function sanitizeParams(array $lobjParams)
{
$lobjFinalParams = array();
foreach ($lobjParams as $lstrKey => $lstrValue) {
switch (strtolower($lstrKey)) {
case 'department':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed, 'integer');
}
$lobjFinalParams['department'] = $lobjSplit;
break;
case 'email':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed);
}
$lobjFinalParams['email'] = $lobjSplit;
break;
case 'max':
$lstrValue = scrubData($lstrValue, 'integer');
$lobjFinalParams['max'] = $lstrValue;
break;
}
}
return $lobjFinalParams;
}
/**
* TalkbackWebService::sanitizeParams() - goes through passed array parameter
* and sanitizes elements that are valid url parameters
*
* @param array $lobjParams
* @return array
*/
function sanitizeParams(array $lobjParams)
{
$lobjFinalParams = array();
foreach ($lobjParams as $lstrKey => $lstrValue) {
switch (strtolower($lstrKey)) {
case 'tag':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed);
}
$lobjFinalParams['tag'] = $lobjSplit;
break;
case 'startdate':
$lstrValue = $lstrValue . ' 00:00:00';
$lobjFinalParams['startdate'] = $lstrValue;
break;
case 'enddate':
$lstrValue = $lstrValue . ' 23:59:59';
$lobjFinalParams['enddate'] = $lstrValue;
break;
case 'max':
$lstrValue = scrubData($lstrValue, 'integer');
$lobjFinalParams['max'] = $lstrValue;
break;
}
}
return $lobjFinalParams;
}
public function saveTabOrder($data)
{
if (isset($data)) {
$db = $this->db;
parse_str($data['data'], $str);
$tabs = $str['item'];
foreach ($tabs as $key => $value) {
$q = "UPDATE tab SET tab_index =" . $db->quote(scrubData($key)) . " WHERE tab_id = " . $value;
$db->exec($q);
}
}
}
function __construct()
{
// Put in a filler email domain to be overwritten later after user provides one
$lstrEmailDomain = '@sp.edu';
//set random password and convert to md5 hash to store in database
$this->setRandomPassword();
$lstrHashPassword = md5(scrubData($this->lstrRandomPassword));
//all the table creation queries
$this->lobjCreateQueries = array("SET SQL_MODE=\"NO_AUTO_VALUE_ON_ZERO\"", "CREATE TABLE `user_type` (\n\t\t\t\t\t `user_type_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `user_type` varchar(100) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`user_type_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `uml_refstats_location` (\n\t\t\t\t\t `location_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `label` varchar(100) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`location_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `uml_refstats_type` (\n\t\t\t\t\t `type_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `label` varchar(100) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`type_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `video` (\n\t\t\t\t\t `video_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `title` varchar(255) NOT NULL,\n\t\t\t\t\t `description` text,\n\t\t\t\t\t `source` varchar(255) NOT NULL,\n\t\t\t\t\t `foreign_id` varchar(255) NOT NULL,\n\t\t\t\t\t `duration` varchar(50) DEFAULT NULL,\n\t\t\t\t\t `date` date NOT NULL,\n\t\t\t\t\t `display` int(1) NOT NULL DEFAULT '0',\n\t\t\t\t\t `vtags` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`video_id`),\n\t\t\t\t\t KEY `INDEXSEARCH` (`title`,`description`(200))\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `chchchanges` (\n\t\t\t\t\t `chchchanges_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `staff_id` int(11) NOT NULL,\n\t\t\t\t\t `ourtable` varchar(50) CHARACTER SET latin1 NOT NULL,\n\t\t\t\t\t `record_id` int(11) NOT NULL,\n\t\t\t\t\t `record_title` varchar(255) CHARACTER SET latin1 DEFAULT NULL,\n\t\t\t\t\t `message` varchar(255) CHARACTER SET latin1 DEFAULT NULL,\n\t\t\t\t\t `date_added` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t\t\t PRIMARY KEY (`chchchanges_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `discipline` (\n\t\t\t\t\t `discipline_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `discipline` varchar(100) CHARACTER SET latin1 NOT NULL,\n\t\t\t\t\t `sort` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`discipline_id`),\n\t\t\t\t\t UNIQUE KEY `discipline` (`discipline`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='added v2'", "CREATE TABLE `faqpage` (\n\t\t\t\t\t `faqpage_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `name` varchar(255) NOT NULL,\n\t\t\t\t\t `description` text NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`faqpage_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `source` (\n\t\t\t\t\t `source_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `source` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `rs` int(10) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`source_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `department` (\n\t\t\t\t\t `department_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `name` varchar(100) NOT NULL DEFAULT '',\n\t\t\t\t\t `department_sort` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t `telephone` varchar(20) NOT NULL DEFAULT '0',\n\t\t\t\t\t `email` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `url` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`department_id`),\n\t\t\t\t\t KEY `INDEXSEARCHdepart` (`name`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `subject` (\n\t\t\t\t\t `subject_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `subject` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `active` int(1) NOT NULL DEFAULT '0',\n\t\t\t\t\t `shortform` varchar(50) NOT NULL DEFAULT '0',\n\t\t\t\t\t `redirect_url` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `header` varchar(45) DEFAULT NULL,\n\t\t\t\t\t `description` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `keywords` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `type` varchar(20) DEFAULT NULL,\n\t\t\t\t\t `last_modified` timestamp NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t\t\t `background_link` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `extra` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`subject_id`),\n\t\t\t\t\t KEY `INDEXSEARCHsubject` (`subject`,`shortform`,`description`,`keywords`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `pluslet` (\n\t\t\t\t\t `pluslet_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `title` varchar(100) NOT NULL DEFAULT '',\n\t\t\t\t\t `body` longtext NOT NULL,\n\t\t\t\t\t `local_file` varchar(100) DEFAULT NULL,\n\t\t\t\t\t `clone` int(1) NOT NULL DEFAULT '0',\n\t\t\t\t\t `type` varchar(50) DEFAULT NULL,\n\t\t\t\t\t `extra` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `hide_titlebar` int(1) NOT NULL DEFAULT '0',\n\t\t\t\t\t `collapse_body` int(1) NOT NULL DEFAULT '0',\n\t\t\t\t\t `titlebar_styling` varchar(100) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`pluslet_id`),\n\t\t\t\t\t KEY `INDEXSEARCHpluslet` (`body`(200))\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `uml_refstats` (\n\t\t\t\t\t `refstats_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `type_id` int(11) NOT NULL,\n\t\t\t\t\t `location_id` int(11) NOT NULL,\n\t\t\t\t\t `mode_id` int(11) NOT NULL,\n\t\t\t\t\t `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t\t\t `note` varchar(1000) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`refstats_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `format` (\n\t\t\t\t\t `format_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `format` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`format_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `faq` (\n\t\t\t\t\t `faq_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `question` varchar(255) NOT NULL,\n\t\t\t\t\t `answer` text NOT NULL,\n\t\t\t\t\t `keywords` varchar(255) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`faq_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `restrictions` (\n\t\t\t\t\t `restrictions_id` int(10) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `restrictions` text,\n\t\t\t\t\t PRIMARY KEY (`restrictions_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `title` (\n\t\t\t\t\t `title_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `title` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `alternate_title` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `description` text,\n\t\t\t\t\t `pre` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `last_modified_by` varchar(50) DEFAULT NULL,\n\t\t\t\t\t `last_modified` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP,\n\t\t\t\t\t PRIMARY KEY (`title_id`),\n\t\t\t\t\t KEY `INDEXSEARCHtitle` (`title`,`alternate_title`,`description`(200))\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `uml_refstats_mode` (\n\t\t\t\t\t `mode_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `label` varchar(100) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`mode_id`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `rank` (\n\t\t\t\t\t `rank_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `rank` int(10) NOT NULL DEFAULT '0',\n\t\t\t\t\t `subject_id` bigint(20) DEFAULT NULL,\n\t\t\t\t\t `title_id` bigint(20) DEFAULT NULL,\n\t\t\t\t\t `source_id` bigint(20) DEFAULT NULL,\n\t\t\t\t\t `description_override` text,\n\t\t\t\t\t PRIMARY KEY (`rank_id`),\n\t\t\t\t\t KEY `fk_rank_subject_id_idx` (`subject_id`),\n\t\t\t\t\t KEY `fk_rank_title_id_idx` (`title_id`),\n\t\t\t\t\t KEY `fk_rank_source_id_idx` (`source_id`),\n\t\t\t\t\t CONSTRAINT `fk_rank_source_id` FOREIGN KEY (`source_id`) REFERENCES `source` (`source_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_rank_subject_id` FOREIGN KEY (`subject_id`) REFERENCES `subject` (`subject_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_rank_title_id` FOREIGN KEY (`title_id`) REFERENCES `title` (`title_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `subject_department` (\n\t\t\t\t\t `idsubject_department` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `id_subject` bigint(20) NOT NULL,\n\t\t\t\t\t `id_department` int(11) NOT NULL,\n\t\t\t\t\t `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t\t\t PRIMARY KEY (`idsubject_department`)\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `tab` (\n\t\t\t\t\t `tab_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `subject_id` bigint(20) NOT NULL DEFAULT '0',\n\t\t\t\t\t `label` varchar(120) NOT NULL DEFAULT 'Main',\n\t\t\t\t\t `tab_index` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t `external_url` varchar(500) DEFAULT NULL,\n\t\t\t\t\t `visibility` int(1) NOT NULL DEFAULT '1',\n\t\t\t\t\t PRIMARY KEY (`tab_id`),\n\t\t\t\t\t KEY `fk_t_subject_id_idx` (`subject_id`),\n\t\t\t\t\t CONSTRAINT `fk_t_subject_id` FOREIGN KEY (`subject_id`) REFERENCES `subject` (`subject_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `subject_subject` (\n\t\t\t\t\t `id_subject_subject` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `subject_parent` bigint(20) NOT NULL,\n\t\t\t\t\t `subject_child` bigint(20) NOT NULL,\n\t\t\t\t\t `date` timestamp NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,\n\t\t\t\t\t PRIMARY KEY (`id_subject_subject`),\n\t\t\t\t\t KEY `fk_subject_parent_idx` (`subject_parent`),\n\t\t\t\t\t KEY `fk_subject_child_idx` (`subject_child`),\n\t\t\t\t\t CONSTRAINT `fk_subject_child` FOREIGN KEY (`subject_child`) REFERENCES `subject` (`subject_id`) ON DELETE NO ACTION ON UPDATE NO ACTION,\n\t\t\t\t\t CONSTRAINT `fk_subject_parent` FOREIGN KEY (`subject_parent`) REFERENCES `subject` (`subject_id`) ON DELETE NO ACTION ON UPDATE NO ACTION\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `staff` (\n\t\t\t\t\t `staff_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `lname` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `fname` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `title` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `tel` varchar(45) DEFAULT NULL,\n\t\t\t\t\t `department_id` int(11) DEFAULT NULL,\n\t\t\t\t\t `staff_sort` int(11) DEFAULT NULL,\n\t\t\t\t\t `email` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `ip` varchar(300) DEFAULT NULL,\n\t\t\t\t\t `access_level` int(11) DEFAULT NULL,\n\t\t\t\t\t `user_type_id` int(11) DEFAULT NULL,\n\t\t\t\t\t `password` varchar(192) DEFAULT NULL,\n\t\t\t\t\t `active` int(1) DEFAULT NULL,\n\t\t\t\t\t `ptags` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `extra` varchar(765) DEFAULT NULL,\n\t\t\t\t\t `bio` blob,\n\t\t\t\t\t `position_number` varchar(30) DEFAULT NULL,\n\t\t\t\t\t `job_classification` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `room_number` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `supervisor_id` int(11) DEFAULT NULL,\n\t\t\t\t\t `emergency_contact_name` varchar(150) DEFAULT NULL,\n\t\t\t\t\t `emergency_contact_relation` varchar(150) DEFAULT NULL,\n\t\t\t\t\t `emergency_contact_phone` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `street_address` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `city` varchar(150) DEFAULT NULL,\n\t\t\t\t\t `state` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `zip` varchar(30) DEFAULT NULL,\n\t\t\t\t\t `home_phone` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `cell_phone` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `fax` varchar(60) DEFAULT NULL,\n\t\t\t\t\t `intercom` varchar(30) DEFAULT NULL,\n\t\t\t\t\t `lat_long` varchar(75) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`staff_id`),\n\t\t\t\t\t KEY `fk_supervisor_staff_id_idx` (`supervisor_id`),\n\t\t\t\t\t KEY `fk_staff_user_type_id_idx` (`user_type_id`),\n\t\t\t\t\t KEY `fk_staff_department_id_idx` (`department_id`),\n\t\t\t\t\t KEY `INDEXSEARCHstaff` (`lname`(255),`fname`(255)),\n\t\t\t\t\t CONSTRAINT `fk_staff_user_type_id` FOREIGN KEY (`user_type_id`) REFERENCES `user_type` (`user_type_id`) ON DELETE SET NULL ON UPDATE SET NULL\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `talkback` (\n\t\t\t\t\t `talkback_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `question` text NOT NULL,\n\t\t\t\t\t `q_from` varchar(100) DEFAULT '',\n\t\t\t\t\t `date_submitted` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',\n\t\t\t\t\t `answer` text NOT NULL,\n\t\t\t\t\t `a_from` int(11) DEFAULT NULL,\n\t\t\t\t\t `display` varchar(11) NOT NULL DEFAULT 'No',\n\t\t\t\t\t `last_revised_by` varchar(100) NOT NULL DEFAULT '',\n\t\t\t\t\t `tbtags` varchar(255) DEFAULT 'main',\n\t\t\t\t\t `cattags` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`talkback_id`),\n\t\t\t\t\t KEY `INDEXSEARCHtalkback` (`question`(200),`answer`(200)),\n\t\t\t\t\t KEY `fk_talkback_staff_id_idx` (`a_from`),\n\t\t\t\t\t CONSTRAINT `fk_talkback_staff_id` FOREIGN KEY (`a_from`) REFERENCES `staff` (`staff_id`) ON DELETE SET NULL ON UPDATE SET NULL\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `section` (\n\t\t\t\t\t `section_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `section_index` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t `layout` varchar(255) NOT NULL DEFAULT '4-4-4',\n\t\t\t\t\t `tab_id` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`section_id`),\n\t\t\t\t\t KEY `fk_section_tab_idx` (`tab_id`),\n\t\t\t\t\t CONSTRAINT `fk_section_tab` FOREIGN KEY (`tab_id`) REFERENCES `tab` (`tab_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `faq_faqpage` (\n\t\t\t\t\t `faq_faqpage_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `faq_id` int(11) NOT NULL,\n\t\t\t\t\t `faqpage_id` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`faq_faqpage_id`),\n\t\t\t\t\t KEY `fk_ff_faq_id_idx` (`faq_id`),\n\t\t\t\t\t KEY `fk_ff_faqpage_id_idx` (`faqpage_id`),\n\t\t\t\t\t CONSTRAINT `fk_ff_faqpage_id` FOREIGN KEY (`faqpage_id`) REFERENCES `faqpage` (`faqpage_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_ff_faq_id` FOREIGN KEY (`faq_id`) REFERENCES `faq` (`faq_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `location` (\n\t\t\t\t\t `location_id` bigint(20) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `format` bigint(20) DEFAULT NULL,\n\t\t\t\t\t `call_number` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `location` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `access_restrictions` int(10) DEFAULT NULL,\n\t\t\t\t\t `eres_display` varchar(1) DEFAULT NULL,\n\t\t\t\t\t `display_note` text,\n\t\t\t\t\t `helpguide` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `citation_guide` varchar(255) DEFAULT NULL,\n\t\t\t\t\t `ctags` varchar(255) DEFAULT NULL,\n\t\t\t\t\t PRIMARY KEY (`location_id`),\n\t\t\t\t\t KEY `fk_location_format_id_idx` (`format`),\n\t\t\t\t\t KEY `fk_location_restrictions_id_idx` (`access_restrictions`),\n\t\t\t\t\t CONSTRAINT `fk_location_format_id` FOREIGN KEY (`format`) REFERENCES `format` (`format_id`) ON DELETE SET NULL ON UPDATE SET NULL,\n\t\t\t\t\t CONSTRAINT `fk_location_restrictions_id` FOREIGN KEY (`access_restrictions`) REFERENCES `restrictions` (`restrictions_id`) ON DELETE SET NULL ON UPDATE SET NULL\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `faq_subject` (\n\t\t\t\t\t `faq_subject_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `faq_id` int(11) NOT NULL,\n\t\t\t\t\t `subject_id` bigint(20) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`faq_subject_id`),\n\t\t\t\t\t KEY `fk_fs_faq_id_idx` (`faq_id`),\n\t\t\t\t\t KEY `fk_fs_subject_id_idx` (`subject_id`),\n\t\t\t\t\t CONSTRAINT `fk_fs_faq_id` FOREIGN KEY (`faq_id`) REFERENCES `faq` (`faq_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_fs_subject_id` FOREIGN KEY (`subject_id`) REFERENCES `subject` (`subject_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `location_title` (\n\t\t\t\t\t `location_id` bigint(20) NOT NULL DEFAULT '0',\n\t\t\t\t\t `title_id` bigint(20) NOT NULL DEFAULT '0',\n\t\t\t\t\t PRIMARY KEY (`location_id`,`title_id`),\n\t\t\t\t\t KEY `fk_lt_location_id_idx` (`location_id`),\n\t\t\t\t\t KEY `fk_lt_title_id_idx` (`title_id`),\n\t\t\t\t\t CONSTRAINT `fk_lt_location_id` FOREIGN KEY (`location_id`) REFERENCES `location` (`location_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_lt_title_id` FOREIGN KEY (`title_id`) REFERENCES `title` (`title_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `subject_discipline` (\n\t\t\t\t\t `subject_id` bigint(20) NOT NULL,\n\t\t\t\t\t `discipline_id` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`subject_id`,`discipline_id`),\n\t\t\t\t\t KEY `discipline_id` (`discipline_id`),\n\t\t\t\t\t KEY `fk_sd_subject_id_idx` (`subject_id`),\n\t\t\t\t\t KEY `fk_sd_discipline_id_idx` (`discipline_id`),\n\t\t\t\t\t KEY `fk_sd_subject_id_idx1` (`subject_id`),\n\t\t\t\t\t KEY `fk_sd_discipline_id_idx1` (`discipline_id`),\n\t\t\t\t\t CONSTRAINT `fk_sd_discipline_id` FOREIGN KEY (`discipline_id`) REFERENCES `discipline` (`discipline_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_sd_subject_id` FOREIGN KEY (`subject_id`) REFERENCES `subject` (`subject_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8 COMMENT='added v2'", "CREATE TABLE `staff_subject` (\n\t\t\t\t\t `staff_id` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t `subject_id` bigint(20) NOT NULL DEFAULT '0',\n\t\t\t\t\t PRIMARY KEY (`staff_id`,`subject_id`),\n\t\t\t\t\t KEY `fk_ss_subject_id_idx` (`subject_id`),\n\t\t\t\t\t KEY `fk_ss_staff_id_idx` (`staff_id`),\n\t\t\t\t\t CONSTRAINT `fk_ss_staff_id` FOREIGN KEY (`staff_id`) REFERENCES `staff` (`staff_id`) ON DELETE CASCADE ON UPDATE CASCADE,\n\t\t\t\t\t CONSTRAINT `fk_ss_subject_id` FOREIGN KEY (`subject_id`) REFERENCES `subject` (`subject_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8", "CREATE TABLE `pluslet_section` (\n\t\t\t\t\t `pluslet_section_id` int(11) NOT NULL AUTO_INCREMENT,\n\t\t\t\t\t `pluslet_id` int(11) NOT NULL DEFAULT '0',\n\t\t\t\t\t `section_id` int(11) NOT NULL,\n\t\t\t\t\t `pcolumn` int(11) NOT NULL,\n\t\t\t\t\t `prow` int(11) NOT NULL,\n\t\t\t\t\t PRIMARY KEY (`pluslet_section_id`),\n\t\t\t\t\t KEY `fk_pt_pluslet_id_idx` (`pluslet_id`),\n\t\t\t\t\t KEY `fk_pt_tab_id_idx` (`section_id`),\n\t\t\t\t\t CONSTRAINT `fk_pt_section_id` FOREIGN KEY (`section_id`) REFERENCES `section` (`section_id`) ON DELETE CASCADE ON UPDATE CASCADE\n\t\t\t\t\t) ENGINE=InnoDB DEFAULT CHARSET=utf8");
//all the subjectqueries -- default data
$this->lobjInsertQueries = array("INSERT INTO `chchchanges` VALUES (1,1,'guide',1,'General','insert','2011-03-26 19:16:19'),(2,1,'record',1,'Sample Record','insert','2011-03-26 20:08:54')", "INSERT INTO `subject` VALUES (1,'General',1,'general','',NULL,NULL,NULL,'Subject','2011-03-26 19:16:19',NULL,'{\"maincol\":\"\"}')", "INSERT INTO `tab` VALUES (1,1,'Main',0,NULL,1)", "INSERT INTO `section` VALUES (1,0,'4-6-2',1)", "INSERT INTO `pluslet` VALUES (1,'All Items by Source','','',0,'Special','',0,0,NULL),(2,'Key to Icons','','',0,'Special','',0,0,NULL),(3,'Subject Specialist','','',0,'Special','',0,0,NULL),\n\t\t\t\t\t(4,'FAQs','','',0,'Special','',0,0,NULL),(5,'Books: Use the Library Catalog','','',0,'Special','',0,0,NULL),(6,'','','',0,'Reserved_for_Special','',0,0,NULL),(7,'','','',0,'Reserved_for_Special','',0,0,NULL),\n\t\t\t\t\t(8,'','','',0,'Reserved_for_Special','',0,0,NULL),(9,'','','',0,'Reserved_for_Special','',0,0,NULL),(10,'','','',0,'Reserved_for_Special','',0,0,NULL),(11,'','','',0,'Reserved_for_Special','',0,0,NULL),\n\t\t\t\t\t(12,'','','',0,'Reserved_for_Special','',0,0,NULL),(13,'','','',0,'Reserved_for_Special','',0,0,NULL),(14,'','','',0,'Reserved_for_Special','',0,0,NULL),(15,'','','',0,'Reserved_for_Special','',0,0,NULL)", "INSERT INTO `format` VALUES (1,'Web'),(2,'Print'),(3,'Print w/ URL')", "INSERT INTO `user_type` VALUES (1,'Staff'),(2,'Machine'),(3,'Student')", "INSERT INTO `discipline` VALUES (1,'agriculture',1),(2,'anatomy & physiology',2),(3,'anthropology',3),(4,'applied sciences',4),(5,'architecture',5),\n\t\t\t\t\t(6,'astronomy & astrophysics',6),(7,'biology',7),(8,'botany',8),(9,'business',9),(10,'chemistry',10),(11,'computer science',11),(12,'dance',12),(13,'dentistry',13),\n\t\t\t\t\t(14,'diet & clinical nutrition',14),(15,'drama',15),(16,'ecology',16),(17,'economics',17),(18,'education',18),(19,'engineering',19),(20,'environmental sciences',20),\n\t\t\t\t\t(21,'film',21),(22,'forestry',22),(23,'geography',23),(24,'geology',24),(25,'government',25),(26,'history & archaeology',26),(27,'human anatomy & physiology',27),\n\t\t\t\t\t(28,'international relations',28),(29,'journalism & communications',29),(30,'languages & literatures',30),(31,'law',31),(32,'library & information science',32),\n\t\t\t\t\t(33,'mathematics',33),(34,'medicine',34),(35,'meteorology & climatology',35),(36,'military & naval science',36),(37,'music',37),(38,'nursing',38),\n\t\t\t\t\t(39,'occupational therapy & rehabilitation',39),(40,'oceanography',40),(41,'parapsychology & occult sciences',41),(42,'pharmacy, therapeutics, & pharmacology',42),\n\t\t\t\t\t(43,'philosophy',43),(44,'physical therapy',44),(45,'physics',45),(46,'political science',46),(47,'psychology',47),(48,'public health',48),(49,'recreation & sports',49),\n\t\t\t\t\t(50,'religion',50),(51,'sciences (general)',51),(52,'social sciences (general)',52),(53,'social welfare & social work',53),(54,'sociology & social history',54),\n\t\t\t\t\t(55,'statistics',55),(56,'veterinary medicine',56),(57,'visual arts',57),(58,'women's studies',58),(59,'zoology',59)", "INSERT INTO `restrictions` VALUES (1,'None'),(2,'Restricted'),(3,'On Campus Only'),(4,'Rest--No Proxy')", "INSERT INTO `title` VALUES (1,'Sample Record',NULL,'Here you can enter a description of the record. A description may be overwritten for a given subject by clicking the icon next to the desired subject in the Record screen.<br />',\n\t\t\t\t\tNULL,NULL,'2011-03-26 20:08:54')", "INSERT INTO `source` VALUES (1,'Journals/Magazines',1),(2,'Newspapers',5),(3,'Web Sites',10),(4,'FAQs',15),(5,'Almanacs & Yearbooks',100),(6,'Atlases',100),(7,'Bibliographies',100),\n\t\t\t\t\t(8,'Biographical Information',100),(9,'Concordances',100),(10,'Dictionaries',100),(11,'Encyclopedias',100),(12,'Government Information',100),(13,'Grants/Scholarships/Financial Aid',100),\n\t\t\t\t\t(14,'Handbooks & Guides',100),(15,'Images',100),(16,'Local',100),(17,'Primary Sources',100),(18,'Quotations',100),(19,'Regional',100),(20,'Reviews',100),(21,'Statistics/Data',100),\n\t\t\t\t\t(22,'Directories',100),(23,'Dissertations',100),(24,'Newspapers--International',100),(25,'Newswires',100),(26,'TV Stations',100),(27,'Radio Stations',100),(28,'Transcripts',100),\n\t\t\t\t\t(30,'Audio Files',100),(31,'Organizations',100)", "INSERT INTO `location` VALUES (1,1,'','http://www.subjectsplus.com/wiki/',1,'Y','',NULL,NULL,'')", "INSERT INTO `department` VALUES (1,'Library Administration',1,'5555',NULL,NULL)", "INSERT INTO `staff` VALUES (1,'Admin','Super','SubjectsPlus Admin','5555',1,0,'admin{$lstrEmailDomain}','',0,1,'{$lstrHashPassword}',1,'talkback|faq|records|eresource_mgr|videos|admin|librarian|supervisor','{\"css\": \"basic\"}',\n\t\t\t\t\t'This is the default user with a SubjectsPlus install. You should delete or rename me before you go live!',NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL)", "INSERT INTO `location_title` VALUES (1,1)", "INSERT INTO `rank` VALUES (1,0,1,1,1,'')", "INSERT INTO `staff_subject` VALUES (1,1)", "INSERT INTO `uml_refstats_location` VALUES (1,'Information Desk (Richter)'),(2,'Circulation Desk (Richter)'),(3,'Digital Media Lab'),(4,'Architecture'),(5,'Business'),(6,'CHC'),(7,'Music'),(8,'RSMAS'),(9,'Special Collections'),\n\t\t\t\t\t(10,'Other (include ntoe)')", "INSERT INTO `uml_refstats_type` VALUES (1,'Computer Hardware'),(2,'Computer Software'),(3,'Directional'),(4,'Printers/Copiers'),(5,'Reference')", "INSERT INTO `uml_refstats_mode` VALUES (1,'In Person'),(2,'Phone'),(3,'Email'),(4,'IM')");
}
/**
* DatabaseWebService::sanitizeParams() - - goes through passed array parameter
* and sanitizes elements that are valid url parameters
*
* @param array $lobjParams
* @return array
*/
function sanitizeParams(array $lobjParams)
{
$lobjFinalParams = array();
foreach ($lobjParams as $lstrKey => $lstrValue) {
switch (strtolower($lstrKey)) {
case 'letter':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed);
}
$lobjFinalParams['letter'] = $lobjSplit;
break;
case 'search':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed);
}
$lobjFinalParams['search'] = $lobjSplit;
break;
case 'subject_id':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed, 'integer');
}
$lobjFinalParams['subject_id'] = $lobjSplit;
break;
case 'type':
$lobjSplit = explode(',', $lstrValue);
foreach ($lobjSplit as &$lstrUnScrubbed) {
$lstrUnScrubbed = scrubData($lstrUnScrubbed);
}
$lobjFinalParams['type'] = $lobjSplit;
break;
case 'max':
$lstrValue = scrubData($lstrValue, 'integer');
$lobjFinalParams['max'] = $lstrValue;
break;
}
}
return $lobjFinalParams;
}
/**
* sp_WebService::formatOutput() - saves formatted output into property based
* on format requested in url parameters
*
* @return void
*/
public function formatOutput()
{
$lstrFormat = '';
if (isset($this->mobjUrlParams['output'])) {
$lstrFormat = $this->mobjUrlParams['output'];
}
$this->mstrFormat = scrubData(strtolower($lstrFormat));
switch ($this->mstrFormat) {
case "xml":
$this->mstrOutput = "<{$this->mstrService}>";
$this->mstrOutput .= $this->getXMLFormat($this->mobjData);
$this->mstrOutput .= "</{$this->mstrService}>";
break;
case "json":
$this->mstrOutput = $this->getJSONFormat();
break;
default:
$this->mstrOutput = $this->getJSONFormat();
break;
}
}
$intro = "<p>A collection of videos produced by the University of Miami Libraries.</p>";
$display = "<br />";
try {
} catch (Exception $e) {
echo $e;
}
// Get Tags
// create the option
$vtag_items = "\n <ul>\n <li><a href=\"video.php?tag=all\">All</a></li>";
foreach ($all_vtags as $value) {
$vtag_items .= "<li><a href=\"video.php?tag={$value}\">" . ucfirst($value) . "</a></li>";
}
$vtag_items .= "</ul>";
// Clean up user submission
if (isset($_GET["video_id"])) {
$extra_sql = "and video_id = '" . scrubData($_GET["video_id"], "integer") . "'";
}
if (isset($_GET["tag"])) {
if (in_array($_GET["tag"], $all_vtags)) {
$pretty_tag = ucfirst($_GET["tag"]);
$extra_sql = "and vtags like '%" . $_GET["tag"] . "%'";
}
}
$q = "select distinct video_id, title, description, source, foreign_id, duration, date\n FROM video\n WHERE display = '1'\n {$extra_sql}\n ORDER BY date";
// print $q;
// check row count for 0 returns
$db = new Querier();
$r = $db->query($q);
$num_rows = count($r);
if ($num_rows != 0) {
foreach ($r as $myrow) {
function writeTable($qualifier, $subject_id = '')
{
global $IconPath;
global $proxyURL;
// sanitize submission
$selected = scrubData($qualifier);
$subject_id = scrubData($subject_id);
// determine submission type
$selected = getTableOptions($selected, $subject_id);
if (isset($subject_id) && $subject_id != "") {
$q = "select distinct left(title,1) as initial, title, description, location, access_restrictions, title.title_id as this_record,\neres_display, display_note, pre, citation_guide, ctags\n FROM title, restrictions, location, location_title, source, rank\n {$selected}\n AND title.title_id = location_title.title_id\n AND location.location_id = location_title.location_id\n AND restrictions_id = access_restrictions\n \n AND rank.title_id = title.title_id AND source.source_id = rank.source_id\n ORDER BY title ";
} else {
$q = "select distinct left(title,1) as initial, title, description, location, access_restrictions, title.title_id as this_record,\neres_display, display_note, pre, citation_guide, ctags\n\t\tFROM title, restrictions, location, location_title, source\n\t\t{$selected}\n\t\tAND title.title_id = location_title.title_id\n\t\tAND location.location_id = location_title.location_id\n\t\tAND restrictions_id = access_restrictions\n\n\t\tORDER BY title";
}
//print $q;
$db = new Querier();
$r = $db->query($q);
// check row count for 0 returns
$num_rows = count($r);
if ($num_rows == 0) {
return "<div class=\"no_results\">" . _("Sorry, there are no results at this time.") . "</div>";
}
// prepare header
$items = "<table width=\"98%\" class=\"item_listing\">";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$patterns = "/'|\"/";
$replacements = "";
$item_title = $myrow["title"];
$safe_title = trim(preg_replace($patterns, $replacements, $item_title));
$blurb = $myrow["description"];
$bib_id = $myrow["5"];
/// CHECK RESTRICTIONS ///
if ($myrow['4'] == 2 or $myrow['4'] == 3) {
$url = $proxyURL . $myrow[3];
$rest_icons = "restricted";
} else {
$url = $myrow[3];
$rest_icons = "";
// if you want the unlocked icon to show, enter "unrestricted" here
}
$current_ctags = explode("|", $myrow["ctags"]);
// add our $rest_icons info to this array at the beginning
array_unshift($current_ctags, $rest_icons);
$icons = showIcons($current_ctags);
//Check if there is a display note
if ($myrow["display_note"] == NULL) {
$display_note_text = "";
} else {
$display_note_text = "<strong>" . _("Note:") . " </strong>{$myrow['display_note']}";
}
$bonus = "{$blurb}";
if ($blurb != "") {
$information = "<img src=\"{$IconPath}/information.png\" border=\"0\" alt=\"" . _("more information") . "\" title=\"" . _("more information") . "\" id=\"bib-{$bib_id}\" />";
} else {
$information = "";
}
$items .= "\n\t<tr class=\"zebra {$row_colour}\" valign=\"top\">\n\t\t\n\t\t<td><a href=\"{$url}\" target=\"_blank\"><strong>{$item_title}</strong></a> {$icons}<br/>{$bonus} {$display_note_text}\n \n\t</tr>";
$row_count++;
}
$items .= "</table>";
return $items;
}
function modifyCollections()
{
$db = new Querier();
for ($i = 0; $i < $this->_collection_count; $i++) {
$qUpColl = "INSERT INTO faq_faqpage (faq_id, faqpage_id) VALUES (\n " . scrubData($this->_faq_id, "integer") . ",\n " . scrubData($this->_collection[$i], "integer") . ")";
$rUpColl = $db->query($qUpColl);
$this->_debug .= "<p>3. (update faq_faqpage loop) : {$qUpColl}</p>";
if ($rUpColl === FALSE) {
echo blunDer("We have a problem with the faq_faqpage query: {$qUpColl}");
}
}
}
* @author adarby
* @date march 2011
*/
use SubjectsPlus\Control\Querier;
$subcat = "video";
$page_title = "Video Admin";
include "../includes/header.php";
try {
} catch (Exception $e) {
echo $e;
}
if (isset($_GET["limit"])) {
if ($_GET["limit"] == "all") {
$limit = "";
} else {
$limit = "LIMIT 0," . scrubData($_GET["limit"], "int");
}
} else {
$limit = "";
}
$querierVid = new Querier();
$qVid = "SELECT video_id, title, description, source, foreign_id, duration, date, display, vtags\n\tFROM video\n\tORDER BY video_id DESC\n\t{$limit}";
$vidArray = $querierVid->query($qVid);
$row_count1 = 0;
$row_count2 = 0;
$colour1 = "evenrow";
$colour2 = "oddrow";
$vid_list = "";
if ($vidArray) {
foreach ($vidArray as $value) {
$row_colour1 = $row_count1 % 2 ? $colour1 : $colour2;
if ($action == "generate") {
if ($installationTypeNew == "offline") {
$updateCheckerNew = "false";
}
if (substr($rootNew, -1) == "/") {
$rootNew = substr($rootNew, 0, -1);
}
if (substr($ftpRootNew, -1) == "/") {
$ftpRootNew = substr($ftpRootNew, 0, -1);
}
if (substr($pathMantisNew, -1) != "/") {
$pathMantisNew = $pathMantisNew . "/";
}
// DAB - scrub the data
require_once dirname(realpath(__FILE__)) . '/../general/data_funcs.inc.php';
$scrubData = scrubData($_POST);
extract($scrubData);
// -- END Paranoia
$content = <<<STAMP
<?php
#Application name: PhpCollab
#Status page: 2
#Path by root: ../includes/settings.php
# installation type
\$installationType = "{$installationTypeNew}"; //select "offline" or "online"
# select database application
\$databaseType = "{$databaseTypeNew}"; //select "sqlserver", "postgresql" or "mysql"
# database parameters
}
}
if (isset($_POST["update_disciplines"])) {
//////////////////////////////////
// Get the discipline dept data + sort order
//////////////////////////////////
//////////////////////
// Create new array of results
/////////////////////
$a = $_POST["discipline_id"];
$b = $_POST["discipline"];
$result = array_combine($a, $b);
// Loop through array, update departments table
$row_count = 1;
foreach ($result as $key => $value) {
$qUpDept = "UPDATE discipline SET\n\t\tdiscipline = " . $db->quote(scrubData($value)) . ", \n\t\tsort = " . $row_count . " \n\t\tWHERE discipline_id = " . scrubData($key, "integer");
$rUpDept = $db->exec($qUpDept);
$row_count++;
}
$feedback = _("Thy Will Be Done. discipline list updated.");
}
///////////////
// disciplines
///////////////
$querierDept = new Querier();
$qdiscipline = "select discipline_id, discipline, sort from discipline order by sort, discipline";
$disciplineArray = $querierDept->query($qdiscipline);
foreach ($disciplineArray as $value) {
$ourlist .= "<li id=\"item-{$value['0']}\" class=\"sortable_item disc-sortable\"><a id=\"delete-{$value['0']}\"><img src=\"{$IconPath}/delete.png\" class=\"pointer\" /></a> <input type=\"text\" size=\"40\" name=\"discipline[]\" value=\"{$value['1']}\" /> <input type=\"hidden\" name=\"discipline_id[]\" value=\"{$value['0']}\" /></li>";
}
$discipline_box = "\n<form id=\"disciplines\" action=\"\" method=\"post\">\n<button class=\"button\" id=\"save_guide\" class=\"button pure-button pure-button-primary\" style=\"display: block;\" name=\"update_disciplines\" >" . _("SAVE CHANGES") . "</button>\n\n<p>" . _("NOTE: Disciplines were added to facilitate Serials Solution ingest of data. This original set was provided by SerSol in Nov 2012. \n If you are a SerSol customer, you might not want to change these. Sort may or may not be implemented in your version of SP.") . "</p>\n<p>" . _("Enter discipline type label.") . "</p>\n<br />\n\n<ul id=\"sortable-\" class=\"sortable_list\">\n{$ourlist}\n</ul>\n</form>\n";
} else {
print _("Thy Will Be Done. Source list updated.");
}
}
return;
// return early so we don't show the stuff that follows
break;
case "delete_discipline":
// Make sure no one is associated with this discipline
$qChecker = "SELECT * FROM subject, subject_discipline WHERE subject.subject_id = subject_discipline.subject_id\n AND subject_discipline.discipline_id = " . scrubData($_POST["delete_id"], "integer");
$rChecker = $db->query($qChecker);
//print $qChecker;
if (count($rChecker) != 0) {
print _("Your request cannot be completed: There are one or more records linked to this source");
} else {
$qDeleteD = "DELETE FROM discipline WHERE discipline_id = " . scrubData($_POST["delete_id"], "integer");
$rDeleteD = $db->exec($qDeleteD);
if (!$rDeleteD) {
echo blunDer("We have a problem with the delete source query: {$qDeleteD}");
} else {
print _("Thy Will Be Done. Discipline list updated.");
}
}
return;
// return early so we don't show the stuff that follows
break;
case "address_lookup":
//print urlencode($_REQUEST["address"]);
$endpoint = "http://maps.googleapis.com/maps/api/geocode/json?address=" . urlencode($_REQUEST["address"]) . "&sensor=false";
$address = curl_get($endpoint);
//print $address;
}*/
// do we have more than one tab?
if (count($all_tabs) > 1) {
$multi_tab = TRUE;
} else {
$multi_tab = FALSE;
}
// Add tracking image
$tracking_image = "<img style=\"display: none;\" src=\"" . $PublicPath . "track.php?subject=" . scrubData($_GET['subject']) . "&page_title=" . $page_title . "\" />";
print $tracking_image;
print $social_and_search;
?>
<div id="tabs" class="hide-tabs-fouc">
<div id="main-content" data-subject="<?php
echo scrubData($_GET['subject']);
?>
" data-url="<?php
echo getSubjectsURL();
?>
" data-subject-id="<?php
echo $this_id;
?>
">
<div id="tab-container">
<?php
$printer_tabs = '<div class="printer_tabs"><div class="pure-button pure-button-topsearch print-img-tabs"><img src="../assets/images/printer.png" alt="Print" title="Print"></div></div>';
$printer_no_tabs = '<div class="printer_no_tabs"><div class="pure-button pure-button-topsearch print-img-no-tabs"><img src="../assets/images/printer.png" alt="Print" title="Print"></div></div>';
// Only show tabs if there is more than one tab
if ($multi_tab == TRUE) {
case "ingest":
$db = new Querier();
// check if we already have a record like this
$our_id = scrubData($_REQUEST["foreign_id"]);
$qcheck = "SELECT video_id FROM video WHERE foreign_id = '" . $our_id . "'";
//print $qcheck;
$rcheck = $db->query($qcheck);
if (count($rcheck) == 0) {
$qinsert = "INSERT INTO video (title, description, source, foreign_id, duration, date, display)\n values(\"" . $_POST["title"] . "\", \"" . $_POST["description"] . "\", \"" . $_POST["source"] . "\", \"" . $_POST["foreign_id"] . "\", \"" . $_POST["duration"] . "\", \"" . $_POST["upload_date"] . "\",\n 1 \n )";
// print_r ($qinsert);
$rinsert = $db->exec($qinsert);
$video_id = $db->last_id();
} else {
// Do an update
$db = new Querier();
$qupdate = "UPDATE video \n SET title = " . $db->quote(scrubData($_POST['title'])) . ",\n description = " . $db->quote(scrubData($_POST['description'], 'richtext')) . ",\n source = " . $db->quote(scrubData($_POST['source'])) . " ,\n foreign_id = " . $db->quote(scrubData($_POST['foreign_id'])) . ",\n duration = " . $db->quote(scrubData($_POST['duration'])) . " ,\n date = " . $db->quote(scrubData($_POST['upload_date'])) . " ,\n WHERE foreign_id = " . $our_id;
//print_r ($qupdate);
$rupdate = $db->exec($qupdate);
$video_id = $rupdate[0];
}
// insert/update image
// get small thumbnail
$image = curl_get($_POST["thumbnail_small"]);
//$image = file_get_contents($_POST["thumbnail_small"]);
$new_image = "../../assets/images/video_thumbs/" . $video_id . "_small.jpg";
file_put_contents($new_image, $image);
// get medium thumbnail (actually the youtube one is pretty large)
$image = curl_get($_POST["thumbnail_medium"]);
//$image = file_get_contents($_POST["thumbnail_medium"]);
$new_image = "../../assets/images/video_thumbs/" . $video_id . "_medium.jpg";
file_put_contents($new_image, $image);
function writeTable($qualifier, $subject_id = '', $description_search = 0)
{
global $IconPath;
global $proxyURL;
$db = new Querier();
// sanitize submission
$subject_id = scrubData($subject_id);
// Prepare conditions
$condition1 = "";
$condition2 = "";
$condition3 = "";
switch ($qualifier) {
case "Num":
$condition1 = "WHERE left(title, 1) REGEXP '[[:digit:]]+'";
$condition2 = "WHERE left(alternate_title, 1) REGEXP '[[:digit:]]+'";
break;
case "All":
$condition1 = "WHERE title != ''";
$condition2 = "WHERE alternate_title != ''";
break;
case "bysub":
if (isset($subject_id)) {
//get title ids in pluslets' resource token connected to subject
$lobjGuide = new Guide($subject_id);
$lobjTitleIds = $lobjGuide->getRelatedTitles();
$condition1 = "WHERE (subject_id = {$subject_id}";
$condition1 .= count($lobjTitleIds) > 0 ? "\nOR t.title_id IN (" . implode(',', $lobjTitleIds) . ")" : "";
$condition1 .= ")";
$condition2 = "WHERE subject_id = {$subject_id}";
} else {
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" . $qualifier . "%");
}
break;
case "bytype":
if (isset($_GET["type"])) {
$condition1 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"]));
$condition2 = "WHERE ctags LIKE " . $db->quote(scrubData($_GET["type"]));
$condition3 = "and alternate_title NOT NULL";
}
break;
case "search":
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
// If you uncomment the next line, it will search description field
$condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%");
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%");
break;
default:
// This is the simple output by letter and also the search
if (strlen($qualifier) == 1) {
// Is like the first letter
$condition1 = "WHERE title LIKE " . $db->quote($qualifier . "%");
} else {
$condition1 = "WHERE title LIKE " . $db->quote("%" . $qualifier . "%");
}
if ($description_search == 1) {
// If you uncomment the next line, it will search description field
$condition1 = "WHERE (title LIKE " . $db->quote("%" . $qualifier . "%") . " OR description LIKE " . $db->quote("%" . $qualifier . "%") . ")";
}
$condition2 = "WHERE alternate_title LIKE " . $db->quote("%" + $qualifier + "%");
}
$q1 = "SELECT distinct left(t.title,1) as initial, t.title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition1}\n AND eres_display = 'Y'\n ORDER BY newtitle";
$q2 = "SELECT distinct left(t.alternate_title,1) as initial, t.alternate_title as newtitle, t.description, location, access_restrictions, t.title_id as this_record,eres_display, display_note, pre, citation_guide, ctags, helpguide\n FROM title as t\n INNER JOIN location_title as lt\n ON t.title_id = lt.title_id\n INNER JOIN location as l\n ON lt.location_id = l.location_id\n INNER JOIN restrictions as r\n ON l.access_restrictions = r.restrictions_id\n INNER JOIN rank as rk\n ON rk.title_id = t.title_id\n INNER JOIN source as s\n ON rk.source_id = s.source_id\n {$condition2}\n\t\t AND eres_display = 'Y'\n {$condition3}\n\n\t\t ORDER BY newtitle";
$r = $db->query($q1);
$num_rows = count($r);
if ($num_rows == 0) {
return "<div class=\"no_results\">" . _("Sorry, there are no results at this time.") . "</div>";
}
// prepare header
$items = "<table width=\"98%\" class=\"item_listing\">";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$patterns = "/'|\"/";
$replacements = "";
$item_title = $myrow[1];
if ($myrow["pre"] != "") {
$item_title = $myrow["pre"] . " " . $item_title;
}
$safe_title = trim(preg_replace($patterns, $replacements, $item_title));
$blurb = $myrow["description"];
$bib_id = $myrow[5];
/// CHECK RESTRICTIONS ///
if ($myrow['4'] == 2 or $myrow['4'] == 3) {
$url = $proxyURL . $myrow[3];
$rest_icons = "restricted";
} elseif ($myrow['4'] == 4) {
$url = $myrow[3];
$rest_icons = "restricted";
} else {
$url = $myrow[3];
$rest_icons = "";
// if you want the unlocked icon to show, enter "unrestricted" here
}
$current_ctags = explode("|", $myrow["ctags"]);
// add our $rest_icons info to this array at the beginning
array_unshift($current_ctags, $rest_icons);
$icons = showIcons($current_ctags);
/// Check for Help Guide ///
if ($myrow["helpguide"] != "") {
$helpguide = " <a href=\"" . $myrow["helpguide"] . "\"><img src=\"{$IconPath}/help.gif\" border=\"0\" alt=\"" . _("Help Guide") . "\" title=\"" . _("Help Guide") . "\" /></a>";
} else {
$helpguide = "";
}
//Check if there is a display note
if ($myrow["display_note"] == NULL) {
$display_note_text = "";
} else {
$display_note_text = "<br /><strong>" . _("Note:") . " </strong>" . $myrow['display_note'];
}
$bonus = "{$blurb}<br />";
if ($blurb != "") {
$information1 = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\"><img src=\"{$IconPath}/information.png\" border=\"0\" alt=\"" . _("more information") . "\" title=\"" . _("more information") . "\" /></span>";
// This is new details link; you can use the one above if you prefer
$information = "<span id=\"bib-{$bib_id}\" class=\"toggleLink curse_me\">" . _("about") . "</span>";
} else {
$information = "";
}
$target = targetBlanker();
$items .= self::generateLayout($row_colour, $url, $target, $item_title, $information, $information1, $icons, $helpguide, $display_note_text, $bonus);
$row_count++;
}
$items .= "</table>";
return $items;
}
$item_name = scrubData($_POST["our_item_text"]);
$item_id = scrubData($_POST["our_item_id"], 'integer');
echo "\n <div class=\"selected_item_wrapper\">\n <div class=\"selected_item\">\n <input name=\"parent_id[]\" value=\"{$item_id}\" type=\"hidden\" />\n {$item_name}<br />\n </div>\n <div class=\"selected_item_options\">\n <img src=\"{$IconPath}/delete.png\" class=\"delete_item\" alt=\"delete\" title=\"remove\" border=\"0\">\n </div>\n </div>";
break;
case "add_discipline":
$item_name = scrubData($_POST["our_item_text"]);
$item_id = scrubData($_POST["our_item_id"], 'integer');
echo "\n <div class=\"selected_item_wrapper\">\n <div class=\"selected_item\">\n <input name=\"discipline_id[]\" value=\"{$item_id}\" type=\"hidden\" />\n {$item_name}<br />\n </div>\n <div class=\"selected_item_options\">\n <img src=\"{$IconPath}/delete.png\" class=\"delete_item\" alt=\"delete\" title=\"remove\" border=\"0\">\n </div>\n </div>";
break;
case "test_shortform":
if ($_GET["subject_id"] == "") {
// INSERT
$qcheck = "SELECT shortform FROM subject WHERE shortform = '" . $db->quote(scrubData($_GET["value"])) . "'";
} else {
// UPDATE
$qcheck = "SELECT shortform FROM subject WHERE shortform = '" . $db->quote(scrubData($_GET["value"])) . "' AND subject_id != '" . $db->quote(scrubData($_GET["subject_id"])) . "'";
}
//print $qcheck;
$rcheck = $db->query($qcheck);
if (count($rcheck) == 0) {
echo "ok";
} else {
echo "dupe";
}
break;
case "email_link_report":
$message_body = stripslashes($_POST["linkresults"]);
$subject_line = _("LinkChecker Results for ") . $_POST["shortform"];
if ($_POST["sendto"] == "send_report2all") {
$q = "SELECT subject, email\n FROM subject s, staff_subject ss, staff st\n WHERE s.subject_id = ss.subject_id\n AND ss.staff_id = st.staff_id\n AND s.shortform = '" . $_POST["shortform"] . "'";
//print $q;
}
$statement->bindParam(":year", $this_year);
$statement->bindParam(":tbtags", $filter);
$statement->bindParam(":ctags", $cat_tags);
$statement->execute();
$our_result = $statement->fetchAll();
$comment_header = "<h2>" . _("Comments from Previous Years") . " <span style=\"font-size: 12px;\"><a href=\"talkback.php?v={$set_filter}\">" . _("See this year") . "</a></span></h2>";
} else {
// New ones //
$db = new Querier();
$connection = $db->getConnection();
$statement = $connection->prepare("SELECT talkback_id, question, q_from, date_submitted, DATE_FORMAT(date_submitted, '%b %d %Y') as thedate,\n\tanswer, a_from, fname, lname, email, staff.title, YEAR(date_submitted) as theyear\n\tFROM talkback LEFT JOIN staff\n\tON talkback.a_from = staff.staff_id\n\tWHERE (display ='1' OR display ='Yes')\n AND tbtags LIKE :tbtags\n\tAND cattags LIKE :ctags\n\tAND YEAR(date_submitted) >= :year\n\tORDER BY date_submitted DESC");
$statement->bindParam(":year", $this_year);
$filter = '%' . $set_filter . '%';
if (isset($_GET['c'])) {
$cat_tags = '%' . scrubData($_GET['c']) . '%';
} else {
$cat_tags = "%%";
}
//AND tbtags LIKE :tbtags
$statement->bindParam(":tbtags", $filter);
$statement->bindParam(":ctags", $cat_tags);
$statement->execute();
$our_result = $statement->fetchAll();
$comment_header = "<h2>" . _("Comments from ") . "{$this_year} <span style=\"font-size: 11px; font-weight: normal;\"><a href=\"talkback.php?t=prev&v={$set_filter}\">" . _("See previous years") . "</a></span></h2>";
}
/* Select all Records, either current or previous year*/
$result_count = count($our_result);
if ($result_count != 0) {
$row_count = 1;
$results = "";
$newlist .= "<li><a href=\"{$db_url}{$myrow['1']}\">{$myrow['0']}</a></li>\n";
}
$newlist .= "</ul>\n";
// Add header now, because we need a value ($v2styles) from it
include "includes/header_med.php";
// put together our main result display
//**************************************
$pills = "";
//init
$layout = "";
//init
$collection_results = "";
//init
// Is this a search?
if (isset($_POST["searchterm"]) && $_POST["searchterm"] != "") {
$searchterm = scrubData($_POST["searchterm"]);
$search_param = "%" . $searchterm . "%";
$pills = "<div class=\"pills-label\">" . _("Start over:") . "</div><div class=\"pills-container\"><a href=\"index.php\">See All Research Guides</a></div>";
$q_search = "select * from subject \n WHERE active = '1' \n AND type != 'Placeholder' \n AND subject LIKE '{$search_param}'\n ORDER BY subject";
$statement = $connection->prepare($q_search);
$statement->execute();
$r_search = $statement->fetchAll();
$col_1 = "<div class=\"pure-u-1 pure-u-md-1-2\"><ul class=\"guide-listing\">";
foreach ($r_search as $key => $value) {
$guide_location = $guide_path . $value['shortform'];
$list_bonus = "";
if ($value[6] != "") {
$list_bonus .= $value[6] . "<br /><br />";
}
// add description
if ($value[7] != "") {
$values = array($b, $c, $d, $e);
foreach ($a as $index => $key) {
$t = array();
foreach ($values as $value) {
$t[] = $value[$index];
}
$result[$key] = $t;
}
/* print "<pre>";
print_r($result);
print "</pre>"; */
// Loop through array, update departments table
$row_count = 1;
$error = FALSE;
foreach ($result as $key => $value) {
$qUpDept = "UPDATE department SET\n name = " . $db->quote(scrubData($value[0])) . ",\n telephone = " . $db->quote(scrubData($value[1])) . ",\n department_sort = " . $row_count . ",\n email = " . $db->quote(scrubData($value[2])) . ",\n url = " . $db->quote(scrubData($value[3])) . "\n WHERE department_id = " . scrubData($key, "integer");
$rUpDept = $db->exec($qUpDept);
$row_count++;
}
$feedback = _("Thy Will Be Done. Department list order updated.");
// Show feedback
//$feedback = $record->getMessage();
// See all the queries?
//$record->deBug();
}
///////////////
// Departments
///////////////
$querierDept = new Querier();
$qDept = "select department_id, name, telephone, department_sort, email, url from department order by department_sort";
$deptArray = $querierDept->query($qDept);
}
}
//added in order to redirect to control home if already logged in. Only check if $sessionCheck variable doesn't exists and says no
$sessionCheck = checkSession();
if ($sessionCheck != "failure") {
global $CpanelPath;
header("location:{$CpanelPath}");
exit;
}
// If they have tried too many times, send them away
// Could add some sort of log of this failed attempt . . .
if ($postvar_thecount > 3) {
header("location:{$PublicPath}");
}
$postvar_username = scrubData($postvar_username);
$postvar_password = scrubData($postvar_password);
// Start the counting after the first $_POST submission
if ($postvar_username == "") {
$postvar_thecount = 1;
} else {
$postvar_thecount++;
}
$success = "no";
$introtext = "\n<br />" . _("Please enter your <strong>credentials</strong> to proceed.") . "</p>";
$login_form = "<div align=\"center\">\n\n\n<form action=\"login.php\" method=\"post\" style=\"font-size: 1em;\">\n\n<input type=\"hidden\" name=\"thecount\" value=\"" . $postvar_thecount . "\" />\n<table cellpadding=\"7\" cellspacing=\"0\" border=\"0\" class=\"striped_data\">\n\n<tr>\n\n<td valign=\"top\" class=\"odd\"><strong>" . _("Login") . "</strong></td>\n\n<td valign=\"top\" class=\"odd\" align=\"left\"><input name=\"username\" type=\"text\" value=\"{$postvar_username}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\"><strong>" . _("Password") . "</strong></td>\n\n<td valign=\"top\" class=\"even\" align=\"left\"><input name=\"password\" type=\"password\" value=\"{$postvar_password}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"odd\" colspan=\"2\"><div align=\"center\"><input class=\"button\" type=\"submit\" value=\"login\" /></div></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\" colspan=\"2\"><div align=\"right\"><a href=\"forgotpassword.php\">" . _("Forgot Password") . "</a></div></td>\n\n</tr>\n\n</table>\n\n</form>\n\n</div>\n";
if ($postvar_username != "" and isset($postvar_password)) {
// just to try to be nice, try appending the defined (in config.php) campus ending (@yourcollege.edu)
// if the login lacks one
$pos = strpos($postvar_username, "@");
if ($pos === false) {
$postvar_username = $postvar_username . $email_key;
include "themes/{$subjects_theme}/staff.php";
exit;
}
$page_title = "Library Staff";
$description = "Library contact list.";
$keywords = "staff list, librarians, contacts";
$use_jquery = array("ui", "ui_styles");
//////////
// Generate List
//////////
$intro = "<br />";
$our_cats = array("A-Z", "By Department", "Subject Librarians A-Z", "Librarians by Subject Specialty");
if (!isset($_GET["letter"]) || $_GET["letter"] == "") {
$_GET["letter"] = "A-Z";
}
$selected_letter = scrubData($_GET["letter"]);
$alphabet = getLetters($our_cats, $selected_letter);
if ($selected_letter == "A-Z") {
$intro = "<p><img src=\"{$IconPath}/information.png\" alt=\"icon\" /> Click on a name for more information.</p>\n<br />";
}
$staff_data = new StaffDisplay();
$out = $staff_data->writeTable($selected_letter);
// Assemble the content for our main pluslet
$display = $alphabet . $intro . $out;
////////////////////////////
// Now we are finally read to display the page
////////////////////////////
include "includes/header.php";
?>
<div class="pure-g">
<div class="pure-u-1 pure-u-lg-2-3 pure-u-xl-4-5">
function dupeCheck()
{
$db = new Querier();
// returns TRUE is there is already an item with that subject or shortform
if ($this->_subject_id == "") {
// INSERT
$qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform));
} else {
// UPDATE
$qcheck = "SELECT shortform FROM subject WHERE shortform = " . $db->quote(scrubData($this->_shortform)) . " AND subject_id != " . $this->_subject_id;
}
//print $qcheck;
$db = new Querier();
$rcheck = $db->query($qcheck);
$this->_debug .= "<p>Dupe check: {$qcheck}</p>";
if (count($rcheck) == 0) {
return FALSE;
} else {
return TRUE;
}
}
function isEmailUnique($lstrType = "")
{
$db = new Querier();
switch (strtolower($lstrType)) {
case "insert":
$lstrQuery = "SELECT email FROM staff WHERE email = " . $db->quote(scrubData($this->_email, "email"));
break;
case "update":
$lstrQuery = "SELECT email FROM staff WHERE email = " . $db->quote(scrubData($this->_email, "email")) . "AND staff_id <> " . scrubData($this->_staff_id, "integer");
break;
default:
return false;
}
$lrscSQL = $db->query($lstrQuery);
$lintNumberOfRows = count($lrscSQL);
if ($lintNumberOfRows > 0) {
return false;
}
return true;
}
if ($rnew = $statement->fetchAll()) {
$newlist = "<ul>\n";
foreach ($rnew as $myrow) {
$db_url = "";
// add proxy string if necessary
if ($myrow[2] != 1) {
$db_url = $proxyURL;
}
$newlist .= "<li><a href=\"{$db_url}{$myrow['1']}\">{$myrow['0']}</a></li>\n";
}
$newlist .= "</ul>\n";
}
// Intro text
$intro = "";
if (isset($_POST["searchterm"])) {
$selected = scrubData($_POST["searchterm"]);
$intro .= "<p style=\"background-color: #eee; padding: .3em; border: 1px solid #ccc; width: 75%;\">Search results for <strong>{$selected}</strong></p><br />";
}
$intro .= "<br class=\"clear-both\" />\n<div style=\"float: right; padding: 0 1.5em .5em 0;\"><a id=\"expander\" style=\"cursor: pointer;\">expand all descriptions</a></div>";
// Create our table of databases object
$our_items = new DbHandler();
$out = "";
// if we're showing the subject list, do so
if ($show_subjects == TRUE) {
$out .= $our_items->displaySubjects();
} elseif ($show_types == TRUE) {
$out .= $our_items->displayTypes();
} else {
// if it's the type type, show filter tip
if (isset($clean_type) && $clean_type != "") {
$out .= "<div class=\"faq_filter\">displaying databases filtered by {$clean_type} >> <a href=\"databases.php?letter=bytype\">view all types</a></div>";
} else {
$set_tag = "";
}
if (isset($_GET["cattag"]) && $_GET["cattag"] != "") {
$set_cattag = scrubData($_GET["cattag"]);
} else {
$set_cattag = "";
}
//////////////////////
// LIMITS
// Set up limit for use in page; in sql; and acceptable range of limits
//
//////////////////////
// See if user has submitted limit
if (isset($_GET["show"]) && $_GET["show"] != "") {
$set_limit = scrubData($_GET["show"]);
// Now we set things up for use in our query
switch ($_GET["show"]) {
case "10":
case "25":
case "50":
$our_sql_limit = "LIMIT 0," . $_GET["show"];
$set_limit = $_GET["show"];
break;
case "all":
$our_sql_limit = "";
$set_limit = "all";
break;
default:
$our_sql_limit = "LIMIT 0, 25";
$set_limit = $default_limit;
function writeTable($qualifier, $get_assoc_subs = 1, $print_display = 0)
{
global $tel_prefix;
global $mod_rewrite;
// sanitize submission
$selected = scrubData($qualifier);
switch ($qualifier) {
case "Faculty Profiles":
$q = "select lname, fname, title, tel, email, staff_id, ptags\n\t\t\tFROM staff\n\t\t\tWHERE active = 1\n AND ptags like '%librarian%'\n\t\t\torder by lname, fname";
$r = $db->query($q);
$items = "<table width=\"98%\" class=\"item_listing\">";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
$current_dept = "";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$lname = $myrow["0"];
$fname = $myrow["1"];
$title = $myrow["2"];
$tel = $myrow["3"];
$email = $myrow["4"];
$name_id = explode("@", $email);
$staff_id = $myrow["5"];
$ptags = $myrow["6"];
if ($get_assoc_subs == 1) {
// Grab our subjects, if any
$assoc_subjects = self::getAssocSubjects($staff_id, $ptags);
} else {
$assoc_subjects = "";
}
if ($mod_rewrite == 1) {
$link_to_details = "staff/" . $name_id[0];
} else {
$link_to_details = "staff_details.php?name=" . $name_id[0];
}
$items .= "<tr class=\"{$row_colour}\">\n\t\t<td style=\"width: 20%\" align=\"left\" class=\"{$row_colour}\"><span class=\"staff_contact\">";
if ($print_display != 1) {
$items .= "<a href=\"{$link_to_details}\">{$lname}, {$fname}</a>";
} else {
$items .= "{$lname}, {$fname}";
}
$items .= "</span></td>\n\t\t\t<td style=\"width: 40%\" align=\"left\" class=\"{$row_colour}\">{$title} {$assoc_subjects}</td>\n\t\t\t<td align=\"left\" class=\"{$row_colour}\">{$tel_prefix}{$tel} </td>\n\t\t\t<td class=\"{$row_colour}\"><a href=\"mailto:{$email}\">{$email}</a></td></tr>";
$row_count++;
}
$items .= "</table>";
break;
case "By Department":
$q = "select distinct d.department_sort, staff.staff_sort, name, lname, fname, title, staff.tel, staff.email, d.department_id, d.telephone, staff.staff_id, staff.ptags\n\t\t\tFROM department d, staff\n\t\t\tWHERE d.department_id = staff.department_id\n\t\t\tAND user_type_id = '1'\n AND active = 1\n\t\t\torder by department_sort, d.name, staff_sort desc, lname";
$db = new Querier();
$r = $db->query($q);
$items = "<table class=\"footable foo2\"><thead><tr><th data-sort-ignore=\"true\"> </th><th data-sort-ignore=\"true\"> </th><th data-sort-ignore=\"true\" data-hide=\"phone,mid\"> </th><th data-sort-ignore=\"true\" data-hide=\"phone\"> </th><th data-hide=\"phone,mid\" data-sort-ignore=\"true\"> </th></tr></thead>";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
$current_dept = "";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$dept_name = $myrow["2"];
$lname = $myrow["3"];
$fname = $myrow["4"];
$title = $myrow["5"];
$tel = $myrow["6"];
$email = $myrow["7"];
$dept_id = $myrow["8"];
$dept_tel = $myrow["9"];
$name_id = explode("@", $email);
$staff_id = $myrow["10"];
$ptags = $myrow["11"];
if ($get_assoc_subs == 1) {
// Grab our subjects, if any
$assoc_subjects = self::getAssocSubjects($staff_id, $ptags);
} else {
$assoc_subjects = "";
}
// end subject listing
if ($mod_rewrite == 1) {
$link_to_details = "staff/" . $name_id[0];
} else {
$link_to_details = "staff_details.php?name=" . $name_id[0];
}
if ($current_dept != $dept_id) {
$items .= "<tr><td class=\"dept_label\" colspan=\"5\"><a name=\"{$dept_id}\"></a><h2 class=\"dept_header\">{$dept_name} " . $tel_prefix . $dept_tel . "</h2></td></tr>";
}
$items .= "<tr class=\"{$row_colour}\">\n <td class=\"{$row_colour} staffpic\">";
// Here we stick in their headshot; comment out if you don't want; maybe later this should be an admin parameter
$items .= getHeadshot($email, 'medium');
$items .= "</td>\n\t\t <td class=\"{$row_colour}\"><span class=\"staff_contact\">";
if ($print_display != 1) {
$items .= "<a href=\"{$link_to_details}\">{$lname}, {$fname}</a>";
} else {
$items .= "{$lname}, {$fname}";
}
$items .= "</span></td>\n \t\t\t<td class=\"{$row_colour}\">{$title} {$assoc_subjects}</td>\n \t\t\t<td class=\"{$row_colour}\">{$tel_prefix}{$tel} </td>\n \t\t\t<td class=\"{$row_colour}\"><a href=\"mailto:{$email}\">{$email}</a></td></tr>";
$row_count++;
$current_dept = $dept_id;
}
$items .= "</table>";
break;
case "Subject Librarians A-Z":
$q = "select distinct lname, fname, title, tel, email, staff.staff_id\n from staff, staff_subject ss, subject su\n where staff.staff_id = ss.staff_id\n AND ss.subject_id = su.subject_id\n AND staff.active = 1\n AND type = 'Subject'\n AND su.active = '1'\n AND user_type_id = '1'\n AND shortform != 'NewDatabases'\n order by lname, fname";
$db = new Querier();
$r = $db->query($q);
$items = "<table class=\"footable foo3\" width=\"100%\">\n <thead><tr class=\"staff-heading\"><th data-sort-ignore=\"true\"> </th><th><strong>" . _("Librarian") . "</strong></th><th data-hide=\"phone,mid\" data-sort-ignore=\"true\"><strong>" . _("Subject Responsibilities") . "</strong></th></tr></thead>";
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$items .= "<tr class=\"{$row_colour}\">\n";
$items .= showStaff($myrow[4], '', '', 1);
$items .= "<td>";
$sub_query = "select subject, shortform from subject, staff_subject\n WHERE subject.subject_id = staff_subject.subject_id\n AND staff_id = '{$myrow['5']}'\n AND type = 'Subject'\n AND active = '1'\n AND shortform != 'NewDatabases'\n ORDER BY subject";
/* Select all active records (this is based on a db connection made above) */
$sub_result = $db->query($sub_query);
$num_rows = count($sub_result) - 1;
// Loop through all items, sticking commas in between
$subrowcount = 0;
foreach ($sub_result as $subrow) {
if ($mod_rewrite == 1) {
$linky = $subrow[1];
} else {
$linky = "guide.php?subject=" . $subrow[1];
}
$items .= "<a href=\"{$linky}\">{$subrow['0']}</a>";
if ($subrowcount < $num_rows) {
$items .= ", ";
}
$subrowcount++;
}
$items .= "</td>\n\n\t\t\t\t\t</tr>";
$row_count++;
}
$items .= "</table>";
break;
case "Librarians by Subject Specialty":
$q = "select lname, fname, title, tel, email, subject, staff.staff_id, shortform from\n staff, staff_subject, subject\n\t\t\twhere staff.staff_id = staff_subject.staff_id\n\t\t\tAND staff_subject.subject_id = subject.subject_id\n\t\t\tAND type = 'Subject'\n AND staff.active = 1\n AND subject.active = 1\n AND shortform != 'NewDatabases'\n\t\t\torder by subject, lname, fname";
$head_fields = array("Subject", "Library Liaison", "Phone", "Email");
$db = new Querier();
$r = $db->query($q);
$items = prepareTH($head_fields);
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
$subrowsubject = "";
foreach ($r as $myrow) {
$full_name = $myrow["lname"] . ", " . $myrow["fname"];
$title = $myrow["title"];
$tel = $tel_prefix . $myrow["tel"];
$email = $myrow["email"];
$name_id = explode("@", $email);
if ($subrowsubject == $myrow["subject"]) {
//$psubject = " ";
$psubject = $myrow["subject"];
$row_count--;
} else {
$subrowsubject = $myrow["subject"];
$psubject = $myrow["subject"];
$shortsub = $myrow["shortform"];
}
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$items .= "<tr class=\"{$row_colour}\">\n\n\t\t\t\t\t<td>";
if ($mod_rewrite == 1) {
$linky = $shortsub;
} else {
$linky = "guide.php?subject=" . $shortsub;
}
$items .= "<a href=\"{$linky}\">{$psubject}</a>";
$items .= "</td>\n";
$items .= "<td>";
if ($mod_rewrite == 1) {
$linky = "staff_details.php?name=" . $name_id[0];
} else {
$linky = "staff_details.php?name=" . $name_id[0];
}
$items .= "<a href=\"{$linky}\">{$full_name}</a></td>";
$items .= "<td>";
$items .= $tel;
$items .= "</td>\n";
$items .= "<td>";
$items .= "<a href=\"mailto:{$email}\">{$email}</a>";
$items .= "</td>\n\n\t\t\t\t\t</tr>";
$row_count++;
}
$items .= "</table>";
break;
case "A-Z":
default:
$q = "SELECT s.staff_id, lname, fname, title, tel, s.email, name, ptags\n\t\t\tFROM staff s\n\t\t\tLEFT JOIN department d on s.department_id = d.department_id\n\t\t\tWHERE user_type_id = '1'\n AND active = 1\n\t\t\tORDER BY s.lname, s.fname";
$hf1 = array("label" => "Name", "hide" => false, "nosort" => false);
$hf2 = array("label" => "Title", "hide" => true, "nosort" => false);
$hf3 = array("label" => "Phone", "hide" => false, "nosort" => true);
$hf4 = array("label" => "Email", "hide" => true, "nosort" => true);
$head_fields = array($hf1, $hf2, $hf3, $hf4);
$db = new Querier();
$r = $db->query($q, PDO::FETCH_ASSOC);
$items = prepareTHUM($head_fields);
$row_count = 0;
$colour1 = "oddrow";
$colour2 = "evenrow";
foreach ($r as $myrow) {
$row_colour = $row_count % 2 ? $colour1 : $colour2;
$staff_id = $myrow["staff_id"];
$full_name = $myrow["lname"] . ", " . $myrow["fname"];
$title = $myrow["title"];
$tel = $tel_prefix . $myrow["tel"];
$email = $myrow["email"];
$name_id = explode("@", $email);
$department = $myrow["name"];
$ptags = $myrow["ptags"];
if ($get_assoc_subs == 1) {
// Grab our subjects, if any
$assoc_subjects = self::getAssocSubjects($staff_id, $ptags);
} else {
$assoc_subjects = "";
}
if ($mod_rewrite == 1) {
$link_to_details = "staff/" . $name_id[0];
} else {
$link_to_details = "staff_details.php?name=" . $name_id[0];
}
//$headshot = getHeadshot($email, "medium");
$items .= "\n\t\t<tr class=\"zebra {$row_colour}\">\n\t\t\t<td class=\"staff-name-row\">";
if ($print_display != 1) {
$items .= "<a href=\"{$link_to_details}\" class=\"no_link\">{$full_name}</a>";
} else {
$items .= "{$full_name}";
}
$items .= "</td>\n\t\t\t<td class=\"staff-title-row\">{$title} {$assoc_subjects}</td>\n\t\t\t<td class=\"staff-tel-row\">{$tel} </td>\n\t\t\t<td class=\"staff-email-row\"><a href=\"mailto:{$email}\">{$email}</a></td>\n\t\t</tr>";
$row_count++;
}
$items .= "</table>";
break;
}
return $items;
}
$left_width = 0;
}
if (isset($col_widths[1])) {
$main_width = $col_widths[1] * 8;
} else {
$main_width = 0;
}
if (isset($col_widths[2]) && $col_widths[2] > 0) {
$side_width = $col_widths[2] * 8 - 3;
// we make this a squidgen narrower so it doesn't wrap nastily
} else {
$side_width = 0;
}
// Is there a selected tab?
if (isset($_GET["t"]) && $_GET["t"] != "") {
$selected_tab = scrubData($_GET["t"]);
} else {
$selected_tab = 0;
}
//create new guide object and set admin view to true
$lobjGuide = new Guide($this_id);
$lobjGuide->_isAdmin = TRUE;
$all_tabs = $lobjGuide->getTabs();
} else {
print "no guide";
}
////////////////////////////
// Now, get our pluslets //
///////////////////////////
global $pluslets_activated;
$all_boxes = "\n<ul id=\"box_options\">\n<li class=\"box_note box-item\">" . _("Drag selection, then drop to right") . "</li>";
$description = _("The best stuff for your research. No kidding.");
$keywords = _("research, databases, subjects, search, find");
$noheadersearch = TRUE;
$db = new Querier();
$connection = $db->getConnection();
// let's use our Pretty URLs if mod_rewrite = TRUE or 1
if ($mod_rewrite == 1) {
$guide_path = "";
} else {
$guide_path = "guide.php?subject=";
}
///////////////////////
// Have they done a search?
$search = "";
if (isset($_POST["search"])) {
$search = scrubData($_POST["search"]);
}
// Get the subjects for jquery autocomplete
$suggestibles = "";
// init
$q = "select subject, shortform from subject where active = '1' AND type != 'Placeholder' order by subject";
$statement = $connection->prepare($q);
$statement->execute();
$r = $statement->fetchAll();
//initialize $suggestibles
$suggestibles = '';
foreach ($r as $myrow) {
$item_title = trim($myrow[0][0]);
if (!isset($link)) {
$link = '';
}
$fckuserfilesPath = "../../assets/fckuserfiles";
$spuserfilesPath = "../../assets/users";
$fckFiles = listdir($fckuserfilesPath);
$userFiles = listdir($spuserfilesPath);
$files = array_merge($fckFiles, $userFiles);
*/
$use_unix_find = TRUE;
// admin can add parameter to see all
//change dgonzalez v2.0 to use getAssestPath function (dynamic)
if (isset($_GET["view"])) {
if ($_GET["view"] == "all") {
//$userPath = $root . "/sp/assets/users";
$userPath = getAssetPath() . "users";
} else {
//$userPath = $root . "/sp/assets/users/" . "_" . scrubData($_GET["view"]);
$userPath = getAssetPath() . "users" . DIRECTORY_SEPARATOR . "_" . scrubData($_GET["view"]);
}
} else {
//$userPath = $root . "/sp/assets/users/" . "_" . $this_user[0];
$userPath = getAssetPath() . "users" . DIRECTORY_SEPARATOR . "_" . $this_user[0];
}
// Collect the filenames from the following two locations and their subdirectories
if (!isset($use_unix_find)) {
$userFilesCmd = "find " . $userPath . " -type f";
$userFiles = shell_exec($userFilesCmd);
$userFiles = preg_split('/\\n/', $userFiles);
$disposable = array_pop($userFiles);
} else {
$userFiles = listdir($userPath);
}
$querier = new Querier();
