/** * Note to anyone feeling the need to edit this file... * You MUST declare $db as global inside your functions in order access MySQL from here. */ function changePassword() { echo "<script type=\"text/javascript\" src=\"scripts/mocha.js\"></script>"; global $db; if (isset($_POST['processed'])) { $password = $_POST['password']; $confirm = $_POST['confirm']; if ($password != $confirm) { ReportError("The passwords you entered did not match."); PageRedirect(3, "?op=settings&change=password"); return; } else { if (strlen($password) < 6) { ReportError("The password you entered is less than 6 characters."); PageRedirect(3, "?op=settings&change=password"); return; } } $newpassword = crypt(md5($password), 'iamnotadirtywhorebitch'); $username = $_SESSION['username']; $db->Query("UPDATE `bayonet_users` SET `password` = '{$newpassword}' WHERE `username` = '{$username}' LIMIT 1"); echo "Your password has successfully been changed."; PageRedirect(3, "?op=settings"); return; } ?> <div id="pwordCont"> <form method="POST" action="<?php $_SERVER['PHP_SELF']; ?> "> <h1>Change Your Password</h1> <table> <tr> <td class="right">Password: </td> <td><input type="password" id="inputPassword" name="password" style="width:200px;" /></td> <td> <table cellspacing="0"> <tr><td>Password Strength:</td><td id="complexity"></td></tr> <tr><td colspan="2"><div class="outer"><div id="rating"></div></div></td></tr> </table> </td> </tr> <tr><td></td><td style="text-align:center; color:#626262;">Minimum of 6 Characters</td><td></td></tr> <tr> <td>Confirm Password: </td> <td><input type="password" name="confirm" style="width:200px;" /></td> </tr> <tr><td colspan="2"><input type="submit" value="Change Password" name="processed" /></td> </table> </form> </div> <?php }
/** * Note to anyone feeling the need to edit this file... * You MUST declare $db as global inside your functions in order access MySQL from here. */ function EditAnnouncements() { global $db; if (isset($_POST['processed'])) { //Secure our data to prevent injection attacks. $title = addslashes($_POST['title']); $text = addslashes($_POST['text']); if (empty($title) || empty($text)) { echo "You must fill everything out before proceeding."; return; } //Update the database with the new data. $db->Query("UPDATE bayonet_announcements SET title = '{$title}', text = '{$text}' WHERE announcement_id = 0"); echo "Announcement, '{$title}', has been edited.\n <br /><br /> Please wait while you are redirected. <br /><br /> \n\t\t\t<a href=\"?op=announcements\">Click here if you don't feel like waiting.</a>"; // 3 second redirect to go back to the edit page PageRedirect(2, "?op=announcements"); //die, because we have completed what we wanted to do. return; } //Grab the page from the database according to the $article_id passed to the function. $result = $db->Query("SELECT title,text FROM bayonet_announcements WHERE announcement_id = 0"); $announcement = $db->FetchRow($result); ?> <form action="<?php $_SERVER['PHP_SELF']; ?> " method="post"> <table> <tr><td>Announcement Title: <input type="text" name="title" value="<?php echo $announcement['title']; ?> " maxlength="50" size="30" /> </td></tr> <tr><td> <textarea id="markItUp" rows="30" cols="80" name="text"><?php echo $announcement['text']; ?> </textarea> </td></tr> <tr><td> <input type="submit" name="processed" value="Submit Changes" /> </td></tr> </table> </form> <?php }
function login() { global $db; if (isset($_SESSION['username']) || isset($_SESSION['password'])) { return true; } if (isset($_POST['processed'])) { $username = addslashes($_POST['username']); $password = addslashes($_POST['password']); $password = crypt(md5($password), 'iamnotadirtywhorebitch'); $result = $db->Query("SELECT * FROM bayonet_users WHERE username = '******' AND password = '******' LIMIT 1"); $rows = $db->Rows($result); $row = $db->FetchRow($result); if ($rows > 0) { $_SESSION['username'] = stripslashes($username); $_SESSION['password'] = stripslashes($password); $_SESSION['level'] = $row['level']; return true; } else { ReportError("Login incorrect."); //NOT CORRECT LOGIN, DEFAULT TO LOGIN PAGE //echo "<meta http-equiv=\"Refresh\" content=\"1;url=index.php\">"; PageRedirect(1, "index.php"); return false; } } else { echo "<form action=\"\" method=\"post\">\n"; //OpenTable(); echo "<table style=\"width:100%; height:600px;\">"; echo "<tr><td><table width=\"450px\" style=\"background-color:white;\" align=\"center\">\n\n <tr><td colspan=\"2\" style=\"text-align:center;\"><img src=\"images/bayonet_logo.jpg\" /></td></tr>\n\n <tr><th colspan=\"2\">Administrative Login</th></tr>\n\n <tr><th style=\"text-align:right;\">Username</th><td><input size=\"20\" type=\"text\" name=\"username\"></td></tr>\n\n <tr><th style=\"text-align:right;\">Password</th><td><input size=\"20\" type=\"password\" name=\"password\"></td></tr>\n\n <tr><th colspan=\"2\" align=\"center\"><input type=\"Submit\" name=\"processed\" value=\"Login\"></th></tr></td></tr>\n\n </table>\n"; //CloseTable(); echo "</table>"; echo "</form>\n"; return false; } }
<?php $award = getAward($award_id); $form = new BayonetForm("", "POST"); if ($form->verifySubmit('processed')) { global $db; $name = $form->request['name']; $text = $form->request['text']; $db->Query("UPDATE `rudi_awards` SET `name` = '{$name}', `description` = '{$text}' WHERE `award_id` = '{$award_id}' LIMIT 1"); PageRedirect(1, "?op=rudi&show=awards&award={$award_id}"); return; } echo LinkInternal("Cancel", "?op=rudi&show=awards&cid={$award['class_id']}"); OpenTable(); ?> <tr><th>Name:</th><td><?php $form->textField('name', $award['name'], false, "50"); ?> </td><tr> <tr><th>Image:</th><td><?php ?> </td></tr> <tr><th>Text:</th><td><?php $form->textArea('text', 10, 30, $award['description']); ?> </td></tr> <tr><td><?php $form->submitButton('processed', 'Update'); ?> </td></tr>
function ResetPassword($user_id) { global $db; $result = $db->Query("SELECT `username`, `email` FROM `bayonet_users` WHERE `user_id` = '{$user_id}' LIMIT 1"); $admin = $db->FetchRow($result); decho($admin); if (isset($_POST['proceed'])) { $password = GeneratePassword(8); $cryptpassword = crypt(md5($password), 'iamnotadirtywhorebitch'); $status = EmailPassword($admin['username'], $password, $admin['email']); if ($status) { $db->Query("UPDATE `bayonet_users` SET `password` = '{$cryptpassword}' WHERE `user_id` = '{$user_id}' LIMIT 1"); echo "Password has been reset and emailed to '{$admin['username']}'"; PageRedirect(3, "?op=admins"); } else { ReportError("An error has occured emailing the new password. It will not take effect."); } return; } if (isset($_POST['cancel'])) { echo "The password <b>WILL NOT</b> be reset for '{$admin['username']}'"; PageRedirect(3, "?op=admins"); return; } ?> <center> <form action="<?php $_SERVER['PHP_SELF']; ?> " method="post"> <table> <th>Are you SURE you want to reset this user's password: '******'username']; ?> '?</th> <tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr> </table> </form> </center> <?php }
function EditBlock($block_id) { global $db; if (isset($_POST['processed'])) { //Secure our data to prevent injection attacks. $weight = (int) addslashes($_POST['weight']); $dir_name = addslashes($_POST['dir_name']); $position = (int) addslashes($_POST['position']); $active = addslashes($_POST['active']); $title = addslashes($_POST['title']); if (!is_int($weight) || empty($dir_name) || empty($title) || !is_int($position)) { echo "You must fill everything out before proceeding."; return; } //Update the database with the new data. $db->Query("UPDATE bayonet_blocks SET title = '{$title}', weight = '{$weight}', dir_name = '{$dir_name}', position = '{$position}', active = '{$active}' WHERE block_id = '{$block_id}'"); //$isActive = $active ? "IS" : "IS NOT"; echo "Block, '{$dir_name}', at position '{$weight}'(order) has been edited.\n"; PageRedirect(3, "?op=blocks"); //die, because we have completed what we wanted to do. return; } //Grab the page from the database according to the $page_id passed to the function. $result = $db->Query("SELECT weight,dir_name,position,active,title FROM bayonet_blocks WHERE block_id = '{$block_id}'"); $block = $db->FetchRow($result); ?> You are currently editing the '<?php echo $block['title']; ?> ' block<br /><br /> <form action="<?php $_SERVER['PHP_SELF']; ?> " method="post"> <table align="center"> <tr><th>Title</th><td><input type="text" name="title" value="<?php echo $block['title']; ?> " /></td></tr> <tr><th>Weight</th><td><input type="text" name="weight" value="<?php echo $block['weight']; ?> " /></td></tr> <tr><th>Position</th><td><?php GetPosition($block['position']); ?> </td></tr> <tr><th>Directory Name</th><td><input type="text" name="dir_name" value="<?php echo $block['dir_name']; ?> " /></td> <tr><th>Active</th><td> <select name="active"> <?php GetActive($block_id, $block['active']); ?> </select> </td> <tr><th colspan="2"><input type="submit" name="processed" value="Submit" /><?php echo LinkInternal('<input type="button" value="Cancel" />', "?op=blocks"); ?> </th></tr> </table> </form> <?php }
$xfire = addslashes($_POST['xfire']); $email = addslashes($_POST['email']); $bio = addslashes($_POST['bio']); //$discharged = empty($discharged) ? NULL : "'{$discharged}'"; $query = "INSERT INTO `rudi_unit_members` SET" . " `rank_id` = '{$rank_id}'," . " `country_id` = '{$country_id}'," . " `role_id` = '{$role_id}', " . " `status_id` = '{$status_id}'," . " `cunit_id` = '{$unit_id}'," . " `weapon_id` = '{$weapon_id}'," . " `weapon2_id` = '{$weapon2_id}'," . " `a2_id` = '{$a2_id}'," . " `oa_id` = '{$oa_id}'," . " `username` = '{$username}'," . " `email` = '{$email}'," . " `xfire` = '{$xfire}'," . " `first_name` = '{$first_name}'," . " `last_name` = '{$last_name}'," . " `location_city` = '{$city}'," . " `location_province` = '{$province}'," . " `bio` = '{$bio}'," . " `date_enlisted` = '{$enlisted}'," . " `date_promotion` = '{$promoted}'," . " `primary_mos` = '{$primary_mos}',"; if (empty($discharged)) { $query = $query . " `date_discharged` = null"; } else { $query = $query . " `date_discharged` = '{$discharged}'"; } decho($query); $db->Query($query); $member_id = $db->InsertID(); decho($member_id); //$db->Query("INSERT INTO `rudi_roles_container` SET `role_id` = '$role_id', `member_id` = '$member_id'"); PageRedirect(1, "?op=rudi&show=members&profile={$member_id}"); return; } ?> <a href="?op=rudi&show=members">Cancel</a><br /> <form method="POST" action=""> <table width="100%" style="text-align:center;"> <tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php echo $member['first_name'] . " " . $member['last_name']; ?> </th></tr> <tr><td class="right" width="50%">Rank:</td><td class="left"> <select name="rank"> <?php $ranks = GetRanks(); foreach ($ranks as $rank) {
function DeletePage($page_id) { global $db; $result = $db->Query("SELECT title FROM bayonet_pages WHERE page_id = '{$page_id}' LIMIT 1"); $page = $db->FetchRow($result); if (isset($_POST['proceed'])) { echo "Page '{$page['title']}', was deleted."; $db->Query("DELETE FROM bayonet_pages WHERE page_id = '{$page_id}' LIMIT 1"); PageRedirect(2, "?op=pages&edit={$page_id}"); return; } if (isset($_POST['cancel'])) { echo "User cancelled deletion of page: '{$page['title']}'"; PageRedirect(2, "?op=pages&edit={$page_id}"); return; } if ($page_id == 1) { echo "You can not delete the home page."; PageRedirect(2, "?op=pages&edit={$page_id}"); return; } ?> <form action="<?php $_SERVER['PHP_SELF']; ?> " method="post"> <table> <th>Are you <u>SURE</u> you want to delete the page titled: '<?php echo $page['title']; ?> '?<br />All articles attached to this page will be deleted as well.</th> <tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr> </table> </form> <?php }
function EditStatus($member_id) { global $db; $form = new BayonetForm("", "POST"); if ($form->VerifySubmit('processed')) { echo "Please wait while your information is being processed..."; $status_id = $form->request['status']; $db->query("UPDATE `rudi_unit_members` SET `status_id` = '{$status_id}' WHERE `member_id` = '{$member_id}' LIMIT 1"); PageRedirect(1, "?op=adjutant&edit=loas&member={$member_id}"); return; } $result = $db->Query("SELECT * FROM `rudi_unit_members` JOIN `rudi_ranks` ON rudi_unit_members.rank_id=rudi_ranks.rank_id WHERE `member_id` = '{$member_id}' LIMIT 1"); $row = $db->FetchRow($result); ?> <center> <table width="50%" style="text-align:center;"> <tr><th>Rank</th><th>Soldier</th><th>Status</th></tr> <tr> <td><?php echo $row['shortname']; ?> </td> <td><?php echo $row['first_name'] . " " . $row['last_name']; ?> </td> <td style="text-align:left;"> <?php $form->radioButton('status', 1, $row['status_id'] == 1 ? true : false); ?> Active<br /> <?php $form->radioButton('status', 2, $row['status_id'] == 2 ? true : false); ?> On Leave<br /> <?php $form->radioButton('status', 3, $row['status_id'] == 3 ? true : false); ?> On Extended Leave </td> </tr> <tr><td colspan="3"><?php $form->submitButton('processed'); ?> </td></tr> </table> </center> <?php $form->__destruct(); }
<?php $class_id = $_GET['cid']; $form = new BayonetForm("", "POST"); if ($form->verifySubmit('processed')) { global $db; $name = $form->request['name']; $text = $form->request['text']; decho("INSERT INTO `rudi_awards` SET `class_id` = '{$class_id}', `name` = '{$name}', `description` = '{$text}'"); $db->Query("INSERT INTO `rudi_awards` SET `class_id` = '{$class_id}', `name` = '{$name}', `image` = '', `description` = '{$text}'"); PageRedirect(1, "?op=rudi&show=awards&cid=" . $class_id); return; } echo LinkInternal("Cancel", "?op=rudi&show=awards&cid=" . $class_id); OpenTable(); ?> <tr><th>Name:</th><td><?php $form->textField('name', "", false, "50"); ?> </td><tr> <tr><th>Image:</th><td><?php ?> </td></tr> <tr><th>Text:</th><td><?php $form->textArea('text', 10, 30); ?> </td></tr> <tr><td><?php $form->submitButton('processed', 'Add'); ?>
function NewEvent() { global $db; if (isset($_POST['processed'])) { //Secure our data to prevent injection attacks. $title = addslashes($_POST['title']); $text = addslashes($_POST['text']); $year = addslashes($_POST['year']); $month = addslashes($_POST['month']); $day = addslashes($_POST['day']); $time = addslashes($_POST['time']); $color = addslashes($_POST['color']); $date = date("Y-m-d", mktime(0, 0, 0, $month, $day, $year)); if (empty($title) || empty($text)) { echo "You must fill everything out before proceeding."; return; } $sent = false; //Update the database with the new data. if (!$sent) { $sent = true; $db->Query("INSERT INTO `bayonet_events` (`event_id` ,`date` ,`time` ,`title` ,`text` ,`color`)VALUES (NULL , '{$date}', '{$time}', '{$title}', '{$text}', '{$color}')"); //echo '<script>location.href="?op=calendar&list='.$date.'";</script>'; } echo "New event, '{$title}', has been added.\n"; PageRedirect(2, "?op=calendar"); //die, because we have completed what we wanted to do. return; } ?> <h3>Add New Event</h3> <form action="<?php $_SERVER['PHP_SELF']; ?> " method="post"> <table> <tr><th>Title</th><td><input type="text" name="title" value="" /></td></tr> <tr><th>Color</th><td><input type="text" name="color" value="" /></td></tr> <tr><th>Date</th><td><?php SelectDate($_GET['date']); ?> </td></tr> <tr><th>Time</th><td><input type="text" name="time" value="12:00" maxlength="5" size="5" /></td></tr> <tr><th>Text</th><td><textarea id="markItUp" rows="30" cols="80" name="text"></textarea></td> <tr><th colspan="2"><input type="submit" name="processed" value="Submit" /></th></tr> </table> </form> <?php }
$xfire = addslashes($_POST['xfire']); $email = addslashes($_POST['email']); $bio = addslashes($_POST['bio']); //$discharged = empty($discharged) ? NULL : "'{$discharged}'"; $query = "UPDATE `rudi_unit_members` SET" . " `rank_id` = '{$rank_id}'," . " `country_id` = '{$country_id}'," . " `role_id` = '{$role_id}', " . " `status_id` = '{$status_id}'," . " `cunit_id` = '{$unit_id}'," . " `weapon_id` = '{$weapon_id}'," . " `weapon2_id` = '{$weapon2_id}'," . " `a2_id` = '{$a2_id}'," . " `oa_id` = '{$oa_id}'," . " `username` = '{$username}'," . " `email` = '{$email}'," . " `xfire` = '{$xfire}'," . " `first_name` = '{$first_name}'," . " `last_name` = '{$last_name}'," . " `location_city` = '{$city}'," . " `location_province` = '{$province}'," . " `bio` = '{$bio}'," . " `date_enlisted` = '{$enlisted}'," . " `date_promotion` = '{$promoted}'," . " `primary_mos` = '{$primary_mos}',"; if (empty($discharged)) { $query = $query . " `date_discharged` = null"; } else { $query = $query . " `date_discharged` = '{$discharged}'"; } $query = $query . " WHERE `member_id` = '{$member_id}' LIMIT 1"; decho($query); $db->Query($query); //$db->Query("UPDATE `rudi_roles_container` SET `role_id` = '$role_id' WHERE `member_id` = '$member_id' LIMIT 1"); /* do the role query as well */ PageRedirect(1, "?op=rudi&show=members"); return; } $member = GetMember($member_id); ?> <a href="?op=rudi&show=members">Cancel</a><br /> <form method="POST" action=""> <table width="100%" style="text-align:center;"> <tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php echo $member['first_name'] . " " . $member['last_name']; ?> </th></tr> <tr><td class="right" width="50%">Rank:</td><td class="left"> <select name="rank"> <?php $ranks = GetRanks();
<?php global $db; $result = $db->Query("SELECT `name`, `class_id` FROM `rudi_awards` WHERE `award_id` = '{$award_id}' LIMIT 1"); $award = $db->FetchRow($result); $form = new BayonetForm("", "POST"); if (isset($_POST['proceed'])) { echo "Award '{$award['name']}', was deleted."; $db->Query("DELETE FROM `rudi_awards` WHERE `award_id` = '{$award_id}' LIMIT 1"); PageRedirect(2, "?op=rudi&show=awards&cid={$award['class_id']}"); return; } if (isset($_POST['cancel'])) { echo "User cancelled deletion of award: '{$award['name']}'"; PageRedirect(2, "?op=rudi&show=awards&cid={$award['class_id']}"); return; } OpenTable(); ?> <th>Are you <u>SURE</u> you want to delete the award titled: '<?php echo $award['name']; ?> '?<br />All users who have recieved this award will lose it off their records (not yet at least).</th> <tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr> <?php CloseTable(); $form->__destruct();
function AddAwardRecord($member_id) { global $db; $form = new BayonetForm("", "POST"); if ($form->verifySubmit('processed')) { $date = $form->request['date']; $details = $form->request['details']; $award_id = $_POST['award']; decho($form->request); $db->Query("INSERT INTO `rudi_award_record` SET `member_id` = '{$member_id}', `award_id` = '{$award_id}', `date_added` = '{$date}', `record_note` = '{$details}', `added_by` = 1"); PageRedirect(1, "?op=rudi&show=members&award={$member_id}"); return; } $result = $db->Query("SELECT `date_added`, `record_note`, `member_id` FROM `rudi_service_record` WHERE `record_id` = '{$record_id}' LIMIT 1"); $row = $db->FetchRow($result); echo "<a href=\"?op=rudi&show=members&award={$member_id}\">Cancel</a>"; OpenTable(); ?> <tr><td>Award:</td><td> <select name="award"> <?php $awards = GetAllAwards(); foreach ($awards as $award) { echo "<option value=\"{$award['award_id']}\">{$award['name']}</option>"; } ?> </select> </td></tr> <tr><td>Date:</td><td><?php $form->textField('date'); ?> </td></tr> <tr><td>Details:</td><td><?php $form->textArea('details', 10, 30); ?> </td></tr> <tr><td colspan="2"><?php $form->submitButton('processed', 'Add'); ?> </td></tr> <?php CloseTable(); $form->__destruct(); }
function DisableSlide($slide_id) { global $db; $result = $db->Query("SELECT `weight` FROM `bayonet_newsreel` WHERE `slide_id` = '{$slide_id}' LIMIT 1"); $slide = $db->FetchRow($result); $oldWeight = $slide['weight']; if ($oldWeight < MAX_SLIDES) { $total = getNumOfActive(); for ($i = $oldWeight + 1; $i <= $total; $i++) { //echo "Change Weight:".$i." to ".($i-1)."<br />"; $new = $i - 1; $db->Query("UPDATE `bayonet_newsreel` SET `weight` = '{$new}' WHERE `weight` = '{$i}' LIMIT 1"); } } $db->Query("UPDATE `bayonet_newsreel` SET `visible` = 0, `weight` = 0 WHERE `slide_id` = '{$slide_id}' LIMIT 1"); PageRedirect(0, "?op=newsreel"); }
function CreateNews() { global $db; if (isset($_POST['processed'])) { $title = $_POST['title']; //$datetime = $_POST['year']."-".$_POST['month']."-".$_POST['day']." ".$_POST['time']; date_default_timezone_set('America/New_York'); $datetime = date('Y-m-d H:i:s'); $text = $_POST['text']; $author_id = ADMIN_ID; $category_id = 1; $text = addslashes($text); $db->Query("INSERT INTO `bayonet_news` SET `title` = '{$title}', `message` = '{$text}', `author_id` = '{$author_id}', `date` = '{$datetime}', `category_id` = '{$category_id}'"); decho("INSERT INTO `bayonet_news` SET `title` = '{$title}', `message` = '{$text}', `author_id` = '{$author_id}', `date` = '{$datetime}', `category_id` = '{$category_id}'"); PageRedirect(1, "?op=news"); return; } ?> <style type="text/css"> input { height: 35px; width: 300px; font-size: 18px; } </style> <h3>Post News</h3> <form action="" method="post"> <table> <tr><td> <input type="text" name="title" value="" /></td></tr> <tr><td><textarea id="markItUp" rows="30" cols="80" name="text"></textarea></td> <tr><th colspan="2"><input type="submit" name="processed" value="Post" /></th></tr> </table> </form> <?php }