/**
* Generates module specific actions
*
* @param $userId The user for whom the list of permitted actions must be computed.
* @param $pageId The page on which the permissible action for the user is computed
*
* @return $actionbar The list of permitted module specific actions for the 'user' of 'page'.
*/
function getActionbarModule($userId, $pageId)
{
$action_query = "SELECT perm_id, perm_action, perm_text FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE perm_action != 'create' AND page_module = '" . getEffectivePageModule($pageId) . "'";
$action_result = mysql_query($action_query);
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
$actionbarPage = array();
while ($action_row = mysql_fetch_assoc($action_result)) {
if (getPermissions($userId, $pageId, $action_row['perm_action'])) {
$actionbarPage[$action_row['perm_action']] = $action_row['perm_text'];
}
}
$actionbar = "<div id=\"cms-actionbarModule\">";
if (is_array($actionbarPage) > 0) {
foreach ($actionbarPage as $action => $actionname) {
if (!$allow_login_result[0] && $actionname == "View" && !$userId) {
continue;
}
$actionbar .= "<span class=\"cms-actionbarModuleItem\"><a class=\"robots-nofollow\" rel=\"nofollow\" href=\"./+{$action}\">{$actionname}</a></span>\n";
}
}
$actionbar .= "</div>";
return $actionbar;
}
function dir2array($dir, $content)
{
if ($dir[strlen($dir) - 1] != '/') {
$dir .= '/';
}
if (!is_dir($dir)) {
return array();
}
$dir_handle = opendir($dir);
$array = array();
while ($object = readdir($dir_handle)) {
if (!in_array($object, array('.', '..'))) {
$filepath = $dir . $object;
$file_object = array('name' => $object, 'path' => $dir, 'size' => filesize($filepath), 'type' => filetype($filepath), 'node' => fileinode($filepath), 'group' => filegroup($filepath), 'time' => getTime($filepath), 'perms' => getPermissions($filepath));
if ($file_object['type'] == 'dir') {
if ($content == true) {
$file_object['content'] = dir2array($filepath, $content);
}
} else {
if ($content == true) {
$file_object['content'] = file2base64($filepath);
}
$file_object['mime'] = getMime($filepath);
}
$array[] = $file_object;
}
}
return $array;
}
function getPermission($perm, $groupid = false)
{
// Gets a specific permission for a group
$perms = getPermissions($groupid);
if (isset($perms[$perm])) {
return $perms[$perm] == 1;
}
return false;
}
function getNodeHtmlforPagelist($pageId, $userId, $module, $action, $parentPath, $depth)
{
global $cmsFolder, $urlRequestRoot, $templateFolder;
$tempFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}";
$imagesFolder = "{$tempFolder}/common/icons/32x32";
$imagesFolder2 = "{$tempFolder}/common/images/pagethumbs";
$goimage = "{$tempFolder}/common/icons/16x16/actions/media-skip-forward.png";
if ($depth != 0) {
$htmlOut = '';
if (getPermissions($userId, $pageId, $action, $module)) {
if (isset($_POST['hell'])) {
$pageId = escape($_POST['hell']);
unset($_POST['hell']);
$htmlOut .= $this->generatePagelist($pageId, $userId, $permId, $action = '', $depth);
} else {
$pageInfo = getPageInfo($pageId);
if (isset($_POST['hell2'])) {
$pagePath = escape($_POST['hell2']);
unset($_POST['hell2']);
} else {
$pagePath = $parentPath;
if ($pageInfo['page_name'] != '') {
$pagePath .= $pageInfo['page_name'] . '/';
}
}
$pagename = $pageInfo['page_name'];
$htmlOut .= "<li><form method ='POST' action='./'><input type='image' src=\"{$goimage}\" name='pagename' alt='Go' title='Click to list pages from here'><input type='hidden' name='hell' value='{$pageId}' /><input type='hidden' name='hell2' value='{$pagePath}' /><a href=\"{$pagePath}\">";
/** **************************************************************************************************************************************************************
The following lines are for thumb images of each page listed in the page of type pagelist :
By Default: the home icon is set as default thumb image for each page. This can be changed by doing following actions:
a) Create a folder called 'pagethumbs' in folder '/cms/templates/common'
b) put all the images (size preferably 32x32 ) with the name same as the name of the page.
e.g. for a page whose name is 'hello' in table _pages the name of the image in the above said folder should be 'hello.png'
c) Add comment symbol i.e. // in front of line saying : $thumbname="$imagesFolder/actions/go-home.png"; (currently it is line 159 if not changed)
THAT'S IT
************************************************************************************************************************************************************* */
$thumbname = "{$imagesFolder}/actions/go-home.png";
$htmlOut .= "<span class='list'><img src='{$thumbname}' alt=' !sorry! '>" . getPageTitle($pageId) . "</span></a>\n</form>";
$childrenQuery = 'SELECT `page_id`, `page_displayinmenu` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` <> `page_id` AND `page_parentid` = ' . $pageId;
$childrenResult = mysql_query($childrenQuery);
$childrenHtml = '';
while ($childrenRow = mysql_fetch_row($childrenResult)) {
if ($childrenRow[1] == 1 && $depth != 0) {
$childrenHtml .= $this->getNodeHtmlforPagelist($childrenRow[0], $userId, $module, $action, $pagePath, $depth - 1);
}
}
if ($childrenHtml != '') {
$htmlOut .= "<ul>{$childrenHtml}</ul>\n";
}
$htmlOut .= "</li>\n";
}
}
return $htmlOut;
}
}
public function employeePermissions_get()
{
$permissions = getPermissions();
$result = array();
foreach ($permissions as &$value) {
array_push($result, (object) $value);
}
if ($result) {
$this->response($result, 200);
// 200 being the HTTP response code
} else {
$this->response(array('error' => 'Couldn\'t find any results!'), 404);
}
}
function getNodeHtml($pageId, $userId, $module, $action, $parentPath)
{
$htmlOut = '';
if (getPermissions($userId, $pageId, $action, $module)) {
$pageInfo = getPageInfo($pageId);
$pagePath = $parentPath;
if ($pageInfo['page_name'] != '') {
$pagePath .= $pageInfo['page_name'] . '/';
}
$htmlOut .= "<li><a href=\"{$pagePath}\">" . getPageTitle($pageId) . "</a>\n";
$childrenQuery = 'SELECT `page_id` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` <> `page_id` AND `page_parentid` = \'' . $pageId . '\' AND `page_displayinsitemap` = 1';
$childrenResult = mysql_query($childrenQuery);
$childrenHtml = '';
while ($childrenRow = mysql_fetch_row($childrenResult)) {
$childrenHtml .= $this->getNodeHtml($childrenRow[0], $userId, $module, $action, $pagePath);
}
if ($childrenHtml != '') {
$htmlOut .= "<ul>{$childrenHtml}</ul>\n";
}
$htmlOut .= "</li>\n";
}
return $htmlOut;
}
exit;
}
///If it reaches here, means the page requested is valid. Log the information for future use.
logInfo(getUserEmail($userId), $userId, $pageId, $pageFullPath, getPageModule($pageId), $action, $_SERVER['REMOTE_ADDR']);
///The URL points to a file. Download permissions for the file are handled inside the download() function in download.lib.php
if (isset($_GET['fileget'])) {
require_once $sourceFolder . "/download.lib.php";
$action = "";
if (isset($_GET['action'])) {
$action = $_GET['action'];
}
download($pageId, $userId, $_GET['fileget'], $action);
exit;
}
///Check whether the user has the permission to use that action on the requested page.
$permission = getPermissions($userId, $pageId, $action);
///Gets the page-specific template for that requested page
define("TEMPLATE", getPageTemplate($pageId));
///Gets the page title of the requested page
if (getTitle($pageId, $action, $TITLE)) {
$TITLE = CMS_TITLE . " - {$TITLE}";
} else {
$TITLE = CMS_TITLE;
}
///Gets the content according to the user's permissions
$CONTENT = getContent($pageId, $action, $userId, $permission);
///Gets the inherited code (if any) from the parent page
$INHERITEDINFO = inheritedinfo($pageIdArray);
///Gets the breadcrumb
$BREADCRUMB = breadcrumbs($pageIdArray, " » ");
//Gets the searchbar
require_once "../subs.php";
require_once "../conf.inc.php";
require_once "../lib/dblayer.php";
require_once "./subs.php";
require_once "../vendor/autoload.php";
// Twig инициализация
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../templates");
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array("cache" => "../cache", "auto_reload" => 1));
// Twig no cache
$template = 'tools.twig';
if ($admin_login = isAuthorized()) {
$c['nojs'] = true;
$users = getUsers();
$permissions = getPermissions($admin_login["uid"], $users);
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
$c['dir'] = basename(__DIR__);
$TITLE['helpdesk/reports'] = "Отчёты";
$c['sections'] = $TITLE;
$categories = getCategories();
$c["cat"] = $_cat = checkRequest("cat");
if ($_cat) {
$c['current_cat'] = getCategory($_cat);
}
// if ($_cat) echo 1;
$query_upd = $db->query("UPDATE `users` SET `photo`= null,`modiff`=NOW(),`modiff_uid`='{$admin_id}' WHERE `uid`={$uid}");
if ($query_upd) {
$result['success'] = true;
unset($result['msg']);
}
break;
case 'getUserInfo':
require_once "../vendor/autoload.php";
// Twig инициализация
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../templates/users");
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array("cache" => ""));
// Twig no cache
$uid = $_POST['user_id'];
$query_info = "SELECT\r\n u.`uid`,\r\n DATE_FORMAT(u.`modiff`,'%d.%m.%Y %H:%i:%s') as `modiff`,\r\n (SELECT CONCAT(`lastname`,' ',`firstname`) FROM users WHERE `uid`=u.`modiff_uid`) AS `modiff_user`,\r\n u.`status_id`,\r\n (SELECT `name` FROM users_statuses WHERE users_statuses.`id`=u.`status_id`) AS `status`,\r\n u.`lastname`,\r\n u.`firstname`,\r\n u.`middlename`,\r\n u.`login`,\r\n u.`login_ae`,\r\n u.`pass`,\r\n u.`photo`,\r\n u.`phone` as `tel`,\r\n u.`skud`,\r\n u.`email`,\r\n u.`comment`,\r\n u.`area_id`,\r\n (SELECT `name` FROM areas WHERE areas.`id`=u.`area_id`) AS `area`,\r\n (SELECT `name` FROM depts WHERE depts.`id`=u.`dept_id`) AS `dept`,\r\n (SELECT `name` FROM posts WHERE posts.`id`=u.`post_id`) AS `post`,\r\n (SELECT `name` FROM organizations WHERE organizations.`id`=u.`organization_id`) AS `organization`,\r\n (SELECT `workstation` FROM `sessions_users` WHERE `id`='{$uid}') as `workstation_id`,\r\n (SELECT `ip` FROM `workstations` WHERE `id`=`workstation_id`) as `logon_ip`,\r\n (SELECT `name` FROM `workstations` WHERE `id`=`workstation_id`) as `workstation`,\r\n (SELECT `domain` FROM `sessions_users` WHERE `id`='{$uid}') as `domain`,\r\n (SELECT `time` FROM `sessions_users` WHERE `id`='{$uid}') as `logon_time`\r\n FROM users AS u WHERE u.`uid`='{$uid}'";
if ($query_info_res = $db->query($query_info)) {
$user_data = $db->fetch_assoc($query_info_res);
}
$user_data['users'] = getUsers();
$user_data['permissions'] = getPermissions($admin_login["uid"], $user_data['users']);
$result['user_info'] = $twig->render('user_info.twig', $user_data);
break;
}
/* Возвращаем результат также в виде JSON-объекта.
* В случае безошибочного получения результата,
* Делаем $result['success'] = true;
* Остальные параметры - опциональные
* */
print_r(json_encode($result));
}
> Append incrementing numbers to duplicate cite keys
</td>
</tr>
<tr>
<td align="left"></td>
<td colspan="2"></td>
</tr>
<tr>
<td align="left"></td>
<td colspan="2">
<input type="submit" value="Submit">
</td>
</tr><?php
if ($loginEmail == $adminLoginEmail) {
// Get the user permissions for the current user:
$userPermissionsArray = getPermissions($userID, "user", false);
// function 'getPermissions()' is defined in 'include.inc.php'
// Setup variables to mark the checkboxes according to the user's permissions:
if ($userPermissionsArray['allow_add'] == 'yes') {
$allowAddChecked = " checked";
} else {
$allowAddChecked = "";
}
if ($userPermissionsArray['allow_edit'] == 'yes') {
$allowEditChecked = " checked";
} else {
$allowEditChecked = "";
}
if ($userPermissionsArray['allow_delete'] == 'yes') {
$allowDeleteChecked = " checked";
} else {
/**
* function actionEdit:
* @returns HTML Edit interface for book module's properties
*/
public function actionEdit()
{
if (isset($_POST['page_title'])) {
$tList = "";
$hList = "";
$found = false;
foreach ($_POST as $key => $val) {
if (substr($key, 0, 7) == "chkPage") {
$tList .= substr($key, 7) . ",";
if (substr($key, 7) == $_POST['optInitial']) {
$found = true;
}
} elseif (substr($key, 0, 8) == "hidePage") {
$hList .= substr($key, 8) . ",";
}
}
$tList = rtrim($tList, ",");
$hList = rtrim($hList, ",");
if ($found) {
$this->bookProps['page_title'] = escape($_POST['page_title']);
$this->bookProps['initial'] = escape($_POST['optInitial']);
$this->bookProps['list'] = $tList;
$this->bookProps['menu_hide'] = $hList;
$this->hideInMenu();
$query = "UPDATE `book_desc` SET `initial` = '" . escape($_POST['optInitial']) . "', `list` = '{$tList}', `menu_hide` = '{$hList}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'";
mysql_query($query) or die(mysql_error() . ": book.lib.php L:131");
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_title` = '" . $this->bookProps['page_title'] . "' WHERE `page_id` = '{$this->pageId}'";
mysql_query($query) or die(mysql_error() . ": book.lib.php L:133");
displayinfo("Book Properties saved properly");
} else {
displayerror("You've choosen a hidden sub-page as default which is not possible, so the settings are not saved.");
}
}
$childrenQuery = 'SELECT `page_id`, `page_title`, `page_module`, `page_name`, `page_modulecomponentid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . "'" . $this->pageId . "'" . ' AND `page_id` != \'' . $this->pageId . '\' ORDER BY `page_menurank`';
$result = mysql_query($childrenQuery);
$table = "";
$hide_list = explode(",", $this->bookProps['menu_hide']);
$show_list = explode(",", $this->bookProps['list']);
if (mysql_num_rows($result)) {
$table = "<table><thead><td>Initial</td><td>Show in Tab</td><td>Hide in Menu</td><td>Page</td></thead>";
while ($row = mysql_fetch_assoc($result)) {
$radio = "";
if ($row['page_id'] == $this->bookProps['initial']) {
$radio = "checked";
}
$checkbox = "";
$hide_checkbox = "";
if (in_array($row['page_id'], $show_list)) {
$checkbox = "checked=checked ";
}
if (in_array($row['page_id'], $hide_list)) {
$hide_checkbox = "checked=checked ";
}
$table .= "<tr><td><input type='radio' name='optInitial' value='{$row['page_id']}' {$radio}></td><td><input type=checkbox name='chkPage{$row['page_id']}' {$checkbox}></td><td><input type=checkbox name='hidePage{$row['page_id']}' {$hide_checkbox}></td>";
if (getPermissions($this->userId, $row['page_id'], "edit")) {
$table .= "<td><a href='{$row['page_name']}/+edit'>{$row['page_title']}</a></td></tr>";
} else {
$table .= "<td>{$row['page_title']}</td></tr>";
}
}
$table .= "</table>";
} else {
$table = "No child page available<br />";
}
$ret = <<<RET
<form action='./+edit' method=POST>
Title: <input type=text name="page_title" value="{$this->bookProps['page_title']}"><br />
{$table}
<input type=submit value=Save>
</form>
RET;
return $ret;
}
ini_set("display_errors", 1);
error_reporting(E_ALL ^ E_NOTICE);
require_once "{$_SERVER['DOCUMENT_ROOT']}/vendor/autoload.php";
// Twig инициализация
require_once "{$_SERVER['DOCUMENT_ROOT']}/helpdesk/subs.php";
require_once "{$_SERVER['DOCUMENT_ROOT']}/helpdesk/conf.php";
Twig_Autoloader::register();
$loader = new Twig_Loader_Filesystem("../../templates");
// Twig папка с шаблонами
$twig = new Twig_Environment($loader, array("cache" => ""));
// Twig no cache
session_start();
if ($c = isAuthorized()) {
$TITLE['helpdesk/reports'] = "Отчёты";
$users = getUsers();
$permissions = getPermissions($c["uid"], $users);
if ($permissions["bills"] == 'deny') {
unset($TITLE["bills"]);
}
if ($permissions["users"] == 'deny') {
unset($TITLE["users"]);
}
$c['sections'] = $TITLE;
$c['dir'] = "helpdesk/reports";
$c['admin_fio'] = $c["lastname"] . " " . $c["firstname"];
$c['notify'] = getBurnedCounts($c["uid"]);
$admins = getAdmins(true);
$performer = isset($_REQUEST["performer"]) ? check_string($_REQUEST["performer"], "digits") : null;
$p = isset($performer) ? array($admins[$performer]['uid'] => $admins[$performer]) : $admins;
// print_r($p);
$month = (int) (isset($_REQUEST["m"]) ? check_string($_REQUEST["m"], "digits") : date("m"));
function child($pageId, $userId, $depth)
{
$pageId = escape($pageId);
if ($depth < 0) {
$childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` != \'' . $pageId . '\' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
} else {
$childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = \'' . $pageId . '\' AND `page_id` != \'' . $pageId . '\' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`';
}
$childrenResult = mysql_query($childrenQuery);
$children = array();
while ($childrenRow = mysql_fetch_assoc($childrenResult)) {
if ($childrenRow['page_displayinmenu'] == true && getPermissions($userId, $childrenRow['page_id'], 'view', $childrenRow['page_module']) == true) {
$children[] = array($childrenRow['page_id'], $childrenRow['page_name'], $childrenRow['page_module'], $childrenRow['page_image'], $childrenRow['page_displayicon'], $childrenRow['page_modulecomponentid']);
}
}
return $children;
}
</select>
<?php
echo isSuperuser() ? "" : "*The path to the file with NO leading slash </td>";
?>
</tr>
<tr>
<th> Area: </th><td> <?php
getArea();
?>
</td>
</tr>
<tr>
<th> Permission Needed: </th><td>
<select name='permission'>
<?php
getPermissions();
?>
</select></td>
</tr>
<tr>
<th> Parent Link: </th><td>
<select name='parent'>
<?php
getParent();
?>
</select>*Only needed if link is a Sub-link </td>
</tr>
<tr><th>Open In New Tab?</th>
<td><input type='checkbox' name='newtab' value="1">*Check if you want the link to always open in a new tab</td></tr>
</table>
<input type="submit" name="submit" value="Submit" method="post">
private function forumHtml($data, $type = 'thread', $post = 0, $count = 0)
{
global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder, $userId;
require_once "{$sourceFolder}/{$moduleFolder}/forum/bbeditor.php";
require_once "{$sourceFolder}/{$moduleFolder}/forum/bbparser.php";
$js = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/jscript.js";
$table_name = "forum_threads";
$table1_name = "forum_posts";
$templatesImageFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/" . TEMPLATE;
$temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images";
if (isset($_GET['thread_id'])) {
$thread_id = escape($_GET['thread_id']);
}
$forumHtml = '';
$forum_threads = '';
$rows = $data;
$action = "+post&subaction=create_thread";
$forum_lastVisit = $this->forumLastVisit();
if ($type == 'threadRow') {
if ($userId > 0 && $forum_lastVisit < $rows['forum_thread_lastpost_date']) {
$img_src = "thread_new.gif";
} else {
$img_src = "thread_hot.gif";
}
$topic = ucfirst(parseubb(parsesmileys($rows['forum_thread_topic'])));
$name = ucfirst(getUserName($rows['forum_thread_user_id']));
$last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid']));
if ($rows['forum_thread_category'] == 'sticky') {
$img_src = 'sticky.gif';
}
$query1 = "SELECT `forum_post_id` FROM `{$table1_name}` WHERE `forum_thread_id`='" . $rows['forum_thread_id'] . "' AND `forum_post_approve`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
$result1 = mysql_query($query1);
$reply_count = mysql_num_rows($result1);
$forum_threads .= <<<PRE1
\t\t\t <tr class="forumThreadRow">
\t\t\t <td class="forumThreadRow forumTableIcon" width="3%"><img src="{$temp}/{$img_src}" /></td>
\t\t\t <td class="forumThreadRow" width="51%"><a class="threadRow" href="+view&thread_id={$rows['forum_thread_id']}"> {$topic} </a><br /><small>by <b> {$name} </b>
\t\t\t on {$rows['forum_thread_datetime']} </small></td>
\t\t\t <td class="forumThreadRow" width="8%" style="text-align:center;"> {$rows['forum_thread_viewcount']} </td>
\t\t\t <td class="forumThreadRow" width="8%" style="text-align:center;"> {$reply_count} </td>
\t\t\t <td class="forumThreadRow" width="30%"><small>by <b> {$last_post_author} </a></b> on {$rows['forum_thread_lastpost_date']} </small></td>
\t\t\t </tr>
PRE1;
$forumHtml .= $forum_threads;
}
if ($type == 'threadHead') {
$thread_Header = '<p align="left">';
if ($rows['forum_thread_category'] != 'sticky') {
$thread_Header .= '<a href="+post&subaction=post_reply&thread_id=' . $thread_id . '"><img alt="Reply" title="Reply" src="' . $temp . '/reply.gif" /></a>  ';
}
$thread_Header .= <<<PRE
\t\t\t\t<link rel="stylesheet" href="{$temp}/styles.css" type="text/css" />
\t\t\t\t <a href="+post&subaction=create_thread"><img title="New Thread" src="{$temp}/newthread.gif" /></a> <a
href="+view"> <img title="Go Back to Forum" src="{$temp}/go_back.gif" /></a>
\t\t\t\t<table width="100%" cellpadding="4" cellspacing="2" id="forum" >
PRE;
$forumHtml = $thread_Header;
}
if ($type == 'threadMain') {
$q = "SELECT * FROM `forum_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1";
$r = mysql_query($q) or displayerror(mysql_error() . "View of Thread failed L:962");
$r = mysql_fetch_array($r);
if ($post == 0) {
$topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_thread_topic']))));
$name = ucfirst(getUserName($rows['forum_thread_user_id']));
$last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid']));
$threadUserId = $rows['forum_thread_user_id'];
$detail = censor_words(parseubb(parsesmileys($rows['forum_detail'])));
$posts = $this->getTotalPosts($rows['forum_thread_user_id']);
$reg_date = $this->getRegDateFromUserID($rows['forum_thread_user_id']);
$postTime = $rows['forum_thread_datetime'];
}
if ($post == 1) {
$postUserId = $rows['forum_post_user_id'];
$topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_post_title']))));
$detail = censor_words(parseubb(parsesmileys($rows['forum_post_content'])));
$name = ucfirst(getUserName($rows['forum_post_user_id']));
$posts = $this->getTotalPosts($rows['forum_post_user_id']);
$reg_date = $this->getRegDateFromUserID($rows['forum_post_user_id']);
$postTime = $rows['forum_post_datetime'];
$threadUserId = $postUserId;
}
$datetime = date("Y-m-d H:i:s") - $postTime;
$threadHtml = '<tr class="ThreadHeadRow" cellspacing="10">
<td class="forumThreadRow"><strong> ' . $topic . ' </strong><br />' . '<img src="' . $temp . '/post_icon.gif" /><small>   by ' . $name . ' </a>' . ' on ' . $postTime . ' </small>';
if ($post == 1) {
if ($r['allow_like_posts'] == 1) {
$likequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
$likeres = mysql_query($likequery);
$likeres = mysql_num_rows($likeres);
$dlikequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='0' AND `page_modulecomponentid`='{$this->moduleComponentId}' ";
$dlikeres = mysql_query($dlikequery);
$dlikeres = mysql_num_rows($dlikeres);
$threadHtml .= '<br /><small> ' . $likeres . ' people like this post</small>    ';
$threadHtml .= '<small> ' . $dlikeres . ' people dislike this post</small><br />';
}
}
$threadHtml .= '</td>
<td class="forumThreadRow" width="25%" rowspan="2"><strong> ' . $name . ' </a><br />';
if ($threadUserId > 0) {
if ($threadUserId == $userId) {
$lastLogin = $_SESSION['last_to_last_login_datetime'];
} else {
$lastLogin = $this->getLastLogin($threadUserId);
}
$moderator = getPermissions($threadUserId, getPageIdFromModuleComponentId("forum", $this->moduleComponentId), "moderate");
if ($moderator) {
$threadHtml .= "Moderator";
} else {
$threadHtml .= "Member";
}
$content = 'content' . $count;
$text = 'text' . $count;
$threadHtml .= <<<PRE
\t\t\t\t\t\t</strong><br /><br />
\t\t\t\t\t\t<script type="text/javascript" languauge="javascript" src="{$js}"></script>
\t\t\t\t\t\t<a id="{$text}" href="javascript:toggle('{$content}','{$text}');" >Show Details</a><br />
\t\t\t\t\t\t<div id="{$content}" style="display: none;"><small>Posts: {$posts} <br />Joined: {$reg_date} <br />Last Visit:
\t\t\t\t\t\t{$lastLogin} </small></div>
PRE;
if ($post == 1 && $userId > 0 && ($r['allow_delete_posts'] == 1 || $r['allow_like_posts'] == 1)) {
//$threadHtml .= '<tr><td colspan="2" align="right">';
if ($r['allow_delete_posts'] == 1) {
if ($post == 1 && $userId > 0 && $userId == $rows['forum_post_user_id']) {
$threadHtml .= '<br /><a href="+view&subaction=delete_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . '<img src="' . $temp . '/delete1.gif"></a></span>';
}
}
if ($r['allow_like_posts'] == 1) {
if ($userId > 0 && $post == 1) {
$postId = $rows['forum_post_id'];
$qu = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='1'";
$re = mysql_query($qu);
$qu1 = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='0'";
$re1 = mysql_query($qu1);
if (mysql_num_rows($re) == 0 && mysql_num_rows($re1) == 0) {
$threadHtml .= ' <a href="+view&subaction=like_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . ' <img title="Like this post" src="' . $temp . '/like.gif"></a></span>';
$threadHtml .= ' <a href="+view&subaction=dislike_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . ' <img title="Dislike this post" src="' . $temp . '/unlike.gif"></a></span>';
} else {
if (mysql_num_rows($re) > 0) {
$threadHtml .= '<br /> You Like this post';
} else {
$threadHtml .= '<br /> You Dislike this post';
}
}
}
}
//$threadHtml .= '</td></tr>';
}
}
$threadHtml .= <<<PRE
\t </td>
\t </tr>
\t <tr>
\t <td class="forumThreadRow"> <br />{$detail} </td>
\t </tr>
PRE;
$threadHtml .= '<tr><td class="blank" colspan="2"></td></tr>';
$forumHtml .= $threadHtml;
}
return $forumHtml;
}
function copyPage($userId, $pageId, $parentId, $pagetitle, $pagename, $recursive)
{
if (!getPermissions($userId, $parentId, "settings")) {
return false;
}
$parentInfo = getPageInfo($parentId);
$parentmoduleType = $parentInfo['page_module'];
if ($parentmoduleType == "link") {
return false;
}
$pageInfo = getPageInfo($pageId);
$moduleType = $pageInfo['page_module'];
if ($moduleType == "link") {
return false;
}
$newmodulecomponentid = 0;
if ($moduleType != "menu" && $moduleType != "external") {
global $sourceFolder;
global $moduleFolder;
require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
$page = new $moduleType();
$newmodulecomponentid = createInstance($moduleType);
copyInstance($moduleType, $pageInfo['page_modulecomponentid'], $newmodulecomponentid);
$page->copyModule($pageInfo['page_modulecomponentid'], $newId);
}
if ($moduleType == "external") {
$extquery = "SELECT MAX( page_modulecomponentid ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "external";
$extqueryresult = mysql_query($extquery);
$extqueryrow = mysql_fetch_array($extqueryresult);
$extpageid = $extqueryrow[0] + 1;
$linkquery = "SELECT page_extlink FROM " . MYSQL_DATABASE_PREFIX . "external WHERE page_modulecomponentid='" . $pageInfo['page_modulecomponentid'] . "'";
$linkqueryresult = mysql_query($linkquery);
$linkqueryrow = mysql_fetch_array($linkqueryresult);
$link = $linkqueryrow[0];
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "external` (`page_modulecomponentid`,`page_extlink`) " . "VALUES('{$extpageid}','{$link}')";
if (!($result = mysql_query($query))) {
displayerror("Unable to copy the page.");
return false;
}
}
$maxquery = "SELECT MAX( page_id ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "pages";
$maxqueryresult = mysql_query($maxquery);
$maxqueryrow = mysql_fetch_array($maxqueryresult);
$maxpageid = $maxqueryrow[0] + 1;
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id`,`page_name`,`page_title`,`page_parentid`,`page_module`,`page_modulecomponentid`,`page_displayinmenu`, `page_displaymenu`, `page_displaysiblingmenu`,`page_menurank`) " . "VALUES('{$maxpageid}','{$pagename}','{$pagetitle}','{$parentId}','{$pageInfo['page_module']}','{$newmodulecomponentid}','{$pageInfo['page_displayinmenu']}','{$pageInfo['page_displaymenu']}','{$pageInfo['page_displaysiblingmenu']}','{$maxpageid}')";
if (!($result = mysql_query($query))) {
displayerror("Unable to copy the page.");
return false;
}
if ($recursive) {
$childrenquery = "SELECT `page_id`,`page_name`,`page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' ";
$childrenresult = mysql_query($childrenquery);
while ($temp = mysql_fetch_assoc($childrenresult)) {
copyPage($userId, $temp['page_id'], $maxpageid, $temp['page_title'], $temp['page_name'], $recursive);
}
}
return true;
}
public function actionEdit($moduleComponentId)
{
global $urlRequestRoot;
global $sourceFolder, $cmsFolder;
global $templateFolder;
$scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
$imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == 'addteam') {
if (isset($_POST['btnAddTeam'])) {
$query = "SELECT MAX(`qaos_team_id`) AS max FROM `qaos_teams`";
$result = mysql_query($query);
$resultArray = mysql_fetch_assoc($result);
$max = $resultArray['max'];
for ($i = 1; $i < 6; $i++) {
if ($teamName = $_POST["qaos_team" . $i . ""]) {
$query = "SELECT * FROM `qaos_teams` WHERE `qaos_team_name` LIKE '{$teamName}%'";
$result = mysql_query($query);
if (mysql_num_rows($result) > 1) {
displayerror("The {$teamName} team already exists in the database.");
continue;
}
$teamId = $max + $i;
$teamDesc = $_POST["team_desc" . $i . ""];
$query = "INSERT INTO `qaos_teams` (`page_modulecomponentid`,`qaos_team_id`,`qaos_team_name`,`qaos_team_description`) VALUES ('{$moduleComponentId}','{$teamId}','{$teamName}','{$teamDesc}')";
$result = mysql_query($query);
if (!$result) {
displayerror("The team '{$teamName}' could not be added. Please try again.");
}
}
}
}
} elseif ($_GET['subaction'] == 'changeversion') {
if (isset($_POST['btnSubmitVersion'])) {
$query = "UPDATE `qaos_version` SET `qaos_version` = '" . escape($_POST[qaos_version]) . "' WHERE `page_modulecomponentid` = '{$moduleComponentId}'";
$result = mysql_query($query);
if (mysql_query($query)) {
displayinfo("The version has been successfully updated.");
} else {
displayinfo("There was some error while updating the version. Please check your query once.");
}
}
} elseif ($_GET['subaction'] == 'addteammember') {
if (isset($_POST['btnAddTeamMember'])) {
$emailName = $_POST['useremail'];
$input = explode(" - ", $emailName);
$email = $input[0];
$designation = $_POST['userdesignation'];
$team = $_POST['userteam'];
$parentTeam = $_POST['userparentteam'];
$parentDesignation = $_POST['userparentdesignation'];
$name = $this->addTeamMember($email, $designation, $team, $parentTeam, $parentDesignation);
if ($team = "Qaos") {
$this->addQaosTeamMember(getUserIdFromEmail($email), $_POST['qaosteam1'], $_POST['qaosteam2'], $_POST['qaosteam3'], $_POST['qaosteam4']);
}
}
} elseif ($_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
echo $this->getSuggestions($_GET['forwhat'], $_GET['suggestiontype']);
exit;
}
}
$queryVersion = "SELECT `qaos_version` FROM `qaos_version` WHERE `page_modulecomponentid` = '{$moduleComponentId}'";
$resultVersion = mysql_query($queryVersion);
$row = mysql_fetch_row($resultVersion);
$version = $row[0];
$html .= "<h2>{$version}</h2>\t<br />";
if (getPermissions($this->userId, getPageIdFromModuleComponentId("qaos", $this->moduleComponentId), "create")) {
$html .= <<<EDITQAOS
\t\t\t<div class="changeqaosversion">
\t\t\t\t<form id="changeqaosversion" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=changeversion">
\t\t\t\t\t<fieldset style="width:80%">
\t\t\t\t\t\t<legend><b>Change the Version</b></legend>
\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\tChanger Qaos version:
\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t<input name="qaos_version" id="qaos_version" value="{$version}" type="text">
\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t<td><input type="submit" name="btnSubmitVersion" id="submitbutton" value="Save Version"></td>
\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t</table>
\t\t\t\t\t</fieldset>
\t\t\t\t</form>
\t\t\t</div>
EDITQAOS;
}
$html .= "<br /><h3>Teams in Pragyan 2008: </h3><br />";
$queryTeam = "SELECT * FROM `qaos_teams` WHERE `page_modulecomponentid`='{$moduleComponentId}' ORDER BY `qaos_team_name`";
$resultTeam = mysql_query($queryTeam);
$html .= "<table border=\"1\"><tr><td><b>Team Name</b></td><td><b>Team Description</b></td><td><b>Team Representative</b></td></tr>";
while ($row = mysql_fetch_row($resultTeam)) {
$team = $row[2];
$desc = $row[3];
$repr = $row[4];
$html .= "<tr><td>{$team}</td><td>{$desc}</td><td>{$repr}</td></tr>";
}
$html .= "</table><br /><br />";
$userTeamId = $this->getTeamId($this->userId);
if ($userTeamId == 1) {
$html .= <<<ADDTEAMS
\t\t<div class="registrationform">
\t\t\t<div class="addteam">
\t\t\t\t<form id="addteam" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=addteam">
\t\t\t\t\t<fieldset style="width:80%">
\t\t\t\t\t\t<legend><b>Add Teams</b></legend>
\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team1" id="qaos_team" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Description:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="team_desc1" id="team_desc" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t</table>
\t\t\t\t\t\t<input value="Add more teams" onclick="javascript:toggleuploadfiles(this);" type="button">
\t\t\t\t\t<span class="hiddenteams"><table>
\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team2" id="qaos_team" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Description:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="team_desc2" id="team_desc" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr><td><br /></td></tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team3" id="qaos_team" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Description:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="team_desc3" id="team_desc" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t<tr><td><br /></td></tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team4" id="qaos_team" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Description:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="team_desc4" id="team_desc" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t<tr><td><br /></td></tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team5" id="qaos_team" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\tEnter the Team Description:
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t\t<input name="team_desc5" id="team_desc" type="text">
\t\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t</table>
\t\t\t\t\t</span>
\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t<input type="submit" name="btnAddTeam" id="submitbutton" value="Submit">
\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t</tr>
\t\t\t\t\t</fieldset>
\t\t\t\t</form>
\t\t\t</div>
\t\t</div>
\t\t<style type="text/css">
\t\t\t.hiddenteams{display:none;}
\t\t\t.shownteams{display:block;}
\t\t</style>
\t\t<script language="javascript" type="text/javascript">
\t\t\tfunction toggleuploadfiles(gett) {
\t\t\t\tif(gett.nextSibling.nextSibling.className != "shownteams")
\t\t\t\t{
\t\t\t\t\tgett.nextSibling.nextSibling.className = "shownteams";
\t\t\t\t\tgett = gett.nextSibling.nextSibling;
\t\t\t\t}
\t\t\t\telse
\t\t\t\t{
\t\t\t\t\tgett.nextSibling.nextSibling.className = "hiddenteams";
\t\t\t\t\tgett = gett.nextSibling.nextSibling;
\t\t\t\t}
\t\t\t}
\t\t</script>
ADDTEAMS;
}
$html .= "<br />";
$html .= <<<ADDPERSON
\t\t<script type="text/javascript" language="javascript">
\t\t<!--
\t\t\timgAjaxLoading = new Image();
\t\t\timgAjaxLoading.src = '{$imagesFolder}/ajaxloading.gif';
\t\t-->
\t\t</script>
\t\t<style type="text/css">
\t\t<!--
\t\t\tspan.suggestion {
\t\t\t\tpadding: 2px 4px 2px 4px;
\t\t\t\tdisplay: block;
\t\t\t\tbackground-color: white;
\t\t\t\tcursor: pointer;
\t\t\t}
\t\t\tspan.suggestion:hover {
\t\t\t\tbackground-color: #DEDEDE;
\t\t\t}
\t\t-->
\t\t</style>
\t\t<script type="text/javascript" language="javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script>
\t\t<div class="registrationform">
\t\t\t<div class="addteammember">
\t\t\t\t<form id="addteammember" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=addteammember">
\t\t\t\t\t<fieldset style="width:80%">
\t\t\t\t\t\t<legend><b>Add Team Members</b></legend>
\t\t\t\t\t\t\t<table>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the Team Member Name:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="useremail" id="userEmail" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsName" class="suggestionbox"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the User Designation:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="userdesignation" id="userDesignation" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t<div id="suggestionsDesignation" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the Team Name:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="userteam" id="userTeam" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsTeam" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the Parent Team Name:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="userparentteam" id="userParentTeam" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsParentTeam" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter the Parent Designation:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="userparentdesignation" id="userParentDesignation" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsParentDesignation" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter Qaos Team1:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam1" id="qaosTeam1" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam1" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter Qaos Team2:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam2" id="qaosTeam2" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam2" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter Qaos Team3:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam3" id="qaosTeam3" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam3" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\tEnter Qaos Team4:
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t\t<td>
\t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam4" id="qaosTeam4" autocomplete="off" style="width: 256px" />
\t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam4" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
\t\t\t\t\t\t\t\t\t</td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t\t<tr>
\t\t\t\t\t\t\t\t\t<td><input type="submit" name="btnAddTeamMember" id="submitbutton" value="Add Team Member"></td>
\t\t\t\t\t\t\t\t</tr>
\t\t\t\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\t\t\t<!--
\t\t\t\t\t\t\t\tnameSuggestionBox = new SuggestionBox(document.getElementById('userEmail'), document.getElementById('suggestionsName'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=username');
\t\t\t\t\t\t\t\tnameSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userDesignation'), document.getElementById('suggestionsDesignation'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=designation');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userTeam'), document.getElementById('suggestionsTeam'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userParentTeam'), document.getElementById('suggestionsParentTeam'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userParentDesignation'), document.getElementById('suggestionsParentDesignation'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=designation');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam1'), document.getElementById('suggestionsQaosTeam1'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam2'), document.getElementById('suggestionsQaosTeam2'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam3'), document.getElementById('suggestionsQaosTeam3'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam4'), document.getElementById('suggestionsQaosTeam4'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team');
\t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t\t\t
\t\t\t\t\t\t\t-->
\t\t\t\t\t\t\t</script>
\t\t\t\t\t\t\t</table>
\t\t\t\t\t</fieldset>
\t\t\t\t</form>
\t\t\t</div>
\t\t</div>
ADDPERSON;
// if the user team is core, then display the parent team name and designation field, otherwise disable it!
if ($userTeamId == $this->getTeamIdFromTeamName("Core")) {
$html .= <<<DISABLEPARENTFIELD
\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\tdocument.getElementById("userParentTeam").disabled=false;
\t\t\t\t\tdocument.getElementById("userParentDesignation").disabled=false;
\t\t\t\t</script>
DISABLEPARENTFIELD;
} else {
if ($userTeamId == $this->getTeamIdFromTeamName("Qaos")) {
$html .= <<<DISABLEPARENTFIELD
\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\tdocument.getElementById("qaosTeam1").disabled=false;
\t\t\t\t\tdocument.getElementById("qaosTeam2").disabled=false;
\t\t\t\t\tdocument.getElementById("qaosTeam3").disabled=false;
\t\t\t\t\tdocument.getElementById("qaosTeam4").disabled=false;
\t\t\t\t</script>
DISABLEPARENTFIELD;
} else {
$html .= <<<DISABLEPARENTFIELD
\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\t\tdocument.getElementById("userParentTeam").disabled=true;
\t\t\t\t\t\tdocument.getElementById("userParentDesignation").disabled=true;
\t\t\t\t\t\tdocument.getElementById("qaosTeam1").disabled=true;
\t\t\t\t\t\tdocument.getElementById("qaosTeam2").disabled=true;
\t\t\t\t\t\tdocument.getElementById("qaosTeam3").disabled=true;
\t\t\t\t\t\tdocument.getElementById("qaosTeam4").disabled=true;
\t\t\t\t</script>
DISABLEPARENTFIELD;
}
}
return $html;
}
/**
* @param $userId The user for whom the list of permitted actions must be computed.
* @param $pageId The page on which the permissible action for the user is computed
*
* @return $searchbar The search bar for tags.
*/
function getSearchbar($userId, $pageId)
{
if (isset($_GET['searchbar']) && isset($_GET['searchContents'])) {
$_GET['searchbar'] = escape($_GET['searchbar']);
$_GET['searchContents'] = escape($_GET['searchContents']);
$allPageQuery = "SELECT `page_id`, `page_module` FROM `" . MYSQL_DATABASE_PREFIX . "pages`";
$allPageResult = mysql_query($allPageQuery);
$pagesIdList = array();
//Contains all pages for which the user has view permission
while ($row = mysql_fetch_assoc($allPageResult)) {
if (getPermissions($userId, $row['page_id'], $action = "view", $module = $row['page_module'])) {
array_push($pagesIdList, intval($row['page_id']));
}
}
$searchQueryParams = "";
foreach ($pagesIdList as $key => $value) {
$searchQueryParams .= $value . ",";
}
$searchQueryParams = substr($searchQueryParams, 0, -1);
$searchQuery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "pagetags` WHERE `tag_text` LIKE '%{$_GET['searchContents']}%' AND `page_id` IN (" . $searchQueryParams . ");";
$tagsWithPermsResult = mysql_query($searchQuery);
$searchResult = mysql_query($searchQuery);
$suggestions = "";
while ($row = mysql_fetch_assoc($searchResult)) {
$suggestions .= "<a href=" . hostURL() . getPagePath($row['page_id']) . ">";
$pageInfo = getPageInfo($row['page_id']);
$suggestions .= $pageInfo['page_title'] . "</a><br/>";
}
echo $suggestions;
exit(0);
}
$searchbar = <<<SEARCHSCRIPT
<script>
function showResult(searchstr) {
if (searchstr.length==0) {
document.getElementById("tagSuggestions").innerHTML="";
document.getElementById("tagSuggestions").style.border="0px";
return;
}
if (window.XMLHttpRequest) {
// code for IE7+, Firefox, Chrome, Opera, Safari
xmlhttp=new XMLHttpRequest();
}else { // code for IE6, IE5
xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
}
xmlhttp.onreadystatechange=function() {
if (xmlhttp.readyState==4 && xmlhttp.status==200) {
if(xmlhttp.responseText != "") {
console.log(xmlhttp.responseText);
document.getElementById("tagSuggestions").innerHTML=xmlhttp.responseText;
document.getElementById("tagSuggestions").style.border="1px solid #A5ACB2";
}
else {
document.getElementById("tagSuggestions").innerHTML="";
document.getElementById("tagSuggestions").style.border="0px";
}
}
}
xmlhttp.open("GET","./&searchbar=1&searchContents="+searchstr,true);
xmlhttp.send();
}
</script>
SEARCHSCRIPT;
$searchbar .= "<div id='cms-searchbar'>";
$searchbar .= "<input type='text' size='30' onkeyup='showResult(this.value)'>";
$searchbar .= "<div id='tagSuggestions'></div>";
$searchbar .= "</div>";
return $searchbar;
}
function PreInstall($errorMessage = '')
{
global $aConf, $permFiles, $permDirectories, $aRayFolders, $aRayFiles;
if (ini_get('safe_mode') == 1 || ini_get('safe_mode') == 'On') {
$errorMessage .= "Please turn off <b>safe_mode</b> in your php.ini file configuration";
}
$ret = '';
$ret .= '<div class="position">Permissions</div>';
if (strlen($errorMessage)) {
$ret .= printInstallError($errorMessage);
}
$ret .= '<div class="LeftRirght">';
$ret .= '<div class="clearBoth"></div>';
$ret .= '<div class="left">
Dolphin needs special access for certain files and directories. Please, change permissions as
specified in the chart below. Helpful info about permissions is <a href="http://www.boonex.net/cgi-bin/trac_dolphin.cgi/wiki/DetailedInstall#Permissions" target="_blank">available here</a>.
</div>';
$ret .= '<div class="clear_both"></div>';
$ret .= '<div class="right">
<table cellpadding="0" cellspacing="1" width="100%" border="0" style="background-color:silver;">
<tr class="head">
<td>Directories</td>
<td>Current Level</td>
<td>Desired Level</td>
</tr>';
$i = 0;
asort($permDirectories);
asort($permFiles);
foreach ($permDirectories as $dir) {
if ($i % 2 == 0) {
$styleAdd = 'background-color:#ede9e9;';
} else {
$styleAdd = 'background-color:#fff;';
}
$ret .= '<tr style="' . $styleAdd . '" class="cont">';
$ret .= '<td>' . $dir . '</td>';
$ret .= '<td class="span">';
if (isFullAccessible('../' . $dir)) {
$ret .= '<span class="writable">' . getPermissions('../' . $dir) . '</span><span>Writable</span>';
} else {
$ret .= '<span class="unwritable">' . getPermissions('../' . $dir) . '</span><span>Non-writable</span>';
}
$ret .= '</td>';
$ret .= '<td class="span">';
$ret .= '<span class="desired">777</span><span>Writable</span>';
$ret .= '</td>';
$ret .= '</tr>';
$i++;
}
$ret .= '<tr class="head">
<td>Files</td>
<td>Current Level</td>
<td>Desired Level</td>
</tr>
';
$i = 0;
foreach ($permFiles as $file) {
$str = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
$dir = preg_replace("/install\\/(index\\.php\$)/", "", $str);
if (file_exists($dir . $file)) {
if ($i % 2 == 0) {
$styleAdd = 'background-color:#ede9e9;';
} else {
$styleAdd = 'background-color:#fff;';
}
$ret .= '<tr style="' . $styleAdd . '" class="cont">';
$ret .= '<td>' . $file . '</td>';
$ret .= '<td class="span">';
if (isRWAccessible('../' . $file)) {
$ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Writable</span>';
} else {
$ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Non-writable</span>';
}
$ret .= '</td>';
$ret .= '<td class="span">';
$ret .= '<span class="desired">666</span><span>Writable</span>';
$ret .= '</td>';
$ret .= '</tr>';
$i++;
}
}
$ret .= '<tr class="head">
<td>Ray Folders</td>
<td>Current Level</td>
<td>Desired Level</td>
</tr>';
$i = 0;
foreach ($aRayFolders as $dir) {
if ($i % 2 == 0) {
$styleAdd = 'background-color:#ede9e9;';
} else {
$styleAdd = 'background-color:#fff;';
}
$ret .= '<tr style="' . $styleAdd . '" class="cont">';
$ret .= '<td>' . $dir . '</td>';
$ret .= '<td class="span">';
if (isFullAccessible('../' . $dir)) {
$ret .= '<span class="writable">' . getPermissions('../' . $dir) . '</span><span>Writable</span>';
} else {
$ret .= '<span class="unwritable">' . getPermissions('../' . $dir) . '</span><span>Non-writable</span>';
}
$ret .= '</td>';
$ret .= '<td class="span">';
$ret .= '<span class="desired">777</span><span>Writable</span>';
$ret .= '</td>';
$ret .= '</tr>';
$i++;
}
$ret .= '<tr class="head">
<td>Ray Files</td>
<td>Current Level</td>
<td>Desired Level</td>
</tr>
';
$i = 0;
foreach ($aRayFiles as $file) {
$str = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME'];
$dir = preg_replace("/install\\/(index\\.php\$)/", "", $str);
if (file_exists($dir . $file)) {
if ($i % 2 == 0) {
$styleAdd = 'background-color:#ede9e9;';
} else {
$styleAdd = 'background-color:#fff;';
}
$ret .= '<tr style="' . $styleAdd . '" class="cont">';
$ret .= '<td>' . $file . '</td>';
$ret .= '<td class="span">';
if (strpos($file, 'ffmpeg') === FALSE) {
if (isRWAccessible('../' . $file)) {
$ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Writable</span>';
} else {
$ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Non-writable</span>';
}
} else {
if (isFullAccessible('../' . $file)) {
$ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Executable</span>';
} else {
$ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Unexecutable</span>';
$bError = TRUE;
}
}
$ret .= '</td>';
$ret .= '<td class="span">';
if (strpos($file, 'ffmpeg') === FALSE) {
$ret .= '<span class="desired">666</span><span>Writable</span>';
} else {
$ret .= '<span class="desired">777</span><span>Executable</span>';
}
$ret .= '</td>';
$ret .= '</tr>';
$i++;
}
}
$ret .= '
</table>
<div class="formKeeper">
<div class="button_area_1">
<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
<input id="button" type="image" src="images/check.gif" />
<input type="hidden" name="action" value="preInstall" />
</form>
</div>';
$ret .= '
<div class="button_area_2">
<form action="' . $_SERVER['PHP_SELF'] . '" method="post">
<input id="button" type="image" src="images/next.gif" />
<input type="hidden" name="action" value="step1" />
</form>
</div>
<div class="clearBoth"></div>
</div>
</div>';
$ret .= '</div>';
return $ret;
}
function getAssociableFormsList($userId, $emptyFormsOnly = false)
{
/// List containing form id, page title, page path
$formIdQuery = 'SELECT `page_id`, `form_desc`.`page_modulecomponentid`, `page_title` FROM `' . MYSQL_DATABASE_PREFIX . "pages`, `form_desc` " . 'WHERE `page_module` = \'form\' AND `form_loginrequired` = 1 AND `' . 'form_desc`.`page_modulecomponentid` = `' . MYSQL_DATABASE_PREFIX . 'pages`.`page_modulecomponentid`';
$formIdResult = mysql_query($formIdQuery);
if (!$formIdResult) {
displayerror($formIdQuery . ' ' . mysql_error());
}
$associableForms = array();
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php";
while ($formIdRow = mysql_fetch_row($formIdResult)) {
// displayerror($userId . ' ' . $formIdRow[0] . ' ' . getPermissions($userId, $formIdRow[0], 'editform'));
if (getPermissions($userId, $formIdRow[0], 'editregistrants')) {
if ($emptyFormsOnly) {
if (form::getRegisteredUserCount($formIdRow[1]) == 0) {
$associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0]));
}
} else {
$associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0]));
}
}
}
return $associableForms;
}
if (_rows($check)) {
$sel = "selected=\"selected\"";
} else {
$sel = "";
}
$posi .= show(_select_field_posis, array("value" => $getpos['id'], "sel" => $sel, "what" => re($getpos['position'])));
}
$qrysquser = db("SELECT squad FROM " . $db['squaduser'] . "\n WHERE user = '******'edit']) . "'\n AND squad = '" . $getsq['id'] . "'");
if (_rows($qrysquser)) {
$check = "checked=\"checked\"";
} else {
$check = "";
}
$esquads .= show(_checkfield_squads, array("id" => $getsq['id'], "check" => $check, "eposi" => $posi, "noposi" => _user_noposi, "squad" => re($getsq['name'])));
}
$show = show($dir . "/register", array("registerhead" => _useradd_head, "pname" => _loginname, "pnick" => _nick, "pemail" => _email, "pbild" => _config_c_upicsize, "ppwd" => _pwd, "squadhead" => _admin_user_squadhead, "squad" => _member_admin_squad, "posi" => _profil_position, "esquad" => $esquads, "about" => _useradd_about, "level_info" => _level_info, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(), "getboardpermissions" => getBoardPermissions(), "forenrechte" => _config_positions_boardrights, "preal" => _profil_real, "psex" => _profil_sex, "sex" => _pedit_male, "pbday" => _profil_bday, "dropdown_age" => $dropdown_age, "pwohn" => _useradd_wohn, "pcity" => _profil_city, "pcountry" => _profil_country, "country" => show_countrys($get['country']), "gmaps" => $gmaps, "level" => _admin_user_level, "ruser" => _status_user, "trial" => _status_trial, "alvl" => "", "member" => _status_member, "admin" => _status_admin, "banned" => _admin_level_banned, "value" => _button_value_reg));
if ($_GET['do'] == "add") {
$check_user = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\tWHERE user = '******'user'] . "'");
$check_nick = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\tWHERE nick = '" . $_POST['nick'] . "'");
$check_email = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\t WHERE email = '" . $_POST['email'] . "'");
if (empty($_POST['user'])) {
$show = error(_empty_user, 1);
} elseif (empty($_POST['nick'])) {
$show = error(_empty_nick, 1);
} elseif (empty($_POST['email'])) {
$show = error(_empty_email, 1);
} elseif (!check_email($_POST['email'])) {
$show = error(_error_invalid_email, 1);
} elseif (_rows($check_user)) {
$show = error(_error_user_exists, 1);
} elseif (_rows($check_nick)) {
/**
* @package pragyan
* @copyright (c) 2008 Pragyan Team
* @license http://www.gnu.org/licenses/ GNU Public License
* For more details, see README
*/
function bbeditor($action, $subject = "", $text = "")
{
global $urlRequestRoot, $sourceFolder, $moduleFolder, $cmsFolder;
$css = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/styles.css";
$js = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/jscript.js";
$imgpath = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/";
global $ICONS;
$editor = <<<FORUM
<link rel="stylesheet" href="{$css}" type="text/css" />
<script type="text/javascript" languauge="javascript" src="{$js}"></script>
<div id="bbeditor">
<fieldset><legend>{$ICONS['Forum New Entry']['small']}Create New Entry</legend>
\t
\t<form name="inputform" method="post" action="{$action}" enctype="multipart/form-data">
\t<table class="tbl-border" cellpadding="0" cellspacing="0" width="100%">
\t<tbody><tr>
\t<td>
\t<table border="0" cellpadding="0" cellspacing="1" width="100%">
\t<tbody><tr>
\t<td class="tbl2" width="145">Subject*</td>
\t<td class="tbl2"><input name="subject" value="{$subject}" class="textbox" maxlength="255" style="width: 250px;" type="text"></td>
\t</tr>
\t<tr>
\t<td class="tbl2" valign="top" width="145">Message*</td>
\t<td class="tbl1"><textarea name="message" cols="80" rows="15" class="textbox" >{$text}</textarea></td>
\t</tr>
\t<tr>
\t<td class="tbl2" width="145"> </td>
\t<td class="tbl2">
\t<input value="b" class="button" style="font-weight: bold; width: 25px;" onclick="addText('message', '[b]', '[/b]');" type="button">
\t<input value="i" class="button" style="font-style: italic; width: 25px;" onclick="addText('message', '[i]', '[/i]');" type="button">
\t<input value="u" class="button" style="text-decoration: underline; width: 25px;" onclick="addText('message', '[u]', '[/u]');" type="button">
\t<input value="url" class="button" style="width: 30px;" onclick="addText('message', '[url]', '[/url]');" type="button">
\t<input value="mail" class="button" style="width: 35px;" onclick="addText('message', '[mail]', '[/mail]');" type="button">
\t<input value="img" class="button" style="width: 30px;" onclick="addText('message', '[img]', '[/img]');" type="button">
\t<input value="center" class="button" style="width: 45px;" onclick="addText('message', '[center]', '[/center]');" type="button">
\t<input value="small" class="button" style="width: 40px;" onclick="addText('message', '[small]', '[/small]');" type="button">
\t<input value="code" class="button" style="width: 40px;" onclick="addText('message', '[code]', '[/code]');" type="button">
\t<input value="quote" class="button" style="width: 45px;" onclick="addText('message', '[quote]', '[/quote]');" type="button">
\t</td>
\t</tr>
\t<tr>
\t<td class="tbl2" width="145"> </td>
\t<td class="tbl1">
\tFont Color: <select name="bbcolor" class="textbox" style="width: 90px;" onchange="addText('message', '[color=' + this.options[this.selectedIndex].value + ']', '[/color]');this.selectedIndex=0;">
\t<option value="">Default</option>
\t<option value="maroon" style="color: maroon;">Maroon</option>
\t<option value="red" style="color: red;">Red</option>
\t<option value="orange" style="color: orange;">Orange</option>
\t<option value="brown" style="color: brown;">Brown</option>
\t<option value="yellow" style="color: yellow;">Yellow</option>
\t<option value="green" style="color: green;">Green</option>
\t<option value="lime" style="color: lime;">Lime</option>
\t<option value="olive" style="color: olive;">Olive</option>
\t<option value="cyan" style="color: cyan;">Cyan</option>
\t<option value="blue" style="color: blue;">Blue</option>
\t<option value="navy" style="color: navy;">Navy Blue</option>
\t<option value="purple" style="color: purple;">Purple</option>
\t<option value="violet" style="color: violet;">Violet</option>
\t<option value="black" style="color: black;">Black</option>
\t<option value="gray" style="color: gray;">Gray</option>
\t<option value="silver" style="color: silver;">Silver</option>
\t<option value="white" style="color: white;">White</option>
\t</select>
\t</td>
\t</tr>
\t<tr>
\t<td class="tbl2" width="145"> </td>
\t<td class="tbl2">
\t<img class="smiley" title="Smile" src="{$imgpath}/images/smileys/smile.gif" alt=":)" onclick="insertText('message', ':)');"> 
\t<img class="smiley" title="Wink" src="{$imgpath}/images/smileys/wink.gif" alt=";)" onclick="insertText('message', ';)');"> 
\t<img class="smiley" title="Frown" src="{$imgpath}/images/smileys/frown.gif" alt=":|" onclick="insertText('message', ':|');"> 
\t<img class="smiley" title="Sad" src="{$imgpath}/images/smileys/sad.gif" alt=":(" onclick="insertText('message', ':(');"> 
\t<img class="smiley" title="Shock" src="{$imgpath}/images/smileys/shock.gif" alt=":o" onclick="insertText('message', ':o');"> 
\t<img class="smiley" title="lol" src="{$imgpath}/images/smileys/pfft.gif" alt=":p" onclick="insertText('message', ':p');"> 
\t<img class="smiley" title="Cool" src="{$imgpath}/images/smileys/cool.gif" alt="B)" onclick="insertText('message', 'B)');"> 
\t<img class="smiley" title="Grin" src="{$imgpath}/images/smileys/grin.gif" alt=":D" onclick="insertText('message', ':D');"> 
\t<img class="smiley" title="Angry" src="{$imgpath}/images/smileys/angry.gif" alt=":@" onclick="insertText('message', ':@');"> 
\t</td>
\t</tr>
\t
FORUM;
global $userId;
global $pageId;
$moderate = getPermissions($userId, $pageId, 'moderate', 'forum');
if ($moderate) {
$editor .= '<tr>
<td class="tbl2" valign="top" width="145">Options</td>
<td class="tbl2">
<input name="sticky" value="1" type="checkbox"> Make this Thread Sticky<br></td>
</tr>';
}
$editor .= <<<FORUM
\t<tr>
\t<td colspan="2" class="button1">
\t<input class="button2" name="preview" value="Preview " class="button" type="submit">
\t<input class="button2" name="post" value="Post " class="button" type="submit">
\t</td>
\t</tr>
\t</tbody></table>
\t</td>
\t</tr>
\t</tbody></table>
\t</form>
\t</fieldset>
</div>
FORUM;
return $editor;
}
/**
* Funtion which tells the cms uploaded file access is defined by which action
*/
public static function getFileAccessPermission($pageId, $moduleComponentId, $userId, $fileName)
{
return getPermissions($userId, $pageId, "view");
}
<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-8">
<link rel = "stylesheet" type="text/css" href="../style.css">
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script>
</head>
<body>
<?php
require_once '../non_interface/util.php';
if (!isset($_SESSION)) {
session_start();
}
$perms = getPermissions();
try {
$post_id = 0;
if (isset($_POST['post_id']) && !isset($_POST['text'])) {
$post_id = $_POST['post_id'];
$con = connect() or die("db connection error");
$sql = "SELECT text, post_type, title FROM posts where post_id = {$post_id}";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result);
if ($row['post_type'] == 'Q') {
echo "<div class=\"question\"><h3>" . $row['title'] . "</h3>";
} else {
echo "<div class=\"answer\">";
}
echo "<br><p class=\"text\">" . $row['text'] . "</p><br>";
$post_type = $row['post_type'];
echo "<table class=\"comment\">\n\t\t\t\t</td></tr><form action=\"comment.php\" method=\"post\"><tr><td>\n\t\t\t\t<u>Comment:</u></td><tr><td>\n\t\t\t\t<textarea rows=\"20\" cols=\"30\" id=\"text\" name=\"text\"></textarea>\n\t\t\t\t</td></tr><tr><td><input type=\"hidden\" name=\"post_id\" value={$post_id}><input type=\"hidden\" name=\"post_type\" value={$post_type}><input class=\"button1\" type=\"submit\" value=\"Submit\"></td></tr>";
$qrysquser = db("SELECT squad FROM " . $db['squaduser'] . "\n WHERE user = '******'edit']) . "'\n AND squad = '" . $getsq['id'] . "'");
if (_rows($qrysquser)) {
$check = "checked=\"checked\"";
} else {
$check = "";
}
$esquads .= show(_checkfield_squads, array("id" => $getsq['id'], "check" => $check, "eposi" => $posi, "noposi" => _user_noposi, "squad" => re($getsq['name'])));
}
$get_identy = show(_admin_user_get_identitat, array("id" => $_GET['edit']));
$editpwd = show($dir . "/admin_editpwd", array("pwd" => _new_pwd, "epwd" => ""));
if ($chkMe == 4) {
$elevel = show(_elevel_admin_select, array("selu" => $selu, "selt" => $selt, "selm" => $selm, "sela" => $sela, "ruser" => _status_user, "banned" => _admin_level_banned, "trial" => _status_trial, "member" => _status_member, "admin" => _status_admin));
} elseif (permission("editusers")) {
$elevel = show(_elevel_perm_select, array("selu" => $selu, "selt" => $selt, "selm" => $selm, "ruser" => _status_user, "banned" => _admin_level_banned, "trial" => _status_trial, "member" => _status_member));
}
$index = show($dir . "/admin", array("enick" => re($get['nick']), "user" => intval($_GET['edit']), "value" => _button_value_edit, "eemail" => $get['email'], "eloginname" => $get['user'], "esquad" => $esquads, "editpwd" => $editpwd, "eposi" => $posi, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(intval($_GET['edit'])), "getboardpermissions" => getBoardPermissions(intval($_GET['edit'])), "forenrechte" => _config_positions_boardrights, "showpos" => getrank($_GET['edit']), "nothing" => _nothing, "listck" => empty($get['listck']) ? '' : ' checked="checked"', "clankasse" => _user_list_ck, "auth_info" => _admin_user_clanhead_info, "alvl" => $get['level'], "elevel" => $elevel, "level_info" => _level_info, "gallery" => _admin_user_gallery, "yes" => _yes, "no" => _no, "cw_info" => _cw_info, "edithead" => _admin_user_edithead, "personalhead" => _admin_user_personalhead, "squadhead" => _admin_user_squadhead, "clanhead" => _admin_user_clanhead, "nick" => _nick, "email" => _email, "loginname" => _loginname, "identitat" => _admin_user_identitat, "get" => $get_identy, "squad" => _member_admin_squad, "newsletter" => _member_admin_newsletter, "downloads" => _member_admin_downloads, "links" => _member_admin_links, "votes" => _member_admin_votes, "votesadmin" => _member_admin_votesadmin, "gb" => _member_admin_gb, "forum" => _member_admin_forum, "intnews" => _member_admin_intnews, "intforum" => _member_admin_intforums, "i_forum" => $i_forum, "forums" => _forum, "access" => _access, "news" => _member_admin_news, "clanwars" => _member_admin_clanwars, "posi" => _profil_position, "level" => _admin_user_level, "ck" => _admin_user_clankasse, "sl" => _admin_user_serverliste, "eu" => _admin_user_edituser, "et" => _admin_user_edittactics, "esq" => _admin_user_editsquads, "eserver" => _admin_user_editserver, "ek" => _admin_user_editkalender));
}
}
}
break;
}
## SETTINGS ##
$whereami = preg_replace_callback("#autor_(.*?)\$#", create_function('$id', 'return data("$id[1]","nick");'), $where);
$title = $pagetitle . " - " . $whereami . "";
$time_end = generatetime();
$time = round($time_end - $time_start, 4);
page($index, $title, $where, $time);
## OUTPUT BUFFER END ##
gz_output();
?>
db("INSERT INTO " . $db['f_access'] . " SET `pos` = '" . intval($_GET['id']) . "', `forum` = '" . $v . "'");
}
}
////////////////////
$show = info(_pos_admin_edited, "?admin=positions");
}
} elseif ($_GET['do'] == "delete") {
db("DELETE FROM " . $db['pos'] . " WHERE id = '" . intval($_GET['id']) . "'");
db("DELETE FROM " . $db['permissions'] . " WHERE pos = '" . intval($_GET['id']) . "'");
$show = info(_pos_admin_deleted, "?admin=positions");
} elseif ($_GET['do'] == "new") {
$qry = db("SELECT * FROM " . $db['pos'] . "\n ORDER BY pid");
while ($get = _fetch($qry)) {
$positions .= show(_select_field, array("value" => $get['pid'] + 1, "what" => _nach . ' ' . re($get['position']), "sel" => ""));
}
$show = show($dir . "/form_pos", array("newhead" => _pos_new_head, "do" => "add", "pos" => _position, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(), "getboardpermissions" => getBoardPermissions(), "nothing" => "", "forenrechte" => _config_positions_boardrights, "positions" => $positions, "kat" => "", "what" => _button_value_add, "dlkat" => _admin_download_kat));
} elseif ($_GET['do'] == "add") {
if (empty($_POST['kat'])) {
$show = error(_pos_empty_kat, 1);
} else {
if ($_POST['pos'] == "1" || "2") {
$sign = ">= ";
} else {
$sign = "> ";
}
$posi = db("UPDATE " . $db['pos'] . "\n SET `pid` = pid+1\n WHERE pid " . $sign . " '" . intval($_POST['pos']) . "'");
$qry = db("INSERT INTO " . $db['pos'] . "\n SET `pid` = '" . (int) $_POST['pos'] . "',\n `position` = '" . up($_POST['kat']) . "'");
$posID = mysql_insert_id();
// permissions
foreach ($_POST['perm'] as $v => $k) {
$p .= "`" . substr($v, 2) . "` = '" . intval($k) . "',";
public static function getSubscribableLists($userId)
{
$newsletterListQuery = 'SELECT `page_id`, `page_modulecomponentid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_module` = \'newsletter\' ORDER BY `page_modulecomponentid`';
$newsletterListResult = mysql_query($newsletterListQuery);
$subscribableLists = array();
while ($newsletterListRow = mysql_fetch_row($newsletterListQuery)) {
if (getPermissions($userId, $newsletterListRow[0], 'view', 'newsletter')) {
$listName = getNewsletterName($newsletterListRow[1]);
$listPath = getNewsletterPath($newsletterListRow[0]);
$subscribed = newsletter::isUserRegistered($userId, $newsletterListRow[1]);
$subscribableLists[] = array($listName, $listPath, $subscribed);
}
}
$subscribableLists[] = array('newsletter1', 'newsletter1', 0);
$subscribableLists[] = array('newsletter2', 'newsletter3', 1);
$subscribableLists[] = array('newsletter3', 'newsletter2', 1);
return $subscribableLists;
}
function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath)
{
require_once "group.lib.php";
global $ICONS;
global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder, $sourceFolder;
$scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
$imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
/// Parse any get variables, do necessary validation and stuff, so that we needn't check inside every if
$groupRow = $groupId = $userId = null;
$subAction = '';
//isset($_GET['subaction']) ? $_GET['subaction'] : '';
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname']) || isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])) {
$subAction = 'showeditform';
} elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform') {
$subAction = 'associateform';
} elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail'])) {
$subAction = 'deleteuser';
} elseif (isset($_POST['btnAddUserToGroup'])) {
$subAction = 'addusertogroup';
} elseif (isset($_POST['btnSaveGroupProperties'])) {
$subAction = 'savegroupproperties';
} elseif (isset($_POST['btnEditGroupPriorities']) || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities') {
$subAction = 'editgrouppriorities';
}
if (isset($_POST['selEditGroups']) || isset($_GET['groupname'])) {
$groupRow = getGroupRow(isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname']));
$groupId = $groupRow['group_id'];
if ($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) {
displayerror('Error! Invalid group requested.');
return;
}
if (!is_null($groupId)) {
if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
displayerror('You do not have the permission to modify the selected group.');
return '';
}
}
}
if (isset($_GET['useremail'])) {
$userId = getUserIdFromEmail($_GET['useremail']);
}
if ($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) {
if ($subAction == 'deleteuser') {
if ($groupRow['form_id'] != 0) {
displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.');
} elseif (!$userId) {
displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
} else {
$deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `group_id` = ' . $groupId;
$deleteResult = mysql_query($deleteQuery);
if (!$deleteResult || mysql_affected_rows() != 1) {
displayerror('Could not delete user with the given E-mail from the given group.');
} else {
displayinfo('Successfully removed user from the current group');
if ($userId == $currentUserId) {
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
}
}
}
} elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) {
$updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '" . escape($_POST['txtGroupDescription']) . "' WHERE `group_id` = '{$groupId}'";
$updateResult = mysql_query($updateQuery);
if (!$updateResult) {
displayerror('Could not update database.');
} else {
displayinfo('Changes to the group have been successfully saved.');
}
$groupRow = getGroupRow($groupRow['group_name']);
} elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') {
if ($groupRow['form_id'] != 0) {
displayerror('The selected group is associated with a form. To add a user, register the user to the form.');
} else {
$passedEmails = explode(',', escape($_POST['txtUserEmail']));
for ($i = 0; $i < count($passedEmails); $i++) {
$hyphenPos = strpos($passedEmails[$i], '-');
if ($hyphenPos >= 0) {
$userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1));
} else {
$userEmail = escape($_POST['txtUserEmail']);
}
$userId = getUserIdFromEmail($userEmail);
if (!$userId || $userId < 1) {
displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id');
}
if (!addUserToGroupName($groupRow['group_name'], $userId)) {
displayerror('Could not add the given user to the current group.');
} else {
displayinfo('User has been successfully inserted into the given group.');
}
}
}
} elseif ($subAction == 'associateform') {
if (isset($_POST['btnAssociateGroup'])) {
$pageIdArray = array();
$formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray);
if ($formPageId <= 0 || getPageModule($formPageId) != 'form') {
displayerror('Invalid page selected! The page you selected is not a form.');
} elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form')) {
displayerror('You do not have the permissions to associate the selected form with a group.');
} else {
$formModuleId = getModuleComponentIdFromPageId($formPageId, 'form');
require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php";
if (isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) {
associateGroupWithForm($groupId, $formModuleId);
$groupRow = getGroupRow($groupRow['group_name']);
} else {
displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.');
}
}
} elseif (isset($_POST['btnUnassociateGroup'])) {
if ($groupRow['form_id'] <= 0) {
displayerror('The selected group is currently not associated with any form.');
} elseif (!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) {
displayerror('You do not have the permissions to unassociate the form from this group.');
} else {
unassociateFormFromGroup($groupId);
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
$groupRow = getGroupRow($groupRow['group_name']);
}
}
}
if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) {
displayerror('You do not have the permission to modify the selected group.');
return '';
}
$usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`';
$usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`';
$userQuery = "SELECT `user_email`, `user_fullname` FROM {$usergroupTable}, {$usersTable} WHERE `group_id` = '{$groupId}' AND {$usersTable}.`user_id` = {$usergroupTable}.`user_id` ORDER BY `user_email`";
$userResult = mysql_query($userQuery);
if (!$userResult) {
displayerror('Error! Could not fetch group information.');
return '';
}
$userEmails = array();
$userFullnames = array();
while ($userRow = mysql_fetch_row($userResult)) {
$userEmails[] = $userRow[0];
$userFullnames[] = $userRow[1];
}
$groupEditForm = <<<GROUPEDITFORM
\t\t\t<h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Group Properties</legend>
\t\t\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\tGroup Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" />
\t\t\t\t\t<input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" />
\t\t\t\t</form>
\t\t\t</fieldset>
\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend>
GROUPEDITFORM;
$userCount = mysql_num_rows($userResult);
global $urlRequestRoot, $cmsFolder, $templateFolder, $sourceFolder;
$deleteImage = "<img src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />";
for ($i = 0; $i < $userCount; $i++) {
$isntAssociatedWithForm = $groupRow['form_id'] == 0;
if ($isntAssociatedWithForm) {
$groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>";
}
$groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n";
}
$associateForm = '';
if ($groupRow['form_id'] == 0) {
$associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId));
$associableFormCount = count($associableForms);
$associableFormsBox = '<select name="selFormPath">';
for ($i = 0; $i < $associableFormCount; ++$i) {
$associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>';
}
$associableFormsBox .= '</select>';
$associateForm = <<<GROUPASSOCIATEFORM
\t\t\tSelect a form to associate the group with: {$associableFormsBox}
\t\t\t<input type="submit" name="btnAssociateGroup" value="Associate Group with Form" />
GROUPASSOCIATEFORM;
} else {
$associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']);
$associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' . '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />';
}
$groupEditForm .= '</fieldset>';
if ($groupRow['form_id'] == 0) {
$groupEditForm .= <<<GROUPEDITFORM
\t\t\t\t<br />
\t\t\t\t<fieldset style="padding: 8px">
\t\t\t\t\t<legend>{$ICONS['Add']['small']}Add Users to Group</legend>
\t\t\t\t\t<form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}">
\t\t\t\t\t\tEmail ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" />
\t\t\t\t\t\t<div id="suggestionDiv" class="suggestionbox"></div>
\t\t\t\t\t\t<script language="javascript" type="text/javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script>
\t\t\t\t\t\t<script language="javascript" type="text/javascript">
\t\t\t\t\t\t<!--
\t\t\t\t\t\t\tvar addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%");
\t\t\t\t\t\t\taddUserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
\t\t\t\t\t\t-->
\t\t\t\t\t\t</script>
\t\t\t\t\t\t<input type="submit" name="btnAddUserToGroup" value="Add User to Group" />
\t\t\t\t\t</form>
\t\t\t\t</fieldset>
GROUPEDITFORM;
}
$groupEditForm .= <<<GROUPEDITFORM
\t\t\t<br />
\t\t\t<fieldset style="padding: 8px">
\t\t\t\t<legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend>
\t\t\t\t<form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST">
\t\t\t\t\t{$associateForm}
\t\t\t\t</form>
\t\t\t</fieldset>
GROUPEDITFORM;
return $groupEditForm;
}
if ($subAction == 'editgrouppriorities') {
$modifiableCount = count($modifiableGroups);
$userMaxPriority = $maxPriorityGroup = 1;
if ($modifiableCount != 0) {
$userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']);
$maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id'];
}
if (isset($_GET['dowhat']) && !is_null($groupId)) {
if ($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') {
shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true);
} elseif ($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') {
shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false);
} elseif ($_GET['dowhat'] == 'emptygroup') {
emptyGroup($groupRow['group_name']);
} elseif ($_GET['dowhat'] == 'deletegroup') {
if (deleteGroup($groupRow['group_name'])) {
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
}
}
$modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
} elseif (isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') {
if (isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) {
$existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '" . escape($_POST['txtGroupName']) . "'";
$existsResult = mysql_query($existsQuery);
if (trim($_POST['txtGroupName']) == '') {
displayerror('Cannot create a group with an empty name. Please type in a name for the new group.');
} elseif (mysql_num_rows($existsResult) >= 1) {
displayerror('A group with the name you specified already exists.');
} else {
$idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`';
$idResult = mysql_query($idQuery);
$idRow = mysql_fetch_row($idResult);
$newGroupId = 2;
if (!is_null($idRow[0])) {
$newGroupId = $idRow[0] + 1;
}
$newGroupPriority = 1;
if ($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) {
$newGroupPriority = escape($_POST['selGroupPriority']);
}
$addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' . "VALUES({$newGroupId}, '" . escape($_POST['txtGroupName']) . "', '" . escape($_POST['txtGroupDescription']) . "', '{$newGroupPriority}')";
$addGroupResult = mysql_query($addGroupQuery);
if ($addGroupResult) {
displayinfo('New group added successfully.');
if (isset($_POST['chkAddMe'])) {
$insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ('{$currentUserId}', '{$newGroupId}')";
if (!mysql_query($insertQuery)) {
displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query());
}
}
$virtue = '';
$maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue);
$modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc');
} else {
displayerror('Could not run MySQL query. New group could not be added.');
}
}
}
$modifiableGroups = reevaluateGroupPriorities($modifiableGroups);
}
$modifiableCount = count($modifiableGroups);
if ($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) {
$modifiableGroups = array_reverse($modifiableGroups);
}
$previousPriority = $modifiableGroups[0]['group_priority'];
global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder, $sourceFolder;
$iconsFolderUrl = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16";
$moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />';
$moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />';
$moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />';
$moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />';
$emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />';
$deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />';
$groupsForm = '<h3>Edit Group Priorities</h3><br />';
for ($i = 0; $i < $modifiableCount; $i++) {
if ($modifiableGroups[$i]['group_priority'] != $previousPriority) {
$groupsForm .= '<br /><br /><hr /><br />';
}
$groupsForm .= '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' . '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n";
$previousPriority = $modifiableGroups[$i]['group_priority'];
}
$priorityBox = '<option value="1">1</option>';
for ($i = 2; $i <= $userMaxPriority; ++$i) {
$priorityBox .= '<option value="' . $i . '">' . $i . '</option>';
}
$groupsForm .= <<<GROUPSFORM
\t\t<br /><br />
\t\t<fieldset style="padding: 8px">
\t\t\t<legend>Create New Group:</legend>
\t\t\t<form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup">
\t\t\t\t<label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br />
\t\t\t\t<label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br />
\t\t\t\t<label>Group Priority: <select name="selGroupPriority">{$priorityBox}</select><br />
\t\t\t\t<label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br />
\t\t\t\t<input type="submit" name="btnAddNewGroup" value="Add Group" />
\t\t\t</form>
\t\t</fieldset>
GROUPSFORM;
return $groupsForm;
}
$modifiableCount = count($modifiableGroups);
$groupsBox = '<select name="selEditGroups">';
for ($i = 0; $i < $modifiableCount; ++$i) {
$groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n";
}
$groupsBox .= '</select>';
$groupsForm = <<<GROUPSFORM
\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups">
\t\t\t{$groupsBox}
\t\t\t<input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br />
\t\t\t<input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" />
\t\t</form>
GROUPSFORM;
return $groupsForm;
}
}
?>
</td>
</tr>
<tr>
<td width="15"> </td>
<td>
<div id="includerefs"><?php
// Fetch the most recently added publications (as formatted citations), or link to them:
$recentAdditionsResultTable = "";
// Get all user permissions for the anonymous user (userID = 0):
// NOTE: since function 'fetchDataFromURL()' retrieves citations anonymously (i.e. the
// current user's session is not maintained, see note below), we need to check the
// permissions for the *anonymous* user (userID = 0) here
$anonymousUserPermissionsArray = getPermissions(0, "user", false);
// function 'getPermissions()' is defined in 'include.inc.php'
if (isset($_SESSION['user_permissions']) and $anonymousUserPermissionsArray["allow_cite"] == "yes") {
// NOTE: - as an alternative to the below code block, we could also fetch citations via an AJAX event and let the JavaScript functions in file 'javascript/show.js' ' write the results into the '<div id="includerefs">' section;
// to do so:
// 1. pass the JavaScript file 'javascript/show.js' as the 6th parameter to the 'displayHTMLhead' function (see above)
// 2. call JavaScript function 'showRefs()' via an 'onload' event in the body tag of function 'displayHTMLhead()' in 'includes/header.inc.php': onload="showRefs('records=all&showRows=5&citeOrder=creation-date')"
// TODO: function 'displayHTMLhead()' should get modified so that it only calls the 'onload' event if necessary/requested
//
// - the above alternative works within the user's current session, i.e. the links section will contain any edit or file links (if the user has appropriate permissions);
// however, the below method (which uses function 'fetchDataFromURL()') does NOT maintain the user's current session (and adding the user's current PHPSESSID doesn't seem to work ?:-/)
// Prepare a query that will fetch a HTML table with the most recently added publications (as formatted citations):
$recentAdditionsQueryURL = $databaseBaseURL . "show.php?records=all&submit=Cite&showRows=5&citeOrder=creation-date&client=inc-refbase-1.0&wrapResults=0";
// variable '$databaseBaseURL' is defined in 'ini.inc.php'
$recentAdditionsResultTable = fetchDataFromURL($recentAdditionsQueryURL);
// function 'fetchDataFromURL()' is defined in 'include.inc.php'
function getPermissions($userid, $pageid, $action, $module = "")
{
if ($action != "admin" && getPermissions($userid, 0, "admin")) {
return true;
}
if ($module == "") {
$query = "SELECT 1 FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE page_module=\"page\" AND perm_action=\"{$action}\"";
$result = mysql_query($query);
if (mysql_num_rows($result) >= 1) {
$module = 'page';
} else {
$module = getEffectivePageModule($pageid);
}
}
$permission = false;
if ($module == "menu" || $module == "external") {
return getPermissions($userid, getParentPage($pageid), $action);
}
/// Find all groups the user belongs to, ordered by priority
/// For each group, starting with lowest priority, get permission for the page
$pagePath = array();
parseUrlDereferenced($pageid, $pagePath);
foreach (getGroupIds($userid) as $groupid) {
if ($permission === true) {
break;
}
$permission = getPagePermission($pagePath, $groupid, $action, $module);
}
if ($permission === false) {
$permission = getPagePermission($pagePath, $userid, $action, $module, 'user');
}
return $permission;
}
