function plug_rss($hub, $preview) { if ($hub) { $_GET['hub'] = $hub; } if ($preview == '=' or !$preview) { $preview = 2; } if (!$hub) { return slct_menus(ses('mn'), '/plug/rss/', '', '', '', 'kv'); } require_once '../prog/lib.php'; req('pop,art'); require '../plug/sys.php'; require '../plug/lib.php'; $fnod = $_SESSION["qb"] . '_cache'; $main = msql_read_b('users', $fnod, '', 1); $nb_arts = count($main); $lastid = lastid('qda'); $last_art = $main[$lastid]; $newest = key($main); $oldest = array_pop($main); $nb_days = round((time() - $oldest[0]) / 86400); $cache = 1; $f = '../plug/_data/' . $_SESSION["qb"] . '_' . $newest . '_' . $preview . '.xml'; if (is_file($f) && !$_GET['rebuild'] && $cache) { return read_file($f); } else { $http = host(); if ($preview) { req('tri,pop,art'); } //spe,mod $xml .= '<' . '?xml version="1.0" encoding="iso-8859-1"?' . '>' . "\n"; $xml .= '<rss version="2.0">' . "\n"; $xml .= '<channel>' . "\n"; $xml .= bal('title', $_SESSION['qb']) . "\n"; $xml .= bal('link', $http) . "\n"; $xml .= bal('description', $nb_arts . ' articles / ' . $nb_days . ' days - preview=' . $preview . ' - static url=' . $http . substr($f, 2)) . "\n"; $xml .= bal('language', 'fr') . "\n"; $xml .= bal('lastBuildDate', date("r", $last_art[0])) . "\n"; if ($main) { $xml .= flux_xml($main, $preview) . "\n"; } $xml .= '</channel>' . "\n"; $xml .= '</rss>' . "\n"; write_file($f, $xml); rss_del_old($newest); } //eye eye('rss'); return $xml; }
/** * takes user info and returns a user_id that refers to that user data. will * add user to the DB if necessary */ function synchronizeUserDB($user, $email, $fullname, $type, $loginMethod) { $query = "\n\t\tSELECT \n\t\t\t* \n\t\tFROM \n\t\t\tuser \n\t\tWHERE \n\t\t\tuser_uname='" . addslashes($user) . "'\n\t"; $r = db_query($query); if (!db_num_rows($r)) { // add the user to the DB with $loginMethod //$fullname = addslashes($fullname); $query = "\n\t\t\tINSERT INTO \n\t\t\t\tuser \n\t\t\tSET \n\t\t\t\tuser_uname='" . addslashes($user) . "', \n\t\t\t\tuser_email='" . addslashes($email) . "', \n\t\t\t\tuser_fname='" . addslashes($fullname) . "',\n\t\t\t\tuser_type='" . addslashes($type) . "', \n\t\t\t\tuser_pass='******', \n\t\t\t\tuser_authtype='" . addslashes($loginMethod) . "'\n\t\t"; $r = db_query($query); // the query could fail if a user with that username is already in the database, but: (?) if (!$r) { return 0; } $id = lastid(); return $id; } $r = db_fetch_assoc($r); return $r['user_id']; }
function serverCopySite($orig, $dest) { $sections = decode_array(db_get_value("sites", "sections", "name='{$orig}'")); $nsections = array(); foreach ($sections as $s) { $sa = db_get_line("sections", "id={$s}"); $squery = "insert into sections set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()"; $squery .= ",title='{$sa['title']}', active={$sa['active']}, type='{$sa['type']}', url='{$sa['url']}'"; $pages = decode_array($sa[pages]); $npages = array(); foreach ($pages as $p) { $pa = db_get_line("pages", "id={$p}"); $pquery = "insert into pages set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()"; $pquery .= ",ediscussion=1,archiveby='{$pa['archiveby']}',url='{$pa['url']}',type='{$pa['type']}',title='{$pa['title']}', showcreator={$pa['showcreator']}, showdate={$pa['showdate']}, locked={$pa['locked']}, active={$pa['active']}"; $stories = decode_array($pa[stories]); $nstories = array(); foreach ($stories as $st) { $sta = db_get_line("stories", "id={$st}"); $stquery = "insert into stories set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()"; $stquery .= ",type='{$sta['type']}',texttype='{$sta['texttype']}',category='{$sta['category']}',title='{$sta['title']}', discuss={$sta['discuss']}, discusspermissions='{$sta['discusspermissions']}', shorttext='{$sta['shorttext']}', longertext='{$sta['longertext']}', locked={$sta['locked']}, url='{$sa['url']}'"; db_query($stquery); // print "$stquery<br />"; $nstories[] = lastid(); } $stories = encode_array($nstories); $pquery .= ",stories='{$stories}'"; db_query($pquery); $npages[] = lastid(); // print "$pquery<br />"; } $pages = encode_array($npages); $squery .= ",pages='{$pages}'"; db_query($squery); $nsections[] = lastid(); // print "$squery<br />"; } $sections = encode_array($nsections); $query = "update sites set sections='{$sections}' where name='{$dest}'"; db_query($query); // print "$query<br />"; }
function updateDB() { // get owner id $query = "SELECT user_id FROM user WHERE user_uname = '" . addslashes($this->owner) . "'"; // echo $query."<br />"; $r = db_query($query); if (db_num_rows($r) == 0) { return false; } else { $a = db_fetch_assoc($r); $owner_id = $a[user_id]; } // if this classgroup has not been inserted into the db yet, do it! if (!$this->exists($this->name)) { $query = "\n\t\t\t\tINSERT INTO \n\t\t\t\t\tclassgroup \n\t\t\t\tSET \n\t\t\t\t\tFK_owner = '" . addslashes($owner_id) . "',\n\t\t\t\t\tclassgroup_name = '" . addslashes($this->name) . "'\n\t\t\t"; // echo $query."<br />"; $r = db_query($query); $this->id = lastid(); } else { $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\tclassgroup \n\t\t\t\tSET \n\t\t\t\t\tFK_owner = '" . addslashes($owner_id) . "', \n\t\t\t\t\tclassgroup_name = '" . addslashes($this->name) . "'\n\t\t\t"; // echo $query."<br />"; } // now that the group is in the db, update the foreign key for the classes // first, reset classes that used to be part of this classgroup $query = "\n\t\t\tUPDATE \n\t\t\t\tclass \n\t\t\tSET \n\t\t\t\tFK_classgroup = NULL \n\t\t\tWHERE \n\t\t\t\tFK_classgroup = '" . addslashes($this->id) . "'\n\t\t"; // echo $query."<br />"; $r = db_query($query); // then, set new forign key if (count($this->classes) > 0) { // $classes = "'".implode("','",$this->classes)."'"; // $query = "UPDATE class SET FK_classgroup = ".$this->id." WHERE class_code IN ($classes)"; foreach ($this->classes as $class_code) { $query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\tclass\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_classgroup = '" . addslashes($this->id) . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t" . generateTermsFromCode($class_code) . "\n\t\t\t\t"; // echo $query."<br />"; $r = db_query($query); } } }
* register -> newuser: no matching user found therefore create new user * and authenticate ******************************************************************************/ } else { if ($_REQUEST[action] == "newuser" && $error != TRUE) { $name = $email; $obj =& new user(); $obj->uname = $_REQUEST['email']; $obj->fname = $_REQUEST['uname']; $obj->email = $_REQUEST['email']; $obj->type = "visitor"; $obj->authtype = 'db'; $obj->randpass(5, 3); $obj->insertDB(); $obj->sendemail(); $visitor_id = lastid(); $message = "Thank you for registering. Your user account information has been emailed to you. Use this information to log into Segue.<br /><br />"; $message .= "<div align='center'><input type='button' value='Return' onclick='refreshParent()' /></div><br />"; } } } /****************************************************************************** * log in -> auth ******************************************************************************/ } else { if ($_REQUEST[action] == "auth") { $name = $_REQUEST['uname']; $pass = $_REQUEST['password']; $valid = 0; foreach ($_auth_mods as $_auth) { $func = "_valid_" . $_auth;
if (!$owner_id) { error("The class owner you selected is not a register Segue user."); } $external_id = $_REQUEST['external_id']; $duplicate_ids_num = 0; $query = "\n\t\tSELECT class_external_id\n\t\tFROM\n\t\t\tclass\n\t\tWHERE\n\t\t\tclass_external_id = '" . addslashes($external_id) . "'\n\t"; $duplicate_ids = db_query($query); $duplicate_ids_num = db_num_rows($duplicate_ids); if ($duplicate_ids_num != 0) { error("A class with this external ID has already been created. You must select a unique external ID."); } // all good if (!$error) { $query = "\n\t\t\tINSERT INTO\n\t\t\t\tugroup\n\t\t\tSET\n\t\t\t\tugroup_name = '" . generateCodeFromData($_REQUEST['department'], $_REQUEST['number'], $_REQUEST['section'], $_REQUEST['semester'], $_REQUEST['year']) . "',\n\t\t\t\tugroup_type = 'class'\n\t\t"; db_query($query); $ugroup_id = lastid(); if ($owner_id) { $query = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\tugroup_user\n\t\t\t\tSET\n\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\tFK_user = '******'\n\t\t\t"; db_query($query); } $obj =& new course(); $obj->external_id = $_REQUEST['external_id']; $obj->department = $_REQUEST['department']; $obj->number = $_REQUEST['number']; $obj->section = $_REQUEST['section']; $obj->semester = $_REQUEST['semester']; $obj->year = $_REQUEST['year']; $obj->name = $_REQUEST['name']; $obj->owner = $owner_id; $obj->ugroup = $ugroup_id; // $obj->classgroup = $_REQUEST['classgroup'];
} // linked user found if (db_num_rows($r) > 0) { // print "linked moodle user found<br>"; // update authentication table with new auth_token $query = "\n\t\t\tUpdate\n\t\t\t\tauthentication\n\t\t\tSET\n\t\t\t\tauth_token = '" . addslashes($auth_token) . "',\n\t\t\t\tauth_time = NOW(),\n\t\t\t\treferer = " . $referer . "\n\t\t\tWHERE\n\t\t\t\tuser_id = '" . addslashes($segue_user_id) . "'\t\t\n\t\t"; // print $query."<br>"; $r = db_query($query); //no linked user found } else { // print "no linked moodle user found<br>"; $query = "\n\t\t\tINSERT INTO\n\t\t\t\tauthentication\n\t\t\tSET\n\t\t\t\tsystem = 'segue',\n\t\t\t\tusername = '******',\n\t\t\t\tfirstname = '" . addslashes($firstname) . "',\n\t\t\t\tlastname = '" . addslashes($lastname) . "',\n\t\t\t\temail = '" . addslashes($_SESSION[aemail]) . "',\n\t\t\t\tuser_id = '" . addslashes($segue_user_id) . "',\n\t\t\t\tauth_token = '" . addslashes($auth_token) . "',\n\t\t\t\tauth_time = NOW(),\n\t\t\t\treferer = " . $referer . "\n\t\t\t"; // print $query."<br>"; // exit; $r = db_query($query); $auth_id = lastid($r); $query = "\n\t\t\tINSERT INTO\n\t\t\t\tuser_link\n\t\t\tSET\n\t\t\t\tFK_auth_id = '" . addslashes($auth_id) . "'\n\t\t\t"; // print $query."<br>"; $r = db_query($query); } //exit; if ($_REQUEST['continue'] == "1" || $_SESSION[ltype] != "admin") { header("Location: " . $moodle_url . "/segue/segue_link.php?userid=" . addslashes($segue_user_id) . "&siteid=" . addslashes($segue_site_id) . "&auth_token=" . addslashes($auth_token)); } /****************************************************************************** * Segue Admin Report ******************************************************************************/ if ($_SESSION[ltype] == "admin") { print "<div class='connection'>"; print "Segue Administrator Reference<br /><br />"; print "<form action='{$PHP_SELF}' method='post'>";
function copyuserfile($file, $site, $replace, $replace_id, $allreadyuploaded = 0) { global $uploaddir; $sitename = $site; $query = "SELECT FK_site FROM slot WHERE slot_name='" . addslashes($site) . "'"; $r = db_query($query); $a = db_fetch_assoc($r); $siteid = $a[FK_site]; if (!$file[name]) { print "No File"; return "ERROR"; } $siteObj =& new site($site); $userdir = "{$uploaddir}/{$site}"; $name = ereg_replace("['\"]", '', stripslashes(trim($file['name']))); $extn = explode(".", $name); $last = count($extn) - 1; $extn = strtolower($extn[$last]); // print "$extn <br />"; $image_extns = array("jpeg", "jpg", "gif", "bmp", "png", "tiff"); if (in_array($extn, $image_extns)) { $type = "image"; } else { $type = "file"; } // print "$userdir/$file[name]<br />"; if (!is_dir($userdir)) { mkdir($userdir, 0700); chmod($userdir, 0700); } if ($replace) { $unlink = unlink($userdir . "/" . $name); /* print "unlink: $unlink"; */ } if (!is_writeable($userdir)) { print "<strong>Can not write to '" . $userdir . "'. <br />Please contact your system administrator with the message above to fix this problem.</strong> <br />"; return "ERROR"; } if (file_exists($userdir . "/" . $name) && !is_writeable($userdir . "/" . $name)) { print "<strong>Can not write to '" . $userdir . "/" . $name . "'. <br />Please contact your system administrator with the message above to fix this problem.</strong> <br />"; return "ERROR"; } if ($allreadyuploaded) { $r = copy($file[tmp_name], "{$userdir}/" . $name); } else { /* print "move uploaded file ($file[tmp_name], $userdir/$file[name])<br />"; */ $r = move_uploaded_file($file['tmp_name'], $userdir . "/" . $name); } if (!$r) { print "Upload file error!<br />"; log_entry("media_error", "File upload attempt by " . $_SESSION[auser] . " in site {$site} failed.", $site, $siteid, "site"); return "ERROR"; } else { if ($replace) { $size = filesize($userdir . "/" . $name); $query = "UPDATE media SET\n\t\t\tmedia_updated_tstamp=NOW(),\n\t\t\tFK_updatedby='" . addslashes($_SESSION[aid]) . "',\n\t\t\tmedia_size='" . addslashes($size) . "',\n\t\t\tis_published ='" . $file['is_published'] . "',\n\t\t\ttitle_whole ='" . $file['title_whole'] . "',\n\t\t\ttitle_part ='" . $file['title_part'] . "',\n\t\t\tauthor ='" . $file['author'] . "',\n\t\t\tpagerange ='" . $file['pagerange'] . "',\n\t\t\tpublisher ='" . $file['publisher'] . "',\n\t\t\tpubyear ='" . $file['pubyear'] . "',\n\t\t\tisbn ='" . $file['isbn'] . "'\n\t\tWHERE \n\t\t\tmedia_id='" . addslashes($replace_id) . "'\n\t\t"; /* print $query."<br />"; */ db_query($query); print mysql_error() . "<br />"; $media_id = $replace_id; log_entry("media_upload", "{$_SESSION['auser']} updated file: {$name}, id: {$media_id}, in site {$site}", $site, $siteid, "site"); return $media_id; } else { $size = filesize($userdir . "/" . $name); $query = "INSERT INTO media SET\n\t\t\tmedia_tag='" . addslashes($name) . "',\t\t\t\n\t\t\tFK_site='" . addslashes($siteid) . "',\t\t\t\n\t\t\tFK_createdby='" . addslashes($_SESSION[aid]) . "',\t\t\t\n\t\t\tFK_updatedby='" . addslashes($_SESSION[aid]) . "',\n\t\t\tmedia_type='" . addslashes($type) . "',\n\t\t\tmedia_size='" . addslashes($size) . "',\n\t\t\tis_published ='" . $file['is_published'] . "',\n\t\t\ttitle_whole ='" . $file['title_whole'] . "',\n\t\t\ttitle_part ='" . $file['title_part'] . "',\n\t\t\tauthor ='" . $file['author'] . "',\n\t\t\tpagerange ='" . $file['pagerange'] . "',\n\t\t\tpublisher ='" . $file['publisher'] . "',\n\t\t\tpubyear ='" . $file['pubyear'] . "',\n\t\t\tisbn ='" . $file['isbn'] . "'\t\t\t\t\t\t\t\n\t\t"; db_query($query); // print mysql_error()."<br />"; $media_id = lastid(); log_entry("media_upload", "{$_SESSION['auser']} uploaded file: {$name}, id: {$media_id}, to site {$site}", $site, $siteid, "site"); return $media_id; } } }
function insertDB($down = 0, $copysite = 0, $importing = 0, $keepDiscussions = 0) { $a = $this->createSQLArray(1); if (!$importing) { $a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'"; $a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()"; $a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'"; } else { $a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->data[addedby]) . "'"); $a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'"; $a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->data[editedby]) . "'"); $a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'"; } // insert into the site table $query = "INSERT INTO site SET " . implode(",", $a) . ";"; /* print "<br />query = $query<br />"; */ db_query($query); $this->id = lastid(); /* print "<H1>ID = ".$this->id."</H1>"; */ // in order to insert a site, the active user must own a slot // update the name for that slot if (slot::exists($this->data[name])) { $query = "UPDATE slot"; $where = " WHERE slot_name = '" . addslashes($this->data[name]) . "' AND FK_owner = '" . addslashes($_SESSION[aid]) . "'"; } else { $query = "INSERT INTO slot"; $where = ""; } $query .= " \n\t\t\tSET \n\t\t\t\tslot_name = '" . addslashes($this->data[name]) . "',\n\t\t\t\tFK_owner = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\tslot_type = '" . addslashes($this->data[type]) . "',\n\t\t\t\tFK_site = '" . addslashes($this->id) . "'" . $where; /* echo $query."<br />"; */ db_query($query); // See if there is a site hash (meaning that we are being copied). // If so, try to match our id with the hash entry for 'NEXT'. if ($GLOBALS['__site_hash']['site'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['site']))) { $GLOBALS['__site_hash']['site'][$oldId] = $this->name; } // the sections haven't been created yet, so we don't have to insert data[sections] for now // add new permissions entry.. force update $this->updatePermissionsDB(1); // add log entry /* log_entry("add_site",$this->name,"","","$_SESSION[auser] added ".$this->name); */ // insert down (insert sections) if ($down && $this->fetcheddown && $this->sections) { foreach (array_keys($this->sections) as $id) { // Mark our Id as the next one to set if (is_array($GLOBALS['__site_hash']['sections'])) { $GLOBALS['__site_hash']['sections'][$id] = 'NEXT'; } $this->sections[$id]->id = 0; // createSQLArray uses this to tell if we are inserting or updating $this->sections[$id]->insertDB(1, $this->name, $copysite, $importing, $keepDiscussions); } } return 1; }
function _auth_check_db($x, $add_to_db = 0) { // check to see if the user is already in the db... if not, add their info (if add_to_db is set) // $x is an array that contains user info // $x[user] and $x[method] must be set global $dbuser, $dbhost, $dbpass, $dbdb; db_connect($dbhost, $dbuser, $dbpass, $dbdb); $query = "\n\t\tSELECT \n\t\t\t* \n\t\tFROM \n\t\t\tuser \n\t\tWHERE \n\t\t\tuser_uname='" . addslashes($x[user]) . "'\n\t"; $r = db_query($query); if (db_num_rows($r)) { // they have an entry already -- pull down their info $a = db_fetch_assoc($r); // if their authentication method is not db, then sync the db to the other method if (strtolower($a[user_authtype]) != "db" && ($x[fullname] != $a[user_fname] || $x[email] != $a[user_email] || $x[type] != $a[user_type] && $a[user_type] != "admin")) { //$x[fullname] = addslashes($x[fullname]); $query = "\n\t\t\t\tUPDATE\n\t\t\t\t\tuser \n\t\t\t\tSET \n\t\t\t\t\tuser_email='" . addslashes($x[email]) . "', \n\t\t\t\t\tuser_fname='" . addslashes($x[fullname]) . "'\n\t\t\t"; if ($a[user_type] != "admin") { $query .= ", user_type='" . addslashes($x[type]) . "'"; } $query .= "\n\t\t\t\tWHERE\n\t\t\t\t\tuser_uname='" . addslashes($x[user]) . "'\n\t\t\t"; $r = db_query($query); } if ($a[user_type] == 'admin') { $x[type] = $a[user_type]; } $x[id] = $a[user_id]; // return the new array with info return $x; } else { // they have no database entry if ($add_to_db) { // add them to the database and return new id //$x[fullname] = addslashes($x[fullname]); $query = "\n\t\t\t\tINSERT INTO \n\t\t\t\t\tuser \n\t\t\t\tSET \n\t\t\t\t\tuser_uname='" . addslashes($x[user]) . "',\n\t\t\t\t\tuser_email='" . addslashes($x[email]) . "', \n\t\t\t\t\tuser_fname='" . addslashes($x[fullname]) . "', \n\t\t\t\t\tuser_type='" . addslashes($x[type]) . "', \n\t\t\t\t\tuser_pass='******',\n\t\t\t\t\tuser_authtype='" . addslashes($x[method]) . "'\t\t\t\t\t\t\t\t\n\t\t\t"; $r = db_query($query); // the query could fail if a user with that username is already in the database, but: if (!$r) { return 0; } //echo $query."<br />"; // if (!$r) error occured; $x[id] = lastid(); return $x; } else { return 0; } // no database entry, don't add to db, so return 0 } }
function mbd_upload($id) { $id = ses('read'); $id = $id ? $id : lastid('qda') + 1; $ret = input(1, 'upim', 'Url" size="40', '', 1) . ' '; $ret .= ljc('', 'popb', 'pop-ajxf_uplim___upim', "ok", 5) . br(); //? $ret .= upload_btn('upl', 'read=' . $id . '_1', 'upload') . ' '; $ret .= lj('txtx', 'popup_placeim___' . $id, 'portfolio'); return $ret; }
function reflush($bs, $o = '') { msquery('alter table ' . $_SESSION[$bs] . ' order by id'); if ($o) { msquery('alter table ' . $_SESSION[$bs] . ' AUTO_INCREMENT=' . (lastid($bs) + 1)); } }
function insertDB($down = 0, $newsite = null, $removeOrigional = 0, $keepaddedby = 0, $keepDiscussions = 0) { $origsite = $this->owning_site; $origid = $this->id; if ($newsite) { $this->owning_site = $newsite; unset($this->owningSiteObj); } $this->fetchUp(1); /********************************************************* * Re-Key the ordering of the rest of the sections in the * site to make sure that there are no holes in the order *********************************************************/ foreach ($this->owningSiteObj->getField("sections") as $order => $sectionId) { $query = "UPDATE\n\t\t\t\t\tsection\n\t\t\t\tSET\n\t\t\t\t\tsection_order = '" . addslashes($order) . "'\n\t\t\t\tWHERE\n\t\t\t\t\tsection_id = '" . $sectionId . "'"; // printpre($query); db_query($query); } $a = $this->createSQLArray(1); if (!$keepaddedby) { $a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'"; $a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()"; $a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'"; } else { $a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("addedby")) . "'"); $a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'"; $a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("editedby")) . "'"); $a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'"; } // insert media (url) if ($this->data[url]) { // first see, if media item already exists in media table $query = "\n\t\t\t\tSELECT\n\t\t\t\t\tmedia_id\n\t\t\t\tFROM\n\t\t\t\t\tmedia\n\t\t\t\tWHERE\n\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "' AND\n\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "' AND\n\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "' AND\n\t\t\t\t\tmedia_location = 'remote'\n\t\t\t"; $r = db_query($query); // if not in media table insert it if (!db_num_rows($r)) { $query = "\n\t\t\t\t\tINSERT\n\t\t\t\t\tINTO media\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "',\n\t\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "',\n\t\t\t\t\t\tmedia_location = 'remote',\n\t\t\t\t\t\tFK_updatedby = '" . addslashes($_SESSION[aid]) . "'\n\t\t\t\t"; db_query($query); $a[] = "FK_media=" . lastid(); } else { $arr = db_fetch_assoc($r); $a[] = "FK_media='" . addslashes($arr[media_id]) . "'"; } } $query = "INSERT INTO section SET " . implode(",", $a); db_query($query); $this->id = lastid(); // See if there is a site hash (meaning that we are being copied). // If so, try to match our id with the hash entry for 'NEXT'. if ($GLOBALS['__site_hash']['sections'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['sections']))) { $GLOBALS['__site_hash']['sections'][$oldId] = $this->id; } // $this->fetchUp(1); /* print "<br />remove origionl: $removeOrigional<br />"; */ if ($removeOrigional) { $this->owningSiteObj->delSection($origid, 0); } /* print "<pre>this->owningsiteobject: "; print_r($this->owningSiteObj); print "</pre>"; */ $this->owningSiteObj->updateDB(); // add new permissions entry.. force update // $this->updatePermissionsDB(1); // We shouldn't need this because new sections will just //inherit the permissions of their parent sites // add log entry /* log_entry("add_section",$this->owning_site,$this->id,"","$_SESSION[auser] added section id ".$this->id." to site ".$this->owning_site); */ // insert down if ($down && $this->fetcheddown && $this->pages) { foreach (array_keys($this->pages) as $k => $i) { // Mark our Id as the next one to set if (is_array($GLOBALS['__site_hash']['pages'])) { $GLOBALS['__site_hash']['pages'][$i] = 'NEXT'; } $this->pages[$i]->id = 0; // createSQLArray uses this to tell if we are inserting or updating $this->pages[$i]->insertDB(1, $this->owning_site, $this->id, 1, $keepaddedby, $keepDiscussions); } } return true; }
if (isset($_SESSION['usrid'])) { if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_FILES['upvideo']) && isset($_POST['videotitle']) && isset($_POST['videodescription']) && isset($_POST['videolocation']) && $_POST['videotitle'] != '') { $tname = $_POST['videotitle']; $tname = strlen($tname) > 50 ? substr($tname, 0, 47) . "..." : $tname; //truncate the name if ($_FILES['upvideo']['size'] > $max_file_size_bytes) { $alert = 'file to big'; $type = 'alert-danger'; } else { $ext = pathinfo($_FILES['upvideo']['name'], PATHINFO_EXTENSION); $valid_formats = array('ogv', 'mp4', 'webm'); $dir = "./video/"; if (in_array($ext, $valid_formats)) { //better check mime type $uniq = lastid() + 1; //other options sha1_file($_FILES['upvideo']['tmp_name']) or uniqid('',true) for a 23 char long $uniq_file_name = $uniq . "." . $ext; if (move_uploaded_file($_FILES['upvideo']['tmp_name'], $dir . $uniq_file_name)) { shell_exec($dirffmpeg . ' -i "./video/' . $uniq_file_name . '" -ss 00:00:01 "./thumbnail/large/' . $uniq . '.png" -y 2>&1'); //if you got an error try echo(ing) this shell_exec($dirffmpeg . ' -i ./thumbnail/large/' . $uniq . '.png -s 160x120 ./thumbnail/little/' . $uniq . '.png -y 2>&1'); //on server ffmpeg is in the /usr insertvideo($uniq, $tname, $_POST['videodescription'], $_SESSION['usrid'], $ext, date('Y/m/d'), $_POST['videolocation']); shell_exec('sh ' . $dirscript . ' ' . $uniq . ' ' . $ext . ' > /dev/null 2>/dev/null &'); //call bash script independently $alert = "Your file has been uploaded"; $type = 'alert-success'; } } else { $alert = 'no compatible format';
function insertDB($down = 0, $newsite = null, $newsection = 0, $newpage = 0, $removeOrigional = 0, $keepaddedby = 0, $keepDiscussions = 0, $storyTags = null) { $origsite = $this->owning_site; $origid = $this->id; if ($newsite) { $this->owning_site = $newsite; unset($this->owningSiteObj); } if ($newsection) { $this->owning_section = $newsection; unset($this->owningSectionObj); } if ($newpage) { $this->owning_page = $newpage; unset($this->owningPageObj); } $this->fetchUp(1); /********************************************************* * Re-Key the ordering of the rest of the stories in the * section to make sure that there are no holes *********************************************************/ foreach ($this->owningPageObj->getField("stories") as $order => $storyId) { $query = "UPDATE\n\t\t\t\t\tstory\n\t\t\t\tSET\n\t\t\t\t\tstory_order = '" . addslashes($order) . "'\n\t\t\t\tWHERE\n\t\t\t\t\tstory_id = '" . $storyId . "'"; // printpre($query); db_query($query); } // if moving to a new site, copy the media if ($origsite != $this->owning_site && $down) { $images = array(); if ($this->getField("type") == "image" || $this->getField("type") == "rss" || $this->getField("type") == "file") { $media_id = $this->getField("longertext"); $this->setField("longertext", copy_media($media_id, $newsite)); } else { if ($this->getField("type") == "story") { // These do some moving of files based on a ####id##### syntax // for storing inline images. // Adam 2005-06-27: I don't believe that these were ever used, but // I'll leave them here so as not to break any old data that uses them. $ids = segue::getMediaIDs("shorttext"); segue::replaceMediaIDs($ids, "shorttext", $newsite); $ids = segue::getMediaIDs("longertext"); segue::replaceMediaIDs($ids, "longertext", $newsite); // Search for and copy images that use the "[[mediapath]]/filename.ext" // syntax. preg_match_all("/\\[\\[mediapath\\]\\]\\/([^'\"]+)/", $this->getField("shorttext") . $this->getField("longertext"), $matches); $fnames = array_unique($matches[1]); foreach ($fnames as $fname) { copy_media_with_fname($fname, $origsite, $newsite); } } } } $a = $this->createSQLArray(1); if (!$keepaddedby) { $a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'"; $a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()"; $a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'"; } else { $a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("addedby")) . "'"); $a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'"; $a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("editedby")) . "'"); $a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'"; } // insert media (url) if ($this->data[url] && ($this->data['type'] == 'link' || $this->data['type'] == 'rss')) { // first see, if media item already exists in media table $query = "\n\t\t\t\tSELECT\n\t\t\t\t\tmedia_id\n\t\t\t\tFROM\n\t\t\t\t\tmedia\n\t\t\t\tWHERE\n\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "' AND\n\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "' AND\n\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "' AND\n\t\t\t\t\tmedia_location = 'remote'\n\t\t\t"; $r = db_query($query); // if not in media table insert it if (!db_num_rows($r)) { $query = "\n\t\t\t\t\tINSERT INTO \n\t\t\t\t\t\tmedia\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "',\n\t\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "',\n\t\t\t\t\t\tmedia_location = 'remote',\n\t\t\t\t\t\tFK_updatedby = '" . addslashes($_SESSION[aid]) . "'\n\t\t\t\t"; db_query($query); $a[] = "FK_media=" . lastid(); } else { $arr = db_fetch_assoc($r); $a[] = "FK_media='" . addslashes($arr[media_id]) . "'"; } } $query = "INSERT INTO story SET " . implode(",", $a); db_query($query); $this->id = lastid(); /****************************************************************************** * get story text, convert wiki links to internal links ******************************************************************************/ // $text = $this->getField("shorttext"); // $text = convertWikiMarkupToLinks($this->owning_site, $this->owning_section, $this->owning_page, $this->id, "page", $text); // $text = recordInternalLinks ($_SESSION[settings][site],$_SESSION[settings][section],$_SESSION[settings][page], $page_title, $text); // $shorttext = convertInteralLinksToTags($this->owning_site, $text); // $text = $this->getField("longertext"); // $text = convertWikiMarkupToLinks($this->owning_site, $this->owning_section, $this->owning_page, $this->id, "page", $text); // $text = recordInternalLinks ($_SESSION[settings][site],$_SESSION[settings][section],$_SESSION[settings][page], $page_title, $text); // $longertext = convertInteralLinksToTags($this->owning_site, $text); // update table with new short and long text // $query = "UPDATE // story // SET // story_text_short ='".addslashes($shorttext)."', // story_text_long ='".addslashes($longertext)."' // WHERE // story_id ='".addslashes($this->id)."' // "; // // db_query($query); // // See if there is a site hash (meaning that we are being copied). // If so, try to match our id with the hash entry for 'NEXT'. if ($GLOBALS['__site_hash']['stories'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['stories']))) { $GLOBALS['__site_hash']['stories'][$oldId] = $this->id; } $this->fetchUp(); /* $this->owningPageObj->addStory($this->id); */ if ($removeOrigional) { $this->owningPageObj->delStory($origid, 0); $this->owningPageObj->updateDB(); } /****************************************************************************** * update the page updated timestamp ******************************************************************************/ $query = "\n\t\t\t\tUPDATE \n\t\t\t\t\tpage \n\t\t\t\tSET \n\t\t\t\t\tpage_updated_tstamp = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tpage_id='" . addslashes($this->getField("page_id")) . "'\n\t\t\t"; db_query($query); /****************************************************************************** * Update version table ******************************************************************************/ save_version($this->getField("shorttext"), $this->getField("longertext"), $this->id, $this->version_comments); // add new permissions entry.. force update $this->updatePermissionsDB(1); if ($keepDiscussions && $this->fetcheddown && $this->data[discussions]) { $idMapping = array(); $discussionData = array(); // The discussions objects are way to f****d up to use to copy the // posts so we are going to have to do this 'maunally'. // Fetch all of the discussling data foreach ($this->data[discussions] as $discussionId) { // Get all the posts and dump their properties into an array. $query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\tdiscussion\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tdiscussion_id='" . addslashes($discussionId) . "'"; $r = db_query($query); $discussionData[$discussionId] = db_fetch_assoc($r); } // Insert new posts, pointing to the new story foreach (array_keys($discussionData) as $oldId) { // Insert the post $query = "INSERT INTO\n\t\t\t\t\t\tdiscussion\n\t\t\t\t\tSET"; // Set the FK_story to our new story ID $discussionData[$oldId]['FK_story'] = $this->id; // Add the rest of the fields. $i = 0; foreach ($discussionData[$oldId] as $field => $val) { if ($field != 'discussion_id' && $val) { $query .= "\n\t" . ($i == 0 ? "" : ", ") . $field . "='" . addslashes($val) . "'"; $i++; } } $r = db_query($query); // store the id mapping $idMapping[$oldId] = lastid(); if ($GLOBALS['__site_hash']['discussions']) { $GLOBALS['__site_hash']['discussions'][$oldId] = lastid(); } } // go through and update all of the FK_parents to point to the new Ids. // Also, rebuild the discussions array in case we try to access it after // the copy. $this->data[discussions] = array(); foreach (array_keys($discussionData) as $oldId) { $newId = $idMapping[$oldId]; $this->data[discussions][] = $newId; // If we were a reply, update our parent key if ($discussionData[$oldId]['FK_parent']) { $query = "\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tdiscussion\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tFK_parent = '" . addslashes($idMapping[$discussionData[$oldId]['FK_parent']]) . "',\n\t\t\t\t\t\t\tdiscussion_tstamp = '" . addslashes($discussionData[$oldId]['discussion_tstamp']) . "'\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tdiscussion_id = '" . addslashes($newId) . "'\n\t\t\t\t\t"; // printpre($query); $res = db_query($query); } } } // Update any story tags if (is_array($storyTags)) { save_record_tags($storyTags, null, $this->id, $_SESSION[aid], "story"); } return true; }
function plug_search($d, $n, $opt = '', $res = '') { list($b, $o, $t, $ph) = split('-', $opt); chrono(); $rech = good_rech($d); $_GET['search'] = $rech; list($cat, $tag) = ajxr($res); $rech = str_replace(array("’", '«', '»', " "), array("'", '"', '"', ' '), trim($rech)); if (!$n) { $n = $_SESSION['nbj']; } $_GET['dig'] = $n; $_GET['cat'] = $cat; $_GET['tag'] = $tag; $_GET['bool'] = $b; $_GET['titles'] = $t; //$_GET['pho']=$ph; $vrf = normalize($rech . $n . $b . $o . $t . $ph . $res); if ($rech == 'last') { $id = lastid('qda'); $load[$id] = 1; } elseif (isset($_SESSION['recache'][$vrf])) { $load = $_SESSION['recache'][$vrf]; $cac = $vrf; } elseif ($d && is_numeric($d) && $d < lastid('qda')) { $load[$d] = 1; } elseif (strpos($rech, ';') && strpos($rech, ':')) { list($rch, $cat, $tag, $utg) = rech_script($rech); } elseif (strpos($rech, '=')) { $load = make_list_arts($rech); } else { $load = rech($rech, $n); } if ($load && !is_array($load)) { $load = ''; } if (!$load && ($cat or $tag or $utg)) { $load = rech_catag($cat, $tag, $utg, $n); } $_SESSION['load'] = $load; $_SESSION['recache'][$vrf] = $load; $ret = rech_titles($rech, $n, $opt, $cac, $cat, $tag, $tag2); $_SESSION['page'] = 1; $_SESSION['popm'] = chrono('search'); if ($load[0]) { unset($load[0]); } if ($load[1]) { unset($load[1]); } if ($load) { $ret .= scroll($load, divd($vrf, output_pages($load, '', '')), 2, '', 400); } return $ret; }
function _commithttpdata() { global $sid, $error, $_full_uri; global $mailposts, $cfg; //require_once("htmleditor/editor.inc.php"); if ($_REQUEST['commit'] && ($cfg['disable_discussion'] != TRUE || $_SESSION['ltype'] == 'admin')) { // indeed, we are supposed to commit $site = $_REQUEST['site']; $action = $_REQUEST['action']; $a = $_REQUEST['discuss']; if (!$_REQUEST['subject']) { error("You must enter a subject.\n"); } if (!$_REQUEST['content']) { error("You must enter some text to post.\n"); } if (isset($_REQUEST['rating']) && !is_numeric($_REQUEST['rating']) && $_REQUEST['rating'] != "") { $error = "Post rating must be numeric.\n"; } if ($error) { unset($_REQUEST['commit']); return false; } /****************************************************************************** * if public discussion and no log in then add user to user table * uname = email address, type = visitor ******************************************************************************/ if (!$_SESSION[auser]) { if (user::userEmailExists($_REQUEST['visitor_email'])) { error("A user with that email address already exists. Please log in before posting."); } /****************************************************************************** * Visitor account validation: * check that a name has been entered * check that the email enter doesn't already exist in Segue and * is not part of the $cfg[visitor_email_excludes] specified in the config ******************************************************************************/ if (!$_REQUEST['visitor_name']) { error("You must enter a username."); } if (!$_REQUEST['visitor_email'] || !ereg("@", $_REQUEST['visitor_email'])) { error("You must enter a valid email address."); } else { if ($_REQUEST['visitor_email']) { foreach ($cfg[visitor_email_excludes] as $visitor_email_exclude) { if ($exclude = ereg($visitor_email_exclude, $_REQUEST['visitor_email'])) { error("Please log in above with your {$cfg['inst_name']} account."); } } } } // all good if (!$error) { $obj =& new user(); $obj->uname = $_REQUEST['visitor_email']; $obj->fname = $_REQUEST['visitor_name']; $obj->email = $_REQUEST['visitor_email']; $obj->type = "visitor"; $obj->authtype = 'db'; $obj->randpass(5, 3); $obj->insertDB(); $obj->sendemail(); $visitor_id = lastid(); } } if ($error) { unset($_REQUEST['commit']); return false; } if ($a == 'edit') { $d =& new discussion($_REQUEST['story']); $d->fetchID($_REQUEST['id']); if ($_SESSION['auser'] != $d->authoruname) { return false; } $d->subject = $_REQUEST['subject']; $d->content = cleanEditorText($_REQUEST['content']); $d->content = convertInteralLinksToTags($site, $d->content); $d->update(); //log_entry("discussion","$_SESSION[auser] edited story ".$_REQUEST['story']." discussion post id ".$_REQUEST['id']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story"); unset($_REQUEST['discuss'], $_REQUEST['commit']); //unset($d); } if ($a == 'rate') { $d =& new discussion($_REQUEST['story']); $d->fetchID($_REQUEST['id']); $d->rating = $_REQUEST['rating']; $d->update(); //log_entry("discussion","$_SESSION[auser] edited story ".$_REQUEST['story']." discussion post id ".$_REQUEST['id']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story"); unset($_REQUEST['discuss'], $_REQUEST['commit']); // unset($d); } if ($a == 'reply' || $a == 'newpost') { $d =& new discussion($_REQUEST['story']); $d->subject = $_REQUEST['subject']; // Lets pass the cleaning of editor text off to the editor. $d->content = cleanEditorText($_REQUEST['content']); $d->content = convertInteralLinksToTags($site, $d->content); if ($a == 'reply') { $d->parentid = $_REQUEST['replyto']; //log_entry("discussion","$_SESSION[auser] replied to story ".$_REQUEST['story']." discussion post id ".$_REQUEST['replyto']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story"); } else { //log_entry("discussion","$_SESSION[auser] posted to story ".$_REQUEST['story']." discussion in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story"); } $d->authorid = $_SESSION['aid'] ? $_SESSION['aid'] : $visitor_id; $d->authorfname = $_SESSION['afname'] ? $_SESSION['afname'] : $_REQUEST['visitor_name']; $d->libraryfileid = $_REQUEST['libraryfileid']; $newid = $d->insert(); } /****************************************************************************** * gather data for sendmail function ******************************************************************************/ if ($mailposts == 1) { //printpre("email sending..."); $this->sendemail($newid); } unset($_REQUEST['discuss'], $_REQUEST['commit']); } }
function b64img($d) { $f = $_SESSION['qb'] . '_' . (lastid('qda') + 1) . '_b64.jpg'; write_file('img/' . $f, base64_decode(substr($d, strpos($d, ',') + 1))); return $f; }
function getuserclasses($user, $time = "all") { $user = strtolower($user); global $cfg; $ldap_user = $cfg[ldap_voadmin_user_dn]; $ldap_pass = $cfg[ldap_voadmin_pass]; $classes = array(); if (!$user) { return $classes; } $c = ldap_connect($cfg[ldap_server]); $r = @ldap_bind($c, $ldap_user, $ldap_pass); if ($r && true) { // connected & logged in $return = array($cfg[ldap_username_attribute], $cfg[ldap_fullname_attribute], $cfg[ldap_email_attribute], $cfg[ldap_group_attribute]); $userSearchDN = ($cfg[ldap_user_dn] ? $cfg[ldap_user_dn] . "," : "") . $cfg[ldap_base_dn]; $searchFilter = "(" . $cfg[ldap_username_attribute] . "=" . $user . ")"; $sr = ldap_search($c, $userSearchDN, $searchFilter, $return); $res = ldap_get_entries($c, $sr); if ($res['count']) { $res[0] = array_change_key_case($res[0], CASE_LOWER); // print "<pre>";print_r($res);print"</pre>"; $num = ldap_count_entries($c, $sr); // print "num: $num<br />"; ldap_close($c); if ($num) { for ($i = 0; $i < $res[0][strtolower($cfg[ldap_group_attribute])]['count']; $i++) { $f = $res[0][strtolower($cfg[ldap_group_attribute])][$i]; // print "$f<br />"; $parts = explode(",", $f); foreach ($parts as $p) { if (eregi($cfg[ldap_groupname_attribute] . "=([a-zA-Z]{0,4})([0-9]{1,4})([a-zA-Z]{0,1})-([a-zA-Z]{1,})([0-9]{2})", $p, $r)) { // print "goood!"; $semester = currentsemester(); /* print "<pre>"; */ /* print_r($r); */ /* print "</pre>"; */ $class = $r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]; /****************************************************************************** * update the classes table with the ldap information ******************************************************************************/ $sem = $r[4]; $year = $r[5]; $user_id = db_get_value("user", "user_id", "user_uname = '" . addslashes($user) . "'"); $ugroup_id = db_get_value("ugroup", "ugroup_id", "ugroup_name='" . addslashes($class) . "'"); $classinfo = db_get_line("class", "\n\t\t\t\t\t\t\t\t\t\tclass_department='" . addslashes($r[1]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_number='" . addslashes($r[2]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_section='" . addslashes($r[3]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_semester='" . addslashes($sem) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_year='20" . addslashes($r[5]) . "'"); if (!$ugroup_id) { $query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tugroup_name = '" . addslashes($class) . "',\n\t\t\t\t\t\t\t\t\t\tugroup_type = 'class'\n\t\t\t\t\t\t\t\t"; db_query($query); $ugroup_id = lastid(); } if (!$classinfo) { $query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tclass\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tclass_external_id='" . addslashes($class) . "',\n\t\t\t\t\t\t\t\t\t\tclass_department='" . addslashes($r[1]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_number='" . addslashes($r[2]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_section='" . addslashes($r[3]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_semester='" . addslashes($sem) . "',\n\t\t\t\t\t\t\t\t\t\tclass_year='20" . addslashes($r[5]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_name='',\n\t\t\t\t\t\t\t\t\t\tFK_owner=NULL,\n\t\t\t\t\t\t\t\t\t\tFK_ugroup='" . addslashes($ugroup_id) . "'\n\t\t\t\t\t\t\t\t"; db_query($query); } $ugroup_userinfo = db_get_line("ugroup_user", "FK_ugroup='" . addslashes($ugroup_id) . "' AND FK_user='******'"); if (!$ugroup_userinfo) { $query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup_user\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\t\t\t\t\t\tFK_user = '******'\n\t\t\t\t\t\t\t\t"; db_query($query); } /****************************************************************************** * end update ******************************************************************************/ if ($time == "now" && isSemesterNow($r[4], $r[5])) { $classes[$class] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]); } else { if ($time == "past" && isSemesterPast($r[4], $r[5])) { $classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]); } else { if ($time == "future" && isSemesterFuture($r[4], $r[5])) { $classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]); } else { if ($time == "all") { $classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]); } } } } /****************************************************************************** * if not a class group then get group name and add to ugroup table ******************************************************************************/ } else { if (eregi('^' . $cfg[ldap_groupname_attribute] . '=(.+)$', $p, $matches)) { $group_name = $matches[1]; $user_id = db_get_value("user", "user_id", "user_uname = '" . addslashes($user) . "'"); $ugroup_id = db_get_value("ugroup", "ugroup_id", "ugroup_name='" . addslashes($group_name) . "'"); /****************************************************************************** * insert group_name into ugroup table with group if not already in table ******************************************************************************/ if (!$ugroup_id) { $query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tugroup_name = '" . addslashes($group_name) . "',\n\t\t\t\t\t\t\t\t\t\tugroup_type = 'other'\n\t\t\t\t\t\t\t\t"; //printpre($query); db_query($query); $ugroup_id = lastid(); } /****************************************************************************** * if user not part of group then add to ugroup_user table ******************************************************************************/ $ugroup_userinfo = db_get_line("ugroup_user", "FK_ugroup='" . addslashes($ugroup_id) . "' AND FK_user='******'"); if (!$ugroup_userinfo) { $query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup_user\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\t\t\t\t\t\tFK_user = '******'\n\t\t\t\t\t\t\t\t"; //printpre($query); db_query($query); } /****************************************************************************** * get other members of this ugroup and add to ugroup_user table * (this may not be necessary since users will be added when they log in...) ******************************************************************************/ } } } } } } } // add in the DB classes $query = "\n\t\tSELECT\n\t\t\tclass_department,\n\t\t\tclass_number,\n\t\t\tclass_section,\n\t\t\tclass_semester,\n\t\t\tclass_year\n\t\tFROM\n\t\t\tuser\n\t\t\t\tINNER JOIN\n\t\t\tugroup_user\n\t\t\t\tON\n\t\t\tuser_id = FK_user\n\t\t\t\tINNER JOIN\n\t\t\tclass\n\t\t\t\tON\n\t\t\tclass.FK_ugroup = ugroup_user.FK_ugroup\n\t\tWHERE\n\t\t\tuser_uname = '" . addslashes($user) . "'\n\t"; $semester = currentsemester(); $r = db_query($query); while ($a = db_fetch_assoc($r)) { $class_code = generateCodeFromData($a[class_department], $a[class_number], $a[class_section], $a[class_semester], $a[class_year]); if (!$classes[$class_code]) { if ($time == "now" && isSemesterNow($a[class_semester], $a[class_year])) { $classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]); } else { if ($time == "past" && isSemesterPast($a[class_semester], $a[class_year])) { $classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]); } else { if ($time == "future" && isSemesterFuture($a[class_semester], $a[class_year])) { $classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]); } else { if ($time == "all") { $classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]); } } } } } } return $classes; }
function f_inp($mil, $link) { $_SESSION['cur_div'] = 'content'; $ip = hostname(); $qda = $_SESSION['qda']; $USE = $_SESSION['USE']; $cont = $_GET['continue']; $read = $_SESSION['read']; $raed = $_SESSION['raed']; $frm = $_SESSION['frm']; if ($USE) { $us = $USE; } else { list($us, $ml) = sql('name,mail', 'qdi', 'r', 'host="' . $ip . '" ORDER BY id DESC LIMIT 1'); } $currid = lastid('qda') + 1; if ($frm == "" or $frm == "Home") { $frm = "public"; } //sections if ($_GET['edit'] == "=") { $cit = "&edit=="; } $goto = '/?read=' . $read . $cit; if (substr($link, 0, 4) == 'http' && !$cont) { $link = https(utmsrc($link)); //vacuum $_GET['urlsrc'] = $link; list($suj, $msg) = vacuum($link, ''); } //elseif($read)$link=$_SESSION['rqt'][$read][9]; if (!$cont) { $r['urlsrc'] = autoclic('urlsrc', "url", '10" id="urlsrc" onClick="SaveI(\'urlsrc\')" onContextMenu="SaveIt()" value="' . $link, '250', '') . btd('urledt', ''); } //urlsrc if ($USE && !$cont) { $r['trkname'] = hidden('name', 'trkname', $USE) . hidden('mail', 'trkmail', ''); $r['slcat'] = select_j('frm', 'category', $frm, '3', $frm, ''); } elseif (!$USE) { $gn = '" onkeyup="log_goodname(\'trkname\');'; $r['trkname'] = autoclic('name" id="trkname' . $gn, $us ? $us : nms(38), '8', '50', 'txtx'); //name $r['trkmail'] = autoclic('mail" id="trkmail', $ml ? $ml : 'mail', '13', '50', 'txtx'); } //mail if (!$cont) { $r['parent'] = select_jp('ib', 'parent', rstr(10) ? $read : '', '0', picto('topo'), '1'); } //if(!$cont)$r['parent']=togbub(); if (!$cont && auth(3)) { $r['publish'] = checkbox_j('pub', $_SESSION['auth'] < 4 ? 0 : rstr(11), nms(29)); } else { $r['publish'] = hidden('pub', 'pub', 0); } if (!$cont) { //new $r['pstdat'] = select_j('postdat', 'date', date('y-m-d-H-i'), 0, picto('time'), 0); $r['pstsuj'] = balise('input', array('', '', 'suj', 'suj1', '', 'editor', 7 => 255, 16 => 'width:100%;', 23 => $suj ? $suj : nms(71)), ''); } if ($cont) { $msg = sql('msg', 'qdm', 'v', 'id=' . $read); $btcntn = 'continue=ok#' . $read; $alrt = conn_correct($msg); } else { $goto = '/?read=' . $currid; $btcntn = 'insert=ok'; } //&continue==#'.$currid $msg = str_replace("\r", "", $msg); //msg $msg = str_replace(array("<br />\n", "<br />", "<br>"), "\n", $msg); //save $ids = 'suj1|frm|urlsrc|postdat|trkname|trkmail|ib|pub'; //|sub $c = 'popbt'; $sav = ljb($c, 'SaveJb', 'socket_saveart_txtarea_id4_' . $read . '_no\',\'art' . $read . '_readart___' . $read, picto('save')); if ($cont && rstr(53)) { $sav .= ljb($c, 'SaveJb', 'txarea_saveart_txtarea_id4_' . $read . '\',\'art' . $read . '_readart___' . $read, nms(57)) . ' '; } elseif (!rstr(53)) { $sav .= submitj($c, 'sav', nms(57)) . ' '; } else { $sav .= lj($c, 'socket_newart_txtarea_' . (rstr(57) ? 7 : 9) . '_____' . $ids, nms(57)) . ' '; } //pop $btdt = lj('', 'popup_artwedit_txtarea__', pictit('editor', nms(107))) . ' '; $btdt .= ljb('' . '" title="test', 'captslct', 'preview', picto('valid')) . ' '; if ($cont && $read) { $btdt .= urledt_id($read); } //defcon//urledt($link) $ret = '<form method="POST" id="sav" action="' . $goto . '&' . $btcntn . '">' . "\n"; //form $ret .= btd('bts' . $read, $sav) . ' ' . $btdt; $ret .= implode(' ', $r); $ret .= sesmk('conn_edit', '', ''); //1 $ret .= $alrt; $ret .= divd('txarea', txarea1($msg)); //if(auth(4))$ret.=checkbox("randim","ok","rename_img",0); $ret .= ' </form>' . "\n"; return $ret; }