Example #1
0
         $display = safesql($_POST['display'], "int");
         $groupallowed = safesql(serialize($_POST['groups']), "text");
         $description = safesql($_POST['description'], "text");
         $perpage = safesql($_POST['perpage'], "int");
         $sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}");
         if ($sql) {
             show_admin_message("Topic added", "{$pagename}&activetab=topics");
         }
     }
 } else {
     $action = "";
 }
 if ($action == "") {
     $row = array();
     if (pageauth("patrolart", "limit")) {
         $patrol = group_sql_list_id("patrol", "OR", true);
         $result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC");
     } else {
         $result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC");
     }
     $numarticles = $data->num_rows($result);
     while ($temp = $data->fetch_array($result)) {
         $sql = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
         $temp['patrol'] = $sql['teamname'];
         $topics = unserialize($temp['topics']);
         $temp['topics'] = '';
         $num = 1;
         if (is_array($topics)) {
             foreach ($topics as $topicid => $value) {
                 $topicdetail = $data->select_fetch_one_row("articletopics", "WHERE id = {$topicid}", "title");
                 $temp['topics'] .= $topicdetail['title'];
Example #2
0
            } else {
                show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=mythings&action=addnews&menuid={$menuid}", true);
            }
        }
    } elseif ($action == "deleteowner") {
        $sqlq = $data->delete_query("owners", "id={$safe_id}");
        if ($sqlq) {
            show_message("Owner removed.", "index.php?page=mythings&cat={$_GET['cat']}&action=owner&id={$_GET['itemid']}&menuid={$menuid}");
        }
    }
    if ($action == "delete") {
        header("location: index.php?page=mythings");
    }
} else {
    $uname = $check['uname'];
    $grouplist = group_sql_list_id("owner_id", "OR", true);
    $pagesused = array("patrolarticle", "calender", "downloads", "news", "polls", "photos");
    $pageactive = array();
    foreach ($pagesused as $pagename) {
        $pageactive[$pagename] = $data->num_rows($data->select_query("functions", "WHERE active = 1 AND code = '{$pagename}'")) > 0 ? 1 : 0;
    }
    if ($pageactive['photos']) {
        $sql = $data->select_query("album_track", "WHERE trash=0");
        $numalbums = 0;
        $album = array();
        while ($temp = $data->fetch_array($sql)) {
            $sql2 = $data->select_query("owners", "WHERE item_id={$temp['ID']} AND item_type='album' AND ((owner_id={$check['id']} AND owner_type=0) OR ({$grouplist} AND owner_type=1))");
            $temp2 = $data->fetch_array($sql2);
            if ($data->num_rows($sql2) > 0) {
                $numalbums++;
                $temp['expire'] = $temp2['expire'];
Example #3
0
         $groupsqllist = group_sql_list_id("id", "OR", true);
         $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1");
     } else {
         $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1");
     }
     $tpl->assign('teams', $teams);
     $tpl->assign('numteams', $numteams);
     if ($_POST['submit'] == "Add Album") {
         $group = safesql($_POST['patrol'], "int");
         $name = safesql($_POST['album_name'], "text");
         $data->insert_query("album_track", "'', {$name}, {$group}, 1, 0");
         show_admin_message("Album added", "{$pagename}");
     }
 } elseif ($action == "") {
     if (pageauth("photo", "limit")) {
         $patrollist = group_sql_list_id("patrol", "OR");
         $result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC");
     } else {
         $result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC");
     }
     $albums = array();
     while ($temp = $data->fetch_array($result)) {
         if ($temp['patrol'] > 0) {
             $temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
             $temp['patrol'] = $temp2['teamname'];
         } elseif ($temp['patrol'] == 0) {
             $temp['patrol'] = "None";
         }
         $albums[] = $temp;
     }
     $numalbums = $data->num_rows($result);
Example #4
0
             $sql = $data->update_query("calendar_items", "summary = {$summary}, startdate = {$startdate}, enddate = {$enddate}, detail = {$detail}, `groups` = {$groupallowed}, colour = {$colour}, signup={$signup}, signupusers={$signupusers}, patrols={$patrols}", "id = {$id}");
             show_admin_message("Event updated", "{$pagename}");
         } elseif ($action == "new") {
             $sql = $data->insert_query("calendar_items", "'', {$summary}, {$startdate}, {$startdate}, {$detail}, 1, {$groupallowed}, {$timestamp}, {$colour},{$signup}, {$signupusers},{$patrols}, 0");
             show_admin_message("Event added", "{$pagename}");
         }
         $action = '';
     }
 } elseif ($action == "editical" && pageauth("events", "edit") == 1 || $action == "newical" && pageauth("events", "add") == 1) {
     if ($action == "editical") {
         $calsql = $data->select_query("ical_items", "WHERE id = {$id}");
         $items = $data->fetch_array($calsql);
         $items['groups'] = unserialize($items['groups']);
     }
     if (pageauth("events", "limit") == 1) {
         $groups = group_sql_list_id("id", "OR");
         $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname");
     } else {
         $teams = $data->select_fetch_all_rows($numteams, "groups", "ORDER BY teamname ASC", "id, teamname");
     }
     $colour = $action == "editical" ? rgb2hex2rgb($items['colour']) : array("red" => 255, "green" => 255, "blue" => 255);
     $onDomReady .= "var r = new MooRainbow('colourSelector', {\n                    'startColor': [{$colour['red']}, {$colour['green']}, {$colour['blue']}],\n                    'onChange': function(color) {\n                        \$('colour').value = color.hex;\n                        \$('colour').style.backgroundColor = color.hex;\n                    }\n                });";
     $tpl->assign('teams', $teams);
     $tpl->assign('numteams', $numteams);
     $submit = $_POST['Submit'];
     if ($submit == "Submit") {
         $name = safesql($_POST['name'], "text");
         $link = safesql($_POST['link'], "text");
         $colour = safesql($_POST['colour'], "text");
         $groupallowed = safesql(serialize($_POST['groups']), "text");
         if ($action == "editical") {
Example #5
0
             show_message($message, "index.php?page=mythings&menuid={$menuid}");
         } else {
             show_message("There was an error adding your event. If this error persists please contact the site administrator.", "index.php?page=addevent", true);
         }
     } else {
         show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addevent&menuid={$menuid}", true);
     }
 }
 $groups = group_sql_list_id("id", "OR");
 $teams = array();
 $team_query = $data->select_query("groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname");
 $numteams = $data->num_rows($team_query);
 while ($teams[] = $data->fetch_array($team_query)) {
 }
 $patrols = $data->select_fetch_all_rows($numpatrols, "groups", "WHERE ({$groups}) AND ispatrol = 1 ORDER BY teamname ASC", "id, teamname");
 $groups = group_sql_list_id("patrol", "OR");
 $members = $data->select_fetch_all_rows($nummembers, "members", "WHERE ({$groups}) ORDER BY lastName,firstName ASC", "id, lastName, firstName");
 $tpl->assign('teams', $teams);
 $tpl->assign('numteams', $numteams);
 $tpl->assign('patrols', $patrols);
 $tpl->assign('numpatrols', $numpatrols);
 $tpl->assign('members', $members);
 $tpl->assign('nummembers', $nummembers);
 $copyitem = isset($_GET['copyitem']) ? $_GET['copyitem'] : 0;
 if ($copyitem) {
     $copyitem = safesql($copyitem, "int");
     $item = $data->select_fetch_one_row("calendar_items", "WHERE id = {$copyitem}", "summary, detail");
     $tpl->assign("copyitem", $item);
 }
 $script .= "{literal}function makeTwoChars(inp) {\n        return String(inp).length < 2 ? \"0\" + inp : inp;\n}\n\nfunction initialiseInputs() {\n        // Clear any old values from the inputs (that might be cachedate by the browser after a page reload)\n        document.getElementById(\"sdate\").value = \"\";\n        document.getElementById(\"edate\").value = \"\";\n\n        // Add the onchange event handler to the start date input\n        document.getElementById(\"sdate\").onchange = setReservationDates;\n}\nfunction setReservationDates(e) {\n        // Check the associatedate datePicker object is available (be safe)\n        if(!(\"sdate\" in datePickerController.datePickers)) {\n                return;\n        }\n        \n        // Check the value of the input is a date of the correct format\n        var dt = datePickerController.dateFormat(this.value, datePickerController.datePickers[\"sdate\"].format.charAt(0) == \"m\");\n        \n        // If the input's value cannot be parsedate as a valid date then return\n        if(dt == 0) return;\n\n        // Grab the value set within the endDate input and parse it using the dateFormat method\n        // N.B: The second parameter to the dateFormat function, if TRUE, tells the function to favour the m-d-y date format\n        var edatev = datePickerController.dateFormat(document.getElementById(\"edate\").value, datePickerController.datePickers[\"edate\"].format.charAt(0) == \"m\");\n\n        // Grab the end date datePicker Objects\n        var edate = datePickerController.datePickers[\"edate\"];\n\n        edate.setRangeLow( dt );\n        \n        // If theres a value already present within the end date input and it's smaller than the start date\n        // then clear the end date value\n        if(edatev < dt) {\n                document.getElementById(\"edate\").value = \"\";\n        }\n}\n                    \ndatePickerController.addEvent(window, 'load', initialiseInputs);\n{/literal}";
 $onDomReady .= "var r = new MooRainbow('colourSelector', {\n                    'onChange': function(color) {\n                        \$('colour').value = color.hex;\n                        \$('colour').style.backgroundColor = color.hex;\n                    }\n                });";
Example #6
0
function is_owner($itemid, $itemtype)
{
    global $data, $check;
    $grouplist = group_sql_list_id("owner_id", "OR", true);
    $itemid = safesql($itemid, "int");
    $itemtype = safesql($itemtype, "text");
    $uid = safesql($check['id'], "int");
    $timestamp = time();
    return $data->num_rows($data->select_query("owners", "WHERE `item_id` = {$itemid} AND `item_type` = {$itemtype} AND ((owner_id={$uid} AND owner_type=0) OR (({$grouplist}) AND owner_type=1)) AND (expire > {$timestamp} OR expire = 0)"));
}