if ($sql) {
show_admin_message("Award Scheme updated", "{$pagename}");
}
} elseif ($action == "newbadge" && pageauth("advancements", "add")) {
$name = safesql($_POST['name'], "text");
$desc = safesql($_POST['desc'], "text");
$sql = $data->insert_query("badges", "'', {$name}, {$desc}, {$sid}");
if ($sql) {
show_admin_message("Badge added", "{$pagename}&action=viewsch&id={$sid}");
}
} elseif ($action == "editbadge" && pageauth("advancements", "edit")) {
$name = safesql($_POST['name'], "text");
$desc = safesql($_POST['desc'], "text");
$sql = $data->update_query("badges", "name={$name}, description={$desc}", "id={$id}");
if ($sql) {
show_admin_message("Badge updated", "{$pagename}&action=viewsch&id={$sid}");
}
}
}
if ($action == "viewadd") {
$result = $data->select_query("advancements", "WHERE id = '{$id}'");
$row = $data->fetch_array($result);
$advan = $row['advancement'];
$result = $data->select_query("requirements", "WHERE advancement = '{$id}' ORDER BY position ASC");
$req = array();
$numreqs = $data->num_rows($result);
while ($req[] = $data->fetch_array($result)) {
}
$tpl->assign("advan", $advan);
$tpl->assign("req", $req);
$tpl->assign("numreqs", $numreqs);
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!empty($getmodules)) {
$module['Member Management']['Scouting Language'] = "language";
$moduledetails[$modulenumbers]['name'] = "Scouting Language";
$moduledetails[$modulenumbers]['details'] = "Manages scouting language of CMScout";
$moduledetails[$modulenumbers]['access'] = "Allowed to access the language page";
$moduledetails[$modulenumbers]['add'] = "notused";
$moduledetails[$modulenumbers]['edit'] = "Allowed to change language";
$moduledetails[$modulenumbers]['delete'] = "notused";
$moduledetails[$modulenumbers]['publish'] = "notused";
$moduledetails[$modulenumbers]['limit'] = "notused";
$moduledetails[$modulenumbers]['id'] = "language";
return;
} else {
$allowed_array = array('patrol' => true, 'troop' => true, 'advancement_badges' => true, 'award_scheme' => true, 'member' => true, 'members' => true, 'badges' => true);
$submit = $_POST['Submit'];
$new = array();
if ($submit == "Update") {
$result = $data->select_query("scoutlanguage");
$iserror = false;
while ($row = $data->fetch_array($result)) {
$config_name = $row['name'];
$newvalue = safesql($_POST[$config_name], "text", false);
$sql = $data->update_query("scoutlanguage", "value = {$newvalue}", "name = '{$config_name}'");
}
show_admin_message("Scout Language Updated", "admin.php?page=language");
}
$filetouse = 'admin_language.tpl';
}
if ($allowed_array[$config_name] && isset($_POST[$config_name])) {
if ($config_name == "siteaddress" && $config['siteaddress'] != $newvalue) {
$new = urlencode($_POST[$config_name]);
$old = urlencode($config['siteaddress']);
@file("http://www.cmscout.co.za/newaddress.php?address={$old}&new={$new}");
}
$newvalue = safesql($_POST[$config_name], "text", false);
echo $newvalue . '<br>';
$sql = $data->update_query("config", "value = {$newvalue}", "name = '{$config_name}'", "", "", false);
}
}
$config_name = 'exclusion';
$_POST[$config_name] = serialize(is_array($_POST[$config_name]) ? $_POST[$config_name] : '');
$newvalue = safesql($_POST[$config_name], "text", false);
$sql = $data->update_query("config", "value = {$newvalue}", "name = '{$config_name}'", "", "", false);
show_admin_message("Configuration Updated", "admin.php?page=config");
}
$theme_q = $data->select_query("themes", "ORDER BY name ASC");
$theme = array();
$numthemes = $data->num_rows($theme_q);
while ($theme[] = $data->fetch_array($theme_q)) {
}
$sql = $data->select_query("timezones", "ORDER BY offset ASC");
$zone = array();
$numzones = $data->num_rows($sql);
while ($zone[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("groups", "ORDER BY teamname ASC", "id, teamname");
$group = array();
$numgroups = $data->num_rows($sql);
while ($group[] = $data->fetch_array($sql)) {
$module['Configuration']['Logfile viewer'] = "logfile";
$moduledetails[$modulenumbers]['name'] = "Logfile viewer";
$moduledetails[$modulenumbers]['details'] = "Easy viewing of the logfile";
$moduledetails[$modulenumbers]['access'] = "Allowed to view the logfile";
$moduledetails[$modulenumbers]['add'] = "notused";
$moduledetails[$modulenumbers]['edit'] = "Allowed to clear the logfile";
$moduledetails[$modulenumbers]['delete'] = "notused";
$moduledetails[$modulenumbers]['publish'] = "notused";
$moduledetails[$modulenumbers]['limit'] = "notused";
$moduledetails[$modulenumbers]['id'] = "logfile";
return;
} else {
if ($_GET['action'] == "clear") {
$file = fopen("logfile.txt", "w");
fclose($file);
show_admin_message("Logfile cleared", $pagename);
}
$lines = file("logfile.txt");
$logfileDump = array();
$date = true;
$temp = '';
foreach ($lines as $line) {
$line = trim($line);
if ($line != "---------------------" && $line != "") {
if ($date) {
$temp['date'] = $line;
$date = false;
} else {
$temp['error'] = $line;
$date = true;
}
email_user($user['id'], "account_deactiv");
}
}
$insertSQL = sprintf("uname=%s, status=%s, timezone=%s, firstname=%s, lastname=%s, email=%s, custom=%s", safesql($username, "text"), safesql($status, "text"), safesql($_POST['zone'], "text"), safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text"));
if ($password) {
$insertSQL .= ", passwd=" . safesql(md5($password), "text");
}
$Result1 = $data->update_query("users", $insertSQL, "id={$id}");
if ($Result1) {
show_admin_message("User details updated", "admin.php?page=users");
}
} else {
$insertSQL = sprintf("firstname=%s, lastname=%s, email=%s, custom=%", safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text"));
$Result1 = $data->update_query("users", $insertSQL, "id={$id}");
if ($Result1) {
show_admin_message("User details updated", "admin.php?page=users");
}
}
}
if ($action == "Edit") {
$user_query = $data->select_query("users", "WHERE id={$safe_id}");
$users = $data->fetch_array($user_query);
$action = 'Edit';
}
$sql = $data->select_query("timezones", "ORDER BY offset ASC");
$zone = array();
$numzones = $data->num_rows($sql);
while ($zone[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("profilefields", "WHERE place=0 ORDER BY pos ASC");
$fields = array();
}
$data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
$data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=customprofile");
} elseif ($action == "movedown" && pageauth("customprofile", "edit") == 1) {
$sql = $data->select_query("profilefields", "WHERE id={$safe_id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 + 1;
$sql = $data->select_query("profilefields", "WHERE pos='{$temppos}' AND place=0");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['position'];
$data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
$data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=customprofile");
} elseif ($action == "edit" && pageauth("customprofile", "edit") == 1) {
$item = $data->select_fetch_one_row("profilefields", "WHERE id={$safe_id}");
$item['options'] = unserialize($item['options']);
$tpl->assign("item", $item);
} elseif ($action == "delete" && pageauth("customprofile", "delete") == 1) {
$delete = $data->delete_query("profilefields", "id={$safe_id}");
if ($delete) {
show_admin_message("Field deleted", "{$pagename}");
}
$action = "";
}
$tpl->assign("action", $action);
$filetouse = "admin_customprofile.tpl";
}
} elseif ($action == "moveup") {
$uid = safesql($_GET['uid'], "int");
$userGroups = $data->select_fetch_one_row("usergroups", "WHERE userid={$uid} AND groupid={$gid}");
$userGroups['utype'] = $userGroups['utype'] + 1;
if ($userGroups['type'] <= 2) {
$data->update_query("usergroups", "utype={$userGroups['utype']}", "userid = {$uid} AND groupid={$gid}");
}
show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}");
} elseif ($action == "movedown") {
$uid = safesql($_GET['uid'], "int");
$userGroups = $data->select_fetch_one_row("usergroups", "WHERE userid={$uid} AND groupid={$gid}");
$userGroups['utype'] = $userGroups['utype'] - 1;
if ($userGroups['type'] >= 0) {
$data->update_query("usergroups", "utype={$userGroups['utype']}", "userid = {$uid} AND groupid={$gid}");
}
show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}");
}
$sql = $data->select_query("users", "WHERE id={$uid}");
$userinfo = $data->fetch_array($sql);
$sql = $data->select_query("usergroups", "WHERE userid={$uid}");
$usergroups = array();
$numusergroups = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$sql2 = $data->select_query("groups", "WHERE id={$temp['groupid']}", "id, teamname");
$temp2 = $data->fetch_array($sql2);
$temp2['type'] = $temp['utype'];
$usergroups[] = $temp2;
}
$sql = $data->select_query("groups");
$numgroups = 0;
$groups = array();
case "stat":
$type = 1;
break;
case "art":
$type = 4;
break;
case "group":
$type = 3;
break;
}
}
$item = $type == 5 ? $url : safesql($item[0], "text");
$itemsql = $data->select_fetch_one_row("submenu", "WHERE id={$id}", "pos");
$update = $data->update_query("submenu", "name = {$name}, item = {$item}, type={$type}", "id={$id}");
if ($update) {
show_admin_message("Item updated", "admin.php?page=subsite&subpage=submenu&sid={$siteid}");
}
}
}
if ($action == "" || $action == "view") {
$sql = $data->select_query("submenu", "WHERE site={$safe_siteid} ORDER BY pos ASC");
$numside = $data->num_rows($sql);
$menuitems = array();
while ($temp = $data->fetch_array($sql)) {
switch ($temp['type']) {
case 1:
//Static
$itemDetails = $data->select_fetch_one_row("static_content", "WHERE id='{$temp['item']}' AND type=2 AND pid={$safe_siteid}", "name, friendly");
if (isset($itemDetails)) {
$temp['action'] = "Static Page: " . (isset($itemDetails['friendly']) ? $itemDetails['friendly'] : $itemDetails['name']);
} else {
if ($data->num_rows($temp) != 0) {
$pos++;
}
} while ($data->num_rows($temp) != 0);
$sql = $data->insert_query("frontpage", "NULL, {$itemid}, {$type}, '{$pos}'");
if ($sql) {
show_admin_message("Item added", "{$pagename}");
}
$action = "";
} elseif ($action == "edit" && pageauth("frontpage", "edit") == 1) {
$temp = explode(".", $_POST['itemid']);
$itemid = safesql($temp[0], "int");
$type = safesql($temp[1] == "dynamic" ? 1 : 0, "int");
$sql = $data->update_query("frontpage", "item = {$itemid}, type = {$type}", "id={$id}");
if ($sql) {
show_admin_message("Item updated", "{$pagename}");
}
$action = "";
}
}
if ($action == "" || $action == "view") {
$sql = $data->select_query("frontpage", "ORDER BY pos ASC");
$numfront = $data->num_rows($sql);
$frontpages = array();
while ($temp = $data->fetch_array($sql)) {
if ($temp['type'] == 0) {
$temp2 = $data->select_fetch_one_row("static_content", "WHERE id={$temp['item']}");
$temp['name'] = "<b>Static Page: </b>" . ($temp2['friendly'] == '' ? $temp2['name'] : $temp2['friendly']);
} else {
$temp2 = $data->select_fetch_one_row("functions", "WHERE id={$temp['item']}");
$temp['name'] = "<b>Dynamic Page: </b>" . $temp2['name'];
$sql = $data->select_query("groups", "WHERE id = {$groupid}", "teamname");
$stuff = $data->fetch_array($sql);
$cond = safesql($stuff['teamname'], "text");
$sort = "uname";
$order = "ASC";
if ($field != 'none') {
$where = " team = {$cond} ";
}
}
if ($action == "delete") {
$id = safesql($_GET['id'], "int");
$temp = $data->select_fetch_one_row("users", "WHERE id = {$id}");
$username = $temp['uname'];
$sql2 = $data->delete_query("users", "id='{$id}'");
$data->delete_query("usergroups", "userid='{$id}'", "", "", false);
show_admin_message("{$username} deleted", "{$pagename}");
$action = "";
}
$row = array();
if (pageauth("users", "limit") == 1) {
$usergroups = user_groups_id_array($check['id']);
$userquery = '';
$first2 = true;
for ($i = 0; $i < count($usergroups); $i++) {
if ($first2 == false) {
$userquery .= " OR ";
} else {
$first2 = false;
}
$group_ids = group_users_id_array($usergroups[$i]);
$first = true;
unlink($config['downloadpath'] . "/" . $temp['file']);
$sqlq = $data->delete_query("downloads", "id={$id}");
break;
case "news":
$sqlq = $data->delete_query("newscontent", "id={$id}");
break;
case "poll":
$sqlq = $data->delete_query("polls", "id={$id}");
break;
case "content":
$sqlq = $data->delete_query("static_content", "id={$id}");
$sqlq = $data->delete_query("frontpage", "item={$id} AND type=0");
$sqlq = $data->delete_query("menu_items", "item={$id} AND type=1");
break;
}
show_admin_message("Item permentaly deleted", "{$pagename}&activetab={$type}");
}
$result = $data->select_query("album_track", "WHERE trash=1");
$album = array();
$numalbums = $data->num_rows($result);
while ($album[] = $data->fetch_array($result)) {
}
$tpl->assign("album", $album);
$tpl->assign("numalbums", $numalbums);
$result = $data->select_query("patrol_articles", "WHERE trash=1");
$article = array();
$numarticles = $data->num_rows($result);
while ($article[] = $data->fetch_array($result)) {
}
$tpl->assign("article", $article);
$tpl->assign("numarticles", $numarticles);
$ass['edit'][$moduleid] = $_POST["ass_" . $moduleid . "_edit"] == 1 ? 1 : 0;
$ass['delete'][$moduleid] = $_POST["ass_" . $moduleid . "_delete"] == 1 ? 1 : 0;
$ass['publish'][$moduleid] = $_POST["ass_" . $moduleid . "_pub"] == 1 ? 1 : 0;
$ass['limit'][$moduleid] = $_POST["ass_" . $moduleid . "_limit"] == 1 ? 1 : 0;
$gpl['access'][$moduleid] = $_POST["gpl_" . $moduleid . "_access"] == 1 ? 1 : 0;
$gpl['add'][$moduleid] = $_POST["gpl_" . $moduleid . "_add"] == 1 ? 1 : 0;
$gpl['edit'][$moduleid] = $_POST["gpl_" . $moduleid . "_edit"] == 1 ? 1 : 0;
$gpl['delete'][$moduleid] = $_POST["gpl_" . $moduleid . "_delete"] == 1 ? 1 : 0;
$gpl['publish'][$moduleid] = $_POST["gpl_" . $moduleid . "_pub"] == 1 ? 1 : 0;
$gpl['limit'][$moduleid] = $_POST["gpl_" . $moduleid . "_limit"] == 1 ? 1 : 0;
}
$user = safesql(serialize($user), "text");
$ass = safesql(serialize($ass), "text");
$gpl = safesql(serialize($gpl), "text");
$data->update_query("groups", "normaladmin = {$user}, agladmin = {$ass}, gladmin = {$gpl}", "id={$id}");
show_admin_message("Group administration panel access updated", "{$pagename}");
} else {
$tpl->assign("nummodules", $modulenumbers);
$tpl->assign("modules", $moduledetails);
$sql = $data->select_query("groups", "WHERE id={$id}");
$group = $data->fetch_array($sql);
$user = unserialize($group['normaladmin']);
$ass = unserialize($group['agladmin']);
$gpl = unserialize($group['gladmin']);
$tpl->assign("group", $group);
$tpl->assign("user", $user);
$tpl->assign("ass", $ass);
$tpl->assign("gpl", $gpl);
}
}
$message = "";
$moveto = $_POST['place'];
if ($moveto == '0') {
$pid = 0;
$type = 0;
} else {
$moveto = explode("_", $moveto);
if ($moveto[0] == "group") {
$pid = safesql($moveto[1], "int");
$type = 1;
} elseif ($moveto[0] == "site") {
$pid = safesql($moveto[1], "int");
$type = 2;
}
}
$data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}");
show_admin_message("Content moved", "{$pagename}");
}
} else {
$result = $data->select_query("static_content", "WHERE type=0 AND trash=0 ORDER BY friendly ASC");
$content = array();
$numcontent = $data->num_rows($result);
while ($content[] = $data->fetch_array($result)) {
}
}
$tpl->assign('Showcontent', $Showcontent);
$tpl->assign('name', $name);
$tpl->assign('action', $action);
$tpl->assign('numcontent', $numcontent);
$tpl->assign('content', $content);
$tpl->assign('editFormAction', $editFormAction);
$filetouse = "admin_content.tpl";
$static = $_POST['static'];
$subsites = $_POST['subsites'];
$dynamic = safesql(serialize($dynamic), "text");
$permissions = safesql(serialize($permissions), "text");
$static = safesql(serialize($static), "text");
$subsites = safesql(serialize($subsites), "text");
$name = explode(".", $_POST['name']);
if ($name[1] == "user") {
$type = 1;
} else {
$type = 2;
}
$name = safesql($name[0], "text");
$sql = $data->update_query("auth", "authname = {$name}, dynamic = {$dynamic}, permission = {$permissions}, static = {$static}, subsites = {$subsites}, type={$type}", "id={$safe_id}");
if ($sql) {
show_admin_message("Authorization item updated", $pagename);
}
}
}
if ($action == "new" && pageauth("auth", "add") == 1 || $action == "edit" && pageauth("auth", "edit") == 1) {
$safe_id = safesql($id, "int");
$sql = $data->select_query("functions", "WHERE type=2 ORDER BY name ASC", "id, name, code");
$numdynamic = $data->num_rows($sql);
$dynamic = array();
while ($dynamic[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("functions", "WHERE type=3 ORDER BY name ASC", "id, name, code");
$numperms = $data->num_rows($sql);
$permissions = array();
while ($permissions[] = $data->fetch_array($sql)) {
}
if ($data->num_rows($recordsql) > 0) {
$record = safesql(serialize($_POST['requirement']), "text");
$comments = safesql(serialize($_POST['comment']), "text");
$data->update_query("scoutrecord", "requirements={$record}, comment={$comments}", "userid={$safe_memberid} AND scheme= {$safe_scheme}");
} else {
$record = safesql(serialize($_POST['requirement']), "text");
$comments = safesql(serialize($_POST['comment']), "text");
$data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}");
}
show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements");
} elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) {
$badgeid = safesql($_POST['bid'], "int");
$comment = safesql($_POST['comment'], "text");
$date = safesql(time(), "int");
$data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}");
show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges");
}
}
$schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC");
$tpl->assign("schemes", $schemes);
$tpl->assign("numschemes", $numschemes);
if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) {
$advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC");
$numadva = $data->num_rows($advansql);
$advancements = array();
$numitems = 0;
$recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
$scoutRecord['requirement'] = unserialize($recordsql['requirements']);
$scoutRecord['comment'] = unserialize($recordsql['comment']);
while ($temp = $data->fetch_array($advansql)) {
$getrequirements = $data->select_query("requirements", "WHERE advancement = '{$temp["ID"]}' ORDER BY position ASC");
if ($action == "newfield") {
$data->insert_query("profilefields", "'', {$name}, {$query}, {$options}, {$hint}, {$type}, {$required}, {$register}, 0, {$pos}, 2, {$eventid}");
show_admin_message("Field Added", "{$pagename}&action=signups&id={$eventid}&activetab=ical");
} elseif ($action == "editfield") {
$data->update_query("profilefields", "query={$query}, options={$options}, hint={$hint}, type={$type}, required={$required}, register={$register}", "id={$id}");
show_admin_message("Field Updated", "{$pagename}&action=signups&id={$eventid}&activetab=ical");
}
}
} elseif ($action == "deletefield") {
$eventid = safesql($_GET['event'], "int");
$data->delete_query("profilefields", "id={$id}");
show_admin_message("Field Deleted", "{$pagename}&action=signups&id={$eventid}&activetab=ical");
} elseif ($action == "deletedownload") {
$eventid = safesql($_GET['event'], "int");
$data->delete_query("calendar_downloads", "id={$id}");
show_admin_message("Download Removed", "{$pagename}&action=signups&id={$eventid}&activetab=ical");
} elseif ($action == "newattend") {
$sql = $data->select_query("users");
$users = array();
while ($temp = $data->fetch_array($sql)) {
$sql2 = $data->select_query("auth", "WHERE authname='{$temp['id']}' AND type=1 AND id != {$safe_id}");
if ($data->num_rows($sql2) == 0) {
$users[] = $temp;
}
}
}
if (!$action) {
$calsql = $data->select_query("calendar_items", "WHERE trash=0 ORDER BY startdate ASC");
$numitems = $data->num_rows($calsql);
$items = array();
while ($items[] = $data->fetch_array($calsql)) {
$sql = $data->select_query("forummods", "WHERE fid={$fid}");
$nummods = $data->num_rows($sql);
$mods = array();
while ($temp = $data->fetch_array($sql)) {
if ($temp['type'] == 0) {
$sql2 = $data->select_query("users", "WHERE id={$temp['mid']}", "uname");
$temp2 = $data->fetch_array($sql2);
$temp['name'] = "User: "******"groups", "WHERE id={$temp['mid']}", "teamname");
$temp2 = $data->fetch_array($sql2);
$temp['name'] = "Group: " . $temp2['teamname'];
}
$mods[] = $temp;
}
$tpl->assign("forum", $forum);
$tpl->assign("groups", $groups);
$tpl->assign("numgroups", $numgroups);
$tpl->assign("users", $users);
$tpl->assign("numusers", $numusers);
$tpl->assign("mods", $mods);
$tpl->assign("nummods", $nummods);
} elseif ($action == "deletemod" && pageauth("forums", "delete") == 1) {
$id = safesql($_GET['id'], "int");
$data->delete_query("forummods", "id={$id}");
show_admin_message("Moderator Deleted", "{$pagename}&action=moderator&fid={$fid}&cid={$cid}");
}
$tpl->assign('editFormAction', $editFormAction);
$tpl->assign('action', $action);
$filetouse = "admin_forums.tpl";
}
$sql = $data->update_query("links", "name={$name}, url={$url}, `desc`={$desc}, cat={$cat}", "id={$did}");
if ($sql) {
show_admin_message("Link updated", "{$pagename}&action=view&id={$id}");
}
} elseif ($action == "add" && pageauth("links", "add") == 1) {
$catname = safesql($_POST['catname'], "text");
$pos = get_end_pos("links_cats");
$sql = $data->insert_query("links_cats", "NULL, {$catname}, {$pos}");
if ($sql) {
show_admin_message("Category added", "{$pagename}");
}
} elseif ($action == "edit" && pageauth("links", "edit") == 1) {
$catname = safesql($_POST['catname'], "text");
$sql = $data->update_query("links_cats", "name = {$catname}", "id = {$id}");
if ($sql) {
show_admin_message("Category updated", "{$pagename}");
}
}
}
if ($action == "view") {
$query = $data->select_query("links_cats", "WHERE id = {$id} ORDER BY position ASC");
$catinfo = $data->fetch_array($query);
$down_query = $data->select_query("links", "WHERE cat='{$id}' ORDER BY position ASC");
$numlinks = $data->num_rows($down_query);
$links = array();
while ($links[] = $data->fetch_array($down_query)) {
}
$tpl->assign("links", $links);
$tpl->assign("numlinks", $numlinks);
$tpl->assign("catinfo", $catinfo);
$tpl->assign('id', $id);
return;
} else {
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$Submit = $_POST['Submit'];
$id = $_GET['id'];
$action = $_GET['action'];
// Edit content
if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) {
$id = safesql($id, "int");
$subject = safesql($_POST['subject'], "text");
$email = safesql($_POST['email'], "text");
if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) {
show_admin_message("Email updated", $pagename);
}
}
// Show specific content
if ($id != "" && pageauth("emailedit", "edit") == 1) {
// Show selected content
$id = safesql($id, "int");
$email = $data->select_fetch_one_row("emails", "WHERE id={$id}");
$tpl->assign("email", $email);
}
// Show all news
$emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC");
$tpl->assign('action', $action);
$tpl->assign('numemails', $numemails);
$tpl->assign('emails', $emails);
$filetouse = "admin_emailedit.tpl";
show_admin_message("Poll added", "{$pagename}");
}
$tpl->assign("item", $item);
$tpl->assign("numoptions", $numoptions);
} elseif ($action == "delete") {
$id = safesql($_GET['id'], "int");
$sqlq = $data->update_query("polls", "trash=1", "id={$id}");
if ($sqlq) {
show_admin_message("Poll deleted", "{$pagename}");
}
} elseif ($action == 'publish' && pageauth("poll", "publish") == 1) {
$id = safesql($_GET['id'], "int");
$sqlq = $data->update_query("polls", "allowed=1", "id={$id}");
if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='poll'"))) {
$item = $data->select_fetch_one_row("polls", "WHERE id={$id}");
email('newitem', array("poll", $item));
$data->delete_query("review", "item_id={$id} AND type='poll'");
}
show_admin_message("Poll published", "{$pagename}");
} elseif ($action == 'unpublish' && pageauth("poll", "publish") == 1) {
$id = safesql($_GET['id'], "int");
$sqlq = $data->update_query("polls", "allowed=0", "id={$id}");
show_admin_message("Poll unpublished", "{$pagename}");
} else {
$pollitems = $data->select_fetch_all_rows($numpolls, "polls", "WHERE trash=0 ORDER BY date_start ASC");
$tpl->assign("numpolls", $numpolls);
$tpl->assign("pollitems", $pollitems);
}
$tpl->assign("action", $action);
$filetouse = "admin_poll.tpl";
}
show_admin_message("Photo updated", "{$pagename}&action=view&id={$id}");
}
} elseif ($action == "new") {
if (pageauth("photo", "limit") == 1) {
$groupsqllist = group_sql_list_id("id", "OR", true);
$teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1");
} else {
$teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1");
}
$tpl->assign('teams', $teams);
$tpl->assign('numteams', $numteams);
if ($_POST['submit'] == "Add Album") {
$group = safesql($_POST['patrol'], "int");
$name = safesql($_POST['album_name'], "text");
$data->insert_query("album_track", "'', {$name}, {$group}, 1, 0");
show_admin_message("Album added", "{$pagename}");
}
} elseif ($action == "") {
if (pageauth("photo", "limit")) {
$patrollist = group_sql_list_id("patrol", "OR");
$result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC");
} else {
$result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC");
}
$albums = array();
while ($temp = $data->fetch_array($result)) {
if ($temp['patrol'] > 0) {
$temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
$temp['patrol'] = $temp2['teamname'];
} elseif ($temp['patrol'] == 0) {
$temp['patrol'] = "None";
case "dyn":
$type = 2;
break;
case "stat":
$type = 1;
break;
case "art":
$type = 4;
break;
}
}
$item = $type == 5 ? $url : safesql($item[0], "text");
$itemsql = $data->select_fetch_one_row("patrolmenu", "WHERE id={$id}", "pos");
$update = $data->update_query("patrolmenu", "name = {$name}, item = {$item}, type={$type}", "id={$id}");
if ($update) {
show_admin_message("Item updated", "admin.php?page=patrol&subpage=patrolmenus&pid={$patrolid}");
}
}
}
if ($action == "" || $action == "view") {
$sql = $data->select_query("patrolmenu", "WHERE patrol={$safe_patrolid} ORDER BY pos ASC");
$numside = $data->num_rows($sql);
$menuitems = array();
while ($temp = $data->fetch_array($sql)) {
switch ($temp['type']) {
case 1:
//Static
$itemDetails = $data->select_fetch_one_row("static_content", "WHERE id='{$temp['item']}' AND type=1 AND pid={$safe_patrolid}", "name, friendly");
if (isset($itemDetails)) {
$temp['action'] = "Static Page: " . (isset($itemDetails['friendly']) ? $itemDetails['friendly'] : $itemDetails['name']);
} else {
$action = "";
} elseif ($Submit == "Modify" && pageauth("news", "edit") == 1) {
$news = safesql($_POST['editor'], "text");
$title = safesql($_POST['title'], "text");
$attachment = safesql($_POST['attachment'], "text");
$Update = $data->update_query("newscontent", "title={$title}, news={$news}, attachment={$attachment}", "id='{$id}'", 'News Admin', "Updated news item {$id}");
if ($Update) {
show_admin_message("News updated", "{$pagename}");
}
$action = "";
}
// Delete News
if ($action == "delete" && pageauth("news", "delete") == 1) {
$Delete = $data->update_query("newscontent", "trash=1", "id='{$id}'");
if ($Delete) {
show_admin_message("News trashed", "{$pagename}");
}
} elseif ($action == 'publish' && pageauth("news", "publish") == 1) {
$sqlq = $data->update_query("newscontent", "allowed = 1", "id={$id}");
if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='news'"))) {
$item = $data->select_fetch_one_row("newscontent", "WHERE id={$id}");
email('newitem', array("news", $item));
$data->delete_query("review", "item_id={$id} AND type='news'");
}
header("Location: {$pagename}");
} elseif ($action == 'unpublish' && pageauth("news", "publish") == 1) {
$sqlq = $data->update_query("newscontent", "allowed = 0", "id={$id}");
header("Location: {$pagename}");
}
// Show specific news
if ($id != "") {
} elseif ($action == "Add") {
$submit = $_POST['Submit'];
if ($submit == 'Submit') {
$teamname = safesql($_POST['name'], "text");
$sql3 = $data->insert_query("subsites", "'', {$teamname}");
if ($sql3) {
show_admin_message("Sub site added", "{$pagename}");
}
}
} elseif ($action == "delete") {
$id = $_GET['id'];
$sql3 = $data->delete_query("subsites", "id={$id}");
$data->delete_query("static_content", "type=2 AND pid={$id}");
$data->delete_query("submenu", "site={$oldname}");
if ($sql3) {
show_admin_message("Sub site deleted", "{$pagename}");
}
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$tpl->assign('editFormAction', $editFormAction);
$tpl->assign('sites', $sites);
$tpl->assign('action', $action);
$tpl->assign('numsites', $numsites);
$filetouse = "admin_subsite.tpl";
} else {
$allowed = array('subcontent' => true, 'submenu' => true);
if (array_key_exists($subpage, $allowed)) {
include "admin/admin_{$subpage}.php";
$moveto = $_POST['place'];
if ($moveto == '0') {
$pid = 0;
$type = 0;
} else {
$moveto = explode("_", $moveto);
if ($moveto[0] == "group") {
$pid = safesql($moveto[1], "int");
$type = 1;
} elseif ($moveto[0] == "site") {
$pid = safesql($moveto[1], "int");
$type = 2;
}
}
$data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}");
show_admin_message("Content moved", "admin.php?page=patrol&subpage=patrolcontent&pid={$patrolid}");
}
}
$result = $data->select_query("static_content", "WHERE type=1 AND pid={$safe_patrolid} ORDER BY friendly ASC");
$content = array();
$content[] = $data->fetch_array($result);
$numcontent = $data->num_rows($result);
while ($content[] = $data->fetch_array($result)) {
}
$tpl->assign("item", $item);
$tpl->assign("patrolname", $patrolname);
$tpl->assign("patrolid", $patrolid);
$tpl->assign('name', $name);
$tpl->assign('action', $action);
$tpl->assign('numcontent', $numcontent);
$tpl->assign('content', $content);
show_admin_message("Section added", $pagename);
}
} elseif ($action == "edit" && pageauth("sections", "edit")) {
$name = safesql($_POST['name'], "text");
$sql = $data->update_query("sections", "name = {$name}", "id = {$id}");
if ($sql) {
show_admin_message("Section updated", $pagename);
}
}
}
if ($action == "edit" && pageauth("sections", "edit")) {
$result = $data->select_query("sections", "WHERE id = '{$id}'");
$section = $data->fetch_array($result);
$tpl->assign("section", $section);
} elseif ($action == "delete" && pageauth("sections", "delete")) {
$sql = $data->delete_query("sections", "id = '{$id}'");
if ($sql) {
show_admin_message("Section deleted", $pagename);
}
} else {
$result = $data->select_query("sections", "ORDER BY name ASC");
$sections = array();
$numsections = $data->num_rows($result);
while ($sections[] = $data->fetch_array($result)) {
}
$tpl->assign('sections', $sections);
$tpl->assign('numsections', $numsections);
}
$tpl->assign('action', $action);
$filetouse = "admin_sections.tpl";
}
}
}
$custom = safesql(serialize($custom), "text");
$insertSQL = "'', '', {$username}, {$password}, {$status}, {$timestamp}, 0, 0, 0, 0, {$zone}, 0, {$firstname}, {$lastname}, {$email}, '', '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {$custom}";
if ($data->insert_query("users", $insertSQL)) {
$uinfo = $data->select_fetch_one_row("users", "WHERE uname={$username}");
$data->insert_query("usergroups", "{$config['defaultgroup']}, {$uinfo['id']}, 0");
if ($_POST['member'] == 1) {
$type = safesql($_POST['type'], "int");
$sex = safesql($_POST['sex'], "int");
$address = safesql('None', "text");
$tel = safesql('None', "text");
$cell = safesql('None', "text");
$data->insert_query("members", "'', {$firstname}, NULL, {$lastname}, '0', {$sex}, {$address}, {$cell}, {$tel}, NULL, {$email}, NULL, NULL, NULL, NULL, NULL, 0, 0, {$type}, {$uinfo['id']}, 0, 0, 0, 0, NULL");
}
show_admin_message("User added", "admin.php?page=users");
}
}
$zone = $data->select_fetch_all_rows($numzones, "timezones", "ORDER BY offset ASC");
$sql = $data->select_query("profilefields", "WHERE place=0 ORDER BY pos ASC");
$fields = array();
$numfields = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$temp['options'] = unserialize($temp['options']);
$fields[] = $temp;
}
$tpl->assign('fields', $fields);
$tpl->assign('numfields', $numfields);
$tpl->assign('zone', $zone);
$tpl->assign('numzones', $numzones);
$filetouse = "admin_add_user.tpl";
$moveto = $_POST['place'];
if ($moveto == '0') {
$pid = 0;
$type = 0;
} else {
$moveto = explode("_", $moveto);
if ($moveto[0] == "group") {
$pid = safesql($moveto[1], "int");
$type = 1;
} elseif ($moveto[0] == "site") {
$pid = safesql($moveto[1], "int");
$type = 2;
}
}
$data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}");
show_admin_message("Content moved", "admin.php?page=subsite&subpage=subcontent&sid={$siteid}");
}
}
// Show all news
$result = $data->select_query("static_content", "WHERE type=2 AND pid={$safe_siteid} ORDER BY friendly ASC");
$content = array();
$content[] = $data->fetch_array($result);
$numcontent = $data->num_rows($result);
while ($content[] = $data->fetch_array($result)) {
}
$tpl->assign("item", $item);
$tpl->assign("siteid", $siteid);
$tpl->assign("sitename", $sitename);
$tpl->assign('name', $name);
$tpl->assign('action', $action);
$tpl->assign('numcontent', $numcontent);
while ($teams[] = $data->fetch_array($team_query)) {
}
$tpl->assign('teams', $teams);
$tpl->assign('numteams', $numteams);
$submit = $_POST["Submit"];
if ($submit == "Submit") {
$title = safesql($_POST['title'], "text");
$sort = safesql($_POST['sort'], "text");
$order = safesql($_POST['order'], "text");
$display = safesql($_POST['display'], "int");
$groupallowed = safesql(serialize($_POST['groups']), "text");
$description = safesql($_POST['description'], "text");
$perpage = safesql($_POST['perpage'], "int");
$sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}");
if ($sql) {
show_admin_message("Topic added", "{$pagename}&activetab=topics");
}
}
} else {
$action = "";
}
if ($action == "") {
$row = array();
if (pageauth("patrolart", "limit")) {
$patrol = group_sql_list_id("patrol", "OR", true);
$result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC");
} else {
$result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC");
}
$numarticles = $data->num_rows($result);
while ($temp = $data->fetch_array($result)) {
$moduledetails[$modulenumbers]['delete'] = "Allowed to uncensor words";
$moduledetails[$modulenumbers]['publish'] = "notused";
$moduledetails[$modulenumbers]['limit'] = "notused";
$moduledetails[$modulenumbers]['id'] = "censor";
return;
} else {
$Submit = $_POST['Submit'];
$action = $_GET['action'];
$id = $_GET['id'];
if ($action == "add" && pageauth("censor", "add")) {
$word = safesql($_GET['word'], "text");
$Add = $data->insert_query("censorwords", "NULL, {$word}");
if ($Add) {
show_admin_message("Word added", "{$pagename}");
}
$action = "";
} elseif ($action == "delete" && pageauth("censor", "delete")) {
$Delete = $data->delete_query("censorwords", "id='{$id}'");
if ($Delete) {
show_admin_message("Word removed", "{$pagename}");
}
}
$result = $data->select_query("censorwords", "ORDER BY id DESC");
$words = array();
$numwords = $data->num_rows($result);
while ($words[] = $data->fetch_array($result)) {
}
$tpl->assign('numwords', $numwords);
$tpl->assign('words', $words);
$filetouse = "admin_censor.tpl";
}
