix("formulize_saved_views") . " SET sv_pubgroups=\"$savegroups\", sv_mod_uid=\"$uid\", sv_lockcontrols=\"{$_POST['savelock']}\", sv_hidelist=\"{$_POST['hlist']}\", sv_hidecalc=\"{$_POST['hcalc']}\", sv_asearch=\"$savesearches\", sv_sort=\"{$_POST['sort']}\", sv_order=\"{$_POST['order']}\", sv_oldcols=\"{$_POST['oldcols']}\", sv_currentview=\"{$_POST['savescope']}\", sv_calc_cols=\"{$_POST['calc_cols']}\", sv_calc_calcs=\"{$_POST['calc_calcs']}\", sv_calc_blanks=\"{$_POST['calc_blanks']}\", sv_calc_grouping=\"{$_POST['calc_grouping']}\", sv_quicksearches=\"$qsearches\" WHERE sv_id = \"" . substr($saveid_formulize, 1) . "\"";
            $savesql = "UPDATE " . $xoopsDB->prefix("formulize_saved_views") . " SET " . "sv_name \t\t\t= \"" . formulize_db_escape($savename) . "\", " . "sv_pubgroups \t\t= \"" . formulize_db_escape($savegroups) . "\", " . "sv_mod_uid \t\t= \"" . formulize_db_escape($uid) . "\", " . "sv_lockcontrols \t= \"" . formulize_db_escape($_POST['savelock']) . "\", " . "sv_hidelist \t\t= \"" . formulize_db_escape($_POST['hlist']) . "\", " . "sv_hidecalc \t\t= \"" . formulize_db_escape($_POST['hcalc']) . "\", " . "sv_asearch \t\t= \"" . formulize_db_escape($savesearches) . "\", " . "sv_sort \t\t\t= \"" . formulize_db_escape($_POST['sort']) . "\", " . "sv_order \t\t\t= \"" . formulize_db_escape($_POST['order']) . "\", " . "sv_oldcols \t\t= \"" . formulize_db_escape($_POST['oldcols']) . "\", " . "sv_currentview \t= \"" . formulize_db_escape($_POST['savescope']) . "\", " . "sv_calc_cols \t\t= \"" . formulize_db_escape($_POST['calc_cols']) . "\", " . "sv_calc_calcs \t\t= \"" . formulize_db_escape($_POST['calc_calcs']) . "\", " . "sv_calc_blanks \t= \"" . formulize_db_escape($_POST['calc_blanks']) . "\", " . "sv_calc_grouping \t= \"" . formulize_db_escape($_POST['calc_grouping']) . "\", " . "sv_quicksearches \t= \"" . formulize_db_escape($qsearches) . "\", " . "sv_global_search   = \"" . formulize_db_escape($_POST['global_search']) . "\"  " . " WHERE " . "sv_id = \"" . substr($saveid_formulize, 1) . "\"";
        }
        // save the report
        if (!($result = $xoopsDB->query($savesql))) {
            exit("Error:  unable to save the current view settings.  SQL dump: {$savesql}");
        }
        if ($saveid_formulize == "new" or strstr($saveid_formulize, "old_")) {
            if ($owneruid == $uid) {
                $loadedView = "s" . $xoopsDB->getInsertId();
            } else {
                $loadedView = "p" . $xoopsDB->getInsertId();
            }
        }
        $settings['loadedview'] = $loadedView;
        // delete legacy report if necessary
        if (strstr($saveid_formulize, "old_")) {
            $dellegacysql = "DELETE FROM " . $xoopsDB->prefix("formulize_reports") . " WHERE report_id=\"" . substr($saveid_formulize, 5) . "\"";
            if (!($result = $xoopsDB->query($dellegacysql))) {
                exit("Error:  unable to delete legacy report: " . substr($saveid_formulize, 5));
            }
        }
    }
    $forceLoadView = false;
    if ($screen) {
        $loadview = is_numeric($loadview) ? $loadview : $screen->getVar('defaultview');
        // flag the screen default for loading if no specific view has been requested
        if ($loadview == "mine" or $loadview == "group" or $loadview == "all" or $loadview == "blank" and (!isset($_POST['hlist']) and !isset($_POST['hcalc']))) {
            // only pay attention to the "blank" default list if we are on an initial page load, ie: no hcalc or hlist is set yet, and one of those is set on each page load hereafter
            $currentView = $loadview;
            // if the default is a standard view, then use that instead and don't load anything
            unset($loadview);
        } elseif ($_POST['userClickedReset']) {
            // only set if the user actually clicked that button, and in that case, we want to be sure we load the default as specified for the screen
            $forceLoadView = true;
        }
    }
    // set currentView to group if they have groupscope permission (overridden below by value sent from form)
    // override with loadview if that is specified
    if ($loadview and (!$_POST['currentview'] and $_POST['advscope'] == "" or $forceLoadView)) {
        if (substr($loadview, 0, 4) == "old_") {
            // this is a legacy view
            $loadview = "p" . $loadview;
        } elseif (is_numeric($loadview)) {
            // new view id
            $loadview = "p" . $loadview;
        } else {
            // new view name -- loading view by name -- note if two reports have the same name, then the first one created will be returned
            $viewnameq = q("SELECT sv_id FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_name='{$loadview}' ORDER BY sv_id");
            $loadview = "p" . $viewnameq[0]['sv_id'];
        }
        $_POST['currentview'] = $loadview;
        $_POST['loadreport'] = 1;
    } elseif ($view_globalscope and !$currentView) {
        $currentView = "all";
    } elseif ($view_groupscope and !$currentView) {
        $currentView = "group";
    } elseif (!$currentView) {
        $currentView = "mine";
    }
    // debug block to show key settings being passed back to the page
    /*
    	if($uid == 1) {
    	print "delview: " . $_POST['delview'] . "<br>";
    	print "advscope: " . $_POST['advscope'] . "<br>";
    	print "asearch: " . $_POST['asearch'] . "<br>";
    	print "Hidelist: " . $_POST['hlist'] . "<br>";
    	print "Hidecalc: " . $_POST['hcalc'] . "<br>";
    	print "Lock Controls: " . $_POST['lockcontrols'] . "<br>";
    	print "Sort: " . $_POST['sort'] . "<br>";
    	print "Order: " . $_POST['order'] . "<br>";
    	print	"Cols: " . $_POST['oldcols'] . "<br>";
    	print "Curview: " . $_POST['currentview'] . "<br>";
    	print "Calculation columns: " . $_POST['calc_cols'] . "<br>";
    	print "Calculation calcs: " . $_POST['calc_calcs'] . "<br>";
    	print "Calculation blanks: " . $_POST['calc_blanks'] . "<br>";
    	print "Calculation grouping: " . $_POST['calc_grouping'] . "<br>";
    	foreach($_POST as $k=>$v) {
    		if(substr($k, 0, 7) == "search_" AND $v != "") {
    			print "$k: $v<br>";
    		}
    	}
    	}*/
    // set flag to indicate whether we let the user's scope setting expand beyond their normal permission level (happens when unlocked published views are in effect)
    $currentViewCanExpand = false;
    // handling change in view, and loading reports/saved views if necessary
    if ($_POST['loadreport']) {
        if (substr($_POST['currentview'], 1, 4) == "old_") {
            // legacy report
            // load old report values and then assign them to the correct $_POST keys in order to present the view
            $loadedView = $_POST['currentview'];
            $settings['loadedview'] = $loadedView;
            // kill the quicksearches
            foreach ($_POST as $k => $v) {
                if (substr($k, 0, 7) == "search_" and $v != "") {
                    unset($_POST[$k]);
                }
            }
            list($_POST['currentview'], $_POST['oldcols'], $_POST['asearch'], $_POST['calc_cols'], $_POST['calc_calcs'], $_POST['calc_blanks'], $_POST['calc_grouping'], $_POST['sort'], $_POST['order'], $_POST['hlist'], $_POST['hcalc'], $_POST['lockcontrols']) = loadOldReport(substr($_POST['currentview'], 5), $fid, $view_groupscope);
        } elseif (is_numeric(substr($_POST['currentview'], 1))) {
            // saved or published view
            $loadedView = $_POST['currentview'];
            $settings['loadedview'] = $loadedView;
            // kill the quicksearches, unless we've found a special flag that will cause them to be preserved
            if (!isset($_POST['formulize_preserveQuickSearches']) and !isset($_GET['formulize_preserveQuickSearches'])) {
                foreach ($_POST as $k => $v) {
                    if (substr($k, 0, 7) == "search_" and $v != "") {
                        unset($_POST[$k]);
                    }
                }
            }
            list($_POST['currentview'], $_POST['oldcols'], $_POST['asearch'], $_POST['calc_cols'], $_POST['calc_calcs'], $_POST['calc_blanks'], $_POST['calc_grouping'], $_POST['sort'], $_POST['order'], $savedViewHList, $savedViewHCalc, $_POST['lockcontrols'], $quicksearches, $_POST['global_search']) = loadReport(substr($_POST['currentview'], 1), $fid, $frid);
            if (!isset($_POST['formulize_preserveListCalcPage']) and !isset($_GET['formulize_preserveListCalcPage'])) {
                $_POST['hlist'] = $savedViewHList;
                $_POST['hcalc'] = $savedViewHCalc;
            }
            // explode quicksearches into the search_ values
            $allqsearches = explode("&*=%4#", $quicksearches);
            $colsforsearches = explode(",", $_POST['oldcols']);
            for ($i = 0; $i < count($allqsearches); $i++) {
                if ($allqsearches[$i] != "") {
                    $_POST["search_" . str_replace("hiddencolumn_", "", dealWithDeprecatedFrameworkHandles($colsforsearches[$i], $frid))] = $allqsearches[$i];
                    // need to remove the hiddencolumn indicator if it is present
                    if (strstr($colsforsearches[$i], "hiddencolumn_")) {
                        unset($colsforsearches[$i]);
                        // remove columns that were added to the column list just so we would know the name of the hidden searches
                    }
                }
            }
            $_POST['oldcols'] = implode(",", $colsforsearches);
            // need to reconstruct this in case any columns were removed because of persistent searches on a hidden column
        }
        $currentView = $_POST['currentview'];
        // need to check that the user is allowed to have this scope, unless the view is unlocked
        // only works for the default levels of views, not specific group selections that a view might have...that would be more complicated and could be built in later
        if ($_POST['lockcontrols']) {
            if ($currentView == "all" and !$view_globalscope) {
                $currentView = "group";
            }
            if ($currentView == "group" and !$view_groupscope and !$view_globalscope) {
                $currentView = "mine";
            }
        }
        // must check for this and set it here, inside this section, where we know for sure that $_POST['lockcontrols'] has been set based on the database value for the saved view, and not anything else sent from the user!!!  Otherwise the user might be injecting a greater scope for themselves than they should have!
        $currentViewCanExpand = $_POST['lockcontrols'] ? false : true;
        // if the controls are not locked, then we can expand the view for the user so they can see things they wouldn't normally see
        // if there is a screen with a top template in effect, then do not lock the controls even if the saved view says we should.  Assume that the screen author has compensated for any permission issues.
        // we need to do this after rachetting down the visibility controls.  Fact is, controlling UI for users is one thing that we can trust the screen author to do, so we don't need to indicate that the controls are locked.  But we don't want the visibility to override what people can normally see, so we rachet that down above.
        if ($screen and $_POST['lockcontrols']) {
            if ($screen->getTemplate('toptemplate') != "") {
                $_POST['lockcontrols'] = 0;
            }
        }
    } elseif ($_POST['advscope'] and strstr($_POST['advscope'], ",")) {
        // looking for comma sort of means that we're checking that a valid advanced scope is being sent
        $currentView = $_POST['advscope'];
    } elseif ($_POST['currentview']) {
        // could have been unset by deletion of a view or something else, so we must check to make sure it exists before we override the default that was determined above
        if (is_numeric(substr($_POST['currentview'], 1))) {
            // a saved view was requested as the current view, but we don't want to load the entire thing....this means that we just want to use the view to generate the scope, we don't want to load all settings.  So we have to load the view, but discard everything but the view's currentview value
            // if we were supposed to load the whole thing, loadreport would have been set in post and the above code would have kicked in
            $loadedViewSettings = loadReport(substr($_POST['currentview'], 1), $fid, $frid);
            $currentview = $loadedViewSettings[0];
        } else {
            $currentView = $_POST['currentview'];
        }
    } elseif ($loadview) {
        $currentView = $loadview;
    }
    // get columns for this form/framework or use columns sent from interface
    // ele_handles for a form, handles for a framework, includes handles of all unified display forms
    if ($_POST['oldcols']) {
        $showcols = explode(",", $_POST['oldcols']);
    } else {
        // or use the defaults
        $showcols = getDefaultCols($fid, $frid);
    }
    if ($_POST['newcols']) {
        $temp_showcols = $_POST['newcols'];
        $showcols = explode(",", $temp_showcols);
    }
    // convert framework handles to element handles if necessary
    $showcols = dealWithDeprecatedFrameworkHandles($showcols, $frid);
    $showcols = removeNotAllowedCols($fid, $frid, $showcols, $groups);
    // converts old format metadata fields to new ones too if necessary
    // Create settings array to pass to form page or to other functions
    $settings['title'] = $displaytitle;
    // get export options
    if ($_POST['xport']) {
        $settings['xport'] = $_POST['xport'];
        if ($_POST['xport'] == "custom") {
            $settings['xport_cust'] = $_POST['xport_cust'];
        }
    }
    list($scope, $currentView) = buildScope($currentView, $member_handler, $gperm_handler, $uid, $groups, $fid, $mid, $currentViewCanExpand);
    // generate the available views
    // pubstart used to indicate to the delete button where the list of published views begins in the current view drop down (since you cannot delete published views)
    list($settings['viewoptions'], $settings['pubstart'], $settings['endstandard'], $settings['pickgroups'], $settings['loadviewname'], $settings['curviewid'], $settings['publishedviewnames']) = generateViews($fid, $uid, $groups, $frid, $currentView, $loadedView, $view_groupscope, $view_globalscope, $_POST['curviewid'], $loadOnlyView, $screen, $_POST['lastloaded']);
    // this param only used in case of loading of reports via passing in the report id or name through $loadview
    if ($_POST['loadviewname']) {
        $settings['loadviewname'] = $_POST['loadviewname'];
    }
    // if a view was loaded, then update the lastloaded value, otherwise preserve the previous value
    if ($settings['curviewid']) {
        $settings['lastloaded'] = $settings['curviewid'];
    } else {
        $settings['lastloaded'] = $_POST['lastloaded'];
    }
    // clear quick searches for any columns not included now
    // also, convert any { } terms to literal values for users who can't update other reports, if the last loaded report doesn't belong to them (they're presumably just report consumers, so they don't need to preserve the abstract terms)
    $hiddenQuickSearches = array();
    // array used to indicate quick searches that should be present even if the column is not displayed to the user
    foreach ($_POST as $k => $v) {
        if (substr($k, 0, 7) == "search_" and !in_array(substr($k, 7), $showcols)) {
            if (substr($v, 0, 1) == "!" and substr($v, -1) == "!") {
                // don't strip searches that have ! at front and back
                $hiddenQuickSearches[] = substr($k, 7);
                continue;
                // since the { } replacement is meant for the ease of use of non-admin users, and hiddenQuickSearches never show up to users on screen, we can skip the potentially expensive operations below in this loop
            } else {
                unset($_POST[$k]);
            }
        }
        // if this is not a report/view that was created by the user, and they don't have update permission, then convert any { } terms to literals
        // remove any { } terms that don't have a passed in value (so they appear as "" to users)
        // only deal with terms that start and end with { } and not ones where the { } terms is not the entire term
        if (is_string($v) and substr($v, 0, 1) == "{" and substr($v, -1) == "}" and substr($k, 0, 7) == "search_" and in_array(substr($k, 7), $showcols)) {
            $requestKeyToUse = substr($v, 1, -1);
            if (!strstr($requestKeyToUse, "}") and !strstr($requestKeyToUse, "{")) {
                // double check that there's no other { } in the term!
                $activeViewId = substr($settings['lastloaded'], 1);
                // will have a p in front of the number, to show it's a published view (or an s, but that's unlikely to ever happen in this case)
                $ownerOfLastLoadedViewData = q("SELECT sv_owner_uid FROM " . $xoopsDB->prefix("formulize_saved_views") . " WHERE sv_id=" . intval($activeViewId));
                $ownerOfLastLoadedView = $ownerOfLastLoadedViewData[0]['sv_owner_uid'];
                if (!$update_other_reports and $uid != $ownerOfLastLoadedView) {
                    if (isset($_POST[$requestKeyToUse])) {
                        $_POST[$k] = htmlspecialchars(strip_tags(trim($_POST[$requestKeyToUse])));
                    } elseif (isset($_GET[$requestKeyToUse])) {
                        $_POST[$k] = htmlspecialchars(strip_tags(trim($_GET[$requestKeyToUse])));
                    } elseif ($v == "{USER}" and $xoopsUser) {
                        $_POST[$k] = $xoopsUser->getVar('name') ? $xoopsUser->getVar('name') : $xoopsUser->getVar('uname');
                    } elseif (!strstr($v, "{BLANK}") and !strstr($v, "{TODAY") and !strstr($v, "{PERGROUPFILTER}") and !strstr($v, "{USER")) {
                        unset($_POST[$k]);
                        // clear terms where no match was found, because this term is not active on the current page, so don't confuse users by showing it
                    }
                }
            }
        }
    }
    $settings['currentview'] = $currentView;
    $settings['currentURL'] = $currentURL;
    // no need for both these values now, since framework handles are deprecated
    $settings['columns'] = $showcols;
    $settings['columnhandles'] = $showcols;
    $settings['hlist'] = $_POST['hlist'];
    $settings['hcalc'] = $_POST['hcalc'];
    // determine if the controls should really be locked...
    if ($_POST['lockcontrols']) {
        // if a view locks the controls
        // only lock the controls when the user is not a member of the currentview groups AND has no globalscope
        // OR if they are a member of the currentview groups AND has no groupscope or no globalscope
        switch ($currentView) {
            case "mine":
                $settings['lockcontrols'] = "";
                break;
            case "all":
                if ($view_globalscope) {
                    $settings['lockcontrols'] = "";
                } else {
                    $settings['lockcontrols'] = "1";
                }
                break;
            case "group":
                if ($view_groupscope or $view_globalscope) {
                    $settings['lockcontrols'] = "";
                } else {
                    $settings['lockcontrols'] = "1";
                }
                break;
            default:
                $viewgroups = explode(",", trim($currentView, ","));
                // get the groups that the current user has specified scope for, and if none, then look at view form
                $formulize_permHandler = new formulizePermHandler($fid);
                $groupsWithAccess = $formulize_permHandler->getGroupScopeGroupIds($groups);
                if ($groupsWithAccess === false) {
                    $groupsWithAccess = $gperm_handler->getGroupIds("view_form", $fid, $mid);
                    $groupsWithAccess = array_intersect($groups, $groupsWithAccess);
                    // limit to just the user's own groups that have this permission, since what we're checking of below is whether the user's groups with view form meet the condition or not
                }
                $diff = array_diff($viewgroups, $groupsWithAccess);
                if (!isset($diff[0]) and $view_groupscope) {
                    // if the scopegroups are completely included in the user's groups that have access to the form, and they have groupscope (ie: they would be allowed to see all these entries anyway)
                    $settings['lockcontrols'] = "";
                } elseif ($view_globalscope) {
                    // if they have global scope
                    $settings['lockcontrols'] = "";
                } else {
                    // no globalscope and even if they're a member of the scope for this view, they don't have groupscope
                    $settings['lockcontrols'] = "1";
                }
        }
    } else {
        $settings['lockcontrols'] = "";
    }
    $settings['asearch'] = $_POST['asearch'];
    if ($_POST['asearch']) {
        $as_array = explode("/,%^&2", $_POST['asearch']);
        foreach ($as_array as $k => $one_as) {
            $settings['as_' . $k] = $one_as;
        }
    }
    $settings['oldcols'] = implode(",", $showcols);
    $settings['ventry'] = $_POST['ventry'];
    // get sort and order options
    $_POST['sort'] = dealWithDeprecatedFrameworkHandles($_POST['sort'], $frid);
    $settings['sort'] = $_POST['sort'];
    $settings['order'] = $_POST['order'];
    //get all submitted search text
    foreach ($_POST as $k => $v) {
        if (substr($k, 0, 7) == "search_" and $v != "") {
            $thiscol = substr($k, 7);
            $searches[$thiscol] = $v;
            $temp_key = "search_" . $thiscol;
            $settings[$temp_key] = $v;
        }
    }
    // get the submitted global search text
    $settings['global_search'] = $_POST['global_search'];
    // get all requested calculations...assign to settings array.
    $settings['calc_cols'] = $_POST['calc_cols'];
    $settings['calc_calcs'] = $_POST['calc_calcs'];
    $settings['calc_blanks'] = $_POST['calc_blanks'];
    $settings['calc_grouping'] = $_POST['calc_grouping'];
    // grab all the locked columns so we can persist them
    if (strstr($_POST['formulize_lockedColumns'], ",")) {
        $settings['lockedColumns'] = array_unique(explode(",", trim($_POST['formulize_lockedColumns'], ",")));
    } elseif (strlen($_POST['formulize_lockedColumns']) > 0) {
        $settings['lockedColumns'] = array(intval($_POST['formulize_lockedColumns']));
    } else {
        $settings['lockedColumns'] = array();
    }
    // set the requested procedure, if any
    $settings['advcalc_acid'] = strip_tags(htmlspecialchars($_POST['advcalc_acid']));
    formulize_addProcedureChoicesToPost($settings['advcalc_acid']);
    // gather id of the cached data, if any
    $settings['formulize_cacheddata'] = strip_tags($_POST['formulize_cacheddata']);
    // process a clicked custom button
    // must do this before gathering the data!
    $messageText = "";
    if (isset($_POST['caid']) and $screen and $formulize_LOESecurityPassed) {
        $customButtonDetails = $screen->getVar('customactions');
        if (is_numeric($_POST['caid']) and isset($customButtonDetails[$_POST['caid']])) {
            list($caCode, $caElements, $caActions, $caValues, $caMessageText, $caApplyTo, $caPHP, $caInline) = processCustomButton($_POST['caid'], $customButtonDetails[$_POST['caid']]);
            // just processing to get the info so we can process the click.  Actual output of this button happens lower down
            $messageText = processClickedCustomButton($caElements, $caValues, $caActions, $caMessageText, $caApplyTo, $caPHP, $caInline);
        }
    }
    if ($_POST['ventry']) {
        // user clicked on a view this entry link
        include_once XOOPS_ROOT_PATH . '/modules/formulize/include/formdisplay.php';
        if ($_POST['ventry'] == "addnew" or $_POST['ventry'] == "single") {
            $this_ent = "";
        } elseif ($_POST['ventry'] == "proxy") {
            $this_ent = "proxy";
        } else {
            $this_ent = $_POST['ventry'];
        }
        if ($screen and $screen->getVar("viewentryscreen") != "none" and $screen->getVar("viewentryscreen") or $_POST['overridescreen']) {
            if (strstr($screen->getVar("viewentryscreen"), "p")) {
                // if there's a p in the specified viewentryscreen, then it's a pageworks page -- added April 16 2009 by jwe
                $page = intval(substr($screen->getVar("viewentryscreen"), 1));
                include XOOPS_ROOT_PATH . "/modules/pageworks/index.php";
                return;
            } else {
                $screen_handler = xoops_getmodulehandler('screen', 'formulize');
                if ($_POST['overridescreen']) {
                    $screenToLoad = intval($_POST['overridescreen']);
                } else {
                    $screenToLoad = intval($screen->getVar('viewentryscreen'));
                }
                $viewEntryScreenObject = $screen_handler->get($screenToLoad);
                if ($viewEntryScreenObject->getVar('type') == "listOfEntries") {
                    exit("You're sending the user to a list of entries screen instead of some kind of form screen, when they're editing an entry.  Check what screen is defined as the screen to use for editing an entry, or what screen id you're using in the viewEntryLink or viewEntryButton functions in the template.");
                }
                $viewEntryScreen_handler = xoops_getmodulehandler($viewEntryScreenObject->getVar('type') . 'Screen', 'formulize');
                $displayScreen = $viewEntryScreen_handler->get($viewEntryScreenObject->getVar('sid'));
                if ($displayScreen->getVar('type') == "form") {
                    if ($_POST['ventry'] != "single") {
                        $displayScreen->setVar('reloadblank', 1);
                        // if the user clicked the add multiple button, then specifically override that screen setting so they can make multiple entries
                    } else {
                        $displayScreen->setVar('reloadblank', 0);
                        // otherwise, if they did click the single button, make sure the form reloads with their entry
                    }
                }
                $viewEntryScreen_handler->render($displayScreen, $this_ent, $settings);
                global $renderedFormulizeScreen;
                // picked up at the end of initialize.php so we set the right info in the template when the whole page is rendered
                $renderedFormulizeScreen = $displayScreen;
                return;
            }
        } else {
            if ($_POST['ventry'] != "single") {
                if ($frid) {
                    displayForm($frid, $this_ent, $fid, $currentURL, "", $settings, "", "", "", "", $viewallforms);
                    // "" is the done text
                    return;
                } else {
                    displayForm($fid, $this_ent, "", $currentURL, "", $settings, "", "", "", "", $viewallforms);
                    // "" is the done text
                    return;
                }
            } else {
                // if a single entry was requested for a form that can have multiple entries, then specifically override the multiple entry UI (which causes a blank form to appear on save)
                if ($frid) {
                    displayForm($frid, $this_ent, $fid, $currentURL, "", $settings, "", "", "1", "", $viewallforms);
                    // "" is the done text
                    return;
                } else {
                    displayForm($fid, $this_ent, "", $currentURL, "", $settings, "", "", "1", "", $viewallforms);
                    // "" is the done text
                    return;
                }
            }
        }
        // end of "if there's a viewentryscreen, then show that"
    }
    // check if we're coming back from a page where a form entry was saved, and if so, synch any subform blanks that might have been written on this page load, synch them with the mainform entry that was written
    $formToSynch = isset($_POST['primaryfid']) ? intval($_POST['primaryfid']) : 0;
    if ($formToSynch) {
        if (isset($_POST['entry' . $formToSynch]) and $enryToSynch = $_POST['entry' . $formToSynch]) {
            synchSubformBlankDefaults($formToSynch, $entryToSynch);
        }
    }
    include_once XOOPS_ROOT_PATH . "/modules/formulize/include/extract.php";
    // create $data and $wq (writable query)
    formulize_benchmark("before gathering dataset");
    list($data, $wq, $regeneratePageNumbers) = formulize_gatherDataSet($settings, $searches, strip_tags($_POST['sort']), strip_tags($_POST['order']), $frid, $fid, $scope, $screen, $currentURL, intval($_POST['forcequery']));
    formulize_benchmark("after gathering dataset/before generating calcs");
    if ($settings['calc_cols'] and !$settings['hcalc']) {
        //formulize_benchmark("before performing calcs");
        $ccols = explode("/", $settings['calc_cols']);
        $ccalcs = explode("/", $settings['calc_calcs']);
        $cblanks = explode("/", $settings['calc_blanks']);
        $cgrouping = explode("/", $settings['calc_grouping']);
        $cResults = performCalcs($ccols, $ccalcs, $cblanks, $cgrouping, $frid, $fid);
    }
    //formulize_benchmark("after performing calcs");
    formulize_benchmark("after generating calcs/before creating pagenav");
    $formulize_LOEPageNav = formulize_LOEbuildPageNav($data, $screen, $regeneratePageNumbers);
    formulize_benchmark("after nav/before interface");
    $formulize_buttonCodeArray = array();
    list($formulize_buttonCodeArray) = drawInterface($settings, $fid, $frid, $groups, $mid, $gperm_handler, $loadview, $loadOnlyView, $screen, $searches, $formulize_LOEPageNav, $messageText, $hiddenQuickSearches);
    // if there is messageText and no custom top template, and no messageText variable in the bottom template, then we have to output the message text here
    if ($screen and $messageText) {
        if (trim($screen->getTemplate('toptemplate')) == "" and !strstr($screen->getTemplate('bottomtemplate'), 'messageText')) {
            print "<p><center><b>{$messageText}</b></center></p>\n";
        }
    }
    formulize_benchmark("before entries");
    drawEntries($fid, $showcols, $searches, $frid, $scope, "", $currentURL, $gperm_handler, $uid, $mid, $groups, $settings, $member_handler, $screen, $data, $wq, $regeneratePageNumbers, $hiddenQuickSearches, $cResults);
    // , $loadview); // -- loadview not passed any longer since the lockcontrols indicator is used to handle whether things should appear or not.
    formulize_benchmark("after entries");
    if ($screen) {
        formulize_screenLOETemplate($screen, "bottom", $formulize_buttonCodeArray, $settings);
    } else {
        print $formulize_LOEPageNav;
        // redraw page numbers if there is no screen in effect
    }
    if (isset($formulize_buttonCodeArray['submitButton'])) {
        // if a custom top template was in effect, this will have been sent back, so now we display it at the very bottom of the form so it doesn't take up a visible amount of space above (the submitButton is invisible, but does take up space)
        print "<p class=\"formulize_customTemplateSubmitButton\">" . $formulize_buttonCodeArray['submitButton'] . "</p>";
    }
    print "</form>\n";
    // end of the form started in drawInterface
    print "</div>\n";
    // end of the listofentries div, used to call up the working message when the page is reloading, started in drawInterface
}
Example #11
0
<?php

include_once "header.php";
include_once "db.php";
include_once "dertyn.php";
$id = $_GET['number'];
$type = $_GET['type'];
if (!$_POST['checksubmit'] && checkCookie()) {
    showDelform($id, $type);
} else {
    if ($_POST['checksubmit'] && checkCookie()) {
        deleteEntry($_POST['id'], $_POST['type']);
    } else {
        echo "please <a href='login.php'>login</a> in order to delete entries!";
    }
}
?>

<?php 
include_once "footer.php";
?>

Example #12
0
    (at your option) any later version.
    PHPTab is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.
    You should have received a copy of the GNU General Public License
    along with PHPTab; if not, write to the Free Software
    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/
# 1 = delete entry
# 2 = record entry
# 3 = deactivate a given target
# 4 = create a person
# 5 = create a macro
if (isset($_POST['sub'])) {
    if ($_POST["sub"] == 1 && deleteEntry($_POST["debtentryid"])) {
        # deleted
        $message = "Deleted OK!";
        $message_type = "success";
        $destination = "mainpage";
    } elseif ($_POST["sub"] == 1) {
        # couldn't delete
        $message = "NOT Deleted!";
        $message_type = "error";
        $destination = "mainpage";
    } elseif ($_POST["sub"] == 2 && recordEntry($_POST["date"], $_POST["fromid"], $_POST["toid"], $_POST["category"], $_POST["comment"], $_POST["amount"])) {
        # recorded
        $message = "Recorded OK!";
        $message_type = "success";
        $destination = "mainpage";
    } elseif ($_POST["sub"] == 2) {
$page = 'kbentries';
$var_staffid = $_SESSION["sess_staffid"];
if ($_POST["postback"] == "D") {
    deleteEntry(mysql_real_escape_string($_POST["id"]));
    $var_message = MESSAGE_RECORD_DELETED;
    $flag_msg = 'class="msg_success"';
} elseif ($_POST["postback"] == "DA") {
    $var_list = "";
    for ($i = 0; $i < count($_POST["chk"]); $i++) {
        $var_list .= "'" . mysql_real_escape_string($_POST["chk"][$i]) . "',";
    }
    $var_list = substr($var_list, 0, -1);
    $arr = explode(",", $var_list);
    for ($i = 0; $i < count($arr); $i++) {
        deleteEntry($arr[$i]);
    }
    $var_message = MESSAGE_RECORD_DELETED;
    $flag_msg = 'class="msg_success"';
}
if ($_GET["mt"] == "y") {
    $var_numBegin = $_GET["numBegin"];
    $var_start = $_GET["start"];
    $var_begin = $_GET["begin"];
    $var_num = $_GET["num"];
    $var_styleminus = $_GET["styleminus"];
    $var_stylename = $_GET["stylename"];
    $var_styleplus = $_GET["styleplus"];
} elseif ($_POST["mt"] == "y") {
    $var_numBegin = $_POST["numBegin"];
    $var_start = $_POST["start"];
Example #14
0
<?php

include "base.php";
$id = $_POST['linkID'];
deleteEntry($id);
deleteConnections($id);
Example #15
0
function DeleteDownload()
{
    global $boarddir, $user_info, $smcFunc, $sourcedir, $adkFolder;
    //Check the session
    checkSession('get');
    if (!empty($_REQUEST['id']) && is_numeric($_REQUEST['id'])) {
        $id = (int) $_REQUEST['id'];
    } else {
        fatal_lang_error('adkfatal_require_id_file', false);
    }
    //Select some important info
    $sql = $smcFunc['db_query']('', '
		SELECT id_cat, id_member, id_topic
		FROM {db_prefix}adk_down_file
		WHERE id_file = {int:file}', array('file' => $id));
    $row = $smcFunc['db_fetch_assoc']($sql);
    $id_cat = $row['id_cat'];
    $id_topic = $row['id_topic'];
    $smcFunc['db_free_result']($sql);
    //mmm May be you don't have the right permissions to delete this.
    if ($user_info['id'] != $row['id_member'] && !allowedTo('adk_downloads_manage')) {
        fatal_lang_error('adkfatal_not_permission', false);
    }
    //Delete entry from adk_down_file
    deleteEntry('adk_down_file', 'id_file = {int:file}', array('file' => $id));
    //Let's load filenames
    $sql = $smcFunc['db_query']('', '
		SELECT filename FROM {db_prefix}adk_down_attachs
		WHERE id_file = {int:file}', array('file' => $id));
    //Unlink if file_exists
    while ($row = $smcFunc['db_fetch_assoc']($sql)) {
        if (file_exists($adkFolder['eds'] . '/' . $row['filename'])) {
            @unlink($adkFolder['eds'] . '/' . $row['filename']);
        }
    }
    //Delete attachs
    deleteEntry('adk_down_attachs', 'id_file = {int:file}', array('file' => $id));
    //Delete topic
    if (!empty($id_topic)) {
        //Load Main File to removeTopic
        require_once $sourcedir . '/RemoveTopic.php';
        //Ajam.... it's done
        removeTopics(array($id_topic));
    }
    //Update category
    TotalCategoryUpdate($id_cat);
    redirectexit('action=downloads;cat=' . $id_cat);
}
Example #16
0
                        <a id="display_table" type="button" class="btn btn-success" href="history.php">Go to history</a>
                    </div>
                </div>
            </div>
        </nav>

        <div class="container-fluid">
            <div class="row">
                <?php 
//If the history ID is set, delete the relevant entries in the database using that history ID
$history_id = htmlspecialchars(filter_input(INPUT_GET, 'id', FILTER_SANITIZE_STRING));
if (isset($history_id)) {
    require 'lib.php';
    require_once 'database.ini';
    $connection = connectToDb();
    if (deleteEntry($connection, $history_id)) {
        echo '<div class="row text-center h2 alert alert-success" role="alert">Successfully deleted.</div>';
    } else {
        echo '<div class="row text-center h2 alert alert-danger" role="alert">There was a problem deleting the entry!</div>';
    }
} else {
    echo 'Please make sure parameters are set!';
}
$connection = null;
?>
            </div>
        </div>

        <!--Required files for Bootstrap, IE10 workaround and Datatables-->
        <script src="resources/js/jquery.min.js"></script>
        <script src="resources/js/bootstrap.min.js"></script>
Example #17
0
}
/* </functions> */
$action = Functions::get('action');
Functions::checkRights(__FILE__, $action, Functions::get('token'));
switch ($action) {
    case 'fields_info':
        $data = infoFields();
        break;
    case 'new':
        $data = addEntry();
        break;
    case 'update':
        $data = updateEntry(Functions::get('id'));
        break;
    case 'info':
        $data = infoEntry(Functions::get('id'));
        break;
    case 'delete':
        $data = deleteEntry(Functions::get('id'));
        break;
    case 'customer_history':
        $data = getCustomerHistory(Functions::get('id'));
        break;
    case 'list':
        $data = listEntries();
        break;
    default:
        Functions::setResponse(400);
}
/* </controller> */
loadview('json', $data);
Example #18
0
require_login($course, true, $cm);
/*don't understand event - why should i trigger an event
 * nobody could have registered so far 
 * maybe trigger leads to some logging - could be, there are controverse discussions
 * about Event2 */
$event = \mod_resop\event\course_module_viewed::create(array('objectid' => $PAGE->cm->instance, 'context' => $PAGE->context));
$event->add_record_snapshot('course', $PAGE->course);
$event->add_record_snapshot($PAGE->cm->modname, $resop);
$event->trigger();
//----------------------------------------------------
$context = context_module::instance($cm->id);
//glossary uses a session key - should I add one too?
if (has_capability('mod/resop:book', $context)) {
    $urlparams['action'] = $urlparams['fromAction'];
    if ($confirm == 1) {
        deleteEntry($urlparams);
        unset($urlparams['delId']);
        unset($urlparams['fromAction']);
        $url = new moodle_url('view.php', $urlparams);
        redirect($url);
        //todo
    } else {
        outputIntro($url, $course, $cm, $resop);
        //todo url bauen
        $linkyes = 'delete.php';
        $optionsyes = $urlparams;
        //should be a copy
        $optionsyes['confirm'] = 1;
        $linkno = 'view.php';
        echo $OUTPUT->confirm(get_string('confirmdelete', 'resop'), new moodle_url($linkyes, $optionsyes), new moodle_url($linkno, $urlparams));
        echo $OUTPUT->box_end();
Example #19
0
<?php

if (!defined("IN_MOD")) {
    die("Nah, I won't serve that file to you.");
}
if (isset($_GET['b'])) {
    deleteEntry($conn, 1, $_GET['b']);
    ?>

<?php 
    $mitsuba->admin->ui->startSection($lang['mod/post_deleted']);
    ?>

<a href="?/news"><?php 
    echo $lang['mod/back'];
    ?>
</a><?php 
    $mitsuba->admin->ui->endSection();
    ?>

		<?php 
}
Example #20
0
<?php

session_start();
if (isset($_SESSION['loggedin']) && $_SESSION['loggedin'] == 1) {
    include_once 'inc/functions.inc.php';
    include_once 'inc/db.inc.php';
    $db = new PDO(DB_INFO, DB_USER, DB_PASS);
    if (isset($_GET['page'])) {
        $page = htmlentities(strip_tags($_GET['page']));
    } else {
        $page = 'blog';
    }
    if (isset($_POST['action']) && $_POST['action'] == 'delete') {
        if ($_POST['submit'] == 'Yes') {
            $url = htmlentities(strip_tags($_POST['url']));
            if (deleteEntry($db, $url)) {
                header("Location: /simple_blog/");
                exit;
            } else {
                exit("Error deleting Entry");
            }
        } else {
            header("Location: /simple_blog/blog/{$url}");
            exit;
        }
    }
    if (isset($_GET['url'])) {
        $url = htmlentities(strip_tags($_GET['url']));
        $legend = "Edit this Entry";
        if ($page == 'delete') {
            $confirm = confirmDelete($db, $url);
function DeleteImagesAdk()
{
    checkSession('get');
    global $smcFunc, $context, $boarddir, $boardurl;
    $id = !empty($_REQUEST['id']) ? (int) $_REQUEST['id'] : 0;
    if (!empty($_REQUEST['url2'])) {
        $url = CleanAdkStrings($_REQUEST['url2']);
    } else {
        fatal_lang_error('adkfatal_require_url', false);
    }
    $url = str_replace($boardurl, $boarddir, $url);
    @chmod($url, 0755);
    @unlink($url);
    //Delete this entry
    deleteEntry('adk_advanced_images', 'id = {int:id}', array('id' => $id));
    redirectexit('action=admin;area=modules;sa=manageimagesadk;' . $context['session_var'] . '=' . $context['session_id']);
}
function showdeletenews()
{
    global $db_prefix, $scripturl, $smcFunc;
    checkSession('get');
    if (!empty($_REQUEST['del']) && is_numeric($_REQUEST['del'])) {
        $id_new = (int) $_REQUEST['del'];
    } else {
        $id_new = 0;
    }
    $smcFunc['db_query']('', '
		UPDATE {db_prefix}topics
		SET id_new = {int:zero}
		WHERE id_new = {int:id_new}', array('zero' => 0, 'id_new' => $id_new));
    //Delete
    deleteEntry('adk_news', 'id = {int:id}', array('id' => $id_new));
    redirectexit('portal');
}
$prepare_change = $_REQUEST['prepare_change'];
$NAME = $_REQUEST['NAME'];
$FIRSTNAME = $_REQUEST['FIRSTNAME'];
$PHONE = $_REQUEST['PHONE'];
$ACCOUNT = $_REQUEST['ACCOUNT'];
$TYPE = $_REQUEST['TYPE'];
$ID = $_REQUEST['ID'];
$status = $_REQUEST['status'];
$text = "No action requested.<p>&nbsp;</p>";
if (isset($perform)) {
    if (!empty($perform)) {
        if (!strcmp($perform, "add")) {
            $text = "<p>" . addEntry() . "</p>";
        }
        if (!strcmp($perform, "delete")) {
            $text = "<p>" . deleteEntry() . "</p>";
        }
        if (!strcmp($perform, "change")) {
            $text = "<p>" . changeEntry() . "</p>";
        }
    }
}
if (isset($status)) {
    if (!empty($status)) {
        $text = "<p>" . $status . "</p>" . $text;
    }
}
/* !--

END processing
Example #24
0
<?php

include_once "header.php";
include_once "db.php";
include_once "mindoflib.php";
$id = $_GET['number'];
if (!stripslashes($_POST['checksubmit']) && checkCookie()) {
    showDelform($id);
} else {
    if (stripslashes($_POST['checksubmit']) && checkCookie()) {
        deleteEntry(stripslashes($_POST['id']));
    } else {
        echo "please <a href='login.php'>login</a> in order to delete entries!";
    }
}
?>

<?php 
include_once "footer.php";
?>

function AdkDownloadDeleteCategory()
{
    global $context, $smcFunc, $boarddir, $adkFolder;
    //Check the session
    checkSession('get');
    //Get id_cat
    if (!empty($_REQUEST['id']) && is_numeric($_REQUEST['id'])) {
        $id_cat = (int) $_REQUEST['id'];
    } else {
        fatal_lang_error('adkfatal_invalid_id_category', false);
    }
    //Get All id_files of this category
    $sql = $smcFunc['db_query']('', '
		SELECT id_file FROM {db_prefix}adk_down_file
		WHERE id_cat = {int:cat}', array('cat' => $id_cat));
    while ($row = $smcFunc['db_fetch_assoc']($sql)) {
        $files[] = $row['id_file'];
    }
    $smcFunc['db_free_result']($sql);
    //Get all attachments... and delete it (if this category has a download
    if (!empty($files)) {
        $get = $smcFunc['db_query']('', 'SELECT filename FROM {db_prefix}adk_down_attachs WHERE id_file IN ({array_int:file})', array('file' => $files));
        while ($row = $smcFunc['db_fetch_assoc']($get)) {
            if (file_exists($adkFolder['eds'] . '/' . $row['filename'])) {
                @unlink($adkFolder['eds'] . '/' . $row['filename']);
            }
        }
        $smcFunc['db_free_result']($get);
        //Delete attachs
        deleteEntry('adk_down_attachs', 'id_file IN ({array_int:files})', array('files' => $files));
        //Delete downloads
        deleteEntry('adk_down_file', 'id_cat = {int:cat}', array('cat' => $id_cat));
    }
    //Update row orders
    $sql = $smcFunc['db_query']('', 'SELECT roworder FROM {db_prefix}adk_down_cat WHERE id_cat = {int:cat}', array('cat' => $id_cat));
    list($roworder) = $smcFunc['db_fetch_row']($sql);
    $smcFunc['db_free_result']($sql);
    $smcFunc['db_query']('', 'UPDATE {db_prefix}adk_down_cat SET roworder = roworder - 1 WHERE roworder > {int:roworder}', array('roworder' => $roworder));
    //Finally... delete category
    deleteEntry('adk_down_cat', 'id_cat = {int:cat}', array('cat' => $id_cat));
    //Set an error of this categorys
    setCategoryError($id_cat);
    redirectexit('action=admin;area=adkdownloads;sa=allcategories;' . $context['session_var'] . '=' . $context['session_id']);
}