function updateUserPass($username, $md5pass)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['users_column'];
$result = $dbconn->Execute("UPDATE {$pntable['users']}\n SET {$column['pass']} = '" . pnVarPrepForStore($md5pass) . "'\n WHERE {$column['uname']}='" . pnVarPrepForStore($username) . "'");
}
function blocks_related_block($row)
{
global $sid, $story;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if ($story['topic']) {
$row['content'] = '<font class="pn-normal">';
$column =& $pntable['stories_column'];
$sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC";
$result = $dbconn->SelectLimit($sql, 1);
$mrow = $result->GetRowAssoc(false);
$result->MoveNext();
$column =& $pntable['related_column'];
$result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . "");
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
$result->MoveNext();
$row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n";
}
$row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>';
return themesideblock($row);
}
}
function blocks_ephem_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['ephem_column'];
$querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')";
} else {
$querylang = "";
}
$today = getdate();
$eday = $today['mday'];
$emonth = $today['mon'];
$column =& $pntable['ephem_column'];
$result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}");
$boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />';
while (list($yid, $content) = $result->fields) {
$result->MoveNext();
$boxstuff .= '<br /><br />';
$boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . '';
}
if (empty($row['title'])) {
$row['title'] = _EPHEMERIDS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
/**
* Function to display banners in all pages
*/
function pnBannerDisplay($type = 0)
{
// test on config settings
if (pnConfigGetVar('banners') != 1) {
return ' ';
}
// added check for numeric type - markwest
if (!is_numeric($type)) {
return ' ';
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['banner_column'];
$bresult =& $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'");
list($numrows) = $bresult->fields;
// we no longer need this, free the resources
$bresult->Close();
/* Get a random banner if exist any. */
/* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
if ($numrows > 1) {
$numrows = $numrows - 1;
mt_srand((double) microtime() * 1000000);
$bannum = mt_rand(0, $numrows);
} else {
$bannum = 0;
}
$column =& $pntable['banner_column'];
//$query = buildSimpleQuery ('banner', array ('bid', 'imageurl','clickurl'), "$column[type] = $type", '', 1, $bannum);
$query = "SELECT {$column['bid']}, {$column['imageurl']}, {$column['clickurl']}\n\t\t\t\tFROM {$pntable['banner']}\n\t\t\t\tWHERE {$column['type']} = '" . (int) pnVarPrepForStore($type) . "'";
$bresult2 =& $dbconn->SelectLimit($query, 1, $bannum);
list($bid, $imageurl, $clickurl) = $bresult2->fields;
// we no longer need this, free the resources
$bresult2->Close();
$myIP = pnConfigGetVar('myIP');
$myhost = pnServerGetVar("REMOTE_ADDR");
if (!empty($myIP) && substr($myhost, 0, strlen($myIP)) == $myIP) {
// itevo, MNA: added temporary variable to check when inserting a finished banner (insert only when variable is not set)
$ignore_bannerfinish = 1;
} else {
$dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
if ($numrows > 0) {
$aborrar =& $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
$aborrar->Close();
/* Check if this impression is the last one and print the banner */
if ($imptotal == $impmade && !isset($ignore_bannerfinish)) {
$column =& $pntable['bannerfinish_column'];
$dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
$dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . (int) pnVarPrepForStore($bid) . "");
}
list($bid, $clickurl, $imageurl) = pnVarPrepForDisplay($bid, $clickurl, $imageurl);
if ($type == 1 or $type == 2 or $type == 0) {
echo "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
} else {
$content = "<a href=\"banners.php?op=click&bid={$bid}\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" alt=\"{$clickurl}\" /></a>";
return $content;
}
}
}
/**
* Function to display banners in all pages
*/
function pnBannerDisplay($type = 0)
{
// test on config settings
if (pnConfigGetVar('banners') != 1) {
return ' ';
}
// added check for numeric type - markwest
if (!is_numeric($type)) {
return ' ';
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['banner_column'];
$bresult = $dbconn->Execute("SELECT count(*) AS count FROM {$pntable['banner']}\n\t\t\t\t\t\t\t\tWHERE {$column['type']} = {$type}");
list($numrows) = $bresult->fields;
// we no longer need this, free the resources
$bresult->Close();
/* Get a random banner if exist any. */
/* More efficient random stuff, thanks to Cristian Arroyo from http://www.planetalinux.com.ar */
if ($numrows > 1) {
$numrows = $numrows - 1;
mt_srand((double) microtime() * 1000000);
$bannum = mt_rand(0, $numrows);
} else {
$bannum = 0;
}
$column =& $pntable['banner_column'];
$query = buildSimpleQuery('banner', array('bid', 'imageurl', 'clickurl'), "{$column['type']} = {$type}", '', 1, $bannum);
$bresult2 = $dbconn->Execute($query);
list($bid, $imageurl, $clickurl) = $bresult2->fields;
// we no longer need this, free the resources
$bresult2->Close();
$myIP = pnConfigGetVar('myIP');
$myhost = getenv("REMOTE_ADDR");
if ($myIP == $myhost) {
// do nothing
} else {
$dbconn->Execute("UPDATE {$pntable['banner']}\n SET {$column['impmade']}={$column['impmade']}+1\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
}
if ($numrows > 0) {
$aborrar = $dbconn->Execute("SELECT {$column['cid']},{$column['imptotal']},\n {$column['impmade']}, {$column['clicks']},\n {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
list($cid, $imptotal, $impmade, $clicks, $date) = $aborrar->fields;
$aborrar->Close();
/* Check if this impression is the last one and print the banner */
if ($imptotal == $impmade) {
$column =& $pntable['bannerfinish_column'];
$dbconn->Execute("INSERT INTO {$pntable['bannerfinish']}\n ( {$column['bid']}, {$column['cid']}, {$column['impressions']}, {$column['clicks']}, {$column['datestart']}, {$column['dateend']} )\n VALUES (NULL, '" . pnVarPrepForStore($cid) . "', '" . pnVarPrepForStore($impmade) . "', '" . pnVarPrepForStore($clicks) . "', '" . pnVarPrepForStore($date) . "', now())");
$dbconn->Execute("DELETE FROM {$pntable['banner']} WHERE {$column['bid']}=" . pnVarPrepForStore($bid) . "");
}
if ($type == 1 or $type == 2 or $type == 0) {
echo "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
} else {
$content = "<a href=\"banners.php?op=click&bid={$bid}\" target=\"_blank\" title=\"{$clickurl}\"><img src=\"{$imageurl}\" border=\"0\" alt=\"" . _CLICK . "\"></a>";
return $content;
}
}
}
function blocks_category_block($row)
{
global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['stories_cat_column'];
$result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($catid == "") {
// $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />';
$boxstuff .= "";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />";
}
for (; !$result->EOF; $result->MoveNext()) {
$srow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($catid == $srow['catid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _CATEGORIES;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function blocks_user_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
$column =& $pntable['users_column'];
$uid = pnUserGetVar('uid');
$getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
list($ublock) = $getblock->fields;
$username = pnUserGetVar('name');
$row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
$row['content'] = $ublock;
return themesideblock($row);
}
}
function getusrinfo($user)
{
global $userinfo;
if (empty($user)) {
return;
}
if (isset($userinfo['uid'])) {
return $userinfo;
}
$user3 = cookiedecode();
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column = $pntable['users_column'];
$sql = "SELECT {$column['uid']} AS uid,\n {$column['name']} AS name,\n {$column['uname']} AS uname,\n {$column['email']} AS email,\n {$column['femail']} AS femail,\n {$column['url']} AS url,\n {$column['user_avatar']} AS user_avatar,\n {$column['user_icq']} AS user_icq,\n {$column['user_occ']} AS user_occ,\n {$column['user_from']} AS user_from,\n {$column['user_intrest']} AS user_intrest,\n {$column['user_sig']} AS user_sig,\n {$column['user_viewemail']} AS user_viewemail,\n {$column['user_theme']} AS user_theme,\n {$column['user_aim']} AS user_aim,\n {$column['user_yim']} AS user_yim,\n {$column['user_msnm']} AS user_msnm,\n {$column['pass']} AS pass,\n {$column['storynum']} AS storynum,\n {$column['umode']} AS umode,\n {$column['uorder']} AS uorder,\n {$column['thold']} AS thold,\n {$column['noscore']} AS noscore,\n {$column['bio']} AS bio,\n {$column['ublockon']} AS ublockon,\n {$column['ublock']} AS ublock,\n {$column['theme']} AS theme,\n {$column['commentmax']} AS commentmax,\n {$column['timezone_offset']} AS timezone_offset\n FROM {$pntable['users']}\n WHERE {$column['uname']} = '" . pnVarPrepForStore($user3[1]) . "'";
$result = $dbconn->Execute($sql);
if ($result->PO_RecordCount() == 1) {
$userinfo = $result->GetRowAssoc(false);
} else {
echo "Problem obtaining user information<br>";
}
return $userinfo;
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
if (!pnModAvailable('Downloads')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$row['description'] = strip_tags($row['description']);
if (strlen($row['description']) > 128) {
$row['description'] = substr($row['description'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_DOWNLOADS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
$dbconn->Execute("UPDATE {$pntable['counter']}\n SET {$column['count']}={$column['count']}+1\n WHERE ({$column['type']}='total' AND {$column['var']}='hits')\n OR ({$column['var']}='" . pnVarPrepForStore($browser) . "' AND {$column['type']}='browser')\n OR ({$column['var']}='" . pnVarPrepForStore($os) . "' AND {$column['type']}='os')");
/* Per-Day-Counter */
$xydate = date("dmY");
$column =& $pntable['stats_date_column'];
$xyval = $dbconn->Execute("SELECT {$column['hits']} as hits\n FROM {$pntable['stats_date']}\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'");
if ($dbconn->ErrorNo() != 0) {
echo "Error accessing stats information<P>";
}
$ttemp = $xyval->GetRowAssoc(false);
$xyval->MoveNext();
$happend = $ttemp['hits'];
if ($happend == "" || $happend == false || !$happend) {
$column =& $pntable['stats_date_column'];
$dbconn->Execute("INSERT INTO {$pntable['stats_date']}\n ({$column['date']}, {$column['hits']}) VALUES ('" . pnVarPrepForStore($xydate) . "','1')");
} else {
$column =& $pntable['stats_date_column'];
$dbconn->Execute("UPDATE {$pntable['stats_date']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['date']}='" . pnVarPrepForStore($xydate) . "'");
}
/* Per-Hour-Counter */
$xyhour = date("G");
$column =& $pntable['stats_hour_column'];
$dbconn->Execute("UPDATE {$pntable['stats_hour']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['hour']}='" . pnVarPrepForStore($xyhour) . "'");
/* Weekday-Counter */
$xyweekday = date("w");
$column =& $pntable['stats_week_column'];
$dbconn->Execute("UPDATE {$pntable['stats_week']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['weekday']}='" . pnVarPrepForStore($xyweekday) . "'");
/* Month-Counter */
$xymonth = date("m");
$column =& $pntable['stats_month_column'];
$dbconn->Execute("UPDATE {$pntable['stats_month']}\n SET {$column['hits']}={$column['hits']}+1\n WHERE {$column['month']}='" . pnVarPrepForStore($xymonth) . "'");
}
/**
* set a configuration variable
* @param name the name of the variable
* @param value the value of the variable
* @returns bool
* @return true on success, false on failure
*/
function pnConfigSetVar($name, $value)
{
/*
* The database parameter are not allowed to change
*/
if (empty($name) || $name == 'dbtype' || $name == 'dbhost' || $name == 'dbuname' || $name == 'dbpass' || $name == 'dbname' || $name == 'system' || $name == 'prefix' || $name == 'encoded') {
return false;
}
/*
* Test on missing record
*
* Also solve SF-bug #580951
*/
$must_insert = true;
global $pnconfig;
foreach ($pnconfig as $k => $v) {
/*
* Test if the key name is in the array
*/
if ($k == $name) {
/*
* Set flag
*/
$must_insert = false;
/*
* Test on change. If not, just quit now
*/
if ($v == $value) {
return true;
}
/*
* End loop after success
*/
break;
}
}
/*
* Fetch base data
*/
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$table = $pntable['module_vars'];
$columns =& $pntable['module_vars_column'];
/*
* Update the table
*/
if ($must_insert) {
/*
* Insert
*/
$query = "INSERT INTO {$table}\n ({$columns['modname']},\n {$columns['name']},\n {$columns['value']})\n VALUES ('" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "',\n '" . pnVarPrepForStore($name) . "',\n '" . pnVarPrepForStore(serialize($value)) . "')";
} else {
/*
* Update
*/
$query = "UPDATE {$table}\n SET {$columns['value']}='" . pnVarPrepForStore(serialize($value)) . "'\n WHERE {$columns['modname']}='" . pnVarPrepForStore(_PN_CONFIG_MODULE) . "'\n AND {$columns['name']}='" . pnVarPrepForStore($name) . "'";
}
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
/*
* Update my vars
*/
$pnconfig[$name] = $value;
return true;
}
function postcalendar_admin_categoryLimitsUpdate()
{
if (!PC_ACCESS_ADMIN) {
return _POSTCALENDAR_NOAUTH;
}
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit');
$updates = array();
if (isset($id)) {
foreach ($id as $k => $i) {
$found = false;
if (count($del)) {
foreach ($del as $d) {
if ($i == $d) {
$found = true;
break;
}
}
}
if (!$found) {
$start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0));
$end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0));
$update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}";
array_push($updates, $update_sql);
}
}
}
$dels = implode(",", $del);
$delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})";
$e = $msg = '';
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) {
$e .= 'UPDATE FAILED';
}
if (isset($dels)) {
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) {
$e .= 'DELETE FAILED';
}
}
if (isset($newLimit) && $newLimit > 0) {
$start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0));
$end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0));
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) {
$e .= 'INSERT FAILED';
}
}
if (empty($e)) {
$msg = 'DONE';
}
$output->Text(postcalendar_admin_categoryLimits($msg, $e));
return $output->GetOutput();
}
/**
* postcalendar_userapi_buildSubmitForm()
* create event submit form
*/
function postcalendar_userapi_buildSubmitForm($args, $admin = false)
{
$_SESSION['category'] = "";
if (!PC_ACCESS_ADD) {
return _POSTCALENDARNOAUTH;
}
extract($args);
unset($args);
//since we seem to clobber category
$cat = $category;
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
// set up Smarty
$tpl = new pcSmarty();
$tpl->caching = false;
$template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate');
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Setup the correct config file path for the templates
//=================================================================
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$modir = pnVarPrepForOS($modinfo['directory']);
$modname = $modinfo['displayname'];
$all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
//print_r($all_categories);
unset($modinfo);
$tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/";
//=================================================================
// PARSE MAIN
//=================================================================
$tpl->assign('webroot', $GLOBALS['web_root']);
$tpl->assign_by_ref('TPL_NAME', $template_name);
$tpl->assign('FUNCTION', pnVarCleanFromInput('func'));
$tpl->assign_by_ref('ModuleName', $modname);
$tpl->assign_by_ref('ModuleDirectory', $modir);
$tpl->assign_by_ref('category', $all_categories);
$tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER);
$tpl->assign('EventTitle', _PC_EVENT_TITLE);
$tpl->assign('Required', _PC_REQUIRED);
$tpl->assign('DateTimeTitle', _PC_DATE_TIME);
$tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT);
$tpl->assign('TimedEventTitle', _PC_TIMED_EVENT);
$tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION);
$tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS);
$tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES);
$tpl->assign('EventDescTitle', _PC_EVENT_DESC);
//the double book variable comes from the eventdata array that is
//passed here and extracted, injection is not an issue here
if (is_numeric($double_book)) {
$tpl->assign('double_book', $double_book);
}
//pennfirm begin patient info handling
$ProviderID = pnVarCleanFromInput("provider_id");
if (is_numeric($ProviderID)) {
$tpl->assign('ProviderID', $ProviderID);
$tpl->assign('provider_id', $ProviderID);
} elseif (is_numeric($event_userid) && $event_userid != 0) {
$tpl->assign('ProviderID', $event_userid);
$tpl->assign('provider_id', $event_userid);
} else {
if ($_SESSION['userauthorized'] == 1) {
$tpl->assign('ProviderID', $_SESSION['authUserID']);
} else {
$tpl->assign('ProviderID', "");
}
}
$provinfo = getProviderInfo();
$tpl->assign('providers', $provinfo);
$PatientID = pnVarCleanFromInput("patient_id");
// limit the number of results returned by getPatientPID
// this helps to prevent the server from stalling on a request with
// no PID and thousands of PIDs in the database -- JRM
// the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc
$plistlimit = 500;
if (is_numeric($PatientID)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit)));
} elseif (is_numeric($event_pid)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit)));
} else {
$tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit)));
}
$tpl->assign('event_pid', $event_pid);
$tpl->assign('event_aid', $event_aid);
$tpl->assign('event_category', pnVarCleanFromInput("event_category"));
if (empty($event_patient_name)) {
$patient_data = getPatientData($event_pid, $given = "lname, fname");
$event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname'];
}
$tpl->assign('patient_value', $event_patient_name);
//=================================================================
// PARSE INPUT_EVENT_TITLE
//=================================================================
$tpl->assign('InputEventTitle', 'event_subject');
$tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject));
//=================================================================
// PARSE SELECT_DATE_TIME
//=================================================================
// It seems that with Mozilla at least, <select> fields that are disabled
// do not get passed as form data. Therefore we ignore $double_book so
// that the fields will not be disabled. -- Rod 2005-03-22
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear));
$formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTime', $formdata);
$tpl->assign('InputAllday', 'event_allday');
$tpl->assign('ValueAllday', '1');
$tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : '');
$tpl->assign('InputTimed', 'event_allday');
$tpl->assign('ValueTimed', '0');
$tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : '');
$tpl->assign('STYLE', $GLOBALS['style']);
//=================================================================
// PARSE SELECT_END_DATE_TIME
//=================================================================
$output->SetOutputMode(_PNH_RETURNOUTPUT);
//if there is no end date we want the box to read todays date instead of jan 01 1994 :)
if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) {
$event_endmonth = $month;
$event_endday = $day;
$event_endyear = $year;
}
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear));
$formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectEndDate', $formdata);
//=================================================================
// PARSE SELECT_TIMED_EVENT
//=================================================================
$stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem));
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, '');
$timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, '');
if (!_SETTING_TIME_24HOUR) {
$ampm = array();
$ampm[0]['id'] = pnVarPrepForStore(_AM_VAL);
$ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM);
$ampm[1]['id'] = pnVarPrepForStore(_PM_VAL);
$ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM);
if ($event_startampm == "AM" || $event_startampm == _AM_VAL) {
$ampm[0]['selected'] = 1;
} else {
$ampm[1]['selected'] = 1;
}
$timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, '');
} else {
$timed_ampm = '';
}
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectTimedHours', $timed_hours);
$tpl->assign('SelectTimedMinutes', $timed_minutes);
$tpl->assign('SelectTimedAMPM', $timed_ampm);
$tpl->assign('event_startday', $event_startday);
$tpl->assign('event_startmonth', $event_startmonth);
$tpl->assign('event_startyear', $event_startyear);
$tpl->assign('event_starttimeh', $event_starttimeh);
$tpl->assign('event_starttimem', $event_starttimem);
$tpl->assign('event_startampm', $event_startampm);
$tpl->assign('event_dur_hours', $event_dur_hours);
$tpl->assign('event_dur_minutes', $event_dur_minutes);
//=================================================================
// PARSE SELECT_DURATION
//=================================================================
$event_dur_hours = (int) $event_dur_hours;
for ($i = 0; $i <= 24; $i += 1) {
$TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
}
$tpl->assign('TimedDurationHours', $TimedDurationHours);
$tpl->assign('InputTimedDurationHours', 'event_dur_hours');
$found_time = false;
for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) {
$TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
if ($TimedDurationMinutes[$i]['selected'] == 'selected') {
$found_time = true;
}
}
if (!$found_time) {
$TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes));
}
$tpl->assign('TimedDurationMinutes', $TimedDurationMinutes);
$tpl->assign('hidden_event_dur_minutes', $event_dur_minutes);
$tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes');
//=================================================================
// PARSE INPUT_EVENT_DESC
//=================================================================
$tpl->assign('InputEventDesc', 'event_desc');
if (empty($pc_html_or_text)) {
$display_type = substr($event_desc, 0, 6);
if ($display_type == ':text:') {
$pc_html_or_text = 'text';
$event_desc = substr($event_desc, 6);
} elseif ($display_type == ':html:') {
$pc_html_or_text = 'html';
$event_desc = substr($event_desc, 6);
} else {
$pc_html_or_text = 'text';
}
unset($display_type);
}
$tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc));
$eventHTMLorText = "<select name=\"pc_html_or_text\">";
if ($pc_html_or_text == 'text') {
$eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>";
} else {
$eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>";
}
if ($pc_html_or_text == 'html') {
$eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>";
} else {
$eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>";
}
$eventHTMLorText .= "</select>";
$tpl->assign('EventHTMLorText', $eventHTMLorText);
//=================================================================
// PARSE select_event_topic_block
//=================================================================
$tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS);
if ((bool) _SETTING_DISPLAY_TOPICS) {
$a_topics =& postcalendar_userapi_getTopics();
$topics = array();
foreach ($a_topics as $topic) {
array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text']));
}
unset($a_topics);
// only show this if we have topics to show
if (count($topics) > 0) {
$tpl->assign('topics', $topics);
$tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC);
$tpl->assign('InputEventTopic', 'event_topic');
}
}
//=================================================================
// PARSE select_event_type_block
//=================================================================
$categories = array();
foreach ($all_categories as $category) {
array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc']));
}
// only show this if we have categories to show
// you should ALWAYS have at least one valid category
if (count($categories) > 0) {
$tpl->assign('categories', $categories);
$tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY);
$tpl->assign('InputEventCategory', 'event_category');
$tpl->assign('hidden_event_category', $event_category);
}
//=================================================================
// PARSE event_sharing_block
//=================================================================
$data = array();
if (_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE));
array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC));
array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY));
}
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL));
}
$sharing = array();
foreach ($data as $cell) {
array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1]));
}
//pennfirm get list of providers from openemr code in calendar.inc
$tpl->assign("user", getCalendarProviderInfo());
$tpl->assign('sharing', $sharing);
$tpl->assign('EventSharingTitle', _PC_SHARING);
$tpl->assign('InputEventSharing', 'event_sharing');
//=================================================================
// location information
//=================================================================
$tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION);
$tpl->assign('InputLocation', 'event_location');
$tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location));
$tpl->assign('EventStreetTitle', _PC_EVENT_STREET);
$tpl->assign('InputStreet1', 'event_street1');
$tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1));
$tpl->assign('InputStreet2', 'event_street2');
$tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2));
$tpl->assign('EventCityTitle', _PC_EVENT_CITY);
$tpl->assign('InputCity', 'event_city');
$tpl->assign('ValueCity', pnVarPrepForDisplay($event_city));
$tpl->assign('EventStateTitle', _PC_EVENT_STATE);
$tpl->assign('InputState', 'event_state');
$tpl->assign('ValueState', pnVarPrepForDisplay($event_state));
$tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL);
$tpl->assign('InputPostal', 'event_postal');
$tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal));
//=================================================================
// contact information
//=================================================================
$tpl->assign('EventContactTitle', _PC_EVENT_CONTACT);
$tpl->assign('InputContact', 'event_contname');
$tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname));
$tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE);
$tpl->assign('InputPhone', 'event_conttel');
$tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel));
$tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL);
$tpl->assign('InputEmail', 'event_contemail');
$tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail));
$tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE);
$tpl->assign('InputWebsite', 'event_website');
$tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website));
$tpl->assign('EventFeeTitle', _PC_EVENT_FEE);
$tpl->assign('InputFee', 'event_fee');
$tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee));
//=================================================================
// Repeating Information
//=================================================================
$tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER);
$tpl->assign('NoRepeatTitle', _PC_NO_REPEAT);
$tpl->assign('RepeatTitle', _PC_REPEAT);
$tpl->assign('RepeatOnTitle', _PC_REPEAT_ON);
$tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH);
$tpl->assign('EndDateTitle', _PC_END_DATE);
$tpl->assign('NoEndDateTitle', _PC_NO_END);
$tpl->assign('InputNoRepeat', 'event_repeat');
$tpl->assign('ValueNoRepeat', '0');
$tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : '');
$tpl->assign('InputRepeat', 'event_repeat');
$tpl->assign('ValueRepeat', '1');
$tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH);
$keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH);
$repeat_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreq', 'event_repeat_freq');
if (empty($event_repeat_freq) || $event_repeat_freq < 1) {
$event_repeat_freq = 1;
}
$tpl->assign('InputRepeatFreqVal', $event_repeat_freq);
$tpl->assign('repeat_freq', $repeat_freq);
unset($in);
$in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR);
$keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR);
$repeat_freq_type = array();
foreach ($in as $k => $v) {
array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type');
$tpl->assign('repeat_freq_type', $repeat_freq_type);
$tpl->assign('InputRepeatOn', 'event_repeat');
$tpl->assign('ValueRepeatOn', '2');
$tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST);
$keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST);
$repeat_on_num = array();
foreach ($in as $k => $v) {
array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnNum', 'event_repeat_on_num');
$tpl->assign('repeat_on_num', $repeat_on_num);
unset($in);
$in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT);
$keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT);
$repeat_on_day = array();
foreach ($in as $k => $v) {
array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnDay', 'event_repeat_on_day');
$tpl->assign('repeat_on_day', $repeat_on_day);
unset($in);
$in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR);
$keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR);
$repeat_on_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq');
if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) {
$event_repeat_on_freq = 1;
}
$tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq);
$tpl->assign('repeat_on_freq', $repeat_on_freq);
$tpl->assign('MonthsTitle', _PC_MONTHS);
//=================================================================
// PARSE INPUT_END_DATE
//=================================================================
$tpl->assign('InputEndOn', 'event_endtype');
$tpl->assign('ValueEndOn', '1');
$tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : '');
//=================================================================
// PARSE INPUT_NO_END
//=================================================================
$tpl->assign('InputNoEnd', 'event_endtype');
$tpl->assign('ValueNoEnd', '0');
$tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : '');
$qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']);
$tpl->assign('qstring', $qstring);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$authkey = $output->FormHidden('authid', pnSecGenAuthKey());
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />";
if (isset($data_loaded)) {
$form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />";
$tpl->assign('FormHidden', $form_hidden);
}
$form_submit = '<input type=hidden name="form_action" value="commit"/>
' . $authkey . '<input type="submit" name="submit" value="go">';
$tpl->assign('FormSubmit', $form_submit);
// do not cache this page
if ($admin) {
$output->Text($tpl->fetch($template_name . '/admin/submit.html'));
} elseif (pnVarCleanFromInput("no_nav") == 1) {
$output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html'));
} else {
$output->Text($tpl->fetch($template_name . '/user/submit.html'));
}
$output->Text(postcalendar_footer());
return $output->GetOutput();
}
/**
* PHP function to destroy a session
* @private
*/
function pnSessionDestroy($sessid)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "DELETE FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore($sessid) . "'";
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
return true;
}
function modules_admin_modify()
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$id = pnVarCleanFromInput('id');
$dbid = pnVarPrepForStore($id);
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
$query = "SELECT {$modulescolumn['name']},\n {$modulescolumn['displayname']},\n {$modulescolumn['description']}\n FROM {$modulestable}\n WHERE {$modulescolumn['id']} = {$dbid}";
$result = $dbconn->Execute($query);
if ($result->EOF) {
$output->Text(_ERRMODNOSUCHMODID);
return $output->GetOutput();
}
list($name, $displayname, $description) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Modules::', "{$name}::{$id}", ACCESS_ADMIN)) {
$output->Text(_MODULESEDITNOAUTH);
return $output->GetOutput();
}
// Start form
$output->FormStart(pnModURL('Modules', 'admin', 'update'));
$output->FormHidden('authid', pnSecGenAuthKey());
$output->FormHidden('id', $id);
// Name
$output->Text(_MODULESNEWNAME);
$output->Linebreak();
$output->FormText('newdisplayname', $displayname, 30, 30);
$output->Linebreak(2);
// Description
$output->Text(_MODULESNEWDESCRIPTION);
$output->Linebreak();
$output->FormText('newdescription', $description, 60, 254);
$output->Linebreak(2);
// Hooks
$hookstable = $pntable['hooks'];
$hookscolumn =& $pntable['hooks_column'];
$sql = "SELECT DISTINCT {$hookscolumn['smodule']},\n {$hookscolumn['tmodule']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} IS NULL\n OR {$hookscolumn['smodule']} = '" . pnVarPrepForStore($name) . "'\n ORDER BY {$hookscolumn['tmodule']},\n {$hookscolumn['smodule']} DESC";
$result = $dbconn->Execute($sql);
$displayed = array();
for (; !$result->EOF; $result->MoveNext()) {
list($smodname, $tmodname) = $result->fields;
// Only display once
if (isset($displayed[$tmodname])) {
continue;
}
$displayed[$tmodname] = true;
if (!empty($smodname)) {
$checked = 1;
} else {
$checked = 0;
}
$output->Text(_MODULESACTIVATE . ' ' . strtolower($tmodname) . ' ' . _MODULESFORTHIS);
$output->FormCheckbox('hooks_' . pnVarPrepForDisplay($tmodname), $checked);
$output->Linebreak(2);
}
$result->Close();
// End form
$output->FormSubmit(_COMMIT);
$output->FormEnd();
return $output->GetOutput();
}
/**
* Checks if user controlled block state
*
* Checks if the user has a state set for a current block
* Sets the default state for that block if not present
*
* @access private
*/
function pnCheckUserBlock($row)
{
if (!isset($row['bid'])) {
$row['bid'] = '';
}
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['userblocks_column'];
$sql = "SELECT {$column['active']}\n\t\t FROM {$pntable['userblocks']}\n\t\t WHERE {$column['bid']} = '" . pnVarPrepForStore($row['bid']) . "'\n\t\t\t AND {$column['uid']} = '" . pnVarPrepForStore($uid) . "'";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
if ($result->EOF) {
$uid = pnVarPrepForStore($uid);
$row['bid'] = pnVarPrepForStore($row['bid']);
$sql = "INSERT INTO {$pntable['userblocks']}\n\t\t\t \t\t ({$column['uid']},\n\t\t\t\t\t \t\t\t{$column['bid']},\n\t\t\t\t\t \t\t\t{$column['active']})\n\t\t\t\t\tVALUES (" . pnVarPrepForStore($uid) . ",\n\t\t\t\t\t '{$row['bid']}',\n\t\t\t\t\t\t\t" . pnVarPrepForStore($row['defaultstate']) . ")";
$result =& $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', 'Error: ' . $dbconn->ErrorNo() . ': ' . $dbconn->ErrorMsg());
return true;
}
return true;
} else {
list($active) = $result->fields;
return $active;
}
} else {
return false;
}
}
/**
* delete the contents of a user variable
* @access public
* @author Gregor J. Rothfuss
* @since 1.23 - 2002/02/01
* @param name the name of the variable
* @returns bool
* @return true on success, false on failure
*/
function pnUserDelVar($name)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$propertiestable = $pntable['user_property'];
$datatable = $pntable['user_data'];
$propcolumns =& $pntable['user_property_column'];
$datacolumns =& $pntable['user_data_column'];
// Prevent deletion of core fields (duh)
if (empty($name) || $name == 'uid' || $name == 'email' || $name == 'password' || $name == 'uname') {
return false;
}
$uid = pnSessionGetVar('uid');
if (empty($uid)) {
return false;
}
// get property id for cascading delete later
$query = "SELECT {$propcolumns['prop_id']} from {$propertiestable}\n WHERE {$propcolumns['prop_label']} = '" . pnVarPrepForStore($name) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($id) = $result->fields;
$query = "DELETE from {$propertiestable}\n WHERE {$propcolumns['prop_id']} = '" . pnVarPrepForStore($id) . "'";
$result = $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
// delete variable from user data for all users
$query = "DELETE from {$datatable}\n WHERE {$datacolumns['uda_propid']} = '" . pnVarPrepForStore($id) . "'";
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return false;
}
return true;
}
function Lenses_adminapi_update_lens($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $lens.
extract($args);
// Extract lens array.
extract($lens_data);
// Ensure valid values were passed in.
if (empty($tid) || !is_numeric($tid) || empty($name) || !is_string($name)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Check if lens exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $tid, 'item_type' => 'lens'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$lenses_table =& $pntable['lenses'];
$lenses_field =& $pntable['lenses_column'];
// NOTE: We need to take care of a few preliminaries
// before passing the data off to the database
// for storage. Specifically:
// 1) Get today's date - $updated
// Today's date.
$updated = date('Y-m-d');
// NOTE: There would typically be a list() of all variables here
// which would be prepped for db storage before being used
// in the $sql query below. This is not the case when the
// new lens is being inserted as this effectively adds apx
// 165 lines of code between here and the $sql query. The
// data is instead cleaned, still via pnVarPrepForStore(),
// as it would have been done here in a list(); the only
// difference here is that the data is cleaned AS the $sql
// query string is created, instead of BEFOREHAND.
// Create sql to insert lens.
$sql = "UPDATE {$lenses_table}\n SET {$lenses_field['name']} = '" . pnVarPrepForStore($name) . "',\n {$lenses_field['aliases']} = '" . pnVarPrepForStore($aliases) . "',\n {$lenses_field['comp_id']} = '" . pnVarPrepForStore($comp_id) . "',\n {$lenses_field['poly_id']} = '" . pnVarPrepForStore($poly_id) . "',\n {$lenses_field['visitint']} = '" . pnVarPrepForStore($visitint) . "',\n {$lenses_field['ew']} = '" . pnVarPrepForStore($ew) . "',\n {$lenses_field['ct']} = '" . pnVarPrepForStore($ct) . "',\n {$lenses_field['dk']} = '" . pnVarPrepForStore($dk) . "',\n {$lenses_field['oz']} = '" . pnVarPrepForStore($oz) . "',\n {$lenses_field['process_text']} = '" . pnVarPrepForStore($process_text) . "',\n {$lenses_field['process_simple']} = '" . pnVarPrepForStore($process_simple) . "',\n {$lenses_field['qty']} = '" . pnVarPrepForStore($qty) . "',\n {$lenses_field['replace_simple']} = '" . pnVarPrepForStore($replace_simple) . "',\n {$lenses_field['replace_text']} = '" . pnVarPrepForStore($replace_text) . "',\n {$lenses_field['wear']} = '" . pnVarPrepForStore($wear) . "',\n {$lenses_field['price']} = '" . pnVarPrepForStore($price) . "',\n {$lenses_field['markings']} = '" . pnVarPrepForStore($markings) . "',\n {$lenses_field['fitting_guide']} = '" . pnVarPrepForStore($fitting_guide) . "',\n {$lenses_field['website']} = '" . pnVarPrepForStore($website) . "',\n {$lenses_field['image']} = '" . pnVarPrepForStore($image) . "',\n {$lenses_field['other_info']} = '" . pnVarPrepForStore($other_info) . "',\n {$lenses_field['discontinued']} = '" . pnVarPrepForStore($discontinued) . "',\n {$lenses_field['display']} = '" . pnVarPrepForStore($display) . "',\n {$lenses_field['redirect']} = '" . pnVarPrepForStore($redirect) . "',\n {$lenses_field['bc_simple']} = '" . pnVarPrepForStore($bc_simple) . "',\n\t\t\t\t {$lenses_field['bc_all']} \t= '" . pnVarPrepForStore($bc_all) . "',\n {$lenses_field['max_plus']} = '" . pnVarPrepForStore($max_plus) . "',\n {$lenses_field['max_minus']} = '" . pnVarPrepForStore($max_minus) . "',\n {$lenses_field['max_diam']} = '" . pnVarPrepForStore($max_diam) . "',\n {$lenses_field['min_diam']} = '" . pnVarPrepForStore($min_diam) . "',\n {$lenses_field['diam_1']} = '" . pnVarPrepForStore($diam_1) . "',\n {$lenses_field['base_curves_1']} = '" . pnVarPrepForStore($base_curves_1) . "',\n {$lenses_field['powers_1']} = '" . pnVarPrepForStore($powers_1) . "',\n {$lenses_field['diam_2']} = '" . pnVarPrepForStore($diam_2) . "',\n {$lenses_field['base_curves_2']} = '" . pnVarPrepForStore($base_curves_2) . "',\n {$lenses_field['powers_2']} = '" . pnVarPrepForStore($powers_2) . "',\n {$lenses_field['diam_3']} = '" . pnVarPrepForStore($diam_3) . "',\n {$lenses_field['base_curves_3']} = '" . pnVarPrepForStore($base_curves_3) . "',\n {$lenses_field['powers_3']} = '" . pnVarPrepForStore($powers_3) . "',\n\t\t\t\t {$lenses_field['sph_notes']} = '" . pnVarPrepForStore($sph_notes) . "',\n \n {$lenses_field['toric']} = '" . pnVarPrepForStore($toric) . "',\n {$lenses_field['toric_type']} = '" . pnVarPrepForStore($toric_type) . "',\n {$lenses_field['toric_type_simple']} = '" . pnVarPrepForStore($toric_type_simple) . "',\n {$lenses_field['cyl_power']} = '" . pnVarPrepForStore($cyl_power) . "',\n {$lenses_field['max_cyl_power']} = '" . pnVarPrepForStore($max_cyl_power) . "',\n {$lenses_field['cyl_axis']} = '" . pnVarPrepForStore($cyl_axis) . "',\n {$lenses_field['cyl_axis_steps']} = '" . pnVarPrepForStore($cyl_axis_steps) . "',\n {$lenses_field['oblique']} = '" . pnVarPrepForStore($oblique) . "',\n\t\t\t\t {$lenses_field['cyl_notes']} = '" . pnVarPrepForStore($cyl_notes) . "',\n \n {$lenses_field['bifocal']} = '" . pnVarPrepForStore($bifocal) . "',\n {$lenses_field['bifocal_type']} = '" . pnVarPrepForStore($bifocal_type) . "',\n {$lenses_field['add_text']} = '" . pnVarPrepForStore($add_text) . "',\n {$lenses_field['max_add']} = '" . pnVarPrepForStore($max_add) . "',\n {$lenses_field['cosmetic']} = '" . pnVarPrepForStore($cosmetic) . "',\n {$lenses_field['enh_names']} = '" . pnVarPrepForStore($enh_names) . "',\n {$lenses_field['enh_names_simple']} = '" . pnVarPrepForStore($enh_names_simple) . "',\n {$lenses_field['opaque_names']} = '" . pnVarPrepForStore($opaque_names) . "',\n {$lenses_field['opaque_names_simple']} = '" . pnVarPrepForStore($opaque_names_simple) . "',\n {$lenses_field['updated']} = '" . date('Y-m-d') . "'\n WHERE {$lenses_field['tid']} = '" . (int) pnVarPrepForStore($tid) . "'\n ";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED . '<br />' . mysql_error());
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
/**
* Get a single item from the database.
*
* @param $object STRING required Table to select from: med, moa, chem, company or preserve
* @param $id INT required ID of item to select.
* @return An array of data for the single item retrieved.
*/
function Meds_userapi_get($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Meds::', '::', ACCESS_OVERVIEW)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Get argument. $object is synonymous with "use this table"
$object = $args['object'];
// Ensure that $object was passed in.
if (empty($object) || !is_string($object)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Since each table has a differently named id field,
// assign the field's id-name based on $object.
if ($object == 'med') {
$id_field = 'med_id';
}
if ($object == 'moa') {
$id_field = 'moa_id';
}
if ($object == 'company') {
$id_field = 'comp_id';
}
if ($object == 'preserve') {
$id_field = 'pres_id';
}
if ($object == 'chem') {
$id_field = 'chem_id';
}
// Only now is the id cleaned from the args array (because only
// now do we know what id field to use for this operation.
$id = $args[$id_field];
// Ensure that assigning the $id worked.
if (empty($id) || !is_numeric($id)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Prepping input for further use.
$object = (string) pnVarPrepForStore($object);
$id = (int) pnVarPrepForStore($id);
// Get database connection and tables references.
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Define which tables/columns to use, based on $object.
switch ($object) {
case 'med':
$table =& $pntable['rx_meds'];
$field =& $pntable['rx_meds_column'];
break;
case 'chem':
$table =& $pntable['rx_chem'];
$field =& $pntable['rx_chem_column'];
break;
case 'moa':
$table =& $pntable['rx_moa'];
$field =& $pntable['rx_moa_column'];
break;
case 'preserve':
$table =& $pntable['rx_preserve'];
$field =& $pntable['rx_preserve_column'];
break;
case 'company':
$table =& $pntable['rx_company'];
$field =& $pntable['rx_company_column'];
break;
default:
break;
}
// Create SQL to select $object from $table based on $id_field.
$sql = "SELECT * FROM {$table} WHERE {$field[$id_field]} = '{$id}'";
// Execute query.
$result = $dbconn->Execute($sql);
// Check for database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// Extract data from $result set, based on $object retrieved.
switch ($object) {
case 'med':
list($med_id, $trade, $comp_id, $medType1, $medType2, $preg, $schedule, $generic, $image1, $image2, $dose, $peds, $ped_text, $nurse, $pres_id1, $pres_id2, $comments, $rxInfo, $med_url, $updated, $display, $conc1, $chem_id1, $moa_id1, $conc2, $chem_id2, $moa_id2, $conc3, $chem_id3, $moa_id3, $conc4, $chem_id4, $moa_id4, $form1, $size1, $cost1, $form2, $size2, $cost2, $form3, $size3, $cost3, $form4, $size4, $cost4) = $result->fields;
$item = array('med_id' => $med_id, 'trade' => $trade, 'comp_id' => $comp_id, 'medType1' => $medType1, 'medType2' => $medType2, 'preg' => $preg, 'schedule' => $schedule, 'generic' => $generic, 'image1' => $image1, 'image2' => $image2, 'dose' => $dose, 'peds' => $peds, 'ped_text' => $ped_text, 'nurse' => $nurse, 'pres_id1' => $pres_id1, 'pres_id2' => $pres_id2, 'comments' => $comments, 'rxInfo' => $rxInfo, 'med_url' => $med_url, 'updated' => $updated, 'display' => $display, 'conc1' => $conc1, 'chem_id1' => $chem_id1, 'moa_id1' => $moa_id1, 'conc2' => $conc2, 'chem_id2' => $chem_id2, 'moa_id2' => $moa_id2, 'conc3' => $conc3, 'chem_id3' => $chem_id3, 'moa_id3' => $moa_id3, 'conc4' => $conc4, 'chem_id4' => $chem_id4, 'moa_id4' => $moa_id4, 'form1' => $form1, 'size1' => $size1, 'cost1' => $cost1, 'form2' => $form2, 'size2' => $size2, 'cost2' => $cost2, 'form3' => $form3, 'size3' => $size3, 'cost3' => $cost3, 'form4' => $form4, 'size4' => $size4, 'cost4' => $cost4);
break;
case 'chem':
list($chem_id, $name, $moa_id) = $result->fields;
$item = array('chem_id' => $chem_id, 'name' => $name, 'moa_id' => $moa_id);
break;
case 'moa':
list($moa_id, $name, $comments) = $result->fields;
$item = array('moa_id' => $moa_id, 'name' => $name, 'comments' => $comments);
break;
case 'preserve':
list($pres_id, $name, $comments) = $result->fields;
$item = array('pres_id' => $pres_id, 'name' => $name, 'comments' => $comments);
break;
case 'company':
list($comp_id, $name, $phone, $street, $city, $state, $zip, $email, $url, $comments) = $result->fields;
$item = array('comp_id' => $comp_id, 'name' => $name, 'phone' => $phone, 'street' => $street, 'city' => $city, 'state' => $state, 'zip' => $zip, 'email' => $email, 'url' => $url, 'comments' => $comments);
break;
default:
break;
}
// Close $result set.
$result->Close();
// Return retrieved item.
return $item;
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
if (!pnModAvailable('News')) {
return;
}
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = '';
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= ' AND (';
$start_flag = true;
}
if ($flag) {
$query .= ' OR ';
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ') ';
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= ' AND (';
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= ' OR ';
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != '') {
if (!$no_flag) {
$query .= ' AND (';
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= ' AND';
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = '1';
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author);
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= '&bool=' . pnVarPrepForDisplay($bool);
if (isset($q)) {
$url .= '&q=' . pnVarPrepForDisplay($q);
}
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>');
$output->Text('<dd>');
$output->Text(pnVarPrepForDisplay($row['fdate']) . ' (');
if (!empty($row['topicid'])) {
$output->Text($row['topictext']);
}
if (!empty($row['catid'])) {
$output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title']));
}
$output->Text(')</dd>');
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_STORIES_TOPICS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* postcalendar_userapi_pcQueryEvents
* INPUT
* $args = Array of values possibly containing:
* $provider_id = array of provider ID numbers
*
* Returns an array containing the event's information
* @params array(key=>value)
* @params string key eventstatus
* @params int value -1 == hidden ; 0 == queued ; 1 == approved
* @return array $events[][]
*/
function &postcalendar_userapi_pcQueryEvents($args)
{
$end = '0000-00-00';
extract($args);
// echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging
// $pc_username = pnVarCleanFromInput('pc_username');
$pc_username = $_SESSION['pc_username'];
// from Michael Brinson 2006-09-19
if (empty($pc_username) || is_array($pc_username)) {
$pc_username = "******";
}
//echo "DEBUG pc_username: $pc_username \n"; // debugging
$topic = pnVarCleanFromInput('pc_topic');
$category = pnVarCleanFromInput('pc_category');
if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') {
if ($pc_username == '__PC_ALL__' || $pc_username == -1) {
$ruserid = -1;
} else {
$ruserid = getIDfromUser($pc_username);
}
}
if (!isset($eventstatus)) {
$eventstatus = 1;
}
// sanity check on eventstatus
if ((int) $eventstatus < -1 || (int) $eventstatus > 1) {
$eventstatus = 1;
}
if (!isset($start)) {
$start = Date_Calc::dateNow('%Y-%m-%d');
}
list($sy, $sm, $sd) = explode('-', $start);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// link to the events tables
$table = $pntable['postcalendar_events'];
$cattable = $pntable['postcalendar_categories'];
$topictable = $pntable['postcalendar_topics'];
$sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) ";
//==================================
//FACILITY FILTERING (lemonsoftware)(CHEMED)
if ($_SESSION['pc_facility']) {
$pc_facility = $_SESSION['pc_facility'];
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*
AND u.facility_id = $pc_facility
AND u2.facility_id = $pc_facility "; */
} else {
if ($pc_facility) {
// pc_facility could be provided in the search arguments -- JRM March 2008
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*.
" AND u.facility_id = $pc_facility".
" AND u2.facility_id = $pc_facility "; */
}
}
//EOS FACILITY FILTERING (lemonsoftware)
//==================================
// The above 3 lines replaced these:
// AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00')
// AND a.pc_eventDate <= '$end' ";
if (!empty($providerID)) {
$ruserid = $providerID;
}
// eliminate ruserid if we're trying to query by provider_id -- JRM
if (!empty($provider_id)) {
unset($ruserid);
}
if (isset($ruserid)) {
// get all events for the specified username
if ($ruserid == -1) {
$sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' ";
$sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') ";
} else {
$sql .= "AND a.pc_aid IN (0, " . $ruserid . ") ";
}
} elseif (!pnUserLoggedIn()) {
// get all events for anonymous users
$sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' ";
} elseif (!empty($provider_id)) {
// get all events for a variety of provider IDs -- JRM
if ($provider_id[0] != "_ALL_") {
/**add all the events from the clinic provider id = 0*/
$sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") ";
}
} else {
// get all events for logged in user plus global events
$sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') ";
}
//======================================================================
// START SEARCH FUNCTIONALITY
//======================================================================
if (!empty($s_keywords)) {
$sql .= "AND ({$s_keywords}) ";
}
if (!empty($s_category)) {
$sql .= "AND ({$s_category}) ";
}
if (!empty($s_topic)) {
$sql .= "AND ({$s_topic}) ";
}
if (!empty($category)) {
$sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') ";
}
if (!empty($topic)) {
$sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') ";
}
//======================================================================
// Search sort and limitation
//======================================================================
if (empty($sort)) {
$sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC";
} else {
$sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}";
}
//======================================================================
// END SEARCH FUNCTIONALITY
//======================================================================
//echo "<br>sq: $sql<br />";
// echo "<!-- " . $sql . " -->\n"; // debugging
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die($dbconn->ErrorMsg());
}
// put the information into an array for easy access
$events = array();
// return an empty array if we don't have any results
if (!isset($result)) {
return $events;
}
for ($i = 0; !$result->EOF; $result->MoveNext()) {
// WHY are we using an array for intermediate storage??? -- Rod
// get the results from the query
if (isset($tmp)) {
unset($tmp);
}
$tmp = array();
list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields;
// grab the name of the topic
$topicname = pcGetTopicName($tmp['topic']);
// get the user id of event's author
$cuserid = @$nuke_users[strtolower($tmp['uname'])];
// check the current event's permissions
// the user does not have permission to view this event
// if any of the following evaluate as false
if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) {
continue;
} elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) {
continue;
}
// add event to the array if we passed the permissions check
// this is the common information
$events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval'];
//sets the number of rows this event should span
$events[$i]['eid'] = $tmp['eid'];
$events[$i]['uname'] = $tmp['uname'];
$events[$i]['uid'] = $cuserid;
$events[$i]['catid'] = $tmp['catid'];
$events[$i]['time'] = $tmp['time'];
$events[$i]['eventDate'] = $tmp['eventDate'];
$events[$i]['duration'] = $tmp['duration'];
// there has to be a more intelligent way to do this
@(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60));
$events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2);
//''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
$events[$i]['endDate'] = $tmp['endDate'];
$events[$i]['startTime'] = $tmp['startTime'];
$events[$i]['recurrtype'] = $tmp['recurrtype'];
$events[$i]['recurrfreq'] = $tmp['recurrfreq'];
$events[$i]['recurrspec'] = $tmp['recurrspec'];
$events[$i]['topic'] = $tmp['topic'];
$events[$i]['alldayevent'] = $tmp['alldayevent'];
$events[$i]['catcolor'] = $tmp['catcolor'];
// Modified 06-2009 by BM to translate the category if applicable
$events[$i]['catname'] = xl_appt_category($tmp['catname']);
$events[$i]['catdesc'] = $tmp['catdesc'];
$events[$i]['pid'] = $tmp['pid'];
$events[$i]['apptstatus'] = $tmp['apptstatus'];
$events[$i]['pubpid'] = $tmp['pubpid'];
$events[$i]['patient_name'] = $tmp['patient_name'];
$events[$i]['provider_name'] = $tmp['provider_name'];
$events[$i]['owner_name'] = $tmp['owner_name'];
$events[$i]['patient_dob'] = $tmp['patient_dob'];
$events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']);
$events[$i]['facility'] = getFacility($tmp['facility']);
$events[$i]['sharing'] = $tmp['sharing'];
$events[$i]['prefcatid'] = $tmp['prefcatid'];
$events[$i]['aid'] = $tmp['aid'];
$events[$i]['topictext'] = $topicname;
$events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']);
if ($events[$i]['intervals'] == 0) {
$events[$i]['intervals'] = 1;
}
// is this a public event to be shown as busy?
if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) {
// make it not display any information
$events[$i]['title'] = _USER_BUSY_TITLE;
$events[$i]['hometext'] = _USER_BUSY_MESSAGE;
$events[$i]['desc'] = _USER_BUSY_MESSAGE;
$events[$i]['conttel'] = '';
$events[$i]['contname'] = '';
$events[$i]['contemail'] = '';
$events[$i]['website'] = '';
$events[$i]['fee'] = '';
$events[$i]['location'] = '';
$events[$i]['street1'] = '';
$events[$i]['street2'] = '';
$events[$i]['city'] = '';
$events[$i]['state'] = '';
$events[$i]['postal'] = '';
} else {
$display_type = substr($tmp['hometext'], 0, 6);
if ($display_type == ':text:') {
$prepFunction = 'pcVarPrepForDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} elseif ($display_type == ':html:') {
$prepFunction = 'pcVarPrepHTMLDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} else {
$prepFunction = 'pcVarPrepHTMLDisplay';
}
unset($display_type);
$events[$i]['title'] = $prepFunction($tmp['title']);
$events[$i]['hometext'] = $prepFunction($tmp['hometext']);
$events[$i]['desc'] = $events[$i]['hometext'];
$events[$i]['conttel'] = $prepFunction($tmp['conttel']);
$events[$i]['contname'] = $prepFunction($tmp['contname']);
$events[$i]['contemail'] = $prepFunction($tmp['contemail']);
$events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website']));
$events[$i]['fee'] = $prepFunction($tmp['fee']);
$loc = unserialize($tmp['location']);
$events[$i]['location'] = $prepFunction($loc['event_location']);
$events[$i]['street1'] = $prepFunction($loc['event_street1']);
$events[$i]['street2'] = $prepFunction($loc['event_street2']);
$events[$i]['city'] = $prepFunction($loc['event_city']);
$events[$i]['state'] = $prepFunction($loc['event_state']);
$events[$i]['postal'] = $prepFunction($loc['event_postal']);
}
$i++;
}
unset($tmp);
$result->Close();
return $events;
}
function Lenses_adminapi_update_polymer($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $polymer.
extract($args);
// Extract polymer array.
extract($polymer);
// Ensure valid values were passed in.
if (empty($poly_tid) || !is_numeric($poly_tid) || empty($fda_grp) || !is_numeric($fda_grp) || empty($h2o) || !is_string($h2o) || empty($poly_name) || !is_string($poly_name) || empty($poly_desc) || !is_string($poly_desc)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// NOTE: No check for alt field as it can be empty.
// Check if polymer exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $poly_tid, 'item_type' => 'polymer'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$polymers_table =& $pntable['lenses_polymers'];
$polymers_field =& $pntable['lenses_polymers_column'];
// Prep data for storage in database.
list($poly_tid, $fda_grp, $h2o, $name, $poly_desc) = pnVarPrepForStore($poly_tid, $fda_grp, $h2o, $name, $poly_desc);
// Create SQL string to update the polymer record.
$sql = "UPDATE {$polymers_table}\n SET {$polymers_field['fda_grp']} \t\t= '{$fda_grp}',\n {$polymers_field['h2o']} \t\t= '{$h2o}',\n {$polymers_field['poly_name']} \t= '{$poly_name}',\n {$polymers_field['poly_desc']} \t= '{$poly_desc}'\n WHERE {$polymers_field['poly_tid']} \t= '{$poly_tid}'";
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED);
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
}
// get any filters
$topicid = pnVarCleanFromInput('topicid');
$catid = pnVarCleanFromInput('catid');
// Base query
$storiescolumn = $pntable['stories_column'];
$storiescatcolumn = $pntable['stories_cat_column'];
$topicscolumn = $pntable['topics_column'];
$query = "SELECT {$storiescolumn['aid']} AS \"aid\",\n {$storiescolumn['catid']} AS \"cid\",\n {$storiescatcolumn['title']} AS \"cattitle\",\n {$storiescolumn['sid']} AS \"sid\",\n {$topicscolumn['topicid']} AS \"tid\",\n {$storiescolumn['title']} AS \"title\",\n {$topicscolumn['topicname']} AS \"topicname\",\n {$topicscolumn['topictext']} AS \"topictext\",\n\t\t\t\t {$storiescolumn['hometext']} AS \"hometext\",\n\t\t\t\t {$storiescolumn['time']} AS \"time\"\n FROM \t {$pntable['stories']}";
$query .= " LEFT JOIN {$pntable['stories_cat']} ON {$storiescolumn['catid']} = {$storiescatcolumn['catid']}\n\t\t\tLEFT JOIN {$pntable['topics']} ON {$storiescolumn['topic']} = {$topicscolumn['topicid']}";
$query .= " WHERE {$storiescolumn['ihome']} = 0 AND ({$storiescolumn['language']} = '" . pnVarPrepForStore($lang) . "' OR {$storiescolumn['language']} = '') ";
if (isset($topicid) && is_numeric($topicid)) {
$query .= " AND {$storiescolumn['topic']} = '" . pnVarPrepForStore($topicid) . "'";
}
if (isset($catid) && is_numeric($catid)) {
$query .= " AND {$storiescolumn['catid']} = '" . pnVarPrepForStore($catid) . "'";
}
$query .= " ORDER BY {$storiescolumn['time']} DESC";
// with permissions in mind we can't use $headline_limit but restricting to 99 should be ok
$result =& $dbconn->SelectLimit($query, 99);
//$result =& $dbconn->Execute($query);
// Error checking
if ($dbconn->ErrorNo() != 0) {
return false;
}
// start capture of dynamic output
while ((list($aid, $cid, $cattitle, $sid, $tid, $title, $topicname, $topictext, $hometext, $time) = $result->FetchRow()) && $shown_results < $headline_limit) {
if (empty($mostrecentdate)) {
$mostrecentdate = $time;
}
$title = pnVarPrepForDisplay($title);
/**
* carry out hook operations for module
* @param hookobject the object the hook is called for - either 'item' or 'category'
* @param hookaction the action the hook is called for - one of 'create', 'delete', 'transform', or 'display'
* @param hookid the id of the object the hook is called for (module-specific)
* @param extrainfo extra information for the hook, dependent on hookaction
* @returns string
* @return output from hooks
*/
function pnModCallHooks($hookobject, $hookaction, $hookid, $extrainfo)
{
// Get database info
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$hookstable = $pntable['hooks'];
$hookscolumn =& $pntable['hooks_column'];
// Get applicable hooks
$sql = "SELECT {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} = '" . pnVarPrepForStore(pnModGetName()) . "'\n AND {$hookscolumn['object']} = '" . pnVarPrepForStore($hookobject) . "'\n AND {$hookscolumn['action']} = '" . pnVarPrepForStore($hookaction) . "'";
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return null;
}
$output = '';
// Call each hook
for (; !$result->EOF; $result->MoveNext()) {
list($hookarea, $hookmodule, $hooktype, $hookfunc) = $result->fields;
if ($hookarea == 'GUI') {
if (pnModAvailable($hookmodule, $hooktype) && pnModLoad($hookmodule, $hooktype)) {
$output .= pnModFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo));
}
} else {
if (pnModAvailable($hookmodule, $hooktype) && pnModAPILoad($hookmodule, $hooktype)) {
$extrainfo = pnModAPIFunc($hookmodule, $hooktype, $hookfunc, array('objectid' => $hookid, 'extrainfo' => $extrainfo));
}
}
}
if ($hookaction == 'display') {
return $output;
} else {
return $extrainfo;
}
}
/**
* get authorisation information for this user
*
* @public
* @return array two element array of user and group permissions
*/
function pnSecGetAuthInfo()
{
// Load the groups db info
pnModDBInfoLoad('Groups');
pnModDBInfoLoad('Permissions');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Tables we use
$userpermtable = $pntable['user_perms'];
$userpermcolumn =& $pntable['user_perms_column'];
$groupmembershiptable = $pntable['group_membership'];
$groupmembershipcolumn =& $pntable['group_membership_column'];
$grouppermtable = $pntable['group_perms'];
$grouppermcolumn =& $pntable['group_perms_column'];
$realmtable = $pntable['realms'];
$realmcolumn =& $pntable['realms_column'];
// Empty arrays
$userperms = array();
$groupperms = array();
$uids[] = -1;
// Get user ID
if (!pnUserLoggedIn()) {
// Unregistered UID
$uids[] = 0;
$vars['Active User'] = '******';
} else {
$uids[] = pnUserGetVar('uid');
$vars['Active User'] = pnUserGetVar('uid');
}
$uids = implode(",", $uids);
// Get user permissions
$query = "SELECT {$userpermcolumn['realm']},\n {$userpermcolumn['component']},\n {$userpermcolumn['instance']},\n {$userpermcolumn['level']}\n FROM {$userpermtable}\n WHERE {$userpermcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")\n ORDER by {$userpermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
$userperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// Get all groups that user is in
$query = "SELECT {$groupmembershipcolumn['gid']}\n FROM {$groupmembershiptable}\n WHERE {$groupmembershipcolumn['uid']} IN (" . pnVarPrepForStore($uids) . ")";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
$usergroups[] = -1;
if (!pnUserLoggedIn()) {
// Unregistered GID
$usergroups[] = 0;
}
while (list($gid) = $result->fields) {
$result->MoveNext();
$usergroups[] = $gid;
}
$usergroups = implode(",", $usergroups);
// Get all group permissions
$query = "SELECT {$grouppermcolumn['realm']},\n {$grouppermcolumn['component']},\n {$grouppermcolumn['instance']},\n {$grouppermcolumn['level']}\n FROM {$grouppermtable}\n WHERE {$grouppermcolumn['gid']} IN (" . pnVarPrepForStore($usergroups) . ")\n ORDER by {$grouppermcolumn['sequence']}";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return array($userperms, $groupperms);
}
while (list($realm, $component, $instance, $level) = $result->fields) {
$result->MoveNext();
//itevo
$component = fixsecuritystring($component);
$instance = fixsecuritystring($instance);
// Search/replace of special names
preg_match_all("/<([^>]+)>/", $instance, $res);
for ($i = 0; $i < count($res[1]); $i++) {
$instance = preg_replace("/<([^>]+)>/", $vars[$res[1][$i]], $instance, 1);
}
$groupperms[] = array('realm' => $realm, 'component' => $component, 'instance' => $instance, 'level' => $level);
}
// we've now got the permissions info
$GLOBALS['authinfogathered'] = 1;
return array($userperms, $groupperms);
}
function Lenses_adminapi_update_company($args)
{
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULENOAUTH);
return false;
}
// Extract arguments. In this case, $company.
extract($args);
// Extract company array.
extract($company);
// Ensure valid values were passed in.
if (empty($comp_tid) || !is_numeric($comp_tid) || empty($comp_name) || !is_string($comp_name)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// NOTE: No check for other fields as they are not required.
// Check if company exists.
if (!pnModAPIFunc('Lenses', 'user', 'get', array('item_id' => $comp_tid, 'item_type' => 'company'))) {
pnSessionSetVar('errormsg', _NOSUCHITEM);
return false;
}
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
// Define table and column to work with.
$companies_table =& $pntable['lenses_companies'];
$companies_field =& $pntable['lenses_companies_column'];
// Prep data for storage in database.
list($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc) = pnVarPrepForStore($comp_tid, $comp_name, $logo, $phone, $address, $city, $state, $zip, $url, $email, $comp_desc);
// Create SQL string to update the company record.
$sql = "UPDATE {$companies_table}\n SET {$companies_field['comp_name']} = '{$comp_name}',\n\t\t\t\t\t{$companies_field['logo']} \t = '{$logo}',\n {$companies_field['phone']} \t= '{$phone}',\n {$companies_field['address']} \t\t= '{$address}',\n {$companies_field['city']} \t= '{$city}',\n {$companies_field['state']} \t= '{$state}',\n {$companies_field['zip']} \t= '{$zip}',\n {$companies_field['url']} \t= '{$url}',\n {$companies_field['email']} \t= '{$email}',\n {$companies_field['comp_desc']} = '{$comp_desc}'\n WHERE {$companies_field['comp_tid']} = '{$comp_tid}'";
//echo($sql);
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _UPDATEFAILED);
return false;
}
// Start a new output object.
// This function isn't an output function, but needs an output
// object started before the cache can be cleared.
$pnRender =& new pnRender('Lenses');
// Clear the cache.
$pnRender->clear_cache();
// Return success.
return true;
}
function httpreferer()
{
global $HTTP_SERVER_VARS;
/***
* Here we set up some variables for the rest of the script.
* if you want to see whats going on, set $DEBUG to 1
* I use $HTTP_HOST here because i dont want to deal with the need to have
* to see if $nuke_url is set correctly and whatnot. if you prefer to use
* $nuke_url isntead of HTTP_HOST, just uncomment the appropriate lines.
*/
$DEBUG = 0;
$HTTP_REFERER = getenv('HTTP_REFERER');
$HTTP_HOST = getenv('HTTP_HOST');
// nkame: PWS/IIS doesn't put those variables in the environment
if (empty($HTTP_HOST)) {
$HTTP_HOST = 'http://' . $HTTP_SERVER_VARS['HTTP_HOST'];
$HTTP_REFERER = $HTTP_SERVER_VARS['HTTP_REFERER'];
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if ($DEBUG == 1) {
echo "HTTP_HOST = " . $HTTP_HOST . "<br> HTTP_REFERER = " . $HTTP_REFERER . "<br>";
}
/***
* This is the first thing we need to check. what this does is see if
* HTTP_HOST is anywhere in HTTP_REFERER. This is so we dont log hits coming
* from our own domain.
*/
if (!ereg("{$HTTP_HOST}", $HTTP_REFERER)) {
/***
* If $HTTP_REFERER is not set, set $HTTP_REFERER to value "bookmark"
* This is to show how many people have this bookmarked or type in the
* URL into the browser. also so we dont have empty referers.
*/
if ($HTTP_REFERER == "") {
$HTTP_REFERER = "bookmark";
}
// grab a reference to our table column defs for easier reading below
$column =& $pntable['referer_column'];
/***
* Lets select from the table where we have $HTTP_REFERER (whether it be
* a valid referer or 'bookmark'. if we return 1 row, that means someones
* used this referer before and update the set appropriatly.
*
* If we dont have any rows (it returns 0), we have a new entry in the
* table, update accordingly.
*
* After we figure out what SQL statement we are using, lets perform the
* query and we're done !
*/
$check_sql = "SELECT count({$column['rid']}) as c \n FROM {$pntable['referer']} \n WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
$result = $dbconn->Execute($check_sql);
if ($result === false) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
}
$row = $result->fields;
$count = $row[0];
if ($count == 1) {
$update_sql = "UPDATE {$pntable['referer']}\n SET {$column['frequency']} = {$column['frequency']} + 1\n WHERE {$column['url']} = '" . $HTTP_REFERER . "'";
} else {
/***
* "auto-increment" isn't portable so we have to use the standard
* interface for grabbing sequence numbers. The underlying
* implementation handles the correct method for the RDBMS we are
* using.
*/
$rid = $dbconn->GenId($pntable['referer'], true);
$update_sql = "INSERT INTO {$pntable['referer']}\n ({$column['rid']},\n {$column['url']},\n {$column['frequency']})\n VALUES\n (" . pnVarPrepForStore($rid) . ",\n '" . pnVarPrepForStore($HTTP_REFERER) . "',\n 1)";
}
$result = $dbconn->Execute($update_sql);
if ($result === false) {
error_log("error in referer.php, " . __LINE__ . ", sql='{$update_sql}'");
PN_DBMsgError($dbconn, __FILE__, __LINE__, "Error accesing to the database");
}
if ($DEBUG == 1) {
echo "<br>" . $check_sql . "<br>" . $update_sql . "<br>";
}
}
}
function postcalendar_adminapi_addCategoryLimit($args)
{
extract($args);
if (!isset($catid)) {
return false;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$catid = pnVarPrepForStore($catid);
$starttime = pnVarPrepForStore($starttime);
$endtime = pnVarPrepForStore($endtime);
$limit = pnVarPrepForStore($limit);
$sql = "INSERT INTO {$pntable['postcalendar_limits']} \n (pc_limitid,pc_catid,pc_starttime,pc_endtime,\n pc_limit)\n VALUES ('','{$catid}','{$starttime}',\n '{$endtime}','{$limit}')";
$result = $dbconn->Execute($sql);
if ($result === false) {
print $dbconn->ErrorMsg();
return false;
}
return true;
}
/**
* Get the uid of a user from the username
*
* @access public
* @author Michael Halbrook
* @since 1.9 - 19/04/2004
* @param uname $ the username
* @return mixed userid if found, false if not, void upon error
*/
function pnUserGetIDFromName($uname)
{
$uname = isset($uname) ? $uname : '';
if (!pnVarValidate($uname, 'uname')) {
return false;
}
static $uid = array();
if (isset($uid[$uname])) {
return $uid[$uname];
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$userstable = $pntable['users'];
$userscolumn =& $pntable['users_column'];
$query = "SELECT {$userscolumn['uid']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result =& $dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
return;
}
if ($result->EOF) {
$uid[$uname] = false;
return false;
}
list($uid[$uname]) = $result->fields;
$result->Close();
return $uid[$uname];
}
/**
* update a template item
* @param $args['tid'] the ID of the item
* @param $args['name'] the new name of the item
* @param $args['number'] the new number of the item
*/
function template_adminapi_update($args)
{
// Get arguments from argument array - all arguments to this function
// should be obtained from the $args array, getting them from other
// places such as the environment is not allowed, as that makes
// assumptions that will not hold in future versions of PostNuke
extract($args);
// Argument check - make sure that all required arguments are present,
// if not then set an appropriate error message and return
if (!isset($tid) || !isset($name) || !isset($number)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Load API. Note that this is loading the user API in addition to
// the administration API, that is because the user API contains
// the function to obtain item information which is the first thing
// that we need to do. If the API fails to load an appropriate error
// message is posted and the function returns
if (!pnModAPILoad('Template', 'user')) {
$output->Text(_LOADFAILED);
return $output->GetOutput();
}
// The user API function is called. This takes the item ID which
// we obtained from the input and gets us the information on the
// appropriate item. If the item does not exist we post an appropriate
// message and return
$item = pnModAPIFunc('Template', 'user', 'get', array('tid' => $tid));
if ($item == false) {
$output->Text(_TEMPLATENOSUCHITEM);
return $output->GetOutput();
}
// Security check - important to do this as early on as possible to
// avoid potential security holes or just too much wasted processing.
// However, in this case we had to wait until we could obtain the item
// name to complete the instance information so this is the first
// chance we get to do the check
// Note that at this stage we have two sets of item information, the
// pre-modification and the post-modification. We need to check against
// both of these to ensure that whoever is doing the modification has
// suitable permissions to edit the item otherwise people can potentially
// edit areas to which they do not have suitable access
if (!pnSecAuthAction(0, 'Template::Item', "{$item['name']}::{$tid}", ACCESS_EDIT)) {
pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
return false;
}
if (!pnSecAuthAction(0, 'Template::Item', "{$name}::{$tid}", ACCESS_EDIT)) {
pnSessionSetVar('errormsg', _TEMPLATENOAUTH);
return false;
}
// Get datbase setup - note that both pnDBGetConn() and pnDBGetTables()
// return arrays but we handle them differently. For pnDBGetConn()
// we currently just want the first item, which is the official
// database handle. For pnDBGetTables() we want to keep the entire
// tables array together for easy reference later on
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// It's good practice to name the table and column definitions you
// are getting - $table and $column don't cut it in more complex
// modules
$templatetable = $pntable['template'];
$templatecolumn =& $pntable['template_column'];
// Update the item - the formatting here is not mandatory, but it does
// make the SQL statement relatively easy to read. Also, separating
// out the sql statement from the Execute() command allows for simpler
// debug operation if it is ever needed
$sql = "UPDATE {$templatetable}\n SET {$templatecolumn['name']} = '" . pnVarPrepForStore($name) . "',\n {$templatecolumn['number']} = '" . pnVarPrepForStore($number) . "'\n WHERE {$templatecolumn['tid']} = '" . pnVarPrepForStore($tid) . "'";
$dbconn->Execute($sql);
// Check for an error with the database code, and if so set an
// appropriate error message and return
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _DELETEFAILED);
return false;
}
// Let the calling process know that we have finished successfully
return true;
}
