<?php include_once "../include/page.php"; $p = new Page('profile', 1); if (isset($_GET['action']) && $_GET['action'] == 'profile') { $p->addJs("loadXML('user')"); if ($_GET['password'] == 'd41d8cd98f00b204e9800998ecf8427e') { //hash of '' $p->db->qry("UPDATE users SET skin='{$_GET['skin']}',firstname='{$_GET['fname']}',\tlastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'"); } else { $p->db->qry("UPDATE users SET password='******'password']}', skin='{$_GET['skin']}', firstname='{$_GET['fname']}', lastname='{$_GET['lname']}', email='{$_GET['email']}' WHERE id='{$p->u->id}'"); $p->u->updatePassword($_GET['password']); } } else { $p->infoBox("To change your password fill out the password fields - or just leave them be to leave your password be."); } $p->db->qry("SELECT * FROM users WHERE id='" . $p->u->id . "'"); extract($p->db->fetchLast()); $p->db->qry("SELECT * FROM skins"); echo "<div id=\"accordion\"><h3><a>Profile</a></h3><div><form name=\"profile\" id=\"profile\" type=\"get\" onsubmit=\"javascript:\r\nif(document.profile.password.value == document.profile.cpassword.value){\r\n\tdocument.profile.cpassword.value='';\r\n\tsendForm(this, 'profile');\r\n} else {\r\n\tdocument.profile.password.value='';\r\n\tdocument.profile.cpassword.value='';\r\n\tdocument.profile.password.focus();\r\n\terrorMsg('Your passwords did not match. Have another go.')\r\n} return false;\">\r\n<table><tr><td>change password</td><td><input type=\"password\" name=\"password\" id=\"password\"/></td></tr>\r\n<tr><td>confirm password</td><td><input type=\"password\" name=\"cpassword\" id=\"cpassword\"/></td></tr>"; echo "<tr><td>skin</td><td><select name=\"skin\">"; while ($row = $p->db->fetchLast()) { echo "<option value='{$row['id']}'>{$row['name']}</option>"; } echo "</select></td></tr>"; $p->addJs("document.profile.skin.value = '{$p->u->skin}';"); $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); echo "<tr><td>first name</td><td><input type=\"tex\r\n\tif(validatePopulated(document.profile.password.value))\r\n\t\tdocument.profile.password.value=hex_md5(document.profile.password.value);t\" name=\"fname\" id=\"fname\" value=\"{$firstname}\"/></td></tr>\r\n<tr><td>last name</td><td><input type=\"text\" name=\"lname\" id=\"lname\" value=\"{$lastname}\"/></td></tr>\r\n<tr><td>email</td><td><input type=\"text\" name=\"email\" id=\"email\" value=\"{$email}\"/></td></tr>\r\n<tr><td><input type=\"submit\" value=\"update\"')\"/></td></tr>"; echo "</table></form></div></div>";
<?php include_once "../include/page.php"; include_once "../include/linklist.php"; $p = new Page("news", 2); $l = new LinkList($p->u); dev(); $l->additem("news items", "news", 0); echo $l->dispList(); $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); if (!isset($_GET['action'])) { //if no action, do nothing. This is just so we do not need to check every time. } elseif ($_GET['action'] == 'addnews') { if (!isset($_GET['item']) || $_GET['item'] == "") { $p->db->qry("INSERT INTO news (title, uid, content) VALUES ('{$_GET['title']}','{$p->u->id}', '" . addSlashes($_GET['newscontent']) . "')"); } else { $p->db->qry("UPDATE news SET uid = '{$p->u->id}',time = CURRENT_TIMESTAMP, title = '{$_GET['title']}',content = '" . addSlashes($_GET['newscontent']) . "' WHERE id='" . $_GET['item'] . "'"); } } elseif ($_GET['action'] == 'modify') { extract($_GET); $p->db->qry("SELECT title, content FROM news WHERE id='{$item}' LIMIT 1"); $row = $p->db->fetchLast(); $p->addJs("document.addnews.newscontent.value='" . addSlashes($row['content']) . "';"); $p->addJs("document.addnews.title.value='{$row['title']}';"); $p->addJs("document.addnews.item.value='{$item}';"); } elseif ($_GET['action'] == 'delete') { $p->db->qry("DELETE FROM news WHERE id = {$_GET['item']}"); } //new echo "<div id=\"accordion\"><h3><a>Edit Entry</a></h3><div>"; echo "<form name=\"addnews\" id=\"addnews\" onsubmit=\"sendForm(this,'admin_news');false;\">\r\n<input type=\"text\" name=\"title\" /> by {$p->u->username} @ [now] wrote:<br/><textarea id=\"newscontent\" name=\"newscontent\" cols=\"45\" rows=\"5\"></textarea><br/><input type=\"submit\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" /><input type=\"hidden\" name=\"item\" id=\"item\" value=\"\" /></form></div>";
include_once "../include/page.php"; $p = new Page('bills', 1); dev(); if (isset($_GET['action'])) { if ($_GET['action'] == 'pay') { $p->db->qry("UPDATE `bills` SET `paid` = 1, `datepaid` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'"); } if ($_GET['action'] == 'confirm') { $p->db->qry("UPDATE `bills` SET `confirmed` = 1, `dateconfirmed` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'"); } if ($_GET['action'] == 'delete') { $p->db->qry("UPDATE `bills` SET `confirm` = 1 WHERE `id` = '" . $_GET['control'] . "'"); } } $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); $p->l->addItem('bills', 'admin_bills', 2); $p->l->addLink('bendigo bank', 'https://www.bendigobank.com.au/banking/BBLIBanking/', 0); $p->l->addLink('commonwealth bank', 'https://www3.netbank.commbank.com.au/netbank/bankmain', 0); $p->l->addLink('nab', 'https://ib.nab.com.au/nabib/index.jsp', 0); echo $p->l->dispList(); $p->db->qry("SELECT bills.*, username FROM users, `bills` WHERE uid = users.id AND `confirmed` = 0 ORDER BY `uid` ASC"); echo "<div id=\"accordion\"><h3><a>current bills</a></h3><div>"; if ($p->db->noLast() != 0) { $unpaid = 0; $unconfirmed = 0; echo "<table border=1><tr><td>username</td><td>service</td><td>amount</td><td>date added</td><td>date due</td><td>date paid</td><td>date confirmed</td><td>delete</td></tr>\n"; while ($row = $p->db->fetchLast()) { extract($row); echo "<tr><td>{$username}</td>\r\n\t\t<td>{$service}</td>\r\n\t\t<td>\${$amount}</td>\r\n\t\t<td>{$dateentered}</td>\r\n\t\t<td>{$datedue}</td>\r\n\t\t<td>"; if (!$paid) {
include_once "../include/page.php"; $p = new Page('bills', 1); //This page handles it's own access levels. So allow all registered users. if (!$p->u->canAccess(2) && !$p->u->billable) { die(header("Not billable or admin", true, 403)); } //halt rendering, and say access denied if (isset($_GET['action'])) { if ($_GET['action'] == 'pay') { $p->db->qry("UPDATE `bills` SET `paid` = 1, `datepaid` = '" . date('Y-m-d') . "' WHERE `id` = '" . $_GET['control'] . "'"); } if ($_GET['action'] == 'cancel') { $p->db->qry("UPDATE `bills` SET `paid` = 0 WHERE `id` = '" . $_GET['control'] . "'"); } } $p->addJs("\$(\"#accordion\").accordion({autoHeight: false, navigation: true})"); $p->l->addItem('manage bills', 'admin_bills', 2); $p->l->addLink('bendigo bank', 'https://www.bendigobank.com.au/banking/BBLIBanking/', 0); $p->l->addLink('commonwealth bank', 'https://www3.netbank.commbank.com.au/netbank/bankmain', 0); $p->l->addLink('nab', 'https://ib.nab.com.au/nabib/index.jsp', 0); echo $p->l->dispList(); $p->infoBox($p->db->getSetting('bills_info')); $p->db->qry("SELECT * FROM `bills` WHERE uid = '" . $p->u->id . "' AND `confirmed` = 0 ORDER BY `uid` ASC"); echo "<div id=\"accordion\"><h3><a>current bills</a></h3><div>"; if ($p->db->noLast() != 0) { $unpaid = 0; $unconfirmed = 0; echo "<table border=1><tr><td>service</td><td>amount</td><td>date added</td><td>date due</td><td>date paid</td><td>date confirmed</td></tr>\n"; while ($row = $p->db->fetchLast()) { extract($row); echo "<tr><td>{$service}</td>\r\n\t\t<td>\${$amount}</td>\r\n\t\t<td>{$dateentered}</td>\r\n\t\t<td>{$datedue}</td>\r\n\t\t<td>";
} } //LINK SETTINGS } elseif ($_GET['action'] == "linksettings") { $p->db->qry("DELETE FROM links"); //clear current links before adding them back in $value = strtok($_GET['order'], ' '); if ($value != '') { do { $p->db->qry("INSERT INTO links (label, url, reqaccess, billoverride) VALUES ('{$_GET['label' . $value]}','{$_GET['url' . $value]}','{$_GET['access' . $value]}','{$_GET['billoverride' . $value]}')"); } while (($value = strtok(' ')) != null); } if ($_GET['newurl'] != '') { $p->db->qry("INSERT INTO links (label, url) VALUES ('{$_GET['newlabel']}','{$_GET['newurl']}')"); } $p->addJs("loadXML('links');"); //reload link bar straight away //PAGE SETTINGS } elseif ($_GET['action'] == 'pagesetup') { echo "<pre>" . print_r($_GET, true) . "</pre>"; //MODULE SETTINGS } elseif ($_GET['action'] == 'modulesetup') { $p->infoBox('Changing module settings can break the page. If this happens, just refresh your browser.'); $order = 0; $value = strtok($_GET['order'], ' '); do { $order++; $p->db->qry("UPDATE modules SET `enabled`='{$_GET["enabled" . $value]}', `order`='{$order}', `onsidebar`='{$_GET["onsidebar" . $value]}',`localrefresh`='{$_GET["localrefresh" . $value]}',`webrefresh`='{$_GET["webrefresh" . $value]}' WHERE `id` = '{$value}'"); } while ($value = strtok(' ')); $p->addJs("forceModulesUpdate();grabSidebar();"); //USER ADMIN
<?php include_once "../include/page.php"; $p = new Page("registration", 0); //dev(); if (isset($_GET['action']) && $_GET['action'] == "login" && isset($_GET['username']) && isset($_GET['password']) && ($result = $p->db->fetch($p->db->qry("SELECT username, password, disabled FROM users WHERE username = '******'username'] . "'")))) { if ($result['password'] == $_GET['password']) { if ($result['disabled']) { $p->infoBox("You have successfully identified yourself, but your account is disabled."); $p->infoBox("To gain access please talk to your admin."); echo "<input onclick=\"history.go(-1);\" class=\"ui-button ui-widget ui-state-default ui-corner-all\" value=\"Return\"/>"; die; } else { $p->u->updateCookies($_GET['username'], $_GET['password']); $p->addJs("grabModules(); grabSidebar(); setTimeout('history.go(-1)',500);"); die($p->infoBox("Logging In...")); } } else { //incorrect password $p->infoBox("You seem to have inaccuratly typed your password. For examples sake, I have intentionally misspelled inaccurately. Poor you.<br/>Try again, or you can ask your benevolent admin to reset it..."); $p->infoBox("If you have not used this system before, please register."); } } else { if (isset($_GET['action']) && $_GET['action'] == "wanttoregister") { $p->infoBox("Here is the paperwork.."); } else { if (isset($_GET['action']) && $_GET['action'] == "register") { //make sure there are no duplicate names $p->db->qry("SELECT username, disabled FROM users WHERE username = '******'username'] . "'"); if ($row = $p->db->fetchLast()) { if ($row['disabled']) {