function drawJumpToStaff($selectedID = false) { global $isAdmin; $nullable = $selectedID === false; $return = ' <table class="message"> <tr> <td class="gray">Jump to ' . drawSelectUser("", $selectedID, $nullable, 0, true, true, "Staff Member:") . '</td> </tr> </table>'; if ($isAdmin) { if ($r = db_grab("SELECT COUNT(*) FROM users_requests")) { $return = drawServerMessage("There are pending <a href='requests.php'>account requests</a> for you to review.") . $return; } } return $return; }
<?php include '../include.php'; if ($posting) { error_debug("handling bb post"); format_post_bits("isAdmin,temporary"); $id = db_enter("bulletin_board_topics", "title |description isAdmin temporary"); db_query("UPDATE bulletin_board_topics SET threadDate = GETDATE() WHERE id = " . $id); if ($_POST["isAdmin"] == "'1'") { //send admin email //get topic $r = db_grab("SELECT \n\t\t\t\tt.title,\n\t\t\t\tt.description,\n\t\t\t\tu.userID,\n\t\t\t\tISNULL(u.nickname, u.firstname) firstname,\n\t\t\t\tu.lastname,\n\t\t\t\tt.createdOn\n\t\t\t\tFROM bulletin_board_topics t\n\t\t\t\tJOIN intranet_users u ON t.createdBy = u.userID\n\t\t\t\tWHERE t.id = " . $id); //construct email $message = drawEmailHeader(); $message .= drawServerMessage("<b>Note</b>: This is an Administration/Human Resources topic from the <a href='http://" . $server . "/bulletin_board/'>Intranet Bulletin Board</a>. For more information, please contact the <a href='mailto:hrpayroll@seedco.org'>Human Resources Department</a>."); $message .= '<table class="center">'; $message .= drawHeaderRow("Email", 2); $message .= drawThreadTop($r["title"], $r["description"], $r["userID"], $r["firstname"] . " " . $r["lastname"], $r["createdOn"]); $message .= '</table>' . drawEmailFooter(); $headers = "MIME-Version: 1.0\r\n"; $headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; $headers .= "From: " . $_josh["email_default"] . "\r\n"; //get addresses & send $users = db_query("SELECT email FROM intranet_users WHERE isactive = 1"); while ($u = db_fetch($users)) { mail($u["email"], $r["title"], $message, $headers); } } syndicateBulletinBoard(); url_change(); }
<?php include 'include.php'; if (!url_id()) { url_query_add(array('id' => 1)); } drawTop(); $locations = db_query("SELECT \n\t\to.id, \n\t\to.name\n\tFROM intranet_offices o \n\tORDER BY (SELECT COUNT(*) FROM intranet_users u WHERE u.officeID = o.id) DESC"); if (db_found($locations)) { $pages = array(); while ($l = db_fetch($locations)) { $pages["/staff/locations.php?id=" . $l["id"]] = $l["name"]; } echo drawNavigationRow($pages, $location, true); } if ($_GET["id"] == "other") { echo drawStaffList("u.isactive = 1 AND u.officeID <> 1 AND u.officeID <> 6 AND u.officeID <> 11 AND u.officeID <> 9"); } else { $l = db_grab('SELECT name, address FROM intranet_offices WHERE id = ' . $_GET['id']); if (!empty($l['address'])) { echo drawServerMessage('<center><strong>' . $l['name'] . ' Office</strong><br>' . nl2br($l['address']) . '</center>'); } echo drawStaffList("u.isactive = 1 and u.officeID = " . $_GET["id"]); } drawBottom();
<script language="javascript"> <!-- initTinyMCE("<?php echo $locale; ?> style-textarea.css"); //--> </script> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php echo drawServerMessage("<h1>Welcome!</h1> To request an account, please fill out the fields below. Your login information will be emailed to you once your request is approved."); $form = new intranet_form(); $form->addRow("itext", "First Name", "firstname", '', "", true, 20); $form->addRow("itext", "Nickname (optional)", "nickname", '', "", false, 20); $form->addRow("itext", "Last Name", "lastname", '', "", true, 20); $form->addRow("itext", "Email", "email", '', "", true, 50); $form->addRow("itext", "Title", "title", '', "", true, 100); $form->addRow("select", "Organization", "corporationID", "SELECT id, description FROM organizations ORDER BY description", "", true); $form->addRow("department", "Department", "departmentID"); $form->addRow("select", "Office", "officeID", "SELECT id, name FROM intranet_offices ORDER BY precedence", "", true); $form->addRow("phone", "Phone", "phone", '', "", true, 14); $form->addRow("textarea", "Additional Info", "bio", "", "mceEditor"); $form->addRow("submit", "Send Request"); $form->draw("Request Intranet Account"); ?> </td>
<?php include "../include.php"; ?> <html> <head> <title>Reset Your Password</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> <script language="javascript" src="/javascript.js"></script> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php echo drawServerMessage("<h1>Check your email</h1> You should receive an email shortly with a link to reset your password.<br>\nClick <a href='/'>here</a> to go back."); ?> </td> </tr> </table> </body> </html>
?> <html> <head> <title>Reset Your Password</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> <script language="javascript" src="/javascript.js"></script> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php if (@$_GET["msg"] == "email-not-found") { echo drawServerMessage("<h1>Email Not Found</h1>That email address wasn't found in the system. If the address below is correct and you've never logged in, you may need to <a href='account_request.php'>request an account</a>."); } else { echo drawServerMessage("<h1>Starting Over, Password-Wise</h1>Your old password can't be recovered, since it was encrypted. However, it can be reset so you can pick a new one. What is the email address on the account?"); } $form = new intranet_form(); $form->addRow("itext", "Email", "email", @$_GET["email"], "", true, 50); $form->addRow("submit", "Send Request"); $form->draw("Reset Password"); ?> </td> </tr> </table> </body> </html>
if ($uploading && file_ext($_FILES["userfile"]['name']) == 'jpg') { define('DIRECTORY_ROOT', $_SERVER['DOCUMENT_ROOT']); define('DIRECTORY_WRITE', '/uploads'); $image = format_image($_FILES["userfile"]["tmp_name"], 'jpg'); $image = format_image_resize($image, 320, 320); file_put('/uploads/staff/' . $id . '.jpg', $image); } url_change("view.php?id=" . $id); } drawTop(); if (isset($_GET["id"])) { $r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.nickname,\n\t\tu.lastname,\n\t\tu.title, \n\t\tu.email, \n\t\tu.bio, \n\t\tu.phone, \n\t\tu.rankID,\n\t\tu.lastlogin,\n\t\tu.officeID, \n\t\tu.corporationID,\n\t\tu.departmentID,\n\t\tu.homeAddress1,\n\t\tu.homeAddress2,\n\t\tu.homeCity,\n\t\tu.homeStateID,\n\t\tu.homeZIP,\n\t\tu.homePhone,\n\t\tu.homeCell,\n\t\tu.homeEmail,\n\t\tu.emerCont1Name,\n\t\tu.emerCont1Relationship,\n\t\tu.emerCont1Phone,\n\t\tu.emerCont1Cell,\n\t\tu.emerCont1Email,\n\t\tu.emerCont2Name,\n\t\tu.emerCont2Relationship,\n\t\tu.emerCont2Phone,\n\t\tu.emerCont2Cell,\n\t\tu.emerCont2Email,\n\t\tu.createdOn,\n\t\tu.updatedOn,\n\t\tu.startDate,\n\t\tu.endDate\n\t\tFROM intranet_users u\n\t\tWHERE u.userID = " . $_GET["id"]); if ($_GET["id"] == $user["id"] && $user["update_days"] > 90) { echo drawServerMessage("Your personal info hasn't been updated in a while. Please update this form and click Save at the bottom. Your home and emergency contact information will remain private -- only senior staff (and their assistants) have access to it."); } elseif (empty($user["updatedOn"])) { echo drawServerMessage("Welcome to the Intranet! Since this is your first time logging in, please make certain that the staff information here is correct, then click 'save changes' at the bottom. (The emergency and home info is private and optional.)"); } } elseif (isset($_GET["requestID"])) { $r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.nickname,\n\t\tu.lastname,\n\t\tu.title, \n\t\tu.email, \n\t\tu.bio, \n\t\tu.phone, \n\t\tu.officeID, \n\t\tu.corporationID,\n\t\tu.departmentID,\n\t\tu.createdOn,\n\t\tGETDATE() startDate\n\t\tFROM users_requests u WHERE id = " . $_GET["requestID"]); } else { $r["startDate"] = db_grab("SELECT GETDATE()"); } //set default rank if (!isset($r["rankID"])) { $r["rankID"] = db_grab("SELECT id FROM intranet_ranks WHERE isDefault = 1"); } $isRequired = isset($_GET["id"]) && $_GET["id"] == $user["id"] && $locale == "/_seedco/"; $form = new intranet_form(); $form->addGroup("Public Information"); $form->addRow("itext", "First Name", "firstname", @$r["firstname"], "", true, 50); $form->addRow("itext", "Nickname", "nickname", @$r["nickname"], "", false, 50);
} //get topic data $r = db_grab("SELECT \n\t\tt.title,\n\t\tt.description,\n\t\tt.createdOn,\n\t\tt.isAdmin,\n\t\tu.userID,\n\t\tISNULL(u.nickname, u.firstname) firstname,\n\t\tu.lastname\n\t\tFROM bulletin_board_topics t\n\t\tJOIN intranet_users u ON t.createdBy = u.userID\n\t\tWHERE t.id = " . $_GET["id"]); //check that it exists if (empty($r)) { url_change("/bb/"); } drawTop(); echo drawSyndicateLink("bb"); $isPoster = $r["userID"] == $user["id"] ? true : false; if (!$printing) { $r["description"] = htmlwrap($r["description"]); } //if ($_GET["id"] == 7966) echo drawServerMessage("<b>Note</b>: This comments on this post are organized in reverse-chronological order."); if ($r["isAdmin"]) { echo drawServerMessage("<b>Note</b>: This is an Administration/Human Resources topic. For more information, please contact the <a href='mailto:hrpayroll@seedco.org'>Human Resources Department</a>."); } ?> <script language="javascript"> <!-- function checkDelete() { if (confirm("Are you sure you want to delete this topic?")) location.href="<?php echo $_josh["request"]["path_query"]; ?> &delete=true"; } function checkDeleteFollowup(id) { if (confirm("Are you sure you want to delete this followup?")) location.href="<?php echo $_josh["request"]["path_query"]; ?> &deleteFollowupID=" + id;
<?php include "../include.php"; ?> <html> <head> <title>Request an Account</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php echo drawServerMessage("<h1>Thank you!</h1> Your request has been submitted for approval.<br>Click <a href='/'>here</a> to go back."); ?> </td> </tr> </table> </body> </html>
} elseif (stristr($req, "/departments/administration")) { $target = str_replace("/departments/administration", "/openings", $req); } elseif (stristr($req, "/departments/earnfair")) { $target = str_replace("/departments/earnfair", "/queries", $req); } elseif (stristr($req, "/departments/resource_development")) { $target = str_replace("/departments/resource_development", "/funders", $req); } elseif (stristr($req, "/documents")) { $target = str_replace("/documents", "/docs", $req); } elseif (stristr($req, "/btw")) { //back to work application ~ used to have the intranet domain $target = "http://btw.seedco.org" . $req; } elseif (stristr($req, "msoffice/cltreq.asp")) { //m$ft internet explorer discussion bar, no redirect } elseif (stristr($req, "favicon.ico")) { //site favorite icon, no redirect } elseif (stristr($req, "_vti_")) { //looking for m$ft front page extensions, no redirect } elseif ($user["id"] != 1) { //user is admin, send email $msg = $user["full_name"] . " couldn't find http://" . $_josh["request"]["host"] . $req; if ($referrer) { $msg .= "<br><br>Referred by " . $referrer; } //email("*****@*****.**", "Intranet 404 Error", $msg); } if ($target) { url_change($target, true); } drawTop(); echo drawServerMessage("<b>Error: Page Not Found</b><br>\nSorry, the page you're looking for isn't here! If you feel you reached this page in error, please contact \n<a href='mailto:josh@joshreisner.com'>Josh Reisner</a> so it can be fixed."); drawBottom();
<?php include "../include.php"; ?> <html> <head> <title>Request an Account</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php echo drawServerMessage("<h1>Account Already Exists</h1> The email you entered already belongs to an active account on the system. Would you\nlike to <a href='password_reset.php'>reset your password</a>?"); ?> </td> </tr> </table> </body> </html>
} url_query_require(); drawTop(); $r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.lastname,\n\t\tu.nickname, \n\t\tu.bio, \n\t\tu.email,\n\t\t" . db_pwdcompare("", "u.password") . " password,\n\t\tu.phone, \n\t\tu.lastlogin, \n\t\tu.title,\n\t\tf.name office, \n\t\td.departmentName,\n\t\tu.corporationID,\n\t\tc.description corporationName,\n\t\tu.homeAddress1,\n\t\tu.homeAddress2,\n\t\tu.homeCity,\n\t\ts.stateAbbrev,\n\t\tu.homeZIP,\n\t\tu.homePhone,\n\t\tu.homeCell,\n\t\tu.homeEmail,\n\t\tu.emerCont1Name,\n\t\tu.emerCont1Relationship,\n\t\tu.emerCont1Phone,\n\t\tu.emerCont1Cell,\n\t\tu.emerCont1Email,\n\t\tu.emerCont2Name,\n\t\tu.emerCont2Relationship,\n\t\tu.emerCont2Phone,\n\t\tu.emerCont2Cell,\n\t\tu.emerCont2Email,\n\t\tu.startDate,\n\t\tu.longDistanceCode,\n\t\tu.endDate,\n\t\tu.isActive,\n\t\tr.description rank\n\tFROM intranet_users u\n\tJOIN intranet_ranks r ON u.rankID = r.id\n\tLEFT JOIN organizations\t\t\tc ON u.corporationID = c.id\n\tLEFT JOIN intranet_departments\t\td ON d.departmentID\t= u.departmentID \t\t\t\t\n\tLEFT JOIN intranet_offices \t\tf ON f.id\t\t\t= u.officeID \t\t\t\t\n\tLEFT JOIN intranet_us_states\t\ts ON u.homeStateID\t= s.stateID\n\tWHERE u.userID = " . $_GET["id"]); $r["corporationName"] = empty($r["corporationName"]) ? '<a href="organizations.php?id=0">Shared</a>' : '<a href="organizations.php?id=' . $r["corporationID"] . '">' . $r["corporationName"] . '</a>'; if (!isset($r["isActive"])) { url_change("./"); } echo drawJumpToStaff($_GET["id"]); if (!$r["isActive"]) { $msg = "This is a former staff member. "; if ($r["endDate"]) { $msg .= $r["nickname"] ? $r["nickname"] : $r["firstname"]; $msg .= "'s last day was " . format_date($r["endDate"]) . "."; } echo drawServerMessage($msg, "center"); } ?> <table class="left" cellspacing="1"> <?php if ($isAdmin) { if ($r["isActive"]) { echo drawHeaderRow("View Staff Info", 3, "edit", "add_edit.php?id=" . $_GET["id"], "deactivate", deleteLink("Deactivate this staff member?")); } else { echo drawHeaderRow("View Staff Info", 3, "edit", "add_edit.php?id=" . $_GET["id"], "re-activate", deleteLink("Re-activate this staff member?", false, "undelete")); } } elseif ($_GET["id"] == $user["id"]) { echo drawHeaderRow("View Staff Info", 3, "edit your info", "add_edit.php?id=" . $_GET["id"]); } else { echo drawHeaderRow("View Staff Info", 3); }