$display = safesql($_POST['display'], "int"); $groupallowed = safesql(serialize($_POST['groups']), "text"); $description = safesql($_POST['description'], "text"); $perpage = safesql($_POST['perpage'], "int"); $sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}"); if ($sql) { show_admin_message("Topic added", "{$pagename}&activetab=topics"); } } } else { $action = ""; } if ($action == "") { $row = array(); if (pageauth("patrolart", "limit")) { $patrol = group_sql_list_id("patrol", "OR", true); $result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC"); } else { $result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC"); } $numarticles = $data->num_rows($result); while ($temp = $data->fetch_array($result)) { $sql = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname"); $temp['patrol'] = $sql['teamname']; $topics = unserialize($temp['topics']); $temp['topics'] = ''; $num = 1; if (is_array($topics)) { foreach ($topics as $topicid => $value) { $topicdetail = $data->select_fetch_one_row("articletopics", "WHERE id = {$topicid}", "title"); $temp['topics'] .= $topicdetail['title'];
} else { show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=mythings&action=addnews&menuid={$menuid}", true); } } } elseif ($action == "deleteowner") { $sqlq = $data->delete_query("owners", "id={$safe_id}"); if ($sqlq) { show_message("Owner removed.", "index.php?page=mythings&cat={$_GET['cat']}&action=owner&id={$_GET['itemid']}&menuid={$menuid}"); } } if ($action == "delete") { header("location: index.php?page=mythings"); } } else { $uname = $check['uname']; $grouplist = group_sql_list_id("owner_id", "OR", true); $pagesused = array("patrolarticle", "calender", "downloads", "news", "polls", "photos"); $pageactive = array(); foreach ($pagesused as $pagename) { $pageactive[$pagename] = $data->num_rows($data->select_query("functions", "WHERE active = 1 AND code = '{$pagename}'")) > 0 ? 1 : 0; } if ($pageactive['photos']) { $sql = $data->select_query("album_track", "WHERE trash=0"); $numalbums = 0; $album = array(); while ($temp = $data->fetch_array($sql)) { $sql2 = $data->select_query("owners", "WHERE item_id={$temp['ID']} AND item_type='album' AND ((owner_id={$check['id']} AND owner_type=0) OR ({$grouplist} AND owner_type=1))"); $temp2 = $data->fetch_array($sql2); if ($data->num_rows($sql2) > 0) { $numalbums++; $temp['expire'] = $temp2['expire'];
$groupsqllist = group_sql_list_id("id", "OR", true); $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1"); } else { $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1"); } $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); if ($_POST['submit'] == "Add Album") { $group = safesql($_POST['patrol'], "int"); $name = safesql($_POST['album_name'], "text"); $data->insert_query("album_track", "'', {$name}, {$group}, 1, 0"); show_admin_message("Album added", "{$pagename}"); } } elseif ($action == "") { if (pageauth("photo", "limit")) { $patrollist = group_sql_list_id("patrol", "OR"); $result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC"); } else { $result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC"); } $albums = array(); while ($temp = $data->fetch_array($result)) { if ($temp['patrol'] > 0) { $temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname"); $temp['patrol'] = $temp2['teamname']; } elseif ($temp['patrol'] == 0) { $temp['patrol'] = "None"; } $albums[] = $temp; } $numalbums = $data->num_rows($result);
$sql = $data->update_query("calendar_items", "summary = {$summary}, startdate = {$startdate}, enddate = {$enddate}, detail = {$detail}, `groups` = {$groupallowed}, colour = {$colour}, signup={$signup}, signupusers={$signupusers}, patrols={$patrols}", "id = {$id}"); show_admin_message("Event updated", "{$pagename}"); } elseif ($action == "new") { $sql = $data->insert_query("calendar_items", "'', {$summary}, {$startdate}, {$startdate}, {$detail}, 1, {$groupallowed}, {$timestamp}, {$colour},{$signup}, {$signupusers},{$patrols}, 0"); show_admin_message("Event added", "{$pagename}"); } $action = ''; } } elseif ($action == "editical" && pageauth("events", "edit") == 1 || $action == "newical" && pageauth("events", "add") == 1) { if ($action == "editical") { $calsql = $data->select_query("ical_items", "WHERE id = {$id}"); $items = $data->fetch_array($calsql); $items['groups'] = unserialize($items['groups']); } if (pageauth("events", "limit") == 1) { $groups = group_sql_list_id("id", "OR"); $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname"); } else { $teams = $data->select_fetch_all_rows($numteams, "groups", "ORDER BY teamname ASC", "id, teamname"); } $colour = $action == "editical" ? rgb2hex2rgb($items['colour']) : array("red" => 255, "green" => 255, "blue" => 255); $onDomReady .= "var r = new MooRainbow('colourSelector', {\n 'startColor': [{$colour['red']}, {$colour['green']}, {$colour['blue']}],\n 'onChange': function(color) {\n \$('colour').value = color.hex;\n \$('colour').style.backgroundColor = color.hex;\n }\n });"; $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); $submit = $_POST['Submit']; if ($submit == "Submit") { $name = safesql($_POST['name'], "text"); $link = safesql($_POST['link'], "text"); $colour = safesql($_POST['colour'], "text"); $groupallowed = safesql(serialize($_POST['groups']), "text"); if ($action == "editical") {
show_message($message, "index.php?page=mythings&menuid={$menuid}"); } else { show_message("There was an error adding your event. If this error persists please contact the site administrator.", "index.php?page=addevent", true); } } else { show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addevent&menuid={$menuid}", true); } } $groups = group_sql_list_id("id", "OR"); $teams = array(); $team_query = $data->select_query("groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname"); $numteams = $data->num_rows($team_query); while ($teams[] = $data->fetch_array($team_query)) { } $patrols = $data->select_fetch_all_rows($numpatrols, "groups", "WHERE ({$groups}) AND ispatrol = 1 ORDER BY teamname ASC", "id, teamname"); $groups = group_sql_list_id("patrol", "OR"); $members = $data->select_fetch_all_rows($nummembers, "members", "WHERE ({$groups}) ORDER BY lastName,firstName ASC", "id, lastName, firstName"); $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); $tpl->assign('patrols', $patrols); $tpl->assign('numpatrols', $numpatrols); $tpl->assign('members', $members); $tpl->assign('nummembers', $nummembers); $copyitem = isset($_GET['copyitem']) ? $_GET['copyitem'] : 0; if ($copyitem) { $copyitem = safesql($copyitem, "int"); $item = $data->select_fetch_one_row("calendar_items", "WHERE id = {$copyitem}", "summary, detail"); $tpl->assign("copyitem", $item); } $script .= "{literal}function makeTwoChars(inp) {\n return String(inp).length < 2 ? \"0\" + inp : inp;\n}\n\nfunction initialiseInputs() {\n // Clear any old values from the inputs (that might be cachedate by the browser after a page reload)\n document.getElementById(\"sdate\").value = \"\";\n document.getElementById(\"edate\").value = \"\";\n\n // Add the onchange event handler to the start date input\n document.getElementById(\"sdate\").onchange = setReservationDates;\n}\nfunction setReservationDates(e) {\n // Check the associatedate datePicker object is available (be safe)\n if(!(\"sdate\" in datePickerController.datePickers)) {\n return;\n }\n \n // Check the value of the input is a date of the correct format\n var dt = datePickerController.dateFormat(this.value, datePickerController.datePickers[\"sdate\"].format.charAt(0) == \"m\");\n \n // If the input's value cannot be parsedate as a valid date then return\n if(dt == 0) return;\n\n // Grab the value set within the endDate input and parse it using the dateFormat method\n // N.B: The second parameter to the dateFormat function, if TRUE, tells the function to favour the m-d-y date format\n var edatev = datePickerController.dateFormat(document.getElementById(\"edate\").value, datePickerController.datePickers[\"edate\"].format.charAt(0) == \"m\");\n\n // Grab the end date datePicker Objects\n var edate = datePickerController.datePickers[\"edate\"];\n\n edate.setRangeLow( dt );\n \n // If theres a value already present within the end date input and it's smaller than the start date\n // then clear the end date value\n if(edatev < dt) {\n document.getElementById(\"edate\").value = \"\";\n }\n}\n \ndatePickerController.addEvent(window, 'load', initialiseInputs);\n{/literal}"; $onDomReady .= "var r = new MooRainbow('colourSelector', {\n 'onChange': function(color) {\n \$('colour').value = color.hex;\n \$('colour').style.backgroundColor = color.hex;\n }\n });";
function is_owner($itemid, $itemtype) { global $data, $check; $grouplist = group_sql_list_id("owner_id", "OR", true); $itemid = safesql($itemid, "int"); $itemtype = safesql($itemtype, "text"); $uid = safesql($check['id'], "int"); $timestamp = time(); return $data->num_rows($data->select_query("owners", "WHERE `item_id` = {$itemid} AND `item_type` = {$itemtype} AND ((owner_id={$uid} AND owner_type=0) OR (({$grouplist}) AND owner_type=1)) AND (expire > {$timestamp} OR expire = 0)")); }