} if (preg_match('/^publisher$/i', $project['code_name'])) { $sql = sprintf("SELECT u.* FROM user u WHERE u.status = 1"); } else { $sql = sprintf("SELECT u.* FROM user u, project p \n\t\t\t\tWHERE u.status = 1 \n\t\t\t\tAND p.id = %d\n\t\t\t\tAND u.id NOT IN (SELECT user_id FROM project_membership WHERE project_id = '%s') ORDER BY last_name ", $_GET['project_id'], $_GET['project_id']); } $alluser_st = @mysql_query($sql, $indaba_dbh); $allusersOpt = "<SELECT id=alluser_user_id name=alluser_user_id class=sel_list size=25 multiple>"; while ($user = @mysql_fetch_assoc($alluser_st)) { $allusersOpt .= "<option name=a value=" . $user['id'] . ">" . $user['username'] . " - " . $user['last_name'] . ", " . $user['first_name'] . "</option>"; } $allusersOpt .= "</SELECT>"; $sql = sprintf("SELECT a.user_id as user_id, b.first_name, b.last_name, b.username as username, c.name as role FROM project_membership a, user b, role c WHERE a.project_id = '%s' AND a.user_id = b.id AND a.role_id = c.id AND b.status = 1 ORDER BY last_name", $_GET['project_id']); $projuser_st = @mysql_query($sql, $indaba_dbh); $projusersOpt = "<SELECT name=project_user_id class=sel_list size=25 multiple>"; while ($user = fetch_html_entities($projuser_st)) { $projusersOpt .= "<option name=a value=" . $user['user_id'] . ">" . $user['username'] . " - " . $user['role'] . " - " . $user['last_name'] . ", " . $user['first_name'] . "</option>"; } $projusersOpt .= "</SELECT>"; $sql = sprintf("SELECT a.role_id as role_id, b.name as name, b.description as description FROM project_roles a, role b WHERE project_id = '%s' AND a.role_id = b.id", $_GET['project_id']); $roleOpt = "<SELECT name=role_id><option name=a value=''>Select role for users</option>"; $role_st = @mysql_query($sql, $indaba_dbh); while ($role = @mysql_fetch_assoc($role_st)) { $roleOpt .= "<option name=a value='" . $role['role_id'] . "'>" . $role['name'] . "</option>"; } $roleOpt .= "</SELECT>"; ?> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <title>Managing Users for Project <?php echo $project['code_name'];
$required = "<font color=red>*</font>"; if (isset($_GET['action']) && $_GET['action'] == 'show_project_list') { // get project list $project_id = isset($_GET['id']) ? $_GET['id'] : ''; $project_list = "<li class='ui-widget-content' style='margin:5px 40px 5px 50px; ' id=0 >Add New Project</li>"; $p_sql = "SELECT * FROM project"; $st = mysql_query($p_sql); while ($project = mysql_fetch_assoc($st)) { $selected = $project_id == $project['id'] ? " class=ui-selected " : " class=ui-widget-content "; $project_list .= "<li " . $selected . " style='float:left; margin-left:10px; width:180px;' id=" . $project['id'] . ">" . $project['code_name'] . "</li>"; } // get admin_user_list drop down $admin_user_list = "<SELECT id=admin_user_id ><option value=0>Select Admin User</option>"; $u_sql = "SELECT * FROM user WHERE status = 1 ORDER BY last_name"; $st = mysql_query($u_sql); while ($user = fetch_html_entities($st)) { $user['first_name'] = $user['first_name']; $user['last_name'] = $user['last_name']; $admin_user_list .= "<option value=" . $user['id'] . ">" . $user['last_name'] . ", " . $user['first_name'] . "</option>"; } $admin_user_list .= "</SELECT>" . $required; // get organization_list drop down $organization_list = "<SELECT id=organization_id><option value=0>Select Organization</option>"; $o_sql = "SELECT * FROM organization"; $st = mysql_query($o_sql); while ($org = mysql_fetch_assoc($st)) { $org['name'] = htmlentities($org['name'], ENT_QUOTES, 'UTF-8'); $organization_list .= "<option value=" . $org['id'] . ">" . $org['name'] . "</option>"; } $organization_list .= "</SELECT>" . $required; // get access_matrix_list drop down
function showOrganization($action, $id) { $updateButton = "<table border=0 width='80%'><tr><td align=center><INPUT type=button class=btn value=Update id='update' onClick='updateOrganization();' /></td>" . "<td align=center><INPUT type=button class=btn value=Delete id='delete' onClick='updateOrganization();' /></td>" . "<td align=center><INPUT type=reset class=btn value=Reset /></td></tr></table>"; $addButton = "<table border=0 width='80%'><tr><td align=center><INPUT type=button class=btn value='Add New' id='addnew' onClick='updateOrganization();' /></td>" . "<td align=center><INPUT type=reset class=btn value=Reset /></td></tr></table>"; if ($action == 'show') { $sql = sprintf("SELECT * FROM organization WHERE id = '%s'", $id); $st = @mysql_query($sql); $organization = fetch_html_entities($st); $button = $updateButton; $id = "<INPUT type=hidden id=organization_id name=organization_id value=\"" . $organization['id'] . "\" />"; } if ($action == 'add') { $button = $addButton; $id = ''; } $name = isset($organization['name']) ? $organization['name'] : ''; $address = isset($organization['address']) ? $organization['address'] : ''; $url = isset($organization['url']) ? $organization['url'] : ''; $admin_user_id = isset($organization['admin_user_id']) ? $organization['admin_user_id'] : 0; $form = "<form> <table width='80%' border=0>\n\t <tr>\n\t\t<td align=center>Organization Name</td>\n\t\t<td align=center>URL</td>\n\t\t<td align=center>Address</td>\n\t </tr>\n\t <tr>\n\t\t<td align=center><INPUT type=text size=10 id=organization_name name=organization_name value=\"" . htmlentities($name, ENT_QUOTES, 'UTF-8') . "\" /></td>\n\t\t<td align=center><INPUT type=text size=40 id=url name=url value=\"" . htmlentities($url, ENT_QUOTES, 'UTF-8') . "\" /></td>\n\t \t<td colspan=2 align=center><textarea cols=30 rows=5 id=address name=address>" . htmlentities($address, ENT_QUOTES, 'UTF-8') . "</textarea></td>\n\t </tr>\n\t <tr>\n\t\t<td colspan=3> </td>\n\t </tr>\n\t <tr><td colspan=3 align=center>" . $button . $id . "</td>\n\t </tr>\n\t</table></form>"; return $form; }
function show_sub_categories($current_type, $parent_category_id, $survey_config_id) { if ($current_type == 'Category') { // show Sub Category list $id_name = "sub_category_id_"; $func_name = "sub_categorySelected"; $sub_list = "<div id=sub_category_id_0 style='width:255px;' onClick='" . $func_name . "(this);' ><INPUT style='font-size:14px; text-align:center;color:red;' id=add_new_sub class=select_input size=25 align=center readonly='readonly' value='Add New Sub Category' /></div>"; } elseif ($current_type == 'Sub Category') { // show Question Set list $id_name = "question_set_id_"; $func_name = "question_setSelected"; $sub_list = "<div id=" . $id_name . "0 onClick='" . $func_name . "(this);' ><INPUT style='font-size:14px; text-align:center;color:red;' id=add_new_set class=select_input size=25 align=center readonly='readonly' value='Add New Question Set' /></div>"; } else { // show Questions list $id_name = "question_id_"; $func_name = "questionSelected"; $sub_list = ""; $sql = sprintf("SELECT * FROM survey_question WHERE survey_category_id = %d ORDER by weight", $parent_category_id); $st = mysql_query($sql); while ($questions = fetch_html_entities($st)) { $sub_list .= "<div id=" . $id_name . $questions['id'] . " onClick='" . $func_name . "(this);' >\n\t\t\t\t<INPUT class=select_input id=q_" . $id_name . $questions['id'] . " readonly='readonly' size=25 value='" . $questions['name'] . "' /></div>"; } $rt = array('sql' => $sql, 'query_msg' => mysql_error(), 'sub_list' => $sub_list); echo json_encode($rt); exit; } $sql = sprintf("SELECT * FROM survey_category WHERE survey_config_id = %d AND parent_category_id = %d ORDER BY weight", $survey_config_id, $parent_category_id); $st = mysql_query($sql); while ($sub = fetch_html_entities($st)) { $sub_list .= "<div id=" . $id_name . $sub['id'] . " onClick='" . $func_name . "(this);' ><INPUT class=select_input readonly='readonly' size=25 value='" . $sub['name'] . "' /></div>"; } $rt = array('sql' => $sql, 'sub_list' => $sub_list, 'query_msg' => mysql_error()); return $rt; }
$org_id = $_GET['indicator_id']; $sql = sprintf("INSERT INTO survey_indicator (name, question, answer_type, answer_type_id, reference_id, tip, create_user_id, create_time, original_indicator_id)\n\t\t\t\t\t\tSELECT concat(name, '-clone'), question, answer_type, answer_type_id, reference_id, tip, create_user_id, now(), id\n\t\t\t\t\t\t\tFROM survey_indicator\n\t\t\t\t\t\t\tWHERE id = %d", $org_id); $st = mysql_query($sql); if ($st) { $query_status = 0; $query_msg = "Indicator cloned"; $id = mysql_insert_id(); } else { $query_status = 1; $query_msg = "Error cloning indicator: " . mysql_error(); exit; } // now clone answer $sel_sql = "SELECT * FROM survey_indicator WHERE id = " . $id; $st = mysql_query($sel_sql); $new = fetch_html_entities($st); if ($new['answer_type'] == SINGLE || $new['answer_type'] == MULTIPLE) { $at_sql = "INSERT INTO answer_type_choice VALUES ()"; $st = mysql_query($at_sql); $answer_type_choice_id = mysql_insert_id(); $at_sql = sprintf("INSERT INTO atc_choice (answer_type_choice_id, label, score, criteria, weight, mask, default_selected)\n\t\t\t\t\t\t\tSELECT %d, label, score, criteria, weight, mask, default_selected\n\t\t\t\t\t\t\t\tFROM atc_choice\n\t\t\t\t\t\t\t\tWHERE answer_type_choice_id = %d", $answer_type_choice_id, $new['answer_type_id']); } elseif ($new['answer_type'] == INTEGER || $new['answer_type'] == FLOAT) { $table = $new['answer_type'] == INTEGER ? "answer_type_integer" : "answer_type_float"; $at_sql = sprintf("INSERT INTO %s (min_value, max_value, default_value, criteria)\n\t\t\t\t\t\t\t\tSELECT min_value, max_value, default_value, criteria\n\t\t\t\t\t\t\t\t\tFROM %s \n\t\t\t\t\t\t\t\t\tWHERE id = %d", $table, $table, $new['answer_type_id']); } else { $at_sql = sprintf("INSERT INTO answer_type_text (min_chars, max_chars, criteria)\n\t\t\t\t\t\t\t\tSELECT min_chars, max_chars, criteria\n\t\t\t\t\t\t\t\t\tFROM answer_type_text\n\t\t\t\t\t\t\t\t\tWHERE id = %d", $new['answer_type_id']); } $st = mysql_query($at_sql); if ($st) { $query_msg .= " and answer is cloned as well"; $answer_type_id = mysql_insert_id();
function showUser($id) { // build userlist $rt = array(); $user_list = "<li class='ui-widget-content' style='margin:5px 40px 5px 50px; ' id=0 >Add New User</li>"; $sql = sprintf("SELECT * FROM user WHERE status <> %d ORDER BY last_name ", DELETED); $st = @mysql_query($sql); while ($user = fetch_html_entities($st)) { $selected = " class=ui-widget-content "; $font_begin = ''; $font_end = ''; //$user['last_name'] = htmlentities($user['last_name'], ENT_QUOTES, "UTF-8"); //$user['first_name'] = htmlentities($user['first_name'], ENT_QUOTES, "UTF-8"); //$user['username'] = htmlentities($user['username'], ENT_QUOTES, "UTF-8"); //$user['bio'] = htmlentities($user['bio'], ENT_QUOTES, "UTF-8"); //$user['address'] = htmlentities($user['address'], ENT_QUOTES, "UTF-8"); if ($user['id'] == $id) { // return details $rt = $user; $rt['photo'] = $rt['photo'] == '' ? NULL : "upload_files/peopleicons/" . $rt['photo']; $selected = " class=ui-selected "; } if ($user['status'] == INACTIVE) { $font_begin = "<font style='color:red; '>"; $font_end = "</font>"; } $user_list .= "<li " . $selected . "style='float:left; margin-left:10px; width:280px;' id=" . $user['id'] . ">" . $font_begin . $user['username'] . " - " . $user['last_name'] . ", " . $user['first_name'] . $font_end . "</li>"; } if (empty($rt)) { $rt = array('username' => '', 'first_name' => '', 'last_name' => '', 'organization_id' => 0, 'email' => '', 'password' => '', 'forward_inbox_msg' => 1, 'site_admin' => 0, 'number_msgs_per_screen' => 10, 'email_detail_level' => 1, 'status' => 1, 'timezone' => -5, 'phone' => '', 'cell_phone' => '', 'address' => '', 'location' => '', 'photo' => '', 'bio' => ''); } else { $_SESSION['current_user_id'] = $id; $_SESSION['photo_type'] = "user_photo"; } $rt['user_list'] = $user_list; // build user_language $user_language = "<SELECT id=language_id>"; $sql = "SELECT * FROM language WHERE status = 0"; $st = mysql_query($sql); while ($language = mysql_fetch_assoc($st)) { $selected = isset($rt['language_id']) && $language['id'] == $rt['language_id'] ? " selected=selected " : ''; $user_language .= "<option value=" . $language['id'] . $selected . ">" . $language['language'] . " - " . $language['language_desc'] . "</option>"; } $user_language .= "</SELECT>"; $rt['user_language'] = $user_language; // build organization list $user_organization = "<SELECT id=organization_id>"; $sql = "SELECT * FROM organization"; $st = mysql_query($sql); while ($org = mysql_fetch_assoc($st)) { $selected = isset($rt['organization_id']) && $org['id'] == $rt['organization_id'] ? " selected=selected " : ''; $user_organization .= "<option value=" . $org['id'] . $selected . ">" . $org['name'] . "</option>"; } $rt['user_organization'] = $user_organization; return $rt; }