Example #1
0
<?php

include_once "../include/page.php";
$p = new Page('profile', 1);
if (isset($_GET['action']) && $_GET['action'] == 'profile') {
    $p->addJs("loadXML('user')");
    if ($_GET['password'] == 'd41d8cd98f00b204e9800998ecf8427e') {
        //hash of ''
        $p->db->qry("UPDATE users SET skin='{$_GET['skin']}',firstname='{$_GET['fname']}',\tlastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'");
    } else {
        $p->db->qry("UPDATE users SET password='******'password']}', skin='{$_GET['skin']}', firstname='{$_GET['fname']}', lastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'");
        $p->u->updatePassword($_GET['password']);
    }
} else {
    $p->infoBox("To change your password fill out the password fields - or just leave them be to leave your password be.");
}
$p->db->qry("SELECT * FROM users WHERE id='" . $p->u->id . "'");
extract($p->db->fetchLast());
$p->db->qry("SELECT * FROM skins");
echo "<div id=\"accordion\"><h3><a>Profile</a></h3><div><form name=\"profile\" id=\"profile\" type=\"get\" onsubmit=\"javascript:\r\nif(document.profile.password.value == document.profile.cpassword.value){\r\n\tdocument.profile.cpassword.value='';\r\n\tsendForm(this, 'profile');\r\n} else {\r\n\tdocument.profile.password.value='';\r\n\tdocument.profile.cpassword.value='';\r\n\tdocument.profile.password.focus();\r\n\terrorMsg('Your passwords did not match. Have another go.')\r\n} return false;\">\r\n<table><tr><td>change password</td><td><input type=\"password\" name=\"password\" id=\"password\"/></td></tr>\r\n<tr><td>confirm password</td><td><input type=\"password\" name=\"cpassword\" id=\"cpassword\"/></td></tr>";
echo "<tr><td>skin</td><td><select name=\"skin\">";
while ($row = $p->db->fetchLast()) {
    echo "<option value='{$row['id']}'>{$row['name']}</option>";
}
echo "</select></td></tr>";
$p->addJs("document.profile.skin.value = '{$p->u->skin}';");
$p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})");
echo "<tr><td>first name</td><td><input type=\"tex\r\n\tif(validatePopulated(document.profile.password.value))\r\n\t\tdocument.profile.password.value=hex_md5(document.profile.password.value);t\" name=\"fname\" id=\"fname\" value=\"{$firstname}\"/></td></tr>\r\n<tr><td>last name</td><td><input type=\"text\" name=\"lname\" id=\"lname\" value=\"{$lastname}\"/></td></tr>\r\n<tr><td>email</td><td><input type=\"text\" name=\"email\" id=\"email\" value=\"{$email}\"/></td></tr>\r\n<tr><td><input type=\"submit\" value=\"update\"')\"/></td></tr>";
echo "</table></form></div></div>";
Example #2
0
<?php

include_once "../include/page.php";
include_once "../include/linklist.php";
$p = new Page("news", 2);
$l = new LinkList($p->u);
dev();
$l->additem("news items", "news", 0);
echo $l->dispList();
$p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})");
if (!isset($_GET['action'])) {
    //if no action, do nothing. This is just so we do not need to check every time.
} elseif ($_GET['action'] == 'addnews') {
    if (!isset($_GET['item']) || $_GET['item'] == "") {
        $p->db->qry("INSERT INTO news (title, uid, content) VALUES ('{$_GET['title']}','{$p->u->id}', '" . addSlashes($_GET['newscontent']) . "')");
    } else {
        $p->db->qry("UPDATE news SET uid = '{$p->u->id}',time = CURRENT_TIMESTAMP, title = '{$_GET['title']}',content = '" . addSlashes($_GET['newscontent']) . "' WHERE id='" . $_GET['item'] . "'");
    }
} elseif ($_GET['action'] == 'modify') {
    extract($_GET);
    $p->db->qry("SELECT title, content FROM news WHERE id='{$item}' LIMIT 1");
    $row = $p->db->fetchLast();
    $p->addJs("document.addnews.newscontent.value='" . addSlashes($row['content']) . "';");
    $p->addJs("document.addnews.title.value='{$row['title']}';");
    $p->addJs("document.addnews.item.value='{$item}';");
} elseif ($_GET['action'] == 'delete') {
    $p->db->qry("DELETE FROM news WHERE id = {$_GET['item']}");
}
//new
echo "<div id=\"accordion\"><h3><a>Edit Entry</a></h3><div>";
echo "<form name=\"addnews\" id=\"addnews\" onsubmit=\"sendForm(this,'admin_news');false;\">\r\n<input type=\"text\" name=\"title\" /> by {$p->u->username} @ [now] wrote:<br/><textarea id=\"newscontent\" name=\"newscontent\" cols=\"45\" rows=\"5\"></textarea><br/><input type=\"submit\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" /><input type=\"hidden\" name=\"item\" id=\"item\" value=\"\" /></form></div>";
Example #3
0
include_once "../include/page.php";
$p = new Page('bills', 1);
dev();
if (isset($_GET['action'])) {
    if ($_GET['action'] == 'pay') {
        $p->db->qry("UPDATE `bills` SET `paid` = 1, `datepaid` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'");
    }
    if ($_GET['action'] == 'confirm') {
        $p->db->qry("UPDATE `bills` SET `confirmed` = 1, `dateconfirmed` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'");
    }
    if ($_GET['action'] == 'delete') {
        $p->db->qry("UPDATE `bills` SET `confirm` = 1 WHERE `id` = '" . $_GET['control'] . "'");
    }
}
$p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})");
$p->l->addItem('bills', 'admin_bills', 2);
$p->l->addLink('bendigo bank', 'https://www.bendigobank.com.au/banking/BBLIBanking/', 0);
$p->l->addLink('commonwealth bank', 'https://www3.netbank.commbank.com.au/netbank/bankmain', 0);
$p->l->addLink('nab', 'https://ib.nab.com.au/nabib/index.jsp', 0);
echo $p->l->dispList();
$p->db->qry("SELECT bills.*, username FROM users, `bills` WHERE uid = users.id AND `confirmed` = 0 ORDER BY `uid` ASC");
echo "<div id=\"accordion\"><h3><a>current bills</a></h3><div>";
if ($p->db->noLast() != 0) {
    $unpaid = 0;
    $unconfirmed = 0;
    echo "<table border=1><tr><td>username</td><td>service</td><td>amount</td><td>date added</td><td>date due</td><td>date paid</td><td>date confirmed</td><td>delete</td></tr>\n";
    while ($row = $p->db->fetchLast()) {
        extract($row);
        echo "<tr><td>{$username}</td>\r\n\t\t<td>{$service}</td>\r\n\t\t<td>\${$amount}</td>\r\n\t\t<td>{$dateentered}</td>\r\n\t\t<td>{$datedue}</td>\r\n\t\t<td>";
        if (!$paid) {
Example #4
0
include_once "../include/page.php";
$p = new Page('bills', 1);
//This page handles it's own access levels. So allow all registered users.
if (!$p->u->canAccess(2) && !$p->u->billable) {
    die(header("Not billable or admin", true, 403));
}
//halt rendering, and say access denied
if (isset($_GET['action'])) {
    if ($_GET['action'] == 'pay') {
        $p->db->qry("UPDATE `bills` SET `paid` = 1, `datepaid` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'");
    }
    if ($_GET['action'] == 'cancel') {
        $p->db->qry("UPDATE `bills` SET `paid` = 0 WHERE `id` = '" . $_GET['control'] . "'");
    }
}
$p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})");
$p->l->addItem('manage bills', 'admin_bills', 2);
$p->l->addLink('bendigo bank', 'https://www.bendigobank.com.au/banking/BBLIBanking/', 0);
$p->l->addLink('commonwealth bank', 'https://www3.netbank.commbank.com.au/netbank/bankmain', 0);
$p->l->addLink('nab', 'https://ib.nab.com.au/nabib/index.jsp', 0);
echo $p->l->dispList();
$p->infoBox($p->db->getSetting('bills_info'));
$p->db->qry("SELECT * FROM `bills` WHERE uid = '" . $p->u->id . "' AND `confirmed` = 0 ORDER BY `uid` ASC");
echo "<div id=\"accordion\"><h3><a>current bills</a></h3><div>";
if ($p->db->noLast() != 0) {
    $unpaid = 0;
    $unconfirmed = 0;
    echo "<table border=1><tr><td>service</td><td>amount</td><td>date added</td><td>date due</td><td>date paid</td><td>date confirmed</td></tr>\n";
    while ($row = $p->db->fetchLast()) {
        extract($row);
        echo "<tr><td>{$service}</td>\r\n\t\t<td>\${$amount}</td>\r\n\t\t<td>{$dateentered}</td>\r\n\t\t<td>{$datedue}</td>\r\n\t\t<td>";
Example #5
0
        }
    }
    //LINK SETTINGS
} elseif ($_GET['action'] == "linksettings") {
    $p->db->qry("DELETE FROM links");
    //clear current links before adding them back in
    $value = strtok($_GET['order'], ' ');
    if ($value != '') {
        do {
            $p->db->qry("INSERT INTO links (label, url, reqaccess, billoverride) VALUES ('{$_GET['label' . $value]}','{$_GET['url' . $value]}','{$_GET['access' . $value]}','{$_GET['billoverride' . $value]}')");
        } while (($value = strtok(' ')) != null);
    }
    if ($_GET['newurl'] != '') {
        $p->db->qry("INSERT INTO links (label, url) VALUES ('{$_GET['newlabel']}','{$_GET['newurl']}')");
    }
    $p->addJs("loadXML('links');");
    //reload link bar straight away
    //PAGE SETTINGS
} elseif ($_GET['action'] == 'pagesetup') {
    echo "<pre>" . print_r($_GET, true) . "</pre>";
    //MODULE SETTINGS
} elseif ($_GET['action'] == 'modulesetup') {
    $p->infoBox('Changing module settings can break the page. If this happens, just refresh your browser.');
    $order = 0;
    $value = strtok($_GET['order'], ' ');
    do {
        $order++;
        $p->db->qry("UPDATE modules SET `enabled`='{$_GET["enabled" . $value]}', `order`='{$order}', `onsidebar`='{$_GET["onsidebar" . $value]}',`localrefresh`='{$_GET["localrefresh" . $value]}',`webrefresh`='{$_GET["webrefresh" . $value]}' WHERE `id` = '{$value}'");
    } while ($value = strtok(' '));
    $p->addJs("forceModulesUpdate();grabSidebar();");
    //USER ADMIN
Example #6
0
<?php

include_once "../include/page.php";
$p = new Page("registration", 0);
//dev();
if (isset($_GET['action']) && $_GET['action'] == "login" && isset($_GET['username']) && isset($_GET['password']) && ($result = $p->db->fetch($p->db->qry("SELECT username, password, disabled FROM users WHERE username = '******'username'] . "'")))) {
    if ($result['password'] == $_GET['password']) {
        if ($result['disabled']) {
            $p->infoBox("You have successfully identified yourself, but your account is disabled.");
            $p->infoBox("To gain access please talk to your admin.");
            echo "<input onclick=\"history.go(-1);\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" value=\"Return\"/>";
            die;
        } else {
            $p->u->updateCookies($_GET['username'], $_GET['password']);
            $p->addJs("grabModules(); grabSidebar(); setTimeout('history.go(-1)',500);");
            die($p->infoBox("Logging In..."));
        }
    } else {
        //incorrect password
        $p->infoBox("You seem to have inaccuratly typed your password. For examples sake, I have intentionally misspelled inaccurately. Poor you.<br/>Try again, or you can ask your benevolent admin to reset it...");
        $p->infoBox("If you have not used this system before, please register.");
    }
} else {
    if (isset($_GET['action']) && $_GET['action'] == "wanttoregister") {
        $p->infoBox("Here is the paperwork..");
    } else {
        if (isset($_GET['action']) && $_GET['action'] == "register") {
            //make sure there are no duplicate names
            $p->db->qry("SELECT username, disabled FROM users WHERE username = '******'username'] . "'");
            if ($row = $p->db->fetchLast()) {
                if ($row['disabled']) {