Example #1
0
function get_edit_announcement_input_form($announcement_r, $HTTP_VARS = NULL)
{
    global $PHP_SELF;
    $buffer .= "<form action=\"{$PHP_SELF}\" method=\"POST\">";
    $buffer .= "\n<input type=\"hidden\" name=\"type\" value=\"announcements\">";
    if (is_array($announcement_r)) {
        $buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"update\">" . "\n<input type=\"hidden\" name=\"announcement_id\" value=\"" . $announcement_r['announcement_id'] . "\">";
    } else {
        $buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"insert\">";
    }
    $buffer .= "<table>";
    $buffer .= get_input_field("title", NULL, 'Title', "text(50,500)", "Y", ifempty($announcement_r['title'], $HTTP_VARS['title']), TRUE);
    $buffer .= get_input_field("content", NULL, 'Announcement', "htmlarea(60,15)", "Y", ifempty($announcement_r['content'], $HTTP_VARS['content']), TRUE);
    $buffer .= get_input_field("display_days", NULL, 'Display Days', "number(10,10)", "Y", ifempty($announcement_r['display_days'], $HTTP_VARS['display_days']), TRUE);
    if (is_array($announcement_r)) {
        $buffer .= get_input_field("closed_ind", NULL, 'Closed', "checkbox(Y,N)", "N", ifempty($announcement_r['closed_ind'], $HTTP_VARS['closed_ind']), TRUE);
    }
    $buffer .= "</table>";
    $help_r[] = array('img' => 'compulsory.gif', 'text' => get_opendb_lang_var('compulsory_field'), id => 'compulsory');
    $help_r[] = array('text' => 'A zero in Display Days indicates the announcment will never expire.');
    $help_r[] = array('text' => 'No validation is performed on HTML entered in the Announcement text field.');
    $buffer .= format_help_block($help_r);
    if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
        $onclick_event = "if(!checkForm(this.form)){return false;}else{this.form.submit();}";
    } else {
        $onclick_event = "this.form.submit();";
    }
    $buffer .= "<input type=\"button\" class=\"button\" onclick=\"{$onclick_event}\" value=\"Save\">";
    $buffer .= "\n</form>";
    return $buffer;
}
Example #2
0
function get_announcements_block()
{
    $buffer = '';
    if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) {
        // include a login warning if user password and email are still the defaults
        if (get_opendb_session_var('user_id') == 'admin') {
            $announcements_rs = get_admin_announcements_rs();
            while (list(, $announcement_r) = each($announcements_rs)) {
                $buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>";
            }
        }
    }
    if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
        $results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y');
        if ($results) {
            while ($announcement_r = db_fetch_assoc($results)) {
                $buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>";
                $buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>";
                $buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>";
            }
            db_free_result($results);
        }
    }
    if (strlen($buffer) > 0) {
        return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>";
    } else {
        return NULL;
    }
}
Example #3
0
function get_lang_var_days_r($abbrev = FALSE)
{
    $suffix = '';
    if ($abbrev) {
        $suffix = '_abbrev';
    }
    return array(get_opendb_lang_var('sunday' . $suffix), get_opendb_lang_var('monday' . $suffix), get_opendb_lang_var('tuesday' . $suffix), get_opendb_lang_var('wednesday' . $suffix), get_opendb_lang_var('thursday' . $suffix), get_opendb_lang_var('friday' . $suffix), get_opendb_lang_var('saturday' . $suffix));
}
Example #4
0
 function getHeading()
 {
     if (strlen($this->_titlelangvar) > 0) {
         return '<h3>' . get_opendb_lang_var($this->_titlelangvar) . '</h3>';
     } else {
         return NULL;
     }
 }
Example #5
0
function theme_footer($pageid, $user_id)
{
    echo "</div>";
    if ($pageid != 'install') {
        echo "<div id=\"footer\"><a href=\"http://github.com/pellcorp/opendb\">" . get_opendb_lang_var('powered_by_site', 'site', get_opendb_title_and_version()) . "</a></div>";
    }
    echo "</body></html>";
}
Example #6
0
function get_opendb_rss_feeds()
{
    $feeds_r = array();
    if (is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
        $feeds_r[] = array(feed => 'announcements', title => get_opendb_lang_var('announcements'));
    }
    if (is_user_granted_permission(PERM_VIEW_LISTINGS)) {
        $feeds_r[] = array(feed => 'new_items', title => get_opendb_lang_var('new_items_added'));
    }
    return $feeds_r;
}
Example #7
0
function get_ilcc_derived_prompt($item_listing_column_conf_r)
{
    switch ($item_listing_column_conf_r['column_type']) {
        case 's_field_type':
            switch ($item_listing_column_conf_r['s_field_type']) {
                case 'ITEMTYPE':
                    return get_opendb_lang_var('type');
                case 'ITEM_ID':
                    $v_attribute_type_r = fetch_attribute_type_r('S_ITEM_ID');
                    return $v_attribute_type_r['prompt'];
                    break;
                case 'TITLE':
                    return get_opendb_lang_var('title');
                    break;
                case 'OWNER':
                    return get_opendb_lang_var('owner');
                    break;
                case 'CATEGORY':
                    return get_opendb_lang_var('category');
                    break;
                case 'STATUSTYPE':
                    return get_opendb_lang_var('status');
                    break;
                case 'STATUSCMNT':
                    return get_opendb_lang_var('status_comment');
                    break;
                case 'RATING':
                    $v_attribute_type_r = fetch_attribute_type_r('S_RATING');
                    return $v_attribute_type_r['prompt'];
                    break;
            }
            break;
        case 'action_links':
            return get_opendb_lang_var('action');
            break;
        case 'borrow_status':
            return get_opendb_lang_var('borrow_status');
            break;
        case 's_attribute_type':
            if (strlen($item_listing_column_conf_r['s_attribute_type']) > 0) {
                $v_attribute_type_r = fetch_attribute_type_r($item_listing_column_conf_r['s_attribute_type']);
                return $v_attribute_type_r['prompt'];
            } else {
                return NULL;
            }
            break;
    }
    //else
    return NULL;
}
Example #8
0
function validate_review_input($HTTP_VARS, &$errors)
{
    $errors = NULL;
    if (get_opendb_config_var('item_review', 'comment_compulsory') == TRUE && strlen($HTTP_VARS['comment']) == 0) {
        $errors[] = array(error => get_opendb_lang_var('prompt_must_be_specified', 'prompt', get_opendb_lang_var('review')));
    }
    if (get_opendb_config_var('item_review', 'rating_compulsory') == TRUE && strlen($HTTP_VARS['rating']) == 0) {
        $errors[] = array(error => get_opendb_lang_var('prompt_must_be_specified', 'prompt', get_opendb_lang_var('rating')));
    }
    if (is_array($errors)) {
        return FALSE;
    } else {
        return TRUE;
    }
}
 function handleImport()
 {
     $parser = xml_parser_create('ISO-8859-1');
     xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, FALSE);
     xml_set_object($parser, $this);
     xml_set_element_handler($parser, "__startElement", "__endElement");
     xml_set_character_data_handler($parser, "__characterData");
     while (($data = $this->fileHandler->readLine()) !== FALSE) {
         if (!xml_parse($parser, $data, $this->fileHandler->isEof())) {
             $this->_error = get_opendb_lang_var('xml_error', array('xml_error_string' => xml_error_string(xml_get_error_code($parser)), 'xml_error_line' => xml_get_current_line_number($parser)));
             return FALSE;
         }
     }
     xml_parser_free($parser);
     return TRUE;
 }
Example #10
0
function getItemsPerPageControl($PHP_SELF, $HTTP_VARS)
{
    $buffer = '';
    $items_per_page_options_r = get_opendb_config_var('listings', 'items_per_page_options');
    if (is_not_empty_array($items_per_page_options_r)) {
        $items_per_page_rs = array();
        while (list(, $items_per_page) = each($items_per_page_options_r)) {
            if ($items_per_page == '0') {
                $display = get_opendb_lang_var('all');
            } else {
                $display = $items_per_page;
            }
            $items_per_page_rs[] = array('value' => $items_per_page, 'display' => $display);
        }
        $buffer .= "<form class=\"itemsPerPageControl\" id=\"form-items_per_page\" action=\"" . $PHP_SELF . "\" method=\"GET\">" . get_url_fields($HTTP_VARS) . "<label for=\"select-items_per_page\">" . get_opendb_lang_var('items_per_page') . '</label>' . "<select id=\"select-items_per_page\" name=\"items_per_page\" class=\"footer\" onChange=\"this.form.submit()\">" . custom_select('items_per_page', $items_per_page_rs, '%display%', 'NA', ifempty($HTTP_VARS['items_per_page'], get_opendb_config_var('listings', 'items_per_page')), 'value') . "\n</select></form>";
    }
    return $buffer;
}
Example #11
0
 function Listing($PHP_SELF, $HTTP_VARS)
 {
     $this->_php_self = $PHP_SELF;
     $this->_http_vars = $HTTP_VARS;
     $this->_mode = $mode;
     if (isset($HTTP_VARS['items_per_page'])) {
         $this->_items_per_page = $HTTP_VARS['items_per_page'];
     } else {
         $this->_items_per_page = get_opendb_config_var('listings', 'items_per_page');
     }
     // initialise these, as they will most likely NOT be initialised via setTotalItems
     if (!is_numeric($this->_items_per_page)) {
         $this->_page_no = 1;
         $this->_start_index = NULL;
     }
     $this->_current_orderby = $this->_http_vars['order_by'];
     $this->_current_sortorder = $this->_http_vars['sortorder'];
     // initialise to default.
     $this->_no_rows_message = get_opendb_lang_var('no_matches_found');
     $this->_titleMaskCfg = new TitleMask('item_listing');
 }
Example #12
0
                    echo "<ul class=\"listingControls\">";
                    if (get_opendb_config_var('listings', 'allow_override_show_item_image') !== FALSE) {
                        echo "<li>" . getToggleControl($PHP_SELF, $HTTP_VARS, get_opendb_lang_var('show_item_image'), 'show_item_image', ifempty($HTTP_VARS['show_item_image'], get_opendb_config_var('listings', 'show_item_image') == TRUE ? 'Y' : 'N')) . "</li>";
                    }
                    echo "<li>" . getItemsPerPageControl($PHP_SELF, $HTTP_VARS) . "</li>";
                    echo "</ul>";
                    echo "<p class=\"listingDate\">" . get_opendb_lang_var('listing_generated', 'datetime', get_localised_timestamp(get_opendb_config_var('listings', 'print_listing_datetime_mask'))) . "</p>";
                    echo format_footer_links($footer_links_r);
                    echo _theme_footer();
                }
                //end if($show_listings)
            } else {
                //no guests allowed!
                opendb_not_authorised_page(PERM_USER_BORROWER, $HTTP_VARS);
            }
        } else {
            //borrow functionality disabled.
            echo _theme_header(get_opendb_lang_var('borrow_not_supported'));
            echo "<p class=\"error\">" . get_opendb_lang_var('borrow_not_supported') . "</p>";
            echo _theme_footer();
        }
    } else {
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
 function endItem()
 {
     if ($this->_is_item_finished !== TRUE) {
         if ($this->_item_obj != NULL) {
             // instance was not closed, close it now!
             if ($this->_is_item_instance) {
                 $this->_is_item_instance = FALSE;
             }
             // if not item instance, create one
             if (is_empty_array($this->_instance_item_obj_rs)) {
                 $this->startItemInstance();
                 $this->endItemInstance();
             }
             // The item is finished, no more additions are allowed, until the
             // startItem method is called again.
             $this->_is_item_finished = TRUE;
             $item_vars = $this->__getItemHTTPVars($this->_item_obj);
             $item_vars['trial_run'] = $this->_cfg_is_trial_run ? 'true' : 'false';
             $item_vars['confirmed'] = $this->_cfg_ignore_duplicate_title ? 'true' : 'false';
             $item_r = array(s_item_type => $this->_item_obj->getItemType(), owner_id => $this->getOwner(), title => $this->_item_obj->getTitle());
             $instance_valid = FALSE;
             $errors = array();
             $return_val = handle_item_insert($item_r, $item_vars, $errors);
             if ($return_val === TRUE) {
                 // store item id for later use
                 if ($this->_cfg_is_trial_run !== TRUE && is_numeric($item_r['item_id'])) {
                     $this->_item_id_list_r[] = $item_r['item_id'];
                 }
                 for ($i = 0; $i < count($this->_instance_item_obj_rs); $i++) {
                     $instanceObj = $this->_instance_item_obj_rs[$i];
                     // if status type is to be overriden, do it here!
                     if ($this->_cfg_override_status_type) {
                         $status_type_r = $this->_cfg_default_status_type_r;
                     } else {
                         $status_type_r = fetch_status_type_r($instanceObj->getStatusType());
                         // if illegal type, then override by default.
                         if ($status_type_r['closed_ind'] == 'Y') {
                             $status_type_r = $this->_cfg_default_status_type_r;
                         }
                     }
                     $item_r['owner_id'] = $instanceObj->getOwnerID();
                     $item_r['s_status_type'] = $status_type_r['s_status_type'];
                     $instance_vars = $this->__getItemHTTPVars($instanceObj);
                     // we are missing instance attributes if already set in item
                     $instance_vars = array_merge($instance_vars, $item_vars);
                     $return_val = handle_item_instance_insert($item_r, $status_type_r, $item_vars, $errors);
                     if ($return_val !== FALSE) {
                         $item_r['instance_no'] = $this->_cfg_is_trial_run ? $i + 1 : $item_r['instance_no'];
                         //$instanceObj->setInstanceNo($this->_cfg_is_trial_run?$i+1:$item_r['instance_no']);
                         $this->__listing_item_import_result_row($item_r, $status_type_r, $instance_vars, NULL);
                         // indicates at least one instance inserted.
                         $instance_valid = TRUE;
                     } else {
                         $item_r['instance_no'] = $this->_cfg_is_trial_run ? $i + 1 : $item_r['instance_no'];
                         //$instanceObj->setInstanceNo($this->_cfg_is_trial_run?$i+1:$item_r['instance_no']);
                         $this->__listing_item_import_result_row($item_r, $status_type_r, $instance_vars, $errors);
                     }
                 }
             } else {
                 $this->__listing_item_import_result_row($item_r, NULL, $item_vars, $errors);
             }
             $this->_item_obj = NULL;
             // end of parent item.
             return TRUE;
         } else {
             $this->_item_obj = NULL;
             $this->addError('endItem', get_opendb_lang_var('undefined_error'));
             return FALSE;
         }
     } else {
         // if($this->_is_item_finished !== TRUE)
         return FALSE;
     }
 }
Example #14
0
    // make sure it ends in html
    if (is_exists_language($language) && ends_with($page, ".html") && @file_exists("./help/{$language}/{$page}")) {
        return "./help/{$language}/{$page}";
    }
    // else
    return NULL;
}
if (is_site_enabled()) {
    if (is_opendb_valid_session() || is_site_public_access()) {
        echo _theme_header(get_opendb_lang_var('help'), FALSE);
        if (($page_location = validate_opendb_lang_help_page_url($HTTP_VARS['page'])) != NULL) {
            $page_title = get_opendb_lang_var('site_help', 'site', get_opendb_config_var('site', 'title'));
            echo "<h2>" . $page_title . "</h2>";
            // TODO: Add support for topic and subtopic
            include $page_location;
        } else {
            echo _theme_header(get_opendb_lang_var('no_help_available'), FALSE);
            echo "<p class=\"error\">" . get_opendb_lang_var('no_help_available') . "</p>";
        }
        echo _theme_footer();
    } else {
        //not a valid session.
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Example #15
0
    } else {
        echo "\n<h3>New Attribute type</h3>";
        $save_op = 'insert';
        $save_button = 'Insert';
    }
    if (is_not_empty_array($errors)) {
        echo format_error_block($errors);
    }
    echo "\n<form name=\"s_attribute_type\" action=\"{$PHP_SELF}\" method=\"POST\">";
    echo "\n<input type=\"hidden\" name=\"type\" value=\"" . $HTTP_VARS['type'] . "\">";
    echo "\n<input type=\"hidden\" name=\"op\" value=\"{$save_op}\">";
    echo "\n<input type=\"hidden\" name=\"active_tab\" value=\"" . $HTTP_VARS['active_tab'] . "\">";
    echo "\n<table>";
    display_edit_form($attribute_type_r, $HTTP_VARS);
    echo "\n</table>";
    echo format_help_block(array('img' => 'compulsory.gif', 'text' => get_opendb_lang_var('compulsory_field'), id => 'compulsory'));
    if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
        echo "\n<input type=\"button\" class=\"button\" value=\"{$save_button}\" onclick=\"if(!checkForm(this.form)){return false;}else{this.form.submit();}\">";
    } else {
        echo "\n<input type=\"button\" class=\"button\" value=\"{$save_button}\" onclick=\"this.form.submit();\">";
    }
    echo "\n</form>";
} else {
    if ($HTTP_VARS['op'] == 'edit-lookups') {
        // ################################################################
        // Do for both 'update' and 'edit'
        // ################################################################
        echo "<p>[<a href=\"{$PHP_SELF}?type={$ADMIN_TYPE}&active_tab=" . $HTTP_VARS['active_tab'] . "\">Back to Main</a>]</p>";
        echo "<script language=\"JavaScript1.2\">\n\t\tfunction toggleChecked(element, name)\n\t\t{\n\t\t\tvar form = element.form;\n\n\t\t\t// then we have to uncheck everything else.\n\t\t\tfor (var i=0; i < form.length; i++)\n\t\t\t{\n\t\t        if (form.elements[i].type.toLowerCase() == 'checkbox' && form.elements[i].name.substring(0, name.length+1) == name+'[')\n\t\t\t\t{\n\t\t\t\t\tif(element.checked && form.elements[i].name != element.name)\n\t\t                form.elements[i].checked = false;\n\t\t\t\t}\n\t\t\t}\n\t\t}</script>";
        echo "\n<h3>Edit " . $HTTP_VARS['s_attribute_type'] . " Attribute Type Lookups</h3>";
        if (is_not_empty_array($errors)) {
Example #16
0
/**
	@param $item_r where provided will give the item_id / instance_no, where not provided is safe to assume that this
	is a new item insert field and this information is not relevant.
*/
function url($name, $item_r, $item_attribute_type_r, $prompt, $length, $maxlength, $content_groups, $value, $onchange_event, $disabled = FALSE, $multi_value = FALSE)
{
    // Default size.
    $size = $length;
    if (!is_numeric($size) || $size <= 0) {
        $size = 50;
    }
    if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
        if (strlen(trim($content_groups)) > 0) {
            // might be an array of content groups
            $content_group_r = prc_args($content_groups);
            $extensions_r = fetch_file_type_extensions_r($content_group_r);
            if (is_not_empty_array($extensions_r)) {
                $extensions = implode(', ', $extensions_r);
            } else {
                // else just list of extensions otherwise
                $extensions = $content_groups;
                $extensions_r = $content_group_r;
            }
            $url_is_not_valid_message = addslashes(get_opendb_lang_var('url_is_not_valid', array('prompt' => $prompt, 'extensions' => $extensions)));
            $onchange = "onchange=\"if(!isValidExtension(this.value, " . encode_javascript_array($extensions_r) . ")){alert('" . $url_is_not_valid_message . "'); this.focus(); return false;} {$onchange_event} return true;\"";
        }
    } else {
        $onchange = "onchange=\"{$onchange_event}\"";
    }
    if ($item_attribute_type_r['file_attribute_ind'] == 'Y') {
        $field .= "\n<ul class=\"urlOptionsMenu\" id=\"{$name}-tab-menu\" class=\"file-upload-menu\">";
        $field .= "<li id=\"menu-{$name}_saveurl\" class=\"activeTab\" onclick=\"return activateTab('{$name}_saveurl', '{$name}-tab-menu', '{$name}-tab-content', 'activeTab', 'fieldContent');\">URL</li>";
        if (is_file_upload_enabled()) {
            $field .= "<li id=\"menu-{$name}_upload\" onclick=\"return activateTab('{$name}_upload', '{$name}-tab-menu', '{$name}-tab-content', 'activeTab', 'fieldContent');\">Upload File</li>";
        }
        $field .= "</ul>";
        $field .= "<div class=\"urlOptionsContainer\" id=\"{$name}-tab-content\">";
        $field .= "\n<div class=\"fieldContent\" id=\"{$name}_saveurl\">";
        $field .= "<input type=\"text\" class=\"text\" name=\"{$name}\" value=\"{$value}\" {$onchange} size=\"" . $length . "\" " . (is_numeric($maxlength) ? "maxlength=\"" . $maxlength . "\"" : "") . ">";
        $field .= "<input type=\"button\" class=\"button\" onclick=\"if(this.form['{$name}'].value.length>0){popup(this.form['{$name}'].value,'400','300');}else{alert('" . get_opendb_lang_var('prompt_must_be_specified', 'prompt', $prompt) . "');}\" value=\"" . get_opendb_lang_var('view') . "\"" . ($disabled ? ' DISABLED' : '') . ">";
        $field .= "</div>";
        if (is_file_upload_enabled()) {
            $field .= "<div class=\"fieldContentHidden\" id=\"{$name}_upload\">";
            $field .= "<input type=\"file\" class=\"file\" name=\"{$name}_upload\" {$onchange} size=\"" . $size . "\"" . ($disabled ? ' DISABLED' : '') . ">";
            $field .= "</div>";
        }
        $field .= '</div>';
    } else {
        if ($multi_value) {
            return multivalue_text_field('text', $name, $size, $maxlength, $onchange, $value);
        } else {
            return singlevalue_text_field('text', $name, $size, $maxlength, $onchange, $value, $disabled);
        }
    }
    return $field;
}
Example #17
0
function validate_borrower_id($borrower_id, &$errors)
{
    if (strlen($borrower_id) > 0) {
        if (!is_user_active($borrower_id)) {
            $errors[] = get_opendb_lang_var('invalid_borrower_user', 'user_id', $HTTP_VARS['borrower_id']);
            return FALSE;
        } else {
            if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
                $errors[] = get_opendb_lang_var('user_must_be_borrower', 'user_id', $HTTP_VARS['borrower_id']);
                return FALSE;
            } else {
                return TRUE;
            }
        }
    } else {
        return FALSE;
    }
}
Example #18
0
function render_secret_image_form_field()
{
    $random_num = get_secret_image_random_num();
    $buffer .= "\n<input type=\"hidden\" name=\"gfx_random_number\" value=\"{$random_num}\">";
    $buffer .= "<p class=\"verifyCode\"><label for=\"gfx_code_check\">" . get_opendb_lang_var('verify_code') . "</label>" . "<img width=\"120\" height=\"25\" src=\"secretimage.php?op=gfx_code_check&gfx_random_number={$random_num}\">" . "<input type=\"text\" class=\"text\" id=\"gfx_code_check\" name=\"gfx_code_check\" size=\"15\" maxlength=\"6\"></p>";
    return $buffer;
}
Example #19
0
require_once "./include/begin.inc.php";
include_once "./lib/JsonRpcServer.class.php";
// TODO - enable a plugin layer
include_once "./lib/jsonrpc/ItemSearch.class.php";
function request_http_basic_auth()
{
    header('WWW-Authenticate: Basic realm="' . htmlspecialchars(get_opendb_title()) . '"');
    header('HTTP/1.0 401 Unauthorized');
}
if (is_site_enabled()) {
    if (!isset($_SERVER['PHP_AUTH_USER'])) {
        request_http_basic_auth();
    } else {
        $userId = $_SERVER['PHP_AUTH_USER'];
        $password = $_SERVER['PHP_AUTH_PW'];
        if (is_user_active($userId) && validate_user_passwd($userId, $password)) {
            $server = new JsonRpcServer();
            // TODO - currently no role based permissions are being performed for these services.
            $server->registerClass(new ItemSearch());
            $server->handle();
        } else {
            request_http_basic_auth();
        }
    }
} else {
    header('HTTP/1.0 503 Service Unavailable');
    echo "<h1>" . get_opendb_lang_var('site_is_disabled') . "</h1>";
    echo get_opendb_lang_var('site_is_disabled');
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Example #20
0
function send_email_to_userids($user_id_rs, $from_userid, $subject, $message, &$errors)
{
    if (strlen($subject) == 0) {
        $errors[] = get_opendb_lang_var('invalid_subject');
        return FALSE;
    }
    reset($user_id_rs);
    while (list(, $user_id) = each($user_id_rs)) {
        $touser_r = fetch_user_r($user_id);
        if (is_not_empty_array($touser_r)) {
            if (opendb_user_email($touser_r['user_id'], $from_userid, $subject, $message, $errors)) {
                $success[] = $touser_r['fullname'] . " (" . $user_id . ")";
            } else {
                $failures[] = array(user => $touser_r['fullname'] . " (" . $user_id . ")", error => $errors);
            }
            $errors = NULL;
        }
    }
    if (is_not_empty_array($success)) {
        echo "<p class=\"success\">" . get_opendb_lang_var('message_sent_to') . ": <ul>";
        while (list(, $touser) = each($success)) {
            echo "<li class=\"smsuccess\">" . $touser . "</li>";
        }
        echo "</ul></p>";
    }
    if (is_not_empty_array($failures)) {
        echo "<p class=\"error\">" . get_opendb_lang_var('message_not_sent_to') . ": <ul>";
        while (list(, $failure_r) = each($failures)) {
            echo "<li class=\\smerror\">" . $failure_r['user'] . format_error_block($failure_r['error']) . "</li>";
        }
        echo "</ul></p>";
    }
    return TRUE;
}
Example #21
0
function perform_newpassword($HTTP_VARS, &$errors)
{
    if (!is_user_valid($HTTP_VARS['uid'])) {
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
        // make user look successful to prevent mining for valid userids
        return TRUE;
    } else {
        if (!is_user_active($HTTP_VARS['uid'])) {
            // Do not allow new password operation for 'deactivated' user.
            opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
            return FALSE;
        } else {
            if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
                opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
                return FALSE;
            } else {
                if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
                    opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
                    return FALSE;
                } else {
                    opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
                    $user_r = fetch_user_r($HTTP_VARS['uid']);
                    $user_passwd = generate_password(8);
                    // only send if valid user (email)
                    if (strlen($user_r['email_addr']) > 0) {
                        $pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
                        if ($pass_result === TRUE) {
                            $subject = get_opendb_lang_var('lost_password');
                            $message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
                            if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
                                return TRUE;
                            } else {
                                return "EMAIL_NOT_SENT";
                            }
                        }
                    } else {
                        $errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
                        return FALSE;
                    }
                }
            }
        }
    }
}
Example #22
0
function get_op_confirm_form($PHP_SELF, $confirm_message, $HTTP_VARS)
{
    $formContents = "\n<form class=\"confirmForm\" action=\"{$PHP_SELF}\" method=\"POST\">";
    $formContents .= "<p>" . $confirm_message . "</p>" . get_url_fields($HTTP_VARS, NULL, array('confirmed')) . "<fieldset>" . "<label for=\"confirm_yes\">" . get_opendb_lang_var('yes') . "</label>" . "<input type=\"radio\" class=\"radio\" name=\"confirmed\" id=\"confirm_yes\" value=\"true\">" . "<label for=\"confirm_no\">" . get_opendb_lang_var('no') . "</label>" . "<input type=\"radio\" class=\"radio\" name=\"confirmed\" id=\"confirm_no\" value=\"false\" CHECKED>" . "</fieldset>" . "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">" . "</form>\n";
    return $formContents;
}
Example #23
0
/**
* Email to be sent from one OpenDb user to another
* 
* @from_userid can be null, and in this case, the from address will be the configured no-reply address for
* the psuedo administrator.
*/
function opendb_user_email($to_userid, $from_userid, $subject, $message, &$errors, $append_site_to_subject = TRUE)
{
    $to_userid = trim($to_userid);
    if (is_user_permitted_to_receive_email($to_userid)) {
        $to_user_r = fetch_user_r($to_userid);
        $to_email_addr = trim($to_user_r['email_addr']);
        $to_name = trim($to_user_r['fullname']);
        $from_userid = trim($from_userid);
        if (is_user_valid($from_userid)) {
            $from_user_r = fetch_user_r($from_userid);
            $from_email_addr = trim($from_user_r['email_addr']);
            $from_name = trim($from_user_r['fullname']);
        } else {
            if (strlen($from_userid) == 0) {
                $from_email_addr = trim(get_opendb_config_var('email', 'noreply_address'));
                $from_name = trim(get_opendb_lang_var('noreply'));
            } else {
                //if(is_valid_email_addr($from_userid))
                $from_email_addr = $from_userid;
            }
        }
        if (!is_valid_email_addr($to_email_addr)) {
            $errors[] = get_opendb_lang_var('invalid_to_address');
            return FALSE;
        }
        if (!is_valid_email_addr($from_email_addr)) {
            $errors[] = get_opendb_lang_var('invalid_from_address');
            return FALSE;
        }
        $subject = trim(stripslashes($subject));
        if (strlen($subject) == 0) {
            $errors[] = get_opendb_lang_var('invalid_subject');
            return FALSE;
        }
        if ($append_site_to_subject) {
            $subject .= " [" . get_opendb_config_var('site', 'title') . "]";
        }
        $message = trim(stripslashes($message));
        $message .= get_email_footer();
        if (sendEmail($to_email_addr, $to_name, $from_email_addr, $from_name, $subject, $message, $errors)) {
            // insert email function will set this to NULL if from user provided!
            insert_email($to_userid, $from_userid != $from_email_addr ? $from_userid : NULL, $from_email_addr, $subject, $message);
            return TRUE;
        }
    }
    //else
    return FALSE;
}
Example #24
0
        if ($files_deleted > 0) {
            $success[] = 'Deleted ' . $files_deleted . ' cache files';
        }
        $HTTP_VARS['op'] = '';
    }
}
if (strlen($HTTP_VARS['op']) == 0) {
    if (is_not_empty_array($success)) {
        echo format_error_block($success, 'information');
    }
    echo "<p>[<a href=\"admin.php?type={$ADMIN_TYPE}&op=flushexpired\">Delete expired cache entries</a>] " . "[<a href=\"admin.php?type={$ADMIN_TYPE}&op=flush\">Delete all cache entries</a>]</p>";
    if (strlen($HTTP_VARS['order_by']) == 0) {
        $HTTP_VARS['order_by'] = 'cache_date';
    }
    $listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS);
    $listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found'));
    $listingObject->startListing();
    $listingObject->addHeaderColumn('URL', 'url');
    $listingObject->addHeaderColumn('Cached', 'cache_date');
    $listingObject->addHeaderColumn('Expires', 'expire_date');
    if (is_numeric($listingObject->getItemsPerPage())) {
        $listingObject->setTotalItems(fetch_file_cache_cnt($HTTP_VARS['cache_type']));
    }
    $results = fetch_file_cache_rs($HTTP_VARS['cache_type'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
    if ($results) {
        while ($file_cache_r = db_fetch_assoc($results)) {
            $listingObject->startRow();
            if (file_cache_get_cache_file($file_cache_r)) {
                $popupUrl = "url.php?id=" . $file_cache_r['sequence_number'];
                $listingObject->addColumn("<a href=\"" . $file_cache_r['url'] . "\" onclick=\"popup('{$popupUrl}'); return false;\" target=\"_new\">" . get_overflow_tooltip_column($file_cache_r['url'], 100) . "</a>");
            } else {
Example #25
0
                    }
                    db_free_result($addr_results);
                }
                if (is_valid_opendb_mailer() && strlen($user_r['email_addr']) > 0 && is_user_granted_permission(PERM_SEND_EMAIL) && is_user_permitted_to_receive_email($user_r['user_id'])) {
                    $url = 'email.php?' . get_url_string(array('op' => 'send_to_uid', 'uid' => $user_r['user_id'], 'inc_menu' => 'N', 'subject' => ifempty($HTTP_VARS['subject'], get_opendb_lang_var('no_subject'))));
                    $footer_links_r[] = array(url => $url, target => 'popup(640,480)', text => get_opendb_lang_var('send_email'));
                }
                if (is_user_granted_permission(PERM_VIEW_LISTINGS) && $user_r['active_ind'] == 'Y') {
                    $footer_links_r[] = array(url => "listings.php?owner_id=" . $user_r['user_id'], text => get_opendb_lang_var('list_user_items'));
                }
                if (is_user_granted_permission(PERM_ADMIN_USER_LISTING) && is_opendb_session_var('user_listing_url_vars')) {
                    $footer_links_r[] = array(url => "user_listing.php?" . get_url_string(get_opendb_session_var('user_listing_url_vars')), text => get_opendb_lang_var('back_to_user_listing'));
                }
                echo format_footer_links($footer_links_r);
            } else {
                $message = get_opendb_lang_var('user_not_found', array('user_id' => $user_r['user_id']));
                echo _theme_header($message);
                echo "<p class=\"error\">" . $message . "</p>";
                echo _theme_footer();
            }
        } else {
            opendb_not_authorised_page(PERM_VIEW_USER_PROFILE, $HTTP_VARS);
        }
    } else {
        // invalid login, so login instead.
        redirect_login($PHP_SELF, $HTTP_VARS);
    }
} else {
    //if(is_site_enabled())
    opendb_site_disabled();
}
Example #26
0
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors)
{
    if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) {
        $errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => '');
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r);
        return FALSE;
    }
    if ($HTTP_VARS['confirmed'] == 'true') {
        delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']);
    } else {
        if ($HTTP_VARS['confirmed'] != 'false') {
            return "__CONFIRM__";
        } else {
            // confirmation required.
            return "__ABORTED__";
        }
    }
}
Example #27
0
function is_newinstance_status_type_valid($item_id, $owner_id, $new_status_type_r, &$errors)
{
    if ($new_status_type_r['closed_ind'] != 'Y') {
        if ((get_opendb_config_var('item_input', 'item_instance_support') !== FALSE || !is_exists_item_instance($item_id)) && (get_opendb_config_var('item_input', 'new_instance_owner_only') !== TRUE || is_user_owner_of_item($item_id, NULL, $owner_id))) {
            return TRUE;
        } else {
            $errors = array('error' => get_opendb_lang_var('operation_not_avail_new_instance'), 'detail' => '');
            return FALSE;
        }
    } else {
        $errors = array('error' => get_opendb_lang_var('s_status_type_not_supported', 's_status_type_desc', $new_status_type_r['description']), 'detail' => '');
        return FALSE;
    }
}
Example #28
0
   You should have received a copy of the GNU General Public License
   along with this program; if not, write to the Free Software
   Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/
// This must be first - includes config.php
require_once "./include/begin.inc.php";
if ($_OpendbBrowserSniffer->isBrowserSupported()) {
    $pageTitle = get_opendb_lang_var('browser_supported');
} else {
    $pageTitle = get_opendb_lang_var('browser_not_supported');
}
echo _theme_header($pageTitle, FALSE);
echo "<h1>" . $pageTitle . "</h1>";
if (!$_OpendbBrowserSniffer->isBrowserSupported()) {
    echo "<p class=\"error\">" . get_opendb_lang_var('browser_not_supported_text') . "</p>";
    $supportedBrowsers = array(array('url' => 'http://www.mozilla.com/firefox/', 'icon' => 'firefox.jpg'), array('url' => 'http://www.microsoft.com/windows/products/winfamily/ie/default.mspx', 'icon' => 'icon_ie7.gif'), array('url' => 'http://www.apple.com/safari/', 'icon' => 'safari.png'));
    echo "<ul class=\"browsers\">";
    while (list(, $browser_r) = each($supportedBrowsers)) {
        if (file_exists('./images/browsers/' . $browser_r['icon'])) {
            $browser_r['icon'] = './images/browsers/' . $browser_r['icon'];
        } else {
            $browser_r['icon'] = NULL;
        }
        echo "<li><a href=\"" . $browser_r['url'] . "\" title=\"" . $browser_r['name'] . "\"><img src=\"" . $browser_r['icon'] . "\"></a></li>";
    }
    echo "</ul>";
}
echo _theme_footer();
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
Example #29
0
function send_signup_info_to_admin($HTTP_VARS, &$errors)
{
    global $PHP_SELF;
    $role_r = fetch_role_r($HTTP_VARS['user_role']);
    $user_info_lines = get_opendb_lang_var('userid') . ": " . $HTTP_VARS['user_id'] . "\n" . get_opendb_lang_var('fullname') . ": " . $HTTP_VARS['fullname'] . "\n" . get_opendb_lang_var('user_role') . ": " . $role_r['description'] . "\n" . get_opendb_lang_var('user_theme') . ": " . $HTTP_VARS['uid_theme'] . "\n" . get_opendb_lang_var('email') . ": " . $HTTP_VARS['email_addr'];
    $addr_results = fetch_address_type_rs(TRUE);
    if ($addr_results) {
        while ($address_type_r = db_fetch_assoc($addr_results)) {
            $address_type = strtolower($address_type_r['s_address_type']);
            $attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE);
            if ($attr_results) {
                while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) {
                    $fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']);
                    // may have to change this if statement, if fieldname will contain array, instead of scalar value
                    if (is_not_empty_array($HTTP_VARS[$address_type][$fieldname]) || !is_array($HTTP_VARS[$address_type][$fieldname]) && strlen($HTTP_VARS[$address_type][$fieldname]) > 0) {
                        if (is_not_empty_array($HTTP_VARS[$address_type][$fieldname])) {
                            $value = '';
                            for ($i = 0; $i < count($HTTP_VARS[$address_type][$fieldname]); $i++) {
                                if (strlen($value) > 0) {
                                    $value .= ',';
                                }
                                $value .= $HTTP_VARS[$address_type][$fieldname][$i];
                            }
                        } else {
                            $value = $HTTP_VARS[$address_type][$fieldname];
                        }
                        $user_info_lines .= "\n" . $addr_attribute_type_r['prompt'] . ": " . $value;
                    }
                }
                db_free_result($attr_results);
            }
            //if($attr_results)
        }
        db_free_result($addr_results);
    }
    //if($addr_results)
    $activate_url = get_site_url() . 'user_admin.php?op=activate&user_id=' . $HTTP_VARS['user_id'];
    $delete_url = get_site_url() . 'user_admin.php?op=delete&user_id=' . $HTTP_VARS['user_id'];
    $message = get_opendb_lang_var('new_account_email', array('admin_name' => get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')), 'user_info' => $user_info_lines, 'site' => get_opendb_config_var('site', 'title'), 'activate_url' => $activate_url, 'delete_url' => $delete_url));
    return send_email_to_site_admins(PERM_ADMIN_CREATE_USER, $HTTP_VARS['email_addr'], get_opendb_lang_var('new_account'), $message, $errors);
}
Example #30
0
function ajax_remove_all_interest_level()
{
    $user_id = get_opendb_session_var('user_id');
    $objResponse = new xajaxResponse();
    if (db_remove_all_interest_level($user_id)) {
        // We update all the images
        $objResponse->call(doRemoveInterestAllInterestLevel, theme_image_src('interest_0.gif'), get_opendb_lang_var('interest_mark'));
    }
    return $objResponse;
}