function vote($lang, $content_id, $content_type, $nomore) { $action = 'init'; if (!$nomore) { if (isset($_POST['vote_plusone']) and isset($_POST['vote_id']) and $_POST['vote_id'] == $content_id and isset($_POST['vote_type']) and $_POST['vote_type'] == $content_type) { $action = 'vote'; } } switch ($action) { case 'vote': require_once 'clientipaddress.php'; require_once 'userprofile.php'; $ip_address = client_ip_address(); $user_id = user_profile('id'); $r = vote_plusone($content_type, $content_id, $lang, $ip_address, $user_id); break; default: break; } $vote_count = $vote_total = 0; $r = vote_get_total_count($content_type, $content_id, $lang); if ($r) { extract($r); // vote_count, vote_total } $output = view('vote', $lang, compact('content_type', 'content_id', 'vote_total', 'nomore')); return $output; }
function user($lang, $arglist = false) { global $login_verified, $base_url; $login = build('login', $lang); if ($login === true) { $r = !empty($arglist['r']) ? $arglist['r'] : false; if ($login_verified and array_intersect($login_verified, user_profile('role'))) { $user = $_SESSION['user']; unset($_SESSION['user']); if (empty($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == 'off') { return run('error/unauthorized', $lang); } $_SESSION['unverified_user'] = $user; $next_page = url('sslverifyclient'); if ($r) { $next_page .= '?r=' . $r; } } else { $next_page = $r ? $r : url('home', $lang); } return reload($base_url . $next_page); } $banner = build('banner', $lang); $content = view('user', $lang, compact('login')); head('title', translate('user:title', $lang)); head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $output = layout('standard', compact('banner', 'content')); return $output; }
function account($lang) { if (!user_is_identified()) { return run('user', $lang); } head('title', translate('account:title', $lang)); head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $banner = build('banner', $lang); $user_id = user_profile('id'); $useredit = build('useredit', $lang, $user_id); $content = view('account', $lang, compact('useredit')); $output = layout('standard', compact('banner', 'content')); return $output; }
function paypalcheckout($lang, $amount, $currency, $tax = 0, $context = false) { global $base_url, $paypal_url, $sitename, $supported_languages; if (!user_is_identified()) { return run('error/unauthorized', $lang); } if (!(is_numeric($amount) and $amount > 0)) { return run('error/badrequest', $lang); } $amt = paypal_amt($amount); if (!validate_currency($currency)) { return run('error/badrequest', $lang); } $currencycode = $currency; if (!(is_numeric($tax) and $tax >= 0)) { return run('error/badrequest', $lang); } $taxamt = paypal_amt($tax); $itemamt = paypal_amt($amount - $tax); $name = translate('donate:name', $lang); $locale = $lang; if (!$locale) { $locale = user_profile('locale'); } if (!$locale) { $locale = $supported_languages[0]; } $localecode = paypal_localecode($locale); $email = user_profile('mail'); $brandname = $sitename; $hdrimg = $base_url . '/logos/sitelogo.png'; $returnurl = $base_url . url('paypalreturn', $lang); $cancelurl = $base_url . url('paypalcancel', $lang); $params = array('LOCALECODE' => $localecode, 'PAYMENTREQUEST_0_PAYMENTACTION' => 'Sale', 'PAYMENTREQUEST_0_CURRENCYCODE' => $currencycode, 'PAYMENTREQUEST_0_AMT' => $amt, 'PAYMENTREQUEST_0_ITEMAMT' => $itemamt, 'PAYMENTREQUEST_0_TAXAMT' => $taxamt, 'L_PAYMENTREQUEST_0_NAME0' => $name, 'L_PAYMENTREQUEST_0_AMT0' => $itemamt, 'L_PAYMENTREQUEST_0_TAXAMT0' => $taxamt, 'L_PAYMENTREQUEST_0_QTY0' => '1', 'NOSHIPPING' => '1', 'ALLOWNOTE' => '0', 'EMAIL' => $email, 'BRANDNAME' => $sitename, 'HDRIMG' => $hdrimg, 'RETURNURL' => $returnurl, 'CANCELURL' => $cancelurl); $r = paypal_setexpresscheckout($params); if (!$r) { return run('error/internalerror', $lang); } $token = $r['TOKEN']; $_SESSION['paypal'] = compact('token', 'amt', 'itemamt', 'taxamt', 'currencycode', 'context'); reload($paypal_url . '/webscr&cmd=_express-checkout&token=' . $token); }
function unsubscribe($lang) { $with_captcha = true; $action = 'init'; if (isset($_POST['unsubscribe_send'])) { $action = 'unsubscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $subscribe_page = false; switch ($action) { case 'init': $subscribe_page = url('newslettersubscribe', $lang); break; case 'unsubscribe': if (isset($_POST['unsubscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['unsubscribe_mail']))); } if (isset($_POST['unsubscribe_confirmed'])) { $confirmed = readarg($_POST['unsubscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['unsubscribe_code'])) { $code = readarg($_POST['unsubscribe_code']); } if (isset($_POST['unsubscribe_token'])) { $token = readarg($_POST['unsubscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $unknown_mail = false; $missing_confirmation = false; $mail_unsubscribed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'unsubscribe': if (!isset($_SESSION['unsubscribe_token']) or $token != $_SESSION['unsubscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['unsubscribe']) ? $_SESSION['captcha']['unsubscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (!newsletter_get_user($user_mail)) { $unknown_mail = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'unsubscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $unknown_mail or $missing_confirmation) { break; } require_once 'urlencodeaction.php'; $id = 1; // confirmnewsletterunsubscribe, see saction $param = $user_mail; $s64 = urlencodeaction($id, $param); if (!$s64) { $internal_error = true; break; } $saction_page = url('saction', $lang); if (!$saction_page) { $internal_error = true; break; } global $base_url; $url = $base_url . $saction_page . '/' . $s64; require_once 'emailtext.php'; $to = $user_mail; $subject = translate('newsletter:unregister_subject', $lang); $f = translate('newsletter:unregister_text', $lang); $s = sprintf($f, $url); $msg = $s . "\n\n" . translate('email:salutations', $lang); emailtext($msg, $to, $subject, false); $mail_unsubscribed = $user_mail; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['unsubscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'unknown_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('mail_unsubscribed'); $output = view('unsubscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'confirmed', 'subscribe_page', 'errors', 'infos')); return $output; }
function newsletterpage($lang, $newsletter, $page) { global $with_toolbar; $newsletter_id = thread_id($newsletter); if (!$newsletter_id) { return run('error/notfound', $lang); } $page_id = thread_node_id($newsletter_id, $page, $lang); if (!$page_id) { return run('error/notfound', $lang); } $r = thread_get($lang, $newsletter_id); if (!$r) { return run('error/notfound', $lang); } extract($r); /* thread_type thread_name thread_title thread_abstract thread_cloud thread_nocloud thread_nosearch thread_nocomment thread_nomorecomment */ $newsletter_name = $thread_name; $newsletter_title = $thread_title; $newsletter_nocloud = $thread_nocloud; $newsletter_nosearch = $thread_nosearch; $r = thread_get_node($lang, $newsletter_id, $page_id); if (!$r) { return run('error/notfound', $lang); } extract($r); /* node_number node_ignored node_name node_title node_abstract node_cloud node_modified */ if ($node_ignored) { return run('error/notfound', $lang); } $page_name = $node_name; $page_title = $node_title; $page_abstract = $node_abstract; $page_cloud = $node_cloud; $page_modified = $node_modified; if ($newsletter_title and $page_title) { head('title', $newsletter_title . ' - ' . $page_title); } else { if ($page_title) { head('title', $page_title); } else { if ($newsletter_title) { head('title', $newsletter_title); } } } head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $message_title = $message_html = $message_text = false; $r = newsletter_get_message($newsletter_id, $page_id, $lang); if ($r) { list($message_title, $message_html, $message_text) = $r; } $postnews = false; $with_mail = false; $mailto = false; $missing_mail = false; $bad_mail = false; $email_sent = false; if (user_has_role('administrator') and $message_title and ($message_html or $message_text)) { require_once 'userprofile.php'; $mailto = user_profile('mail'); $with_mail = true; if (isset($_POST['newsletterpage_send'])) { if (isset($_POST['newsletterpage_mailto'])) { $mailto = strtolower(strflat(readarg($_POST['newsletterpage_mailto']))); if (!$mailto) { $missing_mail = true; } else { if (!validate_mail($mailto)) { $bad_mail = true; } } } if (!($missing_mail or $bad_mail)) { require_once 'emailhtml.php'; $cssfile = ROOT_DIR . DIRECTORY_SEPARATOR . 'css' . DIRECTORY_SEPARATOR . 'newsletter.css'; $css = @file_get_contents($cssfile); $r = emailhtml($message_text, $message_html, $css, $mailto, $message_title); if ($r) { $email_sent = true; } } } $postnews = build('postnews', $lang, $newsletter_id, $page_id); } $prev_page_label = $prev_page_url = false; $r = thread_node_prev($lang, $newsletter_id, $page_id); if ($r) { extract($r); /* prev_node_id prev_node_name prev_node_title prev_node_number */ $prev_page_label = $prev_node_title ? $prev_node_title : $prev_node_number; $prev_page_url = url('newsletter', $lang) . '/' . ($prev_node_name ? $prev_node_name : $prev_node_id); } $next_page_label = $next_page_url = false; $r = thread_node_next($lang, $newsletter_id, $page_id); if ($r) { extract($r); /* next_node_id next_node_name next_node_title next_node_number */ $next_page_label = $next_node_title ? $next_node_title : $next_node_number; $next_page_url = url('newsletter', $lang) . '/' . ($next_node_name ? $next_node_name : $next_node_id); } $content = view('newsletterpage', $lang, compact('page_id', 'page_title', 'page_modified', 'message_title', 'message_text', 'message_html', 'prev_page_url', 'prev_page_label', 'next_page_url', 'next_page_label', 'postnews', 'with_mail', 'mailto', 'missing_mail', 'bad_mail', 'email_sent')); $search = false; if (!$newsletter_nosearch) { $search_text = ''; $search_url = url('search', $lang, $newsletter_name); $suggest_url = url('suggest', $lang, $newsletter_name); $search = view('searchinput', $lang, compact('search_url', 'search_text', 'suggest_url')); } $cloud = false; if (!$newsletter_nocloud) { $cloud_url = url('search', $lang, $newsletter_name); $byname = $bycount = $index = true; $cloud = build('cloud', $lang, $cloud_url, $newsletter_id, false, 15, compact('byname', 'bycount', 'index')); } $headline_text = $newsletter_title ? $newsletter_title : $newsletter_id; $headline_url = url('newsletter', $lang); $headline = compact('headline_text', 'headline_url'); $title = view('headline', false, $headline); $sidebar = view('sidebar', false, compact('search', 'cloud', 'title')); $search = !$newsletter_nosearch ? compact('search_url', 'search_text', 'suggest_url') : false; $edit = user_has_role('writer') ? url('newsletteredit', $_SESSION['user']['locale']) . '/' . $newsletter_id . '/' . $page_id . '?' . 'clang=' . $lang : false; $validate = url('newsletter', $lang) . '/' . $page_name; $banner = build('banner', $lang, $with_toolbar ? compact('headline', 'search') : compact('headline', 'edit', 'validate', 'search')); $toolbar = $with_toolbar ? build('toolbar', $lang, compact('edit', 'validate')) : false; $output = layout('standard', compact('toolbar', 'banner', 'content', 'sidebar')); return $output; }
<!DOCTYPE html> <?php include 'controller.php'; session_start(); if (isset($_SESSION['login'])) { echo "\n<html lang='en'>\n\n<head>\n\n <meta charset='utf-8'>\n <meta http-equiv='X-UA-Compatible' content='IE=edge'>\n <meta name='viewport' content='width=device-width, initial-scale=1'>\n <meta name='description' content=''>\n <meta name='author' content=''>\n\n <title>Vocal Line - Admin page</title>\n <link href='../bower_components/bootstrap/dist/css/bootstrap.min.css' rel='stylesheet'>\n <link href='../bower_components/metisMenu/dist/metisMenu.min.css' rel='stylesheet'>\n <link href='../dist/css/sb-admin-2.css' rel='stylesheet'>\n <link href='../bower_components/font-awesome/css/font-awesome.min.css' rel='stylesheet' type='text/css'>\n</head>\n\n<body>\n <div class='container'>\n <div class='row'>\n <div class='col-lg-7 col-md-offset-3'>\n <div class='login-panel panel panel-default'>\n <div class='panel-heading'>\n <h3 class='panel-title'>User Profile <a href='index.php'>- Click to go back</a></h3>\n </div>\n <div class='panel-body'>\n \n <div class='table-responsive'>\n <table class='table table-striped table-bordered table-hover'>\n <thead>\n <tr>\n <th>Value</th>\n <th>Details</th>\n </tr>\n </thead>\n <tbody>\n "; user_profile($dbh); echo "\n </tbody>\n </table>\n </div>\n \n <form role='form' action='profileupdate.php' method='post'>\n <fieldset>\n <div class='form-group'>\n <p>Change email:</p>\n <input class='form-control' placeholder='Email' name='email' type='Email' autofocus>\n </div>\n <br>\n <div class='form-group'>\n <p>Change password:</p>\n <input class='form-control' placeholder='Current Password' name='oldpassword' type='password' value=''>\n </div>\n <div class='form-group'>\n <input class='form-control' placeholder='New password' name='password' type='password' value=''>\n </div>\n <div class='form-group'>\n <input class='form-control' placeholder='New password again' name='repassword' type='password' value=''>\n </div>\n <!-- Change this to a button or input when using this as a form -->\n <button class='btn btn-lg btn-success btn-block'>Change</button>\n </fieldset>\n </form>\n </div>\n </div>\n </div>\n </div>\n </div>\n <script src='../bower_components/jquery/dist/jquery.min.js'></script>\n <script src='../bower_components/bootstrap/dist/js/bootstrap.min.js'></script>\n <script src='../bower_components/metisMenu/dist/metisMenu.min.js'></script>\n <script src='../dist/js/sb-admin-2.js'></script>\n</body>\n</html>\n"; } else { header("Location: index.php"); }
function threadeditsummary($lang, $clang, $thread) { global $supported_threads, $with_toolbar; if (!user_has_role('writer')) { return run('error/unauthorized', $lang); } $confirmed = false; $thread_id = thread_id($thread); if (!$thread_id) { return run('error/notfound', $lang); } $action = 'init'; if (isset($_POST['thread_edit'])) { $action = 'edit'; } else { if (isset($_POST['thread_reorder'])) { $action = 'reorder'; } else { if (isset($_POST['node_create'])) { $action = 'create'; } else { if (isset($_POST['node_copy'])) { $action = 'copy'; } else { if (isset($_POST['node_delete'])) { $action = 'delete'; } else { if (isset($_POST['node_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['node_hide'])) { $action = 'hide'; } else { if (isset($_POST['node_show'])) { $action = 'show'; } } } } } } } } $thread_type = $thread_name = $thread_title = $thread_abstract = $thread_cloud = $thread_image = false; $thread_search = $thread_tag = false; $thread_comment = $thread_morecomment = $thread_vote = $thread_morevote = false; $thread_ilike = $thread_tweet = $thread_plusone = $thread_linkedin = $thread_pinit = false; $thread_visits = false; $thread_nosearch = $thread_nocloud = $thread_nocomment = $thread_nomorecomment = $thread_novote = $thread_nomorevote = true; $new_node_name = $new_node_title = $new_node_number = false; $old_node_number = false; $p = false; switch ($action) { case 'init': case 'reset': $r = thread_get($clang, $thread_id, false); if ($r) { extract($r); /* thread_type thread_name thread_title thread_abstract thread_cloud thread_image thread_visits thread_nosearch thread_nocloud thread_nocomment thread_nomorecomment thread_novote thread_nomorevote */ } $thread_search = !$thread_nosearch; $thread_tag = !$thread_nocloud; $thread_comment = !$thread_nocomment; $thread_morecomment = !$thread_nomorecomment; $thread_vote = !$thread_novote; $thread_morevote = !$thread_nomorevote; break; case 'edit': case 'create': case 'copy': case 'delete': case 'hide': case 'show': case 'reorder': if (isset($_POST['thread_type'])) { $thread_type = readarg($_POST['thread_type']); } if (isset($_POST['thread_title'])) { $thread_title = readarg($_POST['thread_title']); } if (isset($_POST['thread_name'])) { $thread_name = strtofname(readarg($_POST['thread_name'])); } if (!$thread_name and $thread_title) { $thread_name = strtofname($thread_title); } if (isset($_POST['thread_abstract'])) { $thread_abstract = readarg($_POST['thread_abstract']); } if (isset($_POST['thread_image'])) { $thread_image = readarg($_POST['thread_image']); } if (isset($_POST['thread_cloud'])) { $thread_cloud = readarg($_POST['thread_cloud'], true, false); // trim but DON'T strip! preg_match_all('/(\\S+)/', $thread_cloud, $r); $thread_cloud = implode(' ', array_unique($r[0])); } if (isset($_POST['thread_search'])) { $thread_search = readarg($_POST['thread_search']) == 'on' ? true : false; $thread_nosearch = !$thread_search; } if (isset($_POST['thread_tag'])) { $thread_tag = readarg($_POST['thread_tag']) == 'on' ? true : false; $thread_nocloud = !$thread_tag; } if (isset($_POST['thread_visits'])) { $thread_visits = readarg($_POST['thread_visits']) == 'on' ? true : false; } if (isset($_POST['thread_comment'])) { $thread_comment = readarg($_POST['thread_comment']) == 'on' ? true : false; $thread_nocomment = !$thread_comment; } if (isset($_POST['thread_morecomment'])) { $thread_morecomment = readarg($_POST['thread_morecomment']) == 'on' ? true : false; $thread_nomorecomment = !$thread_morecomment; } if (isset($_POST['thread_vote'])) { $thread_vote = readarg($_POST['thread_vote']) == 'on' ? true : false; $thread_novote = !$thread_vote; } if (isset($_POST['thread_morevote'])) { $thread_morevote = readarg($_POST['thread_morevote']) == 'on' ? true : false; $thread_nomorevote = !$thread_morevote; } if (isset($_POST['thread_ilike'])) { $thread_ilike = readarg($_POST['thread_ilike'] == 'on' ? true : false); } if (isset($_POST['thread_tweet'])) { $thread_tweet = readarg($_POST['thread_tweet'] == 'on' ? true : false); } if (isset($_POST['thread_plusone'])) { $thread_plusone = readarg($_POST['thread_plusone'] == 'on' ? true : false); } if (isset($_POST['thread_linkedin'])) { $thread_linkedin = readarg($_POST['thread_linkedin'] == 'on' ? true : false); } if (isset($_POST['thread_pinit'])) { $thread_pinit = readarg($_POST['thread_pinit'] == 'on' ? true : false); } if (isset($_POST['new_node_title'])) { $new_node_title = readarg($_POST['new_node_title']); $new_node_name = strtofname($new_node_title); } if (isset($_POST['new_node_number'])) { $new_node_number = readarg($_POST['new_node_number']); } if (isset($_POST['old_node_number'])) { $old_node_number = readarg($_POST['old_node_number']); } if (isset($_POST['p'])) { $p = $_POST['p']; // DON'T readarg! } break; default: break; } $thread_contents = array(); $r = thread_get_contents($clang, $thread_id, false); /* node_id node_number node_ignored node_name node_title node_cloud thread_image */ if (!$r or count($r) != count($p)) { $p = false; } if ($r) { $pos = 1; $thread_url = url('threadedit', $lang) . '/' . $thread_id; foreach ($r as $c) { $c['node_url'] = $thread_url . '/' . $c['node_id']; $c['pos'] = $p ? $p[$pos] : $pos; $thread_contents[$pos] = $c; $pos++; } } $missing_thread_name = false; $bad_thread_name = false; $missing_thread_type = false; $bad_thread_type = false; $missing_new_node_title = false; $bad_new_node_title = false; $bad_new_node_number = false; $missing_old_node_number = false; $bad_old_node_number = false; switch ($action) { case 'edit': if (!$thread_name) { $missing_thread_name = true; } else { if (!preg_match('#^\\w+(-\\w+)*$#', $thread_name)) { $bad_thread_name = true; } } if (!$thread_type) { $missing_thread_type = true; } else { if (!in_array($thread_type, $supported_threads)) { $bad_thread_type = true; } } break; case 'create': case 'copy': if (!$new_node_title) { $missing_new_node_title = true; } else { if (!$new_node_name) { $bad_new_node_title = true; } else { if (!preg_match('#^\\w+(-\\w+)*$#', $new_node_name)) { $bad_new_node_title = true; } } } if (!$new_node_number) { $new_node_number = false; } else { if (!is_numeric($new_node_number)) { $bad_new_node_number = true; } else { if ($new_node_number < 1 or $new_node_number > count($thread_contents) + 1) { $bad_new_node_number = true; } } } if ($action == 'create') { break; } /* fall thru */ /* fall thru */ case 'delete': case 'hide': case 'show': if (!$old_node_number) { $missing_old_node_number = true; } else { if (!is_numeric($old_node_number)) { $bad_old_node_number = true; } else { if ($old_node_number < 1 or $old_node_number > count($thread_contents)) { $bad_old_node_number = true; } } } break; case 'reorder': break; default: break; } $confirm_delete_node = false; switch ($action) { case 'edit': if ($missing_thread_name or $bad_thread_name or $missing_thread_type or $bad_thread_type) { break; } $r = thread_set($clang, $thread_id, $thread_name, $thread_title, $thread_type, $thread_abstract, $thread_cloud, $thread_image, $thread_visits, $thread_nosearch, $thread_nocloud, $thread_nocomment, $thread_nomorecomment, $thread_novote, $thread_nomorevote, $thread_ilike, $thread_tweet, $thread_plusone, $thread_linkedin, $thread_pinit); if (!$r) { break; } break; case 'create': case 'copy': if ($missing_new_node_title or $bad_new_node_title or $bad_new_node_number or $action == 'copy' and ($missing_old_node_number or $bad_old_node_number)) { break; } $user_id = user_profile('id'); if ($action == 'copy') { $node_id = $thread_contents[$old_node_number]['node_id']; $np = thread_copy_node($clang, $user_id, $thread_id, $node_id, $new_node_name, $new_node_title, $new_node_number); } else { $np = thread_create_node($clang, $user_id, $thread_id, $new_node_name, $new_node_title, $new_node_number); } if (!$np) { break; } extract($np); /* node_id node_number node_ignored */ $node_ignored = false; $node_title = $new_node_title; $node_url = url('threadedit', $lang) . '/' . $thread_id . '/' . $node_id; $pos = $node_number; if ($thread_contents) { foreach ($thread_contents as &$c) { if ($c['node_number'] >= $pos) { $c['node_number']++; } if ($c['pos'] >= $pos) { $c['pos']++; } } array_splice($thread_contents, $pos - 1, 0, array(compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos'))); } else { $pos = 1; $thread_contents = array($pos => compact('node_id', 'node_title', 'node_number', 'node_ignored', 'node_url', 'pos')); } $new_node_name = $new_node_title = false; $new_node_number = $node_number + 1; $old_node_number = false; break; case 'delete': if ($missing_old_node_number or $bad_old_node_number) { break; } if (!$confirmed) { $confirm_delete_node = true; break; } $node_id = $thread_contents[$old_node_number]['node_id']; $r = thread_delete_node($thread_id, $node_id); if (!$r) { break; } unset($thread_contents[$old_node_number]); $thread_contents = array_values($thread_contents); foreach ($thread_contents as &$c) { if ($c['node_number'] >= $old_node_number) { $c['node_number']--; } if ($c['pos'] >= $old_node_number) { $c['pos']--; } } $new_node_number = $old_node_number = false; break; case 'hide': if ($missing_old_node_number or $bad_old_node_number) { break; } $node_id = $thread_contents[$old_node_number]['node_id']; $r = thread_set_node_ignored($thread_id, $node_id, true); if (!$r) { break; } $thread_contents[$old_node_number]['node_ignored'] = true; break; case 'show': if ($missing_old_node_number or $bad_old_node_number) { break; } $node_id = $thread_contents[$old_node_number]['node_id']; $r = thread_set_node_ignored($thread_id, $node_id, false); if (!$r) { break; } $thread_contents[$old_node_number]['node_ignored'] = false; break; case 'reorder': if (!$p) { break; } $neworder = range(1, count($p)); array_multisort($p, SORT_NUMERIC, $neworder); $number = 1; $nc = array(); foreach ($neworder as $i) { $c =& $thread_contents[$i]; if ($c['node_number'] != $number) { thread_set_node_number($thread_id, $c['node_id'], $number); $c['node_number'] = $number; } $c['pos'] = $number; $nc[$number++] = $c; } $thread_contents = $nc; break; default: break; } head('title', $thread_title ? $thread_title : $thread_id); head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $headline_text = translate('threadall:title', $lang); $headline_url = url('threadedit', $lang) . '?' . 'clang=' . $clang; $headline = compact('headline_text', 'headline_url'); $view = $thread_name ? url('thread', $clang) . '/' . $thread_id . '?' . 'slang=' . $lang : false; $scroll = true; $banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view')); $toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false; $title = view('headline', false, $headline); $sidebar = view('sidebar', false, compact('title')); $inlanguages = view('inlanguages', false, compact('clang')); $errors = compact('missing_thread_name', 'bad_thread_name', 'missing_thread_type', 'bad_thread_type', 'missing_new_node_title', 'bad_new_node_title', 'bad_new_node_number', 'missing_old_node_number', 'bad_old_node_number'); $content = view('editing/threadeditsummary', $lang, compact('clang', 'inlanguages', 'supported_threads', 'thread_id', 'thread_type', 'thread_title', 'thread_name', 'thread_abstract', 'thread_cloud', 'thread_image', 'thread_visits', 'thread_search', 'thread_tag', 'thread_comment', 'thread_morecomment', 'thread_vote', 'thread_morevote', 'thread_ilike', 'thread_tweet', 'thread_plusone', 'thread_linkedin', 'thread_pinit', 'thread_contents', 'new_node_name', 'new_node_title', 'new_node_number', 'old_node_number', 'confirm_delete_node', 'errors')); $output = layout('editing', compact('toolbar', 'banner', 'content', 'sidebar')); return $output; }
function subscribe($lang) { global $sitekey, $system_languages; $with_locale = count($system_languages) > 1; // true, false $with_captcha = true; $action = 'init'; if (isset($_POST['subscribe_send'])) { $action = 'subscribe'; } $confirmed = $code = $token = false; $user_mail = user_profile('mail'); $user_locale = user_profile('locale'); if (!$user_locale) { $user_locale = $lang; } $unsubscribe_page = false; switch ($action) { case 'init': if ($sitekey) { $unsubscribe_page = url('newsletterunsubscribe', $lang); } break; case 'subscribe': if (isset($_POST['subscribe_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['subscribe_mail']))); } if ($with_locale) { if (isset($_POST['subscribe_locale'])) { $user_locale = readarg($_POST['subscribe_locale']); } } if (isset($_POST['subscribe_confirmed'])) { $confirmed = readarg($_POST['subscribe_confirmed']) == 'on' ? true : false; } if (isset($_POST['subscribe_code'])) { $code = readarg($_POST['subscribe_code']); } if (isset($_POST['subscribe_token'])) { $token = readarg($_POST['subscribe_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $missing_locale = false; $bad_locale = false; $missing_confirmation = false; $email_registered = false; $internal_error = false; $contact_page = false; switch ($action) { case 'subscribe': if (!isset($_SESSION['subscribe_token']) or $token != $_SESSION['subscribe_token']) { $bad_token = true; } if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['subscribe']) ? $_SESSION['captcha']['subscribe'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail) or !is_mail_allowed($user_mail)) { $bad_mail = true; } else { if (newsletter_get_user($user_mail)) { $duplicated_mail = true; } } } if ($with_locale) { if (!$user_locale) { $missing_locale = true; } else { if (!validate_locale($user_locale)) { $bad_locale = true; } } } if (!$confirmed) { $missing_confirmation = true; } break; default: break; } switch ($action) { case 'subscribe': if ($bad_token or $missing_code or $bad_code or $missing_mail or $bad_mail or $duplicated_mail or $missing_locale or $bad_locale or $missing_confirmation) { break; } $r = newsletter_create_user($user_mail, $user_locale); if (!$r) { $internal_error = true; break; } require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'subscribe' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $lang . ' ' . $user_mail; @emailme($subject, $msg); $email_registered = true; $confirmed = false; break; default: break; } if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['subscribe_token'] = $token = token_id(); $errors = compact('missing_mail', 'bad_mail', 'missing_locale', 'bad_locale', 'duplicated_mail', 'missing_confirmation', 'missing_code', 'bad_code', 'internal_error', 'contact_page'); $infos = compact('email_registered'); $output = view('subscribe', $lang, compact('token', 'with_captcha', 'user_mail', 'with_locale', 'user_locale', 'confirmed', 'unsubscribe_page', 'errors', 'infos')); return $output; }
$content .= "</table>"; } elseif ($action == "viewForum" && isset($forum)) { if (acl_access("forum", $forum, $sessioninfo->eventID) && $sessioninfo->userID > 1) { $content .= "<a href=?module=forum&action=newThread&forum={$forum}>" . lang("Start new thread", "forum") . "</a>"; } $content .= "<table>"; $qFindThreads = db_query("SELECT * FROM " . $sql_prefix . "_forumThreads WHERE forumID = '" . db_escape($forum) . "' AND threadDeleted = 0 ORDER BY lastPost DESC"); while ($rFindThreads = db_fetch($qFindThreads)) { $link_start = "<a href=?module=forum&action=viewThread&thread={$rFindThreads->ID}>"; $content .= "<tr><td>"; $content .= $link_start . $rFindThreads->threadTopic . "</a>"; $content .= "</td><td>"; $qFindLastPost = db_query("SELECT * FROM " . $sql_prefix . "_forumPosts WHERE threadID = '{$rFindThreads->ID}' ORDER BY postTimestamp DESC LIMIT 0,1"); $rFindLastPost = db_fetch($qFindLastPost); $content .= lang("Last post by: ", "forum"); $content .= user_profile($rFindLastPost->postAuthor); $content .= " " . date("Y-m-d H:m:s", $rFindLastPost->postTimestamp); $content .= "</td></tr>\n\n"; } // End while $content .= "</table>"; } elseif ($action == "newThread" && isset($forum) && $sessioninfo->userID > 1) { $content .= "<table>"; $content .= "<form method=POST action=?module=forum&action=doNewThread&forum={$forum}>\n"; $content .= "<tr><td>"; $content .= lang("Thread name", "forum"); $content .= "</td><td>"; $content .= "<input type=text name=threadName>"; $content .= "</td></tr>"; $content .= "<tr><td>"; $content .= lang("Thread content", "forum");
$posts = mysqli_num_rows($run_posts); //getting the number of unread messages $sel_msg = "select * from messages where receiver='{$user_id}' AND status='unread' ORDER by 1 DESC"; $run_msg = mysqli_query($con, $sel_msg); $count_msg = mysqli_num_rows($run_msg); echo "\n\t\t\t\t\t\t<center>\n\t\t\t\t\t\t<img src='user/user_images/{$user_image}' width='200' height='200'/>\n\t\t\t\t\t\t</center>\n\t\t\t\t\t\t<div id='user_mention'>\n\t\t\t\t\t\t<p><strong>Name:</strong> {$user_name}</p>\n\t\t\t\t\t\t<p><strong>Country:</strong> {$user_country}</p>\n\t\t\t\t\t\t<p><strong>Last Login:</strong> {$last_login}</p>\n\t\t\t\t\t\t<p><strong>Member Since:</strong> {$register_date}</p>\n\t\t\t\t\t\t\n\t\t\t\t\t\t<p><a href='my_messages.php?u_id={$user_id}'>Messages ({$count_msg})</a></p>\n\t\t\t\t\t\t<p><a href='my_posts.php?u_id={$user_id}'>My Posts ({$posts})</a></p>\n\t\t\t\t\t\t<p><a href='edit_profile.php?u_id={$user_id}'>Edit My Account</a></p>\n\t\t\t\t\t\t<p><a href='logout.php'>Logout</a></p>\n\t\t\t\t\t\t</div>\n\t\t\t\t\t"; ?> </div> </div> <!--user timeline ends--> <!--Content timeline starts--> <div id="content_timeline"> <h2 align="center">Info About This User:</h2> <?php user_profile(); ?> </div> <!--Content timeline ends--> </div> <!--Content area ends--> </div> <!--Container ends--> </body> </html> <?php }
function nodecomment($lang, $node_id, $node_user_id, $node_url, $nomore) { $user_id = user_profile('id'); $moderator = user_has_role('moderator'); // $user_id == $node_user_id || user_has_role('moderator') $now = time(); $message_maxlen = 1000; $with_captcha = false; $action = 'init'; if ($user_id) { if (isset($_POST['comment_comment'])) { $action = 'comment'; } else { if (isset($_POST['comment_edit'])) { $action = 'edit'; } else { if (isset($_POST['comment_validate'])) { $action = 'validate'; } else { if (isset($_POST['comment_moderate'])) { $action = 'moderate'; } else { if (isset($_POST['comment_modify'])) { $action = 'modify'; } else { if (isset($_POST['comment_delete'])) { $action = 'delete'; } } } } } } } $id = $message = $token = false; switch ($action) { case 'validate': if (isset($_POST['comment_code'])) { $code = readarg($_POST['comment_code']); } /* fall thru */ /* fall thru */ case 'comment': case 'edit': if (isset($_POST['comment_message'])) { $message = readarg($_POST['comment_message'], true, false); // trim but DON'T strip! } if (isset($_POST['comment_token'])) { $token = readarg($_POST['comment_token']); } break; case 'moderate': if (isset($_POST['comment_moderate'])) { $id = readarg($_POST['comment_moderate']); } break; case 'modify': case 'delete': if (isset($_POST['comment_id'])) { $id = readarg($_POST['comment_id']); } if (isset($_POST['comment_message'])) { $message = readarg($_POST['comment_message'], true, false); // trim but DON'T strip! } if (isset($_POST['comment_token'])) { $token = readarg($_POST['comment_token']); } break; default: break; } $missing_code = false; $bad_code = false; $bad_token = false; $missing_id = false; $bad_id = false; $missing_message = false; $message_too_long = false; switch ($action) { case 'validate': if ($with_captcha) { if (!$code) { $missing_code = true; break; } $captcha = isset($_SESSION['captcha']['comment']) ? $_SESSION['captcha']['comment'] : false; if (!$captcha or $captcha != strtoupper($code)) { $bad_code = true; break; } } /* fall thru */ /* fall thru */ case 'comment': case 'edit': case 'modify': case 'delete': if (!isset($_SESSION['comment_token']) or $token != $_SESSION['comment_token']) { $bad_token = true; } break; default: break; } switch ($action) { case 'moderate': case 'modify': case 'delete': if ($bad_token) { break; } if (!$id) { $missing_id = true; break; } if (!is_numeric($id)) { $id = false; $bad_id = true; break; } if (!$moderator) { $r = node_get_comment($node_id, $id, $lang); if (!$r) { $id = false; $bad_id = true; break; } extract($r); /* comment_user_id, comment_created */ if (!($comment_user_id == $user_id and $comment_created + 15 * 60 > $now)) { $id = false; $bad_id = true; break; } } break; default: break; } switch ($action) { case 'comment': case 'validate': case 'edit': case 'modify': if ($bad_token or $missing_code or $bad_code or $missing_id or $bad_id) { break; } if (!$message) { $missing_message = true; } else { if (strlen(utf8_decode($message)) > $message_maxlen) { $message_too_long = true; } } break; default: break; } switch ($action) { case 'validate': if ($bad_token or $missing_code or $bad_code or $missing_message or $message_too_long) { break; } $ip_address = client_ip_address(); $r = node_add_comment($node_id, $user_id, $ip_address, $message, $lang); if (!$r) { $internal_error = true; break; } require_once 'serveripaddress.php'; require_once 'emailme.php'; global $sitename; $ip = server_ip_address(); $timestamp = strftime('%Y-%m-%d %H:%M:%S', time()); $subject = 'comment' . '@' . $sitename; $msg = $ip . ' ' . $timestamp . ' ' . $user_id . ' ' . $lang . ' ' . $node_id . ' ' . $node_url; @emailme($subject, $msg); $message = false; break; case 'modify': if ($bad_token or $missing_id or $bad_id or $missing_message or $message_too_long) { break; } $r = node_set_comment($node_id, $id, $message, $lang); if (!$r) { $internal_error = true; break; } $id = $message = false; break; case 'delete': if ($bad_token or $missing_id or $bad_id) { break; } $r = node_delete_comment($node_id, $id); if (!$r) { $internal_error = true; break; } $id = $message = false; break; default: break; } $newcomment = $user_page = false; if (!$id and !$nomore) { if ($user_id) { $newcomment = true; } else { $user_page = url('user', $lang); } } $comments = node_get_all_comments($node_id, $lang); $moderated = false; if ($comments) { if ($moderator) { $moderated = true; } else { $moderated = array(); foreach ($comments as $c) { if ($c['comment_user_id'] == $user_id and $c['comment_created'] + 15 * 60 > $now) { $moderated[] = $c['comment_id']; } } } } $_SESSION['comment_token'] = $token = token_id(); $errors = compact('missing_code', 'bad_code', 'missing_message', 'message_too_long'); $output = view('nodecomment', $lang, compact('token', 'with_captcha', 'comments', 'moderated', 'id', 'newcomment', 'message', 'message_maxlen', 'user_page', 'node_url', 'errors')); return $output; }
</div> </div> <div class="row"> <div class="panel panel-primary"> <div class="panel-heading"><strong>Biodata</strong><button data-toggle="modal" data-target="#editcrew<?php echo $id_user; ?> " type="button" class="btn btn-default pull-right"> <span class="glyphicon glyphicon-pencil" aria-hidden="true"></span> </button></div> <div class="panel-body" style="padding:0px;"> <table class="table table-striped"> <tbody> <?php echo user_profile(); ?> </tbody> </table> </div> </div> </div> </div> <div class="col-md-8"> <div> <!-- Nav tabs --> <ul class="nav nav-tabs nav-justified" role="tablist"> <li role="presentation" class="active"><a href="#post" aria-controls="post" role="tab" data-toggle="tab" style="color:black;">Post</a></li> <li role="presentation"><a href="#acara" aria-controls="acara" role="tab" data-toggle="tab" style="color:black;">Acara</a></li> <li role="presentation"><a href="#rapat" aria-controls="rapat" role="tab" data-toggle="tab" style="color:black;">Rapat</a></li>
function useredit($lang, $user_id) { global $system_languages, $supported_roles; $is_admin = user_has_role('administrator'); $is_owner = $user_id == user_profile('id'); $with_name = true; $with_status = ($user_id != 1 and $is_admin); $with_delete = ($user_id != 1 and $is_admin and !$is_owner); $with_newpassword = false; // ($user_id != 1 and $is_owner); $with_locale = count($system_languages) > 1 ? true : false; $with_role = ($user_id != 1 and $is_admin); $with_timezone = ($user_id != 1 and $is_admin); $with_website = true; $with_info = false; $confirmed = false; $action = 'init'; if (isset($_POST['useredit_modify'])) { $action = 'modify'; } if ($with_newpassword) { if (isset($_POST['useredit_change'])) { $action = 'change'; } } if ($with_delete) { if (isset($_POST['useredit_delete'])) { $action = 'delete'; } else { if (isset($_POST['useredit_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['useredit_cancel'])) { $action = 'cancel'; } } } } $user_name = $user_mail = $user_locale = $user_timezone = false; $user_website = false; $user_active = $user_banned = false; $user_accessed = false; $user_role = false; $user_newpassword = false; $user_lastname = $user_firstname = false; $token = false; switch ($action) { case 'init': case 'reset': $r = user_get($user_id); if ($r) { extract($r); /* user_name user_password user_newpassword user_seed user_mail user_timezone user_website user_created user_modified user_accessed user_locale user_active user_banned */ } $user_newpassword = false; if ($with_info) { $r = user_get_info($user_id); if ($r) { extract($r); /* user_lastname, user_firstname */ } } if ($with_role) { $user_role = user_get_role($user_id); } break; case 'modify': case 'change': case 'delete': case 'cancel': if ($with_info) { if (isset($_POST['useredit_lastname'])) { $user_lastname = readarg($_POST['useredit_lastname']); } if (isset($_POST['useredit_firstname'])) { $user_firstname = readarg($_POST['useredit_firstname']); } } if (isset($_POST['useredit_name'])) { $user_name = strtolower(strflat(readarg($_POST['useredit_name']))); } if (isset($_POST['useredit_mail'])) { $user_mail = strtolower(strflat(readarg($_POST['useredit_mail']))); } if (isset($_POST['useredit_website'])) { $user_website = strtolower(strflat(readarg($_POST['useredit_website']))); } if (isset($_POST['useredit_timezone'])) { $user_timezone = readarg($_POST['useredit_timezone']); } if (isset($_POST['useredit_locale'])) { $user_locale = readarg($_POST['useredit_locale']); } if ($with_role) { if (isset($_POST['useredit_role'])) { $user_role = readarg($_POST['useredit_role']); } } if ($with_status) { if (isset($_POST['useredit_active'])) { $user_active = readarg($_POST['useredit_active']) == 'on'; } if (isset($_POST['useredit_banned'])) { $user_banned = readarg($_POST['useredit_banned']) == 'on'; } if (isset($_POST['useredit_accessed'])) { $user_accessed = (int) readarg($_POST['useredit_accessed']); } } if ($with_newpassword) { if (isset($_POST['useredit_newpassword'])) { $user_newpassword = readarg($_POST['useredit_newpassword']); } } if (isset($_POST['useredit_token'])) { $token = readarg($_POST['useredit_token']); } break; default: break; } $bad_token = false; $missing_lastname = false; $missing_firstname = false; $missing_name = false; $bad_name = false; $duplicated_name = false; $missing_mail = false; $bad_mail = false; $duplicated_mail = false; $bad_role = false; $bad_website = false; $missing_locale = false; $bad_locale = false; $bad_timezone = false; $missing_newpassword = false; $bad_newpassword = false; $account_modified = false; $password_changed = false; $internal_error = false; $contact_page = false; switch ($action) { case 'modify': if (!isset($_SESSION['useredit_token']) or $token != $_SESSION['useredit_token']) { $bad_token = true; } if ($with_info) { if (!$user_lastname) { $missing_lastname = true; } if (!$user_firstname) { $missing_firstname = true; } } if ($with_name and !$user_name) { $missing_name = true; } if ($user_name) { if (!validate_user_name($user_name)) { $bad_name = true; } else { if (!user_check_name($user_name, $user_id)) { $duplicated_name = true; } } } if (!$user_mail) { $missing_mail = true; } else { if (!validate_mail($user_mail)) { $bad_mail = true; } else { if (!user_check_mail($user_mail, $user_id)) { $duplicated_mail = true; } } } if ($user_role) { foreach ($user_role as $role) { if (!validate_role($role)) { $bad_role = true; break; } } } if ($user_website) { if (!validate_website($user_website)) { $bad_website = true; } else { $user_website = normalize_website($user_website); } } if ($user_timezone) { if (!validate_timezone($user_timezone)) { $bad_timezone = true; } } if ($with_locale and !$user_locale) { $missing_locale = true; } if ($user_locale) { if (!validate_locale($user_locale)) { $bad_locale = true; } } break; case 'change': if (!$user_newpassword) { $missing_newpassword = true; } else { if (!validate_password($user_newpassword)) { $bad_newpassword = true; } } break; default: break; } $confirm_delete = false; switch ($action) { case 'modify': if ($bad_token or $missing_name or $bad_name or $duplicated_name or $missing_mail or $bad_mail or $duplicated_mail or $bad_role or $bad_website or $bad_timezone or $missing_locale or $bad_locale or $missing_lastname or $missing_firstname) { break; } $r = user_set($user_id, $user_name, $user_mail, $user_website, $user_locale, $user_timezone); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['name'] = $user_name; $_SESSION['user']['mail'] = $user_mail; $_SESSION['user']['website'] = $user_website; $_SESSION['user']['locale'] = $user_locale; $_SESSION['user']['timezone'] = $user_timezone; } if ($with_info) { $r = user_set_info($user_id, $user_lastname, $user_firstname); if (!$r) { $internal_error = true; break; } if ($is_owner) { $_SESSION['user']['lastname'] = $user_lastname; $_SESSION['user']['firstname'] = $user_firstname; } } if ($with_role) { $r = user_set_role($user_id, $user_role); if (!$r) { $internal_error = true; break; } } if ($with_status) { $r = user_set_status($user_id, $user_active, $user_banned); if (!$r) { $internal_error = true; break; } } $account_modified = true; break; case 'change': if ($missing_newpassword or $bad_newpassword) { break; } $r = user_set_newpassword($user_id, $user_newpassword); if (!$r) { $internal_error = true; break; } $password_changed = true; break; case 'delete': if (!$confirmed) { $confirm_delete = true; break; } $r = user_delete($user_id); if (!$r) { $internal_error = true; break; } return false; default: break; } $user_newpassword = false; if ($internal_error) { $contact_page = url('contact', $lang); } $_SESSION['useredit_token'] = $token = token_id(); $errors = compact('missing_name', 'bad_name', 'duplicated_name', 'missing_mail', 'bad_mail', 'duplicated_mail', 'bad_timezone', 'bad_website', 'missing_locale', 'bad_locale', 'missing_newpassword', 'bad_newpassword', 'missing_lastname', 'missing_firstname', 'internal_error', 'contact_page'); $infos = compact('account_modified', 'password_changed'); $output = view('useredit', $lang, compact('token', 'errors', 'infos', 'with_name', 'user_name', 'user_mail', 'with_timezone', 'user_timezone', 'with_website', 'user_website', 'with_role', 'user_role', 'supported_roles', 'with_locale', 'user_locale', 'with_status', 'user_banned', 'user_active', 'user_accessed', 'with_newpassword', 'user_newpassword', 'with_info', 'user_lastname', 'user_firstname', 'with_delete', 'confirm_delete')); return $output; }
} // End db_num() header("Location: ?module=kioskadmin&action=editWare&wareID={$wareID}"); } elseif ($action == "rmBarcode" && !empty($_GET['barcode']) && !empty($_GET['wareID'])) { $wareID = $_GET['wareID']; $barcode = $_GET['barcode']; db_query(sprintf("DELETE FROM %s WHERE barcode=%s AND wareID=%s", $sql_prefix . "_kiosk_barcodes", $barcode, $wareID)); $log = array('barcode' => $barcode, 'wareID' => $wareID); log_add("kioskadmin", "rmBarcode", serialize($log)); header("Location: ?module=kioskadmin&action=editWare&wareID={$wareID}"); } elseif ($action == "credit") { $qFindCredits = db_query("SELECT u.nick,u.ID,SUM(totalPrice) AS totalPrice FROM " . $sql_prefix . "_kiosk_sales ks JOIN " . $sql_prefix . "_users u ON u.ID=ks.soldTo WHERE ks.credit = 1 AND creditPaid = 0 AND ks.totalPrice >0 AND eventID = '{$sessioninfo->eventID}' GROUP BY u.nick ORDER BY totalPrice DESC"); $content .= "<table>"; while ($rFindCredits = db_fetch($qFindCredits)) { $content .= "<tr><td>"; $content .= user_profile($rFindCredits->ID); $content .= "</td><td>\n"; $content .= "<a href='?module=kioskadmin&action=viewCreditSales&user={$rFindCredits->ID}'>"; $content .= $rFindCredits->totalPrice; $content .= "</a></td></tr>"; } // End while $content .= "</table>\n\n"; } elseif ($action == 'viewCreditSales' && !empty($_GET['user'])) { $user = $_GET['user']; $qFindWares = db_query("SELECT kw.ID,kw.name,kw.price,kw.wareType,ksi.amount FROM (" . $sql_prefix . "_kiosk_saleitems ksi LEFT JOIN " . $sql_prefix . "_kiosk_sales ks ON ks.ID=ksi.saleID) LEFT JOIN " . $sql_prefix . "_kiosk_wares kw ON ksi.wareID=kw.ID WHERE ks.credit=1 AND ks.soldTo = '" . db_escape($user) . "' AND ks.totalPrice > 0 AND ks.eventID = '{$sessioninfo->eventID}' ORDER BY kw.name ASC"); $content .= "<table>"; while ($rFindWares = db_fetch($qFindWares)) { $content .= "<tr><td>"; $content .= $rFindWares->name; $content .= "</td><td>";
?> " /></a> </div> <?php if ($this->session->userdata('id') == $comment['user_id']) { ?> <?php echo anchor('share/remove_comment/' . $comment['update_comment_id'], icon_img_tag('remove.png'), 'title="' . lang('home_comment_remove') . '" class="update-comment-remove comment-remove-action"'); ?> <?php } ?> <?php echo anchor(user_profile($comment['username']), $comment['username']); ?> (<small><?php echo timeSince(strtotime($comment['update_comment_created'])); ?> </small>): <?php echo $comment['update_comment_content']; ?> <div class="clear"></div> </div> <?php } ?> </div>
$qGetTickets = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE eventID = '{$sessioninfo->eventID}' AND {$where}"); $content .= "<table>\n"; $content .= "<tr><th>" . lang("Ticketnumber", "ticketorder"); $content .= "</th><th>" . lang("Owner", "ticketorder"); $content .= "</th><th>" . lang("User", "ticketorder"); $content .= "</th><th>" . lang("Status", "ticketorder"); $content .= "</th><th>" . lang("Map placement", "ticketorder"); $content .= "</th><th>" . lang("Paid?", "ticketorder"); $content .= "</th></tr>\n\n"; while ($rGetTickets = db_fetch($qGetTickets)) { $content .= "<tr><td>"; $content .= $rGetTickets->ticketID; $content .= "</td><td>"; $content .= user_profile($rGetTickets->owner); $content .= "</td><td>"; $content .= user_profile($rGetTickets->user); $content .= "</td><td>"; if ($rGetTickets->status == 'used') { $content .= _("used"); } else { $content .= _("not used"); } # $content .= lang($rGetTickets->status, "ticketorder"); $content .= "</td><td>"; $content .= "<a href='?module=seating&ticketID={$rGetTickets->ticketID}'>"; $qFindSeating = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings WHERE ticketID = '{$rGetTickets->ticketID}'"); if (db_num($qFindSeating) == 1) { $rFindSeating = db_fetch($qFindSeating); $content .= $rFindSeating->seatX . " / " . $rFindSeating->seatY; } else { $content .= lang("No seat chosen");
function threadeditall($lang, $clang) { global $supported_threads, $with_toolbar; if (!user_has_role('writer')) { return run('error/unauthorized', $lang); } $confirmed = false; $action = 'init'; if (isset($_POST['thread_create'])) { $action = 'create'; } else { if (isset($_POST['thread_delete'])) { $action = 'delete'; } else { if (isset($_POST['thread_confirmdelete'])) { $action = 'delete'; $confirmed = true; } else { if (isset($_POST['threadlist_reorder'])) { $action = 'reorder'; } } } } $new_thread_name = $new_thread_title = $new_thread_type = $new_thread_number = false; $old_thread_number = false; $p = false; switch ($action) { case 'init': case 'reset': break; case 'create': case 'delete': case 'reorder': if (isset($_POST['new_thread_title'])) { $new_thread_title = readarg($_POST['new_thread_title']); } if ($new_thread_title) { $new_thread_name = strtofname($new_thread_title); } if (isset($_POST['new_thread_number'])) { $new_thread_number = readarg($_POST['new_thread_number']); } if (isset($_POST['new_thread_type'])) { $new_thread_type = readarg($_POST['new_thread_type']); } if (isset($_POST['old_thread_number'])) { $old_thread_number = readarg($_POST['old_thread_number']); } if (isset($_POST['p'])) { $p = $_POST['p']; // DON'T readarg! } default: break; } $thread_list = array(); $r = thread_list($clang, false, false); if (!$r or count($r) != count($p)) { $p = false; } if ($r) { $pos = 1; $thread_url = url('threadedit', $lang); foreach ($r as $b) { $b['thread_url'] = $thread_url . '/' . $b['thread_id']; $b['pos'] = $p ? $p[$pos] : $pos; $thread_list[$pos] = $b; $pos++; } } $missing_new_thread_title = false; $missing_new_thread_name = false; $bad_new_thread_name = false; $missing_new_thread_type = false; $bad_new_thread_type = false; $bad_new_thread_number = false; $missing_old_thread_number = false; $bad_old_thread_number = false; switch ($action) { case 'create': if (!$new_thread_title) { $missing_new_thread_title = true; } if (!$new_thread_name) { $missing_new_thread_name = true; } else { if (!preg_match('#^[\\w-]{2,}$#', $new_thread_name)) { $bad_new_thread_name = true; } } if (!$new_thread_number) { $bad_new_thread_number = false; } else { if (!is_numeric($new_thread_number)) { $bad_new_thread_number = true; } else { if ($new_thread_number < 1 or $new_thread_number > count($thread_list) + 1) { $bad_new_thread_number = true; } } } if (!$new_thread_type) { $missing_new_thread_type = true; } else { if (!in_array($new_thread_type, $supported_threads)) { $bad_new_thread_type = true; } } break; case 'delete': if (!$old_thread_number) { $missing_old_thread_number = true; } else { if (!is_numeric($old_thread_number)) { $bad_old_thread_number = true; } else { if ($old_thread_number < 1 or $old_thread_number > count($thread_list)) { $bad_old_thread_number = true; } } } break; default: break; } $confirm_delete_thread = false; switch ($action) { case 'create': if ($missing_new_thread_title or $missing_new_thread_name or $bad_new_thread_name or $bad_new_thread_number or $missing_new_thread_type or $bad_new_thread_type) { break; } $user_id = user_profile('id'); $np = thread_create($clang, $user_id, $new_thread_name, $new_thread_title, $new_thread_type, $new_thread_number); if (!$np) { break; } extract($np); /* thread_id thread_number */ $thread_title = $new_thread_title; $thread_url = url('threadedit', $lang) . '/' . $thread_id; $pos = $thread_number; if ($thread_list) { foreach ($thread_list as &$tr) { if ($tr['thread_number'] >= $pos) { $tr['thread_number']++; } if ($tr['pos'] >= $pos) { $tr['pos']++; } } array_splice($thread_list, $pos - 1, 0, array(compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos'))); array_multisort(range(1, count($thread_list)), $thread_list); } else { $pos = 1; $thread_list = array($pos => compact('thread_id', 'thread_title', 'thread_number', 'thread_url', 'pos')); } break; case 'delete': if ($missing_old_thread_number or $bad_old_thread_number) { break; } if (!$confirmed) { $confirm_delete_thread = true; break; } $thread_id = $thread_list[$old_thread_number]['thread_id']; $r = thread_delete($thread_id); if (!$r) { break; } unset($thread_list[$old_thread_number]); foreach ($thread_list as &$b) { if ($b['pos'] >= $old_thread_number) { $b['pos']--; } } $old_thread_number = false; break; case 'reorder': if (!$p) { break; } $neworder = range(1, count($p)); array_multisort($p, SORT_NUMERIC, $neworder); $number = 1; $nl = array(); foreach ($neworder as $i) { $tr =& $thread_list[$i]; if ($tr['thread_number'] != $number) { thread_set_number($tr['thread_id'], $number); $tr['thread_number'] = $number; } $tr['pos'] = $number; $nl[$number++] = $tr; } $thread_list = $nl; break; default: break; } head('title', translate('threadall:title', $lang)); head('description', false); head('keywords', false); head('robots', 'noindex, nofollow'); $site_title = translate('title', $lang); $view = url('thread', $clang) . '?' . 'slang=' . $lang; $banner = build('banner', $lang, $with_toolbar ? compact('headline') : compact('headline', 'view')); $scroll = true; $toolbar = $with_toolbar ? build('toolbar', $lang, compact('view', 'scroll')) : false; $inlanguages = view('inlanguages', false, compact('clang')); $errors = compact('missing_new_thread_title', 'bad_new_thread_title', 'missing_new_thread_name', 'missing_new_thread_type', 'bad_new_thread_name', 'bad_new_thread_type', 'bad_new_thread_number', 'missing_old_thread_number', 'bad_old_thread_number'); $content = view('editing/threadeditall', $lang, compact('clang', 'site_title', 'inlanguages', 'supported_threads', 'thread_list', 'new_thread_title', 'new_thread_type', 'new_thread_number', 'old_thread_number', 'confirm_delete_thread', 'errors')); $output = layout('editing', compact('toolbar', 'banner', 'content')); return $output; }
} // End else if (!isset($action)) { # $seatX = $_GET['seatX']; # $seatY = $_GET['seatY']; include_once __DIR__ . '/../seatmap/seatmap.php'; if (!empty($_GET['seatX']) && !empty($_GET['seatY'])) { // Display information about the seat $qFindSeatings = db_query("SELECT * FROM " . $sql_prefix . "_seatReg_seatings \n\t\t\tWHERE seatX = '" . db_escape($_GET['seatX']) . "'\n\t\t\tAND seatY = '" . db_escape($_GET['seatY']) . "'\n\t\t\tAND eventID = '{$sessioninfo->eventID}'"); if (db_num($qFindSeatings) > 0) { $rFindSeatings = db_fetch($qFindSeatings); $qFindTicket = db_query("SELECT * FROM " . $sql_prefix . "_tickets WHERE ticketID = '{$rFindSeatings->ticketID}'"); $rFindTicket = db_fetch($qFindTicket); # $qFindUser = db_query("SELECT * FROM ".$sql_prefix."_users WHERE ID = '$rFindTicket->user'"); # $rFindUser = db_fetch($qFindUser); $content .= user_profile($rFindTicket->user); # $content .= $rFindUser->firstName." ".$rFindUser->lastName." ".lang("a.k.a.", "seating")." ".$rFindUser->nick; # if($sessioninfo->userID != 1 && $rFindUser->EMail != '') { # $qCheckMailSetting = db_query("SELECT * FROM ".$sql_prefix."_userPreferences WHERE name = 'allowViewMail' AND userID = '$rFindTicket->user'"); # $rCheckMailSetting = db_fetch($qCheckMailSetting); # if($rCheckMailSetting->value == 'on') $content .= "<br />".lang("Contact this user: "******"seating").$rFindUser->EMail; # } // End if sessioninfo->userID != 1 } // End db_num > 0 } // End !empty $content .= "<br /><br />"; $content .= display_systemstatic("seatmap"); } elseif ($_GET['action'] == "takeseat") { $seatX = $_GET['seatX']; $seatY = $_GET['seatY'];
<td width="245" height="177" background="images/w01.jpg" style="padding-left:30px;padding-top:40px;" valign="top"> <?php if (!defined('GALLERY')) { die("Hack attempt!"); } if (isset($_GET[logout])) { unset($_SESSION['user_id']); echo "Вы успешно вышли!<br>"; } if (isset($_SESSION['user_id'])) { session_start(); $user_id = mysql_real_escape_string($_SESSION['user_id']); if (!check_user($user_id) || isset($_GET[edit_profile])) { user_profile($user_id); } else { $errors = 0; //0 - нет препятствий для заливки новых фото $query = "SELECT * FROM `users` WHERE `id`='{$user_id}'"; $sql = mysql_query($query) or die(mysql_error()); $rows = mysql_fetch_assoc($sql); if ($rows[photos_count] == 6) { $errors = 1; echo "Уведомление: вы достигли максимума загружаемых фото"; } //define a maxim size for the uploaded images in Kb define("MAX_SIZE", "1024"); if (isset($_POST['Submit']) && $errors == 0) { $image = $_FILES['image']['name']; if ($image) { //get the original name of the file from the clients machine $filename = stripslashes($_FILES['image']['name']);