function admin_menu_dropdown()
{
//For custom admin pages
$custom_pages = unserialize(CUSTOM_PAGES_ARRAY);
$logged_in = login_check_logged_in_mini();
if ($logged_in > 1) {
//Admin dropdown menu
echo '<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">' . _("Admin tools") . '<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">
<li><a href="' . SITE_URL . '/?p=admin&s=users">' . _("Users") . '</a></li>
<li><a href="' . SITE_URL . '/?p=admin&s=version">' . _("Version") . '</a></li>
<li><a href="' . SITE_URL . '/?p=admin&s=news">' . _("Site news") . '</a></li>
<li><a href="' . SITE_URL . '/?p=admin&s=mess">' . _("Messages") . '</a></li>';
//Custom admin pages
foreach ($custom_pages as $name => $content) {
if (!strcmp($content['slug'], "admin")) {
if (isset($content['subpages']) && !empty($content['subpages'])) {
foreach ($content['subpages'] as $s_name => $s_content) {
echo '<li ><a href="' . SITE_URL . '/?p=' . $content['slug'] . '&s=' . $s_content['slug'] . '" >' . $s_name . '</a></li>';
}
}
}
}
echo '
</ul>
</li>';
}
}
function category_display_edit()
{
if (login_check_logged_in_mini() < 1) {
message_print_error(_("You need to be logged in to edit categories."));
return false;
}
if (isset($_REQUEST['id'])) {
echo "<h1>" . _("Editing category") . "</h2>";
category_display_form();
}
}
function notice_receive()
{
if (isset($_POST['notice_close'])) {
//Check that logged in user owns the notice
if (login_check_logged_in_mini() > 0) {
$sql = "UPDATE " . PREFIX . "notice \r\n\t\t\tSET closed=NOW()\r\n\t\t\tWHERE user="******" AND id=" . sql_safe($_POST['notice_id']) . ";";
if (!mysql_query($sql)) {
add_error(sprintf(_("Notice could not be closed.<br />SQL: %s<br />Error: %s"), $sql, mysql_error()));
}
}
}
}
function usermessage_receive()
{
// echo "<pre>".print_r($_POST,1)."</pre>";
if (isset($_POST['add_message']) && (!strcmp($_POST['add_message'], "Save this message") || !strcmp($_POST['add_message'], "Save new version"))) {
if (login_check_logged_in_mini() < 2) {
add_error(_("Unsuffient access"));
return NULL;
}
if ($_POST['event'] == "") {
add_error("Event cannot be empty");
} else {
if ($_POST['message'] == "") {
add_error("Message cannot be empty");
} else {
//ok, lägg in skiten då
if (!isset($_POST['subject']) || $_POST['subject'] == "") {
$subject = 'NULL';
} else {
$subject = $_POST['subject'];
}
if (!isset($_POST['criteria_name']) || $_POST['criteria_name'] == "") {
$criteria_name = 'NULL';
} else {
$criteria_name = $_POST['criteria_name'];
}
if (!isset($_POST['reward']) || $_POST['reward'] == "") {
$reward = 'NULL';
} else {
$reward = $_POST['reward'];
}
if (!isset($_POST['once'])) {
$once = "once";
} else {
$once = $_POST['once'];
}
$sendby_str = "";
$sendby = implode(",", $_POST['sendby']);
if ($sendby != "") {
}
$sendby_str = ", sendby='" . $sendby . "'";
$sql = "INSERT INTO " . PREFIX . "messages_to_users SET\r\n\t\t\tevent='" . sql_safe($_POST['event']) . "',\r\n\t\t\ttype='" . sql_safe($_POST['type']) . "',\r\n\t\t\tsubject='" . sql_safe($subject) . "',\r\n\t\t\tmessage='" . sql_safe($_POST['message']) . "',\r\n\t\t\tcriteria_name='" . sql_safe($criteria_name) . "',\r\n\t\t\treward='" . sql_safe($reward) . "',\r\n\t\t\tonce='" . sql_safe($once) . "'\r\n\t\t\t" . $sendby_str . ";";
// echo "DEBUG1415:<pre>$sql</pre>";
if (!mysql_query($sql)) {
add_error(sprintf(_("Message could not be added. Error: %s"), mysql_error()));
} else {
add_message(_("Message added"));
//Lägg in criterier också.
usermessage_criteria_save($criteria_name, $_POST['criteria']);
}
}
}
}
}
function display_custom_pages_menu()
{
$custom_pages = unserialize(CUSTOM_PAGES_ARRAY);
$logged_in_level = login_check_logged_in_mini();
// echo "<pre>".print_r($custom_pages,1)."</pre>";
foreach ($custom_pages as $name => $content) {
if ((!isset($content['req_user_level']) || $content['req_user_level'] < 1 || $logged_in_level >= $content['req_user_level']) && strcmp($content['slug'], "admin")) {
if (!isset($content['subpages']) || empty($content['subpages'])) {
echo '<li ><a href="' . SITE_URL . '/?p=' . $content['slug'] . '" >' . $name . '</a></li>';
} else {
echo '<li class="dropdown">
<a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-expanded="false">' . $name . '<span class="caret"></span></a>
<ul class="dropdown-menu" role="menu">';
foreach ($content['subpages'] as $s_name => $s_content) {
if (!isset($s_content['req_user_level']) || $s_content['req_user_level'] < 1 || $logged_in_level >= $s_content['req_user_level']) {
echo '<li ><a href="' . SITE_URL . '/?p=' . $content['slug'] . '&s=' . $s_content['slug'] . '" >' . $s_name . '</a></li>';
}
}
echo '</ul>
</li>';
}
}
}
}
function task_display_edit_single()
{
if (login_check_logged_in_mini() < 1) {
message_print_error(_("You need to be logged in to edit tasks."));
return false;
}
if (isset($_REQUEST['id'])) {
echo "<h1>" . _("Editing task") . "</h2>";
task_display_form();
}
}
function comment_show_comments($id, $type)
{
$nr = 0;
$inloggad = login_check_logged_in_mini();
//Hämta alla kommentarer
$sql = "SELECT * FROM " . PREFIX . "comment WHERE comment_on=" . sql_safe($id) . " AND comment_type='{$type}' AND is_spam<1;";
if ($cc = @mysql_query($sql)) {
while ($c = mysql_fetch_array($cc)) {
$nr++;
//Kolla om författaren är admin
$admin = user_get_admin($c['user']);
//skriv ut en anchor-pryl
echo '<span class="anchor" id="anchor_comment_' . $c['id'] . '"></span>';
//Skriv ut kommentar
if ($admin < 2) {
echo "<div class=\"comment\" id=\"comment_" . $c['id'] . "\">";
} else {
echo "<div class=\"comment admin_comment\" id=\"comment_" . $c['id'] . "\">";
}
comment_display_single($c['id']);
//Visa knapp för borttagning om man är admin
if ($inloggad > 1) {
echo "<form id=\"delete_comment_" . $c['id'] . "\" method=\"post\">\n\t\t\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"" . $c['id'] . "\">\n\t\t\t\t\t\t<input type=\"hidden\" name=\"deletecomment\" value=\"" . $c['id'] . "\">\n\t\t\t\t\t\t<input type=\"button\" name=\"deletecomment_button\" onclick=\"confirmation_delete('delete_comment_" . $c['id'] . "', '" . _("Do you really want to delete the comment? This cannot be undone.") . "')\" value=\"" . _("Remove comment") . "\">\n\t\t\t\t\t</form>";
// <input type=\"button\" name=\"deletecomment_button\" onclick=\"return confirm('"._("Do you really want to delete the comment? This cannot be undone.")."');\" value=\""._("Remove comment")."\">
if ($aa = mysql_query("SELECT user from " . PREFIX . "comment WHERE id=" . sql_safe($c['id']) . ";")) {
if ($a = mysql_fetch_array($aa)) {
//Kolla om det är användarens kommentar.
if (strcmp($a['user'], $_SESSION[PREFIX . "user_id"])) {
spam_show_clicker($c['id'], "comment");
}
}
}
} else {
if ($inloggad >= 1) {
//Om det är ens egen kommentar och den inte har några svar ska man kunna ta bort den.
if ($aa = mysql_query("SELECT user from " . PREFIX . "comment WHERE id=" . sql_safe($c['id']) . ";")) {
if ($a = mysql_fetch_array($aa)) {
//Kolla om det är användarens kommentar.
if (!strcmp($a['user'], $_SESSION[PREFIX . "user_id"])) {
//Kolla så att det inte finns några svar
if ($dd = mysql_query("SELECT id from " . PREFIX . "comment WHERE comment_on=" . sql_safe($c['id']) . " AND comment_type='comment';")) {
if (mysql_affected_rows() < 1) {
echo "<form id=\"delete_comment_" . $c['id'] . "\" method=\"post\">\n\t\t\t\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"id\" value=\"" . $c['id'] . "\">\n\t\t\t\t\t\t\t\t\t\t\t<input type=\"hidden\" name=\"deletecomment\" value=\"" . $c['id'] . "\">\n\t\t\t\t\t\t\t\t\t\t\t<input type=\"button\" name=\"deletecomment_button\" onclick=\"confirmation_delete('delete_comment_" . $c['id'] . "', '" . _("Do you really want to delete the comment? This cannot be undone.") . "')\" value=\"" . _("Remove comment") . "\">\n\t\t\t\t\t\t\t\t\t\t</form>";
// <input type=\"button\" name=\"deletecomment_button\" onclick=\"return confirm('"._("Do you really want to delete the comment? This cannot be undone.")."');\" value=\""._("Remove comment")."\">
}
}
} else {
spam_show_clicker($c['id'], "comment");
}
}
}
}
}
if ($inloggad > 0) {
//Om man är inloggad ska man kunna svara
echo "<a class=\"button\" onClick=\"showhide('replyto" . $c['id'] . "');\" href=\"#reply\">" . _("Reply") . "</a>";
echo "<div id=\"replyto" . $c['id'] . "\" style=\"display:none\">";
comment_form_show($c['id'], "comment", "");
echo "</div>";
} else {
//Om man inte är inloggad ska man kunna svara med captcha
echo "<a class=\"button\" onClick=\"showhide('replyto" . $c['id'] . "');\" href=\"#reply\">" . _("Reply") . "</a>";
echo "<div id=\"replyto" . $c['id'] . "\" style=\"display:none\">";
comment_form_show($c['id'], "comment", "");
echo "</div>";
}
//Skriv ut svar på denna
//echo "<br />DEBUG: $nr + comment_show_comments = ";
$nr += comment_show_comments($c['id'], "comment");
//echo "$nr";
echo "</div>";
}
}
//echo "<br />DEBUG: return $nr;";
return $nr;
}
function feedback_display_size_buttons($id, $div_id = "", $before_text = "", $after_text = "")
{
// echo "<p>feedback_display_size_buttons</p>";
// if(isset($_SESSION[PREFIX.'user_id']) && ($_SESSION[PREFIX.'user_id']==feedback_get_user($id) || $_SESSION[PREFIX."inloggad"]>=3))
if (login_check_logged_in_mini() > 1) {
$is_show = true;
} else {
$is_show = false;
}
if ($is_show) {
echo $before_text;
}
// else
// echo "noshow";
// echo "=)";
if ($div_id == "") {
$div_id = "feedback_size_buttons_" . $id;
}
echo "<div id=\"" . $div_id . "\">";
if ($is_show) {
echo '<form class="form-inline">
<div class="form-group">';
echo "<h4>" . _("Size") . ":</h4>";
$size = feedback_get_size($id);
if ($size == 1) {
echo "<strong>[" . _("Bugfix") . "]</strong> ";
} else {
echo "<input type=\"submit\" id=\"bug_" . $id . "\" class=\"form-control\" onclick=\"feedback_operation('bugfix'," . $id . ", '" . $div_id . "'); return false;\" value=\"" . _("Bugfix") . "\">";
}
if ($size == 2) {
echo "<strong>[" . _("Required") . "]</strong> ";
} else {
echo "<button class=\"form-control\" id=\"bug_" . $id . "\" onclick=\"feedback_operation('required'," . $id . ", '" . $div_id . "'); return false;\">" . _("Required") . "</button>";
}
if ($size == 3) {
echo "<strong>[" . _("Small improvement") . "]</strong> ";
} else {
echo "<button class=\"form-control\" id=\"bug_" . $id . "\" onclick=\"feedback_operation('small_improvement'," . $id . ", '" . $div_id . "'); return false;\">" . _("Small improvement") . "</button>";
}
if ($size == 4) {
echo "<strong>[" . _("Big change") . "]</strong> ";
} else {
echo "<button class=\"form-control\" id=\"bug_" . $id . "\" onclick=\"feedback_operation('big_change'," . $id . ", '" . $div_id . "'); return false;\">" . _("Big change") . "</button>";
}
echo "</div>";
echo "</form>";
}
echo "</div>";
if ($is_show) {
echo $after_text;
}
}
function privmess_display_single_message($message_id)
{
if (login_check_logged_in_mini() > 0) {
//Show message
$sql = "SELECT sender, sent, subject, message, reciever\r\n\t\t\tFROM " . PREFIX . "privmess \r\n\t\t\tWHERE (reciever='" . sql_safe($_SESSION[PREFIX . 'user_id']) . "' OR sender='" . sql_safe($_SESSION[PREFIX . 'user_id']) . "')\r\n\t\t\tAND id=" . sql_safe($message_id) . ";";
if ($mm = mysql_query($sql)) {
if ($m = mysql_fetch_array($mm)) {
$message = str_replace("\n\r", "<br />", $m['message']);
$message = str_replace("\r\n", "<br />", $message);
$message = str_replace("\n", "<br />", $message);
$message = str_replace("\r", "<br />", $message);
$message = str_replace("<br /><br />", "</p><p>", $message);
$message = str_replace("</p><p></p><p>", "</p><p>", $message);
$reply_link = '<a class="btn btn-default"
href="#reply"
aria-controls="reply"
role="tab"
data-toggle="tab"
onclick="return replace_html_div_inner(\'reply\', \'' . SITE_URL . '/operation/privmess_reply.php?message_id=' . $message_id . '\');"
>';
echo '
<div class="row">
<div class="col-xm-12">
<div class="panel panel-default">
<div class="panel-heading">
<p class="author">';
if ($m['sender']) {
echo sprintf(_("Sent by: %s"), user_get_link($m['sender'])) . '<br />';
}
echo sprintf(_("Time sent: %s"), date("Y-m-d H:i", strtotime($m['sent']))) . '</p>
<h1 class="panel-title">' . $m['subject'] . '</h1>
<div class="clearfix"></div>
</div>
<div class="panel-body">
<p>' . $message . '</p>
</div>
<div class="panel-footer">';
if ($m['reciever'] == $_SESSION[PREFIX . 'user_id']) {
echo '
<form method="get">
<input type="hidden" name="message_id" value="' . $message_id . '">
<input type="hidden" name="p" value="user">
<input type="hidden" name="s" value="privmess">';
if ($m['sender']) {
echo $reply_link . _("Reply") . '</a>';
}
echo '
<input type="submit" name="privmess_mark_unread" value="' . _("Mark unread") . '" class="btn btn-default">
<input type="submit" name="privmess_delete" value="' . _("Delete") . '" class="btn btn-default"
onclick="return confirm(\'' . _("Are you sure you want to delete this message?") . '\')">';
echo '
</form>
';
} else {
echo "<p>" . sprintf(_("Sent to %s"), user_get_link($m['reciever'])) . "</p>";
}
echo '
</div>
</div>
</div>
</div>';
} else {
echo "<p class=\"error\">Message could not be found</p>";
}
}
} else {
echo "Not logged in";
}
}
function login_display_link($a_text = "")
{
login_check_logged_in_mini();
if (isset($_SESSION[PREFIX . "username"])) {
//User dropdown menu
user_display_dropdown();
} else {
// echo '<a href="#main_login_form" onclick="toggleshow(\'main_login_form\');">'._("Log in").'</a>';
// echo '<a href="#main_login_form" onclick="$( \'#main_login_form\' ).slideDown( \'normal\');">'._("Log in").'</a>';
echo '<a class="hidden-lg hidden-md hidden-sm" href="#" onclick="$( \'#main_login_form\' ).slideDown( \'normal\');" ' . $a_text . '>' . _("Log in") . '</a>';
//Just on small (xs) devices
echo '<a class="hidden-xs" href="#" onclick="$( \'#main_login_form\' ).slideDown( \'normal\');" ' . '>' . _("Log in") . '</a>';
//Not on small (xs) devices
}
}
<?php
message_display_messages_and_errors();
if (login_check_logged_in_mini() > 0) {
notice_display_notices($_SESSION[PREFIX . 'user_id']);
}
if (isset($_GET['reg'])) {
//Register form
login_form_registration();
} else {
if (isset($_GET['lostpassword'])) {
login_password_recovery_display();
} else {
if (isset($_GET['p'])) {
if (custom_page_display()) {
//Do nothing else. =)
} else {
if (!strcmp($_GET['p'], "feedback")) {
feedback_show();
} else {
if (!strcmp($_GET['p'], "news")) {
news_show();
} else {
if (!strcmp($_GET['p'], "user") && isset($_GET['s']) && !strcmp($_GET['s'], "profile")) {
if (isset($_GET['user'])) {
$user = $_GET['user'];
} else {
if (isset($_SESSION[PREFIX . 'user_id'])) {
$user = $_SESSION[PREFIX . 'user_id'];
} else {
echo "<p class=\"well message_box\">" . _("Missing user id") . "</p>";
function user_display_settings()
{
login_check_logged_in_mini();
if (isset($_GET['user'])) {
if (user_get_admin($_SESSION[PREFIX . "user_id"]) && user_exists($_GET['user'])) {
$user_id = $_GET['user'];
}
} else {
$user_id = $_SESSION[PREFIX . "user_id"];
}
if (!$user_id) {
echo "<div class=\"message_box error well\">No valid user</div>";
} else {
echo "<h1>" . sprintf(_("Settings for %s"), user_get_name($user_id)) . "</h1>";
echo '<form method="post">';
//Username
echo '<div class="form-group">
<label for="username_input">' . _("Username") . '</label>
<input type="text" name="username" id="username_input" placeholder="' . _("Username") . '" class="form-control" value="' . user_get_name($user_id) . '">
</div>';
//email
echo '<div class="form-group">
<label for="email_input">' . _("Email") . '</label>
<input type="text" name="email" id="email_input" placeholder="' . _("Email") . '" class="form-control" value="' . user_get_email($user_id) . '">
</div>';
//password
echo '<div class="form-group">
<label for="password_input">' . _("Password") . '</label>
<input type="password" name="password" id="password_input" placeholder="' . _("Password") . '" class="form-control">
</div>';
//Flattr id
echo '<div class="form-group">
<label for="flattr_id_input">' . _("Flattr id") . '</label>
<input type="text" name="flattr_id" id="flattr_id_input" placeholder="' . _("Flattr id") . '" class="form-control" value="' . flattr_get_flattrID($user_id) . '">
</div>';
//Flattr choice
// echo "<pre>".print_r(flattr_get_flattr_choice($user_id, "comment"),1)."</pre>";
echo '<div class="checkbox">';
echo '<label>
<input type="checkbox" name="flattr_choice[]" value="comment"';
if (flattr_get_flattr_choice($user_id, "comment")) {
echo ' checked';
}
echo '>
' . sprintf(_("Display Flattr-button on <strong>%s</strong>"), _("comments")) . '
</label>';
echo '</div>';
echo '<div class="checkbox">';
echo '<label>
<input type="checkbox" name="flattr_choice[]" value="feedback"';
if (flattr_get_flattr_choice($user_id, "feedback")) {
echo ' checked';
}
echo '>
' . sprintf(_("Display Flattr-button on <strong>%s</strong>"), _("feedbacks")) . '
</label>';
echo '</div>';
if (defined('CUSTOM_SETTINGS')) {
$custom_settings = unserialize(CUSTOM_SETTINGS);
if (isset($custom_settings['flattr'])) {
foreach ($custom_settings['flattr'] as $custom_flattr_choice => $translation) {
user_setting_flattr_display($user_id, $custom_flattr_choice, $translation);
}
}
}
//Save button
echo '<input type="submit" class="btn btn-success" value="' . _("Save") . '" name="user_update_settings">';
echo '</form>';
}
}
