function applyForTeamForm_submit($form, $form_state)
{
global $user;
$name = $form_state['values']['personName'];
$email = $form_state['values']['email'];
$teamName = dbGetTeamName($form_state['TID']);
$note = $form_state['values']['message'];
// fill in the fields of the application
$application['UID'] = $user->uid;
$application['TID'] = $form_state['TID'];
$application['userEmail'] = stripTags($email, '');
// do not allow tags
$application['userMessage'] = stripTags($note);
// allow some tags
// add a notification for the team owner and admins
if (dbApplyForTeam($application)) {
// note that this does its own error checking
$notification['dateCreated'] = dbDatePHP2SQL(time());
$notification['dateTargeted'] = dbDatePHP2SQL(time());
$notification['TID'] = $form_state['TID'];
$notification['message'] = "{$name} has applied to join your team {$teamName}.";
$notification['bttnTitle'] = 'View';
$notification['bttnLink'] = '?q=viewUsersToBeApproved&TID=' . $form_state['TID'];
notifyUsersByRole($notification, 'teamOwner');
notifyUsersByRole($notification, 'teamAdmin');
drupal_set_message('Your application has been sent! You will receive an email when you have been approved for the team.');
drupal_goto('manageUserTeams');
}
}
function notificationForm_submit($form, $form_state)
{
global $user;
$params = drupal_get_query_parameters();
$OID = $params['OID'];
// generate the notification
$notification = getFields(array('dateTargeted', 'message'), $form_state['values']);
$notification = stripTags($notification);
// allow some tags
$notification['dateTargeted'] = dbDatePHP2SQL(strtotime($notification['dateTargeted']));
$notification['bttnTitle'] = 'View Outreach';
$notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID;
$notification['OID'] = $OID;
$notification['TID'] = dbGetTeamForOutreach($OID);
$notification['dateCreated'] = dbDatePHP2SQL(time());
foreach ($form_state['values']['UID'] as $UID) {
if ($UID != null) {
$notification['UID'] = $UID;
$result = dbAddNotification($notification);
}
}
if ($result) {
drupal_set_message('Notification added!');
drupal_goto('manageNotifications', array('query' => array('OID' => $OID)));
} else {
drupal_set_message('There was an error.', 'error');
}
}
function deleteUserPage_submit($form, $form_state)
{
global $user;
$UID = $user->uid;
$teams = dbGetTeamsForUser($UID);
// getting teams that are associated with a user
foreach ($teams as $team) {
// looping through these teams
dbKickUserFromTeam($UID, $team['TID']);
// removing the user from these teams
dbRemoveAllUserRoles($UID, $team['TID']);
// ensuring the user doesn't have any role on the team
}
dbRemoveAllEmailsForUser($UID);
dbDisableUser($UID);
$params['feedback'] = stripTags($form_state['values']['misc'], '');
// stripping any "illegal" HTML tags
$params['userName'] = dbGetUserName($UID);
// getting the user name
drupal_mail('users', 'userdeleted', '*****@*****.**', variable_get('language_default'), $params, $from = null, $send = true);
// sending the user a confirmation mail
drupal_set_message("Your account has been deleted. We're sorry to see you go!");
// message displayed and redirected to front page
drupal_goto('<front>');
}
function thumbnailForm_submit($form, $form_state)
{
$params = drupal_get_query_parameters();
// getting the inputted info from the fields
$fields = array("FID");
$picData = getFields($fields, $form_state['values']);
$picData = stripTags($picData, '');
$oldFID = isset($form_state['oldFID']) ? $form_state['oldFID'] : 0;
if (isset($params["UID"])) {
// if updating user's profile picture
$UID = $params["UID"];
replacePicture($picData['FID'], $oldFID, 'Users');
dbUpdate("profiles", $picData, "UID", $UID);
drupal_goto("viewUser", array('query' => array('UID' => $UID)));
} else {
if (isset($params["OID"])) {
// if editing outreach thumbnail
$OID = $params["OID"];
replacePicture($picData['FID'], $oldFID, 'Outreach');
dbUpdateOutreach($OID, $picData);
drupal_goto("viewOutreach", array('query' => array('OID' => $OID)));
} else {
if (isset($params["TID"])) {
// if editing team thumbnail
$TID = $params["TID"];
replacePicture($picData['FID'], $oldFID, 'Teams');
dbUpdateTeam($TID, $picData);
drupal_goto("viewTeam", array('query' => array('TID' => $TID)));
} else {
drupal_goto("myDashboard");
}
}
}
}
function usersSearch_submit($form, $form_state)
{
$names = array('nameContains');
$row = getFields($names, $form_state['values']);
$row = stripTags($row, '');
drupal_goto('showUsersForTeam', array('query' => array('query' => $row['nameContains'])));
return;
}
function load()
{
if ($this->_view == 'node') {
$this->_from = $this->get('s');
$this->_node = $this->get('n');
if (!$this->validateServerNode($this->_from, $this->_node)) {
return;
}
$pd = new \Modl\ItemDAO();
$this->_item = $pd->getItem($this->_from, $this->_node);
$this->_mode = 'group';
$this->url = Route::urlize('node', array($this->_from, $this->_node));
} else {
$this->_from = $this->get('f');
$cd = new \modl\ContactDAO();
$this->_contact = $cd->get($this->_from, true);
if (filter_var($this->_from, FILTER_VALIDATE_EMAIL)) {
$this->_node = 'urn:xmpp:microblog:0';
} else {
return;
}
$this->_mode = 'blog';
$this->url = Route::urlize('blog', $this->_from);
}
$pd = new \modl\PostnDAO();
if ($this->_id = $this->get('i')) {
if (Validator::int()->between(0, 100)->validate($this->_id)) {
$this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, $this->_id * $this->_paging, $this->_paging + 1);
$this->_page = $this->_id + 1;
} elseif (Validator::string()->length(5, 100)->validate($this->_id)) {
$this->_messages = $pd->getPublicItem($this->_from, $this->_node, $this->_id);
if (is_object($this->_messages[0])) {
$this->title = $this->_messages[0]->title;
$description = stripTags($this->_messages[0]->contentcleaned);
if (!empty($description)) {
$this->description = $description;
}
$attachements = $this->_messages[0]->getAttachements();
if ($attachements && array_key_exists('pictures', $attachements)) {
$this->image = urldecode($attachements['pictures'][0]['href']);
}
}
if ($this->_view == 'node') {
$this->url = Route::urlize('node', array($this->_from, $this->_node, $this->_id));
} else {
$this->url = Route::urlize('blog', array($this->_from, $this->_id));
}
}
} else {
$this->_page = 1;
$this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, 0, $this->_paging + 1);
}
if (count($this->_messages) == $this->_paging + 1) {
array_pop($this->_messages);
}
}
function myOwnStripInput($searchString)
{
if ($searchString !== '') {
// Remove escape characters
$searchString = stripslashes($searchString);
// Remove modx sensitive tags
$searchString = stripTags($searchString);
// Remove +something+ substring too
$searchString = stripOtherTags($searchString);
// Strip HTML tags
$searchString = stripHtml($searchString);
}
return $searchString;
}
function deleteTeamPage_submit($form, $form_state)
{
global $user;
$UID = $user->uid;
$TID = $form_state['TID'];
if (dbUserHasPermissionForTeam($user->uid, 'deleteTeam', $TID)) {
dbDeactivateTeam($TID);
dbKickAllUsersFromTeam($TID);
dbRemoveAllRolesFromTeam($TID);
} else {
drupal_set_message('You do not have permission to perform this action.', 'error');
return;
}
// send an email to the CROMA team detailing the team deletion
$params['feedback'] = stripTags($form_state['values']['misc'], '');
$params['userName'] = dbGetUserName($UID);
$params['teamName'] = dbGetTeamName($TID);
$params['teamNumber'] = dbGetTeamNumber($TID);
drupal_mail('teams', 'teamDeleted', '*****@*****.**', variable_get('language_default'), $params, $from = NULL, $send = TRUE);
drupal_set_message(dbGetTeamName($TID) . " has been deleted.");
drupal_goto('<front>');
}
function htmlToText($text)
{
// replace php and comments tags so they do not get stripped
return stripTags($text);
}
function searchFormSidebar_submit($form, &$form_state)
{
$fields = array('source', 'name', 'country', 'state', 'city', 'co_organization', 'date', 'dateDistance', 'within5Years', 'year', 'cancelled');
$searchData = getFields($fields, $form_state['values']);
$searchData = stripTags($searchData, '');
// don't allow any tags
// searchParams is an array containing search data to be passed into generateSearchSQL()
if (!empty($form_state['values']['status'])) {
foreach ($form_state['values']['status'] as $status => $value) {
if ($value != '0') {
$searchParams['status'][] = $value;
}
}
}
if (!empty($form_state['values']['teams'])) {
foreach ($form_state['values']['teams'] as $team => $value) {
if ($value != '0') {
$searchParams['teams'][] = $value;
}
}
}
if (!empty($form_state['values']['tags'])) {
foreach ($form_state['values']['tags'] as $tag => $value) {
if ($value != '0') {
$searchParams['tags'][] = $value;
}
}
}
if (!empty($searchData['name'])) {
$searchParams['name'] = array('value' => $searchData['name'], 'matchType' => 'fuzzy');
}
if (!empty($form_state['values']['owner'])) {
$searchParams['owner'] = array('value' => $form_state['values']['owner'], 'matchType' => 'exact');
}
if (!empty($form_state['values']['signedUp'])) {
$searchParams['signedUp'] = array('value' => $form_state['values']['signedUp'], 'matchType' => 'exact');
}
if (!empty($searchData['country']) && $searchData['country'] != '[none]') {
$searchParams['country'] = array('value' => $searchData['country'], 'matchType' => 'exact');
}
if (!empty($searchData['state']) && $searchData['state'] != '[none]') {
$searchParams['state'] = array('value' => $searchData['state'], 'matchType' => 'exact');
}
if (!empty($searchData['city'])) {
$searchParams['city'] = array('value' => $searchData['city'], 'matchType' => 'fuzzy');
}
if (!empty($searchData['co_organization'])) {
$searchParams['co_organization'] = array('value' => $searchData['co_organization'], 'matchType' => 'fuzzy');
}
if (!empty($searchData['cancelled'])) {
$searchParams['cancelled'] = array('value' => $searchData['cancelled'], 'matchType' => 'exact');
} else {
$searchParams['cancelled'] = array('value' => false, 'matchType' => 'exact');
}
if (!empty($searchData['within5Years'])) {
$searchParams['within5Years'] = true;
}
if (!empty($searchData['date'])) {
$date = strtotime($searchData['date']);
$start = strtotime('-' . $searchData['dateDistance'], $date);
$end = strtotime('+' . $searchData['dateDistance'], $date);
$searchParams['date'] = array('start' => dbDatePHP2SQL($start), 'center' => date(DEFAULT_TIME_FORMAT, $date), 'end' => dbDatePHP2SQL($end));
}
if (!empty($searchData['year']) && $searchData['year'] != 'select') {
$searchParams['year'] = array('year' => $searchData['year']);
}
$proxyFields = array();
$_SESSION['searchParams'] = $searchParams;
$_SESSION['proxyFields'] = $proxyFields;
drupal_goto('outreach', array('query' => array('query' => 'search')));
}
function createNewUser($form_state)
{
//This will generate a random password, you could set your own here
$password = user_password(8);
$userName = $form_state['values']['firstName'] . ' ' . $form_state['values']['lastName'];
//set up the user fields
$fields = array('name' => $form_state['values']['primaryEmail'], 'mail' => $form_state['values']['primaryEmail'], 'pass' => $password, 'status' => 1, 'init' => 'email address', 'roles' => array(DRUPAL_AUTHENTICATED_RID => 'authenticated user'));
//the first parameter is left blank so a new user is created
$account = user_save('', $fields);
// Manually set the password so it appears in the e-mail.
$account->password = $fields['pass'];
// Send the e-mail through the user module.
$params['url'] = user_pass_reset_url($account);
$params['teamName'] = dbGetTeamName($form_state['TID']);
drupal_mail('users', 'userCreated', $form_state['values']['primaryEmail'], NULL, $params, '*****@*****.**');
$fields = array('firstName', 'lastName');
$profileData = getFields($fields, $form_state['values']);
$profileData = stripTags($profileData, '');
$profileData['UID'] = $account->uid;
dbCreateProfile($profileData);
// creating new profile
return $profileData['UID'];
}
function mediaForm_submit($form, $form_state)
{
$names = array('title', 'FID', 'description', 'OID');
$MID = $form_state['MID'];
$row = getFields($names, $form_state['values']);
$row = stripTags($row);
$TID = dbUpdateMedia($MID, $row);
if ($TID != false) {
drupal_set_message('Your media has been assigned!');
} else {
drupal_set_message('There is a problem. Please try again.');
}
drupal_goto('viewMedia', array('query' => array('OID' => $row['OID'])));
}
function filterField($key, $val, $int, $stripTags, $double)
{
if ($int && in_array($key, $int)) {
return intval($val);
}
if ($stripTags && in_array($key, $stripTags)) {
return stripTags($val);
}
if ($double && in_array($key, $double)) {
return doubleval($val);
}
return $val;
}
function oldHoursForm_submit($form, $form_state)
{
// getting info from the form state
$new = $form_state['new'];
$TID = $form_state['TID'];
// looping through the rows of hours and years
for ($i = 0; $i < $form_state['numRows']; $i++) {
$HTID = isset($form_state['fields']["HTID-{$i}"]) ? $form_state['fields']["HTID-{$i}"] : 0;
$fields = array("hours-{$i}", "year-{$i}");
$fields = getFields($fields, $form_state['values']);
$fields = stripTags($fields, '');
// remove all HTML tags
// setting the values which were read in into the row which will go into the database
$row['numberOfHours'] = $fields["hours-{$i}"];
$row['year'] = $fields["year-{$i}"];
$row['TID'] = $TID;
// checking to make sure neither of them are null
if ($row['numberOfHours'] != null && $row['year'] != null) {
if ($HTID != 0) {
// update existing record
dbUpdateOffset($HTID, $row);
$updated = true;
} else {
// adding new hours
dbAddHourOffset($row);
$added = true;
}
}
}
// end of for loop
// executes if times were deleted
if (!$new) {
for ($i = $form_state['numRows']; $i < $form_state['initialNumTimes']; $i++) {
$result = dbRemoveOldHours($form_state['fields']["HTID-{$i}"]);
$removed = true;
}
}
// display appropriate message
if (isset($updated) || isset($added) && isset($removed)) {
drupal_set_message('Your hours have been updated!');
} else {
if ($added) {
drupal_set_message("Your hours have been logged!");
} else {
if ($removed) {
drupal_set_message("Your hours have been removed.");
}
}
}
drupal_goto('viewTeam', array('query' => array('TID' => $TID)));
}
function hoursForm_submit($form, $form_state)
{
global $user;
// getting value of new from form state
$new = isset($form_state['new']) ? $form_state['new'] : true;
$OID = $form_state['OID'];
// looping through the rows of hours
for ($i = 0; $i < $form_state['numRows']; $i++) {
$fields = array("numberOfHours-{$i}", "description-{$i}", "type-{$i}");
$row = getFields($fields, $form_state['values']);
// dont allow any html tags
$row = stripTags($row, '');
// setting the values which were read in into the row which will go into the database
$row['numberOfHours'] = $row["numberOfHours-{$i}"];
$row['description'] = $row["description-{$i}"];
$row['isApproved'] = 0;
$row['type'] = $row["type-{$i}"];
unset($row["type-{$i}"], $row["numberOfHours-{$i}"], $row["description-{$i}"]);
if (isset($form_state['values']['fields']['UID'])) {
$UID = $form_state['values']['fields']['UID'];
} else {
$UID = $user->uid;
}
if ($UID != 0) {
$row['UID'] = $UID;
}
$row['OID'] = $OID;
// if adding new hours
if ($new) {
if (dbLogHours($row) == false) {
drupal_set_message("Error", 'error');
break;
}
} else {
// editing old hours
$row['isApproved'] = 0;
if (dbUpdateHours($row, $form_state['HID']) == false) {
drupal_set_message("Error", 'error');
break;
}
}
}
// end of for loop
drupal_set_message("Your hours have been logged!");
// assigning user to outreach if not new
if (!$new) {
dbAssignUserToOutreach($UID, $OID, $row['type']);
drupal_goto("viewOutreach", array('query' => array("OID" => $OID)));
} else {
// notifying appropriate users of changes/addition of hours
$outreachName = dbGetOutreachName($OID);
$personName = dbGetUserName($user->uid);
$notification['message'] = "{$personName} has logged hours for {$outreachName}!";
$notification['TID'] = dbGetTeamForOutreach($OID);
$notification['dateTargeted'] = dbDatePHP2SQL(time());
$notification['dateCreated'] = dbDatePHP2SQL(time());
notifyUsersByRole($notification, 'moderator');
notifyOwnerOfOutreach($OID, $notification);
if ($OID != 0) {
drupal_goto("viewHours", array('query' => array("OID" => $OID)));
} else {
drupal_goto("viewHours", array('query' => array("UID" => $UID)));
}
}
}
function profileForm_submit($form, $form_state)
{
global $user;
$params = drupal_get_query_parameters();
if (!isset($params['UID'])) {
$UID = $user->uid;
} else {
$UID = $params['UID'];
}
// getting the inputted info from the fields
$fields = array("firstName", "lastName", "position", "phone", "grade", "gender", "FID", "type");
$profileData = getFields($fields, $form_state['values']);
$profileData = stripTags($profileData, '');
$profileData['UID'] = $UID;
$profileData['bio'] = stripTags(array($form_state['values']['bio']));
// allow some tags in the bio only
if (dbUserHasProfile($profileData['UID']) == false) {
// if the user doesn't have a profile
$result = dbCreateProfile($profileData);
// creating new profile
if ($result != false) {
drupal_set_message("Your profile has been created!");
// if it went through successfully
} else {
drupal_set_message("There was an error.");
// if something "bad" occured during submission
}
} else {
// if the user is simply editing existing profile
dbUpdate("profiles", $profileData, "UID", $profileData['UID']);
drupal_set_message("Profile has been updated!");
}
if (!empty($form_state['values']['secondaryEmail'])) {
// user entered value
if (dbGetSecondaryEmailForUser($profileData['UID']) == false) {
// the user is adding a new secondary email
dbAddEmailsToUser($profileData['UID'], array(trim($form_state['values']['secondaryEmail'])));
} else {
// user is updating an old email
dbUpdate('emailsVsUsers', array('email' => $form_state['values']['secondaryEmail']), "UID", $profileData['UID']);
}
} else {
// user didn't enter value
dbRemoveEntry('emailsVsUsers', 'UID', $profileData['UID']);
}
drupal_goto("viewUser", array('query' => array('UID' => $UID)));
}
function approve($form, $form_state)
{
global $user;
$UID = $user->uid;
$params = drupal_get_query_parameters();
$TID = getCurrentTeam()['TID'];
$OID = $params["OID"];
$writeUpFields = array("totalAttendance", "testimonial", "writeUp");
$writeUpData = getFields($writeUpFields, $form_state['values']);
$writeUpData = stripTags($writeUpData, '');
// remove all tags
$writeUpData['isWriteUpApproved'] = true;
$writeUpData['isWriteUpSubmitted'] = 0;
$writeUpData['status'] = 'locked';
if (empty($writeUpData["totalAttendance"])) {
$writeUpData["totalAttendance"] = null;
}
$result = dbUpdateOutreach($OID, $writeUpData);
$notification = array('TID' => $TID, 'dateCreated' => dbDatePHP2SQL(time()), 'dateTargeted' => dbDatePHP2SQL(time()), 'message' => dbGetUserName($UID) . ' has just approved ' . dbGetOutreachName($OID) . '!', 'bttnLink' => '?q=viewOutreach&OID=' . $OID, 'bttnTitle' => 'View Outreach');
// notify the appropriate people
$outreachOwnerUID = dbGetOutreachOwner($OID);
if ($UID != $outreachOwnerUID) {
dbAddNotification($notification);
}
notifyUsersByRole($notification, 'moderator');
notifyUsersByRole($notification, 'teamAdmin');
notifyUsersByRole($notification, 'teamOwner');
drupal_set_message("Write up approved!");
drupal_goto('viewOutreach', array('query' => array('OID' => $OID)));
}
function item($q, $menuId)
{
/* Call new FQuery */
$db = new FQuery();
$db->connect();
/* Set Access_Level */
$accessLevel = Level_Access;
$q = str_replace("'", "", $q);
$q = str_replace("/", "", $q);
$q = str_replace("\\", "", $q);
$q = str_replace('"', "", $q);
$q = str_replace(' ', " ", $q);
if (empty($q)) {
$q = $_SESSION['search'];
}
/* Call new paging */
loadPaging();
$paging = new paging();
$rowsPerPage = 10;
$keyword = trim($q);
//remove space before and after
$article = explode_query($q, 'article');
$title = explode_query($q, 'title');
$author = explode_query($q, 'author');
$tag = explode_query($q, 'tags');
$condition = "{$article} {$title} {$author} {$tag}";
$user = FQuery('user', "`name` LIKE '%{$q}%'", 'id');
/* Check total article by query */
FQuery('article', "status=1 AND (`author_id` ='{$user}' {$condition}) {$accessLevel}");
$total = mysql_affected_rows();
/* paging query */
$result = $paging->pagerQuery(FDBPrefix . 'article', "*,DATE_FORMAT(date,'%d %M %Y') as date,DATE_FORMAT(date,'%Y-%m-%d %H:%i:%s') as order_date", "status=1 AND (`author_id` ='{$user}' {$condition}) \n\t\t{$accessLevel}", 'order_date DESC', $rowsPerPage);
$no = 0;
$jml = mysql_affected_rows();
while ($qr = mysql_fetch_array($result)) {
//category
$category = oneQuery('article_category', 'id', $qr['category'], 'name');
$catlink = make_permalink("?app=article&view=category&id={$qr['category']}");
//autho
if (!empty($qr['author_id'])) {
if (!empty($qr['author'])) {
$author = $qr['author'];
} else {
$author = oneQuery('user', 'id', $qr['author_id'], 'name');
}
} else {
$author = "Administrator";
}
$strpos = 0;
$article = stripTags($qr['article']);
$article2 = strtolower($article);
$strpos = strpos("{$article2}", "{$q}");
$query = str_replace(", ", ",", $q);
$query = str_replace(" ,", ",", $q);
$query = trim($query);
if (strpos($query, ",")) {
$query = explode(",", $query);
} else {
$query = explode(" ", $q);
}
$i = 0;
$z = '';
$y = '';
foreach ($query as $v) {
$y[$i] = $v;
$i++;
}
for ($n = $i * $i - 1; $n >= 0; $n--) {
}
if ($strpos >= 40) {
$strpos = $strpos - 40;
$article2 = substr("{$article2}", $strpos);
$strpos2 = strpos("{$article2}", " ");
$article = substr("{$article}", $strpos + $strpos2);
$article = "..." . $article;
}
$article = cutWords($article, 35);
$article .= "...";
$link = "?app=article&view=item&id={$qr['id']}";
$link = make_permalink($link, Page_ID);
$qr['title'] = search_match($qr['title'], $q);
$article = search_match($article, $q);
$author = search_match($author, $q);
$category = search_match($category, $q);
$title = "<a href=\"{$link}\">{$qr['title']}</a>";
$readmore = null;
$this->category[$no] = $category;
$this->catlink[$no] = $catlink;
$this->readmore[$no] = $readmore;
$this->author[$no] = $author;
$this->title[$no] = $title;
$this->date[$no] = $qr['date'];
$this->article[$no] = $article;
$this->perrows = $jml;
$this->total = $total;
if (defined('SEF_URL')) {
$link = link_paging('?');
} else {
$link = "?app=article&view=category&id={$categoryId}";
$link = make_permalink($link, Page_ID);
$link = $link . "&";
}
$no++;
}
FQuery('article', "status=1 AND (`author_id` ='{$user}' {$condition}) {$accessLevel}");
$jml = mysql_affected_rows();
if ($jml > $rowsPerPage) {
$pagelink = $paging->createPaging($link);
} else {
$pagelink = null;
}
if (strpos(getUrl(), '?q')) {
$pagelink = str_replace("?page=", "&page=", $pagelink);
}
$this->pglink = $pagelink;
}
echo "Inserting posts...\n";
$st = $db->prepare("INSERT INTO fb_posts (fb_post_id, fb_link, image_url, created, updated, type, message, story, extra) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)");
$stats = array('items' => 0, 'inserted' => 0, 'failed' => 0);
foreach ($data as $id => $item) {
$created = getTimeStamp($item->created_time);
$updated = getTimeStamp($item->updated_time);
$message = $story = $extra = '';
if (isset($item->message)) {
if (isset($item->message_tags)) {
$message = stripTags($id, $item->message, $item->message_tags);
} else {
$message = stripTags($id, $item->message);
}
}
if (isset($item->story)) {
$story = stripTags($id, $item->story);
}
$stats['items']++;
if (FALSE !== $st->bind_param("sssssssss", $id, $item->link, $item->full_picture, $created, $updated, $item->type, $message, $story, $extra)) {
if (FALSE !== $st->execute()) {
$stats['inserted']++;
} else {
$stats['failed']++;
}
} else {
$stats['failed']++;
}
}
print_r($stats);
function getTimeStamp($data)
{
function teamForm_submit($form, $form_state)
{
global $user;
$params = drupal_get_query_parameters();
$new = !isset($params['TID']);
// determine if adding or editing
$names = array('name', 'number', 'type', 'city', 'state', 'country', 'FID', 'rookieYear');
$row = getFields($names, $form_state['values']);
$row = stripTags($row, '');
if ($row['rookieYear'] === '') {
$row['rookieYear'] = null;
}
if ($new) {
// team doesn't exist yet
$row['UID'] = $user->uid;
$TID = dbCreateTeam($row);
} else {
$result = dbUpdateTeam($params['TID'], $row);
if ($result) {
$TID = $params['TID'];
if (!teamIsIneligible($TID)) {
setCurrentTeam($params['TID'], $row['name']);
}
} else {
drupal_set_message('Error in updating team', 'error');
return;
}
}
if ($TID != false) {
if ($new) {
// if team is submitted correctly
drupal_set_message('Your team form has been submitted. The CROMA team will contact you when your team has been successfully created.');
dbGiveUserRole($user->uid, $TID, 'teamOwner');
dbAssignUserToTeam($user->uid, $TID);
// send email
$params = array('TID' => $TID, 'name' => $row['name'], 'number' => $row['number'], 'user' => $user->uid, 'userName' => dbGetUserName($user->uid));
drupal_mail('teams', 'teamCreated', '*****@*****.**', variable_get('language_default'), $params, $from = NULL, $send = TRUE);
drupal_goto('teamDashboard');
} else {
drupal_set_message('Your team has been updated!');
if (!dbIsTeamApproved($TID)) {
drupal_goto('manageUserTeams');
} else {
drupal_goto('viewTeam', array('query' => array('TID' => $params['TID'])));
}
}
} else {
// if something went wrong...
drupal_set_message('Error creating team. Please try again.');
}
}
// - 'xml' => return data with mime type 'application/xml
// - 'rss' => return data with mime type 'application/rss+xml'
// - 'file' => return data as downloadable file
// - 'email' => send data as email (to the user's login email address)
if (isset($_REQUEST['exportType']) and preg_match("/^(text|html|xml|rss|file|email)\$/i", $_REQUEST['exportType'])) {
$exportType = $_REQUEST['exportType'];
} else {
$exportType = "html";
}
if (isset($_REQUEST['exportStylesheet'])) {
$exportStylesheet = $_REQUEST['exportStylesheet'];
} else {
$exportStylesheet = "";
}
if (isset($_REQUEST['headerMsg'])) {
$headerMsg = stripTags($_REQUEST['headerMsg']);
} else {
$headerMsg = "";
}
// --------------------------------------------------------------------
// Extract any parameters that are specific to 'show.php':
// (these parameters control which records will be returned by 'search.php')
// Note: you can combine different parameters to achieve an "AND" query, e.g.:
//
// show.php?contribution_id=AWI&author=steffens&year=2005
//
// which will find all records where: 'contribution_id' contains 'AWI' -AND- 'author' contains 'steffens' -AND- 'year' contains '2005'
if (isset($_REQUEST['serial'])) {
$serial = $_REQUEST['serial'];
} elseif (isset($_REQUEST['record'])) {
$serial = $_REQUEST['record'];
function purifyHTML($str, $exceptions = array())
{
if (is_string($str)) {
$find = array("\n", "\r");
$tags = array('alert', 'applet', 'audio', 'basefont', 'base', 'behavior', 'bgsound', 'blink', 'body', 'embed', 'expression', 'form', 'iframe', 'ilayer', 'input', 'isindex', 'layer', 'font', 'html', 'link', 'style', 'body', 'head', 'xml', 'script', 'link', 'meta', 'object', 'plaintext', 'textarea', 'title', 'video', 'xss');
$tags = array_diff($tags, $exceptions);
$str = str_replace($find, '<br>', decodeValue($str));
$str = stripTags($str, $tags);
$str = stripPHP($str);
}
return $str;
}
// if there's no ORDER BY parameter...
$orderBy = "author, year DESC, publication";
}
// ...use the default ORDER BY clause
if (isset($_REQUEST['headerMsg'])) {
$headerMsg = $_REQUEST['headerMsg'];
} else {
$headerMsg = "";
}
if (preg_match("/%20/", $headerMsg)) {
// if '$headerMsg' still contains URL encoded data... ('%20' is the URL encoded form of a space, see notes above!)
$headerMsg = rawurldecode($headerMsg);
}
// ...URL decode 'headerMsg' statement (it was URL encoded before incorporation into a hidden tag of the 'displayOptions' form to avoid any HTML syntax errors)
if (!empty($headerMsg)) {
$headerMsg = stripTags($headerMsg);
}
// strip any HTML tags from the custom header message to prevent cross-site scripting (XSS) attacks (function 'stripTags()' is defined in 'include.inc.php')
if (isset($_SESSION['oldQuery'])) {
$oldQuery = $_SESSION['oldQuery'];
} else {
$oldQuery = array();
}
if (isset($_SESSION['queryHistory'])) {
$queryHistory = $_SESSION['queryHistory'];
} else {
$queryHistory = array();
}
// Extract checkbox variable values from the request:
if (isset($_REQUEST['marked'])) {
$recordSerialsArray = $_REQUEST['marked'];
function load()
{
if ($this->_view == 'node') {
$this->_from = $this->get('s');
$this->_node = $this->get('n');
if (!$this->validateServerNode($this->_from, $this->_node)) {
return;
}
$pd = new \Modl\ItemDAO();
$this->_item = $pd->getItem($this->_from, $this->_node);
$this->_mode = 'group';
$this->url = Route::urlize('node', array($this->_from, $this->_node));
} elseif ($this->_view == 'tag' && $this->validateTag($this->get('t'))) {
$this->_mode = 'tag';
$this->_tag = $this->get('t');
$this->title = '#' . $this->_tag;
} else {
$this->_from = $this->get('f');
$cd = new \modl\ContactDAO();
$this->_contact = $cd->get($this->_from, true);
if (filter_var($this->_from, FILTER_VALIDATE_EMAIL)) {
$this->_node = 'urn:xmpp:microblog:0';
} else {
return;
}
$this->_mode = 'blog';
$this->url = Route::urlize('blog', $this->_from);
}
$pd = new \modl\PostnDAO();
if ($this->_id = $this->get('i')) {
if (Validator::stringType()->between('1', '100')->validate($this->_id)) {
if (isset($this->_tag)) {
$this->_messages = $pd->getPublicTag($this->get('t'), $this->_id * $this->_paging, $this->_paging + 1);
} else {
$this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, $this->_id * $this->_paging, $this->_paging + 1);
}
$this->_page = $this->_id + 1;
} elseif (Validator::stringType()->length(5, 100)->validate($this->_id)) {
$this->_messages[0] = $pd->getPublicItem($this->_from, $this->_node, $this->_id);
if (is_object($this->_messages[0])) {
$this->title = $this->_messages[0]->title;
$description = stripTags($this->_messages[0]->contentcleaned);
if (!empty($description)) {
$this->description = truncate($description, 100);
}
$attachments = $this->_messages[0]->getAttachments();
if ($attachments && array_key_exists('pictures', $attachments)) {
$this->image = urldecode($attachments['pictures'][0]['href']);
}
}
if ($this->_view == 'node') {
$this->url = Route::urlize('node', array($this->_from, $this->_node, $this->_id));
} else {
$this->url = Route::urlize('blog', array($this->_from, $this->_id));
}
}
} else {
$this->_page = 1;
if (isset($this->_tag)) {
$this->_messages = $pd->getPublicTag($this->get('t'), 0, $this->_paging + 1);
} else {
$this->_messages = $pd->getNodeUnfiltered($this->_from, $this->_node, 0, $this->_paging + 1);
}
}
if (count($this->_messages) == $this->_paging + 1) {
array_pop($this->_messages);
}
if ($this->_node == 'urn:xmpp:microblog:0') {
$this->user = new User($this->_from);
$cssurl = $this->user->getDumpedConfig('cssurl');
if (isset($cssurl) && $cssurl != '' && Validator::url()->validate($cssurl)) {
$this->addrawcss($cssurl);
}
}
}
function outreachForm_submit($form, $form_state)
{
global $user;
$UID = $user->uid;
$TID = $form_state['TID'];
$outreachFields = array("name", "peopleImpacted", "address", "city", "state", "country", "status", "co_organization", "co_firstName", "co_lastName", "co_email", "co_phoneNumber", "isPublic");
$outreachData = getFields($outreachFields, $form_state['values']);
$outreachData = stripTags($outreachData, '');
// remove all tags
$outreachData['description'] = stripTags(array($form_state['values']['description']));
// allow some tags
$outreachData["TID"] = $TID;
if ($form_state['new']) {
$outreachData["UID"] = $UID;
}
if (isset($form_state['OID'])) {
$OID = $form_state['OID'];
$oldOutreachData = dbGetOutreach($OID);
if ($outreachData["status"] == "doingWriteUp" && $oldOutreachData["isWriteUpApproved"] == true) {
$outreachData["writeUpUID"] = null;
$outreachData["isWriteUpSubmitted"] = 0;
$outreachData["isWriteUpApproved"] = 0;
}
}
if (!$form_state['new']) {
// updating existing event
$OID = $form_state['OID'];
$result = dbUpdateOutreach($OID, $outreachData);
if ($result) {
// if db call was successful
for ($i = 0; $i < $form_state['numRows']; $i++) {
// loop through date rows
$TOID = isset($form_state['fields']['dates']["TOID-{$i}"]) ? $form_state['fields']['dates']["TOID-{$i}"] : 0;
$timeData['startTime'] = dbDatePHP2SQL(strtotime($form_state['values']["startTime-{$i}"]));
dpm($timeData['startTime']);
$timeData['endTime'] = dbDatePHP2SQL(strtotime($form_state['values']["endTime-{$i}"]));
if ($timeData['startTime'] != null && $timeData['endTime'] != null) {
// if row isn't empty
if ($TOID != 0) {
// update existing record
dbUpdateTimesForOutreach($TOID, $timeData);
} else {
// add a new time record if there wasn't one previously
$timeData['OID'] = $OID;
dbAddTimesToOutreach($timeData);
}
} else {
// remove time record if empty
dbRemoveTimeFromOutreach($TOID);
}
}
for ($i = $form_state['numRows']; $i < $form_state['initialNumTimes']; $i++) {
// executes if times were deleted
dbRemoveTimeFromOutreach($form_state['fields']['dates']["TOID-{$i}"]);
}
$notification = array();
$userName = dbGetUserName($user->uid);
$outName = dbGetOutreachName($OID);
$notification['dateCreated'] = dbDatePHP2SQL(time());
$notification['dateTargeted'] = dbDatePHP2SQL(time());
$notification['message'] = "{$userName} has updated outreach {$outName}.";
$notification['bttnTitle'] = 'View';
$notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID;
$notification['TID'] = $TID;
notifyUsersByRole($notification, 'moderator');
// handle tags
if (!empty($form_state['values']['tags'])) {
$newTags = $form_state['values']['tags'];
$previous = dbGetTagsForOutreach($OID, true);
// the "true" means this will return only OTID's
if ($previous == false) {
// if there aren't any tags
$previous = array();
}
$deleted = array_diff($previous, $newTags);
$added = array_diff($newTags, $previous);
foreach ($deleted as $delete) {
// $delete is the OTID to be removed from the outreach
if (!empty($delete)) {
dbRemoveTagFromOutreach($delete, $OID);
}
}
foreach ($added as $add) {
// $add is the OTID to be added to the outreach
if (!empty($add)) {
dbAddTagToOutreach($add, $OID);
}
}
}
drupal_set_message("Outreach updated!");
} else {
drupal_set_message("Outreach not updated.");
}
} else {
// adding new event
$outreachData['logDate'] = dbDatePHP2SQL(time());
$OID = dbCreateOutreach($outreachData);
if ($OID != false) {
dbAddUserAsOwnerOfOutreach($UID, $OID);
dbAssignUserToOutreach($UID, $OID, 'owner');
// handle times
if ($outreachData['status'] != 'isIdea') {
for ($i = 0; $i < $form_state['numRows']; $i++) {
$time = array("startTime-{$i}", "endTime-{$i}");
$timeData = getFields($time, $form_state['values']);
if ($timeData["startTime-{$i}"] != null && $timeData["endTime-{$i}"] != null) {
// rename array keys to match columns
$timeData['startTime'] = dbDatePHP2SQL(strtotime($timeData["startTime-{$i}"]));
$timeData['endTime'] = dbDatePHP2SQL(strtotime($timeData["endTime-{$i}"]));
unset($timeData["endTime-{$i}"], $timeData["startTime-{$i}"]);
$timeData['OID'] = $OID;
dbAddTimesToOutreach($timeData);
}
}
}
// handle tags
if (!empty($form_state['values']['tags'])) {
foreach ($form_state['values']['tags'] as $OTID) {
dbAddTagToOutreach($OTID, $OID);
}
}
// create notification
$notification = array();
$userName = dbGetUserName($user->uid);
$outName = dbGetOutreachName($OID);
$notification['dateCreated'] = dbDatePHP2SQL(time());
$notification['dateTargeted'] = dbDatePHP2SQL(time());
$notification['message'] = "{$userName} has created outreach {$outName}.";
$notification['bttnTitle'] = 'View';
$notification['bttnLink'] = '?q=viewOutreach&OID=' . $OID;
$notification['TID'] = $TID;
notifyUsersByRole($notification, 'moderator');
drupal_set_message("Outreach created!");
} else {
// if the $OID IS false
form_set_error("Outreach not created successfully");
}
}
if (dbIsOutreachOver($OID)) {
drupal_set_message("It appears you are logging an old event. Don't forget to <a href=\"?q=logHours&OID={$OID}\"><b>log old hours</b></a>!");
}
drupal_goto('viewOutreach', array('query' => array('OID' => $OID)));
}
/**
* defaultStripOutput : default ouput strip function
*/
function defaultStripOutput($text)
{
if ($text !== '') {
// replace line breaking tags with whitespace
$text = stripLineBreaking($text);
// strip modx sensitive tags
$text = stripTags($text);
// strip Jscripts
$text = stripJscripts($text);
// strip html tags. Tags should be correctly ended
$text = stripHTML($text);
}
return $text;
}
