function updateUserPass($username, $md5pass) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column =& $pntable['users_column']; $result = $dbconn->Execute("UPDATE {$pntable['users']}\n SET {$column['pass']} = '" . pnVarPrepForStore($md5pass) . "'\n WHERE {$column['uname']}='" . pnVarPrepForStore($username) . "'"); }
function blocks_related_block($row) { global $sid, $story; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) { return; } if ($story['topic']) { $row['content'] = '<font class="pn-normal">'; $column =& $pntable['stories_column']; $sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC"; $result = $dbconn->SelectLimit($sql, 1); $mrow = $result->GetRowAssoc(false); $result->MoveNext(); $column =& $pntable['related_column']; $result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . ""); while (!$result->EOF) { $lrow = $result->GetRowAssoc(false); $result->MoveNext(); $row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n"; } $row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>'; return themesideblock($row); } }
function blocks_ephem_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $currentlang = pnUserGetLang(); if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['ephem_column']; $querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')"; } else { $querylang = ""; } $today = getdate(); $eday = $today['mday']; $emonth = $today['mon']; $column =& $pntable['ephem_column']; $result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}"); $boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />'; while (list($yid, $content) = $result->fields) { $result->MoveNext(); $boxstuff .= '<br /><br />'; $boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . ''; } if (empty($row['title'])) { $row['title'] = _EPHEMERIDS; } $row['content'] = $boxstuff; return themesideblock($row); }
/** * Function to display banners in all pages */ function pnBannerDisplay($type = 0) { // test on config settings if (pnConfigGetVar('banners') != 1) { return ' '; } // added check for numeric type - markwest if (!is_numeric($type)) { return ' '; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['banner_column']; $bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"); list($numrows) = $bresult->fields; // we no longer need this, free the resources $bresult->Close(); /* Get a random banner if exist any. */ /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */ if ($numrows > 1) { $numrows = $numrows - 1; mt_srand((double) microtime() * 1000000); $bannum = mt_rand(0, $numrows); } else { $bannum = 0; } $column =& $pntable['banner_column']; //$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum); $query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'"; $bresult2 =& $dbconn->SelectLimit($query, 1, $bannum); list($bid, $imageurl, $clickurl) = $bresult2->fields; // we no longer need this, free the resources $bresult2->Close(); $myIP = pnConfigGetVar('myIP'); $myhost = pnServerGetVar("REMOTE_ADDR"); if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) { // itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set) $ignore_bannerfinish = 1; } else { $dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } if ($numrows > 0) { $aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields; $aborrar->Close(); /* Check if this impression is the last one and print the banner */ if ($imptotal == $impmade && !isset($ignore_bannerfinish)) { $column =& $pntable['bannerfinish_column']; $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())"); $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . ""); } list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl); if ($type == 1 or $type == 2 or $type == 0) { echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; } else { $content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>"; return $content; } } }
/** * Function to display banners in all pages */ function pnBannerDisplay($type = 0) { // test on config settings if (pnConfigGetVar('banners') != 1) { return ' '; } // added check for numeric type - markwest if (!is_numeric($type)) { return ' '; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column =& $pntable['banner_column']; $bresult = $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = {$type}"); list($numrows) = $bresult->fields; // we no longer need this, free the resources $bresult->Close(); /* Get a random banner if exist any. */ /* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */ if ($numrows > 1) { $numrows = $numrows - 1; mt_srand((double) microtime() * 1000000); $bannum = mt_rand(0, $numrows); } else { $bannum = 0; } $column =& $pntable['banner_column']; $query = buildSimpleQuery('banner', array('bid', 'imageurl', 'clickurl'), "{$column['type']} = {$type}", '', 1, $bannum); $bresult2 = $dbconn->Execute($query); list($bid, $imageurl, $clickurl) = $bresult2->fields; // we no longer need this, free the resources $bresult2->Close(); $myIP = pnConfigGetVar('myIP'); $myhost = getenv("REMOTE_ADDR"); if ($myIP == $myhost) { // do nothing } else { $dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); } if ($numrows > 0) { $aborrar = $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields; $aborrar->Close(); /* Check if this impression is the last one and print the banner */ if ($imptotal == $impmade) { $column =& $pntable['bannerfinish_column']; $dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())"); $dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . ""); } if ($type == 1 or $type == 2 or $type == 0) { echo "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>"; } else { $content = "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>"; return $content; } } }
function blocks_category_block($row) { global $topic, $catid; list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnConfigGetVar('multilingual') == 1) { $column =& $pntable['stories_column']; $querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')"; /* the OR is needed to display stories who are posted to ALL languages */ } else { $querylang = ''; } $column =& $pntable['stories_cat_column']; $result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}"); if ($result->EOF) { return; } else { $boxstuff = '<span class="pn-normal">'; if ($catid == "") { // $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />'; $boxstuff .= ""; } else { $boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />"; } for (; !$result->EOF; $result->MoveNext()) { $srow = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) { $column =& $pntable['stories_column']; $result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC"); if (!$result2->EOF) { $story = $result2->GetRowAssoc(false); $story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']); $sdate = ml_ftime(_DATEBRIEF, $story['unixtime']); if ($catid == $srow['catid']) { $boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } else { $boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />"; } } } } } $boxstuff .= '</span>'; if (empty($row['title'])) { $row['title'] = _CATEGORIES; } $row['content'] = $boxstuff; return themesideblock($row); }
function blocks_user_block($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) { return; } if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) { $column =& $pntable['users_column']; $uid = pnUserGetVar('uid'); $getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . ""); list($ublock) = $getblock->fields; $username = pnUserGetVar('name'); $row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . ""; $row['content'] = $ublock; return themesideblock($row); } }
function getusrinfo($user) { global $userinfo; if (empty($user)) { return; } if (isset($userinfo['uid'])) { return $userinfo; } $user3 = cookiedecode(); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $column = $pntable['users_column']; $sql = "SELECT {$column['uid']} AS uid,\n {$column['name']} AS name,\n {$column['uname']} AS uname,\n {$column['email']} AS email,\n {$column['femail']} AS femail,\n {$column['url']} AS url,\n {$column['user_avatar']} AS user_avatar,\n {$column['user_icq']} AS user_icq,\n {$column['user_occ']} AS user_occ,\n {$column['user_from']} AS user_from,\n {$column['user_intrest']} AS user_intrest,\n {$column['user_sig']} AS user_sig,\n {$column['user_viewemail']} AS user_viewemail,\n {$column['user_theme']} AS user_theme,\n {$column['user_aim']} AS user_aim,\n {$column['user_yim']} AS user_yim,\n {$column['user_msnm']} AS user_msnm,\n {$column['pass']} AS pass,\n {$column['storynum']} AS storynum,\n {$column['umode']} AS umode,\n {$column['uorder']} AS uorder,\n {$column['thold']} AS thold,\n {$column['noscore']} AS noscore,\n {$column['bio']} AS bio,\n {$column['ublockon']} AS ublockon,\n {$column['ublock']} AS ublock,\n {$column['theme']} AS theme,\n {$column['commentmax']} AS commentmax,\n {$column['timezone_offset']} AS timezone_offset\n FROM {$pntable['users']}\n WHERE {$column['uname']} = '" . pnVarPrepForStore($user3[1]) . "'"; $result = $dbconn->Execute($sql); if ($result->PO_RecordCount() == 1) { $userinfo = $result->GetRowAssoc(false); } else { echo "Problem obtaining user information<br>"; } return $userinfo; }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } if (!pnModAvailable('Downloads')) { return; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n"; $query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<dl>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $row['description'] = strip_tags($row['description']); if (strlen($row['description']) > 128) { $row['description'] = substr($row['description'], 0, 125) . '...'; } $output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>"); $output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>"); } $result->MoveNext(); } $output->Text("</dl>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_DOWNLOADS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
$dbconn->Execute("UPDATE {$pntable['counter']}\n SET {$column['count']}={$column['count']}+1\n WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')"); /* Per-Day-Counter */ $xydate = date("dmY"); $column =& $pntable['stats_date_column']; $xyval = $dbconn->Execute("SELECT {$column['hits']} as hits\n FROM {$pntable['stats_date']}\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'"); if ($dbconn->ErrorNo() != 0) { echo "Error accessing stats information<P>"; } $ttemp = $xyval->GetRowAssoc(false); $xyval->MoveNext(); $happend = $ttemp['hits']; if ($happend == "" || $happend == false || !$happend) { $column =& $pntable['stats_date_column']; $dbconn->Execute("INSERT INTO {$pntable['stats_date']}\n ({$column['date']}, {$column['hits']}) VALUES ('" . pnVarPrepForStore($xydate) . "','1')"); } else { $column =& $pntable['stats_date_column']; $dbconn->Execute("UPDATE {$pntable['stats_date']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'"); } /* Per-Hour-Counter */ $xyhour = date("G"); $column =& $pntable['stats_hour_column']; $dbconn->Execute("UPDATE {$pntable['stats_hour']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['hour']}='" . pnVarPrepForStore($xyhour) . "'"); /* Weekday-Counter */ $xyweekday = date("w"); $column =& $pntable['stats_week_column']; $dbconn->Execute("UPDATE {$pntable['stats_week']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['weekday']}='" . pnVarPrepForStore($xyweekday) . "'"); /* Month-Counter */ $xymonth = date("m"); $column =& $pntable['stats_month_column']; $dbconn->Execute("UPDATE {$pntable['stats_month']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['month']}='" . pnVarPrepForStore($xymonth) . "'"); }
/** * set a configuration variable * @param name the name of the variable * @param value the value of the variable * @returns bool * @return true on success, false on failure */ function pnConfigSetVar($name, $value) { /* * The database parameter are not allowed to change */ if (empty($name) || $name == 'dbtype' || $name == 'dbhost' || $name == 'dbuname' || $name == 'dbpass' || $name == 'dbname' || $name == 'system' || $name == 'prefix' || $name == 'encoded') { return false; } /* * Test on missing record * * Also solve SF-bug #580951 */ $must_insert = true; global $pnconfig; foreach ($pnconfig as $k => $v) { /* * Test if the key name is in the array */ if ($k == $name) { /* * Set flag */ $must_insert = false; /* * Test on change. If not, just quit now */ if ($v == $value) { return true; } /* * End loop after success */ break; } } /* * Fetch base data */ list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $table = $pntable['module_vars']; $columns =& $pntable['module_vars_column']; /* * Update the table */ if ($must_insert) { /* * Insert */ $query = "INSERT INTO {$table}\n ({$columns['modname']},\n {$columns['name']},\n {$columns['value']})\n VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',\n '" . pnVarPrepForStore($name) . "',\n '" . pnVarPrepForStore(serialize($value)) . "')"; } else { /* * Update */ $query = "UPDATE {$table}\n SET {$columns['value']}='" . pnVarPrepForStore(serialize($value)) . "'\n WHERE {$columns['modname']}='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'\n AND {$columns['name']}='" . pnVarPrepForStore($name) . "'"; } $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } /* * Update my vars */ $pnconfig[$name] = $value; return true; }
function postcalendar_admin_categoryLimitsUpdate() { if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit'); $updates = array(); if (isset($id)) { foreach ($id as $k => $i) { $found = false; if (count($del)) { foreach ($del as $d) { if ($i == $d) { $found = true; break; } } } if (!$found) { $start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0)); $end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0)); $update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}"; array_push($updates, $update_sql); } } } $dels = implode(",", $del); $delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})"; $e = $msg = ''; if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) { $e .= 'UPDATE FAILED'; } if (isset($dels)) { if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) { $e .= 'DELETE FAILED'; } } if (isset($newLimit) && $newLimit > 0) { $start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0)); $end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0)); if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) { $e .= 'INSERT FAILED'; } } if (empty($e)) { $msg = 'DONE'; } $output->Text(postcalendar_admin_categoryLimits($msg, $e)); return $output->GetOutput(); }
/** * postcalendar_userapi_buildSubmitForm() * create event submit form */ function postcalendar_userapi_buildSubmitForm($args, $admin = false) { $_SESSION['category'] = ""; if (!PC_ACCESS_ADD) { return _POSTCALENDARNOAUTH; } extract($args); unset($args); //since we seem to clobber category $cat = $category; $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); // set up Smarty $tpl = new pcSmarty(); $tpl->caching = false; $template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate'); if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup the correct config file path for the templates //================================================================= $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $modir = pnVarPrepForOS($modinfo['directory']); $modname = $modinfo['displayname']; $all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); //print_r($all_categories); unset($modinfo); $tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/"; //================================================================= // PARSE MAIN //================================================================= $tpl->assign('webroot', $GLOBALS['web_root']); $tpl->assign_by_ref('TPL_NAME', $template_name); $tpl->assign('FUNCTION', pnVarCleanFromInput('func')); $tpl->assign_by_ref('ModuleName', $modname); $tpl->assign_by_ref('ModuleDirectory', $modir); $tpl->assign_by_ref('category', $all_categories); $tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER); $tpl->assign('EventTitle', _PC_EVENT_TITLE); $tpl->assign('Required', _PC_REQUIRED); $tpl->assign('DateTimeTitle', _PC_DATE_TIME); $tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT); $tpl->assign('TimedEventTitle', _PC_TIMED_EVENT); $tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION); $tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS); $tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES); $tpl->assign('EventDescTitle', _PC_EVENT_DESC); //the double book variable comes from the eventdata array that is //passed here and extracted, injection is not an issue here if (is_numeric($double_book)) { $tpl->assign('double_book', $double_book); } //pennfirm begin patient info handling $ProviderID = pnVarCleanFromInput("provider_id"); if (is_numeric($ProviderID)) { $tpl->assign('ProviderID', $ProviderID); $tpl->assign('provider_id', $ProviderID); } elseif (is_numeric($event_userid) && $event_userid != 0) { $tpl->assign('ProviderID', $event_userid); $tpl->assign('provider_id', $event_userid); } else { if ($_SESSION['userauthorized'] == 1) { $tpl->assign('ProviderID', $_SESSION['authUserID']); } else { $tpl->assign('ProviderID', ""); } } $provinfo = getProviderInfo(); $tpl->assign('providers', $provinfo); $PatientID = pnVarCleanFromInput("patient_id"); // limit the number of results returned by getPatientPID // this helps to prevent the server from stalling on a request with // no PID and thousands of PIDs in the database -- JRM // the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc $plistlimit = 500; if (is_numeric($PatientID)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit))); } elseif (is_numeric($event_pid)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit))); } else { $tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit))); } $tpl->assign('event_pid', $event_pid); $tpl->assign('event_aid', $event_aid); $tpl->assign('event_category', pnVarCleanFromInput("event_category")); if (empty($event_patient_name)) { $patient_data = getPatientData($event_pid, $given = "lname, fname"); $event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname']; } $tpl->assign('patient_value', $event_patient_name); //================================================================= // PARSE INPUT_EVENT_TITLE //================================================================= $tpl->assign('InputEventTitle', 'event_subject'); $tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject)); //================================================================= // PARSE SELECT_DATE_TIME //================================================================= // It seems that with Mozilla at least, <select> fields that are disabled // do not get passed as form data. Therefore we ignore $double_book so // that the fields will not be disabled. -- Rod 2005-03-22 $output->SetOutputMode(_PNH_RETURNOUTPUT); if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear)); $formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectDateTime', $formdata); $tpl->assign('InputAllday', 'event_allday'); $tpl->assign('ValueAllday', '1'); $tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : ''); $tpl->assign('InputTimed', 'event_allday'); $tpl->assign('ValueTimed', '0'); $tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : ''); $tpl->assign('STYLE', $GLOBALS['style']); //================================================================= // PARSE SELECT_END_DATE_TIME //================================================================= $output->SetOutputMode(_PNH_RETURNOUTPUT); //if there is no end date we want the box to read todays date instead of jan 01 1994 :) if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) { $event_endmonth = $month; $event_endday = $day; $event_endyear = $year; } if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear)); $formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectEndDate', $formdata); //================================================================= // PARSE SELECT_TIMED_EVENT //================================================================= $stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem)); $output->SetOutputMode(_PNH_RETURNOUTPUT); $timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, ''); $timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, ''); if (!_SETTING_TIME_24HOUR) { $ampm = array(); $ampm[0]['id'] = pnVarPrepForStore(_AM_VAL); $ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM); $ampm[1]['id'] = pnVarPrepForStore(_PM_VAL); $ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM); if ($event_startampm == "AM" || $event_startampm == _AM_VAL) { $ampm[0]['selected'] = 1; } else { $ampm[1]['selected'] = 1; } $timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, ''); } else { $timed_ampm = ''; } $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectTimedHours', $timed_hours); $tpl->assign('SelectTimedMinutes', $timed_minutes); $tpl->assign('SelectTimedAMPM', $timed_ampm); $tpl->assign('event_startday', $event_startday); $tpl->assign('event_startmonth', $event_startmonth); $tpl->assign('event_startyear', $event_startyear); $tpl->assign('event_starttimeh', $event_starttimeh); $tpl->assign('event_starttimem', $event_starttimem); $tpl->assign('event_startampm', $event_startampm); $tpl->assign('event_dur_hours', $event_dur_hours); $tpl->assign('event_dur_minutes', $event_dur_minutes); //================================================================= // PARSE SELECT_DURATION //================================================================= $event_dur_hours = (int) $event_dur_hours; for ($i = 0; $i <= 24; $i += 1) { $TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); } $tpl->assign('TimedDurationHours', $TimedDurationHours); $tpl->assign('InputTimedDurationHours', 'event_dur_hours'); $found_time = false; for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) { $TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); if ($TimedDurationMinutes[$i]['selected'] == 'selected') { $found_time = true; } } if (!$found_time) { $TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes)); } $tpl->assign('TimedDurationMinutes', $TimedDurationMinutes); $tpl->assign('hidden_event_dur_minutes', $event_dur_minutes); $tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes'); //================================================================= // PARSE INPUT_EVENT_DESC //================================================================= $tpl->assign('InputEventDesc', 'event_desc'); if (empty($pc_html_or_text)) { $display_type = substr($event_desc, 0, 6); if ($display_type == ':text:') { $pc_html_or_text = 'text'; $event_desc = substr($event_desc, 6); } elseif ($display_type == ':html:') { $pc_html_or_text = 'html'; $event_desc = substr($event_desc, 6); } else { $pc_html_or_text = 'text'; } unset($display_type); } $tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc)); $eventHTMLorText = "<select name=\"pc_html_or_text\">"; if ($pc_html_or_text == 'text') { $eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>"; } else { $eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>"; } if ($pc_html_or_text == 'html') { $eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>"; } else { $eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>"; } $eventHTMLorText .= "</select>"; $tpl->assign('EventHTMLorText', $eventHTMLorText); //================================================================= // PARSE select_event_topic_block //================================================================= $tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS); if ((bool) _SETTING_DISPLAY_TOPICS) { $a_topics =& postcalendar_userapi_getTopics(); $topics = array(); foreach ($a_topics as $topic) { array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text'])); } unset($a_topics); // only show this if we have topics to show if (count($topics) > 0) { $tpl->assign('topics', $topics); $tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC); $tpl->assign('InputEventTopic', 'event_topic'); } } //================================================================= // PARSE select_event_type_block //================================================================= $categories = array(); foreach ($all_categories as $category) { array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc'])); } // only show this if we have categories to show // you should ALWAYS have at least one valid category if (count($categories) > 0) { $tpl->assign('categories', $categories); $tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY); $tpl->assign('InputEventCategory', 'event_category'); $tpl->assign('hidden_event_category', $event_category); } //================================================================= // PARSE event_sharing_block //================================================================= $data = array(); if (_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE)); array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC)); array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY)); } if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL)); } $sharing = array(); foreach ($data as $cell) { array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1])); } //pennfirm get list of providers from openemr code in calendar.inc $tpl->assign("user", getCalendarProviderInfo()); $tpl->assign('sharing', $sharing); $tpl->assign('EventSharingTitle', _PC_SHARING); $tpl->assign('InputEventSharing', 'event_sharing'); //================================================================= // location information //================================================================= $tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION); $tpl->assign('InputLocation', 'event_location'); $tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location)); $tpl->assign('EventStreetTitle', _PC_EVENT_STREET); $tpl->assign('InputStreet1', 'event_street1'); $tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1)); $tpl->assign('InputStreet2', 'event_street2'); $tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2)); $tpl->assign('EventCityTitle', _PC_EVENT_CITY); $tpl->assign('InputCity', 'event_city'); $tpl->assign('ValueCity', pnVarPrepForDisplay($event_city)); $tpl->assign('EventStateTitle', _PC_EVENT_STATE); $tpl->assign('InputState', 'event_state'); $tpl->assign('ValueState', pnVarPrepForDisplay($event_state)); $tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL); $tpl->assign('InputPostal', 'event_postal'); $tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal)); //================================================================= // contact information //================================================================= $tpl->assign('EventContactTitle', _PC_EVENT_CONTACT); $tpl->assign('InputContact', 'event_contname'); $tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname)); $tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE); $tpl->assign('InputPhone', 'event_conttel'); $tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel)); $tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL); $tpl->assign('InputEmail', 'event_contemail'); $tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail)); $tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE); $tpl->assign('InputWebsite', 'event_website'); $tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website)); $tpl->assign('EventFeeTitle', _PC_EVENT_FEE); $tpl->assign('InputFee', 'event_fee'); $tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee)); //================================================================= // Repeating Information //================================================================= $tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER); $tpl->assign('NoRepeatTitle', _PC_NO_REPEAT); $tpl->assign('RepeatTitle', _PC_REPEAT); $tpl->assign('RepeatOnTitle', _PC_REPEAT_ON); $tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH); $tpl->assign('EndDateTitle', _PC_END_DATE); $tpl->assign('NoEndDateTitle', _PC_NO_END); $tpl->assign('InputNoRepeat', 'event_repeat'); $tpl->assign('ValueNoRepeat', '0'); $tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : ''); $tpl->assign('InputRepeat', 'event_repeat'); $tpl->assign('ValueRepeat', '1'); $tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH); $keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH); $repeat_freq = array(); foreach ($in as $k => $v) { array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreq', 'event_repeat_freq'); if (empty($event_repeat_freq) || $event_repeat_freq < 1) { $event_repeat_freq = 1; } $tpl->assign('InputRepeatFreqVal', $event_repeat_freq); $tpl->assign('repeat_freq', $repeat_freq); unset($in); $in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR); $keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR); $repeat_freq_type = array(); foreach ($in as $k => $v) { array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type'); $tpl->assign('repeat_freq_type', $repeat_freq_type); $tpl->assign('InputRepeatOn', 'event_repeat'); $tpl->assign('ValueRepeatOn', '2'); $tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST); $keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST); $repeat_on_num = array(); foreach ($in as $k => $v) { array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnNum', 'event_repeat_on_num'); $tpl->assign('repeat_on_num', $repeat_on_num); unset($in); $in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT); $keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT); $repeat_on_day = array(); foreach ($in as $k => $v) { array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnDay', 'event_repeat_on_day'); $tpl->assign('repeat_on_day', $repeat_on_day); unset($in); $in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR); $keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR); $repeat_on_freq = array(); foreach ($in as $k => $v) { array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq'); if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) { $event_repeat_on_freq = 1; } $tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq); $tpl->assign('repeat_on_freq', $repeat_on_freq); $tpl->assign('MonthsTitle', _PC_MONTHS); //================================================================= // PARSE INPUT_END_DATE //================================================================= $tpl->assign('InputEndOn', 'event_endtype'); $tpl->assign('ValueEndOn', '1'); $tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : ''); //================================================================= // PARSE INPUT_NO_END //================================================================= $tpl->assign('InputNoEnd', 'event_endtype'); $tpl->assign('ValueNoEnd', '0'); $tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : ''); $qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']); $tpl->assign('qstring', $qstring); $output->SetOutputMode(_PNH_RETURNOUTPUT); $authkey = $output->FormHidden('authid', pnSecGenAuthKey()); $output->SetOutputMode(_PNH_KEEPOUTPUT); $form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />"; if (isset($data_loaded)) { $form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />"; $tpl->assign('FormHidden', $form_hidden); } $form_submit = '<input type=hidden name="form_action" value="commit"/> ' . $authkey . '<input type="submit" name="submit" value="go">'; $tpl->assign('FormSubmit', $form_submit); // do not cache this page if ($admin) { $output->Text($tpl->fetch($template_name . '/admin/submit.html')); } elseif (pnVarCleanFromInput("no_nav") == 1) { $output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html')); } else { $output->Text($tpl->fetch($template_name . '/user/submit.html')); } $output->Text(postcalendar_footer()); return $output->GetOutput(); }
/** * PHP function to destroy a session * @private */ function pnSessionDestroy($sessid) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $sessioninfocolumn =& $pntable['session_info_column']; $sessioninfotable = $pntable['session_info']; $query = "DELETE FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'"; $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } return true; }
function modules_admin_modify() { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $id = pnVarCleanFromInput('id'); $dbid = pnVarPrepForStore($id); $modulestable = $pntable['modules']; $modulescolumn =& $pntable['modules_column']; $query = "SELECT {$modulescolumn['name']},\n {$modulescolumn['displayname']},\n {$modulescolumn['description']}\n FROM {$modulestable}\n WHERE {$modulescolumn['id']} = {$dbid}"; $result = $dbconn->Execute($query); if ($result->EOF) { $output->Text(_ERRMODNOSUCHMODID); return $output->GetOutput(); } list($name, $displayname, $description) = $result->fields; $result->Close(); if (!pnSecAuthAction(0, 'Modules::', "{$name}::{$id}", ACCESS_ADMIN)) { $output->Text(_MODULESEDITNOAUTH); return $output->GetOutput(); } // Start form $output->FormStart(pnModURL('Modules', 'admin', 'update')); $output->FormHidden('authid', pnSecGenAuthKey()); $output->FormHidden('id', $id); // Name $output->Text(_MODULESNEWNAME); $output->Linebreak(); $output->FormText('newdisplayname', $displayname, 30, 30); $output->Linebreak(2); // Description $output->Text(_MODULESNEWDESCRIPTION); $output->Linebreak(); $output->FormText('newdescription', $description, 60, 254); $output->Linebreak(2); // Hooks $hookstable = $pntable['hooks']; $hookscolumn =& $pntable['hooks_column']; $sql = "SELECT DISTINCT {$hookscolumn['smodule']},\n {$hookscolumn['tmodule']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} IS NULL\n OR {$hookscolumn['smodule']} = '" . pnVarPrepForStore($name) . "'\n ORDER BY {$hookscolumn['tmodule']},\n {$hookscolumn['smodule']} DESC"; $result = $dbconn->Execute($sql); $displayed = array(); for (; !$result->EOF; $result->MoveNext()) { list($smodname, $tmodname) = $result->fields; // Only display once if (isset($displayed[$tmodname])) { continue; } $displayed[$tmodname] = true; if (!empty($smodname)) { $checked = 1; } else { $checked = 0; } $output->Text(_MODULESACTIVATE . ' ' . strtolower($tmodname) . ' ' . _MODULESFORTHIS); $output->FormCheckbox('hooks_' . pnVarPrepForDisplay($tmodname), $checked); $output->Linebreak(2); } $result->Close(); // End form $output->FormSubmit(_COMMIT); $output->FormEnd(); return $output->GetOutput(); }
/** * Checks if user controlled block state * * Checks if the user has a state set for a current block * Sets the default state for that block if not present * * @access private */ function pnCheckUserBlock($row) { if (!isset($row['bid'])) { $row['bid'] = ''; } if (pnUserLoggedIn()) { $uid = pnUserGetVar('uid'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $column =& $pntable['userblocks_column']; $sql = "SELECT {$column['active']}\n\t\t FROM {$pntable['userblocks']}\n\t\t WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'"; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return true; } if ($result->EOF) { $uid = pnVarPrepForStore($uid); $row['bid'] = pnVarPrepForStore($row['bid']); $sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t \t\t ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")"; $result =& $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg()); return true; } return true; } else { list($active) = $result->fields; return $active; } } else { return false; } }
/** * delete the contents of a user variable * @access public * @author Gregor J. Rothfuss * @since 1.23 - 2002/02/01 * @param name the name of the variable * @returns bool * @return true on success, false on failure */ function pnUserDelVar($name) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $propertiestable = $pntable['user_property']; $datatable = $pntable['user_data']; $propcolumns =& $pntable['user_property_column']; $datacolumns =& $pntable['user_data_column']; // Prevent deletion of core fields (duh) if (empty($name) || $name == 'uid' || $name == 'email' || $name == 'password' || $name == 'uname') { return false; } $uid = pnSessionGetVar('uid'); if (empty($uid)) { return false; } // get property id for cascading delete later $query = "SELECT {$propcolumns['prop_id']} from {$propertiestable}\n WHERE {$propcolumns['prop_label']} = '" . pnVarPrepForStore($name) . "'"; $result = $dbconn->Execute($query); if ($result->EOF) { return false; } list($id) = $result->fields; $query = "DELETE from {$propertiestable}\n WHERE {$propcolumns['prop_id']} = '" . pnVarPrepForStore($id) . "'"; $result = $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } // delete variable from user data for all users $query = "DELETE from {$datatable}\n WHERE {$datacolumns['uda_propid']} = '" . pnVarPrepForStore($id) . "'"; $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return false; } return true; }
function Lenses_adminapi_update_lens($args) { // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) { pnSessionSetVar('errormsg', _MODULENOAUTH); return false; } // Extract arguments. In this case, $lens. extract($args); // Extract lens array. extract($lens_data); // Ensure valid values were passed in. if (empty($tid) || !is_numeric($tid) || empty($name) || !is_string($name)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Check if lens exists. if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $tid, 'item_type' => 'lens'))) { pnSessionSetVar('errormsg', _NOSUCHITEM); return false; } // Get a reference to the database object. $dbconn =& pnDBGetConn(true); // Get a reference to PostNuke's table info. $pntable =& pnDBGetTables(); // Define table and column to work with. $lenses_table =& $pntable['lenses']; $lenses_field =& $pntable['lenses_column']; // NOTE: We need to take care of a few preliminaries // before passing the data off to the database // for storage. Specifically: // 1) Get today's date - $updated // Today's date. $updated = date('Y-m-d'); // NOTE: There would typically be a list() of all variables here // which would be prepped for db storage before being used // in the $sql query below. This is not the case when the // new lens is being inserted as this effectively adds apx // 165 lines of code between here and the $sql query. The // data is instead cleaned, still via pnVarPrepForStore(), // as it would have been done here in a list(); the only // difference here is that the data is cleaned AS the $sql // query string is created, instead of BEFOREHAND. // Create sql to insert lens. $sql = "UPDATE {$lenses_table}\n SET {$lenses_field['name']} = '" . pnVarPrepForStore($name) . "',\n {$lenses_field['aliases']} = '" . pnVarPrepForStore($aliases) . "',\n {$lenses_field['comp_id']} = '" . pnVarPrepForStore($comp_id) . "',\n {$lenses_field['poly_id']} = '" . pnVarPrepForStore($poly_id) . "',\n {$lenses_field['visitint']} = '" . pnVarPrepForStore($visitint) . "',\n {$lenses_field['ew']} = '" . pnVarPrepForStore($ew) . "',\n {$lenses_field['ct']} = '" . pnVarPrepForStore($ct) . "',\n {$lenses_field['dk']} = '" . pnVarPrepForStore($dk) . "',\n {$lenses_field['oz']} = '" . pnVarPrepForStore($oz) . "',\n {$lenses_field['process_text']} = '" . pnVarPrepForStore($process_text) . "',\n {$lenses_field['process_simple']} = '" . pnVarPrepForStore($process_simple) . "',\n {$lenses_field['qty']} = '" . pnVarPrepForStore($qty) . "',\n {$lenses_field['replace_simple']} = '" . pnVarPrepForStore($replace_simple) . "',\n {$lenses_field['replace_text']} = '" . pnVarPrepForStore($replace_text) . "',\n {$lenses_field['wear']} = '" . pnVarPrepForStore($wear) . "',\n {$lenses_field['price']} = '" . pnVarPrepForStore($price) . "',\n {$lenses_field['markings']} = '" . pnVarPrepForStore($markings) . "',\n {$lenses_field['fitting_guide']} = '" . pnVarPrepForStore($fitting_guide) . "',\n {$lenses_field['website']} = '" . pnVarPrepForStore($website) . "',\n {$lenses_field['image']} = '" . pnVarPrepForStore($image) . "',\n {$lenses_field['other_info']} = '" . pnVarPrepForStore($other_info) . "',\n {$lenses_field['discontinued']} = '" . pnVarPrepForStore($discontinued) . "',\n {$lenses_field['display']} = '" . pnVarPrepForStore($display) . "',\n {$lenses_field['redirect']} = '" . pnVarPrepForStore($redirect) . "',\n {$lenses_field['bc_simple']} = '" . pnVarPrepForStore($bc_simple) . "',\n\t\t\t\t {$lenses_field['bc_all']} \t= '" . pnVarPrepForStore($bc_all) . "',\n {$lenses_field['max_plus']} = '" . pnVarPrepForStore($max_plus) . "',\n {$lenses_field['max_minus']} = '" . pnVarPrepForStore($max_minus) . "',\n {$lenses_field['max_diam']} = '" . pnVarPrepForStore($max_diam) . "',\n {$lenses_field['min_diam']} = '" . pnVarPrepForStore($min_diam) . "',\n {$lenses_field['diam_1']} = '" . pnVarPrepForStore($diam_1) . "',\n {$lenses_field['base_curves_1']} = '" . pnVarPrepForStore($base_curves_1) . "',\n {$lenses_field['powers_1']} = '" . pnVarPrepForStore($powers_1) . "',\n {$lenses_field['diam_2']} = '" . pnVarPrepForStore($diam_2) . "',\n {$lenses_field['base_curves_2']} = '" . pnVarPrepForStore($base_curves_2) . "',\n {$lenses_field['powers_2']} = '" . pnVarPrepForStore($powers_2) . "',\n {$lenses_field['diam_3']} = '" . pnVarPrepForStore($diam_3) . "',\n {$lenses_field['base_curves_3']} = '" . pnVarPrepForStore($base_curves_3) . "',\n {$lenses_field['powers_3']} = '" . pnVarPrepForStore($powers_3) . "',\n\t\t\t\t {$lenses_field['sph_notes']} = '" . pnVarPrepForStore($sph_notes) . "',\n \n {$lenses_field['toric']} = '" . pnVarPrepForStore($toric) . "',\n {$lenses_field['toric_type']} = '" . pnVarPrepForStore($toric_type) . "',\n {$lenses_field['toric_type_simple']} = '" . pnVarPrepForStore($toric_type_simple) . "',\n {$lenses_field['cyl_power']} = '" . pnVarPrepForStore($cyl_power) . "',\n {$lenses_field['max_cyl_power']} = '" . pnVarPrepForStore($max_cyl_power) . "',\n {$lenses_field['cyl_axis']} = '" . pnVarPrepForStore($cyl_axis) . "',\n {$lenses_field['cyl_axis_steps']} = '" . pnVarPrepForStore($cyl_axis_steps) . "',\n {$lenses_field['oblique']} = '" . pnVarPrepForStore($oblique) . "',\n\t\t\t\t {$lenses_field['cyl_notes']} = '" . pnVarPrepForStore($cyl_notes) . "',\n \n {$lenses_field['bifocal']} = '" . pnVarPrepForStore($bifocal) . "',\n {$lenses_field['bifocal_type']} = '" . pnVarPrepForStore($bifocal_type) . "',\n {$lenses_field['add_text']} = '" . pnVarPrepForStore($add_text) . "',\n {$lenses_field['max_add']} = '" . pnVarPrepForStore($max_add) . "',\n {$lenses_field['cosmetic']} = '" . pnVarPrepForStore($cosmetic) . "',\n {$lenses_field['enh_names']} = '" . pnVarPrepForStore($enh_names) . "',\n {$lenses_field['enh_names_simple']} = '" . pnVarPrepForStore($enh_names_simple) . "',\n {$lenses_field['opaque_names']} = '" . pnVarPrepForStore($opaque_names) . "',\n {$lenses_field['opaque_names_simple']} = '" . pnVarPrepForStore($opaque_names_simple) . "',\n {$lenses_field['updated']} = '" . date('Y-m-d') . "'\n WHERE {$lenses_field['tid']} = '" . (int) pnVarPrepForStore($tid) . "'\n "; // Execute the SQL query. $result = $dbconn->Execute($sql); // Check for any database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _UPDATEFAILED . '<br />' . mysql_error()); return false; } // Start a new output object. // This function isn't an output function, but needs an output // object started before the cache can be cleared. $pnRender =& new pnRender('Lenses'); // Clear the cache. $pnRender->clear_cache(); // Return success. return true; }
/** * Get a single item from the database. * * @param $object STRING required Table to select from: med, moa, chem, company or preserve * @param $id INT required ID of item to select. * @return An array of data for the single item retrieved. */ function Meds_userapi_get($args) { // Permission check. if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) { pnSessionSetVar('errormsg', _MODULENOAUTH); return false; } // Get argument. $object is synonymous with "use this table" $object = $args['object']; // Ensure that $object was passed in. if (empty($object) || !is_string($object)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Since each table has a differently named id field, // assign the field's id-name based on $object. if ($object == 'med') { $id_field = 'med_id'; } if ($object == 'moa') { $id_field = 'moa_id'; } if ($object == 'company') { $id_field = 'comp_id'; } if ($object == 'preserve') { $id_field = 'pres_id'; } if ($object == 'chem') { $id_field = 'chem_id'; } // Only now is the id cleaned from the args array (because only // now do we know what id field to use for this operation. $id = $args[$id_field]; // Ensure that assigning the $id worked. if (empty($id) || !is_numeric($id)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Prepping input for further use. $object = (string) pnVarPrepForStore($object); $id = (int) pnVarPrepForStore($id); // Get database connection and tables references. $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // Define which tables/columns to use, based on $object. switch ($object) { case 'med': $table =& $pntable['rx_meds']; $field =& $pntable['rx_meds_column']; break; case 'chem': $table =& $pntable['rx_chem']; $field =& $pntable['rx_chem_column']; break; case 'moa': $table =& $pntable['rx_moa']; $field =& $pntable['rx_moa_column']; break; case 'preserve': $table =& $pntable['rx_preserve']; $field =& $pntable['rx_preserve_column']; break; case 'company': $table =& $pntable['rx_company']; $field =& $pntable['rx_company_column']; break; default: break; } // Create SQL to select $object from $table based on $id_field. $sql = "SELECT * FROM {$table} WHERE {$field[$id_field]} = '{$id}'"; // Execute query. $result = $dbconn->Execute($sql); // Check for database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _GETFAILED); return false; } // Extract data from $result set, based on $object retrieved. switch ($object) { case 'med': list($med_id, $trade, $comp_id, $medType1, $medType2, $preg, $schedule, $generic, $image1, $image2, $dose, $peds, $ped_text, $nurse, $pres_id1, $pres_id2, $comments, $rxInfo, $med_url, $updated, $display, $conc1, $chem_id1, $moa_id1, $conc2, $chem_id2, $moa_id2, $conc3, $chem_id3, $moa_id3, $conc4, $chem_id4, $moa_id4, $form1, $size1, $cost1, $form2, $size2, $cost2, $form3, $size3, $cost3, $form4, $size4, $cost4) = $result->fields; $item = array('med_id' => $med_id, 'trade' => $trade, 'comp_id' => $comp_id, 'medType1' => $medType1, 'medType2' => $medType2, 'preg' => $preg, 'schedule' => $schedule, 'generic' => $generic, 'image1' => $image1, 'image2' => $image2, 'dose' => $dose, 'peds' => $peds, 'ped_text' => $ped_text, 'nurse' => $nurse, 'pres_id1' => $pres_id1, 'pres_id2' => $pres_id2, 'comments' => $comments, 'rxInfo' => $rxInfo, 'med_url' => $med_url, 'updated' => $updated, 'display' => $display, 'conc1' => $conc1, 'chem_id1' => $chem_id1, 'moa_id1' => $moa_id1, 'conc2' => $conc2, 'chem_id2' => $chem_id2, 'moa_id2' => $moa_id2, 'conc3' => $conc3, 'chem_id3' => $chem_id3, 'moa_id3' => $moa_id3, 'conc4' => $conc4, 'chem_id4' => $chem_id4, 'moa_id4' => $moa_id4, 'form1' => $form1, 'size1' => $size1, 'cost1' => $cost1, 'form2' => $form2, 'size2' => $size2, 'cost2' => $cost2, 'form3' => $form3, 'size3' => $size3, 'cost3' => $cost3, 'form4' => $form4, 'size4' => $size4, 'cost4' => $cost4); break; case 'chem': list($chem_id, $name, $moa_id) = $result->fields; $item = array('chem_id' => $chem_id, 'name' => $name, 'moa_id' => $moa_id); break; case 'moa': list($moa_id, $name, $comments) = $result->fields; $item = array('moa_id' => $moa_id, 'name' => $name, 'comments' => $comments); break; case 'preserve': list($pres_id, $name, $comments) = $result->fields; $item = array('pres_id' => $pres_id, 'name' => $name, 'comments' => $comments); break; case 'company': list($comp_id, $name, $phone, $street, $city, $state, $zip, $email, $url, $comments) = $result->fields; $item = array('comp_id' => $comp_id, 'name' => $name, 'phone' => $phone, 'street' => $street, 'city' => $city, 'state' => $state, 'zip' => $zip, 'email' => $email, 'url' => $url, 'comments' => $comments); break; default: break; } // Close $result set. $result->Close(); // Return retrieved item. return $item; }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } if (!pnModAvailable('News')) { return; } $output =& new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ''; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= ' AND ('; $start_flag = true; } if ($flag) { $query .= ' OR '; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ') '; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= ' AND ('; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= ' OR '; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ') '; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != '') { if (!$no_flag) { $query .= ' AND ('; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ') '; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= ' AND'; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = '1'; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres =& $dbconn->Execute($query); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); // check for a db error if ($dbconn->ErrorNo() != 0) { return; } if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author); if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= '&bool=' . pnVarPrepForDisplay($bool); if (isset($q)) { $url .= '&q=' . pnVarPrepForDisplay($q); } $output->Text('<dl>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>'); $output->Text('<dd>'); $output->Text(pnVarPrepForDisplay($row['fdate']) . ' ('); if (!empty($row['topicid'])) { $output->Text($row['topictext']); } if (!empty($row['catid'])) { $output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title'])); } $output->Text(')</dd>'); } $result->MoveNext(); } $output->Text('</dl>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text(_SEARCH_NO_STORIES_TOPICS); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * postcalendar_userapi_pcQueryEvents * INPUT * $args = Array of values possibly containing: * $provider_id = array of provider ID numbers * * Returns an array containing the event's information * @params array(key=>value) * @params string key eventstatus * @params int value -1 == hidden ; 0 == queued ; 1 == approved * @return array $events[][] */ function &postcalendar_userapi_pcQueryEvents($args) { $end = '0000-00-00'; extract($args); // echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging // $pc_username = pnVarCleanFromInput('pc_username'); $pc_username = $_SESSION['pc_username']; // from Michael Brinson 2006-09-19 if (empty($pc_username) || is_array($pc_username)) { $pc_username = "******"; } //echo "DEBUG pc_username: $pc_username \n"; // debugging $topic = pnVarCleanFromInput('pc_topic'); $category = pnVarCleanFromInput('pc_category'); if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') { if ($pc_username == '__PC_ALL__' || $pc_username == -1) { $ruserid = -1; } else { $ruserid = getIDfromUser($pc_username); } } if (!isset($eventstatus)) { $eventstatus = 1; } // sanity check on eventstatus if ((int) $eventstatus < -1 || (int) $eventstatus > 1) { $eventstatus = 1; } if (!isset($start)) { $start = Date_Calc::dateNow('%Y-%m-%d'); } list($sy, $sm, $sd) = explode('-', $start); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // link to the events tables $table = $pntable['postcalendar_events']; $cattable = $pntable['postcalendar_categories']; $topictable = $pntable['postcalendar_topics']; $sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) "; //================================== //FACILITY FILTERING (lemonsoftware)(CHEMED) if ($_SESSION['pc_facility']) { $pc_facility = $_SESSION['pc_facility']; $sql .= " AND a.pc_facility = {$pc_facility} "; /* AND u.facility_id = $pc_facility AND u2.facility_id = $pc_facility "; */ } else { if ($pc_facility) { // pc_facility could be provided in the search arguments -- JRM March 2008 $sql .= " AND a.pc_facility = {$pc_facility} "; /*. " AND u.facility_id = $pc_facility". " AND u2.facility_id = $pc_facility "; */ } } //EOS FACILITY FILTERING (lemonsoftware) //================================== // The above 3 lines replaced these: // AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00') // AND a.pc_eventDate <= '$end' "; if (!empty($providerID)) { $ruserid = $providerID; } // eliminate ruserid if we're trying to query by provider_id -- JRM if (!empty($provider_id)) { unset($ruserid); } if (isset($ruserid)) { // get all events for the specified username if ($ruserid == -1) { $sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' "; $sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') "; } else { $sql .= "AND a.pc_aid IN (0, " . $ruserid . ") "; } } elseif (!pnUserLoggedIn()) { // get all events for anonymous users $sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' "; } elseif (!empty($provider_id)) { // get all events for a variety of provider IDs -- JRM if ($provider_id[0] != "_ALL_") { /**add all the events from the clinic provider id = 0*/ $sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") "; } } else { // get all events for logged in user plus global events $sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') "; } //====================================================================== // START SEARCH FUNCTIONALITY //====================================================================== if (!empty($s_keywords)) { $sql .= "AND ({$s_keywords}) "; } if (!empty($s_category)) { $sql .= "AND ({$s_category}) "; } if (!empty($s_topic)) { $sql .= "AND ({$s_topic}) "; } if (!empty($category)) { $sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') "; } if (!empty($topic)) { $sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') "; } //====================================================================== // Search sort and limitation //====================================================================== if (empty($sort)) { $sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC"; } else { $sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}"; } //====================================================================== // END SEARCH FUNCTIONALITY //====================================================================== //echo "<br>sq: $sql<br />"; // echo "<!-- " . $sql . " -->\n"; // debugging $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { die($dbconn->ErrorMsg()); } // put the information into an array for easy access $events = array(); // return an empty array if we don't have any results if (!isset($result)) { return $events; } for ($i = 0; !$result->EOF; $result->MoveNext()) { // WHY are we using an array for intermediate storage??? -- Rod // get the results from the query if (isset($tmp)) { unset($tmp); } $tmp = array(); list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields; // grab the name of the topic $topicname = pcGetTopicName($tmp['topic']); // get the user id of event's author $cuserid = @$nuke_users[strtolower($tmp['uname'])]; // check the current event's permissions // the user does not have permission to view this event // if any of the following evaluate as false if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) { continue; } elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) { continue; } elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) { continue; } // add event to the array if we passed the permissions check // this is the common information $events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval']; //sets the number of rows this event should span $events[$i]['eid'] = $tmp['eid']; $events[$i]['uname'] = $tmp['uname']; $events[$i]['uid'] = $cuserid; $events[$i]['catid'] = $tmp['catid']; $events[$i]['time'] = $tmp['time']; $events[$i]['eventDate'] = $tmp['eventDate']; $events[$i]['duration'] = $tmp['duration']; // there has to be a more intelligent way to do this @(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60)); $events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2); //'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' $events[$i]['endDate'] = $tmp['endDate']; $events[$i]['startTime'] = $tmp['startTime']; $events[$i]['recurrtype'] = $tmp['recurrtype']; $events[$i]['recurrfreq'] = $tmp['recurrfreq']; $events[$i]['recurrspec'] = $tmp['recurrspec']; $events[$i]['topic'] = $tmp['topic']; $events[$i]['alldayevent'] = $tmp['alldayevent']; $events[$i]['catcolor'] = $tmp['catcolor']; // Modified 06-2009 by BM to translate the category if applicable $events[$i]['catname'] = xl_appt_category($tmp['catname']); $events[$i]['catdesc'] = $tmp['catdesc']; $events[$i]['pid'] = $tmp['pid']; $events[$i]['apptstatus'] = $tmp['apptstatus']; $events[$i]['pubpid'] = $tmp['pubpid']; $events[$i]['patient_name'] = $tmp['patient_name']; $events[$i]['provider_name'] = $tmp['provider_name']; $events[$i]['owner_name'] = $tmp['owner_name']; $events[$i]['patient_dob'] = $tmp['patient_dob']; $events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']); $events[$i]['facility'] = getFacility($tmp['facility']); $events[$i]['sharing'] = $tmp['sharing']; $events[$i]['prefcatid'] = $tmp['prefcatid']; $events[$i]['aid'] = $tmp['aid']; $events[$i]['topictext'] = $topicname; $events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']); if ($events[$i]['intervals'] == 0) { $events[$i]['intervals'] = 1; } // is this a public event to be shown as busy? if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) { // make it not display any information $events[$i]['title'] = _USER_BUSY_TITLE; $events[$i]['hometext'] = _USER_BUSY_MESSAGE; $events[$i]['desc'] = _USER_BUSY_MESSAGE; $events[$i]['conttel'] = ''; $events[$i]['contname'] = ''; $events[$i]['contemail'] = ''; $events[$i]['website'] = ''; $events[$i]['fee'] = ''; $events[$i]['location'] = ''; $events[$i]['street1'] = ''; $events[$i]['street2'] = ''; $events[$i]['city'] = ''; $events[$i]['state'] = ''; $events[$i]['postal'] = ''; } else { $display_type = substr($tmp['hometext'], 0, 6); if ($display_type == ':text:') { $prepFunction = 'pcVarPrepForDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } elseif ($display_type == ':html:') { $prepFunction = 'pcVarPrepHTMLDisplay'; $tmp['hometext'] = substr($tmp['hometext'], 6); } else { $prepFunction = 'pcVarPrepHTMLDisplay'; } unset($display_type); $events[$i]['title'] = $prepFunction($tmp['title']); $events[$i]['hometext'] = $prepFunction($tmp['hometext']); $events[$i]['desc'] = $events[$i]['hometext']; $events[$i]['conttel'] = $prepFunction($tmp['conttel']); $events[$i]['contname'] = $prepFunction($tmp['contname']); $events[$i]['contemail'] = $prepFunction($tmp['contemail']); $events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website'])); $events[$i]['fee'] = $prepFunction($tmp['fee']); $loc = unserialize($tmp['location']); $events[$i]['location'] = $prepFunction($loc['event_location']); $events[$i]['street1'] = $prepFunction($loc['event_street1']); $events[$i]['street2'] = $prepFunction($loc['event_street2']); $events[$i]['city'] = $prepFunction($loc['event_city']); $events[$i]['state'] = $prepFunction($loc['event_state']); $events[$i]['postal'] = $prepFunction($loc['event_postal']); } $i++; } unset($tmp); $result->Close(); return $events; }
function Lenses_adminapi_update_polymer($args) { // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) { pnSessionSetVar('errormsg', _MODULENOAUTH); return false; } // Extract arguments. In this case, $polymer. extract($args); // Extract polymer array. extract($polymer); // Ensure valid values were passed in. if (empty($poly_tid) || !is_numeric($poly_tid) || empty($fda_grp) || !is_numeric($fda_grp) || empty($h2o) || !is_string($h2o) || empty($poly_name) || !is_string($poly_name) || empty($poly_desc) || !is_string($poly_desc)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // NOTE: No check for alt field as it can be empty. // Check if polymer exists. if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $poly_tid, 'item_type' => 'polymer'))) { pnSessionSetVar('errormsg', _NOSUCHITEM); return false; } // Get a reference to the database object. $dbconn =& pnDBGetConn(true); // Get a reference to PostNuke's table info. $pntable =& pnDBGetTables(); // Define table and column to work with. $polymers_table =& $pntable['lenses_polymers']; $polymers_field =& $pntable['lenses_polymers_column']; // Prep data for storage in database. list($poly_tid, $fda_grp, $h2o, $name, $poly_desc) = pnVarPrepForStore($poly_tid, $fda_grp, $h2o, $name, $poly_desc); // Create SQL string to update the polymer record. $sql = "UPDATE {$polymers_table}\n SET {$polymers_field['fda_grp']} \t\t= '{$fda_grp}',\n {$polymers_field['h2o']} \t\t= '{$h2o}',\n {$polymers_field['poly_name']} \t= '{$poly_name}',\n {$polymers_field['poly_desc']} \t= '{$poly_desc}'\n WHERE {$polymers_field['poly_tid']} \t= '{$poly_tid}'"; // Execute the SQL query. $result = $dbconn->Execute($sql); // Check for any database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _UPDATEFAILED); return false; } // Start a new output object. // This function isn't an output function, but needs an output // object started before the cache can be cleared. $pnRender =& new pnRender('Lenses'); // Clear the cache. $pnRender->clear_cache(); // Return success. return true; }
} // get any filters $topicid = pnVarCleanFromInput('topicid'); $catid = pnVarCleanFromInput('catid'); // Base query $storiescolumn = $pntable['stories_column']; $storiescatcolumn = $pntable['stories_cat_column']; $topicscolumn = $pntable['topics_column']; $query = "SELECT {$storiescolumn['aid']} AS \"aid\",\n {$storiescolumn['catid']} AS \"cid\",\n {$storiescatcolumn['title']} AS \"cattitle\",\n {$storiescolumn['sid']} AS \"sid\",\n {$topicscolumn['topicid']} AS \"tid\",\n {$storiescolumn['title']} AS \"title\",\n {$topicscolumn['topicname']} AS \"topicname\",\n {$topicscolumn['topictext']} AS \"topictext\",\n\t\t\t\t {$storiescolumn['hometext']} AS \"hometext\",\n\t\t\t\t {$storiescolumn['time']} AS \"time\"\n FROM \t {$pntable['stories']}"; $query .= " LEFT JOIN {$pntable['stories_cat']} ON {$storiescolumn['catid']} = {$storiescatcolumn['catid']}\n\t\t\tLEFT JOIN {$pntable['topics']} ON {$storiescolumn['topic']} = {$topicscolumn['topicid']}"; $query .= " WHERE {$storiescolumn['ihome']} = 0 AND ({$storiescolumn['language']} = '" . pnVarPrepForStore($lang) . "' OR {$storiescolumn['language']} = '') "; if (isset($topicid) && is_numeric($topicid)) { $query .= " AND {$storiescolumn['topic']} = '" . pnVarPrepForStore($topicid) . "'"; } if (isset($catid) && is_numeric($catid)) { $query .= " AND {$storiescolumn['catid']} = '" . pnVarPrepForStore($catid) . "'"; } $query .= " ORDER BY {$storiescolumn['time']} DESC"; // with permissions in mind we can't use $headline_limit but restricting to 99 should be ok $result =& $dbconn->SelectLimit($query, 99); //$result =& $dbconn->Execute($query); // Error checking if ($dbconn->ErrorNo() != 0) { return false; } // start capture of dynamic output while ((list($aid, $cid, $cattitle, $sid, $tid, $title, $topicname, $topictext, $hometext, $time) = $result->FetchRow()) && $shown_results < $headline_limit) { if (empty($mostrecentdate)) { $mostrecentdate = $time; } $title = pnVarPrepForDisplay($title);
/** * carry out hook operations for module * @param hookobject the object the hook is called for - either 'item' or 'category' * @param hookaction the action the hook is called for - one of 'create', 'delete', 'transform', or 'display' * @param hookid the id of the object the hook is called for (module-specific) * @param extrainfo extra information for the hook, dependent on hookaction * @returns string * @return output from hooks */ function pnModCallHooks($hookobject, $hookaction, $hookid, $extrainfo) { // Get database info list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $hookstable = $pntable['hooks']; $hookscolumn =& $pntable['hooks_column']; // Get applicable hooks $sql = "SELECT {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} = '" . pnVarPrepForStore(pnModGetName()) . "'\n AND {$hookscolumn['object']} = '" . pnVarPrepForStore($hookobject) . "'\n AND {$hookscolumn['action']} = '" . pnVarPrepForStore($hookaction) . "'"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return null; } $output = ''; // Call each hook for (; !$result->EOF; $result->MoveNext()) { list($hookarea, $hookmodule, $hooktype, $hookfunc) = $result->fields; if ($hookarea == 'GUI') { if (pnModAvailable($hookmodule, $hooktype) && pnModLoad($hookmodule, $hooktype)) { $output .= pnModFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo)); } } else { if (pnModAvailable($hookmodule, $hooktype) && pnModAPILoad($hookmodule, $hooktype)) { $extrainfo = pnModAPIFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo)); } } } if ($hookaction == 'display') { return $output; } else { return $extrainfo; } }
/** * get authorisation information for this user * * @public * @return array two element array of user and group permissions */ function pnSecGetAuthInfo() { // Load the groups db info pnModDBInfoLoad('Groups'); pnModDBInfoLoad('Permissions'); $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); // Tables we use $userpermtable = $pntable['user_perms']; $userpermcolumn =& $pntable['user_perms_column']; $groupmembershiptable = $pntable['group_membership']; $groupmembershipcolumn =& $pntable['group_membership_column']; $grouppermtable = $pntable['group_perms']; $grouppermcolumn =& $pntable['group_perms_column']; $realmtable = $pntable['realms']; $realmcolumn =& $pntable['realms_column']; // Empty arrays $userperms = array(); $groupperms = array(); $uids[] = -1; // Get user ID if (!pnUserLoggedIn()) { // Unregistered UID $uids[] = 0; $vars['Active User'] = '******'; } else { $uids[] = pnUserGetVar('uid'); $vars['Active User'] = pnUserGetVar('uid'); } $uids = implode(",", $uids); // Get user permissions $query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); $userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // Get all groups that user is in $query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } $usergroups[] = -1; if (!pnUserLoggedIn()) { // Unregistered GID $usergroups[] = 0; } while (list($gid) = $result->fields) { $result->MoveNext(); $usergroups[] = $gid; } $usergroups = implode(",", $usergroups); // Get all group permissions $query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return array($userperms, $groupperms); } while (list($realm, $component, $instance, $level) = $result->fields) { $result->MoveNext(); //itevo $component = fixsecuritystring($component); $instance = fixsecuritystring($instance); // Search/replace of special names preg_match_all("/<([^>]+)>/", $instance, $res); for ($i = 0; $i < count($res[1]); $i++) { $instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1); } $groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level); } // we've now got the permissions info $GLOBALS['authinfogathered'] = 1; return array($userperms, $groupperms); }
function Lenses_adminapi_update_company($args) { // Permission check. if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) { pnSessionSetVar('errormsg', _MODULENOAUTH); return false; } // Extract arguments. In this case, $company. extract($args); // Extract company array. extract($company); // Ensure valid values were passed in. if (empty($comp_tid) || !is_numeric($comp_tid) || empty($comp_name) || !is_string($comp_name)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // NOTE: No check for other fields as they are not required. // Check if company exists. if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $comp_tid, 'item_type' => 'company'))) { pnSessionSetVar('errormsg', _NOSUCHITEM); return false; } // Get a reference to the database object. $dbconn =& pnDBGetConn(true); // Get a reference to PostNuke's table info. $pntable =& pnDBGetTables(); // Define table and column to work with. $companies_table =& $pntable['lenses_companies']; $companies_field =& $pntable['lenses_companies_column']; // Prep data for storage in database. list($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc) = pnVarPrepForStore($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc); // Create SQL string to update the company record. $sql = "UPDATE {$companies_table}\n SET {$companies_field['comp_name']} = '{$comp_name}',\n\t\t\t\t\t{$companies_field['logo']} \t = '{$logo}',\n {$companies_field['phone']} \t= '{$phone}',\n {$companies_field['address']} \t\t= '{$address}',\n {$companies_field['city']} \t= '{$city}',\n {$companies_field['state']} \t= '{$state}',\n {$companies_field['zip']} \t= '{$zip}',\n {$companies_field['url']} \t= '{$url}',\n {$companies_field['email']} \t= '{$email}',\n {$companies_field['comp_desc']} = '{$comp_desc}'\n WHERE {$companies_field['comp_tid']} = '{$comp_tid}'"; //echo($sql); // Execute the SQL query. $result = $dbconn->Execute($sql); // Check for any database errors. if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _UPDATEFAILED); return false; } // Start a new output object. // This function isn't an output function, but needs an output // object started before the cache can be cleared. $pnRender =& new pnRender('Lenses'); // Clear the cache. $pnRender->clear_cache(); // Return success. return true; }
function httpreferer() { global $HTTP_SERVER_VARS; /*** * Here we set up some variables for the rest of the script. * if you want to see whats going on, set $DEBUG to 1 * I use $HTTP_HOST here because i dont want to deal with the need to have * to see if $nuke_url is set correctly and whatnot. if you prefer to use * $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines. */ $DEBUG = 0; $HTTP_REFERER = getenv('HTTP_REFERER'); $HTTP_HOST = getenv('HTTP_HOST'); // nkame: PWS/IIS doesn't put those variables in the environment if (empty($HTTP_HOST)) { $HTTP_HOST = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST']; $HTTP_REFERER = $HTTP_SERVER_VARS['HTTP_REFERER']; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if ($DEBUG == 1) { echo "HTTP_HOST = " . $HTTP_HOST . "<br> HTTP_REFERER = " . $HTTP_REFERER . "<br>"; } /*** * This is the first thing we need to check. what this does is see if * HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming * from our own domain. */ if (!ereg("{$HTTP_HOST}", $HTTP_REFERER)) { /*** * If $HTTP_REFERER is not set, set $HTTP_REFERER to value "bookmark" * This is to show how many people have this bookmarked or type in the * URL into the browser. also so we dont have empty referers. */ if ($HTTP_REFERER == "") { $HTTP_REFERER = "bookmark"; } // grab a reference to our table column defs for easier reading below $column =& $pntable['referer_column']; /*** * Lets select from the table where we have $HTTP_REFERER (whether it be * a valid referer or 'bookmark'. if we return 1 row, that means someones * used this referer before and update the set appropriatly. * * If we dont have any rows (it returns 0), we have a new entry in the * table, update accordingly. * * After we figure out what SQL statement we are using, lets perform the * query and we're done ! */ $check_sql = "SELECT count({$column['rid']}) as c \n FROM {$pntable['referer']} \n WHERE {$column['url']} = '" . $HTTP_REFERER . "'"; $result = $dbconn->Execute($check_sql); if ($result === false) { PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database"); } $row = $result->fields; $count = $row[0]; if ($count == 1) { $update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . $HTTP_REFERER . "'"; } else { /*** * "auto-increment" isn't portable so we have to use the standard * interface for grabbing sequence numbers. The underlying * implementation handles the correct method for the RDBMS we are * using. */ $rid = $dbconn->GenId($pntable['referer'], true); $update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($HTTP_REFERER) . "',\n 1)"; } $result = $dbconn->Execute($update_sql); if ($result === false) { error_log("error in referer.php, " . __LINE__ . ", sql='{$update_sql}'"); PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database"); } if ($DEBUG == 1) { echo "<br>" . $check_sql . "<br>" . $update_sql . "<br>"; } } }
function postcalendar_adminapi_addCategoryLimit($args) { extract($args); if (!isset($catid)) { return false; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $catid = pnVarPrepForStore($catid); $starttime = pnVarPrepForStore($starttime); $endtime = pnVarPrepForStore($endtime); $limit = pnVarPrepForStore($limit); $sql = "INSERT INTO {$pntable['postcalendar_limits']} \n (pc_limitid,pc_catid,pc_starttime,pc_endtime,\n pc_limit)\n VALUES ('','{$catid}','{$starttime}',\n '{$endtime}','{$limit}')"; $result = $dbconn->Execute($sql); if ($result === false) { print $dbconn->ErrorMsg(); return false; } return true; }
/** * Get the uid of a user from the username * * @access public * @author Michael Halbrook * @since 1.9 - 19/04/2004 * @param uname $ the username * @return mixed userid if found, false if not, void upon error */ function pnUserGetIDFromName($uname) { $uname = isset($uname) ? $uname : ''; if (!pnVarValidate($uname, 'uname')) { return false; } static $uid = array(); if (isset($uid[$uname])) { return $uid[$uname]; } $dbconn =& pnDBGetConn(true); $pntable =& pnDBGetTables(); $userstable = $pntable['users']; $userscolumn =& $pntable['users_column']; $query = "SELECT {$userscolumn['uid']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'"; $result =& $dbconn->Execute($query); if ($dbconn->ErrorNo() != 0) { return; } if ($result->EOF) { $uid[$uname] = false; return false; } list($uid[$uname]) = $result->fields; $result->Close(); return $uid[$uname]; }
/** * update a template item * @param $args['tid'] the ID of the item * @param $args['name'] the new name of the item * @param $args['number'] the new number of the item */ function template_adminapi_update($args) { // Get arguments from argument array - all arguments to this function // should be obtained from the $args array, getting them from other // places such as the environment is not allowed, as that makes // assumptions that will not hold in future versions of PostNuke extract($args); // Argument check - make sure that all required arguments are present, // if not then set an appropriate error message and return if (!isset($tid) || !isset($name) || !isset($number)) { pnSessionSetVar('errormsg', _MODARGSERROR); return false; } // Load API. Note that this is loading the user API in addition to // the administration API, that is because the user API contains // the function to obtain item information which is the first thing // that we need to do. If the API fails to load an appropriate error // message is posted and the function returns if (!pnModAPILoad('Template', 'user')) { $output->Text(_LOADFAILED); return $output->GetOutput(); } // The user API function is called. This takes the item ID which // we obtained from the input and gets us the information on the // appropriate item. If the item does not exist we post an appropriate // message and return $item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid)); if ($item == false) { $output->Text(_TEMPLATENOSUCHITEM); return $output->GetOutput(); } // Security check - important to do this as early on as possible to // avoid potential security holes or just too much wasted processing. // However, in this case we had to wait until we could obtain the item // name to complete the instance information so this is the first // chance we get to do the check // Note that at this stage we have two sets of item information, the // pre-modification and the post-modification. We need to check against // both of these to ensure that whoever is doing the modification has // suitable permissions to edit the item otherwise people can potentially // edit areas to which they do not have suitable access if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_EDIT)) { pnSessionSetVar('errormsg', _TEMPLATENOAUTH); return false; } if (!pnSecAuthAction(0, 'Template::Item', "{$name}::{$tid}", ACCESS_EDIT)) { pnSessionSetVar('errormsg', _TEMPLATENOAUTH); return false; } // Get datbase setup - note that both pnDBGetConn() and pnDBGetTables() // return arrays but we handle them differently. For pnDBGetConn() // we currently just want the first item, which is the official // database handle. For pnDBGetTables() we want to keep the entire // tables array together for easy reference later on list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); // It's good practice to name the table and column definitions you // are getting - $table and $column don't cut it in more complex // modules $templatetable = $pntable['template']; $templatecolumn =& $pntable['template_column']; // Update the item - the formatting here is not mandatory, but it does // make the SQL statement relatively easy to read. Also, separating // out the sql statement from the Execute() command allows for simpler // debug operation if it is ever needed $sql = "UPDATE {$templatetable}\n SET {$templatecolumn['name']} = '" . pnVarPrepForStore($name) . "',\n {$templatecolumn['number']} = '" . pnVarPrepForStore($number) . "'\n WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'"; $dbconn->Execute($sql); // Check for an error with the database code, and if so set an // appropriate error message and return if ($dbconn->ErrorNo() != 0) { pnSessionSetVar('errormsg', _DELETEFAILED); return false; } // Let the calling process know that we have finished successfully return true; }