function blocks_rss_update($row) { list($dbconn) = pnDBGetConn(); list($args['rssurl'], $args['maxitems'], $args['showimage'], $args['showsearch'], $args['showdescriptions'], $args['altstyle']) = pnVarCleanFromInput('rssurl', 'maxitems', 'showimage', 'showsearch', 'showdescriptions', 'altstyle'); // Remove old URL if there unset($row['url']); // Defaults if (!isset($args['rssurl'])) { $args['rssurl'] = ''; } if (!isset($args['maxitems'])) { $args['maxitems'] = 5; } if (!isset($args['showdescriptions'])) { $args['showdescriptions'] = 0; } if (!isset($args['altstyle'])) { $args['altstyle'] = 0; } if (!isset($args['showimage'])) { $args['showimage'] = 0; } if (!isset($args['showsearch'])) { $args['showsearch'] = 0; } $row['content'] = pnBlockVarsToContent($args); // Refresh data $row = blocks_rss_refresh($row, 1); return $row; }
/** * $Id$ * * PostCalendar::PostNuke Events Calendar Module * Copyright (C) 2002 The PostCalendar Team * http://postcalendar.tv * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * To read the license please read the docs/license.txt or visit * http://www.gnu.org/copyleft/gpl.html * */ function smarty_function_pc_form_nav_close($args = array()) { extract($args); unset($args); if (_SETTING_OPEN_NEW_WINDOW || isset($print)) { $target = 'target="csCalendar"'; } else { $target = ''; } if (!defined('_PC_FORM_DATE')) { $Date = postcalendar_getDate(); echo '<input type="hidden" name="Date" value="' . $Date . '" />'; } if (!defined('_PC_FORM_VIEW_TYPE')) { echo '<input type="hidden" name="viewtype" value="' . pnVarCleanFromInput('viewtype') . '" />'; } if (!defined('_PC_FORM_TEMPLATE')) { echo '<input type="hidden" name="tplview" value="' . pnVarCleanFromInput('tplview') . '" />'; } if (!defined('_PC_FORM_USERNAME')) { echo '<input type="hidden" name="pc_username" value="' . pnVarCleanFromInput('pc_username') . '" />'; } if (!defined('_PC_FORM_CATEGORY')) { echo '<input type="hidden" name="pc_category" value="' . pnVarCleanFromInput('pc_category') . '" />'; } if (!defined('_PC_FORM_TOPIC')) { echo '<input type="hidden" name="pc_topic" value="' . pnVarCleanFromInput('pc_topic') . '" />'; } echo '</form>'; }
/** * $Id$ * * PostCalendar::PostNuke Events Calendar Module * Copyright (C) 2002 The PostCalendar Team * http://postcalendar.tv * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * To read the license please read the docs/license.txt or visit * http://www.gnu.org/copyleft/gpl.html * */ function smarty_function_pc_view_select($args) { @define('_PC_FORM_TEMPLATE', true); $Date = postcalendar_getDate(); if (!isset($y)) { $y = substr($Date, 0, 4); } if (!isset($m)) { $m = substr($Date, 4, 2); } if (!isset($d)) { $d = substr($Date, 6, 2); } $tplview = pnVarCleanFromInput('tplview'); $viewtype = pnVarCleanFromInput('viewtype'); if (!isset($viewtype)) { $viewtype = _SETTING_DEFAULT_VIEW; } $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $mdir = pnVarPrepForOS($modinfo['directory']); unset($modinfo); $pcTemplate = pnVarPrepForOS(_SETTING_TEMPLATE); if (empty($pcTemplate)) { $pcTemplate = 'default'; } $viewlist = array(); $handle = opendir("modules/{$mdir}/pntemplates/{$pcTemplate}/views/{$viewtype}"); $hide_list = array('.', '..', 'CVS', 'index.html'); while ($f = readdir($handle)) { if (!in_array($f, $hide_list)) { $viewlist[] = $f; } } closedir($handle); unset($no_list); sort($viewlist); $tcount = count($viewlist); //$options = "<select id=\"tplview\" name=\"tplview\" class=\"$args[class]\">"; - pennfirm $options = "<select id=\"tplview\" name=\"viewtype\" class=\"{$args['class']}\">"; $selected = $tplview; for ($t = 0; $t < $tcount; $t++) { $id = str_replace('.html', '', $viewlist[$t]); $sel = $selected == $id ? 'selected' : ''; $options .= "<option value=\"{$id}\" {$sel} class=\"{$args['class']}\">{$id}</option>"; } $options .= '</select>'; if (!isset($args['label'])) { $args['label'] = _PC_TPL_VIEW_SUBMIT; } $submit = '<input type="submit" valign="middle" name="submit" value="' . $args['label'] . '" class="' . $args['class'] . '" />'; // build the form if ($t > 1) { echo $options, $submit; } }
/** * update module information * @param $args['mid'] the id number of the module to update * @param $args['displayname'] the new display name of the module * @param $args['description'] the new description of the module * @returns bool * @return true on success, false on failure */ function modules_adminapi_update($args) { // Get arguments from argument array extract($args); // Argument check if (!isset($mid) || !is_numeric($mid) || !isset($displayname) || !isset($description)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Security check if (!pnSecAuthAction(0, 'Modules::', "::{$mid}", ACCESS_ADMIN)) { pnSessionSetVar('errormsg', _MODULESAPINOAUTH); return false; } // Rename operation list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $modulestable = $pntable['modules']; $modulescolumn =& $pntable['modules_column']; $query = "UPDATE {$modulestable}\n SET {$modulescolumn['displayname']} = '" . pnVarPrepForStore($displayname) . "',\n {$modulescolumn['description']} = '" . pnVarPrepForStore($description) . "'\n WHERE {$modulescolumn['id']} = " . (int) pnVarPrepForStore($mid); $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _MODULESAPIUPDATEFAILED); return false; } // Hooks // Get module name $modinfo = pnModGetInfo($mid); $hookstable = $pntable['hooks']; $hookscolumn =& $pntable['hooks_column']; $sql = "SELECT DISTINCT {$hookscolumn['id']},\n {$hookscolumn['smodule']},\n {$hookscolumn['stype']},\n {$hookscolumn['object']},\n {$hookscolumn['action']},\n {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} IS NULL\n ORDER BY {$hookscolumn['tmodule']},\n {$hookscolumn['smodule']} DESC"; $result = $dbconn->Execute($sql); $displayed = array(); for (; !$result->EOF; $result->MoveNext()) { list($hookid, $hooksmodname, $hookstype, $hookobject, $hookaction, $hooktarea, $hooktmodule, $hookttype, $hooktfunc, ) = $result->fields; // Delete hook regardless $sql = "DELETE FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} = '" . pnVarPrepForStore($modinfo['name']) . "'\n AND {$hookscolumn['tmodule']} = '" . pnVarPrepForStore($hooktmodule) . "'"; $dbconn->Execute($sql); // Get selected value of hook $hookvalue = pnVarCleanFromInput("hooks_{$hooktmodule}"); // See if this is checked and isn't in the database if (isset($hookvalue) && empty($hooksmodname)) { // Insert hook if required $sql = "INSERT INTO {$hookstable} (\n {$hookscolumn['id']},\n {$hookscolumn['object']},\n {$hookscolumn['action']},\n {$hookscolumn['smodule']},\n {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']})\n VALUES (\n " . pnVarPrepForStore($dbconn->GenId($hookstable)) . ",\n '" . pnVarPrepForStore($hookobject) . "',\n '" . pnVarPrepForStore($hookaction) . "',\n '" . pnVarPrepForStore($modinfo['name']) . "',\n '" . pnVarPrepForStore($hooktarea) . "',\n '" . pnVarPrepForStore($hooktmodule) . "',\n '" . pnVarPrepForStore($hookttype) . "',\n '" . pnVarPrepForStore($hooktfunc) . "')"; $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return false; } } } $result->Close(); return true; }
/** * $Id$ * * PostCalendar::PostNuke Events Calendar Module * Copyright (C) 2002 The PostCalendar Team * http://postcalendar.tv * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * To read the license please read the docs/license.txt or visit * http://www.gnu.org/copyleft/gpl.html * */ function smarty_function_pc_form_nav_open($args = array()) { extract($args); unset($args); $viewtype = strtolower(pnVarCleanFromInput('viewtype')); if (_SETTING_OPEN_NEW_WINDOW && $viewtype == 'details') { $target = 'target="csCalendar"'; } else { $target = ''; } $fstart = '<form action="' . pnModURL(__POSTCALENDAR__, 'user', 'view') . '"' . ' method="post"' . ' enctype="application/x-www-form-urlencoded" ' . $target . '>'; echo $fstart; }
/** * confirm an authorisation key is valid * <br> * See description of <code>pnSecGenAuthKey</code> for information on * this function * @public * @returns bool * @return true if the key is valid, false if it is not */ function pnSecConfirmAuthKey($preview = false) { list($module, $authid) = pnVarCleanFromInput('module', 'authid'); // Regenerate static part of key $partkey = pnSessionGetVar('rand') . strtolower($module); if (md5($partkey) == $authid) { // Match - generate new random number for next key and leave happy if (!$preview) { srand((double) microtime() * 1000000); pnSessionSetVar('rand', rand()); } return true; } // Not found, assume invalid return false; }
/** * search events */ function postcalendar_user_search() { if (!(bool) PC_ACCESS_OVERVIEW) { return _POSTCALENDARNOAUTH; } $tpl = new pcSmarty(); $k = formData("pc_keywords", "R"); //from library/formdata.inc.php $k_andor = pnVarCleanFromInput('pc_keywords_andor'); $pc_category = pnVarCleanFromInput('pc_category'); $pc_facility = pnVarCleanFromInput('pc_facility'); $pc_topic = pnVarCleanFromInput('pc_topic'); $submit = pnVarCleanFromInput('submit'); $event_dur_hours = pnVarCleanFromInput('event_dur_hours'); $event_dur_minutes = pnVarCleanFromInput('event_dur_minutes'); $start = pnVarCleanFromInput('start'); $end = pnVarCleanFromInput('end'); // get list of categories for the user to choose from $categories = postcalendar_userapi_getCategories(); $cat_options = ''; foreach ($categories as $category) { $selected = ""; if ($pc_category == $category[id]) { $selected = " SELECTED "; } //modified 8/09 by BM to allow translation if applicable $cat_options .= "<option value=\"{$category['id']}\" {$selected}>" . xl_appt_category($category[name]) . "</option>"; } $tpl->assign_by_ref('CATEGORY_OPTIONS', $cat_options); $tpl->assign('event_dur_hours', $event_dur_hours); $tpl->assign('event_dur_minutes', $event_dur_minutes); // create default start and end dates for the search form if (isset($start) && $start != "") { $tpl->assign('DATE_START', $start); } else { $tpl->assign('DATE_START', date("m/d/Y")); } if (isset($end) && $end != "") { $tpl->assign('DATE_END', $end); } else { $tpl->assign('DATE_END', date("m/d/Y", strtotime("+7 Days", time()))); } // then override the setting if we have a value from the submitted form $ProviderID = pnVarCleanFromInput("provider_id"); if (is_numeric($ProviderID)) { $tpl->assign('ProviderID', $ProviderID); } elseif ($ProviderID == "_ALL_") { } else { $tpl->assign('ProviderID', ""); } $provinfo = getProviderInfo(); $tpl->assign('providers', $provinfo); // build a list of provider-options for the select box on the input form -- JRM $provider_options = "<option value='_ALL_' "; if ($ProviderID == "_ALL_") { $provider_options .= " SELECTED "; } $provider_options .= ">" . xl('All Providers') . "</option>"; foreach ($provinfo as $provider) { $selected = ""; // if we don't have a ProviderID chosen, pick the first one from the // pc_username Session variable if ($ProviderID == "") { // that variable stores the 'username' and not the numeric 'id' if ($_SESSION['pc_username'][0] == $provider['username']) { $selected = " SELECTED "; } } else { if ($ProviderID == $provider['id']) { $selected = " SELECTED "; } } $provider_options .= "<option value=\"" . $provider['id'] . "\" " . $selected . ">"; $provider_options .= $provider['lname'] . ", " . $provider['fname'] . "</option>"; } $tpl->assign_by_ref('PROVIDER_OPTIONS', $provider_options); // build a list of facility options for the select box on the input form -- JRM $facilities = getFacilities(); $fac_options = "<option value=''>" . xl('All Facilities') . "</option>"; foreach ($facilities as $facility) { $selected = ""; if ($facility['id'] == $pc_facility) { $selected = " SELECTED "; } $fac_options .= "<option value=\"" . $facility['id'] . "\" " . $selected . ">"; $fac_options .= $facility['name'] . "</option>"; } $tpl->assign_by_ref('FACILITY_OPTIONS', $fac_options); $PatientID = pnVarCleanFromInput("patient_id"); // limit the number of results returned by getPatientPID // this helps to prevent the server from stalling on a request with // no PID and thousands of PIDs in the database -- JRM // the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc $plistlimit = 500; if (is_numeric($PatientID)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit))); } else { $tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit))); } $event_endday = pnVarCleanFromInput("event_endday"); $event_endmonth = pnVarCleanFromInput("event_endmonth"); $event_endyear = pnVarCleanFromInput("event_endyear"); $event_startday = pnVarCleanFromInput("event_startday"); $event_startmonth = pnVarCleanFromInput("event_startmonth"); $event_startyear = pnVarCleanFromInput("event_startyear"); if ($event_startday > $event_endday) { $event_endday = $event_startday; } if ($event_startmonth > $event_endmonth) { $event_endmonth = $event_startmonth; } if ($event_startyear > $event_endyear) { $event_endyear = $event_startyear; } $tpl->assign('patient_id', $PatientID); $tpl->assign('provider_id', $ProviderID); $tpl->assign("event_category", pnVarCleanFromInput("event_category")); $tpl->assign("event_subject", pnVarCleanFromInput("event_subject")); $output = new pnHTML(); $output->SetOutputMode(_PNH_RETURNOUTPUT); if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata = $output->FormSelectMultiple('event_startday', $sel_data); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata = $output->FormSelectMultiple('event_startmonth', $sel_data); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata .= $output->FormSelectMultiple('event_startday', $sel_data); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear)); $formdata .= $output->FormSelectMultiple('event_startyear', $sel_data); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectDateTimeStart', $formdata); $output->SetOutputMode(_PNH_RETURNOUTPUT); if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata = $output->FormSelectMultiple('event_endday', $sel_data); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata = $output->FormSelectMultiple('event_endmonth', $sel_data); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata .= $output->FormSelectMultiple('event_endday', $sel_data); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear)); $formdata .= $output->FormSelectMultiple('event_endyear', $sel_data); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectDateTimeEnd', $formdata); $output = null; if (_SETTING_DISPLAY_TOPICS) { $topics = postcalendar_userapi_getTopics(); $top_options = ''; foreach ($topics as $topic) { $top_options .= "<option value=\"{$topic['id']}\">{$topic['text']}</option>"; } $tpl->assign_by_ref('TOPIC_OPTIONS', $top_options); } //================================================================= // Find out what Template we're using //================================================================= $template_name = _SETTING_TEMPLATE; if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Output the search form //================================================================= $tpl->assign('FORM_ACTION', pnModURL(__POSTCALENDAR__, 'user', 'search')); //================================================================= // Perform the search if we have data //================================================================= if (!empty($submit) && strtolower($submit) == "find first") { // not sure how we get here... $searchargs = array(); $searchargs['start'] = pnVarCleanFromInput("event_startmonth") . "/" . pnVarCleanFromInput("event_startday") . "/" . pnVarCleanFromInput("event_startyear"); $searchargs['end'] = pnVarCleanFromInput("event_endmonth") . "/" . pnVarCleanFromInput("event_endday") . "/" . pnVarCleanFromInput("event_endyear"); $searchargs['provider_id'] = pnVarCleanFromInput("provider_id"); $searchargs['faFlag'] = true; //print_r($searchargs); //echo "<br />"; //set defaults to current week if empty if ($searchargs['start'] == "//") { $searchargs['start'] = date("m/d/Y"); } if ($searchargs['end'] == "//") { $searchargs['end'] = date("m/d/Y", strtotime("+7 Days", strtotime($searchargs['start']))); } //print_r($searchargs); $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs); //print_r($eventsByDate); $found = findFirstAvailable($eventsByDate); $tpl->assign('available_times', $found); //print_r($_POST); $tpl->assign('SEARCH_PERFORMED', true); $tpl->assign('A_EVENTS', $eventsByDate); } if (!empty($submit) && strtolower($submit) == "listapps") { // not sure how we get here... $searchargs = array(); $searchargs['start'] = date("m/d/Y"); $searchargs['end'] = date("m/d/Y", strtotime("+1 year", strtotime($searchargs['start']))); $searchargs['patient_id'] = pnVarCleanFromInput("patient_id"); $searchargs['listappsFlag'] = true; $sqlKeywords .= "(a.pc_pid = '" . pnVarCleanFromInput("patient_id") . "' )"; $searchargs['s_keywords'] = $sqlKeywords; //print_r($searchargs); $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs); //print_r($eventsByDate); $tpl->assign('appointments', $eventsByDate); //print_r($_POST); $tpl->assign('SEARCH_PERFORMED', true); $tpl->assign('A_EVENTS', $eventsByDate); } elseif (!empty($submit)) { // we get here by searching via the PostCalendar search $sqlKeywords = ''; $keywords = explode(' ', $k); // build our search query foreach ($keywords as $word) { if (!empty($sqlKeywords)) { $sqlKeywords .= " {$k_andor} "; } $sqlKeywords .= '('; $sqlKeywords .= "pd.lname LIKE '%{$word}%' OR "; $sqlKeywords .= "pd.fname LIKE '%{$word}%' OR "; $sqlKeywords .= "u.lname LIKE '%{$word}%' OR "; $sqlKeywords .= "u.fname LIKE '%{$word}%' OR "; $sqlKeywords .= "a.pc_title LIKE '%{$word}%' OR "; $sqlKeywords .= "a.pc_hometext LIKE '%{$word}%' OR "; $sqlKeywords .= "a.pc_location LIKE '%{$word}%'"; $sqlKeywords .= ') '; } if (!empty($pc_category)) { $s_category = "a.pc_catid = '{$pc_category}'"; } if (!empty($pc_topic)) { $s_topic = "a.pc_topic = '{$pc_topic}'"; } $searchargs = array(); if (!empty($sqlKeywords)) { $searchargs['s_keywords'] = $sqlKeywords; } if (!empty($s_category)) { $searchargs['s_category'] = $s_category; } if (!empty($s_topic)) { $searchargs['s_topic'] = $s_topic; } // some new search parameters introduced in the ajax_search form... JRM March 2008 // the ajax_search form has form parameters for 'start' and 'end' already built in // so use them if available $tmpDate = pnVarCleanFromInput("start"); if (isset($tmpDate) && $tmpDate != "") { $searchargs['start'] = pnVarCleanFromInput("start"); } else { $searchargs['start'] = "//"; } $tmpDate = pnVarCleanFromInput("end"); if (isset($tmpDate) && $tmpDate != "") { $searchargs['end'] = pnVarCleanFromInput("end"); } else { $searchargs['end'] = "//"; } // we can limit our search by provider -- JRM March 2008 if (isset($ProviderID) && $ProviderID != "") { // && $ProviderID != "_ALL_") { $searchargs['provider_id'] = array(); array_push($searchargs['provider_id'], $ProviderID); } $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs); // we can limit our search by facility -- JRM March 2008 if (isset($pc_facility) && $pc_facility != "") { $searchargs['pc_facility'] = $pc_facility; } //print_r($eventsByDate); $tpl->assign('SEARCH_PERFORMED', true); $tpl->assign('A_EVENTS', $eventsByDate); } $tpl->caching = false; $tpl->assign('STYLE', $GLOBALS['style']); $pageSetup =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'pageSetup'); if (pnVarCleanFromInput("no_nav") == 1) { $return = $pageSetup . $tpl->fetch($template_name . '/user/findfirst.html'); } elseif (pnVarCleanFromInput("no_nav") == 2) { $return = $pageSetup . $tpl->fetch($template_name . '/user/listapps.html'); } else { $return = $pageSetup . $tpl->fetch($template_name . '/user/search.html'); } return $return; }
function postcalendar_admin_categoryLimitsUpdate() { if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit'); $updates = array(); if (isset($id)) { foreach ($id as $k => $i) { $found = false; if (count($del)) { foreach ($del as $d) { if ($i == $d) { $found = true; break; } } } if (!$found) { $start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0)); $end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0)); $update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}"; array_push($updates, $update_sql); } } } $dels = implode(",", $del); $delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})"; $e = $msg = ''; if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) { $e .= 'UPDATE FAILED'; } if (isset($dels)) { if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) { $e .= 'DELETE FAILED'; } } if (isset($newLimit) && $newLimit > 0) { $start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0)); $end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0)); if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) { $e .= 'INSERT FAILED'; } } if (empty($e)) { $msg = 'DONE'; } $output->Text(postcalendar_admin_categoryLimits($msg, $e)); return $output->GetOutput(); }
function postcalendar_userapi_eventDetail($args, $admin = false) { if (!(bool) PC_ACCESS_READ) { return _POSTCALENDARNOAUTH; } // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5; global $textcolor1, $textcolor2; $popup = pnVarCleanFromInput('popup'); extract($args); unset($args); if (!isset($cacheid)) { $cacheid = null; } if (!isset($eid)) { return false; } if (!isset($nopop)) { $nopop = false; } $uid = pnUserGetVar('uid'); //================================================================= // Find out what Template we're using //================================================================= $template_name = _SETTING_TEMPLATE; if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup Smarty Template Engine //================================================================= $tpl = new pcSmarty(); if ($admin) { $template = $template_name . '/admin/details.html'; $args['cacheid'] = ''; $print = 0; $Date =& postcalendar_getDate(); $tpl->caching = false; } else { $template = $template_name . '/user/details.html'; } if (!$tpl->is_cached($template, $cacheid)) { // let's get the DB information list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // get the event's information $event =& postcalendar_userapi_pcGetEventDetails($eid); // if the above is false, it's a private event for another user // we should not diplay this - so we just exit gracefully if ($event === false) { return false; } //================================================================= // get event's topic information //================================================================= $topics_table = $pntable['topics']; $topics_column = $pntable['topics_column']; $topicsql = "SELECT {$topics_column['topictext']},{$topics_column['topicimage']}\n FROM {$topics_table}\n WHERE {$topics_column['topicid']} = {$event['topic']}\n LIMIT 1"; $topic_result = $dbconn->Execute($topicsql); list($event['topictext'], $event['topicimg']) = $topic_result->fields; $location = unserialize($event['location']); $event['location'] = $location['event_location']; $event['street1'] = $location['event_street1']; $event['street2'] = $location['event_street2']; $event['city'] = $location['event_city']; $event['state'] = $location['event_state']; $event['postal'] = $location['event_postal']; $event['date'] = str_replace('-', '', $Date); //================================================================= // populate the template //================================================================= if (!empty($event['location']) || !empty($event['street1']) || !empty($event['street2']) || !empty($event['city']) || !empty($event['state']) || !empty($event['postal'])) { $tpl->assign('LOCATION_INFO', true); } else { $tpl->assign('LOCATION_INFO', false); } if (!empty($event['contname']) || !empty($event['contemail']) || !empty($event['conttel']) || !empty($event['website'])) { $tpl->assign('CONTACT_INFO', true); } else { $tpl->assign('CONTACT_INFO', false); } $display_type = substr($event['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $event['hometext'] = substr($event['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $event['hometext'] = substr($event['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); // prep the vars for output $event['title'] =& $prepFunction($event['title']); $event['hometext'] =& $prepFunction($event['hometext']); $event['desc'] =& $event['hometext']; $event['conttel'] =& $prepFunction($event['conttel']); $event['contname'] =& $prepFunction($event['contname']); $event['contemail'] =& $prepFunction($event['contemail']); $event['website'] =& $prepFunction(postcalendar_makeValidURL($event['website'])); $event['fee'] =& $prepFunction($event['fee']); $event['location'] =& $prepFunction($event['location']); $event['street1'] =& $prepFunction($event['street1']); $event['street2'] =& $prepFunction($event['street2']); $event['city'] =& $prepFunction($event['city']); $event['state'] =& $prepFunction($event['state']); $event['postal'] =& $prepFunction($event['postal']); $tpl->assign_by_ref('A_EVENT', $event); //================================================================= // populate the template $ADMIN_OPTIONS //================================================================= $target = ''; if (_SETTING_OPEN_NEW_WINDOW) { $target = 'target="csCalendar"'; } $admin_edit_url = $admin_delete_url = ''; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN)) { $admin_edit_url = pnModURL(__POSTCALENDAR__, 'admin', 'submit', array('pc_event_id' => $eid)); $admin_delete_url = pnModURL(__POSTCALENDAR__, 'admin', 'adminevents', array('action' => _ACTION_DELETE, 'pc_event_id' => $eid)); } $user_edit_url = $user_delete_url = ''; if (pnUserLoggedIn()) { $logged_in_uname = $_SESSION['authUser']; } else { $logged_in_uname = ''; } $can_edit = false; if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADD) && validateGroupStatus($logged_in_uname, getUsername($event['uname']))) { $user_edit_url = pnModURL(__POSTCALENDAR__, 'user', 'submit', array('pc_event_id' => $eid)); $user_delete_url = pnModURL(__POSTCALENDAR__, 'user', 'delete', array('pc_event_id' => $eid)); $can_edit = true; } $tpl->assign('STYLE', $GLOBALS['style']); $tpl->assign_by_ref('ADMIN_TARGET', $target); $tpl->assign_by_ref('ADMIN_EDIT', $admin_edit_url); $tpl->assign_by_ref('ADMIN_DELETE', $admin_delete_url); $tpl->assign_by_ref('USER_TARGET', $target); $tpl->assign_by_ref('USER_EDIT', $user_edit_url); $tpl->assign_by_ref('USER_DELETE', $user_delete_url); $tpl->assign_by_ref('USER_CAN_EDIT', $can_edit); } //================================================================= // Parse the template //================================================================= if ($popup != 1 && $print != 1) { $output = "\n\n<!-- START POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; $output .= $tpl->fetch($template, $cacheid); $output .= "\n\n<!-- END POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n"; } else { $theme = pnUserGetTheme(); echo "<html><head>"; echo "<LINK REL=\"StyleSheet\" HREF=\"themes/{$theme}/style/styleNN.css\" TYPE=\"text/css\">\n\n\n"; echo "<style type=\"text/css\">\n"; echo "@import url(\"themes/{$theme}/style/style.css\"); "; echo "</style>\n"; echo "</head><body>\n"; $tpl->display($template, $cacheid); echo postcalendar_footer(); echo "\n</body></html>"; session_write_close(); exit; } return $output; }
/** * get name of current top-level module * @returns string * @return the name of the current top-level module, false if not in a module */ function pnModGetName() { $modname = pnVarCleanFromInput('module'); if (empty($modname)) { $name = pnVarCleanFromInput('name'); if (empty($name)) { global $ModName; if (empty($ModName)) { return false; } $modname = preg_replace('/^NS-/', '', $ModName); return $modname; } return $name; } else { $modname = preg_replace('/^NS-/', '', $modname); return $modname; } }
function Lenses_admin_update_company($args) { // Clean input from the form. $company = pnVarCleanFromInput('company'); // Extract any extra arguments. extract($args); // Confirm $authid hidden field from form template. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Lenses', 'admin', 'main')); } // Attempt to update company. if (pnModAPIFunc('Lenses', 'admin', 'update_company', array('company' => $company))) { pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED)); } // No output. Redirect user. return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_companies')); }
/** * Initialise PostNuke * <br> * Carries out a number of initialisation tasks to get PostNuke up and * running. * @returns void */ function pnInit() { // proper error_repoting // e_all for development // error_reporting(E_ALL); // without warnings and notices for release error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED); // Hack for some weird PHP systems that should have the // LC_* constants defined, but don't if (!defined('LC_TIME')) { define('LC_TIME', 'LC_TIME'); } // ADODB configuration define('ADODB_DIR', 'pnadodb'); require 'pnadodb/adodb.inc.php'; // Temporary fix for hacking the hlpfile global // TODO - remove with pre-0.71 code global $hlpfile; $hlpfile = ''; // Initialise and load configuration global $pnconfig, $pndebug; $pnconfig = array(); include 'config.php'; // Set up multisites // added this @define for .71, ugly ? // i guess the E_ALL stuff. @define('WHERE_IS_PERSO', ''); // Initialise and load pntables global $pntable; $pntable = array(); // if a multisite has its own pntables. if (file_exists(WHERE_IS_PERSO . 'pntables.php')) { include WHERE_IS_PERSO . 'pntables.php'; } else { require 'pntables.php'; } // Decode encoded DB parameters if ($pnconfig['encoded']) { $pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']); $pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']); $pnconfig['encoded'] = 0; } // Connect to database if (!pnDBInit()) { die('Database initialisation failed'); } // debugger if required if ($pndebug['debug']) { include_once 'includes/lensdebug.inc.php'; global $dbg, $debug_sqlcalls; $dbg = new LensDebug(); $debug_sqlcalls = 0; } // Build up old config array pnConfigInit(); // Set compression on if desired // if (pnConfigGetVar('UseCompression') == 1) { ob_start("ob_gzhandler"); } // Other includes include 'includes/pnSession.php'; include 'includes/pnUser.php'; // Start session if (!pnSessionSetup()) { die('Session setup failed'); } if (!pnSessionInit()) { die('Session initialisation failed'); } include 'includes/security.php'; // See if a language update is required $newlang = pnVarCleanFromInput('newlang'); if (!empty($newlang)) { $lang = $newlang; pnSessionSetVar('lang', $newlang); } else { $lang = pnSessionGetVar('lang'); } // Load global language defines if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) { $currentlang = $lang; } else { $currentlang = pnConfigGetVar('language'); pnSessionSetVar('lang', $currentlang); } include 'language/' . pnVarPrepForOS($currentlang) . '/global.php'; include 'modules/NS-Languages/api.php'; // Cross-Site Scripting attack defense - Sent by larsneo // some syntax checking against injected javascript $pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker'); if ($pnAntiCrackerMode == 1) { pnSecureInput(); } // Banner system include 'includes/pnBanners.php'; // Other other includes include 'includes/advblocks.php'; include 'includes/counter.php'; include 'includes/pnHTML.php'; include 'includes/pnMod.php'; include 'includes/queryutil.php'; include 'includes/xhtml.php'; include 'includes/oldfuncs.php'; // Handle referer if (pnConfigGetVar('httpref') == 1) { include 'referer.php'; httpreferer(); } return true; }
function Lenses_userapi_search_report($args) { $time = pnVarCleanFromInput('time'); // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) { return $items_array; } extract($args); $items_array = array(); // Get a reference to the database object. $dbconn =& pnDBGetConn(true); // Get a reference to PostNuke's table info. $pntable =& pnDBGetTables(); $table =& $pntable['lenses_stats']; $field =& $pntable['lenses_stats_column']; $lens_table =& $pntable['lenses']; $lens_field =& $pntable['lenses_column']; $sql = "SELECT {$field['id']}, {$lens_field['name']}, {$field['this_month']}, {$field['last_month']}, {$field['total']}\n \t\tFROM {$table}, {$lens_table}\n\t\t\t\t\t\tWHERE {$field['id']} = {$lens_field['tid']} \n \t\t\tORDER BY {$field[$time]} DESC LIMIT 0,40"; //print ($sql); // Execute the SQL query. $result = $dbconn->Execute($sql); // Check for any database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } // A switch to extract the data from a given result set. for (; !$result->EOF; $result->MoveNext()) { list($id, $name, $total, $last_month, $this_month) = $result->fields; $items_array[] = array('id' => $id, 'name' => $name, 'total' => $total, 'last_month' => $last_month, 'this_month' => $this_month); } $result->Close(); //print_r($items_array); return $items_array; }
/** * Load language files for the current language * * @return void */ function pnLangLoad() { // See if a language update is required for ml-enviroments $newlang = pnVarCleanFromInput('newlang'); if (!empty($newlang) && pnConfigGetVar('multilingual') == 1) { $langlist = languagelist(); if (file_exists('language/' . pnVarPrepForOS($newlang) . '/global.php') && isset($langlist[$newlang])) { // newlang is valid and exists $lang = $newlang; pnSessionSetVar('lang', $newlang); } else { // newlang is either not valid or doesn't exist - restore default values $lang = pnConfigGetVar('language'); pnSessionSetVar('lang', $lang); } } else { $detectlang = pnConfigGetVar('language_detect'); $defaultlang = pnConfigGetVar('language'); switch ($detectlang) { case 1: // Detect Browser Language $cnvlanguage = cnvlanguagelist(); $currentlang = ''; $langs = split('[,;]', $_SERVER['HTTP_ACCEPT_LANGUAGE']); foreach ($langs as $lang) { if (isset($cnvlanguage[$lang]) && file_exists('language/' . pnVarPrepForOS($cnvlanguage[$lang]) . '/global.php')) { $currentlang = $cnvlanguage[$lang]; break; } } if ($currentlang == '') { $currentlang = $defaultlang; } break; default: $currentlang = $defaultlang; } $lang = pnSessionGetVar('lang'); } // Load global language defines // these are deprecated and will be moved to the relevant modules // with .8x if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) { $currentlang = $lang; } else { $currentlang = pnConfigGetVar('language'); pnSessionSetVar('lang', $currentlang); } $oscurrentlang = pnVarPrepForOS($currentlang); if (file_exists('language/' . $oscurrentlang . '/global.php')) { include 'language/' . $oscurrentlang . '/global.php'; } // load the languge language file if (file_exists('language/languages.php')) { include 'language/languages.php'; } // load the core language file if (file_exists('language/' . $oscurrentlang . '/core.php')) { include 'language/' . $oscurrentlang . '/core.php'; } // set the correct locale // note: windows has different requires for the setlocale funciton to other OS's // See: http://uk.php.net/setlocale if (stristr(getenv('OS'), 'windows')) { // for windows we either use the _LOCALEWIN define or the existing language code if (defined('_LOCALEWIN')) { setlocale(LC_ALL, _LOCALEWIN); } else { setlocale(LC_ALL, $currentlang); } } else { // for other OS's we use the _LOCALE define setlocale(LC_ALL, _LOCALE); } }
/** * get the user's theme * @public * @returns string * @return the name of the user's theme */ function pnUserGetTheme() { // Order of theme priority: // - page-specific // - user // - system // - PostNuke // Page-specific theme $pagetheme = pnVarCleanFromInput('theme'); if (!empty($pagetheme)) { if (@opendir("themes/" . pnVarPrepForOS($pagetheme))) { return $pagetheme; } } if (pnUserLoggedIn() && !pnConfigGetVar('theme_change')) { $usertheme = pnUserGetVar('theme'); // modification mouzaia .71 if (!empty($usertheme)) { if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($usertheme))) { return $usertheme; } if (@opendir("themes/" . pnVarPrepForOS($usertheme))) { return $usertheme; } } } $systemtheme = pnConfigGetVar('Default_Theme'); if (!empty($systemtheme)) { if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($systemtheme))) { return $systemtheme; } if (@opendir("themes/" . pnVarPrepForOS($systemtheme))) { return $systemtheme; } } // why is this hard coded ?????? // $defaulttheme = 'PostNuke'; $defaulttheme = pnConfigGetVar('Default_Theme'); if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($defaulttheme))) { return $defaulttheme; } if (@opendir("themes/" . pnVarPrepForOS($defaulttheme))) { return $defaulttheme; } return false; }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function Lenses_admin_update_lens($args) { // Clean input from the form. $lens_data = pnVarCleanFromInput('lens_data'); $bc = pnVarCleanFromInput('bc'); $enh_colors = pnVarCleanFromInput('enh_colors'); $opaque_colors = pnVarCleanFromInput('opaque_colors'); // Extract any extra arguments. extract($args); // Confirm $authid hidden field from form template. if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY)); return pnRedirect(pnModURL('Lenses', 'admin', 'main')); } //take the arrays for the base curves and the simple opaque and enhancer colors //and create a string that's added to the appropriate parts of the $lens_data array $lens_data[bc_simple] = $bc[0] . " " . $bc[1] . " " . $bc[2]; $lens_data[enh_names_simple] = ""; $lens_data[opaque_names_simple] = ""; foreach ($enh_colors as $value) { $lens_data[enh_names_simple] .= $value . " "; } foreach ($opaque_colors as $value) { $lens_data[opaque_names_simple] .= $value . " "; } // Attempt to update lens. if (pnModAPIFunc('Lenses', 'admin', 'update_lens', array('lens_data' => $lens_data))) { pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED)); } // No output. Redirect user. return pnRedirect(pnModURL('Lenses', 'user', 'view', array('tid' => $lens_data[tid]))); }
/** * postcalendar_userapi_pcQueryEvents * INPUT * $args = Array of values possibly containing: * $provider_id = array of provider ID numbers * * Returns an array containing the event's information * @params array(key=>value) * @params string key eventstatus * @params int value -1 == hidden ; 0 == queued ; 1 == approved * @return array $events[][] */ function &postcalendar_userapi_pcQueryEvents($args) { $end = '0000-00-00'; extract($args); // echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging // $pc_username = pnVarCleanFromInput('pc_username'); $pc_username = $_SESSION['pc_username']; // from Michael Brinson 2006-09-19 if (empty($pc_username) || is_array($pc_username)) { $pc_username = "******"; } //echo "DEBUG pc_username: $pc_username \n"; // debugging $topic = pnVarCleanFromInput('pc_topic'); $category = pnVarCleanFromInput('pc_category'); if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') { if ($pc_username == '__PC_ALL__' || $pc_username == -1) { $ruserid = -1; } else { $ruserid = getIDfromUser($pc_username); } } if (!isset($eventstatus)) { $eventstatus = 1; } // sanity check on eventstatus if ((int) $eventstatus < -1 || (int) $eventstatus > 1) { $eventstatus = 1; } if (!isset($start)) { $start = Date_Calc::dateNow('%Y-%m-%d'); } list($sy, $sm, $sd) = explode('-', $start); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // link to the events tables $table = $pntable['postcalendar_events']; $cattable = $pntable['postcalendar_categories']; $topictable = $pntable['postcalendar_topics']; $sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) "; //================================== //FACILITY FILTERING (lemonsoftware)(CHEMED) if ($_SESSION['pc_facility']) { $pc_facility = $_SESSION['pc_facility']; $sql .= " AND a.pc_facility = {$pc_facility} "; /* AND u.facility_id = $pc_facility AND u2.facility_id = $pc_facility "; */ } else { if ($pc_facility) { // pc_facility could be provided in the search arguments -- JRM March 2008 $sql .= " AND a.pc_facility = {$pc_facility} "; /*. " AND u.facility_id = $pc_facility". " AND u2.facility_id = $pc_facility "; */ } } //EOS FACILITY FILTERING (lemonsoftware) //================================== // The above 3 lines replaced these: // AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00') // AND a.pc_eventDate <= '$end' "; if (!empty($providerID)) { $ruserid = $providerID; } // eliminate ruserid if we're trying to query by provider_id -- JRM if (!empty($provider_id)) { unset($ruserid); } if (isset($ruserid)) { // get all events for the specified username if ($ruserid == -1) { $sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' "; $sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') "; } else { $sql .= "AND a.pc_aid IN (0, " . $ruserid . ") "; } } elseif (!pnUserLoggedIn()) { // get all events for anonymous users $sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' "; } elseif (!empty($provider_id)) { // get all events for a variety of provider IDs -- JRM if ($provider_id[0] != "_ALL_") { /**add all the events from the clinic provider id = 0*/ $sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") "; } } else { // get all events for logged in user plus global events $sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') "; } //====================================================================== // START SEARCH FUNCTIONALITY //====================================================================== if (!empty($s_keywords)) { $sql .= "AND ({$s_keywords}) "; } if (!empty($s_category)) { $sql .= "AND ({$s_category}) "; } if (!empty($s_topic)) { $sql .= "AND ({$s_topic}) "; } if (!empty($category)) { $sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') "; } if (!empty($topic)) { $sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') "; } //====================================================================== // Search sort and limitation //====================================================================== if (empty($sort)) { $sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC"; } else { $sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}"; } //====================================================================== // END SEARCH FUNCTIONALITY //====================================================================== //echo "<br>sq: $sql<br />"; // echo "<!-- " . $sql . " -->\n"; // debugging $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die($dbconn->ErrorMsg()); } // put the information into an array for easy access $events = array(); // return an empty array if we don't have any results if (!isset($result)) { return $events; } for ($i = 0; !$result->EOF; $result->MoveNext()) { // WHY are we using an array for intermediate storage??? -- Rod // get the results from the query if (isset($tmp)) { unset($tmp); } $tmp = array(); list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields; // grab the name of the topic $topicname = pcGetTopicName($tmp['topic']); // get the user id of event's author $cuserid = @$nuke_users[strtolower($tmp['uname'])]; // check the current event's permissions // the user does not have permission to view this event // if any of the following evaluate as false if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) { continue; } elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) { continue; } // add event to the array if we passed the permissions check // this is the common information $events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval']; //sets the number of rows this event should span $events[$i]['eid'] = $tmp['eid']; $events[$i]['uname'] = $tmp['uname']; $events[$i]['uid'] = $cuserid; $events[$i]['catid'] = $tmp['catid']; $events[$i]['time'] = $tmp['time']; $events[$i]['eventDate'] = $tmp['eventDate']; $events[$i]['duration'] = $tmp['duration']; // there has to be a more intelligent way to do this @(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60)); $events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2); //'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' $events[$i]['endDate'] = $tmp['endDate']; $events[$i]['startTime'] = $tmp['startTime']; $events[$i]['recurrtype'] = $tmp['recurrtype']; $events[$i]['recurrfreq'] = $tmp['recurrfreq']; $events[$i]['recurrspec'] = $tmp['recurrspec']; $events[$i]['topic'] = $tmp['topic']; $events[$i]['alldayevent'] = $tmp['alldayevent']; $events[$i]['catcolor'] = $tmp['catcolor']; // Modified 06-2009 by BM to translate the category if applicable $events[$i]['catname'] = xl_appt_category($tmp['catname']); $events[$i]['catdesc'] = $tmp['catdesc']; $events[$i]['pid'] = $tmp['pid']; $events[$i]['apptstatus'] = $tmp['apptstatus']; $events[$i]['pubpid'] = $tmp['pubpid']; $events[$i]['patient_name'] = $tmp['patient_name']; $events[$i]['provider_name'] = $tmp['provider_name']; $events[$i]['owner_name'] = $tmp['owner_name']; $events[$i]['patient_dob'] = $tmp['patient_dob']; $events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']); $events[$i]['facility'] = getFacility($tmp['facility']); $events[$i]['sharing'] = $tmp['sharing']; $events[$i]['prefcatid'] = $tmp['prefcatid']; $events[$i]['aid'] = $tmp['aid']; $events[$i]['topictext'] = $topicname; $events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']); if ($events[$i]['intervals'] == 0) { $events[$i]['intervals'] = 1; } // is this a public event to be shown as busy? if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) { // make it not display any information $events[$i]['title'] = _USER_BUSY_TITLE; $events[$i]['hometext'] = _USER_BUSY_MESSAGE; $events[$i]['desc'] = _USER_BUSY_MESSAGE; $events[$i]['conttel'] = ''; $events[$i]['contname'] = ''; $events[$i]['contemail'] = ''; $events[$i]['website'] = ''; $events[$i]['fee'] = ''; $events[$i]['location'] = ''; $events[$i]['street1'] = ''; $events[$i]['street2'] = ''; $events[$i]['city'] = ''; $events[$i]['state'] = ''; $events[$i]['postal'] = ''; } else { $display_type = substr($tmp['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); $events[$i]['title'] = $prepFunction($tmp['title']); $events[$i]['hometext'] = $prepFunction($tmp['hometext']); $events[$i]['desc'] = $events[$i]['hometext']; $events[$i]['conttel'] = $prepFunction($tmp['conttel']); $events[$i]['contname'] = $prepFunction($tmp['contname']); $events[$i]['contemail'] = $prepFunction($tmp['contemail']); $events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website'])); $events[$i]['fee'] = $prepFunction($tmp['fee']); $loc = unserialize($tmp['location']); $events[$i]['location'] = $prepFunction($loc['event_location']); $events[$i]['street1'] = $prepFunction($loc['event_street1']); $events[$i]['street2'] = $prepFunction($loc['event_street2']); $events[$i]['city'] = $prepFunction($loc['event_city']); $events[$i]['state'] = $prepFunction($loc['event_state']); $events[$i]['postal'] = $prepFunction($loc['event_postal']); } $i++; } unset($tmp); $result->Close(); return $events; }
function blocks_menu_update($row) { list($vars['displaymodules'], $vars['displaywaiting'], $vars['style']) = pnVarCleanFromInput('displaymodules', 'displaywaiting', 'style'); // Defaults if (empty($vars['displaymodules'])) { $vars['displaymodules'] = 0; } if (empty($vars['displaywaiting'])) { $vars['displaywaiting'] = 0; } if (empty($vars['style'])) { $vars['style'] = 1; } // User links $content = array(); $c = 1; if (isset($row['linkname'])) { list($linkurl, $linkname, $linkdesc) = pnVarCleanFromInput('linkurl', 'linkname', 'linkdesc'); foreach ($row['linkname'] as $v) { if (!isset($row['linkdelete'][$c])) { $content[] = "{$linkurl[$c]}|{$linkname[$c]}|{$linkdesc[$c]}"; } if (isset($row['linkinsert'][$c])) { $content[] = "||"; } $c++; } } if ($row['new_linkname']) { $content[] = pnVarCleanFromInput('new_linkurl') . '|' . pnVarCleanFromInput('new_linkname') . '|' . pnVarCleanFromInput('new_linkdesc'); } $vars['content'] = implode("LINESPLIT", $content); $row['content'] = pnBlockVarsToContent($vars); return $row; }
function modules_admin_remove() { // Security and sanity checks if (!pnSecConfirmAuthKey()) { pnSessionSetVar('errormsg', _BADAUTHKEY); pnRedirect(pnModURL('Modules', 'admin', 'list')); return true; } $id = pnVarCleanFromInput('id'); if (empty($id) || !is_numeric($id)) { pnSessionSetVar('errormsg', _MODULESNOMODID); pnRedirect(pnModURL('Modules', 'admin', 'list')); } // Load in API pnModAPILoad('Modules', 'admin'); // Remove module if (pnModAPIFunc('Modules', 'admin', 'remove', array('mid' => $id))) { // Success pnSessionSetVar('statusmsg', _MODREMOVED); } pnRedirect(pnModURL('Modules', 'admin', 'list')); return true; }
/** * update block settings */ function template_firstblock_update($blockinfo) { $vars['numitems'] = pnVarCleanFromInput('numitems'); $blockinfo['content'] = pnBlockVarsToContent($vars); return $blockinfo; }
function search_users() { list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q'); if (empty($active_users)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['users_column']; $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['uname']} LIKE '{$word}' OR "; $query .= "{$column['name']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['uname']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>'); $url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // some basic authcheck - might result in a wrong count... if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
// $_SESSION['last_calendar_page'] = $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING']; //} /* print_r($_POST); print_r($_GET); print_r($_SESSION); die; */ //print_r($_SESSION); // start PN pnInit(); // Get variables list($module, $func, $op, $name, $file, $type, ) = pnVarCleanFromInput('module', 'func', 'op', 'name', 'file', 'type'); // Defaults for variables if (isset($catid)) { pnVarCleanFromInput('catid'); } // check requested module and set to start module if not present if (empty($name)) { $name = pnConfigGetVar('startpage'); // fixed for the new style of loading modules and set start page for them [class007] if (empty($module)) { $module = $name; } } // get module information $modinfo = pnModGetInfo(pnModGetIDFromName($module)); if ($modinfo['type'] == 2) { // New-new style of loading modules if (empty($type)) { $type = 'user';
* You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA * * To read the license please read the docs/license.txt or visit * http://www.gnu.org/copyleft/gpl.html * */ // grab the form variables $tplview = pnVarCleanFromInput('tplview'); $viewtype = pnVarCleanFromInput('viewtype'); $eid = pnVarCleanFromInput('eid'); $Date = pnVarCleanFromInput('Date'); $print = pnVarCleanFromInput('print'); $uid = pnUserGetVar('uid'); $pc_username = pnVarCleanFromInput('pc_username'); $output =& new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!pnModAPILoad('postcalendar', 'user')) { die('Could not load PostCalendar user API'); } $theme = pnUserGetTheme(); if (!pnThemeLoad($theme)) { die('Could not load theme'); } $output->Text('<html><head>'); $output->Text("<title>" . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n"); $output->Text('<link rel="StyleSheet" href="themes/' . $theme . '/style/styleNN.css" type="text/css" />'); $output->Text('<style type="text/css">@import url("themes/' . $theme . '/style/style.css"); </style>'); $output->Text('</head>'); $output->Text('<body bgcolor="#ffffff">');
// Redirect to new style admin panel pnRedirect(pnModURL($module, 'admin')); exit; } if (!file_exists($adminfile = 'modules/' . pnVarPrepForOS($modinfo['directory']) . '/admin.php')) { // Module claims to be old-style, but no admin.php present - quit here header('HTTP/1.0 404 Not Found'); include 'header.php'; echo 'Wrong call for Adminfunction in Module <strong>' . pnVarPrepForDisplay($module) . '</strong>'; include 'footer.php'; exit; } /** * old style module administration */ list($func, $op, $name, $file, $type) = pnVarCleanFromInput('func', 'op', 'name', 'file', 'type'); // load the legacy includes include_once 'modules/Admin/pnlegacy/tools.php'; // set a constant so we can check the correct entry point later define('LOADED_AS_MODULE', '1'); $ModName = $module; include $adminfile; modules_get_manual(); if (substr($module, 0, 3) == 'NS-') { $function = substr($module, 3) . '_admin_'; } else { $function = $module . '_admin_'; } if (empty($op)) { $op = 'main'; }
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['url']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * confirm an authorisation key is valid * <br /> * See description of <code>pnSecGenAuthKey</code> for information on * this function * * @public * @return bool true if the key is valid, false if it is not */ function pnSecConfirmAuthKey() { list($module, $authid) = pnVarCleanFromInput('module', 'authid'); // get the module info $modinfo = pnModGetInfo(pnModGetIDFromName($module)); // Regenerate static part of key $partkey = pnSessionGetVar('rand') . strtolower($modinfo['name']); // Not using time-sensitive keys for the moment // // Key life is 5 minutes, so search backwards and forwards 5 // // minutes to see if there is a match anywhere // for ($i=-5; $i<=5; $i++) { // $testdate = mktime(date('G'), date('i')+$i, 0, date('m') , date('d'), date('Y')); // $testauthid = md5($partkey . date('YmdGi', $testdate)); // if ($testauthid == $authid) { // // Match // // We've used up the current random // // number, make up a new one // srand((double)microtime()*1000000); // pnSessionSetVar('rand', rand()); // return true; // } // } if (md5($partkey) == $authid) { // Match - generate new random number for next key and leave happy srand((double) microtime() * 1000000); pnSessionSetVar('rand', rand()); return true; } // Not found, assume invalid return false; }
/** * update block settings */ function postcalendar_calendarblock_update($blockinfo) { // Security check if (!pnSecAuthAction(0, 'PostCalendar:calendarblock:', "{$blockinfo['title']}::", ACCESS_ADMIN)) { return false; } list($vars['pcbshowcalendar'], $vars['pcbeventslimit'], $vars['pcbeventoverview'], $vars['pcbnextevents'], $vars['pcbeventsrange'], $vars['pcbshowsslinks']) = pnVarCleanFromInput('pcbshowcalendar', 'pcbeventslimit', 'pcbeventoverview', 'pcbnextevents', 'pcbeventsrange', 'pcbshowsslinks'); // set up defaults if not defined if (!isset($vars['pcbshowcalendar'])) { $vars['pcbshowcalendar'] = 0; } if (!isset($vars['pcbeventslimit'])) { $vars['pcbeventslimit'] = 5; } if (!isset($vars['pcbeventoverview'])) { $vars['pcbeventoverview'] = 0; } if (!isset($vars['pcbnextevents'])) { $vars['pcbnextevents'] = 0; } if (!isset($vars['pcbeventsrange'])) { $vars['pcbeventsrange'] = 6; } if (!isset($vars['pcbshowsslinks'])) { $vars['pcbshowsslinks'] = 0; } $tpl =& new pcSmarty(); $tpl->clear_all_cache(); $blockinfo['content'] = serialize($vars); return $blockinfo; }
/** * get the user's theme * <br /> * This function will return the current theme for the user. * Order of theme priority: * - page-specific * - category * - user * - system * * @public * @return string the name of the user's theme **/ function pnUserGetTheme() { static $theme; if (isset($theme)) { return $theme; } // Page-specific theme $pagetheme = pnVarCleanFromInput('theme'); if (!empty($pagetheme)) { $themeinfo = pnThemeInfo($pagetheme); if ($themeinfo && $themeinfo['active']) { $theme = $pagetheme; return $pagetheme; } } // set a new theme for the user $pagetheme = pnVarCleanFromInput('newtheme'); if (!empty($pagetheme) && !pnConfigGetVar('theme_change')) { $themeinfo = pnThemeInfo($pagetheme); if ($themeinfo && $themeinfo['active']) { if (pnUserLoggedIn()) { $uid = pnUserGetVar('uid'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['users_column']; $sql = "UPDATE {$pntable['users']}\n SET {$column['theme']}='" . pnVarPrepForStore($pagetheme) . "'\n WHERE {$column['uid']}='" . pnVarPrepForStore($uid) . "'"; $dbconn->Execute($sql); } else { pnSessionSetVar('theme', $pagetheme); } $theme = $pagetheme; return $pagetheme; } } // eugenio themeover 20020413 // override the theme per category or story // precedence is story over category override list($sid, $file) = pnVarCleanFromInput('sid', 'file'); if (pnModGetName() == 'News' && (!empty($sid) || strtolower($file) == 'article')) { $modinfo = pnModGetInfo(pnModGetIDFromName('News')); include_once 'modules/' . $modinfo['directory'] . '/funcs.php'; $pntable =& pnDBGetTables(); $results = getArticles("{$pntable['stories_column']['sid']}='" . (int) pnVarPrepForStore($sid) . "'", "", ""); if (is_array($results) && count($results) > 0) { $info = genArticleInfo($results[0]); $themeinfo = pnThemeInfo($info['catthemeoverride']); if ($themeinfo && $themeinfo['active']) { $theme = $info['catthemeoverride']; return $theme; } $themeinfo = pnThemeInfo($info['themeoverride']); if ($themeinfo && $themeinfo['active']) { $theme = $info['themeoverride']; return $theme; } } } // User theme if (!pnConfigGetVar('theme_change')) { if (pnUserLoggedIn()) { $usertheme = pnUserGetVar('theme'); } else { $usertheme = pnSessionGetVar('theme'); } $themeinfo = pnThemeInfo($usertheme); if ($themeinfo && $themeinfo['active']) { $theme = $usertheme; return $usertheme; } } // default site theme $defaulttheme = pnConfigGetVar('Default_Theme'); $themeinfo = pnThemeInfo($defaulttheme); if ($themeinfo && $themeinfo['active']) { $theme = $defaulttheme; return $theme; } return false; }
function __construct() { $theme = pnUserGetTheme(); $osTheme = pnVarPrepForOS($theme); pnThemeLoad($theme); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $bgcolor6, $textcolor1, $textcolor2; // call constructor parent::__construct(); // gather module information $pcModInfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $pcDir = pnVarPrepForOS($pcModInfo['directory']); $pcDisplayName = $pcModInfo['displayname']; unset($pcModInfo); // setup up pcSmarty configs $this->compile_check = true; $this->force_compile = false; $this->debugging = false; $this->template_dir = "modules/{$pcDir}/pntemplates"; array_push($this->plugins_dir, "modules/{$pcDir}/pnincludes/Smarty/plugins"); array_push($this->plugins_dir, "modules/{$pcDir}/plugins"); $this->compile_dir = "modules/{$pcDir}/pntemplates/compiled"; $this->cache_dir = "modules/{$pcDir}/pntemplates/cache"; $this->caching = _SETTING_USE_CACHE; $this->cache_lifetime = _SETTING_CACHE_LIFETIME; $this->left_delimiter = '[-'; $this->right_delimiter = '-]'; //============================================================ // checks for safe mode // i think it's safe to say we can do this automagically now //============================================================ $safe_mode = ini_get('safe_mode'); $safe_mode_gid = ini_get('safe_mode_gid'); $open_basedir = ini_get('open_basedir'); $use_safe_mode = (bool) $safe_mode || (bool) $safe_mode_gid || !empty($open_basedir); if ($use_safe_mode) { $this->use_sub_dirs = false; } else { $this->use_sub_dirs = true; } unset($use_safe_mode, $safe_mode, $safe_mode_gid, $open_basedir); $this->autoload_filters = array('output' => array('trimwhitespace')); $lang = pnUserGetLang(); $func = pnVarCleanFromInput('func'); $print = pnVarCleanFromInput('print'); // assign theme globals $this->assign_by_ref('BGCOLOR1', $bgcolor1); $this->assign_by_ref('BGCOLOR2', $bgcolor2); $this->assign_by_ref('BGCOLOR3', $bgcolor3); $this->assign_by_ref('BGCOLOR4', $bgcolor4); $this->assign_by_ref('BGCOLOR5', $bgcolor5); $this->assign_by_ref('BGCOLOR6', $bgcolor6); $this->assign_by_ref('TEXTCOLOR1', $textcolor1); $this->assign_by_ref('TEXTCOLOR2', $textcolor2); $this->assign_by_ref('USER_LANG', $lang); $this->assign_by_ref('FUNCTION', $func); $this->assign('PRINT_VIEW', $print); $this->assign('USE_POPUPS', _SETTING_USE_POPUPS); $this->assign('USE_TOPICS', _SETTING_DISPLAY_TOPICS); $this->assign('USE_INT_DATES', _SETTING_USE_INT_DATES); $this->assign('OPEN_NEW_WINDOW', _SETTING_OPEN_NEW_WINDOW); $this->assign('EVENT_DATE_FORMAT', _SETTING_DATE_FORMAT); $this->assign('HIGHLIGHT_COLOR', _SETTING_DAY_HICOLOR); $this->assign('24HOUR_TIME', _SETTING_TIME_24HOUR); $this->assign_by_ref('MODULE_NAME', $pcDisplayName); $this->assign_by_ref('MODULE_DIR', $pcDir); $this->assign('ACCESS_NONE', PC_ACCESS_NONE); $this->assign('ACCESS_OVERVIEW', PC_ACCESS_OVERVIEW); $this->assign('ACCESS_READ', PC_ACCESS_READ); $this->assign('ACCESS_COMMENT', PC_ACCESS_COMMENT); $this->assign('ACCESS_MODERATE', PC_ACCESS_MODERATE); $this->assign('ACCESS_EDIT', PC_ACCESS_EDIT); $this->assign('ACCESS_ADD', PC_ACCESS_ADD); $this->assign('ACCESS_DELETE', PC_ACCESS_DELETE); $this->assign('ACCESS_ADMIN', PC_ACCESS_ADMIN); //================================================================= // Find out what Template we're using //================================================================= $template_name = _SETTING_TEMPLATE; if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Find out what Template View to use //================================================================= $template_view = pnVarCleanFromInput('tplview'); if (!isset($template_view)) { $template_view = 'default'; } $this->config_dir = "modules/{$pcDir}/pntemplates/{$template_name}/config/"; $this->assign_by_ref('TPL_NAME', $template_name); $this->assign_by_ref('TPL_VIEW', $template_view); $this->assign('TPL_IMAGE_PATH', $GLOBALS['rootdir'] . "/main/calendar/modules/{$pcDir}/pntemplates/{$template_name}/images"); $this->assign('TPL_ROOTDIR', $GLOBALS['rootdir']); $this->assign('TPL_STYLE_PATH', "modules/{$pcDir}/pntemplates/{$template_name}/style"); $this->assign('THEME_PATH', "themes/{$osTheme}"); }