function postcalendar_user_submit($args) { // We need at least ADD permission to submit an event if (!(bool) PC_ACCESS_ADD) { return _POSTCALENDARNOAUTH; } $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); // get the theme globals :: is there a better way to do this? pnThemeLoad(pnUserGetTheme()); global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2; // $category = pnVarCleanFromInput('event_category'); $category = pnVarCleanFromInput('category'); if (!empty($category)) { $category = unserialize(base64_decode($category)); //print_r($category); } else { //print_r($_POST); $cat = $_POST['category']; $category = unserialize(base64_decode($cat)); //print_r($category); } //print_r($category); // echo("<!-- Here is the argument array: -->\n"); // foreach ($args as $tmpkey => $tmpval) { // debugging // echo("<!-- $tmpkey => '$tmpval' -->\n"); // } extract($args); $Date =& postcalendar_getDate(); $year = substr($Date, 0, 4); $month = substr($Date, 4, 2); $day = substr($Date, 6, 2); // basic event information $event_desc = pnVarCleanFromInput('event_desc'); $event_category = pnVarCleanFromInput('event_category'); $event_subject = pnVarCleanFromInput('event_subject'); $event_sharing = pnVarCleanFromInput('event_sharing'); $event_topic = pnVarCleanFromInput('event_topic'); //id of the user the event is for $event_userid = pnVarCleanFromInput('event_userid'); if (!is_numeric($event_userid)) { $event_userid = 0; } $event_pid = pnVarCleanFromInput('event_pid'); if (!is_numeric($event_pid)) { $event_pid = ""; } // event start information $event_startmonth = pnVarCleanFromInput('event_startmonth'); $event_startday = pnVarCleanFromInput('event_startday'); $event_startyear = pnVarCleanFromInput('event_startyear'); $event_starttimeh = pnVarCleanFromInput('event_starttimeh'); $event_starttimem = pnVarCleanFromInput('event_starttimem'); $event_startampm = pnVarCleanFromInput('event_startampm'); // location data $event_location = pnVarCleanFromInput('event_location'); $event_street1 = pnVarCleanFromInput('event_street1'); $event_street2 = pnVarCleanFromInput('event_street2'); $event_city = pnVarCleanFromInput('event_city'); $event_state = pnVarCleanFromInput('event_state'); $event_postal = pnVarCleanFromInput('event_postal'); $event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal')); // contact data $event_contname = pnVarCleanFromInput('event_contname'); $event_conttel = pnVarCleanFromInput('event_conttel'); $event_contemail = pnVarCleanFromInput('event_contemail'); $event_website = pnVarCleanFromInput('event_website'); $event_fee = pnVarCleanFromInput('event_fee'); $event_patient_name = pnVarCleanFromInput('patient_name'); // event repeating data if (is_array($category)) { //$event_subject = $event_desc = $category['desc']; $event_category = $category['id']; $event_duration = $category['event_duration']; //seconds of the event $event_dur_hours = $event_duration / (60 * 60); //seconds divided by 60 seconds * 60 minutes $event_dur_minutes = $event_duration % (60 * 60) / 60; $event_repeat = $category['event_repeat']; $event_repeat_freq = $category['event_repeat_freq']; $event_repeat_freq_type = $category['event_repeat_freq_type']; $event_repeat_on_num = $category['event_repeat_on_num']; $event_repeat_on_day = $category['event_repeat_on_day']; $event_repeat_on_freq = $category['event_repeat_on_freq']; $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq')); // event end information $multiple = $category['end_date_freq'] . " "; switch ($category['end_date_type']) { case REPEAT_EVERY_DAY: case REPEAT_EVERY_WORK_DAY: //end date is in days $multiple .= "days"; break; case REPEAT_EVERY_WEEK: //end date is in weeks $multiple .= "weeks"; break; case REPEAT_EVERY_MONTH: //end date is in months $multiple .= "months"; break; case REPEAT_EVERY_YEAR: //end date is in years $multiple .= "years"; break; } $edate = strtotime(pnVarCleanFromInput('Date')); $event_startmonth = date("m", $edate); $event_startday = date("d", $edate); $event_startyear = date("Y", $edate); $event_enddate = strtotime(pnVarCleanFromInput('Date') . " + " . $multiple); $event_endmonth = date("m", $event_enddate); $event_endday = date("d", $event_enddate); $event_endyear = date("Y", $event_enddate); $event_endtype = $category['end_date_flag']; // I'm pretty sure this was a bug since 'event_all_day' appears nowhere // else in the code, but it's hard to tell WTF is going on. // $event_allday = $category['event_all_day']; $event_allday = $category['all_day']; } else { $event_dur_hours = pnVarCleanFromInput('event_dur_hours'); $event_dur_minutes = pnVarCleanFromInput('event_dur_minutes'); $event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes; $event_repeat = pnVarCleanFromInput('event_repeat'); $event_repeat_freq = pnVarCleanFromInput('event_repeat_freq'); $event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type'); $event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num'); $event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day'); $event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq'); $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq')); // event end information $event_endmonth = pnVarCleanFromInput('event_endmonth'); $event_endday = pnVarCleanFromInput('event_endday'); $event_endyear = pnVarCleanFromInput('event_endyear'); $event_endtype = pnVarCleanFromInput('event_endtype'); $event_allday = pnVarCleanFromInput('event_allday'); } // Added by Rod: if ($event_allday) { $event_starttimeh = 0; $event_starttimem = 0; $event_startampm = 1; $event_dur_hours = 24; $event_dur_minutes = 0; $event_duration = 60 * 60 * $event_dur_hours; } $form_action = pnVarCleanFromInput('form_action'); $pc_html_or_text = pnVarCleanFromInput('pc_html_or_text'); $pc_event_id = pnVarCleanFromInput('pc_event_id'); $data_loaded = pnVarCleanFromInput('data_loaded'); $is_update = pnVarCleanFromInput('is_update'); $authid = pnVarCleanFromInput('authid'); //pennfirm uname matchup future fix //if(pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); } //else { $uname = pnConfigGetVar('anonymous'); } $uname = $_SESSION['authUser']; if (!isset($event_repeat)) { $event_repeat = 0; } if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) { // lets wrap all the data into array for passing to submit and preview functions $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', "event_userid", "event_pid", 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'event_patient_name', 'event_pid'); $eventdata['is_update'] = $is_update; $eventdata['pc_event_id'] = $pc_event_id; $eventdata['data_loaded'] = true; $eventdata['category'] = base64_encode(serialize($category)); } else { $event =& postcalendar_userapi_pcGetEventDetails($pc_event_id); //echo "uname is:$uname other name is: ".$event['uname'] . "<br />"; if ($uname != $event['uname']) { if (!validateGroupStatus($uname, getUsername($event['uname']))) { return _PC_CAN_NOT_EDIT; } } $eventdata['event_subject'] = $event['title']; $eventdata['event_desc'] = $event['hometext']; $eventdata['event_sharing'] = $event['sharing']; $eventdata['event_category'] = $event['catid']; $eventdata['event_topic'] = $event['topic']; $eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2); $eventdata['event_startday'] = substr($event['eventDate'], 8, 2); $eventdata['event_startyear'] = substr($event['eventDate'], 0, 4); $eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2); $eventdata['event_starttimem'] = substr($event['startTime'], 3, 2); $eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? 1 : 2; //1 is am , 2 is pm $eventdata['event_endmonth'] = substr($event['endDate'], 5, 2); $eventdata['event_endday'] = substr($event['endDate'], 8, 2); $eventdata['event_endyear'] = substr($event['endDate'], 0, 4); $eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1'; $eventdata['event_dur_hours'] = $event['duration_hours']; $eventdata['event_dur_minutes'] = $event['duration_minutes']; $eventdata['event_duration'] = $event['duration']; $eventdata['event_allday'] = $event['alldayevent']; $loc_data = unserialize($event['location']); $eventdata['event_location'] = $loc_data['event_location']; $eventdata['event_street1'] = $loc_data['event_street1']; $eventdata['event_street2'] = $loc_data['event_street2']; $eventdata['event_city'] = $loc_data['event_city']; $eventdata['event_state'] = $loc_data['event_state']; $eventdata['event_postal'] = $loc_data['event_postal']; $eventdata['event_location_info'] = $loc_data; $eventdata['event_contname'] = $event['contname']; $eventdata['event_conttel'] = $event['conttel']; $eventdata['event_contemail'] = $event['contemail']; $eventdata['event_website'] = $event['website']; $eventdata['event_fee'] = $event['fee']; $eventdata['event_repeat'] = $event['recurrtype']; $rspecs = unserialize($event['recurrspec']); $eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq']; $eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type']; $eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num']; $eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day']; $eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq']; $eventdata['event_recurrspec'] = $rspecs; $eventdata['uname'] = $uname; $eventdata['event_userid'] = $event['event_userid']; $eventdata['event_pid'] = $event['pid']; $eventdata['event_aid'] = $event['aid']; $eventdata['Date'] = $Date; $eventdata['year'] = $year; $eventdata['month'] = $month; $eventdata['day'] = $day; $eventdata['is_update'] = true; $eventdata['pc_event_id'] = $pc_event_id; $event_data['patient_name'] = $event_patient_name; $eventdata['data_loaded'] = true; $eventdata['pc_html_or_text'] = $pc_html_or_text; $eventdata['category'] = base64_encode(serialize($category)); } // lets get the module's information $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); $output->tabindex = 1; //================================================================ // ERROR CHECKING //================================================================ // removed event_desc as a required_var $required_vars = array('event_subject'); $required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC); $error_msg = ''; $output->SetOutputMode(_PNH_RETURNOUTPUT); $reqCount = count($required_vars); //print_r($eventdata); for ($r = 0; $r < $reqCount; $r++) { if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) { $error_msg .= $output->Text('<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4); $error_msg .= $output->Linebreak(); } } unset($reqCount); // check repeating frequencies if ($event_repeat == REPEAT) { //can't have a repeating event that doesnt have an end date if ($event_endtype == 0) { $error_msg .= $output->Text("Repeating events must have an end date set."); $error_msg .= $output->Linebreak(); } if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR5); $error_msg .= $output->Linebreak(); } elseif (!is_numeric($event_repeat_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR6); $error_msg .= $output->Linebreak(); } } elseif ($event_repeat == REPEAT_ON) { //can't have a repeating event that doesnt have an end date if ($event_endtype == 0) { $error_msg .= $output->Text("Repeating events must have an end date set."); $error_msg .= $output->Linebreak(); } if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR5); $error_msg .= $output->Linebreak(); } elseif (!is_numeric($event_repeat_on_freq)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR6); $error_msg .= $output->Linebreak(); } } // check date validity if (_SETTING_TIME_24HOUR) { $startTime = $event_starttimeh . ':' . $event_starttimem; $endTime = $event_endtimeh . ':' . $event_endtimem; } else { if ($event_startampm == _AM_VAL) { $event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh; } else { $event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh; } $startTime = $event_starttimeh . ':' . $event_starttimem; } $sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday); $edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday); $tdate = strtotime(date('Y-m-d')); if ($edate < $sdate && $event_endtype == 1) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR1); $error_msg .= $output->Linebreak(); } if (!checkdate($event_startmonth, $event_startday, $event_startyear)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR2 . " '{$event_startyear}-{$event_startmonth}-{$event_startday}'"); $error_msg .= $output->Linebreak(); } if (!checkdate($event_endmonth, $event_endday, $event_endyear)) { $error_msg .= $output->Text(_PC_SUBMIT_ERROR3 . " '{$event_endyear}-{$event_endmonth}-{$event_endday}'"); $error_msg .= $output->Linebreak(); } //check limit on category if (($ret = checkCategoryLimits($eventdata)) != null) { $error_msg .= $output->Text("This category has a limit of {$ret['limit']} between {$ret['start']} and {$ret['end']} which you have exceeded."); $error_msg .= $output->Linebreak(); //$output->Text(pnModAPIFunc('PostCalendar','user','buildSubmitForm',$eventdata)); //return $output->GetOutput(); } //echo "fa: " . $form_action . " double_book: " . pnVarCleanFromInput("double_book") . " update: " . $eventdata['is_update'] . " em: " . $error_msg; //event collision check if ($form_action == "commit" && pnVarCleanFromInput("double_book") != 1 && !$eventdata['is_update'] && empty($error_msg)) { //check on new shceduling events(in or out of office) to make sure that //you don't have more than one set per day //event category 1 is in office, event category 2 is out of office if ($eventdata['event_category'] == 2 || $eventdata['event_category'] == 3) { $searchargs = array(); $searchargs['start'] = $eventdata['event_startmonth'] . "/" . $eventdata['event_startday'] . "/" . $eventdata['event_startyear']; $searchargs['end'] = $eventdata['event_endmonth'] . "/" . $eventdata['event_endday'] . "/" . $eventdata['event_endyear']; $searchargs['provider_id'] = $eventdata['event_userid']; //faFLag uses pcgeteventsfa, which can search on provider $searchargs['faFlag'] = true; $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) "; //print_r($searchargs); $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs); $ekey = md5($event_data['subject'] . date("U") . rand(0, 1000)); $oldstatus = $eventdata['event_status']; $oldtitle = $eventdata['event_subject']; $old_patient_name = $eventdata['patient_name']; $old_dur_hours = $eventdata['event_dur_hours']; $old_dur_min = $eventdata['event_dur_minutes']; $old_duration = $eventdata['event_duration']; $eventdata['event_subject'] = mysql_real_escape_string($ekey); $eventdata['event_status'] = _EVENT_TEMPORARY; if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) { $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $error_msg .= $output->Text("<b>The system was unable to check you event for conflicts with other events because there was a problem with your database.</b><br />"); $error_msg .= $output->Text('</div></center>'); $error_msg .= $output->Linebreak(); $error_msg .= $output->Text($dbconn->ErrorMsg()); } $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) AND a.pc_title = '" . $eventdata['event_subject'] . "' "; $searchargs['event_status'] = _EVENT_TEMPORARY; $submitEventByDate =& postcalendar_userapi_pcGetEvents($searchargs); if (!delete_event($ekey)) { $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $error_msg .= $output->Text("<b>The system was unable to delete a temporary record it created, this may have left the database in an inconsistent state.</b><br />"); $error_msg .= $output->Text('</div></center>'); $error_msg .= $output->Linebreak(); $error_msg .= $output->Text($dbconn->ErrorMsg()); } $eventdata['event_status'] = $oldstatus; $eventdata['event_subject'] = $oldtitle; $eventdata['patient_name '] = $old_patient_name; $eventdata['event_dur_hours'] = $old_dur_hour; $eventdata['event_dur_minutes'] = $old_dur_min; foreach ($submitEventByDate as $date => $newevent) { if (count($eventsByDate[$date]) > 0 && count($newevent) > 0) { foreach ($eventsByDate[$date] as $con_event) { if ($con_event['catid'] == $newevent[0]['catid']) { $error_msg .= $output->Text('There is a conflict on ' . $date . ' with event ' . $con_event['title']); $error_msg .= $output->Linebreak(); } } } } /*echo "<br /><br />"; print_r($eventsByDate); echo "<br /><br />"; print_r($submitEventByDate);*/ } $colls = checkEventCollision($eventdata); if (count($colls) > 0) { foreach ($colls as $coll) { $error_msg .= $output->Text("Event Collides with: " . $coll['title'] . " at " . date("g:i a", strtotime($coll['startTime'])) . "<br />"); $error_msg .= $output->Linebreak(); } $error_msg .= $output->Text("Submit again to \"Double Book\" <br />To change values click back in your browser."); $error_msg .= $output->Linebreak(); // the following line will display "DOUBLE BOOKED" if when adding an event there is a collistion with anothe appointment //$eventdata['event_subject'] = "DOUBLE BOOKED " . $eventdata['event_subject']; $eventdata['double_book'] = 1; } } $output->SetOutputMode(_PNH_KEEPOUTPUT); if ($form_action == 'preview') { //================================================================ // Preview the event //================================================================ // check authid if (!pnSecConfirmAuthKey()) { return _NO_DIRECT_ACCESS; } if (!empty($error_msg)) { $preview = false; $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'); $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'); $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'); $output->Linebreak(); $output->Text($error_msg); $output->Text('</td></td></table>'); $output->Text('</td></td></table>'); $output->Linebreak(2); } else { $output->Text(pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata)); $output->Linebreak(); } } elseif ($form_action == 'commit') { //================================================================ // Enter the event into the DB //================================================================ if (!empty($error_msg)) { if (!pnSecConfirmAuthKey(true)) { return _NO_DIRECT_ACCESS; } } else { if (!pnSecConfirmAuthKey()) { return _NO_DIRECT_ACCESS; } } if (!empty($error_msg)) { $preview = false; $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">'); $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">'); $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>'); $output->Linebreak(); $output->Text($error_msg); $output->Text('</td></td></table>'); $output->Text('</td></td></table>'); $output->Linebreak(2); } else { if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) { $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">'); $output->Text("<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>"); $output->Text('</div></center>'); $output->Linebreak(); $output->Text($dbconn->ErrorMsg()); } else { // clear the Smarty cache $tpl = new pcSmarty(); $tpl->clear_all_cache(); $output->Text('<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">'); if ($is_update) { $output->Text("<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>"); } else { $output->Text("<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>"); } $output->Text('</div></center>'); $output->Linebreak(); // clear the form vars $event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = $event_patient_name = $evnet_pid = null; $is_update = false; $pc_event_id = 0; //$_SESSION['category'] = ""; // lets wrap all the data into array for passing to submit and preview functions $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id', 'event_patient_name'); //if no using the no_nav format then show form again after submit if (pnVarCleanFromInput("no_nav") == 1) { return $output->GetOutput(); } } } } $output->Text(pnModAPIFunc('PostCalendar', 'user', 'buildSubmitForm', $eventdata)); return $output->GetOutput(); }
function postcalendar_admin_categoryLimitsUpdate() { if (!PC_ACCESS_ADMIN) { return _POSTCALENDAR_NOAUTH; } $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit'); $updates = array(); if (isset($id)) { foreach ($id as $k => $i) { $found = false; if (count($del)) { foreach ($del as $d) { if ($i == $d) { $found = true; break; } } } if (!$found) { $start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0)); $end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0)); $update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}"; array_push($updates, $update_sql); } } } $dels = implode(",", $del); $delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})"; $e = $msg = ''; if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) { $e .= 'UPDATE FAILED'; } if (isset($dels)) { if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) { $e .= 'DELETE FAILED'; } } if (isset($newLimit) && $newLimit > 0) { $start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0)); $end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0)); if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) { $e .= 'INSERT FAILED'; } } if (empty($e)) { $msg = 'DONE'; } $output->Text(postcalendar_admin_categoryLimits($msg, $e)); return $output->GetOutput(); }
/** * postcalendar_userapi_buildSubmitForm() * create event submit form */ function postcalendar_userapi_buildSubmitForm($args, $admin = false) { $_SESSION['category'] = ""; if (!PC_ACCESS_ADD) { return _POSTCALENDARNOAUTH; } extract($args); unset($args); //since we seem to clobber category $cat = $category; $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); // set up Smarty $tpl = new pcSmarty(); $tpl->caching = false; $template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate'); if (!isset($template_name)) { $template_name = 'default'; } //================================================================= // Setup the correct config file path for the templates //================================================================= $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__)); $modir = pnVarPrepForOS($modinfo['directory']); $modname = $modinfo['displayname']; $all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories'); //print_r($all_categories); unset($modinfo); $tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/"; //================================================================= // PARSE MAIN //================================================================= $tpl->assign('webroot', $GLOBALS['web_root']); $tpl->assign_by_ref('TPL_NAME', $template_name); $tpl->assign('FUNCTION', pnVarCleanFromInput('func')); $tpl->assign_by_ref('ModuleName', $modname); $tpl->assign_by_ref('ModuleDirectory', $modir); $tpl->assign_by_ref('category', $all_categories); $tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER); $tpl->assign('EventTitle', _PC_EVENT_TITLE); $tpl->assign('Required', _PC_REQUIRED); $tpl->assign('DateTimeTitle', _PC_DATE_TIME); $tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT); $tpl->assign('TimedEventTitle', _PC_TIMED_EVENT); $tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION); $tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS); $tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES); $tpl->assign('EventDescTitle', _PC_EVENT_DESC); //the double book variable comes from the eventdata array that is //passed here and extracted, injection is not an issue here if (is_numeric($double_book)) { $tpl->assign('double_book', $double_book); } //pennfirm begin patient info handling $ProviderID = pnVarCleanFromInput("provider_id"); if (is_numeric($ProviderID)) { $tpl->assign('ProviderID', $ProviderID); $tpl->assign('provider_id', $ProviderID); } elseif (is_numeric($event_userid) && $event_userid != 0) { $tpl->assign('ProviderID', $event_userid); $tpl->assign('provider_id', $event_userid); } else { if ($_SESSION['userauthorized'] == 1) { $tpl->assign('ProviderID', $_SESSION['authUserID']); } else { $tpl->assign('ProviderID', ""); } } $provinfo = getProviderInfo(); $tpl->assign('providers', $provinfo); $PatientID = pnVarCleanFromInput("patient_id"); // limit the number of results returned by getPatientPID // this helps to prevent the server from stalling on a request with // no PID and thousands of PIDs in the database -- JRM // the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc $plistlimit = 500; if (is_numeric($PatientID)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit))); } elseif (is_numeric($event_pid)) { $tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit))); } else { $tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit))); } $tpl->assign('event_pid', $event_pid); $tpl->assign('event_aid', $event_aid); $tpl->assign('event_category', pnVarCleanFromInput("event_category")); if (empty($event_patient_name)) { $patient_data = getPatientData($event_pid, $given = "lname, fname"); $event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname']; } $tpl->assign('patient_value', $event_patient_name); //================================================================= // PARSE INPUT_EVENT_TITLE //================================================================= $tpl->assign('InputEventTitle', 'event_subject'); $tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject)); //================================================================= // PARSE SELECT_DATE_TIME //================================================================= // It seems that with Mozilla at least, <select> fields that are disabled // do not get passed as form data. Therefore we ignore $double_book so // that the fields will not be disabled. -- Rod 2005-03-22 $output->SetOutputMode(_PNH_RETURNOUTPUT); if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth)); $formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday)); $formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear)); $formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectDateTime', $formdata); $tpl->assign('InputAllday', 'event_allday'); $tpl->assign('ValueAllday', '1'); $tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : ''); $tpl->assign('InputTimed', 'event_allday'); $tpl->assign('ValueTimed', '0'); $tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : ''); $tpl->assign('STYLE', $GLOBALS['style']); //================================================================= // PARSE SELECT_END_DATE_TIME //================================================================= $output->SetOutputMode(_PNH_RETURNOUTPUT); //if there is no end date we want the box to read todays date instead of jan 01 1994 :) if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) { $event_endmonth = $month; $event_endday = $day; $event_endyear = $year; } if (_SETTING_USE_INT_DATES) { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); } else { $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth)); $formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, ''); $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday)); $formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, ''); } $sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear)); $formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, ''); $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectEndDate', $formdata); //================================================================= // PARSE SELECT_TIMED_EVENT //================================================================= $stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem)); $output->SetOutputMode(_PNH_RETURNOUTPUT); $timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, ''); $timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, ''); if (!_SETTING_TIME_24HOUR) { $ampm = array(); $ampm[0]['id'] = pnVarPrepForStore(_AM_VAL); $ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM); $ampm[1]['id'] = pnVarPrepForStore(_PM_VAL); $ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM); if ($event_startampm == "AM" || $event_startampm == _AM_VAL) { $ampm[0]['selected'] = 1; } else { $ampm[1]['selected'] = 1; } $timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, ''); } else { $timed_ampm = ''; } $output->SetOutputMode(_PNH_KEEPOUTPUT); $tpl->assign('SelectTimedHours', $timed_hours); $tpl->assign('SelectTimedMinutes', $timed_minutes); $tpl->assign('SelectTimedAMPM', $timed_ampm); $tpl->assign('event_startday', $event_startday); $tpl->assign('event_startmonth', $event_startmonth); $tpl->assign('event_startyear', $event_startyear); $tpl->assign('event_starttimeh', $event_starttimeh); $tpl->assign('event_starttimem', $event_starttimem); $tpl->assign('event_startampm', $event_startampm); $tpl->assign('event_dur_hours', $event_dur_hours); $tpl->assign('event_dur_minutes', $event_dur_minutes); //================================================================= // PARSE SELECT_DURATION //================================================================= $event_dur_hours = (int) $event_dur_hours; for ($i = 0; $i <= 24; $i += 1) { $TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); } $tpl->assign('TimedDurationHours', $TimedDurationHours); $tpl->assign('InputTimedDurationHours', 'event_dur_hours'); $found_time = false; for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) { $TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i)); if ($TimedDurationMinutes[$i]['selected'] == 'selected') { $found_time = true; } } if (!$found_time) { $TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes)); } $tpl->assign('TimedDurationMinutes', $TimedDurationMinutes); $tpl->assign('hidden_event_dur_minutes', $event_dur_minutes); $tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes'); //================================================================= // PARSE INPUT_EVENT_DESC //================================================================= $tpl->assign('InputEventDesc', 'event_desc'); if (empty($pc_html_or_text)) { $display_type = substr($event_desc, 0, 6); if ($display_type == ':text:') { $pc_html_or_text = 'text'; $event_desc = substr($event_desc, 6); } elseif ($display_type == ':html:') { $pc_html_or_text = 'html'; $event_desc = substr($event_desc, 6); } else { $pc_html_or_text = 'text'; } unset($display_type); } $tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc)); $eventHTMLorText = "<select name=\"pc_html_or_text\">"; if ($pc_html_or_text == 'text') { $eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>"; } else { $eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>"; } if ($pc_html_or_text == 'html') { $eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>"; } else { $eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>"; } $eventHTMLorText .= "</select>"; $tpl->assign('EventHTMLorText', $eventHTMLorText); //================================================================= // PARSE select_event_topic_block //================================================================= $tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS); if ((bool) _SETTING_DISPLAY_TOPICS) { $a_topics =& postcalendar_userapi_getTopics(); $topics = array(); foreach ($a_topics as $topic) { array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text'])); } unset($a_topics); // only show this if we have topics to show if (count($topics) > 0) { $tpl->assign('topics', $topics); $tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC); $tpl->assign('InputEventTopic', 'event_topic'); } } //================================================================= // PARSE select_event_type_block //================================================================= $categories = array(); foreach ($all_categories as $category) { array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc'])); } // only show this if we have categories to show // you should ALWAYS have at least one valid category if (count($categories) > 0) { $tpl->assign('categories', $categories); $tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY); $tpl->assign('InputEventCategory', 'event_category'); $tpl->assign('hidden_event_category', $event_category); } //================================================================= // PARSE event_sharing_block //================================================================= $data = array(); if (_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE)); array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC)); array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY)); } if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) { array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL)); } $sharing = array(); foreach ($data as $cell) { array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1])); } //pennfirm get list of providers from openemr code in calendar.inc $tpl->assign("user", getCalendarProviderInfo()); $tpl->assign('sharing', $sharing); $tpl->assign('EventSharingTitle', _PC_SHARING); $tpl->assign('InputEventSharing', 'event_sharing'); //================================================================= // location information //================================================================= $tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION); $tpl->assign('InputLocation', 'event_location'); $tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location)); $tpl->assign('EventStreetTitle', _PC_EVENT_STREET); $tpl->assign('InputStreet1', 'event_street1'); $tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1)); $tpl->assign('InputStreet2', 'event_street2'); $tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2)); $tpl->assign('EventCityTitle', _PC_EVENT_CITY); $tpl->assign('InputCity', 'event_city'); $tpl->assign('ValueCity', pnVarPrepForDisplay($event_city)); $tpl->assign('EventStateTitle', _PC_EVENT_STATE); $tpl->assign('InputState', 'event_state'); $tpl->assign('ValueState', pnVarPrepForDisplay($event_state)); $tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL); $tpl->assign('InputPostal', 'event_postal'); $tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal)); //================================================================= // contact information //================================================================= $tpl->assign('EventContactTitle', _PC_EVENT_CONTACT); $tpl->assign('InputContact', 'event_contname'); $tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname)); $tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE); $tpl->assign('InputPhone', 'event_conttel'); $tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel)); $tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL); $tpl->assign('InputEmail', 'event_contemail'); $tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail)); $tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE); $tpl->assign('InputWebsite', 'event_website'); $tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website)); $tpl->assign('EventFeeTitle', _PC_EVENT_FEE); $tpl->assign('InputFee', 'event_fee'); $tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee)); //================================================================= // Repeating Information //================================================================= $tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER); $tpl->assign('NoRepeatTitle', _PC_NO_REPEAT); $tpl->assign('RepeatTitle', _PC_REPEAT); $tpl->assign('RepeatOnTitle', _PC_REPEAT_ON); $tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH); $tpl->assign('EndDateTitle', _PC_END_DATE); $tpl->assign('NoEndDateTitle', _PC_NO_END); $tpl->assign('InputNoRepeat', 'event_repeat'); $tpl->assign('ValueNoRepeat', '0'); $tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : ''); $tpl->assign('InputRepeat', 'event_repeat'); $tpl->assign('ValueRepeat', '1'); $tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH); $keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH); $repeat_freq = array(); foreach ($in as $k => $v) { array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreq', 'event_repeat_freq'); if (empty($event_repeat_freq) || $event_repeat_freq < 1) { $event_repeat_freq = 1; } $tpl->assign('InputRepeatFreqVal', $event_repeat_freq); $tpl->assign('repeat_freq', $repeat_freq); unset($in); $in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR); $keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR); $repeat_freq_type = array(); foreach ($in as $k => $v) { array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type'); $tpl->assign('repeat_freq_type', $repeat_freq_type); $tpl->assign('InputRepeatOn', 'event_repeat'); $tpl->assign('ValueRepeatOn', '2'); $tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : ''); unset($in); $in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST); $keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST); $repeat_on_num = array(); foreach ($in as $k => $v) { array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnNum', 'event_repeat_on_num'); $tpl->assign('repeat_on_num', $repeat_on_num); unset($in); $in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT); $keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT); $repeat_on_day = array(); foreach ($in as $k => $v) { array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnDay', 'event_repeat_on_day'); $tpl->assign('repeat_on_day', $repeat_on_day); unset($in); $in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR); $keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR); $repeat_on_freq = array(); foreach ($in as $k => $v) { array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v)); } $tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq'); if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) { $event_repeat_on_freq = 1; } $tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq); $tpl->assign('repeat_on_freq', $repeat_on_freq); $tpl->assign('MonthsTitle', _PC_MONTHS); //================================================================= // PARSE INPUT_END_DATE //================================================================= $tpl->assign('InputEndOn', 'event_endtype'); $tpl->assign('ValueEndOn', '1'); $tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : ''); //================================================================= // PARSE INPUT_NO_END //================================================================= $tpl->assign('InputNoEnd', 'event_endtype'); $tpl->assign('ValueNoEnd', '0'); $tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : ''); $qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']); $tpl->assign('qstring', $qstring); $output->SetOutputMode(_PNH_RETURNOUTPUT); $authkey = $output->FormHidden('authid', pnSecGenAuthKey()); $output->SetOutputMode(_PNH_KEEPOUTPUT); $form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />"; $form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />"; if (isset($data_loaded)) { $form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />"; $tpl->assign('FormHidden', $form_hidden); } $form_submit = '<input type=hidden name="form_action" value="commit"/> ' . $authkey . '<input type="submit" name="submit" value="go">'; $tpl->assign('FormSubmit', $form_submit); // do not cache this page if ($admin) { $output->Text($tpl->fetch($template_name . '/admin/submit.html')); } elseif (pnVarCleanFromInput("no_nav") == 1) { $output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html')); } else { $output->Text($tpl->fetch($template_name . '/user/submit.html')); } $output->Text(postcalendar_footer()); return $output->GetOutput(); }
function postcalendar_adminapi_buildAMPMSelect($args) { extract($args); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); $options = array(); if (pnModGetVar(__POSTCALENDAR__, 'time24hours')) { return false; } else { $options[0]['id'] = 'AM'; $options[0]['selected'] = ''; $options[0]['name'] = 'AM'; $options[1]['id'] = 'PM'; $options[1]['selected'] = ''; $options[1]['name'] = 'PM'; } $output->FormSelectMultiple('pc_ampm', $options); return $output->GetOutput(); }
function modules_adminmenu() { $output = new pnHTML(); if (!pnSecAuthAction(0, 'Modules::', '::', ACCESS_ADMIN)) { $output->Text(_MODULESNOAUTH); return $output->GetOutput(); } $output->Text(pnGetStatusMsg()); $output->Linebreak(2); $output->TableStart(_MODULES); $output->SetOutputMode(_PNH_RETURNOUTPUT); $columns = array(); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'list')), _LIST); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'regenerate', array('authid' => pnSecGenAuthKey()))), _REGENERATE); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddRow($columns); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); return $output->GetOutput(); }
function search_stories() { list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool'); if (!isset($active_stories) || !$active_stories) { return; } $output = new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (empty($bool)) { $bool = 'OR'; } $flag = false; $storcol =& $pntable['stories_column']; $stcatcol =& $pntable['stories_cat_column']; $topcol =& $pntable['topics_column']; $query = ""; $query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE "; // hack to get this to work, but much better than what we had before //$query .= " 1 = 1 "; // words $w = search_split_query($q); if (isset($w)) { foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR "; //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR "; $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR "; $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'"; $query .= ')'; $flag = true; $no_flag = false; } } else { $no_flag = true; } // topics if (isset($stories_topics) && !empty($stories_topics)) { $flag = false; $start_flag = false; // dont set AND/OR if nothing is in front foreach ($stories_topics as $v) { if (empty($v)) { continue; } if (!$no_flag and !$start_flag) { $query .= " AND ("; $start_flag = true; } if ($flag) { $query .= " OR "; } $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag and $start_flag) { $query .= ") "; $no_flag = false; } } // categories if (!is_array($stories_cat)) { $stories_cat[0] = ''; } if (isset($stories_cat[0]) && !empty($stories_cat[0])) { if (!$no_flag) { $query .= " AND ("; } $flag = false; foreach ($stories_cat as $v) { if ($flag) { $query .= " OR "; } $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'"; $flag = true; } if (!$no_flag) { $query .= ") "; $no_flag = false; } } // authors if (isset($stories_author) && $stories_author != "") { if (!$no_flag) { $query .= " AND ("; } $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'"; $result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $query .= " OR {$storcol['aid']}={$row['pn_uid']}"; $result->MoveNext(); } if (!$no_flag) { $query .= ") "; $no_flag = false; } } else { $stories_author = ''; } if (pnConfigGetVar('multilingual') == 1) { if (!empty($query)) { $query .= " AND"; } $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')"; } if (empty($query)) { $query = "1"; } $query .= " ORDER BY {$storcol['time']} DESC"; $query = $query1 . $query; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_author=" . $stories_author; if (isset($stories_cat) && $stories_cat) { foreach ($stories_cat as $v) { $url .= "&stories_cat%5B%5D={$v}"; } } if (isset($stories_topics) && $stories_topics) { foreach ($stories_topics as $v) { $url .= "&stories_topics%5B%5D={$v}"; } } $url .= "&bool=" . $bool; if (isset($q)) { $url .= "&q=" . $q; } $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) { $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); $output->Text("<li>"); if (!empty($row['topicid'])) { $output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&active_stories=1&stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - "); } if (!empty($row['catid'])) { $output->Text("<a href=\"modules.php?op=modload&name=News&file=index&catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: "); } if ($row['story_title'] == '') { $row['story_title'] = 'No Title'; } $output->Text('<i><a class="pn-normal" href="modules.php?op=modload&name=News&file=article&sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_weblinks() { list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool'); if (empty($active_weblinks)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['links_links_column']; $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // web links $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['url']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a link id so get its category $column2 =& $pntable['links_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_comments() { list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q'); if (empty($active_comments)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['comments_column']; $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, "; $query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['subject']} LIKE '{$word}' OR "; $query .= "{$column['comment']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['subject']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_comments=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if ($row[pid] != 0) { // comment with parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&req=showreply&tid={$row['tid']}&sid={$row['sid']}&pid={$row['pid']}\">{$row['subject']}</a></li>"); } else { // comment without parent posting $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=NS-Comments&file=index&tid={$row['tid']}&sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_downloads() { list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total'); if (empty($active_downloads)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later... $column =& $pntable['downloads_downloads_column']; $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // downloads $query .= "{$column['description']} LIKE '{$word}' OR \n"; $query .= "{$column['title']} LIKE '{$word}' OR \n"; $query .= "{$column['submitter']} LIKE '{$word}' OR \n"; $query .= "{$column['name']} LIKE '{$word}' OR \n"; $query .= "{$column['homepage']} LIKE '{$word}' \n"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['lid']}"; if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_downloads=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we have a download id so get its category $column2 =& $pntable['downloads_categories_column']; $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}"); list($title) = $result2->fields; if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Downloads&file=index&req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Mung URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function dplink_adminmenu() { $theme = pnUserGetTheme(); pnThemeLoad($theme); // Create output object $output = new pnHTML(); // Security check if (!pnSecAuthAction(0, 'dplink::', '::', ACCESS_ADMIN)) { $output->Text(pnVarPrepHTMLDisplay(_SHIMLINKNOAUTH)); return $output->GetOutput(); } //Title ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->Title(pnVarPrepHTMLDisplay('<b>' . _SHIMLINK . '</b>')); $output->Text(pnVarPrepHTMLDisplay(_SHIMLINKMODIFYCONFIG)); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); // Start form $output->FormStart(pnModURL('dplink', 'admin', 'updateconfig')); // Add an authorisation ID $output->FormHidden('authid', pnSecGenAuthKey()); // Start the table that holds the information to be modified. ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->TableStart(); // dplink location $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODSUBJECT)); $row[] = $output->FormText('url', pnModGetVar('dplink', 'url'), 50, 50); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Warning $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWARNING)); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Use I-frame $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWRAP)); $row[] = $output->FormCheckbox('use_wrap', pnModGetVar('dplink', 'use_wrap')); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); // Open in New >Window $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(pnVarPrepHTMLDisplay(_MODWINDOW)); $row[] = $output->FormCheckbox('use_window', pnModGetVar('dplink', 'use_window')); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddrow($row, 'left'); $output->TableEnd(); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); // End form //$output->Linebreak(1); ob_start(); OpenTable(); $oTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($oTable); $output->Text('<div align="center"><br>'); $output->FormSubmit(pnVarPrepHTMLDisplay(_SHIMLINKUPDATE)); $output->Text('<br><br></div>'); ob_start(); CloseTable(); $cTable = ob_get_contents(); ob_end_clean(); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text($cTable); $output->FormEnd(); // Return the output that has been generated by this function $output->SetOutputMode(_PNH_KEEPOUTPUT); return $output->GetOutput(); }
/** * composite function for generic confirmation of action * * @param string $confirm_text Confirmation message to display * @param string $confirm_url URL to go to if confirm button is clicked * @param string $cancel_text Link text cor the cancel message * @param string $cancel_url URL to go to is action is canceled * @param array $arg An array of args to create hidden fields for * * @access public */ function ConfirmAction($confirm_text, $confirm_url, $cancel_text, $cancel_url, $arg = array()) { $compoutput = new pnHTML(); $compoutput->FormStart($confirm_url); $compoutput->Text($confirm_text); $compoutput->Linebreak(2); $arg['confirm'] = 1; $arg['authid'] = pnSecGenAuthKey(); $arg['confirmation'] = 1; $compoutput->FormHidden($arg); $compoutput->FormSubmit(_CONFIRM); $compoutput->Linebreak(2); $compoutput->URL($cancel_url, $cancel_text); $compoutput->FormEnd(); if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) { $compoutput->SetOutputMode(_PNH_RETURNOUTPUT); return $compoutput->PrintPage(); } else { $compoutput->SetOutputMode(_PNH_RETURNOUTPUT); $this->output .= $compoutput->GetOutput(); } }
/** * Main administration menu */ function template_adminmenu() { // Create output object - this object will store all of our output so that // we can return it easily when required $output = new pnHTML(); // Display status message if any. Note that in future this functionality // will probably be in the theme rather than in this menu, but this is the // best place to keep it for now $output->Text(pnGetStatusMsg()); $output->Linebreak(2); // Start options menu $output->TableStart(_TEMPLATE); $output->SetOutputMode(_PNH_RETURNOUTPUT); // Menu options. These options are all added in a single row, to add // multiple rows of options the code below would just be repeated $columns = array(); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'new')), _NEWTEMPLATE); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'view')), _VIEWTEMPLATE); $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modifyconfig')), _EDITTEMPLATECONFIG); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddRow($columns); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); // Return the output that has been generated by this function return $output->GetOutput(); }
function search_sections() { list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q'); if (empty($active_sections)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $seccol =& $pntable['seccont_column']; $query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n FROM {$pntable['seccont']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$seccol['title']} LIKE '{$word}' OR \n"; $query .= "{$seccol['content']} LIKE '{$word}')\n"; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')"; } $query .= " ORDER BY {$seccol['artid']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_sections=1&bool={$bool}&q={$q}"; $output->Text('<ul>'); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // we know about the section id so let's get the section name $column2 =& $pntable['sections_column']; $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}"); list($secname) = $result2->fields; if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Sections&file=index&req=viewarticle&artid={$row['id']}\">{$row['title']}</a><br></li>"); } $result->MoveNext(); } $output->Text('</ul>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
function search_faqs() { list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs'); if (empty($active_faqs)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['faqanswer_column']; $faqcatcol =& $pntable['faqcategories_column']; $query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // faqs $query .= "{$column['question']} LIKE '{$word}' OR \n"; $query .= "{$column['answer']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')"; } $query .= " ORDER BY {$column['id']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_faqs=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=FAQ&file=index&myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>"); } $result->MoveNext(); } $output->Text('</ul>'); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * modify block settings */ function template_firstblock_modify($blockinfo) { // Create output object $output = new pnHTML(); // Get current content $vars = pnBlockVarsFromContent($blockinfo['content']); // Defaults if (empty($vars['numitems'])) { $vars['numitems'] = 5; } // Create row $row = array(); $output->SetOutputMode(_PNH_RETURNOUTPUT); $row[] = $output->Text(_NUMITEMS); $row[] = $output->FormText('numitems', pnVarPrepForDisplay($vars['numitems']), 5, 5); $output->SetOutputMode(_PNH_KEEPOUTPUT); // Add row $output->SetInputMode(_PNH_VERBATIMINPUT); $output->TableAddRow($row, 'left'); $output->SetInputMode(_PNH_PARSEINPUT); // Return output return $output->GetOutput(); }
function search_users() { list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q'); if (empty($active_users)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $column =& $pntable['users_column']; $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE "; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; $query .= "{$column['uname']} LIKE '{$word}' OR "; $query .= "{$column['name']} LIKE '{$word}'"; $query .= ')'; $flag = true; } $query .= " ORDER BY {$column['uname']}"; if (empty($total)) { $countres = $dbconn->Execute($query); $total = $countres->PO_RecordCount(); $countres->Close(); } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>'); $url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); // some basic authcheck - might result in a wrong count... if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }
/** * display block */ function admin_messages_messagesblock_display($row) { list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); if (!isset($row['title'])) { $row['title'] = ''; } if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) { return; } $messagestable = $pntable['message']; $messagescolumn =& $pntable['message_column']; if (pnConfigGetVar('multilingual') == 1) { $currentlang = pnUserGetLang(); $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')"; } else { $querylang = ''; } $sql = "SELECT {$messagescolumn['mid']},\n {$messagescolumn['title']},\n {$messagescolumn['content']},\n {$messagescolumn['date']},\n {$messagescolumn['view']}\n FROM {$messagestable}\n WHERE {$messagescolumn['active']} = 1 \n AND ( {$messagescolumn['expire']} > unix_timestamp(now())\n OR {$messagescolumn['expire']} = 0)\n {$querylang}\n ORDER by {$messagescolumn['mid']} DESC"; $result = $dbconn->Execute($sql); if ($dbconn->ErrorNo() != 0) { return; } $output = new pnHTML(); while (list($mid, $title, $content, $date, $view) = $result->fields) { $result->MoveNext(); $show = 0; if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) { switch ($view) { case 1: // Message for everyone $show = 1; break; case 2: // Message for users if (pnUserLoggedIn()) { $show = 1; } break; case 3: // Messages for non-users if (!pnUserLoggedIn()) { $show = 1; } break; case 4: // Messages for administrators of any description if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) { $show = 1; } break; } } if ($show) { list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content)); $output->TableStart('', '', 0); $output->SetInputMode(_PNH_VERBATIMINPUT); $output->SetOutputMode(_PNH_RETURNOUTPUT); $ttitle = $output->Linebreak(); $ttitle .= $output->Text($title); $ttitle .= $output->Linebreak(2); $output->SetOutputMode(_PNH_KEEPOUTPUT); $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center'); $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left'); $output->SetInputMode(_PNH_PARSEINPUT); $output->TableEnd(); } } if ($output->output != "") { // Don't want a title $row['title'] = ''; $row['content'] = $output->GetOutput(); return themesideblock($row); } }
function search_reviews() { list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q'); if (empty($active_reviews)) { return; } list($dbconn) = pnDBGetConn(); $pntable = pnDBGetTables(); $output = new pnHTML(); $output->SetInputMode(_PNH_VERBATIMINPUT); if (!isset($startnum) || !is_numeric($startnum)) { $startnum = 1; } if (isset($total) && !is_numeric($total)) { unset($total); } $w = search_split_query($q); $flag = false; $revcol =& $pntable['reviews_column']; $comcol =& $pntable['reviews_comments_column']; $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n WHERE \n"; foreach ($w as $word) { if ($flag) { switch ($bool) { case 'AND': $query .= ' AND '; break; case 'OR': default: $query .= ' OR '; break; } } $query .= '('; // reviews $query .= "{$revcol['title']} LIKE '{$word}' OR \n"; $query .= "{$revcol['text']} LIKE '{$word}' OR \n"; $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n"; $query .= "{$revcol['cover']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url']} LIKE '{$word}' OR \n"; $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n"; // reviews_comments $query .= "{$comcol['comments']} LIKE '{$word}'\n"; $query .= ')'; $flag = true; } if (pnConfigGetVar('multilingual') == 1) { $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')"; } $query .= " ORDER BY {$revcol['date']}"; // get the total count with permissions! if (empty($total)) { $total = 0; $countres = $dbconn->Execute($query); while (!$countres->EOF) { $row = $countres->GetRowAssoc(false); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $total++; } $countres->MoveNext(); } } $result = $dbconn->SelectLimit($query, 10, $startnum - 1); if (!$result->EOF) { $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS); $output->SetInputMode(_PNH_VERBATIMINPUT); // Rebuild the search string from previous information $url = "modules.php?op=modload&name=Search&file=index&action=search&active_reviews=1&bool={$bool}&q={$q}"; $output->Text("<ul>"); while (!$result->EOF) { $row = $result->GetRowAssoc(false); $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate'])); if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) { $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=Reviews&file=index&req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>"); } $result->MoveNext(); } $output->Text("</ul>"); // Munge URL for template $urltemplate = $url . "&startnum=%%&total={$total}"; $output->Pager($startnum, $total, $urltemplate, 10); } else { $output->SetInputMode(_PNH_VERBATIMINPUT); $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>'); $output->SetInputMode(_PNH_PARSEINPUT); } $output->Linebreak(3); return $output->GetOutput(); }