function Lenses_admin_update_company($args) { // Clean input from the form. $company = pnVarCleanFromInput('company'); // Extract any extra arguments. extract($args); // Confirm $authid hidden field from form template. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Lenses', 'admin', 'main')); } // Attempt to update company. if (pnModAPIFunc('Lenses', 'admin', 'update_company', array('company' => $company))) { pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED)); } // No output. Redirect user. return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_companies')); }
function postcalendar_user_submit($args) { // We need at least ADD permission to submit an event if (!(bool) PC_ACCESS_ADD) { return _POSTCALENDARNOAUTH; } $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2; // $category = pnVarCleanFromInput('event_category'); $category = pnVarCleanFromInput('category'); if (!empty($category)) { $category = unserialize(base64_decode($category)); //print_r($category); } else { //print_r($_POST); $cat = $_POST['category']; $category = unserialize(base64_decode($cat)); //print_r($category); } //print_r($category); // echo("<!-- Here is the argument array: -->\n"); // foreach ($args as $tmpkey => $tmpval) { // debugging // echo("<!-- $tmpkey => '$tmpval' -->\n"); // } extract($args); $Date =& postcalendar_getDate(); $year = substr($Date, 0, 4); $month = substr($Date, 4, 2); $day = substr($Date, 6, 2); // basic event information $event_desc = pnVarCleanFromInput('event_desc'); $event_category = pnVarCleanFromInput('event_category'); $event_subject = pnVarCleanFromInput('event_subject'); $event_sharing = pnVarCleanFromInput('event_sharing'); $event_topic = pnVarCleanFromInput('event_topic'); //id of the user the event is for $event_userid = pnVarCleanFromInput('event_userid'); if (!is_numeric($event_userid)) { $event_userid = 0; } $event_pid = pnVarCleanFromInput('event_pid'); if (!is_numeric($event_pid)) { $event_pid = ""; } // event start information $event_startmonth = pnVarCleanFromInput('event_startmonth'); $event_startday = pnVarCleanFromInput('event_startday'); $event_startyear = pnVarCleanFromInput('event_startyear'); $event_starttimeh = pnVarCleanFromInput('event_starttimeh'); $event_starttimem = pnVarCleanFromInput('event_starttimem'); $event_startampm = pnVarCleanFromInput('event_startampm'); // location data $event_location = pnVarCleanFromInput('event_location'); $event_street1 = pnVarCleanFromInput('event_street1'); $event_street2 = pnVarCleanFromInput('event_street2'); $event_city = pnVarCleanFromInput('event_city'); $event_state = pnVarCleanFromInput('event_state'); $event_postal = pnVarCleanFromInput('event_postal'); $event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal')); // contact data $event_contname = pnVarCleanFromInput('event_contname'); $event_conttel = pnVarCleanFromInput('event_conttel'); $event_contemail = pnVarCleanFromInput('event_contemail'); $event_website = pnVarCleanFromInput('event_website'); $event_fee = pnVarCleanFromInput('event_fee'); $event_patient_name = pnVarCleanFromInput('patient_name'); // event repeating data if (is_array($category)) { //$event_subject = $event_desc = $category['desc']; $event_category = $category['id']; $event_duration = $category['event_duration']; //seconds of the event $event_dur_hours = $event_duration / (60 * 60); //seconds divided by 60 seconds * 60 minutes $event_dur_minutes = $event_duration % (60 * 60) / 60; $event_repeat = $category['event_repeat']; $event_repeat_freq = $category['event_repeat_freq']; $event_repeat_freq_type = $category['event_repeat_freq_type']; $event_repeat_on_num = $category['event_repeat_on_num']; $event_repeat_on_day = $category['event_repeat_on_day']; $event_repeat_on_freq = $category['event_repeat_on_freq']; $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq')); // event end information $multiple = $category['end_date_freq'] . " "; switch ($category['end_date_type']) { case REPEAT_EVERY_DAY: case REPEAT_EVERY_WORK_DAY: //end date is in days $multiple .= "days"; break; case REPEAT_EVERY_WEEK: //end date is in weeks $multiple .= "weeks"; break; case REPEAT_EVERY_MONTH: //end date is in months $multiple .= "months"; break; case REPEAT_EVERY_YEAR: //end date is in years $multiple .= "years"; break; } $edate = strtotime(pnVarCleanFromInput('Date')); $event_startmonth = date("m", $edate); $event_startday = date("d", $edate); $event_startyear = date("Y", $edate); $event_enddate = strtotime(pnVarCleanFromInput('Date') . " + " . $multiple); $event_endmonth = date("m", $event_enddate); $event_endday = date("d", $event_enddate); $event_endyear = date("Y", $event_enddate); $event_endtype = $category['end_date_flag']; // I'm pretty sure this was a bug since 'event_all_day' appears nowhere // else in the code, but it's hard to tell WTF is going on. // $event_allday = $category['event_all_day']; $event_allday = $category['all_day']; } else { $event_dur_hours = pnVarCleanFromInput('event_dur_hours'); $event_dur_minutes = pnVarCleanFromInput('event_dur_minutes'); $event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes; $event_repeat = pnVarCleanFromInput('event_repeat'); $event_repeat_freq = pnVarCleanFromInput('event_repeat_freq'); $event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type'); $event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num'); $event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day'); $event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq'); $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq')); // event end information $event_endmonth = pnVarCleanFromInput('event_endmonth'); $event_endday = pnVarCleanFromInput('event_endday'); $event_endyear = pnVarCleanFromInput('event_endyear'); $event_endtype = pnVarCleanFromInput('event_endtype'); $event_allday = pnVarCleanFromInput('event_allday'); } // Added by Rod: if ($event_allday) { $event_starttimeh = 0; $event_starttimem = 0; $event_startampm = 1; $event_dur_hours = 24; $event_dur_minutes = 0; $event_duration = 60 * 60 * $event_dur_hours; } $form_action = pnVarCleanFromInput('form_action'); $pc_html_or_text = pnVarCleanFromInput('pc_html_or_text'); $pc_event_id = pnVarCleanFromInput('pc_event_id'); $data_loaded = pnVarCleanFromInput('data_loaded'); $is_update = pnVarCleanFromInput('is_update'); $authid = pnVarCleanFromInput('authid'); //pennfirm uname matchup future fix //if(pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); } //else { $uname = pnConfigGetVar('anonymous'); } $uname = $_SESSION['authUser']; if (!isset($event_repeat)) { $event_repeat = 0; } if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) { // lets wrap all the data into array for passing to submit and preview functions $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', "event_userid", "event_pid", 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'event_patient_name', 'event_pid'); $eventdata['is_update'] = $is_update; $eventdata['pc_event_id'] = $pc_event_id; $eventdata['data_loaded'] = true; $eventdata['category'] = base64_encode(serialize($category)); } else { $event =& postcalendar_userapi_pcGetEventDetails($pc_event_id); //echo "uname is:$uname other name is: ".$event['uname'] . "<br />"; if ($uname != $event['uname']) { if (!validateGroupStatus($uname, getUsername($event['uname']))) { return _PC_CAN_NOT_EDIT; } } $eventdata['event_subject'] = $event['title']; $eventdata['event_desc'] = $event['hometext']; $eventdata['event_sharing'] = $event['sharing']; $eventdata['event_category'] = $event['catid']; $eventdata['event_topic'] = $event['topic']; $eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2); $eventdata['event_startday'] = substr($event['eventDate'], 8, 2); $eventdata['event_startyear'] = substr($event['eventDate'], 0, 4); $eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2); $eventdata['event_starttimem'] = substr($event['startTime'], 3, 2); $eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? 1 : 2; //1 is am , 2 is pm $eventdata['event_endmonth'] = substr($event['endDate'], 5, 2); $eventdata['event_endday'] = substr($event['endDate'], 8, 2); $eventdata['event_endyear'] = substr($event['endDate'], 0, 4); $eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1'; $eventdata['event_dur_hours'] = $event['duration_hours']; $eventdata['event_dur_minutes'] = $event['duration_minutes']; $eventdata['event_duration'] = $event['duration']; $eventdata['event_allday'] = $event['alldayevent']; $loc_data = unserialize($event['location']); $eventdata['event_location'] = $loc_data['event_location']; $eventdata['event_street1'] = $loc_data['event_street1']; $eventdata['event_street2'] = $loc_data['event_street2']; $eventdata['event_city'] = $loc_data['event_city']; $eventdata['event_state'] = $loc_data['event_state']; $eventdata['event_postal'] = $loc_data['event_postal']; $eventdata['event_location_info'] = $loc_data; $eventdata['event_contname'] = $event['contname']; $eventdata['event_conttel'] = $event['conttel']; $eventdata['event_contemail'] = $event['contemail']; $eventdata['event_website'] = $event['website']; $eventdata['event_fee'] = $event['fee']; $eventdata['event_repeat'] = $event['recurrtype']; $rspecs = unserialize($event['recurrspec']); $eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq']; $eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type']; $eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num']; $eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day']; $eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq']; $eventdata['event_recurrspec'] = $rspecs; $eventdata['uname'] = $uname; $eventdata['event_userid'] = $event['event_userid']; $eventdata['event_pid'] = $event['pid']; $eventdata['event_aid'] = $event['aid']; $eventdata['Date'] = $Date; $eventdata['year'] = $year; $eventdata['month'] = $month; $eventdata['day'] = $day; $eventdata['is_update'] = true; $eventdata['pc_event_id'] = $pc_event_id; $event_data['patient_name'] = $event_patient_name; $eventdata['data_loaded'] = true; $eventdata['pc_html_or_text'] = $pc_html_or_text; $eventdata['category'] = base64_encode(serialize($category)); } // lets get the module's information $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); $output->tabindex = 1; //================================================================ // ERROR CHECKING //================================================================ // removed event_desc as a required_var $required_vars = array('event_subject'); $required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC); $error_msg = ''; $output->SetOutputMode(_PNH_RETURNOUTPUT); $reqCount = count($required_vars); //print_r($eventdata); for ($r = 0; $r < $reqCount; $r++) { if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) { $error_msg .= $output->Text('<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4); $error_msg .= $output->Linebreak(); } } unset($reqCount); // check repeating frequencies if ($event_repeat == REPEAT) { //can't have a repeating event that doesnt have an end date if ($event_endtype == 0) { $error_msg .= $output->Text("Repeating events must have an end date set."); $error_msg .= $output->Linebreak(); } if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR5); $error_msg .= $output->Linebreak(); } elseif (!is_numeric($event_repeat_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR6); $error_msg .= $output->Linebreak(); } } elseif ($event_repeat == REPEAT_ON) { //can't have a repeating event that doesnt have an end date if ($event_endtype == 0) { $error_msg .= $output->Text("Repeating events must have an end date set."); $error_msg .= $output->Linebreak(); } if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR5); $error_msg .= $output->Linebreak(); } elseif (!is_numeric($event_repeat_on_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR6); $error_msg .= $output->Linebreak(); } } // check date validity if (_SETTING_TIME_24HOUR) { $startTime = $event_starttimeh . ':' . $event_starttimem; $endTime = $event_endtimeh . ':' . $event_endtimem; } else { if ($event_startampm == _AM_VAL) { $event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh; } else { $event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh; } $startTime = $event_starttimeh . ':' . $event_starttimem; } $sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday); $edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday); $tdate = strtotime(date('Y-m-d')); if ($edate < $sdate && $event_endtype == 1) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR1); $error_msg .= $output->Linebreak(); } if (!checkdate($event_startmonth, $event_startday, $event_startyear)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR2 . " '{$event_startyear}-{$event_startmonth}-{$event_startday}'"); $error_msg .= $output->Linebreak(); } if (!checkdate($event_endmonth, $event_endday, $event_endyear)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR3 . " '{$event_endyear}-{$event_endmonth}-{$event_endday}'"); $error_msg .= $output->Linebreak(); } //check limit on category if (($ret = checkCategoryLimits($eventdata)) != null) { $error_msg .= $output->Text("This category has a limit of {$ret['limit']} between {$ret['start']} and {$ret['end']} which you have exceeded."); $error_msg .= $output->Linebreak(); //$output->Text(pnModAPIFunc('PostCalendar','user','buildSubmitForm',$eventdata)); //return $output->GetOutput(); } //echo "fa: " . $form_action . " double_book: " . pnVarCleanFromInput("double_book") . " update: " . $eventdata['is_update'] . " em: " . $error_msg; //event collision check if ($form_action == "commit" && pnVarCleanFromInput("double_book") != 1 && !$eventdata['is_update'] && empty($error_msg)) { //check on new shceduling events(in or out of office) to make sure that //you don't have more than one set per day //event category 1 is in office, event category 2 is out of office if ($eventdata['event_category'] == 2 || $eventdata['event_category'] == 3) { $searchargs = array(); $searchargs['start'] = $eventdata['event_startmonth'] . "/" . $eventdata['event_startday'] . "/" . $eventdata['event_startyear']; $searchargs['end'] = $eventdata['event_endmonth'] . "/" . $eventdata['event_endday'] . "/" . $eventdata['event_endyear']; $searchargs['provider_id'] = $eventdata['event_userid']; //faFLag uses pcgeteventsfa, which can search on provider $searchargs['faFlag'] = true; $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) "; //print_r($searchargs); $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs); $ekey = md5($event_data['subject'] . date("U") . rand(0, 1000)); $oldstatus = $eventdata['event_status']; $oldtitle = $eventdata['event_subject']; $old_patient_name = $eventdata['patient_name']; $old_dur_hours = $eventdata['event_dur_hours']; $old_dur_min = $eventdata['event_dur_minutes']; $old_duration = $eventdata['event_duration']; $eventdata['event_subject'] = mysql_real_escape_string($ekey); $eventdata['event_status'] = _EVENT_TEMPORARY; if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) { $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $error_msg .= $output->Text("<b>The system was unable to check you event for conflicts with other events because there was a problem with your database.</b><br />"); $error_msg .= $output->Text('</div></center>'); $error_msg .= $output->Linebreak(); $error_msg .= $output->Text($dbconn->ErrorMsg()); } $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) AND a.pc_title = '" . $eventdata['event_subject'] . "' "; $searchargs['event_status'] = _EVENT_TEMPORARY; $submitEventByDate =& postcalendar_userapi_pcGetEvents($searchargs); if (!delete_event($ekey)) { $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $error_msg .= $output->Text("<b>The system was unable to delete a temporary record it created, this may have left the database in an inconsistent state.</b><br />"); $error_msg .= $output->Text('</div></center>'); $error_msg .= $output->Linebreak(); $error_msg .= $output->Text($dbconn->ErrorMsg()); } $eventdata['event_status'] = $oldstatus; $eventdata['event_subject'] = $oldtitle; $eventdata['patient_name '] = $old_patient_name; $eventdata['event_dur_hours'] = $old_dur_hour; $eventdata['event_dur_minutes'] = $old_dur_min; foreach ($submitEventByDate as $date => $newevent) { if (count($eventsByDate[$date]) > 0 && count($newevent) > 0) { foreach ($eventsByDate[$date] as $con_event) { if ($con_event['catid'] == $newevent[0]['catid']) { $error_msg .= $output->Text('There is a conflict on ' . $date . ' with event ' . $con_event['title']); $error_msg .= $output->Linebreak(); } } } } /*echo "<br /><br />"; print_r($eventsByDate); echo "<br /><br />"; print_r($submitEventByDate);*/ } $colls = checkEventCollision($eventdata); if (count($colls) > 0) { foreach ($colls as $coll) { $error_msg .= $output->Text("Event Collides with: " . $coll['title'] . " at " . date("g:i a", strtotime($coll['startTime'])) . "<br />"); $error_msg .= $output->Linebreak(); } $error_msg .= $output->Text("Submit again to \"Double Book\" <br />To change values click back in your browser."); $error_msg .= $output->Linebreak(); // the following line will display "DOUBLE BOOKED" if when adding an event there is a collistion with anothe appointment //$eventdata['event_subject'] = "DOUBLE BOOKED " . $eventdata['event_subject']; $eventdata['double_book'] = 1; } } $output->SetOutputMode(_PNH_KEEPOUTPUT); if ($form_action == 'preview') { //================================================================ // Preview the event //================================================================ // check authid if (!pnSecConfirmAuthKey()) { return _NO_DIRECT_ACCESS; } if (!empty($error_msg)) { $preview = false; $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'); $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'); $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'); $output->Linebreak(); $output->Text($error_msg); $output->Text('</td></td></table>'); $output->Text('</td></td></table>'); $output->Linebreak(2); } else { $output->Text(pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata)); $output->Linebreak(); } } elseif ($form_action == 'commit') { //================================================================ // Enter the event into the DB //================================================================ if (!empty($error_msg)) { if (!pnSecConfirmAuthKey(true)) { return _NO_DIRECT_ACCESS; } } else { if (!pnSecConfirmAuthKey()) { return _NO_DIRECT_ACCESS; } } if (!empty($error_msg)) { $preview = false; $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'); $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'); $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'); $output->Linebreak(); $output->Text($error_msg); $output->Text('</td></td></table>'); $output->Text('</td></td></table>'); $output->Linebreak(2); } else { if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) { $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $output->Text("<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>"); $output->Text('</div></center>'); $output->Linebreak(); $output->Text($dbconn->ErrorMsg()); } else { // clear the Smarty cache $tpl = new pcSmarty(); $tpl->clear_all_cache(); $output->Text('<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">'); if ($is_update) { $output->Text("<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>"); } else { $output->Text("<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>"); } $output->Text('</div></center>'); $output->Linebreak(); // clear the form vars $event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = $event_patient_name = $evnet_pid = null; $is_update = false; $pc_event_id = 0; //$_SESSION['category'] = ""; // lets wrap all the data into array for passing to submit and preview functions $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id', 'event_patient_name'); //if no using the no_nav format then show form again after submit if (pnVarCleanFromInput("no_nav") == 1) { return $output->GetOutput(); } } } } $output->Text(pnModAPIFunc('PostCalendar', 'user', 'buildSubmitForm', $eventdata)); return $output->GetOutput(); }
function modules_admin_regenerate() { // Security check if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('Modules', 'admin', 'list')); return true; } // Load in API pnModAPILoad('Modules', 'admin'); // Regenerate modules if (pnModAPIFunc('Modules', 'admin', 'regenerate')) { // Success pnSessionSetVar('statusmsg', _MODREGENERATED); } pnRedirect(pnModURL('Modules', 'admin', 'list')); return true; }
function Lenses_admin_update_lens($args) { // Clean input from the form. $lens_data = pnVarCleanFromInput('lens_data'); $bc = pnVarCleanFromInput('bc'); $enh_colors = pnVarCleanFromInput('enh_colors'); $opaque_colors = pnVarCleanFromInput('opaque_colors'); // Extract any extra arguments. extract($args); // Confirm $authid hidden field from form template. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Lenses', 'admin', 'main')); } //take the arrays for the base curves and the simple opaque and enhancer colors //and create a string that's added to the appropriate parts of the $lens_data array $lens_data[bc_simple] = $bc[0] . " " . $bc[1] . " " . $bc[2]; $lens_data[enh_names_simple] = ""; $lens_data[opaque_names_simple] = ""; foreach ($enh_colors as $value) { $lens_data[enh_names_simple] .= $value . " "; } foreach ($opaque_colors as $value) { $lens_data[opaque_names_simple] .= $value . " "; } // Attempt to update lens. if (pnModAPIFunc('Lenses', 'admin', 'update_lens', array('lens_data' => $lens_data))) { pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED)); } // No output. Redirect user. return pnRedirect(pnModURL('Lenses', 'user', 'view', array('tid' => $lens_data[tid]))); }
function renameGroup() { $module = pnVarCleanFromInput('module'); list($gid, $gname) = pnVarCleanFromInput('gid', 'gname'); if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $groupstable = $pntable['groups']; $groupscolumn =& $pntable['groups_column']; // Get details on current group $query = "SELECT {$groupscolumn['name']}\n FROM {$groupstable}\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'"; $result = $dbconn->Execute($query); if ($result->EOF) { die("No such group ID {$gid}"); } list($oldgname) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Groups::', "{$oldgname}::{$gid}", ACCESS_EDIT)) { include 'header.php'; GraphicAdmin(); OpenTable(); echo "<CENTER><A HREF=\"admin.php?module=" . $module . "&op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>" . _GROUPADMIN . "</B></FONT></A><font class=\"pn-normal\">: " . pnVarPrepForDisplay($gname) . "</font></CENTER>"; CloseTable(); echo _GROUPSEDITNOAUTH; include 'footer.php'; return; } $query = "UPDATE {$groupstable}\n SET {$groupscolumn['name']}=\"{$gname}\"\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'"; $dbconn->Execute($query); pnRedirect('admin.php?module=' . $module . '&op=secviewgroup&gid=' . $gid); }
function deletemsg() { list($mid, $ok) = pnVarCleanFromInput('mid', 'ok'); if (!isset($ok)) { $ok = 0; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column =& $pntable['message_column']; $result = $dbconn->Execute("SELECT {$column['title']}\n FROM {$pntable['message']}\n WHERE {$column['mid']} = '" . pnVarPrepForStore($mid) . "'"); list($title) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Messages::', "{$title}::{$mid}", ACCESS_DELETE)) { include 'header.php'; echo _MESSAGESDELNOAUTH; include 'footer.php'; return; } if ($ok) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; return; } $result = $dbconn->Execute("DELETE FROM {$pntable['message']}\n WHERE {$column['mid']}='" . pnVarPrepForStore($mid) . "'"); if ($dbconn->ErrorNo() != 0) { error_log("Error: " . $dbconn->ErrorMsg()); echo $dbconn->ErrorNo() . ": " . $dbconn->ErrorMsg() . "<br>"; return; } pnRedirect('admin.php?module=' . $GLOBALS['module'] . '&op=messages'); } else { include "header.php"; GraphicAdmin(); OpenTable(); echo "<center><font class=\"pn-title\"><b>" . _MESSAGESADMIN . "</b></font></center>"; CloseTable(); OpenTable(); echo "<center><font class=\"pn-normal\">" . _REMOVEMSG . " <b>{$mid} </font></b>"; echo "<table><tr><td>\n"; echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=messages", _NO); echo "</td><td>\n"; echo myTextForm("admin.php?module=" . $GLOBALS['module'] . "&op=deletemsg&mid={$mid}&ok=1&authid=" . pnSecGenAuthKey(), _YES); echo "</td></tr></table>\n"; echo "</center>\n"; CloseTable(); include "footer.php"; } }
function user_admin_setConfig($var) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } // Escape some characters in these variables. // hehe, I like doing this, much cleaner :-) $fixvars = array(); // todo: make FixConfigQuotes global / replace with other function foreach ($fixvars as $v) { // $var[$v] = FixConfigQuotes($var[$v]); } // Set any numerical variables that havn't been set, to 0. i.e. paranoia check :-) $fixvars = array(); foreach ($fixvars as $v) { if (empty($var[$v])) { $var[$v] = 0; } } // all variables starting with x are the config vars. while (list($key, $val) = each($var)) { if (substr($key, 0, 1) == 'x') { pnConfigSetVar(substr($key, 1), $val); } } pnRedirect('admin.php'); }
function referers_admin_delete($var) { if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; exit; } if (!pnSecAuthAction(0, 'Referers::', '::', ACCESS_ADMIN)) { include 'header.php'; echo _REFERERSDELNOAUTH; include 'footer.php'; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $dbconn->Execute("DELETE FROM {$pntable['referer']}"); pnRedirect('admin.php'); }
function dplink_admin_updateconfig() { // Get parameters from whatever input we need. $_loc = pnVarCleanFromInput('url'); $_window = pnVarCleanFromInput('use_window'); $_wrap = pnVarCleanFromInput('use_postwrap'); // Confirm authorisation code. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('dplink', 'admin', '')); return true; } // Update module variables. pnModSetVar('dplink', 'url', $_loc); pnModSetVar('dplink', 'use_window', $_window); pnModSetVar('dplink', 'use_postwrap', $_wrap); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect('admin.php'); // Return return true; }
/** * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form */ function template_admin_updateconfig() { // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke $bold = pnVarCleanFromInput('bold'); // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('Template', 'admin', 'view')); return true; } // Update module variables. Note that depending on the HTML structure used // to obtain the information from the user it is possible that the values // might be unset, so it is important to check them all and assign them // default values if required if (!isset($bold)) { $bold = 0; } pnModSetVar('template', 'bold', $bold); if (!isset($itemsperpage)) { $itemsperpage = 10; } pnModSetVar('template', 'itemsperpage', $itemsperpage); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work pnRedirect(pnModURL('Template', 'admin', 'view')); // Return return true; }
/** * Update the configuration * * This is a standard function to update the configuration parameters of the * module given the information passed back by the modification form * Modify configuration * * @author Jim McDonald * @param bold print items in bold * @param itemsperpage number of items per page */ function Example_admin_updateconfig() { // Security check - important to do this as early as possible to avoid // potential security holes or just too much wasted processing if (!pnSecAuthAction(0, 'Example::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Get parameters from whatever input we need. All arguments to this // function should be obtained from pnVarCleanFromInput(), getting them // from other places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke list($bold, $itemsperpage) = pnVarCleanFromInput('bold', 'itemsperpage'); // Confirm authorisation code. This checks that the form had a valid // authorisation code attached to it. If it did not then the function will // proceed no further as it is possible that this is an attempt at sending // in false data to the system if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Example', 'admin', 'view')); } // Update module variables. Note that depending on the HTML structure used // to obtain the information from the user it is possible that the values // might be empty, so it is important to check them all and assign them // default values if required. // ** Please note pnVarCleanFromInput will always return a set variable, even // it's empty so isset() checking is not appropriate. if (empty($bold)) { $bold = false; } pnModSetVar('Example', 'bold', (bool) $bold); if (empty($itemsperpage)) { $itemsperpage = 10; } // make sure $itemsperpage is a positive integer if (!is_integer($itemsperpage) || $itemsperpage < 1) { pnSessionSetVar('errormsg', pnVarPrepForDisplay(_EXAMPLEITEMSPERPAGE)); $itemsperpage = (int) $itemsperpage; if ($itemsperpage < 1) { $itemsperpage = 25; } } pnModSetVar('Example', 'itemsperpage', $itemsperpage); // The configuration has been changed, so we clear all caches for // this module. $pnRender =& new pnRender('Example'); // Please note that by using clear_cache without any parameter, // we clear all cached pages for this module. $pnRender->clear_cache(); // the module configuration has been updated successfuly pnSessionSetVar('statusmsg', _CONFIGUPDATED); // Let any other modules know that the modules configuration has been updated pnModCallHooks('module', 'updateconfig', 'Example', array('module' => 'Example')); // This function generated no output, and so now it is complete we redirect // the user to an appropriate page for them to carry on their work return pnRedirect(pnModURL('Example', 'admin', 'view')); }
function settings_admin_generate($vars) { if (!pnSecAuthAction(0, 'Settings::', '::', ACCESS_ADMIN)) { include 'header.php'; echo _SETTINGSNOAUTH; include 'footer.php'; return; } /* * Write the vars */ // TODO - fix this so that it fetches each value manually, otherwise // this is a security hole if (!pnSecConfirmAuthKey()) { include 'header.php'; echo _BADAUTHKEY; include 'footer.php'; } foreach ($vars as $name => $value) { if (substr($name, 0, 1) == 'x') { $var = pnVarCleanFromInput($name); pnConfigSetVar(substr($name, 1), $var); } } // Create $allowedhtml = array(); $htmltags = settingsGetHTMLTags(); foreach ($htmltags as $htmltag) { $tagval = pnVarCleanFromInput('htmlallow' . $htmltag . 'tag'); if ($tagval != 1 && $tagval != 2) { $tagval = 0; } $allowedhtml[$htmltag] = $tagval; } pnConfigSetVar('AllowableHTML', $allowedhtml); pnRedirect('admin.php'); }
/** * Update module config. */ function Meds_admin_update_config() { // Permission check. if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_ADMIN)) { return pnVarPrepHTMLDisplay(_MODULENOAUTH); } // Clean arguments from URL. $per_page = pnVarCleanFromInput('per_page'); // Confirm authorizaton to carry out this function's action. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Meds', 'admin', 'main')); } // Ensure a default. if (empty($per_page) || !is_numeric($per_page) || $per_page < 1) { $per_page = 10; } // Set the module variable. pnModSetVar('Meds', 'per_page', (int) $per_page); // Start a new output object. $pnRender =& new pnRender('Meds'); // Dump module cache. $pnRender->clear_cache(); // Set a status message. pnSessionSetVar('statusmsg', _CONFIGUPDATED); // Let any hooks know that something occurred. pnModCallHooks('module', 'updateconfig', 'Meds', array('module' => 'Meds')); // Redirect user. return pnRedirect(pnModURL('Meds', 'admin', 'main')); }