Esempio n. 1
0
 if (isset($_POST['submit']) && $_POST['submit'] == "Post Comment") {
     $comment = safesql(strip_tags($_POST['comment']), "text");
     if ($config['confirmcomment'] == 1) {
         $allowed = 0;
     } else {
         $allowed = 1;
     }
     $timestamp = time();
     $data->insert_query("comments", "'', {$id}, '{$check['id']}', 1, {$timestamp}, {$comment}, {$allowed}", "", "", false);
     if (confirm('comment')) {
         $page = $_SERVER['PHP_SELF'];
         if (isset($_SERVER['QUERY_STRING'])) {
             $page .= "?" . $_SERVER['QUERY_STRING'];
         }
         $comment = $data->select_fetch_one_row("comments", "WHERE uid='{$check['id']}' AND item_id={$id} AND date={$timestamp}");
         confirmMail("comment", $comment);
         show_message("The comment first needs to be reviewed before it will be visible", $page);
     }
 }
 $sql = $data->select_query("comments", "WHERE item_id={$id} AND type=1 AND allowed = 1");
 $numcom = $data->num_rows($sql);
 $comments = array();
 while ($temp = $data->fetch_array($sql)) {
     $temp['comment'] = censor($temp['comment']);
     $temp2 = $data->select_fetch_one_row("users", "WHERE id={$temp['uid']}", "uname");
     $temp['uname'] = $temp2['uname'];
     $comments[] = $temp;
 }
 $tpl->assign("numcom", $numcom);
 $tpl->assign("com", $comments);
 $tpl->assign("comviewallowed", get_auth('comviewallowed', 2));
Esempio n. 2
0
         $patrol = $_POST['patrol'];
         $insertSQL = sprintf("NULL, %s, %s", safesql($album_name, "text"), safesql($patrol, "int"));
         if (confirm('album')) {
             $message = "Your album has been added, but first needs to be reviewed by an administrator.";
             $insertSQL .= ", 0";
         } else {
             $message = "Your album has been added.";
             $insertSQL .= ", 1";
         }
         $album_name = safesql($album_name, "text");
         if ($data->insert_query("album_track", $insertSQL . ", 0")) {
             $album = $data->select_fetch_one_row("album_track", "WHERE album_name={$album_name} ORDER BY ID DESC");
             $data->update_query("users", "numalbums = numalbums + 1", "uname='{$check['uname']}'");
             $data->insert_query("owners", "'', {$album['ID']}, 'album', {$check['id']}, 0, 0, 0");
             if (confirm('album')) {
                 confirmMail("album", $album);
             } else {
                 email('newitem', array("album", $album));
             }
             show_message("Your photo album has been created. {$extra}", "index.php?page=mythings&cat=album&action=edit&id={$album['ID']}&menuid={$menuid}");
         } else {
             show_message("There was an error adding your photo album. If this error persists please contact the site administrator.", "index.php?page=addphotoalbum", true);
         }
     } else {
         show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addphotoalbum&menuid={$menuid}", true);
     }
 }
 $groups = public_group_sql_list_id("id", "OR");
 $teams = array();
 $team_query = $data->select_query("groups", "WHERE ({$groups}) AND ispublic=1");
 $numteams = $data->num_rows($team_query);
Esempio n. 3
0
     $tpl->assign("news", $newsitems);
     if ($_POST['submit'] == "Submit") {
         if (validate($_POST['validation'])) {
             $news = safesql($_POST['story'], "text", false);
             $title = safesql($_POST['title'], "text");
             $attachment = safesql($_POST['attachment'], "text");
             if (confirm('news')) {
                 $Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 0, 0");
                 $addon = "The news item first needs to be reviewed before it will be available on the site.";
             } else {
                 $Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 1, 0");
             }
             $data->update_query("users", "numnews = numnews + 1", "id='{$check['id']}'");
             $article = $data->fetch_array($data->select_query("newscontent", "WHERE title={$title} AND event={$timestamp} ORDER BY id DESC", "id, title, news"));
             if (confirm('news')) {
                 confirmMail("news", $article);
             } else {
                 email('newitem', array("news", $article));
             }
             $data->insert_query("owners", "'', {$article['id']}, 'newsitem', {$check['id']}, 0, 0, 0");
             show_message("Your news item has been added. {$addon}", "index.php?page=mythings&menuid={$menuid}");
         } else {
             show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=mythings&action=addnews&menuid={$menuid}", true);
         }
     }
 } elseif ($action == "deleteowner") {
     $sqlq = $data->delete_query("owners", "id={$safe_id}");
     if ($sqlq) {
         show_message("Owner removed.", "index.php?page=mythings&cat={$_GET['cat']}&action=owner&id={$_GET['itemid']}&menuid={$menuid}");
     }
 }
Esempio n. 4
0
                $allow = 0;
            } else {
                $message = "Your poll has been added.";
                $allow = 1;
            }
            $results = array();
            for ($i = 0; $i < count($_POST['option']); $i++) {
                $results[str_replace(' ', '', $_POST['option'][$i])] = 0;
            }
            $results = safesql(serialize($results), "text");
            $sql = $data->insert_query("polls", "NULL, {$poll['pollq']}, {$timestamp}, {$poll['stopdate']}, {$options}, {$results}, {$allow}, 0");
            if ($sql) {
                $polling = $data->select_fetch_one_row("polls", "WHERE question = {$poll['pollq']} AND date_start={$timestamp} ORDER BY id DESC", "id");
                if ($data->insert_query("owners", "'', {$polling['id']}, 'pollitems', {$check['id']}, 0, 0, 0")) {
                    if (confirm('poll')) {
                        confirmMail("poll", $polling);
                    } else {
                        email('newitem', array("poll", $polling));
                    }
                    show_message($message, "index.php?page=mythings&menuid={$menuid}");
                } else {
                    show_message("There was an error adding your poll. If this error persists please contact the site administrator.", "index.php?page=addpoll&menuid={$menuid}", true);
                }
            }
        }
    } else {
        show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addpoll&menuid={$menuid}", true);
    }
}
$script .= "{literal}\nfunction initialiseInputs() {\n        // Clear any old values from the inputs (that might be cachedate by the browser after a page reload)\n        document.getElementById(\"sdate\").value = \"\";\n}\n\ndatePickerController.addEvent(window, 'load', initialiseInputs);\n{/literal}";
$scriptList['datepicker'] = 1;
    $roll = mysql_real_escape_string(stripslashes($_POST['roll']));
    $pass = mysql_real_escape_string(stripslashes($_POST['password']));
    $pass1 = mysql_real_escape_string(stripslashes($_POST['confirm-password']));
    $hostel = mysql_real_escape_string(stripslashes($_POST['hostel']));
    $email = mysql_real_escape_string(stripslashes($_POST['email']));
    if (strcmp($pass, $pass1) == 0) {
        $pass = encrypt($pass, ENCRYPTION_KEY);
        $query = mysql_query("select * from student where roll='{$roll}'", $connection);
        if (mysql_num_rows($query) == 0) {
            $query = mysql_query("select * from email where email='{$email}'", $connection);
            if (mysql_num_rows($query) == 0) {
                $keys = generateRandomString(10);
                $query = mysql_query("insert into student (name,roll,password,hostel) values ('" . $name . "','" . $roll . "','" . $pass . "','" . $hostel . "')", $connection);
                //$query = mysql_query("insert into")
                $query = mysql_query("insert into `email` (`roll`,`email`,`key`) values ('" . $roll . "','" . $email . "','" . $keys . "');", $connection);
                if ($query) {
                    confirmMail($email . '@iitg.ernet.in');
                    header('location:admin-student.php?error=none');
                } else {
                    header('location:admin-student.php?error=connection');
                }
            } else {
                header('location:admin-student.php?error=email');
            }
        } else {
            header('location:admin-student.php?error=duplicate');
        }
    } else {
        header('location:admin-student.php?error=match');
    }
}
}
if (isset($_POST['submit'])) {
    $name = mysql_real_escape_string(stripslashes($_POST['name']));
    $username = mysql_real_escape_string(stripslashes($_POST['username']));
    $pass = mysql_real_escape_string(stripslashes($_POST['password']));
    $pass1 = mysql_real_escape_string(stripslashes($_POST['confirm-password']));
    $hostel = mysql_real_escape_string(stripslashes($_POST['hostel']));
    $role = mysql_real_escape_string(stripslashes($_POST['role']));
    if (strcmp($pass, $pass1) == 0) {
        $pass = encrypt($pass, ENCRYPTION_KEY);
        $query = mysql_query("select * from manager where username='******'", $connection);
        if (mysql_num_rows($query) == 0) {
            if (strcmp($role, "other") == 0) {
                $hostel = "none";
            }
            $keys = generateRandomString(10);
            $query = mysql_query("insert into manager (name,username,password,role,hostel) values ('" . $name . "','" . $username . "','" . $pass . "','" . $role . "','" . $hostel . "')", $connection);
            $query = mysql_query("insert into `admin_email` (`email`,`key`) values ('" . $username . "','" . $keys . "');", $connection);
            if ($query) {
                confirmMail($username . '@iitg.ernet.in');
                header('location:admin-manager.php?error=none');
            } else {
                header('location:admin-manager.php?error=connection');
            }
        } else {
            header('location:admin-manager.php?error=duplicate');
        }
    } else {
        header('location:admin-manager.php?error=match');
    }
}
Esempio n. 7
0
         } else {
             $message = "Your event has been added.";
             $allow = 1;
         }
         $groupallowed = safesql(serialize($_POST['groups']), "text");
         $signup = safesql($_POST['signup'], "int");
         $signupusers = safesql($_POST['signupusers'], "int");
         $patrols = $signupusers != 3 ? safesql(serialize($_POST['patrols']), "text") : safesql(serialize($_POST['invites']), "text");
         $timestamp = time();
         if ($data->insert_query("calendar_items", "{$insert}, {$allow}, {$groupallowed}, {$timestamp}, {$colour},{$signup}, {$signupusers},{$patrols}, 0")) {
             $title = safesql($_POST['summary'], "text");
             $article = $data->select_fetch_one_row("calendar_items", "WHERE summary={$title} AND date_post={$timestamp}");
             $data->insert_query("owners", "'', {$article['id']}, 'events', {$check['id']}, 0, 0, 0");
             $data->update_query("users", "numevent = numevent + 1", "uname='{$check['uname']}'");
             if (confirm('event')) {
                 confirmMail("event", $article);
             } else {
                 email('newitem', array("event", $article));
             }
             show_message($message, "index.php?page=mythings&menuid={$menuid}");
         } else {
             show_message("There was an error adding your event. If this error persists please contact the site administrator.", "index.php?page=addevent", true);
         }
     } else {
         show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addevent&menuid={$menuid}", true);
     }
 }
 $groups = group_sql_list_id("id", "OR");
 $teams = array();
 $team_query = $data->select_query("groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname");
 $numteams = $data->num_rows($team_query);
Esempio n. 8
0
         } else {
             $message = "Your article has been added.";
             $insertSQL .= ", 1";
         }
         $topics = safesql(serialize($_POST['topics']), "text");
         $order = safesql($_POST['order'], "int");
         $summary = safesql($_POST['summary'], "text");
         $related = safesql(serialize($_POST['articles']), "text");
         $insertSQL .= ", {$topics}, {$order}, {$summary}, {$related}";
         if ($data->insert_query("patrol_articles", $insertSQL . ", 0")) {
             $title = safesql($_POST['title'], "text");
             $article = $data->fetch_array($data->select_query("patrol_articles", "WHERE title={$title} AND date_post={$timestamp}"));
             $data->update_query("users", "numarticles = numarticles + 1", "id='{$check['id']}'");
             $data->insert_query("owners", "'', {$article['ID']}, 'articles', {$check['id']}, 0, 0, 0");
             if (confirm('article')) {
                 confirmMail("article", $article);
             } else {
                 email('newitem', array("article", $article));
             }
             show_message($message, "index.php?page=mythings&menuid={$menuid}");
         } else {
             show_message("There was an error adding your article. If this error persists please contact the site administrator.", "index.php?page=addarticle&menuid={$menuid}", true);
         }
     } else {
         show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addarticle&menuid={$menuid}", true);
     }
 } elseif ($_POST['preview'] == "Preview Article") {
     if (validate($_POST['validation'])) {
         $post['patrol'] = $_POST['patrol'];
         $post['title'] = $_POST['title'];
         $post['story'] = stripslashes($_POST['story']);