Example #1
0
    public function actionEdit()
    {
        $validateScript = <<<VALSCRIPT
\t<script type="text/javascript">
\tfunction trim(str)
\t\t{
\t\t\t return str.replace(/^\\s+|\\s+\$/g, '');
\t\t}

\tfunction validate_empty()
\t\t{
\t\t\tvar empty = 0;
\t\t\tvar title = trim(document.AddNews.title.value);
\t\t\tvar feed  = trim(document.AddNews.feed.value);
\t
\t\t\tif(title.length == 0)
\t\t\t\t{
\t\t\t\t\tempty++;
\t\t\t\t\talert("The title should not be left blank");
\t\t\t\t\tdocument.AddNews.title.focus();
\t\t\t\t}
\t\t\telse if(feed.length == 0)
\t\t\t\t{
\t\t\t\t\tempty++;
\t\t\t\t\talert("Enter a Description of the News");
\t\t\t\t\tdocument.AddNews.feed.focus();
\t\t\t\t}
\t\t\treturn (empty == 0);
\t\t}
\t</script>
VALSCRIPT;
        if (isset($_GET['subaction'])) {
            global $ICONS;
            if (isset($_GET['newsid']) && ctype_digit($_GET['newsid'])) {
                if ($_GET['subaction'] == 'deletenews') {
                    $query1 = "SELECT * FROM `news_data` WHERE `news_id`='" . escape($_GET['newsid']) . "' AND `page_modulecomponentid` = '{$this->moduleComponentId}'";
                    $result = mysql_query($query1);
                    $row = mysql_fetch_assoc($result);
                    $query = "DELETE FROM `news_data` WHERE `news_id`='" . escape($_GET['newsid']) . "' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                    $result = mysql_query($query);
                    displayinfo('News feed has been successfully deleted.');
                } elseif ($_GET['subaction'] == 'editnews') {
                    $query = "SELECT * FROM `news_data` WHERE `news_id`='" . escape($_GET['newsid']) . "' AND `page_modulecomponentid` = '{$this->moduleComponentId}'";
                    $result = mysql_query($query);
                    $row = mysql_fetch_assoc($result);
                    $editForm = <<<EDITFORM
\t\t\t\t\t\t{$validateScript}
\t\t\t\t\t \t<fieldset><legend>{$ICONS['News Edit']['small']} Edit News<legend><form name="AddNews" action="./+edit" method="POST" onsubmit="return validate_empty();">
\t\t\t\t\t\t\tTitle of News Item  <input type="text" name="title" id="title" size="50" value="{$row['news_title']}"><br /><br />
\t\t\t\t\t\t\tNews Description  <br><textarea name="feed" id="feed" cols="50" rows="10">{$row['news_feed']}</textarea><br />
\t\t\t\t\t\t\tRank/Importance of Feed  <input type="text" name="rank" size="10" value="{$row['news_rank']}" /><br /><br />
\t\t\t\t\t\t\tRelative link  <input type="text" name="link" size=40 value="{$row['news_link']}" ><br><br>
\t\t\t\t\t\t\t<input type="submit" value="Save Changes" name="btnSaveChanges"/>
\t\t\t\t\t\t\t<input type="hidden" name="newsid" value="{$row['news_id']}" />
\t\t\t\t  \t</form></fieldset>
EDITFORM;
                    return $editForm;
                }
            } elseif ($_GET['subaction'] == 'addnews') {
                if (isset($_POST['btnAddNews'])) {
                    $query1 = "SELECT MAX(`news_id`) FROM `news_data` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
                    $result = mysql_query($query1);
                    $resultArray = mysql_fetch_row($result);
                    $news_id = 1;
                    if (!is_null($resultArray[0])) {
                        $news_id = $resultArray[0] + 1;
                    }
                    $query2 = "INSERT INTO `news_data` (`page_modulecomponentid`, `news_id`, `news_title`, `news_feed`, `news_rank`,`news_link`) VALUES('{$this->moduleComponentId}','{$news_id}','" . escape($_POST['title']) . "','" . escape($_POST['feed']) . "','" . escape($_POST['rank']) . "','" . escape($_POST['link']) . "')";
                    $result = mysql_query($query2) or die(mysql_error() . '<br />' . $query2);
                } else {
                    $addnews = <<<NEWS
{$validateScript}
<fieldset><legend>{$ICONS['News Add']['small']} Add News<legend>
<form name="AddNews" action="./+edit&subaction=addnews" method="POST" onsubmit="return validate_empty()">
\t\t\t\t\t\t\t\tTitle of News Item  <input type="text" name="title" id="title" size=50 /><br><br>
\t\t\t\t\t\t\t\tNews Description  <br><textarea name="feed" id="feed" cols="50" rows="10"> </textarea><br>
\t\t\t\t\t\t\t\tRank/Importance of Feed <input type="text" name="rank" size=10 /><br><br>' .
\t\t\t\t\t\t\t\t\t\t'Relative link  <input type="text" name="link" size=40 /><br><br>
\t\t\t\t\t\t\t\t<input type="submit" name="btnAddNews" value="Submit News Feed" />
\t\t\t\t\t\t\t\t</form></fieldset>
NEWS;
                    return $addnews;
                }
            }
        } elseif (isset($_POST['btnSaveChanges']) && isset($_POST['newsid'])) {
            $query = "UPDATE `news_data` SET `news_title`='" . escape($_POST['title']) . "',`news_feed`='" . escape($_POST['feed']) . "',`news_rank`='" . escape($_POST['rank']) . "',`news_link`='" . escape($_POST['link']) . "' WHERE `news_id`='" . escape($_POST['newsid']) . "' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
            $result = mysql_query($query);
            displayinfo("News feed has been successfully updated.");
        }
        if (isset($_POST['btnNewsPropSave'])) {
            $query = "UPDATE `news_desc` SET `news_title` = '" . escape($_POST['news_title']) . "', `news_description`='" . escape($_POST['news_desc']) . "', `news_link`='" . escape($_POST['news_link']) . "', `news_copyright`='" . escape($_POST['news_copyright']) . "' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'";
            if (mysql_query($query)) {
                displayinfo("News Page Properties has been successfully updated.");
            } else {
                displayerror("There has been some error in updating Properties.");
            }
        }
        $query = "SELECT * FROM `news_data` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' ORDER BY `news_rank`,`news_id`";
        $result = mysql_query($query);
        $descResult = mysql_fetch_assoc(mysql_query("SELECT * FROM `news_desc` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'"));
        $rowCount = mysql_num_rows($result);
        global $ICONS;
        $news = "<form method=POST action='./+edit'>";
        $news .= "<table width=100%><tr><td>Title:</td><td><input name='news_title' type='text' value='{$descResult['news_title']}'></td></tr>";
        $news .= "<tr><td>Description:</td><td><textarea name='news_desc'>{$descResult['news_description']}</textarea></td></tr>";
        $news .= "<tr><td>Link:</td><td><input name='news_link' type='text' value='{$descResult['news_link']}'></td></tr>";
        $news .= "<tr><td>Copyright:</td><td><textarea name='news_copyright'>{$descResult['news_copyright']}</textarea></td></tr>";
        $news .= "<tr><td></td><td><input type='submit' value='Save' name='btnNewsPropSave'></td></tr></table>";
        $news .= "</form>";
        $news .= "<fieldset><legend>{$ICONS['News Edit']['small']} Edit News<legend><form name=\"newsedit\" action=\"./+edit\" method=\"POST\">";
        $news .= <<<CHECKDEL
\t\t<script language="javascript">

\t\t\tfunction checkDelete(butt,fileDel) {
\t\t\t\tif(confirm('Are you sure you want to delete news id'+fileDel+'?')) {
\t\t\t\t\twindow.location+= '&subaction=deletenews&newsid='+fileDel;
\t\t\t\t}
\t\t\t\telse
\t\t\t\t\treturn false;
\t\t\t}
\t    </script>

CHECKDEL;
        global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder;
        $editImage = "<img style=\"padding:0px\" src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/apps/accessories-text-editor.png\" alt=\"Edit\" />";
        $deleteImage = "<img style=\"padding:0px\" src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Delete\" />";
        $news .= "<table frame=\"vsides\" border=\"1\" width=\"100%\">";
        $news .= "<tr><th>Sl. No.</th><th>Edit</th><th>Delete</th><th>News ID</th><th>Title</th><th>Feed</th><th>Rank</th><th>Date</th><th>Link</th></tr>";
        $i = 1;
        while ($row = mysql_fetch_assoc($result)) {
            $news .= '<tr align="center"><td>' . $i . '</td><td><a href="./+edit&subaction=editnews&newsid=' . $row['news_id'] . '">' . $editImage . '</a></td>' . '<td><a onclick="return checkDelete(this, \'' . $row['news_id'] . '\');" >' . $deleteImage . '</a></td>';
            $news .= "<td>{$row['news_id']}</td><td>{$row['news_title']}</td><td>{$row['news_feed']}</td><td>{$row['news_rank']}</td><td>{$row['news_date']}</td><td><a href=\"{$row['news_link']}\">{$row['news_link']}</a></td></tr>\n";
            ++$i;
        }
        $news .= <<<END
</table>
<br /><input type=button value='Add News' onClick='window.location="./+edit&subaction=addnews"'> <input type=button value='View News' onClick='window.location="./+view"'></form></fieldset>
END;
        return $news;
    }
Example #2
0
function getContent($pageId, $action, $userId, $permission, $recursed = 0)
{
    if ($action == "login") {
        if ($userId == 0) {
            ///Commented the requirement of login.lib.php because it is already included in /index.php
            //require_once("login.lib.php");
            $newUserId = login();
            if (is_numeric($newUserId)) {
                return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
            } else {
                return $newUserId;
            }
            ///<The login page
        } else {
            displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout.");
        }
        return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0);
    }
    if ($action == "profile") {
        if ($userId != 0) {
            require_once "profile.lib.php";
            return profile($userId);
        } else {
            displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
        }
    }
    if ($action == "logout") {
        if ($userId != 0) {
            $newUserId = resetAuth();
            displayinfo("You have been logged out!");
            global $openid_enabled;
            if ($openid_enabled == 'true') {
                displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
            }
            return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
        } else {
            displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
        }
    }
    if ($action == "search") {
        require_once "search.lib.php";
        $ret = getSearchBox();
        if (isset($_POST['query'])) {
            $ret .= getSearchResultString($_POST['query']);
        } elseif (isset($_GET['query'])) {
            $ret .= getSearchResultString($_GET['query']);
        }
        return $ret;
    }
    if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
        if (isset($_GET['parentpath'])) {
            global $urlRequestRoot;
            require_once 'menu.lib.php';
            $pidarr = array();
            parseUrlReal(escape($_GET['parentpath']), $pidarr);
            $pid = $pidarr[count($pidarr) - 1];
            $children = getChildren($pid, $userId);
            $response = array();
            $response['path'] = escape($_GET['parentpath']);
            $response['items'] = array();
            foreach ($children as $child) {
                $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
            }
            //echo json_encode($response);
            exit;
        }
    }
    if ($permission != true) {
        if ($userId == 0) {
            $suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
        } else {
            $suggestion = "";
        }
        displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
        return '';
    }
    if ($action == "admin") {
        require_once "admin.lib.php";
        return admin($pageId, $userId);
    }
    ///default actions also to be defined here (and not outside)
    /// Coz work to be done after these actions do involve the page
    $pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'";
    $pagetype_result = mysql_query($pagetype_query);
    $pagetype_values = mysql_fetch_assoc($pagetype_result);
    if (!$pagetype_values) {
        displayerror("The requested page does not exist.");
        return "";
    }
    $moduleType = $pagetype_values['page_module'];
    $moduleComponentId = $pagetype_values['page_modulecomponentid'];
    if ($action == "settings") {
        ///<done here because we needed to check if the page exists for sure.
        require_once "pagesettings.lib.php";
        return pagesettings($pageId, $userId);
    }
    if ($action == "widgets") {
        return handleWidgetPageSettings($pageId);
    }
    if ($recursed == 0) {
        $pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'";
        $pagetypeupdate_result = mysql_query($pagetypeupdate_query);
        if (!$pagetypeupdate_result) {
            return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
        }
    }
    if ($moduleType == "link") {
        return getContent($moduleComponentId, $action, $userId, true, 1);
    }
    if ($action == "grant") {
        return grantPermissions($userId, $pageId);
    }
    if ($moduleType == "menu") {
        return getContent(getParentPage($pageId), $action, $userId, true, 1);
    }
    if ($moduleType == "external") {
        $query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')";
        $result = mysql_query($query);
        $values = mysql_fetch_array($result);
        $link = $values[0];
        header("Location: {$link}");
    }
    global $sourceFolder;
    global $moduleFolder;
    require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
    $page = new $moduleType();
    if (!$page instanceof module) {
        displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>");
        return "";
    }
    $createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'";
    $createperms_result = mysql_query($createperms_query);
    if (mysql_num_rows($createperms_result) < 1) {
        displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>");
        return "";
    }
    $availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'";
    $availableperms_result = mysql_query($availableperms_query);
    $permlist = array();
    while ($value = mysql_fetch_assoc($availableperms_result)) {
        array_push($permlist, $value['perm_action']);
    }
    array_push($permlist, "view");
    $class_methods = get_class_methods($moduleType);
    foreach ($permlist as $perm) {
        if (!in_array("action" . ucfirst($perm), $class_methods)) {
            displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>");
            return "";
        }
    }
    if ($action == "pdf") {
        if (isset($_GET['depth'])) {
            $depth = $_GET['depth'];
        } else {
            $depth = 0;
        }
        if (!is_numeric($depth)) {
            $depth = 0;
        }
        global $TITLE;
        global $sourceFolder;
        require_once "{$sourceFolder}/modules/pdf/html2fpdf.php";
        $pdf = new HTML2FPDF();
        $pdf->setModuleComponentId($moduleComponentId);
        $pdf->AddPage();
        $pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view"));
        $cp = array();
        $j = 0;
        if ($depth == -1) {
            $cp = child($pageId, $userId, $depth);
            if ($cp[0][0]) {
                for ($i = 0; $cp[$i][0] != NULL; $i++) {
                    require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
                    $page1 = new $cp[$i][2]();
                    $modCompId = $cp[$i][5];
                    $pdf->setModuleComponentId($modCompId);
                    $pdf->AddPage();
                    $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
                }
            }
        } else {
            if ($depth > 0) {
                $cp = child($pageId, $userId, $depth);
                --$depth;
                while ($depth > 0) {
                    $count = count($cp);
                    for ($j; $j < $count; $j++) {
                        $cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth));
                    }
                    --$depth;
                }
                if ($cp[0][0]) {
                    for ($i = 0; isset($cp[$i]); $i++) {
                        require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
                        $page1 = new $cp[$i][2]();
                        $modCompId = $cp[$i][5];
                        $pdf->setModuleComponentId($modCompId);
                        $pdf->AddPage();
                        $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
                    }
                }
            }
        }
        $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
        while (file_exists($filePath)) {
            $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf";
        }
        $pdf->Output($filePath);
        header("Pragma: public");
        header("Expires: 0");
        header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
        header("Cache-Control: private", false);
        header("Content-Type: application/pdf");
        header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";");
        header("Content-Transfer-Encoding: binary");
        header("Content-Length: " . filesize($filePath));
        @readfile("{$filePath}");
        unlink($filePath);
    }
    return $page->getHtml($userId, $moduleComponentId, $action);
}
Example #3
0
 /**
  * function actionCorrect:
  * handles all actions in Correct
  * Corrects user submission and displays userList with their Marks
  */
 public function actionCorrect()
 {
     if (isset($_POST['btnSetMark'])) {
         $quizid = escape($_POST['quizid']);
         $sectionid = escape($_POST['sectionid']);
         $questionid = escape($_POST['questionid']);
         $userid = escape($_POST['userid']);
         $mark = escape($_POST['mark']);
         $condition = "`page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}' AND `user_id` = '{$userid}'";
         $result = mysql_query("SELECT `quiz_submittedanswer` FROM `quiz_answersubmissions` WHERE {$condition}");
         if ($row = mysql_fetch_array($result)) {
             $result = mysql_fetch_array(mysql_query("SELECT `question_positivemarks`, `question_negativemarks` FROM `quiz_weightmarks` WHERE `page_modulecomponentid` = '{$quizid}' AND `question_weight` = (SELECT `quiz_questionweight` FROM `quiz_questions` WHERE `page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}')"));
             if ($_POST['mark'] > $result['question_positivemarks'] || $_POST['mark'] < -1 * $result['question_negativemarks']) {
                 displaywarning('Mark out of range for this question, so mark not set');
             } else {
                 mysql_query("UPDATE `quiz_answersubmissions` SET `quiz_marksallotted` = {$mark} WHERE {$condition}");
                 updateSectionMarks($quizid);
                 displayinfo('Mark set');
             }
         } else {
             displayerror('Unable to set value');
         }
     }
     if (isset($_GET['useremail'])) {
         $userId = getUserIdFromEmail($_GET['useremail']);
         if ($userId) {
             return getQuizCorrectForm($this->moduleComponentId, $userId);
         } else {
             displayerror('Error. Could not find user.');
         }
     } elseif (isset($_POST['btnDeleteUser']) && isset($_POST['hdnUserId']) && is_numeric($_POST['hdnUserId'])) {
         $quizObject = $this->getNewQuizObject();
         if ($quizObject !== false) {
             $quizObject->deleteEntries(intval($_POST['hdnUserId']));
         }
     }
     return getQuizUserListHtml($this->moduleComponentId);
 }
Example #4
0
if ($debugSet == "on") {
    $DEBUGINFO .= "Page Full text path : " . $pageFullPath . "<br /><br />\n";
    $DEBUGINFO .= "UID : " . getUserId() . "<br /><br />\n";
    $DEBUGINFO .= "GIDS : " . arraytostring(getGroupIds($userId)) . "<br /><br />\n";
    $DEBUGINFO .= "Action : " . $action . "<br /><br />\n";
    $DEBUGINFO .= "Get Vars : " . arraytostring($_GET) . "<br /><br />\n";
    $DEBUGINFO .= "Page Id : " . $pageId . "<br /><br />\n";
    $DEBUGINFO .= "Page id path : " . arraytostring($pageIdArray) . "\n<br /><br />";
    $DEBUGINFO .= "Title : " . $TITLE . "\n<br /><br />";
    $DEBUGINFO .= "SERVER info : " . arraytostring($_SERVER) . "\n<br /><br />";
    $DEBUGINFO .= "POST info : " . arraytostring($_POST) . "\n<br /><br />";
    $DEBUGINFO .= "FILES info : " . arraytostring($_FILES) . "\n<br /><br />";
    $DEBUGINFO .= "SESSION info : " . arraytostring($_SESSION) . "\n<br /><br />";
    $DEBUGINFO .= "STARTSCRIPTS : " . $STARTSCRIPTS . "\n<br/><br/>";
    if ($DEBUGINFO != "") {
        displayinfo($DEBUGINFO);
    }
}
///Used to check in subsequent requests if cookies are supported or not
setcookie("cookie_support", "enabled", 0, "/");
///Apply the template on the generated content and display the page
templateReplace($TITLE, $MENUBAR, $ACTIONBARMODULE, $ACTIONBARPAGE, $BREADCRUMB, $SEARCHBAR, $PAGEKEYWORDS, $INHERITEDINFO, $CONTENT, $FOOTER, $DEBUGINFO, $ERRORSTRING, $WARNINGSTRING, $INFOSTRING, $STARTSCRIPTS, $LOGINFORM);
disconnect();
exit;
/** Additional notes :

authenticate.lib.php -> Find out who requested it
	output: one int -> uid

parseurl.lib.php -> Find out the page id and action requested
	input:	url
Example #5
0
function deleteGroup($groupName)
{
    if (emptyGroup($groupName, true)) {
        $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'groups` WHERE `group_name` = \'' . $groupName . '\'';
        if (mysql_query($deleteQuery)) {
            displayinfo("Group '{$groupName}' Deleted Successfully");
            return true;
        }
    }
    return false;
}
Example #6
0
//   IN.User.logout();
//   return true;
//}
?>
<body>
<div class="wide form"> 

<?php 
session_start();
// now insert data into db
$sql = "INSERT INTO job_app (first_name, last_name, email, address1, country, created)\nVALUES ('" . $_SESSION['name'] . "', '" . $_SESSION['lname'] . "', '" . $_SESSION['email'] . "', '" . $_SESSION['address1'] . "', '" . $_SESSION['loc'] . "', NOW() )";
echo "<p>" . $_SESSION['name'] . " " . $_SESSION['lname'];
if ($conn->query($sql) === TRUE) {
    echo " your job application was successfully submitted. <br/><br/>Below is the data you submitted:</p>";
    echo "<table class='DataTable'>";
    displayinfo();
    echo "</table>";
} else {
    echo " your job application was not submitted.</p>";
    echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

</div>

<br/>

<div class="buttons">
<a href="#" class="button" onclick="rethome()" id="home-link">
    Return to Home
Example #7
0
/** Undocumented Function.
 * Basically performs the whole login routine
 * @todo Document it
 */
function login()
{
    $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
    $allow_login_result = mysql_query($allow_login_query);
    $allow_login_result = mysql_fetch_array($allow_login_result);
    if (isset($_GET['subaction'])) {
        if ($_GET['subaction'] == "resetPasswd") {
            return resetPasswd($allow_login_result[0]);
        }
        if ($allow_login_result[0]) {
            if ($_GET['subaction'] == "register") {
                require_once "registration.lib.php";
                return register();
            }
        }
        global $openid_enabled;
        if ($openid_enabled == 'true' && $allow_login_result[0]) {
            if ($_GET['subaction'] == "openid_login") {
                if (isset($_POST['process'])) {
                    $openid_url = trim($_POST['openid_identifier']);
                    openid_endpoint($openid_url);
                }
            }
            if ($_GET['subaction'] == "openid_verify") {
                if ($_GET['openid_mode'] != "cancel") {
                    $openid_url = $_GET['openid_identity'];
                    // Get the user's OpenID Identity as returned to us from the OpenID Provider
                    $openid = new Dope_OpenID($openid_url);
                    //Create a new Dope_OpenID object.
                    $validate_result = $openid->validateWithServer();
                    //validate to see if everything was recieved properly
                    if ($validate_result === TRUE) {
                        $userinfo = $openid->filterUserInfo($_GET);
                        return openid_login($userinfo);
                    } else {
                        if ($openid->isError() === TRUE) {
                            // Else if you're here, there was some sort of error during processing.
                            $the_error = $openid->getError();
                            $error = "Error Code: {$the_error['code']}<br />";
                            $error .= "Error Description: {$the_error['description']}<br />";
                        } else {
                            //Else validation with the server failed for some reason.
                            $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
                        }
                    }
                } else {
                    displayerror("User cancelled the OpenID authorization");
                }
            }
            if ($_GET['subaction'] == "openid_pass") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_password'])) {
                        displayerror("Empty Passwords not allowed");
                        return;
                    }
                    $user_passwd = $_POST['user_password'];
                    $info = getUserInfo($openid_email);
                    if (!$info) {
                        displayerror("No user with Email {$openid_email}");
                    } else {
                        $check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
                        if ($check) {
                            //Password was correct. Link the account
                            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
                            $result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
                            if ($result) {
                                displayinfo("Account successfully Linked. Log In one more time to continue.");
                            }
                        } else {
                            displayerror("The password you specified was incorrect");
                        }
                    }
                }
            }
            if ($_GET['subaction'] == "quick_openid_reg") {
                if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
                    displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
                    return;
                } else {
                    $openid_url = $_SESSION['openid_url'];
                    $openid_email = $_SESSION['openid_email'];
                    unset($_SESSION['openid_url']);
                    unset($_SESSION['openid_email']);
                    if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
                        displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
                        return;
                    }
                    $openid_fname = escape($_POST['user_name']);
                    //Now let's start making the dummy user
                    $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
                    $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
                    if ($result) {
                        $id = mysql_insert_id();
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
                        $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
                        if ($result) {
                            displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
                        }
                    }
                    return "";
                }
            }
        }
    }
    if (!isset($_POST['user_email'])) {
        return loginForm($allow_login_result[0]);
    } else {
        /*if it is, 
          then userLDAPVerify($user_email,$user_passwd);
          if the password is correct, update his password in DB
          else $dontloginLDAP = true;
          }
          else {
          if(userLDAPVerify($user_email,$user_passwd)) {
          create his row in DB with loginmethod = ldap and user_activated = 1
          (for this, use the createUser funciton in common.lib.php)
          }
          }*/
        global $cookieSupported;
        $login_status = false;
        if ($cookieSupported == true) {
            if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
                displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                return loginForm($allow_login_result[0]);
            } else {
                $user_email = escape($_POST['user_email']);
                $user_passwd = escape($_POST['user_password']);
                $login_method = '';
                if (!check_email($user_email)) {
                    displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
                    return loginForm($allow_login_result[0]);
                }
                if ($temp = getUserInfo($user_email)) {
                    // check if exists in DB
                    $login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
                    // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
                    if ($login_status) {
                        updateUserPassword($user_email, $user_passwd);
                    }
                    //update passwd in db
                } else {
                    //if user is not in db
                    global $authmethods;
                    if (strpos($user_email, '@') > -1) {
                        $tmp = explode('@', $user_email);
                        $user_name = $tmp[0];
                        $user_domain = strtolower($tmp[1]);
                    } else {
                        $user_name = $user_email;
                    }
                    if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
                        if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'imap';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
                        if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ads';
                        }
                    } elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
                        if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
                            $login_method = 'ldap';
                        }
                    }
                    if ($login_status) {
                        //create new user in db and activate the user (only if user's login is valid)
                        $user_fullname = strtoupper($user_name);
                        $user_md5passwd = md5($user_passwd);
                        $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
                        mysql_query($query) or die(mysql_error() . " creating new user !");
                    } else {
                        displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
                    }
                }
                if ($login_status) {
                    $temp = getUserInfo($user_email);
                    if (!$temp['user_activated']) {
                        displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
                        // if user exists in db and admin has set user_activated = false delibrately
                        // then it means that the user has been denied access !!!
                    } else {
                        $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
                        mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
                        $_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
                        setAuth($temp['user_id']);
                        //exit();
                        //displayinfo("Welcome " . $temp['user_name'] . "!");
                        return $temp['user_id'];
                    }
                } else {
                    displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
                    return loginForm($allow_login_result[0]);
                }
            }
            return 0;
        } else {
            showCookieWarning();
            return 0;
        }
    }
}
Example #8
0
    /**
     * function actionEdit:
     * Edit interface for all safedit module instances
     * will be called from $this->getHtml function
     */
    public function actionEdit()
    {
        $ret = <<<RET
<style type="text/css">
textarea {
\tfont-size: 130%;
\tbackground: white;
}
</style>
RET;
        global $sourceFolder, $ICONS;
        require_once $sourceFolder . "/upload.lib.php";
        submitFileUploadForm($this->moduleComponentId, "safedit", $this->userId, UPLOAD_SIZE_LIMIT);
        $end = "<fieldset id='uploadFile'><legend>{$ICONS['Uploaded Files']['small']}File Upload</legend>Upload files : <br />" . getFileUploadForm($this->moduleComponentId, "safedit", './+edit', UPLOAD_SIZE_LIMIT, 5) . getUploadedFilePreviewDeleteForm($this->moduleComponentId, "safedit", './+edit') . '</fieldset>';
        $val = mysql_fetch_assoc(mysql_query("SELECT `page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = 'safedit' AND `page_modulecomponentid` = '{$this->moduleComponentId}'"));
        $ret .= "<h1>Editing '" . $val['page_title'] . "' page</h1>";
        if (isset($_GET['subaction'])) {
            if ($_GET['subaction'] == "addSection") {
                $show = isset($_POST['sectionShow']);
                $heading = escape($_POST['heading']);
                $result = mysql_query("SELECT MAX(`section_id`)+1 as `section_id` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'") or die(mysql_error());
                $row = mysql_fetch_row($result);
                $sectionId = $row[0];
                $result = mysql_query("SELECT MAX(`section_priority`)+1 as `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'");
                $row = mysql_fetch_row($result);
                $priority = $row[0];
                $query = "INSERT INTO `safedit_sections`(`page_modulecomponentid`,`section_id`,`section_heading`,`section_type`,`section_show`,`section_priority`) VALUES ('{$this->moduleComponentId}','{$sectionId}','{$heading}','" . escape($_POST['type']) . "','{$show}','{$priority}')";
                mysql_query($query) or die($query . "<br>" . mysql_error());
                if (mysql_affected_rows() > 0) {
                    displayinfo("Section: {$heading}, created");
                } else {
                    displayerror("Couldn't create section");
                }
            } else {
                if ($_GET['subaction'] == 'deleteSection') {
                    $sectionId = escape($_GET['sectionId']);
                    $query = "DELETE FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
                    mysql_query($query) or die($query . "<br>" . mysql_error());
                    if (mysql_affected_rows() > 0) {
                        displayinfo("Section deleted succesfully");
                    } else {
                        displayerror("Couldn't delete section");
                    }
                } else {
                    if ($_GET['subaction'] == 'saveSection') {
                        $sectionId = escape($_POST['sectionId']);
                        $heading = escape($_POST['heading']);
                        $typeUpdate = isset($_POST['type']) ? ", `section_type` = '{$_POST['type']}'" : '';
                        $show = ", `section_show` = '" . isset($_POST['sectionShow']) . "'";
                        $result = mysql_query("SELECT `section_type` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'");
                        $row = mysql_fetch_row($result);
                        $type = $row[0];
                        if ($type == "para" || $type == "ulist" || $type == "olist") {
                            $sectionContent = escape($this->processSave($_POST['content']));
                        } else {
                            if ($type == "picture") {
                                $sectionContent = escape($_POST['selectFile']);
                            }
                        }
                        $query = "UPDATE `safedit_sections` SET `section_heading` = '{$heading}', `section_content` = '{$sectionContent}'{$typeUpdate}{$show} WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'";
                        mysql_query($query) or die($query . "<br>" . mysql_error());
                        if (mysql_affected_rows() > 0) {
                            displayinfo("Section saved successfully");
                        }
                    } else {
                        if ($_GET['subaction'] == 'moveUp' || $_GET['subaction'] == 'moveDown') {
                            $compare = $_GET['subaction'] == 'moveUp' ? '<=' : '>=';
                            $arrange = $_GET['subaction'] == 'moveUp' ? 'DESC' : 'ASC';
                            $sectionId = escape($_GET['sectionId']);
                            $query = "SELECT `section_id`,`section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` '{$compare}' (SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}') ORDER BY `section_priority` '{$arrange}' LIMIT 2";
                            $result = mysql_query($query);
                            $row = mysql_fetch_row($result);
                            $sid = $row[0];
                            $spr = $row[1];
                            if ($row = mysql_fetch_row($result)) {
                                mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$spr}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$row[0]}'");
                                mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$row[1]}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sid}'");
                            }
                        } else {
                            if ($_GET['subaction'] == 'moveTop' || $_GET['subaction'] == 'moveBottom') {
                                $sectionId = escape($_GET['sectionId']);
                                $cpri = mysql_fetch_row(mysql_query("SELECT `section_priority` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'")) or die(mysql_error());
                                if ($_GET['subaction'] == 'moveTop') {
                                    $sign = '+';
                                    $cmpr = '<';
                                    $set = '0';
                                } else {
                                    $sign = '-';
                                    $cmpr = '>';
                                    $set = mysql_fetch_row(mysql_query("SELECT MAX(`section_priority`) FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'")) or die(mysql_error());
                                    $set = isset($set[0]) ? $set[0] : '';
                                }
                                $cmpr = $_GET['subaction'] == 'moveTop' ? '<' : '>';
                                $query = "UPDATE `safedit_sections` SET `section_priority` = `section_priority`{$sign}1 WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_priority` {$cmpr} '{$cpri[0]}'";
                                mysql_query($query) or die(mysql_error());
                                mysql_query("UPDATE `safedit_sections` SET `section_priority` = '{$set}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' AND `section_id` = '{$sectionId}'") or die(mysql_error());
                            }
                        }
                    }
                }
            }
        }
        $result = mysql_query("SELECT `section_id`,`section_heading`,`section_type`,`section_content`,`section_show` FROM `safedit_sections` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `section_priority`");
        while ($row = mysql_fetch_assoc($result)) {
            $show = $row['section_show'] ? 'checked ' : '';
            $type = $row['section_type'];
            $help = $type != "picture" ? " <a href='#help' title='Only Plain text allowed, Click to know more'>{$ICONS['Help']['small']}</a>" : '';
            $ret .= <<<RET
<form action='./+edit&subaction=saveSection' method=POST><input type=hidden value='{$row['section_id']}' name='sectionId' /><fieldset><legend><input type=checkbox name='sectionShow' {$show}/><input type=text name=heading value='{$row['section_heading']}' style='border:0;background:none;' /> <a href='./+edit&subaction=moveUp&sectionId={$row['section_id']}' title='Move one level Up'>{$ICONS['Up']['small']}</a> <a href='./+edit&subaction=moveDown&sectionId={$row['section_id']}' title='Move one level Down'>{$ICONS['Down']['small']}</a> <a href='./+edit&subaction=moveTop&sectionId={$row['section_id']}' title='Move to Top'>{$ICONS['Top']['small']}</a> <a href='./+edit&subaction=moveBottom&sectionId={$row['section_id']}' title='Move to Bottom'>{$ICONS['Bottom']['small']}</a> <a href='./+edit&subaction=deleteSection&sectionId={$row['section_id']}' title='Delete Section'>{$ICONS['Delete Section']['small']}</a>{$help}</legend><div class='safedit_section'>
RET;
            $safeContent = safe_html($row['section_content']);
            if ($type == "ulist" || $type == "olist" || $type == "para") {
                $usel = $type == "ulist" ? ' selected' : '';
                $osel = $type == "olist" ? ' selected' : '';
                $psel = $type == "para" ? ' selected' : '';
                $ret .= <<<PARA
<textarea name=content rows=7 style="width:100%">{$safeContent}</textarea>
<select name=type>
<option value="para"{$psel}>Paragraph</option>
<option value="ulist"{$usel}>List</option>
<option value="olist"{$osel}>Numbered List</option>
</select>
PARA;
            } else {
                if ($type == "picture") {
                    $files = getUploadedFiles($this->moduleComponentId, "safedit");
                    $ret .= "<a href='#uploadFile'>Upload File</a><br /><select name=selectFile><option value=''>No picture</option>";
                    foreach ($files as $currFile) {
                        $select = $row['section_content'] == $currFile['upload_filename'] ? ' selected' : '';
                        $ret .= "<option value='{$currFile['upload_filename']}'{$select}>{$currFile['upload_filename']}</option>";
                    }
                    $ret .= "</select>";
                }
            }
            $ret .= <<<SUBMIT
<input type=submit value='Save section' /></div></fieldset></form>
SUBMIT;
        }
        $ret .= <<<RET
<fieldset>
<legend>{$ICONS['Add']['small']}Create New Section</legend>
<form action="./+edit&subaction=addSection" method=POST>
<select name='type'>
<option value="para">Paragraph</option>
<option value="ulist">List</option>
<option value="olist">Numbered List</option>
<option value="picture">Picture</option>
</select>
<input type=text name="heading" />
<input type=checkbox name="sectionShow" checked />
<input type=submit value="Add section" name="btnAddSection" />
</form>
</fieldset>
RET;
        $ret .= $end;
        $ret .= <<<RET
<small id="help"><ul><li>You can display only Plain text, any custom formatting will be prevented.<br />To make a link, enclose the text with '{' and '}' and add the target to the end of the line after '|'<br />For eg:<br />{This is a link}, and this is not a link|http://www.google.com<br />The above line will make a link to google.com</li><li>Leave section heading text box blank(without even spaces) to avoid displaying Heading</li></ul></small>
RET;
        return $ret;
    }
Example #9
0
    public function actionEdit()
    {
        global $sourceFolder, $ICONS;
        //require_once("$sourceFolder/diff.lib.php");
        require_once $sourceFolder . "/upload.lib.php";
        if (isset($_GET['deldraft'])) {
            $dno = escape($_GET['dno']);
            $query = "DELETE FROM `article_draft` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `draft_number`=" . $dno;
            $result = mysql_query($query) or die(mysql_error());
        }
        global $ICONS;
        $header = <<<HEADER
\t\t<fieldset><legend><a name='topquicklinks'>Quicklinks</a></legend>
\t\t<table class='iconspanel'>
\t\t<tr>
\t\t<td><a href='#editor'><div>{$ICONS['Edit Page']['large']}<br/>Edit Page</div></a></td>
\t\t<td><a href='#files'><div>{$ICONS['Uploaded Files']['large']}<br/>Manage Uploaded Files</div></a></td>
\t\t<td><a href='#drafts'><div>{$ICONS['Drafts']['large']}<br/>Saved Drafts</div></a></td>
\t\t<td><a href='#revisions'><div>{$ICONS['Page Revisions']['large']}<br/>Page Revisions</div></a></td>
\t\t<td><a href='#comments'><div>{$ICONS['Page Comments']['large']}<br/>Page Comments</div></a></td>
\t\t</tr>
\t\t</table>
\t
        
\t\t</fieldset><br/><br/>
HEADER;
        submitFileUploadForm($this->moduleComponentId, "article", $this->userId, UPLOAD_SIZE_LIMIT);
        if (isset($_GET['delComment']) && $this->userId == 1) {
            mysql_query("DELETE FROM `article_comments` WHERE `comment_id` = '" . escape($_GET['delComment']) . "'");
            if (mysql_affected_rows()) {
                displayinfo("Comment deleted!");
            } else {
                displayerror("Error in deleting comment");
            }
        }
        if (isset($_GET['preview']) && isset($_POST['CKEditor1'])) {
            return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Preview</a></div>" . $this->actionView(stripslashes($_POST[CKEditor1])) . $this->getCkBody(stripslashes($_POST[CKEditor1]));
        }
        if (isset($_GET['version'])) {
            $revision = $this->getRevision($_GET['version']);
            return "<div id=\"preview\" class=\"warning\"><a name=\"preview\">Previewing Revision Number " . $_GET['version'] . "</a></div>" . $this->actionView($revision) . $this->getCkBody($revision);
        }
        if (isset($_GET['dversion'])) {
            $draft = $this->getDraft($_GET['dversion']);
            displayinfo("Viewing Draft number " . $_GET['dversion']);
            return $header . $this->getCkBody($draft);
        }
        if (isset($_POST['CKEditor1'])) {
            /*Save the diff :-*/
            $query = "SELECT article_content FROM article_content WHERE page_modulecomponentid='" . $this->moduleComponentId . "'";
            $result = mysql_query($query);
            $row = mysql_fetch_assoc($result);
            $diff = mysql_escape_string($this->diff($_POST['CKEditor1'], $row['article_content']));
            $query = "SELECT MAX(article_revision) AS MAX FROM `article_contentbak` WHERE page_modulecomponentid ='" . $this->moduleComponentId . "'";
            $result = mysql_query($query);
            if (!$result) {
                displayerror(mysql_error() . "article.lib L:44");
                return;
            }
            if (mysql_num_rows($result)) {
                $row = mysql_fetch_assoc($result);
                $revId = $row['MAX'] + 1;
            } else {
                $revId = 1;
            }
            $query = "INSERT INTO `article_contentbak` (`page_modulecomponentid` ,`article_revision` ,`article_diff`,`user_id`)\nVALUES ('{$this->moduleComponentId}', '{$revId}','{$diff}','{$this->userId}')";
            $result = mysql_query($query);
            if (!$result) {
                displayerror(mysql_error() . "article.lib L:44");
                return;
            }
            /*Save the diff end.*/
            $query = "UPDATE `article_content` SET `article_content` = '" . escape($_POST["CKEditor1"]) . "' WHERE `page_modulecomponentid` ='{$this->moduleComponentId}' ";
            $result = mysql_query($query);
            if (mysql_affected_rows() < 0) {
                displayerror("Unable to update the article content");
            } else {
                /* Index the page by sphider */
                $page = replaceAction(selfURI(), "edit", "view");
                global $sourceFolder, $moduleFolder;
                require_once "{$sourceFolder}/{$moduleFolder}/search/admin/spider.php";
                index_url($page, 0, 0, '', 0, 0, 1);
            }
            /* Update the choice of editor*/
            if (isset($_POST['editor'])) {
                $editor = escape($_POST['editor']);
                $query = "UPDATE `article_content` SET `default_editor` = '" . $editor . "' WHERE `page_modulecomponentid` ='{$this->moduleComponentId}' ";
                $result = mysql_query($query);
                if (mysql_affected_rows() < 0) {
                    displayerror("Unable to update the article Editor");
                }
            }
            return $this->actionView();
        }
        $fulleditpage = $this->getCkBody();
        $commentsedit = "<fieldset><legend><a name='comments'>{$ICONS['Page Comments']['small']}Comments</a></legend>";
        if ($this->isCommentsEnabled()) {
            $comments = mysql_query("SELECT `comment_id`,`user`,`timestamp`,`comment` FROM `article_comments` WHERE `page_modulecomponentid` = '{$this->moduleComponentId}' ORDER BY `timestamp`");
            if (mysql_num_rows($comments) == 0) {
                $commentsedit .= "No comments have been posted !";
            }
            while ($row = mysql_fetch_array($comments)) {
                $commentsedit .= $this->renderComment($row['comment_id'], $row['user'], $row['timestamp'], $row['comment'], 1);
            }
        } else {
            $commentsedit .= "Comments are disabled for this page! You can allow comments from <a href='./+settings'>pagesettings</a>.";
        }
        $commentsedit .= "</fieldset>";
        $top = "<a href='#topquicklinks'>Top</a>";
        $fulleditpage .= $commentsedit . $top;
        return $header . $fulleditpage;
    }
Example #10
0
function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath)
{
    require_once "group.lib.php";
    global $ICONS;
    global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder, $sourceFolder;
    $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
    $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
    /// Parse any get variables, do necessary validation and stuff, so that we needn't check inside every if
    $groupRow = $groupId = $userId = null;
    $subAction = '';
    //isset($_GET['subaction']) ? $_GET['subaction'] : '';
    if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname']) || isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])) {
        $subAction = 'showeditform';
    } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform') {
        $subAction = 'associateform';
    } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail'])) {
        $subAction = 'deleteuser';
    } elseif (isset($_POST['btnAddUserToGroup'])) {
        $subAction = 'addusertogroup';
    } elseif (isset($_POST['btnSaveGroupProperties'])) {
        $subAction = 'savegroupproperties';
    } elseif (isset($_POST['btnEditGroupPriorities']) || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities') {
        $subAction = 'editgrouppriorities';
    }
    if (isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
        $groupRow = getGroupRow(isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']));
        $groupId = $groupRow['group_id'];
        if ($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
            displayerror('Error! Invalid group requested.');
            return;
        }
        if (!is_null($groupId)) {
            if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
                displayerror('You do not have the permission to modify the selected group.');
                return '';
            }
        }
    }
    if (isset($_GET['useremail'])) {
        $userId = getUserIdFromEmail($_GET['useremail']);
    }
    if ($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
        if ($subAction == 'deleteuser') {
            if ($groupRow['form_id'] != 0) {
                displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
            } elseif (!$userId) {
                displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
            } else {
                $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `group_id` = ' . $groupId;
                $deleteResult = mysql_query($deleteQuery);
                if (!$deleteResult || mysql_affected_rows() != 1) {
                    displayerror('Could not delete user with the given E-mail from the given group.');
                } else {
                    displayinfo('Successfully removed user from the current group');
                    if ($userId == $currentUserId) {
                        $virtue = '';
                        $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
                        $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
                    }
                }
            }
        } elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
            $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '" . escape($_POST['txtGroupDescription']) . "' WHERE `group_id` = '{$groupId}'";
            $updateResult = mysql_query($updateQuery);
            if (!$updateResult) {
                displayerror('Could not update database.');
            } else {
                displayinfo('Changes to the group have been successfully saved.');
            }
            $groupRow = getGroupRow($groupRow['group_name']);
        } elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
            if ($groupRow['form_id'] != 0) {
                displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
            } else {
                $passedEmails = explode(',', escape($_POST['txtUserEmail']));
                for ($i = 0; $i < count($passedEmails); $i++) {
                    $hyphenPos = strpos($passedEmails[$i], '-');
                    if ($hyphenPos >= 0) {
                        $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
                    } else {
                        $userEmail = escape($_POST['txtUserEmail']);
                    }
                    $userId = getUserIdFromEmail($userEmail);
                    if (!$userId || $userId < 1) {
                        displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
                    }
                    if (!addUserToGroupName($groupRow['group_name'], $userId)) {
                        displayerror('Could not add the given user to the current group.');
                    } else {
                        displayinfo('User has been successfully inserted into the given group.');
                    }
                }
            }
        } elseif ($subAction == 'associateform') {
            if (isset($_POST['btnAssociateGroup'])) {
                $pageIdArray = array();
                $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
                if ($formPageId <= 0 || getPageModule($formPageId) != 'form') {
                    displayerror('Invalid page selected! The page you selected is not a form.');
                } elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form')) {
                    displayerror('You do not have the permissions to associate the selected form with a group.');
                } else {
                    $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
                    require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php";
                    if (isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
                        associateGroupWithForm($groupId, $formModuleId);
                        $groupRow = getGroupRow($groupRow['group_name']);
                    } else {
                        displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
                    }
                }
            } elseif (isset($_POST['btnUnassociateGroup'])) {
                if ($groupRow['form_id'] <= 0) {
                    displayerror('The selected group is currently not associated with any form.');
                } elseif (!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
                    displayerror('You do not have the permissions to unassociate the form from this group.');
                } else {
                    unassociateFormFromGroup($groupId);
                    $virtue = '';
                    $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
                    $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
                    $groupRow = getGroupRow($groupRow['group_name']);
                }
            }
        }
        if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
            displayerror('You do not have the permission to modify the selected group.');
            return '';
        }
        $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
        $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
        $userQuery = "SELECT `user_email`, `user_fullname` FROM {$usergroupTable}, {$usersTable} WHERE `group_id` =  '{$groupId}' AND {$usersTable}.`user_id` = {$usergroupTable}.`user_id` ORDER BY `user_email`";
        $userResult = mysql_query($userQuery);
        if (!$userResult) {
            displayerror('Error! Could not fetch group information.');
            return '';
        }
        $userEmails = array();
        $userFullnames = array();
        while ($userRow = mysql_fetch_row($userResult)) {
            $userEmails[] = $userRow[0];
            $userFullnames[] = $userRow[1];
        }
        $groupEditForm = <<<GROUPEDITFORM
\t\t\t<h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Group Properties</legend>
\t\t\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\tGroup Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
\t\t\t\t\t<input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
\t\t\t\t</form>
\t\t\t</fieldset>

\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
GROUPEDITFORM;
        $userCount = mysql_num_rows($userResult);
        global $urlRequestRoot, $cmsFolder, $templateFolder, $sourceFolder;
        $deleteImage = "<img src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
        for ($i = 0; $i < $userCount; $i++) {
            $isntAssociatedWithForm = $groupRow['form_id'] == 0;
            if ($isntAssociatedWithForm) {
                $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
            }
            $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
        }
        $associateForm = '';
        if ($groupRow['form_id'] == 0) {
            $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
            $associableFormCount = count($associableForms);
            $associableFormsBox = '<select name="selFormPath">';
            for ($i = 0; $i < $associableFormCount; ++$i) {
                $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
            }
            $associableFormsBox .= '</select>';
            $associateForm = <<<GROUPASSOCIATEFORM

\t\t\tSelect a form to associate the group with: {$associableFormsBox}
\t\t\t<input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
GROUPASSOCIATEFORM;
        } else {
            $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
            $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' . '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
        }
        $groupEditForm .= '</fieldset>';
        if ($groupRow['form_id'] == 0) {
            $groupEditForm .= <<<GROUPEDITFORM
\t\t\t\t<br />
\t\t\t\t<fieldset style="padding: 8px">
\t\t\t\t\t<legend>{$ICONS['Add']['small']}Add Users to Group</legend>
\t\t\t\t\t<form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\t\tEmail ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
\t\t\t\t\t\t<div id="suggestionDiv" class="suggestionbox"></div>

\t\t\t\t\t\t<script language="javascript" type="text/javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script>
\t\t\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\t\t<!--
\t\t\t\t\t\t\tvar addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
\t\t\t\t\t\t\taddUserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t-->
\t\t\t\t\t\t</script>

\t\t\t\t\t\t<input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
\t\t\t\t\t</form>
\t\t\t\t</fieldset>
GROUPEDITFORM;
        }
        $groupEditForm .= <<<GROUPEDITFORM
\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
\t\t\t\t<form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
\t\t\t\t\t{$associateForm}
\t\t\t\t</form>
\t\t\t</fieldset>
GROUPEDITFORM;
        return $groupEditForm;
    }
    if ($subAction == 'editgrouppriorities') {
        $modifiableCount = count($modifiableGroups);
        $userMaxPriority = $maxPriorityGroup = 1;
        if ($modifiableCount != 0) {
            $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
            $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
        }
        if (isset($_GET['dowhat']) && !is_null($groupId)) {
            if ($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
                shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
            } elseif ($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
                shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
            } elseif ($_GET['dowhat'] == 'emptygroup') {
                emptyGroup($groupRow['group_name']);
            } elseif ($_GET['dowhat'] == 'deletegroup') {
                if (deleteGroup($groupRow['group_name'])) {
                    $virtue = '';
                    $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
                    $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
                }
            }
            $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
        } elseif (isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
            if (isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
                $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '" . escape($_POST['txtGroupName']) . "'";
                $existsResult = mysql_query($existsQuery);
                if (trim($_POST['txtGroupName']) == '') {
                    displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
                } elseif (mysql_num_rows($existsResult) >= 1) {
                    displayerror('A group with the name you specified already exists.');
                } else {
                    $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
                    $idResult = mysql_query($idQuery);
                    $idRow = mysql_fetch_row($idResult);
                    $newGroupId = 2;
                    if (!is_null($idRow[0])) {
                        $newGroupId = $idRow[0] + 1;
                    }
                    $newGroupPriority = 1;
                    if ($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
                        $newGroupPriority = escape($_POST['selGroupPriority']);
                    }
                    $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' . "VALUES({$newGroupId}, '" . escape($_POST['txtGroupName']) . "', '" . escape($_POST['txtGroupDescription']) . "', '{$newGroupPriority}')";
                    $addGroupResult = mysql_query($addGroupQuery);
                    if ($addGroupResult) {
                        displayinfo('New group added successfully.');
                        if (isset($_POST['chkAddMe'])) {
                            $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ('{$currentUserId}', '{$newGroupId}')";
                            if (!mysql_query($insertQuery)) {
                                displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
                            }
                        }
                        $virtue = '';
                        $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
                        $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
                    } else {
                        displayerror('Could not run MySQL query. New group could not be added.');
                    }
                }
            }
            $modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
        }
        $modifiableCount = count($modifiableGroups);
        if ($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
            $modifiableGroups = array_reverse($modifiableGroups);
        }
        $previousPriority = $modifiableGroups[0]['group_priority'];
        global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder, $sourceFolder;
        $iconsFolderUrl = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16";
        $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
        $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
        $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
        $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
        $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
        $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
        $groupsForm = '<h3>Edit Group Priorities</h3><br />';
        for ($i = 0; $i < $modifiableCount; $i++) {
            if ($modifiableGroups[$i]['group_priority'] != $previousPriority) {
                $groupsForm .= '<br /><br /><hr /><br />';
            }
            $groupsForm .= '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' . '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
            $previousPriority = $modifiableGroups[$i]['group_priority'];
        }
        $priorityBox = '<option value="1">1</option>';
        for ($i = 2; $i <= $userMaxPriority; ++$i) {
            $priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
        }
        $groupsForm .= <<<GROUPSFORM
\t\t<br /><br />
\t\t<fieldset style="padding: 8px">
\t\t\t<legend>Create New Group:</legend>

\t\t\t<form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
\t\t\t\t<label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
\t\t\t\t<label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
\t\t\t\t<label>Group Priority: <select name="selGroupPriority">{$priorityBox}</select><br />
\t\t\t\t<label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
\t\t\t\t<input type="submit" name="btnAddNewGroup" value="Add Group" />
\t\t\t</form>
\t\t</fieldset>
GROUPSFORM;
        return $groupsForm;
    }
    $modifiableCount = count($modifiableGroups);
    $groupsBox = '<select name="selEditGroups">';
    for ($i = 0; $i < $modifiableCount; ++$i) {
        $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
    }
    $groupsBox .= '</select>';
    $groupsForm = <<<GROUPSFORM
\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
\t\t\t{$groupsBox}
\t\t\t<input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
\t\t\t<input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
\t\t</form>

GROUPSFORM;
    return $groupsForm;
}
Example #11
0
    public function actionEdit()
    {
        $module_ComponentId = $this->moduleComponentId;
        if (isset($_POST['edit_share'])) {
            $desc = safe_html($_POST['share_desc']);
            $ftype = escape($_POST['file_type']);
            if (strlen($desc) < 50 || strlen($ftype) == 0) {
                displayerror("Could not update the page. Either the share description or file type doesnot meet the requirements!!");
            } else {
                $max_size = escape($_POST['file_size']);
                $query = "UPDATE `share` SET `page_desc` = '{$desc}', `file_type` = '{$ftype}', `maxfile_size` = '{$max_size}' WHERE `page_modulecomponentid` = '{$module_ComponentId}'";
                $result = mysql_query($query);
                if (mysql_affected_rows() < 0) {
                    displayerror("Error in updating the database. Please Try again later");
                } else {
                    displayinfo("All settings updated successfully");
                }
            }
        }
        $query = "SELECT * FROM `share` WHERE `page_modulecomponentid` = '{$module_ComponentId}'";
        $result = mysql_query($query) or displayerror(mysql_error() . " Error in share.lib.php L:322");
        $result = mysql_fetch_array($result) or displayerror(mysql_error() . "Error in share.lib.php L:323");
        $edit_form = <<<EDIT
<script type="text/javascript" language="javascript">
function checkForm()
{
\tvar desc = document.edit_share.share_desc.value;
\tvar length = desc.length;
\tif(length<50)
\t{
\t\tdocument.getElementById('share_desc').focus();
\t\talert("Please enter the Share Description (min. 50 characters)");
\t\treturn false;
\t}
\tvar type = document.edit_share.file_type.value;
\tvar tlength = type.length;
\tif(tlength==0)
\t{
\t\tdocument.getElementById('file_type').focus();
\t\talert("Please enter the File types that can be uploaded");
\t\treturn false;
\t}
\treturn true;
}
</script>
\t<fieldset><legend>EDIT SHARE</legend>
\t<form method="POST" name="edit_share" action="./+edit">
\t<table>
\t<tr><td>Share Description </td><td><textarea name="share_desc" id="share_desc" cols="50" rows="5" class="textbox" >{$result['page_desc']}</textarea></td></tr>
\t<tr><td>Uploadable FIle types</td><td><input type='text' name="file_type" id="file_type" value={$result['file_type']}></td></tr>
\t<tr><td>Max File Size(in bytes)</td><td><input type='text' name="file_size" id="file_size" value={$result['maxfile_size']}></td></tr>
\t<tr><td colspan=2 style="text-align:center"><input type="submit" value="submit" name="edit_share" onclick="return checkForm();"><input type="reset" value="Reset"></td></tr>
\t</table>\t
\t</form>\t
\t</fieldset>
EDIT;
        return $edit_form;
    }
Example #12
0
/**
 * Handles the submission of the widget configuration forms (both global and instance-specific) and updates the database.
 * @param $widgetid ID of the widget.
 * @param $widgetinstanceid Widget Instance ID of the widget for instance-specific configurations, default is -1 for global configurations.
 * @param $isglobal Default is set to true if handling global configurations, for instance-specific configurations must be set to false explicitly.
 * @note It uses $_POST variables implicitly to retrieve submitted form values.
 */
function updateWidgetConf($widgetid, $widgetinstanceid = -1, $isglobal = TRUE)
{
    $query = "SELECT `config_name`,`config_type`,`config_default`,`config_options` FROM `" . MYSQL_DATABASE_PREFIX . "widgetsconfiginfo` WHERE `widget_id`='{$widgetid}' AND `is_global`=" . (int) $isglobal;
    $res = mysql_query($query);
    if ($isglobal) {
        $widgetinstanceid = -1;
    }
    while ($row = mysql_fetch_array($res)) {
        $conftype = $row['config_type'];
        $confname = $row['config_name'];
        $confdef = $row['config_default'];
        $confoptions = $row['config_options'];
        if ($isglobal) {
            $postvar = "globalconfform_" . $confname;
        } else {
            $postvar = "pageconfform_" . $confname;
        }
        $confcur = false;
        $query = "SELECT `config_value` FROM `" . MYSQL_DATABASE_PREFIX . "widgetsconfig` WHERE `config_name`='{$confname}' AND `widget_id`='{$widgetid}' AND `widget_instanceid`='{$widgetinstanceid}'";
        $result = mysql_query($query);
        while ($row = mysql_fetch_assoc($result)) {
            $confcur = $row['config_value'];
        }
        if ($conftype == 'checkbox') {
            $confval = escape(interpretSubmitValue($conftype, $postvar, $confoptions));
        } else {
            $confval = escape(interpretSubmitValue($conftype, $postvar));
        }
        ///If there was no submit value, then check for the current value, if even that's missing then use the default value
        $confval = $confval === false ? $confcur === false ? $confdef : $confcur : $confval;
        if (mysql_num_rows($result) == 0) {
            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "widgetsconfig` (`widget_id`,`widget_instanceid`,`config_name`,`config_value`) VALUES ({$widgetid},{$widgetinstanceid},'{$confname}','{$confval}')";
            mysql_query($query);
        } else {
            if ($confval != $confcur) {
                $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "widgetsconfig` SET `config_value`='{$confval}' WHERE `config_name`='{$confname}' AND `widget_id`='{$widgetid}' AND `widget_instanceid`='{$widgetinstanceid}'";
                mysql_query($query);
            }
        }
    }
    displayinfo("Configurations updated successfully!");
}
/** Unegister a user in form_regdata table and remove his data from elementdata table*/
function unregisterUser($moduleCompId, $userId, $silentOnSuccess = false)
{
    if (verifyUserRegistered($moduleCompId, $userId)) {
        $unregisteruser_query = "DELETE FROM `form_regdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}'";
        $unregisteruser_result = mysql_query($unregisteruser_query);
        /// Remove any files uploaded by the user
        $fileFieldQuery = 'SELECT `form_elementdata` FROM `form_elementdata`, `form_elementdesc` WHERE ' . "`form_elementdata`.`page_modulecomponentid` = '{$moduleCompId}' AND `form_elementtype` = 'file' AND " . "`form_elementdata`.`user_id` = '{$userId}' AND `form_elementdesc`.`page_modulecomponentid` = `form_elementdata`.`page_modulecomponentid` AND " . "`form_elementdata`.`form_elementid` = `form_elementdesc`.`form_elementid`";
        $fileFieldResult = mysql_query($fileFieldQuery);
        global $sourceFolder;
        require_once "{$sourceFolder}/upload.lib.php";
        while ($fileFieldRow = mysql_fetch_row($fileFieldResult)) {
            deleteFile($moduleCompId, 'form', $fileFieldRow[0]);
        }
        $deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}' ";
        $deleteelementdata_result = mysql_query($deleteelementdata_query);
        if ($deleteelementdata_result) {
            global $sourceFolder;
            require_once $sourceFolder . "/group.lib.php";
            $groupId = getGroupIdFromFormId($moduleCompId);
            if ($groupId != false) {
                if (removeUserFromGroupId($groupId, $userId)) {
                    if (!$silentOnSuccess) {
                        displayinfo("User successfully unregistered");
                    }
                    return true;
                } else {
                    displayerror("Unable to unregister user from group.");
                    return false;
                }
            } else {
                if (!$silentOnSuccess) {
                    displayinfo("User successfully unregistered");
                }
                return true;
            }
        } else {
            displayerror("Error in unregistering user.");
            return false;
        }
    } else {
        displaywarning("User not registered!");
        return false;
    }
}
Example #14
0
 function mailer($to, $mailtype, $key, $from)
 {
     if (empty($from)) {
         $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
     }
     //init mail template file path
     $mail_filepath = MAILPATH . "/" . LANGUAGE . "/email/{$mailtype}.txt";
     $drop_header = '';
     if (!file_exists($mail_filepath)) {
         displayerror(safe_html("NO FILE called {$mail_filepath} FOUND !"));
     }
     //check file
     if (($data = @file_get_contents($mail_filepath)) === false) {
         displayerror("{$mail_filepath} FILE READ ERROR !");
     }
     //read contents
     //escape quotes
     $body = str_replace("'", "\\'", $data);
     //replace the vars in file content with those defined
     $body = preg_replace('#\\{([a-z0-9\\-_]*?)\\}#is', "' . ((isset(\$this->vars['\\1'])) ? \$this->vars['\\1'] : '') . '", $body);
     //Make the content parseable
     eval("\$body = '{$body}';");
     //Extract the SUBJECT from mail content
     $match = array();
     if (preg_match('#^(Subject:(.*?))$#m', $body, $match)) {
         //Find SUBJECT
         $subject = trim($match[2]) != '' ? trim($match[2]) : $subject;
         $drop_header .= '[\\r\\n]*?' . preg_quote($match[1], '#');
     }
     if ($drop_header) {
         //Remove SUBJECT from BODY of mail
         $body = trim(preg_replace('#' . $drop_header . '#s', '', $body));
     }
     //Debug info
     //echo displayinfo($from.' <br> '.$to.' <br> '.$subject.' <br> '.$body);
     //Send mail
     global $debugSet;
     if ($debugSet == "on") {
         displayinfo("Vars :" . arraytostring($this->vars));
         displayinfo("Mail sent to {$to} from {$from} with subject {$subject} and body {$body}");
     }
     return mail($to, $subject, $body, $from);
 }
Example #15
0
    public function actionView()
    {
        $userId = $this->userId;
        global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder;
        $templatesImageFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/" . TEMPLATE;
        $temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images";
        $table_name = "forum_threads";
        $table1_name = "forum_posts";
        $forumHtml = <<<PRE
\t\t<link rel="stylesheet" href="{$temp}/styles.css" type="text/css" />
PRE;
        $forum_lastVisit = $this->forumLastVisit();
        $moderator = getPermissions($this->userId, getPageIdFromModuleComponentId("forum", $this->moduleComponentId), "moderate");
        //to check last visit to the forum
        $table_visit = "forum_visits";
        $query_checkvisit = "SELECT * from `{$table_visit}` WHERE `user_id`='{$userId}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
        $result_checkvisit = mysql_query($query_checkvisit);
        $check_visits = mysql_fetch_array($result_checkvisit);
        if (mysql_num_rows($result_checkvisit) < 1) {
            $forum_lastviewed = date("Y-m-d H:i:s");
        } else {
            $forum_lastviewed = $check_visits['last_visit'];
        }
        //set user's last visit
        $time_visit = date("Y-m-d H:i:s");
        $query_visit = "SELECT * FROM `{$table_visit}` WHERE `user_id`='{$userId}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
        $result_visit = mysql_query($query_visit);
        $num_rows_visit = mysql_num_rows($result_visit);
        if ($num_rows_visit < 1) {
            $query_setvisit = "INSERT INTO `{$table_visit}`(`page_modulecomponentid`,`user_id`,`last_visit`) VALUES('{$this->moduleComponentId}','{$userId}','{$time_visit}')";
        } else {
            $query_setvisit = "UPDATE `{$table_visit}` SET `last_visit`='{$time_visit}' WHERE `user_id`='{$userId}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
        }
        mysql_query($query_setvisit);
        require_once "{$sourceFolder}/{$moduleFolder}/forum/bbeditor.php";
        require_once "{$sourceFolder}/{$moduleFolder}/forum/bbparser.php";
        if (!isset($_GET['thread_id'])) {
            if (isset($_GET['subaction']) && $_GET['subaction'] == "delete_thread") {
                $thread_id = escape($_GET['forum_id']);
                $query = "DELETE FROM `{$table_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
                $res = mysql_query($query);
                $query1 = "DELETE FROM `{$table1_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                $res1 = mysql_query($query1);
                if (!res || !res1) {
                    displayerror("Could not perform the delete operation on the selected thread!");
                }
            }
            if ($userId > 0) {
                $new_mt = '0';
                $new_mp = '0';
                $new_p = '0';
                $new_t = '0';
                if ($moderator) {
                    $qum_0 = "SELECT * FROM `{$table_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `forum_post_approve` = 0";
                    $resm_0 = mysql_query($qum_0);
                    $numm_0 = mysql_num_rows($resm_0);
                    for ($j = 1; $j <= $numm_0; $j++) {
                        $rows = mysql_fetch_array($resm_0, MYSQL_ASSOC);
                        if ($forum_lastVisit < $rows['forum_thread_datetime']) {
                            $new_mt = $new_mt + '1';
                        }
                    }
                    $qum_1 = "SELECT * FROM `{$table1_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `forum_post_approve` = 0";
                    $resm_1 = mysql_query($qum_1);
                    $numm_1 = mysql_num_rows($resm_1);
                    for ($j = 1; $j <= $numm_1; $j++) {
                        $rows = mysql_fetch_array($resm_1, MYSQL_ASSOC);
                        if ($forum_lastVisit < $rows['forum_post_datetime']) {
                            $new_mp = $new_mp + '1';
                        }
                    }
                    if ($new_mt) {
                        $show_t = $new_mt . " new threads to be moderated since your last visit";
                        displayinfo($show_t);
                    }
                    if ($new_mp) {
                        $show_p = $new_mp . " new posts to be moderated since your last visit";
                        displayinfo($show_p);
                    }
                }
                $qu_0 = "SELECT * FROM `{$table_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `forum_post_approve` = 1 AND `forum_thread_user_id` !='{$this->userId}'";
                $res_0 = mysql_query($qu_0);
                $num_0 = mysql_num_rows($res_0);
                for ($j = 1; $j <= $num_0; $j++) {
                    $rows = mysql_fetch_array($res_0, MYSQL_ASSOC);
                    if ($forum_lastVisit < $rows['forum_thread_datetime']) {
                        $new_t = $new_t + '1';
                    }
                }
                $qu_1 = "SELECT * FROM `{$table1_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND `forum_post_approve` = 1 AND `forum_post_user_id` !='{$this->userId}'";
                $res_1 = mysql_query($qu_1) or die(mysql_error());
                $num_1 = mysql_num_rows($res_1);
                for ($j = 1; $j <= $num_1; $j++) {
                    $rows = mysql_fetch_array($res_1, MYSQL_ASSOC);
                    if ($forum_lastVisit < $rows['forum_post_datetime']) {
                        $new_p = $new_p + '1';
                    }
                }
                if ($new_t && $new_t != $new_mt) {
                    $show_t = $new_t . " new threads since your last visit";
                    displayinfo($show_t);
                }
                if ($new_p && $new_p != $new_mp) {
                    $show_p = $new_p . " new posts since your last visit";
                    displayinfo($show_p);
                }
            }
            $query_d = "SELECT `forum_description` FROM `forum_module` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' LIMIT 1";
            $result_d = mysql_query($query_d) or die(mysql_error());
            $result_d = mysql_fetch_array($result_d);
            $query = "SELECT * FROM `{$table_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND " . "`forum_thread_category`='general' ORDER BY `forum_thread_lastpost_date` DESC";
            $result = mysql_query($query) or displayerror(mysql_error() . "View of General Threads failed L:776");
            $query1 = "SELECT * FROM `{$table_name}` WHERE `page_modulecomponentid`='" . $this->moduleComponentId . "' AND " . "`forum_thread_category`='sticky' ORDER BY `forum_thread_datetime` DESC";
            $result1 = mysql_query($query1) or displayerror(mysql_error() . "View of sticjy Threads failed L:779");
            $num_rows1 = mysql_num_rows($result1);
            //counts the total no of sticky threads
            if ($result) {
                $action = "+post&subaction=create_thread";
                $num_rows = mysql_num_rows($result);
                //counts the total no of general threads
                $forum_header = <<<PRE
\t\t\t<p align="left"><a href="{$action}"><img title="New Thread" src="{$temp}/newthread.gif" /></a></p>
\t\t\t<div style="text-align:center;"><b>" {$result_d['0']} "</b></div>
\t        <table width="100%" border="1" align="center" cellpadding="4" cellspacing="2" id="forum">
\t        <tr class="TableHeader">
\t        <td class="forumTableHeader" colspan="2"><strong>TOPICS</strong><br /></td>
\t        <td class="forumTableHeader"> <strong>VIEWS</strong></td>
\t        <td class="forumTableHeader"><strong>REPLIES</strong></td>
\t        <td class="forumTableHeader"><strong>LAST POST</strong></td>
\t        </tr>
PRE;
                $forumHtml .= $forum_header;
                if ($result1 && $num_rows1 > 0) {
                    for ($j = 1; $j <= $num_rows1; $j++) {
                        $rows = mysql_fetch_array($result1, MYSQL_ASSOC);
                        $query2 = "SELECT `forum_post_id` FROM `{$table1_name}` WHERE `forum_thread_id`='" . $rows['forum_thread_id'] . "' AND `forum_post_approve`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                        $result2 = mysql_query($query2);
                        $reply_count = mysql_num_rows($result2);
                        $topic = parseubb(parsesmileys(stripslashes($rows['forum_thread_topic'])));
                        $name = getUserName($rows['forum_thread_user_id']);
                        $last_post_author = getUserName($rows['forum_thread_last_post_userid']);
                        if ($rows['forum_post_approve'] == 1) {
                            $forumHtml .= $this->forumHtml($rows, 'threadRow');
                        }
                    }
                }
                if ($num_rows < 1) {
                    $forum_header .= "<tr><td colspan=\"5\" class='forumTableRow'><strong>No Post</strong></td></tr>";
                }
                for ($i = 1; $i <= $num_rows; $i++) {
                    $rows = mysql_fetch_array($result);
                    $query1 = "SELECT `forum_post_id` FROM `{$table1_name}` WHERE `forum_thread_id`='" . $rows['forum_thread_id'] . "' AND `forum_post_approve`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                    $result1 = mysql_query($query1);
                    $reply_count = mysql_num_rows($result1);
                    $topic = parseubb(parsesmileys($rows['forum_thread_topic']));
                    $name = getUserName($rows['forum_thread_user_id']);
                    $last_post_author = getUserName($rows['forum_thread_last_post_userid']);
                    if ($rows['forum_post_approve'] == 1) {
                        $forumHtml .= $this->forumHtml($rows, 'threadRow');
                    }
                }
                $forumHtml .= '<tr></tr></table><br />';
            }
        } else {
            $thread_id = escape($_GET['thread_id']);
            //Parent Thread ID
            if (isset($_GET['subaction'])) {
                if ($_GET['subaction'] == "delete_post") {
                    $post_id = escape($_GET['post_id']);
                    $query = "DELETE FROM `{$table1_name}` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='{$post_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
                    $res = mysql_query($query);
                    if (!$res) {
                        displayerror("Could not perform the delete operation on the selected post!");
                    }
                    $query = "DELETE FROM `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='{$post_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                    $res = mysql_query($query);
                }
                if ($_GET['subaction'] == "like_post") {
                    $post_id = escape($_GET['post_id']);
                    $query = "SELECT * FROM `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='{$post_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
                    $res = mysql_query($query);
                    if (mysql_num_rows($res) == 0) {
                        $query = "INSERT INTO`forum_like` (`page_modulecomponentid`,`forum_thread_id`,`forum_post_id`,`forum_like_user_id`,`like_status`) VALUES ('{$this->moduleComponentId}','{$thread_id}','{$post_id}','{$userId}','1')";
                        $res = mysql_query($query);
                        if (!$res) {
                            displayerror("Could not perform the like operation on the selected post!");
                        }
                    }
                }
                if ($_GET['subaction'] == "dislike_post") {
                    $post_id = escape($_GET['post_id']);
                    $query = "SELECT * FROM `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='{$post_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
                    $res = mysql_query($query);
                    if (mysql_num_rows($res) == 0) {
                        $query = "INSERT INTO`forum_like` (`page_modulecomponentid`,`forum_thread_id`,`forum_post_id`,`forum_like_user_id`,`like_status`) VALUES ('{$this->moduleComponentId}','{$thread_id}','{$post_id}','{$userId}','0')";
                        $res = mysql_query($query);
                        if (!$res) {
                            displayerror("Could not perform the dislike operation on the selected post!");
                        }
                    }
                }
            }
            $sql = "SELECT * FROM `{$table_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
            $result1 = mysql_query($sql);
            $rows = mysql_fetch_array($result1);
            $threadUserId = $rows['forum_thread_user_id'];
            $forum_topic = parseubb(parsesmileys($rows['forum_thread_topic']));
            $forum_detail = parseubb(parsesmileys($rows['forum_detail']));
            $name = getUserName($rows['forum_thread_user_id']);
            $posts = $this->getTotalPosts($rows['forum_thread_user_id']);
            $reg_date = $this->getRegDateFromUserID($rows['forum_thread_user_id']);
            $forumHtml = $this->forumHtml($rows, 'threadHead');
            $count = 0;
            if ($rows['forum_post_approve'] == 1) {
                $forumHtml .= $this->forumHtml($rows, 'threadMain', 0, 0);
            }
            $sql2 = "SELECT * FROM `{$table1_name}` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_approve` = 1 AND `page_modulecomponentid`='{$this->moduleComponentId}' ORDER BY `forum_post_id` ASC";
            $result2 = mysql_query($sql2);
            while ($rows1 = mysql_fetch_array($result2)) {
                $count = $count + 1;
                $forumHtml .= $this->forumHtml($rows1, 'threadMain', 1, $count);
            }
            $sql3 = "SELECT `forum_thread_viewcount` FROM `{$table_name}` WHERE `forum_thread_id`='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
            $result3 = mysql_query($sql3);
            $rows2 = mysql_fetch_array($result3);
            $view = $rows2['forum_thread_viewcount'];
            // count more value
            $addview = $view + 1;
            $sql5 = "UPDATE `{$table_name}` SET `forum_thread_viewcount`='{$addview}' WHERE forum_thread_id='{$thread_id}' AND `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
            $result5 = mysql_query($sql5);
            $forumHtml .= '</table><br />';
            if ($rows['forum_thread_category'] != 'sticky') {
                $forumHtml .= '<p align="left"><a href="+post&subaction=post_reply&thread_id=' . $thread_id . '"><img alt="Reply" title="Reply" src="' . $temp . '/reply.gif" /></a></p>';
            }
        }
        $forumHtml .= '<p align="left"><img alt="Sticky" title="Sticky" src="' . $temp . '/sticky.gif" align=left> &nbsp;- Sticky Threads.<br /><br />' . '<img alt="New Posts" title="New Posts" src="' . $temp . '/thread_new.gif" align=left> &nbsp;- Topic with new posts since last visit.' . '<br /><br /><img alt="No new posts" title="No new Posts" src="' . $temp . '/thread_hot.gif" align=left>' . '&nbsp;- Topic with no new posts since last visit. </p>';
        return $forumHtml;
    }
Example #16
0
    public function actionScore($moduleComponentId)
    {
        $moduleComponentId = $this->moduleComponentId;
        $userId = $this->userId;
        $userEmail = getUserEmail($userId);
        $designationId = $this->getDesignationId($userId);
        $designationName = $this->getDesignationNameFromDesignationId($designationId);
        $teamId = $this->getTeamId($userId);
        $htmlOut = '';
        if (isset($_GET['subaction'])) {
            if ($_GET['subaction'] == 'scoringUserDone') {
                if (isset($_POST['btnSubmitScore'])) {
                    $targetUserEmail = $_GET['targetUserEmail'];
                    $userEmail = $_GET['userEmail'];
                    $targetUserId = getUserIdFromEmail($targetUserEmail);
                    $userId = getUserIdFromEmail($userEmail);
                    $query = "INSERT INTO `qaos_scoring`(`page_modulecomponentid`,`user_id`,`targetuser_id`,`qaos_score1`,`qaos_score2`,`qaos_score3`,`qaos_score4`,`qaos_score5`,`qaos_reason1`,`qaos_reason2`,`qaos_reason3`,`qaos_reason4`,`qaos_reason5`) VALUES({$moduleComponentId},{$userId},{$targetUserId},'" . escape($_POST['qaos_score1']) . "','" . escape($_POST['qaos_score2']) . "','" . escape($_POST['qaos_score3']) . "','" . escape($_POST['qaos_score4']) . "','" . escape($_POST['qaos_score5']) . "','" . escape($_POST['qaos_reason1']) . "','" . escape($_POST['qaos_reason2']) . "','" . escape($_POST['qaos_reason3']) . "','" . escape($_POST['qaos_reason4']) . "','" . escape($_POST['qaos_reason5']) . "')";
                    if (mysql_query($query)) {
                        displayinfo("Your scores have been stored.");
                    } else {
                        displayerror("There was some error in storing your scores");
                    }
                }
            }
            if ($_GET['subaction'] == 'scoreUser') {
                if (isset($_GET['userEmail'])) {
                    $targetUserEmail = $_GET['userEmail'];
                    $targetUserId = getUserIdFromEmail($_GET['userEmail']);
                    $targetUserFullName = getUserFullName($targetUserId);
                    if ($targetUserId == $userId) {
                        displayerror("You can not score yourself");
                        return $htmlOut;
                    }
                    $query = "SELECT * FROM `qaos_scoring` WHERE user_id='{$userId}' AND targetuser_id='{$targetUserId}'";
                    $result = mysql_query($query);
                    if (mysql_affected_rows() > 0) {
                        displayerror("You have already scored this person.");
                        return $htmlOut;
                    }
                    $htmlOut = "";
                    $htmlOut .= <<<SCOREUSER
\t\t\t\t\t<div class="scoreuser">
\t\t\t\t\t\t<form id="scoreuser" method="POST" onsubmit="return checkProfileForm(this)" action="./+score&userEmail={$userEmail}&targetUserEmail={$targetUserEmail}&subaction=scoringUserDone">
\t\t\t\t\t\t\t<fieldset style="width:80%">
\t\t\t\t\t\t\t\t<legend><b>Score, {$targetUserFullName}</b></legend>
\t\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<b>Question No. 1:</b><br />
\t\t\t\t\t\t\t\t\t\t\tIs the person regular and punctual in his/her work/meetings?<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Score:
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<select name="qaos_score1" id="qaos_score1">
\t\t\t\t\t\t\t\t\t\t\t\t<option value="1">1</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="2">2</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="3">3</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="4">4</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="5">5</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="6">6</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="7">7</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="8">8</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="9">9</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="10">10</option>
\t\t\t\t\t\t\t\t\t\t\t</select>
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Reason/Comments:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<textarea rows="3" columns="20" name="qaos_reason1" id="qaos_reason1" title="Enter your comments/reason here"></textarea>
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<b>Question No. 2:</b><br />
\t\t\t\t\t\t\t\t\t\t\tIs this person a team worker and co ordinates with others well?<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Score:
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<select name="qaos_score2" id="qaos_score2">
\t\t\t\t\t\t\t\t\t\t\t\t<option value="1">1</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="2">2</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="3">3</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="4">4</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="5">5</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="6">6</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="7">7</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="8">8</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="9">9</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="10">10</option>
\t\t\t\t\t\t\t\t\t\t\t</select>
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Reason/Comments:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<textarea rows="3" columns="20" name="qaos_reason2" id="qaos_reason2" title="Enter your comments/reason here"></textarea>
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<b>Question No. 3:</b><br />
\t\t\t\t\t\t\t\t\t\t\tHow is his/her promptness in completing work?<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Score:
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<select name="qaos_score3" id="qaos_score3">
\t\t\t\t\t\t\t\t\t\t\t\t<option value="1">1</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="2">2</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="3">3</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="4">4</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="5">5</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="6">6</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="7">7</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="8">8</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="9">9</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="10">10</option>
\t\t\t\t\t\t\t\t\t\t\t</select>
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Reason/Comments:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<textarea rows="3" columns="20" name="qaos_reason3" id="qaos_reason3" title="Enter your comments/reason here"></textarea>
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<b>Question No. 4:</b><br />
\t\t\t\t\t\t\t\t\t\t\tHow is his/her interest/enthusiasm/initiative in his/her work?<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Score:
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<select name="qaos_score4" id="qaos_score4">
\t\t\t\t\t\t\t\t\t\t\t\t<option value="1">1</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="2">2</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="3">3</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="4">4</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="5">5</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="6">6</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="7">7</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="8">8</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="9">9</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="10">10</option>
\t\t\t\t\t\t\t\t\t\t\t</select>
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Reason/Comments:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<textarea rows="3" columns="20" name="qaos_reason4" id="qaos_reason4" title="Enter your comments/reason here"></textarea>
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<b>Question No. 5:</b><br />
\t\t\t\t\t\t\t\t\t\t\tHow is his/her potential managerial abilities?<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<br />
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Score:
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<select name="qaos_score5" id="qaos_score5">
\t\t\t\t\t\t\t\t\t\t\t\t<option value="1">1</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="2">2</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="3">3</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="4">4</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="5">5</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="6">6</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="7">7</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="8">8</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="9">9</option>
\t\t\t\t\t\t\t\t\t\t\t\t<option value="10">10</option>
\t\t\t\t\t\t\t\t\t\t\t</select>
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td> Your Reason/Comments:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<textarea rows="3" columns="20" name="qaos_reason5" id="qaos_reason5" title="Enter your comments/reason here"></textarea>
\t\t\t\t\t\t\t\t\t\t</td>\t
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input type="submit" name="btnSubmitScore" id="submitbutton" value="Save Scores">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t</table>
\t\t\t\t\t\t\t</fieldset>
\t\t\t\t\t\t</form>
\t\t\t\t\t</div>
SCOREUSER;
                    return $htmlOut;
                }
            }
        }
        $query = "SELECT `user_id`,un.`qaos_unit_id`,d.`qaos_designation_name`,t.`qaos_team_name` FROM `qaos_users` u,`qaos_designations` d,`qaos_teams` t,`qaos_units` un WHERE un.`qaos_unit_id` = u.`qaos_unit_id` AND un.`qaos_team_id`='{$teamId}' AND d.`qaos_designation_id` = un.`qaos_designation_id` AND t.`qaos_team_id`=un.`qaos_team_id`";
        $queryResult = mysql_query($query);
        $arrayUsers = array();
        $arrayUnits = array();
        $arr = array();
        $designation = array();
        $team = array();
        while ($queryArray = mysql_fetch_assoc($queryResult)) {
            $designation[$queryArray['qaos_unit_id']] = $queryArray['qaos_designation_name'];
            $team[$queryArray['qaos_unit_id']] = $queryArray['qaos_team_name'];
            $arr[$queryArray['qaos_unit_id']][] = $queryArray['user_id'];
        }
        foreach ($arr as $unitId => $userId) {
            $htmlOut .= "<li><i>" . $team[$unitId] . " -</i> <b>" . $designation[$unitId] . "</b> : <br />";
            $userFullNameArray = array();
            foreach ($userId as $i) {
                $htmlOut .= "<a href=\"./+score&subaction=scoreUser&userEmail=" . getUserEmail($i) . "\">";
                $htmlOut .= getUserFullName($i);
                $htmlOut .= "</a>";
                $htmlOut .= "<br />";
                //$userFullNameArray[] .= getUserFullName($i);
            }
            //$htmlOut .= join($userFullNameArray,", ");
            $htmlOut .= "</li>";
        }
        $htmlOut .= "<br /><br />";
        $teamName = $this->getTeamNameFromTeamId($teamId);
        if ($teamName == "Core") {
            $unitId = $this->getUnitIdFromUserId($this->userId);
            $query = "SELECT us.user_id,tr.qaos_unit_id,d.qaos_designation_name, tm.qaos_team_name FROM `qaos_tree` tr JOIN qaos_units un ON (tr.qaos_unit_id = un.qaos_unit_id) JOIN qaos_teams tm ON (un.qaos_team_id = tm.qaos_team_id) JOIN qaos_designations d ON (un.qaos_designation_id = d.qaos_designation_id) JOIN qaos_users us ON (un.qaos_unit_id = us.qaos_unit_id) WHERE tr.qaos_parentunit_id='{$unitId}'";
            $queryResult = mysql_query($query);
            $arrayUsers = array();
            $arrayUnits = array();
            $arr = array();
            $designation = array();
            $team = array();
            while ($queryArray = mysql_fetch_assoc($queryResult)) {
                $designation[$queryArray['qaos_unit_id']] = $queryArray['qaos_designation_name'];
                $team[$queryArray['qaos_unit_id']] = $queryArray['qaos_team_name'];
                $arr[$queryArray['qaos_unit_id']][] = $queryArray['user_id'];
            }
            foreach ($arr as $unitId => $userId) {
                $htmlOut .= "<li><i>" . $team[$unitId] . " -</i> <b>" . $designation[$unitId] . "</b> : <br />";
                $userFullNameArray = array();
                foreach ($userId as $i) {
                    $htmlOut .= "<a href=\"./+score&subaction=scoreUser&userEmail=" . getUserEmail($i) . "\">";
                    $htmlOut .= getUserFullName($i);
                    $htmlOut .= "</a>";
                    $htmlOut .= "<br />";
                    //$userFullNameArray[] .= getUserFullName($i);
                }
                //$htmlOut .= join($userFullNameArray,", ");
                $htmlOut .= "</li>";
            }
        }
        if ($teamName == "Qaos") {
            $unitId = $this->getUnitIdFromUserId($this->userId);
            $query = "SELECT us.`user_id`,u.`qaos_unit_id`,d.`qaos_designation_name`,t.`qaos_team_name` FROM `qaos_units` u,`qaos_designations` d,`qaos_users` us,`qaos_teams` t WHERE u.`qaos_unit_id`= us.`qaos_unit_id` AND u.`qaos_designation_id`= d.`qaos_designation_id` AND u.`qaos_team_id` = t.`qaos_team_id` AND u.`qaos_team_id` IN (SELECT t.`qaos_team_id` FROM `qaos_teams` t WHERE t.`qaos_representative_user_id1` = '{$this->userId}' OR t.`qaos_representative_user_id2` = '{$this->userId}')";
            $result = mysql_query($query);
            $arrayUsers = array();
            $arrayUnits = array();
            $arr = array();
            $designation = array();
            $team = array();
            while ($queryArray = mysql_fetch_assoc($result)) {
                $designation[$queryArray['qaos_unit_id']] = $queryArray['qaos_designation_name'];
                $team[$queryArray['qaos_unit_id']] = $queryArray['qaos_team_name'];
                $arr[$queryArray['qaos_unit_id']][] = $queryArray['user_id'];
            }
            foreach ($arr as $unitId => $userId) {
                $htmlOut .= "<li><i>" . $team[$unitId] . " -</i> <b>" . $designation[$unitId] . "</b> : <br />";
                $userFullNameArray = array();
                foreach ($userId as $i) {
                    $htmlOut .= "<a href=\"./+score&subaction=scoreUser&userEmail=" . getUserEmail($i) . "\">";
                    $htmlOut .= getUserFullName($i);
                    $htmlOut .= "</a>";
                    $htmlOut .= "<br />";
                    //$userFullNameArray[] .= getUserFullName($i);
                }
                //$htmlOut .= join($userFullNameArray,", ");
                $htmlOut .= "</li>";
            }
        }
        return $htmlOut;
    }
Example #17
0
function handleTemplateManagement()
{
    global $sourceFolder;
    if (isset($_POST['btn_install'])) {
        $uploadId = processUploaded("Template");
        if ($uploadId != -1) {
            return installModule($uploadId, "Template");
        }
    } else {
        if (isset($_POST['btn_uninstall'])) {
            $query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE attribute= 'default_template'";
            $res = mysql_query($query);
            $row1 = array();
            $row1 = mysql_fetch_row($res);
            if (!isset($_POST['Template']) || $_POST['Template'] == "") {
                return "";
            }
            $toDelete = escape($_POST['Template']);
            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
            $query2 = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_template` = '{$toDelete}' LIMIT 10";
            $result2 = mysql_query($query2) or displayerror(mysql_error());
            if ($row1[0] == $toDelete) {
                displayerror("The default template cannot be deleted! If you want to delete this template, first change the default template from 'Global Settings'.");
                return "";
            }
            if (mysql_num_rows($result2) == 0 || isset($_POST['confirm'])) {
                if ($row = mysql_fetch_array(mysql_query($query))) {
                    $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "templates` WHERE `template_name` = '" . $toDelete . "'";
                    mysql_query($query);
                    $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_template` = '" . $row1[0] . "' WHERE `page_template` = '" . $toDelete . "'";
                    mysql_query($query) or displayerror(mysql_error());
                    $templateDir = $sourceFolder . "/templates/" . $toDelete . "/";
                    if (file_exists($templateDir)) {
                        delDir($templateDir);
                    }
                    displayinfo("Template " . safe_html($_POST['Template']) . " uninstalled!");
                    return "";
                } else {
                    displayerror("Template uninstallation failed!");
                    return "";
                }
            }
            $pageList = "";
            while ($row = mysql_fetch_assoc($result2)) {
                $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
            }
            $templatename = safe_html($_POST['Template']);
            $ret = <<<RET
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Template Management</legend>
Some of the page with {$templatename} template are:<br>
{$pageList}
<div class='cms-error'>The templates of these pages will be reset to default template if you proceed deleting the template.</div>
<form method=POST action='./+admin&subaction=template&subsubaction=uninstall'>
<input type=hidden value='{$templatename}' name='Template' />
<input type=submit value='Delete template' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
            return $ret;
        }
    }
    /*
    	this finalize and cancel subsubactions are vulnerabilities, any one can vary $_POST['path'] and make cms to delete itself.
    	so template installation is also merged with module and widget installation,
    	but some extra features specific to template installation(ie ignoring missing template variables and changing template name)
    	are missing in that installation, these will remain commented for reference till those features are implemented the other way
    	else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') 
    	{		
    	
    		$issues = "";
    		$ret = reportIssues(escape($_POST['path']),$issues);
    		if($ret[0] == 1) 
    		{
    			displayerror("Your template is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
    			delDir(escape($_POST['del']));
    			unlink(escape($_POST['file']));
    			return "";
    		}
    			
    		$templates=getAvailableTemplates();
    		$flag=false;
    		foreach ($templates as $template) 
    			if($template==$_POST['template'])
    			{
    				$flag=true;
    				break;
    			}
    		if($_POST['template']=="common" || $flag || file_exists($sourceFolder . "/templates/" . escape($_POST['template']) . "/")) 
    		{
    			displayerror("Template Installation failed : A folder by the template name already exists.");
    			$templatePath=safe_html($_POST['del']);
    			$str=safe_html($_POST['file']);
    			$ret=<<<RET
    			<form method=POST action='./+admin&subaction=canceltemplate'>
    			Please click the following button to start a fresh installation : 
    			<input type=hidden name='path' value='{$templatePath}'>
    			<input type=hidden name='file' value='{$str}'>
    			<input type=submit value="Fresh Installation">
    			</form>
    RET;
    			return $ret;
    			
    		}
    		rename(escape($_POST['path']), $sourceFolder . "/templates/" . escape($_POST['template']) . "/");
    		delDir(escape($_POST['del']));
    		unlink(escape($_POST['file']));
    		mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates` VALUES('" . escape($_POST['template']) . "')");
    		displayinfo("Template installation complete");
    		return "";
    		
    	} 
    	else if(isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') 
    	{
    		delDir(escape($_POST['path']));
    		unlink(escape($_POST['file']));
    		return "";
    	}*/
}
Example #18
0
function moveFormElement($moduleCompId, $subaction, $elementId)
{
    if ($subaction == 'moveDown') {
        $compare = ">=";
        $order = "ASC";
    } else {
        if ($subaction == 'moveUp') {
            $compare = "<=";
            $order = "DESC";
        }
    }
    $query = "SELECT * FROM `form_elementdesc` WHERE `form_elementrank` {$compare}(SELECT `form_elementrank` FROM `form_elementdesc` WHERE `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid`='{$elementId}') AND `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid`!='{$elementId}' ORDER BY `form_elementrank` {$order} LIMIT 0,1";
    $result = mysql_query($query) or die(mysql_query());
    if (mysql_num_rows($result) == 0) {
        displayerror("You cannot move up/down the first/last element in form");
    } else {
        $tempTarg = mysql_fetch_assoc($result);
        $query = "SELECT `form_elementrank` FROM `form_elementdesc` WHERE `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid`='{$elementId}'";
        $result = mysql_query($query) or die(mysql_query());
        $tempSrc = mysql_fetch_assoc($result);
        if ($tempTarg['form_elementrank'] == $tempSrc['form_elementrank']) {
            $query = "UPDATE `form_elementdesc` SET `form_elementrank` = `form_elementid` WHERE `page_modulecomponentid`='{$tempTarg['page_modulecomponentid']}'";
            $result = mysql_query($query) or die(mysql_error());
            if (mysql_affected_rows() > 0) {
                displayinfo("Error in form element rank corrected. Please reorder them");
            } else {
                displayerror("Failed to correct error in form element ranks!");
            }
        } else {
            $query = "UPDATE `form_elementdesc` SET `form_elementrank` = '{$tempSrc['form_elementrank']}' WHERE `page_modulecomponentid`='{$tempTarg['page_modulecomponentid']}' AND `form_elementid`='{$tempTarg['form_elementid']}'";
            $result = mysql_query($query) or die(mysql_error());
            $query = "UPDATE `form_elementdesc` SET `form_elementrank` = '{$tempTarg['form_elementrank']}' WHERE `page_modulecomponentid`='{$moduleCompId}' AND `form_elementid`='{$elementId}'";
            $result = mysql_query($query) or die(mysql_error());
        }
    }
}
Example #19
0
function handleModuleManagement()
{
    global $sourceFolder;
    if (isset($_POST['btn_install'])) {
        $uploadId = processUploaded("Module");
        if ($uploadId != -1) {
            return installModule($uploadId, "Module");
        }
    } else {
        if (isset($_POST['btn_uninstall'])) {
            if (!isset($_POST['Module']) || $_POST['Module'] == "") {
                return "";
            }
            if ($_POST['Module'] == 'article') {
                displayerror("Article module can't be deleted for the home page itself is a article");
                return "";
            }
            $toDelete = escape($_POST['Module']);
            $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '{$toDelete}' LIMIT 10";
            $result = mysql_query($query) or displayerror(mysql_error());
            if (mysql_num_rows($result) == 0 || isset($_POST['confirm'])) {
                if (deleteModule($toDelete)) {
                    displayinfo("Module " . safe_html($_POST['Module']) . " uninstalled!");
                    return "";
                } else {
                    displayerror("Module uninstallation failed!");
                    return "";
                }
            }
            if (isset($_POST['confirm'])) {
                $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_module` = '" . $toDelete . "'";
                mysql_query($query) or displayerror(mysql_error());
            }
            $pageList = "";
            while ($row = mysql_fetch_assoc($result)) {
                $pageList .= "/home" . getPagePath($row['page_id']) . "<br>";
            }
            $modulename = safe_html($_POST['Module']);
            $ret = <<<RET
<fieldset>
<legend>{$ICONS['Modules Management']['small']}Module Management</legend>
Some of the page of type {$modulename} are:<br>
{$pageList}
<div class='cms-error'>These pages will be removed and cant be recovered, If you proceed deleting the module.</div>
<form method=POST action='./+admin&subaction=module&subsubaction=uninstall'>
<input type=hidden value='{$modulename}' name='Module' />
<input type=submit value='Delete module' name='btn_uninstall' />
<input type=hidden value='confirm' name='confirm' />
</form>
</fieldset>
RET;
            return $ret;
        } else {
            if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'finalize') {
                return finalizeInstallation(escape($_POST['id']), "Module");
            } else {
                if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'cancel') {
                    $uploadId = escape($_POST['id']);
                    $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'"));
                    if ($result != NULL) {
                        $zipFile = $result['filePath'];
                        $temp = explode(";", $result['info']);
                        $extractedPath = $temp[0];
                        $moduleActualPath = $temp[1];
                        $moduleName = $temp[2];
                    }
                    delDir($extractedPath);
                    unlink($zipFile);
                    mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
                    return "";
                }
            }
        }
    }
}
Example #20
0
function unBlockRoomNo($roomId, $mcid)
{
    $roomId = escape($roomId);
    $blockRoomQuery = "SELECT `hospi_blocked` FROM `prhospi_hostel` WHERE `hospi_blocked`=1 AND `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}";
    $blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error());
    if (!mysql_num_rows($blockRoomQueryRes)) {
        displayerror("Room Does Not exist");
        return;
    }
    $res = mysql_fetch_assoc($blockRoomQueryRes);
    $blockRoomQuery = "UPDATE `prhospi_hostel` SET `hospi_blocked`=0 WHERE `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}";
    $blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error());
    if ($blockRoomQueryRes) {
        displayinfo("Room Unblocked ");
    } else {
        displayinfo("There is a Error.Please contact System Administrator for Details");
    }
    return;
}
Example #21
0
function handleUserMgmt()
{
    global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder;
    require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php";
    if (isset($_GET['userid'])) {
        $_GET['userid'] = escape($_GET['userid']);
    }
    if (isset($_POST['editusertype'])) {
        $_POST['editusertype'] = escape($_POST['editusertype']);
    }
    if (isset($_POST['user_selected_activate'])) {
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) {
                    $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
                    if ($result) {
                        $row = mysql_fetch_assoc($result);
                        displayerror("Couldn't activate user, {$row['user_fullname']}");
                    }
                }
            }
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_selected_deactivate'])) {
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if ((int) substr($key, 9) == ADMIN_USERID) {
                    displayerror("You cannot deactivate administrator!");
                    continue;
                }
                if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) {
                    $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
                    if ($result) {
                        $row = mysql_fetch_assoc($result);
                        displayerror("Couldn't deactivate user, {$row['user_fullname']}");
                    }
                }
            }
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_selected_delete'])) {
        $done = true;
        foreach ($_POST as $key => $var) {
            if (substr($key, 0, 9) == "selected_") {
                if ((int) substr($key, 9) == ADMIN_USERID) {
                    displayerror("You cannot delete administrator!");
                    continue;
                }
                $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'";
                if (mysql_query($query)) {
                    $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'";
                    if (!mysql_query($query)) {
                        $done = false;
                    }
                } else {
                    $done = false;
                }
            }
        }
        if (!$done) {
            displayerror("Some problem in deleting selected users");
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    }
    if (isset($_POST['user_activate'])) {
        $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'";
        if (mysql_query($query)) {
            displayInfo("User Successfully Activated!");
        } else {
            displayerror("User Not Activated!");
        }
        return registeredUsersList($_POST['editusertype'], "edit", false);
    } else {
        if (isset($_POST['activate_all_users'])) {
            $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1";
            if (mysql_query($query)) {
                displayInfo("All users activated successfully!");
            } else {
                displayerror("Users Not Deactivated!");
            }
            return;
        } else {
            if (isset($_POST['user_deactivate'])) {
                if ($_GET['userid'] == ADMIN_USERID) {
                    displayError("You cannot deactivate administrator!");
                    return registeredUsersList($_POST['editusertype'], "edit", false);
                }
                $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'";
                if (mysql_query($query)) {
                    displayInfo("User Successfully Deactivated!");
                } else {
                    displayerror("User Not Deactivated!");
                }
                return registeredUsersList($_POST['editusertype'], "edit", false);
            } else {
                if (isset($_POST['deactivate_all_users'])) {
                    $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID;
                    if (mysql_query($query)) {
                        displayInfo("All users deactivated successfully except Administrator!");
                    } else {
                        displayerror("Users Not Deactivated!");
                    }
                    return;
                } else {
                    if (isset($_POST['user_delete'])) {
                        $userId = $_GET['userid'];
                        if ($userId == ADMIN_USERID) {
                            displayError("You cannot delete administrator!");
                            return registeredUsersList($_POST['editusertype'], "edit", false);
                        }
                        $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'";
                        if (mysql_query($query)) {
                            $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'";
                            if (mysql_query($query)) {
                                displayinfo("User Successfully Deleted!");
                            } else {
                                displayerror("User not deleted from OpenID database!");
                            }
                        } else {
                            displayerror("User Not Deleted!");
                        }
                        return registeredUsersList($_POST['editusertype'], "edit", false);
                    } else {
                        if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) {
                            if (isset($_POST['user_info_update'])) {
                                $updates = array();
                                $userId = $_GET['userid'];
                                $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'";
                                $row = mysql_fetch_assoc(mysql_query($query));
                                $errors = false;
                                if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) {
                                    $chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'";
                                    $result = mysql_query($chkquery) or die("failed  : {$chkquery}");
                                    if (mysql_num_rows($result) > 0) {
                                        displayerror("User Name already exists in database!");
                                        $errors = true;
                                    }
                                }
                                if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) {
                                    $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
                                }
                                if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) {
                                    $updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'";
                                }
                                if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) {
                                    $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
                                }
                                if ($_POST['user_password'] != '') {
                                    if ($_POST['user_password'] != $_POST['user_password2']) {
                                        displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
                                        $errors = true;
                                    } else {
                                        if (md5($_POST['user_password']) != $row['user_password']) {
                                            $updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
                                        }
                                    }
                                }
                                if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) {
                                    $updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'";
                                }
                                if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) {
                                    $updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'";
                                }
                                if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) {
                                    $checked = isset($_POST['user_activated']) ? 1 : 0;
                                    $updates[] = "`user_activated` = {$checked}";
                                }
                                if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) {
                                    $updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'";
                                    if ($_POST['user_loginmethod'] != 'db') {
                                        displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website.");
                                    }
                                }
                                if (!$errors) {
                                    if (count($updates) > 0) {
                                        $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'";
                                        $profileResult = mysql_query($profileQuery);
                                        if (!$profileResult) {
                                            displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
                                            $errors = true;
                                        }
                                    }
                                    global $sourceFolder, $moduleFolder;
                                    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
                                    require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
                                    if (!$errors && !submitRegistrationForm(0, $userId, true, true)) {
                                        displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
                                        $errors = true;
                                    } else {
                                        displayinfo('All fields updated successfully!');
                                    }
                                }
                            }
                            $userid = $_GET['userid'];
                            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}";
                            $columnList = getColumnList(0, false, false, false, false, false);
                            $xcolumnIds = array_keys($columnList);
                            $xcolumnNames = array_values($columnList);
                            $row = mysql_fetch_assoc(mysql_query($query));
                            $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                            $userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>";
                            $usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames);
                            for ($i = 0; $i < count($usertablefields); $i++) {
                                if (isset($_POST[$usertablefields[$i] . '_sel'])) {
                                    $userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
                                }
                            }
                            $userinfo .= "<input type='hidden' name='not_first_time' />";
                            $userinfo .= userProfileForm($userfieldprettynames, $row, false, true);
                            $userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>";
                            return $userinfo;
                        } else {
                            if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) {
                                return registeredUsersList("all", "view", false);
                            } else {
                                if (isset($_POST['edit_reg_users'])) {
                                    return registeredUsersList("all", "edit", false);
                                } else {
                                    if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) {
                                        return registeredUsersList("activated", "view", false);
                                    } else {
                                        if (isset($_POST['edit_activated_users'])) {
                                            return registeredUsersList("activated", "edit", false);
                                        } else {
                                            if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) {
                                                return registeredUsersList("nonactivated", "view", false);
                                            } else {
                                                if (isset($_POST['edit_nonactivated_users'])) {
                                                    return registeredUsersList("nonactivated", "edit", false);
                                                } else {
                                                    if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') {
                                                        $results = "";
                                                        $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                                                        $usertablefields = getTableFieldsName('users');
                                                        $first = true;
                                                        $qstring = "";
                                                        foreach ($usertablefields as $field) {
                                                            if (isset($_POST[$field]) && $_POST[$field] != '') {
                                                                if ($first == false) {
                                                                    $qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR ";
                                                                }
                                                                $val = escape($_POST[$field]);
                                                                if ($field == 'user_activated') {
                                                                    ${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0;
                                                                } else {
                                                                    ${$field . '_lastval'} = $val;
                                                                }
                                                                $qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) ";
                                                                $first = false;
                                                            }
                                                        }
                                                        if ($qstring != "") {
                                                            $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} ";
                                                            $resultSearch = mysql_query($query);
                                                            if (mysql_num_rows($resultSearch) > 0) {
                                                                $num = mysql_num_rows($resultSearch);
                                                                $userInfo = array();
                                                                while ($row = mysql_fetch_assoc($resultSearch)) {
                                                                    $userInfo['user_id'][] = $row['user_id'];
                                                                    $userInfo['user_name'][] = $row['user_name'];
                                                                    $userInfo['user_email'][] = $row['user_email'];
                                                                    $userInfo['user_fullname'][] = $row['user_fullname'];
                                                                    $userInfo['user_password'][] = $row['user_password'];
                                                                    $userInfo['user_lastlogin'][] = $row['user_lastlogin'];
                                                                    $userInfo['user_regdate'][] = $row['user_regdate'];
                                                                    $userInfo['user_activated'][] = $row['user_activated'];
                                                                    $userInfo['user_loginmethod'][] = $row['user_loginmethod'];
                                                                }
                                                                $results = registeredUsersList("all", "edit", false, $userInfo);
                                                            } else {
                                                                displayerror("No users matched your query!");
                                                            }
                                                        }
                                                        $searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
                                                        $xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false));
                                                        $usertablefields2 = array_merge($usertablefields, $xcolumnNames);
                                                        for ($i = 0; $i < count($usertablefields2); $i++) {
                                                            if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
                                                                $searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
                                                            }
                                                        }
                                                        $searchForm .= "<input type='hidden' name='not_first_time' />";
                                                        $infoarray = array();
                                                        foreach ($usertablefields as $field) {
                                                            if (isset(${$field . '_lastval'})) {
                                                                $infoarray[$field] = ${$field . '_lastval'};
                                                            } else {
                                                                $infoarray[$field] = "";
                                                            }
                                                        }
                                                        $searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false);
                                                        $searchForm .= "Operation : <input type='radio' name='user_search_op' value='and'  />AND  <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
                                                        return $results . $searchForm;
                                                    } else {
                                                        if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') {
                                                            $userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
                                                            $usertablefields = getTableFieldsName('users');
                                                            if (isset($_POST['create_user_submit'])) {
                                                                $incomplete = false;
                                                                foreach ($usertablefields as $field) {
                                                                    if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) {
                                                                        displayerror("New user could not be created. Some fields are missing!{$field}");
                                                                        $incomplete = true;
                                                                        break;
                                                                    }
                                                                    ${$field} = escape($_POST[$field]);
                                                                }
                                                                if (!$incomplete) {
                                                                    $user_id = $_GET['userid'];
                                                                    $chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'";
                                                                    $result = mysql_query($chkquery);
                                                                    $row = mysql_fetch_row($result);
                                                                    if ($row[0] > 0) {
                                                                        displayerror("Another user with the same name or email already exists!");
                                                                    } else {
                                                                        if ($user_password != $_POST['user_password2']) {
                                                                            displayerror("Passwords mismatch!");
                                                                        } else {
                                                                            if (isset($_POST['user_activated'])) {
                                                                                $user_activated = 1;
                                                                            }
                                                                            $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')";
                                                                            $result = mysql_query($query) or die(mysql_error());
                                                                            global $sourceFolder, $moduleFolder;
                                                                            require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
                                                                            require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
                                                                            if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) {
                                                                                displayinfo("User {$user_fullname} Successfully Created!");
                                                                            } else {
                                                                                displayerror("Failed to create user");
                                                                            }
                                                                        }
                                                                    }
                                                                }
                                                            }
                                                            $nextUserId = getNextUserId();
                                                            $userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>";
                                                            $xcolumnNames = array_values(getColumnList(0, false, false, false, false, false));
                                                            $usertablefields2 = array_merge($usertablefields, $xcolumnNames);
                                                            $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}";
                                                            $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>';
                                                            for ($i = 0; $i < count($usertablefields2); $i++) {
                                                                if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
                                                                    $userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
                                                                }
                                                            }
                                                            $userForm .= "<input type='hidden' name='not_first_time' />";
                                                            $infoarray = array();
                                                            foreach ($usertablefields as $field) {
                                                                $infoarray[$field] = "";
                                                            }
                                                            $infoarray['user_id'] = $nextUserId;
                                                            $userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true);
                                                            $userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
                                                            return $userForm;
                                                        }
                                                    }
                                                }
                                            }
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
Example #22
0
 public function actionEdit()
 {
     $editPageContent = '';
     $paramSqlQuery = '';
     $paramPageTitle = '';
     $useParams = false;
     if (isset($_POST['btnSubmitQueryData'])) {
         if (!isset($_POST['pagetitle']) || !isset($_POST['sqlquery'])) {
             displayerror('Error. Incomplete form data.');
         }
         $pageTitle = $_POST['pagetitle'];
         $sqlQuery = $_POST['sqlquery'];
         if ($this->saveQueryEditForm($pageTitle, $sqlQuery)) {
             displayinfo('Changes saved successfully.');
         }
     } elseif (isset($_POST['btnPreviewResults'])) {
         if (!isset($_POST['pagetitle']) || !isset($_POST['sqlquery'])) {
             displayerror('Error. Incomplete form data.');
         }
         $pageTitle = $_POST['pagetitle'];
         $sqlQuery = $_POST['sqlquery'];
         $editPageContent = "<h2>{$pageTitle} (Preview)</h2><br />\n" . $this->generatePageData(stripslashes($sqlQuery)) . "<br />\n";
         $useParams = true;
         $paramSqlQuery = stripslashes($sqlQuery);
         $paramPageTitle = $pageTitle;
     }
     $editPageContent .= $this->getQueryEditForm($paramPageTitle, $paramSqlQuery, $useParams);
     $helptext = "";
     if (isset($_POST['btnListTables']) || isset($_GET['subaction']) && $_GET['subaction'] == "listalltables") {
         $helptext .= "<h2>Tables of Database " . MYSQL_DATABASE . "</h2><br/><table id='sqlhelptable' name='sqlhelptable' class='display'><thead></tr><tr><th>Table Name</th><th>Columns Information</th><th>Rows Information</th></tr></thead><tbody>";
         $query = "SHOW TABLES";
         $res = mysql_query($query);
         while ($row = mysql_fetch_row($res)) {
             $helptext .= "<tr><td>{$row[0]}</td><td><a href='./+edit&subaction=tablecols&tablename={$row[0]}'>View Columns</a></td><td><a href='./+edit&subaction=tablerows&tablename={$row[0]}'>View Rows</a></td></tr>";
         }
         $helptext .= "</tbody></table>";
     }
     if (isset($_POST['btnListRows']) && $_POST['tablename'] != "" || isset($_GET['subaction']) && $_GET['subaction'] == "tablerows") {
         if (isset($_POST['tablename'])) {
             $tablename = escape(safe_html($_POST['tablename']));
         } else {
             if (isset($_GET['tablename'])) {
                 $tablename = escape(safe_html($_GET['tablename']));
             } else {
                 displayerror("Table name missing");
                 return $editPageContent;
             }
         }
         $query = "SELECT * FROM '{$tablename}'";
         $res = mysql_query($query);
         $numfields = mysql_num_fields($res);
         $helptext .= "<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=" . $numfields . ">Rows of Table {$tablename} <br/><a href='./+edit&subaction=tablecols&tablename={$tablename}'>View Columns</a>  <a href='./+edit&subaction=listalltables'>View All Tables</a></th></tr>";
         $helptext .= "<tr>";
         for ($i = 0; $i < $numfields; $i++) {
             $name = mysql_field_name($res, $i);
             if (!$name) {
                 displayerror("Field name could not be retrieved");
                 break;
             }
             $helptext .= "<th>{$name}</th>";
         }
         $helptext .= "</tr></thead><tbody>";
         while ($row = mysql_fetch_row($res)) {
             $helptext .= "<tr>";
             for ($i = 0; $i < $numfields; $i++) {
                 $helptext .= "<td>{$row[$i]}</td>";
             }
             $helptext .= "</tr>";
         }
         $helptext .= "</tbody></table>";
     }
     if (isset($_POST['btnListColumns']) && $_POST['tablename'] != "" || isset($_GET['subaction']) && $_GET['subaction'] == "tablecols") {
         if (isset($_POST['tablename'])) {
             $tablename = escape(safe_html($_POST['tablename']));
         } else {
             if (isset($_GET['tablename'])) {
                 $tablename = escape(safe_html($_GET['tablename']));
             } else {
                 displayerror("Table name missing");
                 return $editPageContent;
             }
         }
         $helptext .= "<table id='sqlhelptable' name='sqlhelptable' class='display'><thead><tr><th colspan=6>Column Information of Table {$tablename} <br/><a href='./+edit&subaction=tablerows&tablename={$tablename}'>View Rows</a>  <a href='./+edit&subaction=listalltables'>View All Tables</a> </th></tr>";
         $helptext .= "<tr><th>Column Name</th><th>Column Type</th><th>Maximum Length</th><th>Default Value</th><th>Not Null</th><th>Primary Key</th></tr></thead><tbody>";
         $query = "SELECT * FROM '{$tablename}' LIMIT 1";
         $res = mysql_query($query);
         for ($i = 0; $i < mysql_num_fields($res); $i++) {
             $meta = mysql_fetch_field($res, $i);
             if (!$meta) {
                 displayerror("Field information could not be retrieved");
                 break;
             }
             $helptext .= "<tr><td>{$meta->name}</td><td>{$meta->type}</td><td>{$meta->max_length}</td><td>{$meta->def}</td><td>{$meta->not_null}</td><td>{$meta->primary_key}</td></tr>";
         }
         $helptext .= "</tbody></table>";
     }
     global $urlRequestRoot, $cmsFolder, $STARTSCRIPTS;
     $smarttable = smarttable::render(array('sqlhelptable'), null);
     $STARTSCRIPTS .= "initSmartTable();";
     global $ICONS;
     if ($helptext != "") {
         $helptext = "<fieldset><legend>{$ICONS['Database Information']['small']}Database Information</legend>{$smarttable} {$helptext}</fieldset>";
     }
     return $helptext . $editPageContent;
 }
Example #23
0
 public function actionManage()
 {
     $display .= "<h2>Manage Polls</h2><br />";
     if (isset($_POST['save'])) {
         if ($_POST['q'] == NULL) {
             displayerror('Enter a Valid Question');
         } else {
             if ($_POST['o1'] == NULL || $_POST['o2'] == NULL) {
                 displayerror('Enter Atleast Two Options');
             } else {
                 if ($_POST['multi'] == NULL) {
                     displayerror('Choose `Yes` or `No` for Multiple Option ');
                 } else {
                     $q = htmlspecialchars(escape($_POST['q']));
                     $multi = escape($_POST['multi']);
                     if ($multi == 'y') {
                         $multi = 1;
                     } else {
                         $multi = 0;
                     }
                     $pid = escape($_POST['pid']);
                     $o1 = htmlspecialchars(escape($_POST['o1']));
                     $o2 = htmlspecialchars(escape($_POST['o2']));
                     $o3 = htmlspecialchars(escape($_POST['o3']));
                     $o4 = htmlspecialchars(escape($_POST['o4']));
                     $o5 = htmlspecialchars(escape($_POST['o5']));
                     $o6 = htmlspecialchars(escape($_POST['o6']));
                     displayinfo('Poll Question Updated Succesfully');
                     $query = "UPDATE `poll_content` SET `ques` = '{$q}',`o1` = '{$o1}',`o2` = '{$o2}',`o3` = '{$o3}',`o4` = '{$o4}',`o5` = '{$o5}',`o6` = '{$o6}',`multiple_opt` = '{$multi}' WHERE `pid` = {$pid} AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                     mysql_query($query);
                 }
             }
         }
         return $this->actionView();
     }
     if (isset($_POST['insert'])) {
         if ($_POST['q'] == NULL) {
             displayerror('Enter a Valid Question');
         } else {
             if ($_POST['o1'] == NULL || $_POST['o2'] == NULL) {
                 displayerror('Enter Atleast Two Options');
             } else {
                 if ($_POST['multi'] == NULL) {
                     displayerror('Choose `Yes` or `No` for Multiple Option ');
                 } else {
                     displayinfo('Poll Question Added Succesfully');
                     $query = "INSERT INTO `poll_content` (`page_modulecomponentid`,`ques` ,`o1` ,`o2` ,`o3` ,`o4` ,`o5` ,`o6` ,`visibility`)\n\t\t\t\t\t\tVALUES ('{$this->moduleComponentId}','" . htmlspecialchars(escape($_POST['q'])) . "','" . htmlspecialchars(escape($_POST['o1'])) . "','" . htmlspecialchars(escape($_POST['o2'])) . "','" . htmlspecialchars(escape($_POST['o3'])) . "','" . htmlspecialchars(escape($_POST['o4'])) . "','" . htmlspecialchars(escape($_POST['o5'])) . "','" . htmlspecialchars(escape($_POST['o6'])) . "','1')";
                     $result = mysql_query($query);
                     if ($_POST['multi'] == 'y') {
                         $query5 = "UPDATE `poll_content` SET `multiple_opt`='1' WHERE `ques`='" . htmlspecialchars(escape($_POST['q'])) . "' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
                         $result5 = mysql_query($query5);
                     }
                     $query0 = "SELECT max(`pid`) from `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
                     $result0 = mysql_query($query0);
                     $row0 = mysql_fetch_array($result0);
                     $query1 = "INSERT INTO `poll_log` (`pid`,`page_modulecomponentid`) VALUES ('" . $row0[0] . "','{$this->moduleComponentId}')";
                     $result1 = mysql_query($query1);
                 }
             }
         }
     }
     if (isset($_POST['disable'])) {
         $pollid = escape($_POST['ques1']);
         $query3 = "SELECT * FROM `poll_content` WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $result3 = mysql_query($query3);
         $nop = mysql_num_rows($result3);
         if ($nop == 1) {
             $query4 = "UPDATE `poll_content` SET `visibility`='0' WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
             $result4 = mysql_query($query4);
         }
         displayinfo("Poll Question Disabled");
     }
     if (isset($_POST['edit'])) {
         $pollid = escape($_POST['ques0']);
         $query = "SELECT * FROM `poll_content` WHERE `pid` = '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $row = mysql_fetch_array(mysql_query($query));
         $ques = $row['ques'];
         $o1 = $row['o1'];
         $o2 = $row['o2'];
         $o3 = $row['o3'];
         $o4 = $row['o4'];
         $o5 = $row['o5'];
         $o6 = $row['o6'];
         $m = $row['multiple_opt'];
         $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Edit</h3>&nbsp;&nbsp;Questions added are 'Enabled/Visible' by default <br /><br />";
         $display .= "<div align='center'><form name='f5' method='POST' action='./+manage'>";
         $display .= "Question:<br /><textarea rows='4' cols='20' name='q'>{$ques}</textarea><br /><br />";
         $display .= "<br />";
         $display .= "Enter the options applicable; leave blank otherwise. <br />";
         $display .= "1.&nbsp;<input type='text' name='o1' value='{$o1}' /><br />";
         $display .= "2.&nbsp;<input type='text' name='o2' value='{$o2}' /><br />";
         $display .= "3.&nbsp;<input type='text' name='o3' value='{$o3}' /><br />";
         $display .= "4.&nbsp;<input type='text' name='o4' value='{$o4}' /><br />";
         $display .= "5.&nbsp;<input type='text' name='o5' value='{$o5}' /><br />";
         $display .= "6.&nbsp;<input type='text' name='o6' value='{$o6}' /><br /><br />";
         $display .= "Can the user choose multiple options?<br />";
         if ($m == 1) {
             $display .= "<input type='radio' name='multi' value='y' checked> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
             $display .= "<input type='radio' name='multi' value='n'> No <br /><br />";
         } else {
             $display .= "<input type='radio' name='multi' value='y'> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
             $display .= "<input type='radio' name='multi' value='n' checked> No <br /><br />";
         }
         $display .= "<input type='hidden' name='pid' value='{$pollid}' />";
         $display .= "<input type='submit' name='save' value=' Save ' /><br /><br />";
         $display .= "</form></div></td></tr></table>";
     }
     if (isset($_POST['enable'])) {
         $pollid = escape($_POST['ques2']);
         $query3 = "SELECT * FROM `poll_content` WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
         $result3 = mysql_query($query3);
         $nop = mysql_num_rows($result3);
         if ($nop == 1) {
             $query4 = "UPDATE `poll_content` SET `visibility`='1' WHERE `pid`= '{$pollid}' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
             $result4 = mysql_query($query4);
         }
         displayinfo("Poll Question Enabled");
     }
     if (isset($_POST['delete'])) {
         $pollid = escape($_POST['ques3']);
         $query4 = "DELETE FROM `poll_log` WHERE `pid`='{$pollid}'";
         $result4 = mysql_query($query4);
         $query5 = "DELETE FROM `poll_content` WHERE `pid`='{$pollid}'";
         $result5 = mysql_query($query5);
         displayinfo("Poll Question Deleted");
     }
     ///Adding a poll question
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Add Poll Question</h3>&nbsp;&nbsp;Questions added are 'Enabled/Visible' by default <br /><br />";
     $display .= "<div align='center'><form name='f1' method='POST' action='./+manage'>";
     $display .= "Question:<br /><textarea rows='4' cols='20' name='q'></textarea><br /><br />";
     $display .= "<br />";
     $display .= "Enter the options applicable; leave blank otherwise. <br />";
     $display .= "1.&nbsp;<input type='text' name='o1' /><br />";
     $display .= "2.&nbsp;<input type='text' name='o2' /><br />";
     $display .= "3.&nbsp;<input type='text' name='o3' /><br />";
     $display .= "4.&nbsp;<input type='text' name='o4' /><br />";
     $display .= "5.&nbsp;<input type='text' name='o5' /><br />";
     $display .= "6.&nbsp;<input type='text' name='o6' /><br /><br />";
     $display .= "Can the user choose multiple options?<br />";
     $display .= "<input type='radio' name='multi' value='y'> Yes &nbsp;&nbsp;&nbsp;&nbsp;";
     $display .= "<input type='radio' name='multi' value='n'> No <br /><br />";
     $display .= "<input type='submit' name='insert' value='Add Poll Question' /><br /><br />";
     $display .= "</form></div></td></tr></table>";
     ///Edit a poll question
     $q0 = "SELECT * FROM `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r0 = mysql_query($q0);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Edit Poll Question</h3>";
     $display .= "<div align='center'><form name='f4' method='POST' action='./+manage'>";
     if (mysql_num_rows($r0) == 0) {
         $display .= "No poll questions exist currently.";
     } else {
         $display .= "<select name='ques0'>";
         $n0 = mysql_num_rows($r0);
         for ($i = 1; $i <= $n0; $i++) {
             $row0 = mysql_fetch_array($r0);
             $display .= "<option value='" . $row0['pid'] . "'>" . $row0['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='edit' value=' Edit ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Disable a poll question
     $q1 = "SELECT * FROM `poll_content` WHERE `visibility`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r1 = mysql_query($q1);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Disable Poll Question</h3>";
     $display .= "<div align='center'><form name='f2' method='POST' action='./+manage'>";
     if (mysql_num_rows($r1) == 0) {
         $display .= "All Poll Questions are Currently Disabled!";
     } else {
         $display .= "<select name='ques1'>";
         $n1 = mysql_num_rows($r1);
         for ($i = 1; $i <= $n1; $i++) {
             $row1 = mysql_fetch_array($r1);
             $display .= "<option value='" . $row1['pid'] . "'>" . $row1['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='disable' value=' Disable ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Enable a poll question
     $q2 = "SELECT * FROM `poll_content` WHERE `visibility`='0' AND `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r2 = mysql_query($q2);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Enable Poll Question</h3>";
     $display .= "<div align='center'><form name='f3' method='POST' action='./+manage'>";
     if (mysql_num_rows($r2) == 0) {
         $display .= "All Poll Questions are Currently Enabled!<br /><br />";
     } else {
         $display .= "<select name='ques2'>";
         while ($row2 = mysql_fetch_array($r2)) {
             $display .= "<option value='" . $row2['pid'] . "'>" . $row2['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='enable' value=' Enable ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     ///Delete a poll question
     $q3 = "SELECT * FROM `poll_content` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
     $r3 = mysql_query($q3);
     $display .= "<table width='100%'><tr><td><h3>&nbsp;&nbsp;Delete Poll Question</h3>";
     $display .= "<div align='center'><form name='f3' method='POST' action='./+manage'>";
     if (mysql_num_rows($r1) == 0) {
         $display .= "No poll questions exist currently.";
     } else {
         $display .= "<select name='ques3'>";
         $n3 = mysql_num_rows($r3);
         for ($i = 1; $i <= $n3; $i++) {
             $row3 = mysql_fetch_array($r3);
             $display .= "<option value='" . $row3['pid'] . "'>" . $row3['ques'];
         }
         $display .= "</select><br /><br />";
         $display .= "<input type='submit' name='delete' value=' Delete ' /><br /><br />";
     }
     $display .= "</form></div></td></tr></table>";
     return $display;
 }
Example #24
0
/**
 * Submits the file upload from 
 * @param $moduleComponentId page_modulecomponentid.
 * @param $moduleName The module which is calling this function.
 * @param $userId The user who is uploading the files.
 * @param $maxFileSizeInBytes the maximum permissible size of the files that can be uploaded.
 * @param $uploadableFileTypesArray An array that contains the file types that has been permitted to be uploaded on that page.
 * @param $uploadableFieldName The name of the variable used in forms to upload the file
 *
 * @return mixed : true if any error is found in the upload otherwise array of filenames uploaded
 */
function submitFileUploadForm($moduleComponentId, $moduleName, $userId, $maxFileSizeInBytes = false, $uploadableFileTypesArray = false, $uploadFieldName = 'fileUploadField')
{
    if ($maxFileSizeInBytes === false) {
        $maxFileSizeInBytes = 2 * 1024 * 1024;
    }
    if (isset($_FILES[$uploadFieldName]['error'][0])) {
        $errorCode = $_FILES[$uploadFieldName]['error'][0];
        if ($errorCode == UPLOAD_ERR_NO_FILE) {
            return true;
        }
        if ($errorCode != 0) {
            displayerror("Error in uploading file. " . getFileUploadError($errorCode));
            return true;
        }
        $uploadedFiles = upload($moduleComponentId, $moduleName, $userId, $uploadFieldName, $maxFileSizeInBytes, $uploadableFileTypesArray);
        if (is_array($uploadedFiles) && count($uploadedFiles) > 0) {
            displayinfo("Successfully uploaded file(s) " . join($uploadedFiles, "; ") . ".");
        }
        return $uploadedFiles;
    } else {
        return true;
    }
}
Example #25
0
function deleteUserAccount($userId)
{
    /// $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'users` WHERE `user_id` = ' . $userId;
    displayinfo('To be implemented');
}
Example #26
0
function move_page($userId, $pageId, $parentId, $pagetitle, $pagename, $deleteoriginalentry)
{
    /**
     * return true or false.
     * First check if page with same name exists in destination parent. If it does, and the parent is different from
     * current parent, dont copy or move and return false
     *
     */
    //var_dump($str);
    $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid` = '{$parentId}' AND `page_name` = '{$pagename}'";
    $result = mysql_query($query);
    if (mysql_num_rows($result) > 0) {
        return "Error: There exists a page with the same name in the destination path.";
    }
    $parentInfo = getPageInfo($parentId);
    if (!getPermissions($userId, $parentId, "settings")) {
        return "Error: You do not have permission to copy or move to the destination page.";
    }
    if ($parentInfo['page_module'] == "link") {
        return "Error: Cannot move or copy a page to a page of the type link.";
    }
    $str = array();
    parseUrlDereferenced($parentId, $str);
    $arrlen = count($str);
    for ($i = 0; $i < count($str); $i++) {
        if ($pageId == $str[$i]) {
            return 'Error : You are trying to copy a parent to a child page. This will create a loop';
        }
    }
    //if the deleteoriginal entry is set then the page is MOVED from the original location to the new location.
    if ($deleteoriginalentry == true) {
        if ($pageId != 0) {
            $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_parentid` = '" . $parentId . "' , `page_title` = '" . $pagetitle . "' , `page_name` = '" . $pagename . "' WHERE `page_id` ='{$pageId}' ;";
            $result = mysql_query($query);
            if (mysql_affected_rows() != 1) {
                return 'Unable to perform the required action';
            }
            global $urlRequestRoot;
            header("location:" . $urlRequestRoot . getPagePath($pageId) . "+settings&displayinfo=" . rawurlencode("The page has been successfully moved."));
        } else {
            return 'Error : You do not have permission to move the root page.';
        }
    } else {
        $recursive = false;
        if (isset($_POST['recursivelycopypage'])) {
            $recursive = true;
        }
        if (copyPage($userId, $pageId, $parentId, $pagetitle, $pagename, $recursive)) {
            displayinfo("Page copied successfully!");
        }
    }
}
Example #27
0
    public function actionEdit()
    {
        global $ICONS;
        global $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot;
        $editTemplateForm = "";
        if (isset($_POST['templateChange'])) {
            $newTemplate = escape($_POST['template']);
            $chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$newTemplate}'";
            $chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery);
            if (mysql_num_rows($chkTemplateExistsResult) > 0) {
                $changeQuery = "Update `faculty_module` SET `templateId`={$newTemplate}";
                $changeResult = mysql_query($changeQuery);
                if (mysql_affected_rows() != 1) {
                    displayerror("Unable to update. Try again after some time.");
                } else {
                    displayinfo("Successfully updated template");
                }
            } else {
                displayerror("Selected template doesnot exit.");
            }
            $abc = "hi";
            return $abc;
        }
        if (isset($_POST['templateEdit']) || isset($_GET['templateEdit'])) {
            if (isset($_POST['templateEdit'])) {
                $template = escape($_POST['template']);
            }
            if (isset($_GET['templateEdit'])) {
                $template = escape($_GET['template']);
            }
            $chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$template}'";
            $chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery);
            if (mysql_num_rows($chkTemplateExistsResult) > 0) {
                $templateName = mysql_fetch_array($chkTemplateExistsResult);
                require_once "{$sourceFolder}/{$moduleFolder}/faculty/template_edit.php";
                $editTemplateForm = templateDesc($template, $templateName[0]);
            } else {
                displayerror("Selected template doesnot exit.");
            }
        }
        // Get Selected Template for Page Start
        $selectedTemplateQuery = "SELECT `templateId` FROM `faculty_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
        $selectedTemplateResult = mysql_query($selectedTemplateQuery) or displayerror("Error in getting Faculty Settings");
        $selectedTemplate = mysql_fetch_row($selectedTemplateResult);
        // Get Selected Template for Page Finish
        $chkDataQuery = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId` IN (SELECT `template_sectionId` FROM `faculty_template` WHERE `template_id`={$selectedTemplate['0']})";
        $chkDataResult = mysql_query($chkDataQuery) or displayerror("Error in checking for data");
        if (mysql_num_rows($chkDataResult) > 0) {
            displaywarning("This page contains some data. If you change the template, all the data will be lost!!!");
        }
        // Get list of templates start
        $options = "";
        $templateQuery = "SELECT `template_id`,`template_name` FROM `faculty_template` GROUP BY `template_id`";
        $templateResult = mysql_query($templateQuery) or displayerror("Error in selecting Templates");
        if (mysql_num_rows($templateResult) > 0) {
            while ($templateRow = mysql_fetch_array($templateResult)) {
                if ($templateRow[0] == $selectedTemplate[0]) {
                    $selected = 'selected="selected"';
                } else {
                    $selected = '';
                }
                $options .= "<option value='{$templateRow['0']}' {$selected} > {$templateRow['1']}</option>";
            }
        }
        // Get list of templates start
        $settingFormHtml = <<<PRE
\t\t<fieldset>
\t\t<legend>{$ICONS['Forum Settings']['small']}Faculty Settings</legend>
\t\t<form method="post" name="faculty_settings" action="./+edit">
\t\t\t<table>
\t\t\t\t<tr>
\t\t\t\t\t<td>
\t\t\t\t\t\tFaculty Templates
\t\t\t\t\t</td>
\t\t\t\t\t<td>
\t\t\t\t\t\t<select name="template" style="width:100px;">
\t\t\t\t\t\t\t{$options}
\t\t\t\t\t\t</select>
\t\t\t\t\t</td>
\t\t\t\t</tr>
\t\t\t\t<tr>
\t\t\t\t\t<td>
\t\t\t\t\t\t<input type="submit" name="templateChange" value="Change Template">
\t\t\t\t\t</td>
\t\t\t\t\t<td>
\t\t\t\t\t\t<input type="submit" name="templateEdit" value="Edit Template">
\t\t\t\t\t</td>

\t\t\t\t</tr>
\t\t\t</table>
\t\t</form>
\t\t</fieldset>
PRE;
        return $settingFormHtml . $editTemplateForm;
    }
Example #28
0
 private function submitNewUserThirdPartyRegistrationForm()
 {
     if (isset($_POST['txtUserEmail']) && isset($_POST['txtUserPhone']) && isset($_POST['txtUserInstitution']) && isset($_POST['txtUserPassword']) && isset($_POST['txtUserConfirmPassword'])) {
         if (getUserIdFromEmail(escape($_POST['txtUserEmail']))) {
             displayerror('The given E-mail Id is already registered on the website. Please use the respective forms\' Edit Registrants view to register the user to events.');
             return;
         }
         if ($_POST['txtUserEmail'] == '' || $_POST['txtUserPassword'] == '') {
             displayerror("Blank e-mail/password NOT allowed");
             return;
         } elseif (!eregi("^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$", $_POST['txtUserEmail'])) {
             displayerror("Invalid Email Id");
             return;
         } elseif ($_POST['txtUserPassword'] != $_POST['txtUserConfirmPassword']) {
             displayerror("Passwords are not same");
             return;
         }
         $userIdQuery = 'SELECT MAX(`user_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'users`';
         $userIdResult = mysql_query($userIdQuery);
         $userIdRow = mysql_fetch_row($userIdResult);
         $newUserId = 1;
         if (!is_null($userIdRow[0])) {
             $newUserId = $userIdRow[0] + 1;
         }
         $userEmail = escape(trim($_POST['txtUserEmail']));
         $userPassword = $_POST['txtUserPassword'];
         $userContactNumber = escape($_POST['txtUserPhone']);
         $userInstitute = escape($_POST['txtUserInstitution']);
         $userFullName = escape($_POST['txtUserFullName']);
         $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'users`(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_regdate`, `user_lastlogin`, `user_activated`) ' . "VALUES({$newUserId}, '{$userFullName}', '{$userEmail}', '{$userFullName}', MD5('{$userPassword}'), NOW(), NOW(), 1)";
         $insertResult = mysql_query($insertQuery);
         if (!$insertResult) {
             displayerror('Error. Could not add user to database.');
             return;
         }
         $contactElementId = 3;
         $instituteElementId = 4;
         $contactInsertQuery = "INSERT INTO `form_elementdata` (`user_id`, `page_modulecomponentid`, `form_elementid`, `form_elementdata`) " . "VALUES " . "({$newUserId}, 0, {$contactElementId}, '{$userContactNumber}'), " . "({$newUserId}, 0, {$instituteElementId}, '{$userInstitute}')";
         $contactInsertResult = mysql_query($contactInsertQuery);
         if (!$contactInsertResult) {
             displayerror('Could not save the contact number of the user.');
         } else {
             displayinfo("User {$userEmail} has been registered to the pragyan website.");
         }
     } else {
         displayerror('Invalid form submit data.');
     }
 }
Example #29
0
 /**
  * function copyModule:
  * duplicates book with a new moduleComponentId
  */
 public function copyModule($moduleComponentId, $newId)
 {
     displayinfo('The new copy of book module has to be configured manually');
     return true;
 }
Example #30
0
    public function actionView()
    {
        if (isset($_GET['subaction'])) {
            if ($_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
                echo $this->getEmailSuggestions(escape($_GET['forwhat']));
                exit;
            }
            $subaction = escape($_GET['subaction']);
            if ($subaction == 'displayuser') {
            }
            if ($subaction == 'finduser') {
                global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder;
                $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
                $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
                $find = <<<USER


\t\t\t<form method="POST" action="./+view&subaction=displayuser">
\t\t\tEnter user:<input type="text" name="txtUserEmail" id="txtUserEmail"  autocomplete="off" style="width: 256px" />
\t\t\t<div id="suggestionsBox" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t<input type="submit" Value="Find User"/>
\t\t\t<script type="text/javascript" language="javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js">
\t\t\t</script>
\t\t\t<script language="javascript">
\t\t\tvar userBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionsBox'), "./+view&subaction=getsuggestions&forwhat=%pattern%");
\t\t\tuserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t</script>
\t\t\t</form>




USER;
                return $find . $this->viewall();
            }
            if ($subaction == "viewstatus") {
                $query = "SELECT DISTINCT `hospi_hostel_name` FROM `hospi_hostel` ";
                $result4 = mysql_query($query) or die(mysql_error());
                $statusall = <<<ROOM
\t\t\t\t\t

ROOM;
                static $i;
                while ($temp4 = mysql_fetch_array($result4, MYSQL_ASSOC)) {
                    $statusall .= $temp4['hospi_hostel_name'];
                    $statusall .= '<table border="1">';
                    for ($i = 0; $i < 3; $i++) {
                        $j = 0;
                        $statusall .= '<tr>';
                        $query = "\n\t\t\t\t\t\tSELECT *  FROM `hospi_hostel` WHERE `hospi_hostel_name`='{$temp4['hospi_hostel_name']}' AND `hospi_room_no`<>0  AND `hospi_floor`={$i}";
                        $result = mysql_query($query) or die(mysql_error());
                        $num = mysql_num_rows($result);
                        $x = $num / 8;
                        $x++;
                        $statusall .= "<td rowspan={$x}>{$i}</td>";
                        while ($temp = mysql_fetch_array($result, MYSQL_ASSOC)) {
                            //	$statusall.="</tr>";
                            $status = "<br>Vacant";
                            $query1 = "SELECT * FROM `hospi_accomodation_status` WHERE `hospi_room_id`='{$temp['hospi_room_id']}' AND `hospi_actual_checkout` IS NULL";
                            $result1 = mysql_query($query1);
                            if (mysql_num_rows($result1) < $temp['hospi_room_capacity']) {
                            } else {
                                $status = "Full";
                            }
                            //							$statusall.='<tr>';
                            if (mysql_num_rows($result1) >= $temp['hospi_room_capacity']) {
                                $statusall .= '<td id="asdf">';
                            } else {
                                $statusall .= '<td id="asdf1">';
                            }
                            $statusall .= '<a href="+accomodate&hostel=' . $temp['hospi_hostel_name'] . '&room_id=' . $temp['hospi_room_id'] . '">' . $temp['hospi_room_no'] . '              ';
                            $statusall .= "{$status}      (" . mysql_num_rows($result1) . "/" . $temp['hospi_room_capacity'] . ")";
                            $statusall .= <<<RED
\t\t\t\t\t\t\t<style type="text/css">
\t\t\t\t\t\t\t<!--
\t\t\t\t\t\t\t\t#asdf {
\t\t\t\t\t\t\t\t\tbackground-color: #FF0000;
\t\t\t\t\t\t\t\t}
\t\t\t\t\t\t\t\t#asdf1
\t\t\t\t\t\t\t\t{
\t\t\t\t\t\t\t\t\tbackground-color: #00FF00;
\t\t\t\t\t\t\t\t}
\t\t\t\t\t\t\t-->
\t\t\t\t\t\t\t</style>
RED;
                            $statusall .= '</td>';
                            /*					while($temp1=mysql_fetch_array($result1, MYSQL_ASSOC)){
                            						
                            						{
                            							$statusall.="<a href=\"+accomodate&displayUserDetails=$temp1[hospi_guest_email]\" >$temp1[hospi_guest_name]</a>,";
                            
                            						}
                            						}*/
                            //						$statusall.='</tr>';
                            $j++;
                            if ($j == 8) {
                                $j = 0;
                                $statusall .= '</tr><tr>';
                            }
                        }
                        $statusall .= '</tr>';
                    }
                    $statusall .= '</tr>';
                }
                $statusall .= '</tr></table>';
                return $statusall . $this->viewall();
            }
            if ($subaction == 'displayroom') {
                if ($_POST['roomno'] != '') {
                    $cond = "`hospi_room_no`='" . escape($_POST['roomno']) . "' AND";
                }
                $query = "SELECT * FROM `hospi_hostel` WHERE {$cond} `hospi_hostel_name`='" . escape($_POST['hostels']) . "'";
                $result = mysql_query($query);
                if (!mysql_num_rows($result)) {
                    displayerror('Room not present');
                    return $this->viewall();
                }
                $row = mysql_fetch_array($result);
                $query = "SELECT * FROM `hospi_accomodation_status` WHERE `hospi_room_id`={$row['hospi_room_id']} AND `hospi_actual_checkout` IS NULL";
                $result1 = mysql_query($query);
                if (!mysql_num_rows($result1)) {
                    displayinfo('Room Vacant');
                    return $this->viewall();
                }
                $room = <<<DETAILS
\t\t\t\t<table border="1">
\t\t\t\t<tr>
\t\t\t\t<th nowrap="nowrap">Hostel:</th>
\t\t\t\t<th nowrap="nowrap">{$row['hospi_hostel_name']}</th>
\t\t\t\t</tr>
\t\t\t\t<tr>
\t\t\t\t<th nowrap="nowrap">Room No.:</th>
\t\t\t\t<th nowrap="nowrap">{$row['hospi_room_no']}</th>
\t\t\t\t</tr>
DETAILS;
                $room .= "</table><br><br>";
                $room .= "Guests alloted:<br>";
                while ($row1 = mysql_fetch_assoc($result1)) {
                    $username = $row1['hospi_guest_email'];
                    $room .= <<<DETAILS
\t\t\t\t\t\t<br>
\t\t\t\t\t\t<table border="1">
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t<th nowrap="nowrap">email:</th>
\t\t\t\t\t\t<th nowrap="nowrap">{$username}</th>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
\t\t\t\t\t\t<th nowrap="nowrap">Checked in on:</th>
\t\t\t\t\t\t<th nowrap="nowrap">{$row1['hospi_actual_checkin']}</th>
\t\t\t\t\t\t</tr>
\t\t\t\t\t\t<tr>
DETAILS;
                    if ($row1['hospi_actual_checkout']) {
                        $room .= "<th nowrap=\"nowrap\">Checked out on:</th><th nowrap=\"nowrap\">{$row1['hospi_actual_checkout']}</th></tr></table>";
                    }
                    if ($row1['hospi_actual_checkout'] == 0) {
                        if ($row1['user_id'] != 0) {
                            $room .= "<tr><td><input type=\"submit\" value=\"Check Out\" onclick=\"window.location='./+accomodate&hostel={$row['hospi_hostel_name']}&room_id={$row1['hospi_room_id']}&checkOut={$row1['user_id']}'\"></td></tr>";
                        } else {
                            $room .= "<tr><td><input type=\"submit\" value=\"Check Out\" onclick=\"window.location='./+accomodate&hostel={$_POST['hostels']}&room_id={$row['hospi_room_id']}&checkOut={$row['hospi_guest_name']}&checkinTime={$row['hospi_actual_checkin']}&by={$row['hospi_checkedin_by']}'\"></td></tr><br>";
                        }
                    }
                }
                return $room . $this->viewall();
            }
            if ($subaction == 'findroom') {
                $query = "SELECT DISTINCT `hospi_hostel_name` FROM `hospi_hostel`";
                $result = mysql_query($query);
                $room = <<<ROOM
\t\t\t\t<form method="POST" action="./+view&subaction=displayroom">
\t\t\t\tHostels:<select name="hostels" id="hostels" >
ROOM;
                while ($temp = mysql_fetch_array($result, MYSQL_NUM)) {
                    foreach ($temp as $hostelname) {
                        $room .= '<option value=' . $hostelname . '>' . $hostelname . '</option>';
                    }
                }
                $room .= <<<ROOM
\t \t\t\t</select><br>
\t\t\t\tRoom No.:<input type="text" name="roomno" />
\t\t\t\t<input type="submit" Value="Find Room"/>
\t\t\t\t</form>
ROOM;
                return $room . $this->viewall();
            }
            if ($subaction == 'displayvacantrooms') {
                $room = <<<ROOM
\t\t\t
ROOM;
                if ($_POST['hostels'] == "all") {
                    $query = "SELECT DISTINCT `hospi_hostel_name` FROM `hospi_hostel`";
                    $res = mysql_query($query);
                    while ($row = mysql_fetch_array($res)) {
                        $query = "SELECT * FROM `hospi_hostel` WHERE `hospi_hostel_name`='{$row[hospi_hostel_name]}'  ";
                        $result = mysql_query($query);
                        $room .= '<table border="1"><tr>';
                        $room .= '</tr><tr ><td >' . $row['hospi_hostel_name'] . '</td>';
                        while ($temp = mysql_fetch_array($result, MYSQL_ASSOC)) {
                            $status = "Vacant";
                            $query1 = "SELECT * FROM `hospi_accomodation_status` WHERE `hospi_room_id`='{$temp['hospi_room_id']}' AND `hospi_actual_checkout` IS NULL";
                            $result1 = mysql_query($query1);
                            $temp1 = mysql_fetch_array($result1, MYSQL_ASSOC);
                            if (mysql_num_rows($result1) < $temp['hospi_room_capacity']) {
                                $room .= '<td width="95" height="95"> <a href="+accomodate&hostel=' . $temp['hospi_hostel_name'] . '&room_id=' . $temp['hospi_room_id'] . '">' . $temp['hospi_room_no'] . '              ';
                                $room .= "{$status} (" . mysql_num_rows($result1) . "/" . $temp['hospi_room_capacity'] . ")";
                                $room .= '</td>';
                            }
                        }
                        $room .= "</tr></table>";
                    }
                    return $room . $this->viewall();
                } else {
                    $query = "SELECT * FROM `hospi_hostel` WHERE `hospi_hostel_name`='" . escape($_POST[hostels]) . "'  ";
                    $result = mysql_query($query);
                    $room .= '<table border="1"><tr>';
                    $room .= '</tr><tr ><td >' . $_POST['hostels'] . '</td>';
                    while ($temp = mysql_fetch_array($result, MYSQL_ASSOC)) {
                        $status = "Vacant";
                        $query1 = "SELECT * FROM `hospi_accomodation_status` WHERE `hospi_room_id`='{$temp['hospi_room_id']}' AND `hospi_actual_checkout` IS NULL";
                        $result1 = mysql_query($query1);
                        $temp1 = mysql_fetch_array($result1, MYSQL_ASSOC);
                        if (mysql_num_rows($result1) < $temp['hospi_room_capacity']) {
                        } else {
                            $status = "Full";
                        }
                        if ($status != 'Full') {
                            $room .= '<td width="95" height="95"> <a href="+accomodate&hostel=' . $temp['hospi_hostel_name'] . '&room_id=' . $temp['hospi_room_id'] . '">' . $temp['hospi_room_no'] . '              ';
                            $room .= "{$status} (" . mysql_num_rows($result1) . "/" . $temp['hospi_room_capacity'] . ")";
                            $room .= '</td>';
                        }
                    }
                    $room .= "</tr></table>";
                    return $room . $this->viewall();
                }
            }
        }
        return $this->viewall();
    }