function drawStaffList($where, $searchterms = false)
{
global $isAdmin, $_josh;
$return = drawJumpToStaff() . '<table class="left" cellspacing="1">';
if ($isAdmin) {
$colspan = 5;
$return .= drawHeaderRow(false, $colspan, "new", "add_edit.php");
} else {
$colspan = 4;
$return .= drawHeaderRow(false, $colspan);
}
$return .= '<tr>
<th class="image"></th>
<th>Name / Office</th>
<th>Title / Department</th>
<th class="r">Phone</th>';
if ($isAdmin) {
$return .= '<th></th>';
}
$return .= '</tr>';
$result = db_query("SELECT \n\t\t\tu.userID, \n\t\t\tu.lastname,\n\t\t\tISNULL(u.nickname, u.firstname) firstname, \n\t\t\tu.bio, \n\t\t\tu.phone,\n\t\t\tc.description corporationName,\n\t\t\tu.corporationID,\n\t\t\to.name office, \n\t\t\tu.title, \n\t\t\td.departmentName\n\t\tFROM intranet_users u\n\t\tLEFT JOIN intranet_departments d\tON d.departmentID = u.departmentID \n\t\tLEFT JOIN organizations c\t\t\tON u.corporationID = c.id\n\t\tLEFT JOIN intranet_offices o\t\tON o.id = u.officeID\n\t\tWHERE " . $where . "\n\t\tORDER BY u.lastname, ISNULL(u.nickname, u.firstname)");
$count = db_found($result);
if ($count) {
if ($count == 1 && $searchterms) {
$r = db_fetch($result);
$_josh["slow"] = true;
url_change("view.php?id=" . $r["userID"]);
} else {
while ($r = db_fetch($result)) {
$return .= drawStaffRow($r, $searchterms);
}
}
} else {
$return .= drawEmptyResult("No staff match those criteria.", $colspan);
}
return $return . '</table>';
}
if ($ct == 'news') {
?>
current<?php
}
?>
">News<span class="fright">(<?php
echo $news_counter;
?>
)</span></a><?php
}
?>
<?php
if ($article_counter > 0) {
?>
<a href="<?php
echo url_change('article', 'content-type');
?>
#list" class="<?php
if ($ct == 'article') {
?>
current<?php
}
?>
">Analysis<span class="fright">(<?php
echo $article_counter;
?>
)</span></a><?php
}
?>
</div>
</div>
<?php
include "../../include.php";
if ($posting) {
$theuser_id = $page['is_admin'] ? $_POST["created_user"] : $_SESSION["user_id"];
db_query("UPDATE press_releases SET\n\t\t\theadline = '{$_POST["headline"]}',\t\n\t\t\tdetail = '{$_POST["detail"]}',\t\n\t\t\tlocation = '{$_POST["location"]}',\t\n\t\t\ttext = '" . format_html($_POST["text"]) . "',\t\n\t\t\tcorporationID = {$_POST["corporationID"]},\n\t\t\tupdated_date = GETDATE(),\n\t\t\tupdated_user = {$theuser_id}\n\t\t\tWHERE id = " . $_GET["id"]);
url_change("../?id=" . $_GET["id"]);
}
echo drawTop();
$r = db_grab("SELECT id, headline, detail, location, releaseDate, corporationID, text FROM press_releases WHERE id = " . $_GET["id"]);
$form = new intranet_form();
if ($page['is_admin']) {
$form->addUser("created_user", "Posted By", $_SESSION["user_id"], false, "EEDDCC");
}
$form->addRow("itext", "Headline", "headline", $r["headline"], "", true, 255);
$form->addRow("itext", "Detail", "detail", $r["detail"], "", false, 255);
$form->addRow("itext", "Location", "location", $r["location"], "", true, 255);
$form->addRow("select", "Organization", "corporationID", "SELECT id, title from organizations ORDER BY title", $r["corporationID"]);
$form->addRow("date", "Date", "releaseDate", $r["releaseDate"]);
$form->addRow("textarea", "Text", "text", $r["text"], "", true);
$form->addRow("submit", "update press release");
$form->draw("Update Release");
echo drawBottom();
<?php
include "include.php";
if ($posting) {
$user_id = $page['is_admin'] ? $_POST["user_id"] : $_SESSION["user_id"];
format_post_nulls("type_id");
$id = db_query("INSERT INTO helpdesk_tickets (\r\n \tcreated_user,\r\n \ttype_id,\r\n\t\tpriorityID,\r\n\t\tdepartmentID,\r\n\t\tdescription,\r\n\t\tstatusID,\r\n\t\tipAddress,\r\n\t\tcreated_date,\r\n\t\tupdated_date,\r\n\t\ttitle\r\n\t) VALUES (\r\n\t\t" . $user_id . ",\r\n\t\t" . $_POST["type_id"] . ",\r\n\t\t'" . $_POST["priorityID"] . "',\r\n\t\t'" . $_POST["departmentID"] . "',\r\n\t\t'" . $_POST["description"] . "',\r\n\t\t1,\r\n\t\t'{$_SERVER["REMOTE_ADDR"]}',\r\n\t\tGETDATE(),\r\n\t\tGETDATE(),\r\n\t\t'" . $_POST["title"] . "'\r\n );");
//$r = db_grab("SELECT MAX(id) id FROM helpdesk_tickets");
//todo - email mohammed for critical
emailITTicket($id, 'new');
//special for carla
url_change('ticket.php?id=' . $id);
}
echo drawTop();
echo drawMessage($helpdeskStatus, "center");
?>
<script language="javascript">
<!--
function updateTypes(departmentID) {
var types = new Array(3, 8);
<?php
$types = db_query("SELECT id, departmentID, description FROM helpdesk_tickets_types ORDER BY departmentID, description");
$options = array();
while ($t = db_fetch($types)) {
$options[$t["departmentID"]][] = '"' . $t["id"] . '|' . $t["description"] . '"';
}
while (list($key, $value) = each($options)) {
?>
types[<?php
echo $key;
<?php
include "../../include.php";
if (url_id('module_id')) {
$result = db_table('SELECT p.id, p.title, p.url, p.is_hidden FROM pages p WHERE module_id = ' . $_GET['module_id'] . ' ORDER BY p.precedence');
} elseif (url_id('modulette_id')) {
$result = db_table('SELECT p.id, p.title, p.url, p.is_hidden FROM pages p WHERE modulette_id = ' . $_GET['modulette_id'] . ' ORDER BY p.precedence');
} else {
url_change('./');
}
echo drawTop();
//pages list
$t = new table('pages', drawHeader());
$t->set_column('is_hidden', 'd', ' ');
$t->set_column('draggy', 'd', ' ');
$t->set_column('title', 'l', getString('title'));
$t->set_column('url');
$t->set_draggable('draggy');
foreach ($result as &$r) {
$r['is_hidden'] = draw_form_checkbox('foo', !$r['is_hidden'], false, 'ajax_set(\'pages\', \'is_hidden\', ' . $r['id'] . ', ' . abs($r['is_hidden'] - 1) . ');');
$r['draggy'] = draw_img('/images/icons/move.png');
$r['title'] = draw_link('page.php?id=' . $r['id'], $r['title']);
if (empty($r['url'])) {
$r['url'] = 'index.php';
}
}
echo $t->draw($result, 'No pages');
echo drawBottom();
$laptopIsWireless = isset($_POST["laptopIsWireless"]) ? 1 : 0;
if (isset($_GET["id"])) {
db_query("UPDATE it_laptops SET\r\n\t\t\tlaptopName = '" . $_POST["laptopName"] . "',\r\n\t\t\tlaptopModel = '" . $_POST["laptopModel"] . "',\r\n\t\t\tlaptopHomeID = " . $_POST["laptopHomeID"] . ",\r\n\t\t\tlaptopSerial = '" . $_POST["laptopSerial"] . "',\r\n\t\t\tlaptopExpressServiceCode = '" . $_POST["laptopExpressServiceCode"] . "',\r\n\t\t\tlaptopServiceTag = '" . $_POST["laptopServiceTag"] . "',\r\n\t\t\tlaptopOS = '" . $_POST["laptopOS"] . "',\r\n\t\t\tlaptopOffice = '" . $_POST["laptopOffice"] . "',\r\n\t\t\tlaptopIsWireless = {$laptopIsWireless},\r\n\t\t\tlaptopMACAddress = '" . $_POST["laptopMACAddress"] . "',\r\n\t\t\tlaptopPurpose = '" . $_POST["laptopPurpose"] . "'\r\n\t\t\tWHERE laptopID = " . $_GET["id"]);
db_query("DELETE FROM it_laptops_2_accessories WHERE laptopID = " . $_GET["id"]);
} else {
$_GET["id"] = db_query("INSERT INTO it_laptops (\r\n\t\t\tlaptopName,\r\n\t\t\tlaptopModel,\r\n\t\t\tlaptopHomeID,\r\n\t\t\tlaptopSerial,\r\n\t\t\tlaptopExpressServiceCode,\r\n\t\t\tlaptopstatusID,\r\n\t\t\tlaptopServiceTag,\r\n\t\t\tlaptopOS,\r\n\t\t\tlaptopOffice,\r\n\t\t\tlaptopIsWireless,\r\n\t\t\tlaptopMACAddress,\r\n\t\t\tlaptopPurpose\r\n\t\t) VALUES (\r\n\t\t\t'" . $_POST["laptopName"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopModel"] . "',\t\t\t\r\n\t\t\t" . $_POST["laptopHomeID"] . ",\t\t\t\r\n\t\t\t'" . $_POST["laptopSerial"] . "',\r\n\t\t\t'" . $_POST["laptopExpressServiceCode"] . "',\r\n\t\t\t2,\r\n\t\t\t'" . $_POST["laptopServiceTag"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopOS"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopOffice"] . "',\t\t\t\r\n\t\t\t{$laptopIsWireless},\t\t\t\r\n\t\t\t'" . $_POST["laptopMACAddress"] . "',\r\n\t\t\t'" . $_POST["laptopPurpose"] . "'\r\n\t\t)");
}
//accessories
reset($_POST);
while (list($key, $value) = each($_POST)) {
@(list($control, $accessoryID) = explode("_", $key));
if ($control == "chkacc") {
db_query("INSERT INTO it_laptops_2_accessories (\r\n\t\t\t\tlaptopID,\r\n\t\t\t\taccessoryID\r\n\t\t\t) VALUES (\r\n\t\t\t\t" . $_GET["id"] . ",\r\n\t\t\t\t" . $accessoryID . "\r\n\t\t\t);");
}
}
url_change("laptop.php?id=" . $_GET["id"]);
}
echo drawTop();
if (isset($_GET["id"])) {
$r = db_grab("SELECT \r\n\t\t\t\t\t\tl.laptopName,\r\n\t\t\t\t\t\tl.laptopPurpose,\r\n\t\t\t\t\t\tl.laptopModel,\r\n\t\t\t\t\t\tl.laptopHomeID,\r\n\t\t\t\t\t\tl.laptopSerial,\r\n\t\t\t\t\t\tl.laptopExpressServiceCode,\r\n\t\t\t\t\t\tl.laptopServiceTag,\r\n\t\t\t\t\t\tl.laptopOS,\r\n\t\t\t\t\t\tl.laptopOffice,\r\n\t\t\t\t\t\tl.laptopIsWireless,\r\n\t\t\t\t\t\tl.laptopMACAddress\r\n\t\t\t\t\tFROM it_laptops l\r\n\t\t\t\t\tWHERE laptopID = " . $_GET["id"]);
$openEnded = empty($r["laptopEnd"]) ? true : false;
}
?>
<a name="closedtickets"></a>
<table class="left" cellspacing="1">
<?php
echo drawHeaderRow("Add Laptop", 2);
?>
<form method="post" action="<?php
echo $request["path_query"];
<?php
include "../../include.php";
if ($posting) {
$id = db_save("queries");
url_change("./");
}
echo drawTop();
if (isset($_GET["id"])) {
$r = db_grab("SELECT \n\t\t\tq.databaseID,\n\t\t\td.dbname,\n\t\t\tq.name,\n\t\t\tq.description,\n\t\t\tq.query,\n\t\t\tq.is_active\n\t\tFROM queries q \n\t\tJOIN queries_databases d ON d.id = q.databaseID\n\t\tWHERE q.id = " . $_GET["id"]);
/*db_switch($r["dbname"]);
db_query($r["query"], false, true);
db_switch($_josh["db"]["database"]);*/
} else {
$r["is_active"] = 1;
}
$form = new intranet_form();
$form->addRow("hidden", "", "is_active", $r["is_active"]);
$form->addRow("select", "Database", "databaseID", "SELECT id, dbname from queries_databases order by dbname", @$r["databaseID"], true);
$form->addRow("itext", "Name", "name", @$r["name"], "", false, 50);
$form->addRow("textarea", "Description", "description", @$r["description"]);
$form->addRow("textarea-plain", "Query", "query", @$r["query"]);
$form->addRow("submit", "Save Changes");
if (isset($_GET["id"])) {
$form->draw("<a href='/queries/'>Database Queries</a> > Edit Query");
} else {
$form->draw("Add New Query");
}
echo drawBottom();
function url_query_require($target = "./", $index = "id")
{
//requires a _GET variable to be defined or eject page
if (!url_id($index)) {
url_change($target);
}
}
<?php
include "../../include.php";
if (url_action("delete")) {
db_delete("openings");
url_drop();
} elseif ($posting) {
//debug();
if ($id = db_save("openings")) {
url_change("position.php?id=" . $id);
}
}
echo drawTop();
?>
<table class="left" cellspacing="1">
<?php
if ($page['is_admin']) {
$colspan = 4;
echo drawHeaderRow("Open Positions", $colspan, "new", "#bottom");
} else {
$colspan = 3;
echo drawHeaderRow("Open Positions", $colspan);
}
?>
<tr>
<th width="50%">Title</th>
<th width="30%">Location</th>
<th class="r" width="20%"><nobr>Last Update</nobr></th>
<?php
if ($page['is_admin']) {
?>
}
if (!empty($_POST)) {
$isActionItem = isset($_POST["chkActionItem"]) ? 1 : 0;
$isReport = isset($_POST["chkReport"]) ? 1 : 0;
$isInternal = $_POST["isInternal"] == "true" ? 1 : 0;
db_query('UPDATE funders_activity SET
activityTitle = "' . $_POST["activityTitle"] . '",
activityDate = ' . format_date_sql($_POST["activityDateMonth"], $_POST["activityDateDay"], $_POST["activityDateYear"]) . ',
activityAssignedTo = ' . $_POST["activityAssignedTo"] . ',
isComplete = "' . $_POST["isComplete"] . '",
isActionItem = ' . $isActionItem . ',
isReport = ' . $isReport . ',
isInternalDeadline = ' . $isInternal . ',
activityText = "' . $_POST["activityText"] . '"
WHERE activityID = ' . $_GET["id"]);
url_change('activity_view.php?id=' . $_GET['id']);
}
echo drawTop();
$r = db_grab("SELECT \n\t\t\t\ta.activityID, \n\t\t\t\ta.funderID, \n\t\t\t\tf.name,\n\t\t\t\tw.awardTitle,\n\t\t\t\ta.awardID, \n\t\t\t\ta.activityTitle, \n\t\t\t\ta.activityText, \n\t\t\t\ta.activityDate, \n\t\t\t\ta.activityAssignedTo, \n\t\t\t\ta.isActionItem, \n\t\t\t\ta.isComplete, \n\t\t\t\ta.isReport, \n\t\t\t\ta.isInternalDeadline, \n\t\t\t\ta.activityPostedOn\n\t\t\tFROM funders_activity a\n\t\t\tINNER JOIN funders_awards w ON a.awardID = w.awardID\n\t\t\tINNER JOIN funders f ON w.funderID = f.funderID\n\t\t\tWHERE activityID = " . $_GET["id"]);
?>
<script language="javascript">
<!--
function checkInternal() {
if (document.frmActivity.chkActionItem.checked) {
document.all["internal"].style.visibility = "visible";
} else {
document.all["report"].style.visibility = "hidden";
document.all["internal"].style.visibility = "hidden";
document.frmActivity.isInternal[0].checked = true;
document.frmActivity.isInternal[1].checked = false;
<?php
include "../include.php";
if ($posting) {
format_post_bits("isInstancePage, isSecure, isAdmin");
db_query("UPDATE pages SET \n\t\tname = '{$_POST["title"]}',\n\t\tisAdmin = {$_POST["isAdmin"]},\n\t\tprecedence = {$_POST["precedence"]},\n\t\tisInstancePage = {$_POST["isInstancePage"]},\n\t\tisSecure = {$_POST["isSecure"]},\n\t\tmoduleID = '{$_POST["moduleID"]}',\n\t\thelpText = '{$_POST["helpText"]}'\n\t\tWHERE id = " . $_GET["id"]);
url_change($_POST["returnTo"]);
}
drawTop();
$r = db_grab("SELECT\n\tp.id,\n\tp.name title,\n\tp.helpText,\n\tm.id moduleID,\n\tm.name module,\n\tp.isAdmin,\n\tp.isSecure,\n\tp.precedence,\n\tp.isInstancePage,\n\tp2.url\n\tFROM pages p\n\tJOIN modules m ON p.moduleID = m.id\n\tJOIN pages p2 ON m.homePageID = p2.id\n\tWHERE p.id = " . $_GET["id"]);
$form = new intranet_form();
$form->addRow("hidden", "", "returnTo", $_GET["returnTo"]);
$form->addRow("itext", "Title", "title", $r["title"], "", true, 50);
$form->addRow("itext", "Precedence", "precedence", $r["precedence"], "", true, 50);
$form->addRow("checkbox", "Is Admin", "isAdmin", $r["isAdmin"], "", true, 50);
$form->addRow("checkbox", "Is Instance Page", "isInstancePage", $r["isInstancePage"], "", true, 50);
$form->addRow("checkbox", "Is Secure", "isSecure", $r["isSecure"], "", true, 50);
$form->addRow("select", "Module", "moduleID", "SELECT id, name FROM modules WHERE isActive = 1 ORDER BY name", $r["moduleID"], $r["moduleID"]);
//$form->addRow("text", "Module", "", "<span class='" . str_replace("/", "", $r["url"]) . " block'>" . $r["module"] . "</span>");
$form->addRow("textarea", "Help Text", "helpText", $r["helpText"]);
$form->addRow("submit", "Save Changes");
$form->draw("Edit Page Info");
drawBottom();
<?php
include "include.php";
//delete type
if (isset($_GET["deleteType"])) {
db_query("DELETE FROM helpdesk_tickets_types WHERE id = " . $_GET["id"]);
url_change("types.php");
}
echo drawTop();
$where1 = isset($_GET["id"]) ? "= " . $_GET["id"] : "IS NULL";
$tickets = db_query("select\r\n\t\t\tt.title,\r\n\t\t\tt.statusID,\r\n\t\t\tt.type_id,\r\n\t\t\t(SELECT COUNT(*) FROM helpdesk_tickets_followups f WHERE f.ticketID = t.id) as ticketfollowups,\r\n\t\t\tt.created_user,\r\n\t\t\tt.updated_date,\r\n\t\t\tt.id,\r\n\t\t\tt.ownerID,\r\n\t\t\tt.priorityID,\r\n\t\t\tt.created_date,\r\n\t\t\tISNULL(u.nickname, u.firstname) first,\r\n\t\t\tu.lastname last,\r\n\t\t\t(SELECT COUNT(*) FROM users_to_modules a WHERE a.module_id = 3 AND a.user_id = t.created_user) is_adminIT\r\n\t\tFROM helpdesk_tickets t\r\n\t\tINNER JOIN users u ON u.id = t.created_user\r\n\t\tWHERE t.type_id {$where1} {$where}\r\n\t\tORDER BY t.created_date DESC");
echo drawTicketFilter();
?>
<table class="left" cellspacing="1">
<?php
if (isset($_GET["id"])) {
$type = db_grab("SELECT description name FROM helpdesk_tickets_types WHERE id = " . $_GET["id"]);
if (db_found($tickets)) {
echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5, "edit name", "type_add_edit.php?id=" . $_GET["id"]);
echo drawTicketHeader();
while ($r = db_fetch($tickets)) {
echo drawTicketRow($r, "type");
}
} else {
if ($filtered) {
echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5);
echo drawEmptyResult("No tickets have this type / month / year.", 5);
} else {
echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5, "edit name", "type_add_edit.php?id=" . $_GET["id"], "delete", $request["path_query"] . "&deleteType=true");
echo drawEmptyResult("No tickets are tagged as this type. You can delete the type above.", 5);
<?php
include "../include.php";
if ($_POST) {
db_query("UPDATE intranet_users SET password = PWDENCRYPT('{$_POST["password1"]}') WHERE userID = " . $user["id"]);
$r = db_grab("SELECT p.url homepage FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.userID = " . $user["id"]);
url_change($r);
}
?>
<html>
<head>
<title>Update Your Password</title>
<link rel="stylesheet" type="text/css" href="<?php
echo $locale;
?>
style.css" />
<script language="javascript" src="/javascript.js"></script>
</head>
<body>
<br>
<table width="600" align="center">
<tr>
<td>
<?php
$form = new intranet_form();
$form->addRow("password", "Password", "password1", "", "", true);
$form->addRow("password", "Confirm", "password2", "", "", true);
$form->addRow("submit", "Save");
$form->addJavascript("(form.password1.value != form.password2.value)", "Passwords don't match!");
$form->draw("Update Your Password");
?>
$message .= '<td>' . $r . '</td></tr>';
} elseif ($key == "officeID") {
$r = db_grab("SELECT name FROM intranet_offices WHERE id = " . $value);
$message .= '<td>' . $r . '</td></tr>';
} elseif ($key == "corporationID") {
$message .= '<td>' . db_grab("SELECT description FROM organizations WHERE id = " . $value) . '</td></tr>';
} elseif ($key == "Additional Info") {
$message .= '<td>' . nl2br($value) . '</td></tr>';
} else {
$message .= '<td>' . $value . '</td></tr>';
}
}
$message .= '<tr><td colspan="2" class="bottom"><a href="http://' . $request["host"] . '/staff/add_edit.php?requestID=' . $id . '">click here</a></td></tr>';
email_user($_josh["email_admin"], "New User Request", $message, 2);
}
url_change("account_confirm.php");
}
?>
<html>
<head>
<title>Request an Account</title>
<link rel="stylesheet" type="text/css" href="<?php
echo $locale;
?>
style.css" />
<script language="javascript" type="text/javascript" src="/javascript.js"></script>
<script language="javascript" type="text/javascript" src="<?php
echo $locale;
?>
tinymce/jscripts/tiny_mce/tiny_mce.js"></script>
<script language="javascript">
//included
$_josh["request"]["path_query"] = "/news/edit.php";
} else {
//page loaded on its own
include "../../include.php";
if ($posting) {
if (isset($_FILES["content"]["name"]) && !empty($_FILES["content"]["name"])) {
list($_POST["content"], $_POST["fileTypeID"]) = file_get_uploaded("content", "docs_types");
}
if (isset($_FILES["image"]["name"]) && !empty($_FILES["image"]["name"])) {
list($_POST["image"], $_POST["imageTypeID"]) = file_get_uploaded("image", "docs_types");
//die($_POST["image"]);
}
$id = db_save("news_stories");
db_checkboxes("corporationID", "news_stories_to_organizations", "newsID", "organizationID", $id);
url_change("./?id=" . $id);
}
echo drawTop();
$r = db_grab("SELECT \n\t\tn.headline,\n\t\tn.outlet,\n\t\tn.pubdate,\n\t\tn.url,\n\t\tn.description\n\t\tFROM news_stories n\n\t\tWHERE id = " . $_GET["id"]);
}
$form = new intranet_form();
$form->addCheckboxes("corporationID", "Organization", "organizations", "news_stories_to_organizations", "newsID", "organizationID", @$_GET["id"]);
$form->addRow("itext", "Headline", "headline", @$r["headline"], "", true, 255);
$form->addRow("itext", "News Outlet", "outlet", @$r["outlet"], "", true, 255);
$form->addRow("date", "Date", "pubdate", @$r["pubdate"], "", true);
$form->addRow("file", "Image<br>(optional)", "image", "", "", false);
$form->addRow("file", "File<br>(optional)", "content", "", "", true);
$form->addRow("itext", "URL<br>(optional)", "url", @$r["url"], "", false, 255);
$form->addRow("textarea-plain", "Description<br>(optional)", "description", @$r["description"]);
$form->addRow("submit", "Save Changes");
if (url_id()) {
<?php
include "../include.php";
db_query("UPDATE users SET password = PWDENCRYPT('') WHERE user_id = " . $_GET["id"]);
url_change("view.php?id=" . $_GET["id"]);
<?php
include "../../include.php";
url_query_require();
if ($posting) {
$id = db_save("wiki_topics");
db_checkboxes("tags", "wiki_topics_to_tags", "topicID", "tagID", $id);
url_change("topic.php?id=" . $id);
}
echo drawTop();
$r = db_grab("SELECT id, title, description, type_id FROM wiki_topics WHERE id = " . $_GET["id"]);
$form = new intranet_form();
if ($page['is_admin']) {
$form->addUser("created_user", "Posted By", $_SESSION["user_id"], false, true);
}
$form->addRow("itext", "Title", "title", $r["title"], "", true, 255);
$form->addRow("select", "Type", "type_id", "SELECT id, description FROM wiki_topics_types", $r["type_id"], true);
$form->addCheckboxes("tags", "Tags", "wiki_tags", "wiki_topics_to_tags", "topicID", "tagID", $_GET["id"]);
$form->addRow("textarea", "Description", "description", $r["description"], "", true);
$form->addRow("submit", "post wiki topic");
$form->draw("Add a Wiki Topic");
echo drawBottom();
//format variables
$awardStartDate = date("Y-m-d H:i:00", mktime(1, 1, 1, $_POST["cboStartMonth"], 1, $_POST["cboStartYear"]));
$awardEndDate = date("Y-m-d H:i:00", mktime(1, 1, 1, $_POST["cboEndMonth"], 1, $_POST["cboEndYear"]));
$_POST["cboProgram2"] = isset($_POST["noCrossList"]) ? "NULL" : $_POST["cboProgram2"];
if (isset($_GET["funderID"])) {
//adding
//insert award
db_query("INSERT into funders_awards (\n\t\t\tfunderID,\n\t\t\tawardAmount,\n\t\t\tawardTypeID,\n\t\t\tawardStatusID,\n\t\t\tawardStartDate,\n\t\t\tawardEndDate,\n\t\t\tawardTitle,\n\t\t\tawardFilingNumber,\n\t\t\tawardNotes,\n\t\t\tawardPostedOn,\n\t\t\tawardPostedBy,\n\t\t\tawardProgramID,\n\t\t\tawardProgramID2,\n\t\t\tstaffID\n\t\t) VALUES (\n\t\t\t" . $_GET["funderID"] . ",\n\t\t\t" . $_POST["txtAmount"] . ",\n\t\t\t" . $_POST["cboAwardType"] . ",\n\t\t\t" . $_POST["cboAwardStatus"] . ",\n\t\t\t'{$awardStartDate}',\n\t\t\t'{$awardEndDate}',\n\t\t\t'" . $_POST["txtAwardTitle"] . "',\n\t\t\t'" . $_POST["txtAwardFilingNumber"] . "',\n\t\t\t'" . $_POST["tarDescription"] . "',\n\t\t\tGETDATE(),\n\t\t\t" . $_SESSION["user_id"] . ",\n\t\t\t" . $_POST["cboProgram"] . ",\n\t\t\t" . $_POST["cboProgram2"] . ",\n\t\t\t" . $_POST["cboStaff"] . "\n\t\t);");
//determine awardID for redirecting
$_GET["id"] = db_grab("SELECT max(awardID) FROM funders_awards");
} else {
//editing
db_query("UPDATE funders_awards SET\n\t\t\tfunderID = " . $_POST["cboFunder"] . ",\n\t\t\tawardAmount = " . $_POST["txtAmount"] . ",\n\t\t\tawardTypeID = " . $_POST["cboAwardType"] . ",\n\t\t\tawardStatusID = " . $_POST["cboAwardStatus"] . ",\n\t\t\tawardStartDate = '{$awardStartDate}',\n\t\t\tawardEndDate = '{$awardEndDate}',\n\t\t\tawardTitle = '" . $_POST["txtAwardTitle"] . "',\n\t\t\tawardFilingNumber = '" . $_POST["txtAwardFilingNumber"] . "',\n\t\t\tawardNotes = '" . $_POST["tarDescription"] . "',\n\t\t\tawardPostedOn = GETDATE(),\n\t\t\tawardPostedBy = " . $_SESSION["user_id"] . ",\n\t\t\tawardProgramID = " . $_POST["cboProgram"] . ",\n\t\t\tawardProgramID2 = " . $_POST["cboProgram2"] . ",\n\t\t\tstaffID = " . $_POST["cboStaff"] . "\n\t\tWHERE awardID = " . $_GET["id"]);
}
//redirect to view award
url_change("award_view.php?id=" . $_GET["id"]);
}
echo drawTop();
if (isset($_GET["funderID"])) {
//adding
$adding = true;
$r = db_grab("SELECT \n\t\t\tf.name,\n\t\t\tf.staffID \n\t\tFROM funders f \n\t\tWHERE f.funderID = " . $_GET["funderID"]);
$startMonth = $month;
$endMonth = $month;
$startYear = $year;
$endYear = $year + 1;
$button = "add award";
} else {
//editing
$adding = false;
$r = db_grab("SELECT \n\t\t\t\t\tf.funderID,\n\t\t\t\t\tf.name,\n\t\t\t\t\ta.awardTitle,\n\t\t\t\t\ta.awardFilingNumber,\n\t\t\t\t\ta.awardStartDate,\n\t\t\t\t\ta.awardEndDate,\n\t\t\t\t\ta.awardTypeID,\n\t\t\t\t\ta.awardStatusID,\n\t\t\t\t\ta.awardProgramID,\n\t\t\t\t\ta.awardProgramID2,\n\t\t\t\t\ta.awardAmount,\n\t\t\t\t\ta.awardNotes,\n\t\t\t\t\ta.staffID\n\t\t\t\tFROM funders_awards a\n\t\t\t\tINNER JOIN funders f on a.funderID = f.funderID\n\t\t\t\tWHERE a.awardID = " . $_GET["id"]);
<?php
include "../include.php";
//kick out user if not administrator ~ should be done with page info
if (!$page['is_admin'] && $page["is_admin"]) {
url_change("/helpdesk/");
}
//department may become settable
if (url_id("dept")) {
$departmentID = $_GET["dept"];
} else {
$departmentID = $_SESSION["isHelpdesk"] ? $_SESSION["departmentID"] : 8;
}
//handle ticket delete
if (url_action("delete")) {
db_query("DELETE FROM helpdesk_tickets_attachments WHERE ticketID = " . $_GET["ticketID"]);
db_query("DELETE FROM helpdesk_tickets_followups WHERE ticketID = " . $_GET["ticketID"]);
db_query("DELETE FROM helpdesk_tickets WHERE id = " . $_GET["ticketID"]);
url_query_drop("action, ticketID");
}
//filter data
$filtered = false;
if (isset($_GET["month"]) && isset($_GET["year"])) {
$filtered = true;
$default = $_GET["month"] . "/" . $_GET["year"];
$where = " AND MONTH(t.created_date) = " . $_GET["month"] . " AND YEAR(t.created_date) = " . $_GET["year"] . " AND t.departmentID = " . $departmentID;
$total = db_grab("SELECT \n\t\t(SELECT SUM(t.timeSpent) minutes FROM helpdesk_tickets t WHERE MONTH(t.created_date) = " . $_GET["month"] . " AND YEAR(t.created_date) = " . $_GET["year"] . " AND departmentID = " . $departmentID . ") minutes, \n\t\tMONTH(MIN(created_date)) month,\n\t\tYEAR(MIN(created_date)) year\n\t\tFROM helpdesk_tickets WHERE departmentID = " . $departmentID);
} else {
$where = " AND t.departmentID = " . $departmentID;
$default = "";
$total = db_grab("SELECT \n\t\tSUM(timeSpent) minutes, \n\t\tMONTH(MIN(created_date)) month,\n\t\tYEAR(MIN(created_date)) year\n\t\tFROM helpdesk_tickets WHERE departmentID = " . $departmentID);
$areas[$r["name"]] = $r["id"];
}
if ($r["name"] == "Admin" && $r["isAdmin"]) {
$user["isAdmin"] = true;
}
}
ksort($areas);
//generic variable to indicate admin privileges for the current module
$isAdmin = isset($modules[$page["moduleID"]]) ? $modules[$page["moduleID"]]["isAdmin"] : false;
//check to see if user needs update
if (($user["update_days"] > 90 || empty($user["updatedOn"])) && $page["isSecure"] && $_josh["request"]["path"] != "/staff/add_edit.php") {
error_debug("user needs address update");
url_change("/staff/add_edit.php?id=" . $user["id"]);
} elseif ($user["password"] && $page["isSecure"]) {
error_debug("user needs password update");
url_change("/login/password_update.php");
}
}
//special pages that don't belong to a module still need info
if (!isset($page["moduleID"])) {
$page["moduleID"] = 0;
}
if (!isset($modules[$page["moduleID"]])) {
error_debug("unspecified module");
$modules[$page["moduleID"]]["pallet"] = false;
$modules[$page["moduleID"]]["isPublic"] = false;
$modules[$page["moduleID"]]["pallet"] = false;
$modules[$page["moduleID"]]["name"] = "Intranet";
$modules[$page["moduleID"]]["isAdmin"] = false;
}
//handle switch updates
1
)");
$_GET["id"] = db_grab("SELECT MAX(id) id FROM contacts");
db_query("UPDATE contacts_instances SET objectID = {$_GET["id"]} WHERE id = " . $instance);
}
//populate search indexes
$text = $_POST["varchar_01"] . " " . $_POST["varchar_02"] . " " . $_POST["varchar_03"] . " " . $_POST["varchar_04"] . " " . $_POST["varchar_05"] . " " . $_POST["varchar_06"] . " " . $_POST["varchar_07"] . " " . $_POST["varchar_08"] . " " . $_POST["varchar_09"] . " " . $_POST["varchar_10"] . " " . $_POST["varchar_11"] . " " . $_POST["numeric_01"] . " " . $_POST["text_01"];
updateInstanceWords($instance, $text);
//redirect
url_change("contact.php?id=" . $_GET["id"]);
}*/
echo drawTop();
if (isset($_GET["id"])) {
url_change('contact.php?id=' . $_GET['id']);
//read only
$i = db_grab("SELECT\r\n\t\t\ti.id,\r\n\t\t\t(SELECT t1.id FROM contacts_tags t1 INNER JOIN contacts_instances_to_tags i2t1 ON t1.id = i2t1.tagID WHERE t1.is_active = 1 AND t1.type_id = 10 AND i2t1.instanceID = i.id) salutation,\r\n\t\t\ti.varchar_01 first,\r\n\t\t\ti.varchar_02 last,\r\n\t\t\t(SELECT t2.id FROM contacts_tags t2 INNER JOIN contacts_instances_to_tags i2t2 ON t2.id = i2t2.tagID WHERE t2.is_active = 1 AND t2.type_id = 11 AND i2t2.instanceID = i.id) suffix,\r\n\t\t\ti.varchar_03 nickname,\r\n\t\t\ti.varchar_04 org,\r\n\t\t\ti.varchar_05 title,\r\n\t\t\ti.varchar_06 address1,\r\n\t\t\ti.varchar_07 address2,\r\n\t\t\ti.numeric_01 zip,\r\n\t\t\ti.varchar_08 phone,\r\n\t\t\ti.varchar_09 fax,\r\n\t\t\ti.varchar_10 cell,\r\n\t\t\ti.varchar_11 email,\r\n\t\t\tz.city,\r\n\t\t\tz.state,\r\n\t\t\ti.text_01 notes\r\n\t\tFROM contacts o\r\n\t\tINNER JOIN contacts_instances i ON i.id = o.instanceCurrentID\r\n\t\tLEFT JOIN zip_codes z ON i.numeric_01 = z.zip\r\n\t\tWHERE o.id = " . $_GET["id"]);
}
?>
<script language="javascript">
<!--
function validate(form) {
var errors = new Array();
if (!form.tag_single_10.value) errors[errors.length] = "the Courtesy Title dropdown must be set";
if (!form.varchar_01.value.length) errors[errors.length] = "First Name is empty";
if (!form.varchar_02.value.length) errors[errors.length] = "Last Name is empty";
if (!form.varchar_06.value.length) errors[errors.length] = "Address 1 is empty";
if (!form.numeric_01.value.length) errors[errors.length] = "Postal Code is empty";
<?php
$values = db_query("SELECT id FROM contacts_tags WHERE type_id = 15 AND is_active = 1");
<?php
//this one is not public
include '../include.php';
if ($posting) {
db_query('UPDATE users SET password = PWDENCRYPT("' . $_POST['password1'] . '") WHERE id = ' . $_SESSION['user_id']);
$_SESSION['password'] = false;
url_change($_SESSION['homepage']);
}
echo drawSimpleTop(getString('password_update'));
$f = new form('password_update', false, getString('password_reset'));
$f->set_field(array('type' => 'password', 'name' => 'password1', 'label' => getString('password')));
$f->set_field(array('type' => 'password', 'name' => 'password2', 'label' => getString('confirm')));
echo $f->draw();
echo drawSimpleBottom();
$target = "/staff/changes.php";
} elseif (stristr($req, "/departments/administration")) {
$target = str_replace("/departments/administration", "/openings", $req);
} elseif (stristr($req, "/departments/earnfair")) {
$target = str_replace("/departments/earnfair", "/queries", $req);
} elseif (stristr($req, "/departments/resource_development")) {
$target = str_replace("/departments/resource_development", "/funders", $req);
} elseif (stristr($req, "/docs")) {
$target = str_replace("/docs", "/docs", $req);
} elseif (stristr($req, "/btw")) {
//back to work application ~ used to have the intranet domain
$target = "http://btw.seedco.org" . $req;
} elseif (stristr($req, "msoffice/cltreq.asp")) {
//m$ft internet explorer discussion bar, no redirect
} elseif (stristr($req, "favicon.ico")) {
//site favorite icon, no redirect
} elseif (stristr($req, "_vti_")) {
//looking for m$ft front page extensions, no redirect
} elseif ($_SESSION["user_id"] != 1) {
//user is admin, send email
$msg = $_SESSION["full_name"] . " couldn't find " . url_base() . $req;
if ($referrer) {
$msg .= "<br><br>Referred by " . $referrer;
}
}
if ($target) {
url_change($target, true);
}
echo drawTop();
echo drawMessage("<b>Error: Page Not Found</b><br>\nSorry, the page you're looking for isn't here! If you feel you reached this page in error, please contact \n<a href='mailto:josh@joshreisner.com'>Josh Reisner</a> so it can be fixed.");
echo drawBottom();
<?php
include "../../include.php";
if ($posting) {
$id = db_save("wiki_topics");
db_checkboxes("tags", "wiki_topics_to_tags", "topicID", "tagID", $id);
url_change();
}
echo drawTop();
?>
<table class="left" cellspacing="1">
<?php
echo drawHeaderRow("Main Page", 4);
$topics = db_query("SELECT \n\t\tw.id,\n\t\tw.title,\n\t\tw.description,\n\t\tISNULL(u.nickname, u.firstname) first,\n\t\tu.lastname last,\n\t\tw.created_date\n\tFROM wiki_topics w\n\tJOIN wiki_topics_types t ON w.type_id = t.id\n\tJOIN users u ON w.created_user = u.id\n\tWHERE w.is_active = 1\n\tORDER BY w.created_date DESC");
if (db_found($topics)) {
?>
<tr>
<th width="16"></th>
<th align="left">Title</th>
<th align="left" width="100">Created By</th>
<th align="right" width="80">Created On</th>
</tr>
<?php
while ($t = db_fetch($topics)) {
?>
<tr height="36">
<td></td>
<td><a href="topic.php?id=<?php
echo $t["id"];
?>
"><?php
$page['helptext'] = $m['description'];
} else {
$page['title'] = 'Untitled Page';
}
}
//check to see if user needs update ~ todo make this a site preference
error_debug('checking if user needs update', __FILE__, __LINE__);
if ($_SESSION['password']) {
error_debug('user needs password update', __FILE__, __LINE__);
if ($_josh['request']['path'] != '/login/password_update.php') {
url_change('/login/password_update.php');
}
} elseif ($_SESSION['update_days'] > 90 || empty($_SESSION['updated_date'])) {
error_debug('user needs address update', __FILE__, __LINE__);
if ($_josh['request']['path'] != '/staff/add_edit.php') {
url_change('/staff/add_edit.php?id=' . $_SESSION['user_id']);
}
}
//handle side menu pref updates
error_debug('handle side menu pref updates', __FILE__, __LINE__);
if (isset($_GET['module'])) {
//todo ajax
if (db_grab('SELECT COUNT(*) FROM users_to_modules_closed WHERE module_id = ' . $_GET['module'] . ' AND user_id = ' . $_SESSION['user_id'])) {
db_query('DELETE FROM users_to_modules_closed WHERE module_id = ' . $_GET['module'] . ' AND user_id = ' . $_SESSION['user_id']);
} else {
db_query('INSERT INTO users_to_modules_closed ( module_id, user_id ) VALUES ( ' . $_GET['module'] . ', ' . $_SESSION['user_id'] . ' )');
}
url_query_drop('module');
} elseif (isset($_GET['channel_id'])) {
$_SESSION['channel_id'] = empty($_GET['channel_id']) ? false : $_GET['channel_id'];
url_drop('channel_id');
//1: you can set the option manually
error_reporting(E_ALL);
} elseif (format_text_starts("dev-", $_SERVER["HTTP_HOST"]) || format_text_starts("beta.", $_SERVER["HTTP_HOST"]) || format_text_ends(".site", $_SERVER["HTTP_HOST"])) {
//2: urls start with dev- or end with .site are automatically considered dev sites
$_josh["mode"] = "dev";
error_reporting(E_ALL);
} else {
$_josh["mode"] = "live";
error_reporting(0);
}
//handle https
if (isset($_josh["request"]["protocol"])) {
if ($_josh["is_secure"] && $_josh["request"]["protocol"] != "https") {
url_change("https://" . $_josh["request"]["host"] . $_josh["request"]["path_query"]);
} elseif (!$_josh["is_secure"] && $_josh["request"]["protocol"] != "http") {
url_change("http://" . $_josh["request"]["host"] . $_josh["request"]["path_query"]);
}
}
//escape quotes if necessary
$_josh["getting"] = !empty($_GET);
if ($_josh["getting"]) {
foreach ($_GET as $key => $value) {
$_GET[$key] = format_quotes($value);
}
}
$_josh["posting"] = !empty($_POST);
if ($_josh["posting"]) {
foreach ($_POST as $key => $value) {
if (is_string($_POST[$key])) {
$_POST[$key] = format_quotes($value);
}
WHERE f.id = ' . $id);
$channels_text = db_array('SELECT c.title' . langExt($lang) . ' FROM bb_topics_to_channels t2c JOIN channels c ON t2c.channel_id = c.id WHERE t2c.topic_id = ' . $_POST['topic_id']);
$channels_text = implode(', ', $channels_text);
$message = '<p style="font-weight:bold;">' . $reply['firstname'] . ' ' . $reply['lastname'] . ' ' . getString('bb_followup', $lang) . '</p>
<p>' . getString('title', $lang) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p>
<p>' . getString('channels_label', $lang) . ': ' . $channels_text . '</p>';
if ($topic['type']) {
$message .= '<p>' . getString('category', $lang) . ': ' . $topic['type'] . '</p>';
}
$message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $reply['description'] . '</div>';
emailUser($emails, 'RE: ' . $topic['title'], $message);
}
}
bbDrawRss();
url_change();
} elseif (isset($_GET['delete'])) {
db_delete('bb_topics');
bbDrawRss();
url_change('/bb/');
} elseif (isset($_GET['deleteFollowupID'])) {
db_delete('bb_followups', $_GET['deleteFollowupID']);
bbDrawRss();
url_query_drop('deleteFollowupID');
}
//get topic data
if (!($r = bbDrawTopic($_GET['id']))) {
url_change('/bb/');
}
echo drawTop();
echo $r;
echo drawBottom();
<?php
include '../include.php';
if ($posting) {
error_debug('user is posting', __FILE__, __LINE__);
if ($uploading) {
list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types');
}
langTranslatePost('title,description');
$id = db_save('docs');
//debug();
db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id);
if (getOption('channels')) {
db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id);
}
url_change('info.php?id=' . $id);
}
if (url_id()) {
$d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']);
$pageAction = getString('edit');
} else {
$pageAction = getString('add_new');
}
echo drawTop();
//load code for JS
$extensions = array();
$doctypes = array();
$types = db_query('SELECT description, extension FROM docs_types ORDER BY description');
while ($t = db_fetch($types)) {
$extensions[] = '(extension != "' . $t['extension'] . '")';
$doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
<?php
include '../include.php';
url_query_require();
if (url_action('delete')) {
db_delete('press_clips', $_GET['delete_id']);
url_change('/press-clips/');
}
echo drawTop();
echo drawTableStart();
echo drawHeaderRow($page['breadcrumbs'] . $page['title'], 2, getString('edit'), 'edit/?id=' . $_GET['id'], getString('delete'), drawDeleteLink());
$r = db_grab('SELECT c.title' . langExt() . ' title, c.url, c.pub_date, c.publication' . langExtT() . ' publication, c.type_id, c.description' . langExt() . ' description, t.title' . langExt() . ' type FROM press_clips c JOIN press_clips_types t ON c.type_id = t.id WHERE c.id = ' . $_GET['id']);
?>
<tr>
<td class="left"><?php
echo getString('title');
?>
</td>
<td class='title'><?php
echo $r['title'];
?>
</td>
</tr>
<tr>
<td class="left"><?php
echo getString('category');
?>
</td>
<td><?php
echo draw_link('categories.php?id=' . $r['type_id'], $r['type']);
?>
<?php
include "../include.php";
if ($posting) {
format_post_bits("isAdmin,temporary");
$_POST["description"] = format_html($_POST["description"]);
db_enter("bulletin_board_topics", "title description isAdmin temporary");
//db_query("UPDATE bulletin_board_topics SET threadDate = GETDATE() WHERE id = " . $_GET["id"]); don't do this
syndicateBulletinBoard();
url_change("topic.php?id=" . $_GET["id"]);
}
drawTop();
$t = db_grab("SELECT title, description, isAdmin, temporary, createdBy FROM bulletin_board_topics WHERE id = " . $_GET["id"]);
$form = new intranet_form();
if ($isAdmin) {
$form->addUser("createdBy", "Posted By", $t["createdBy"], false, true);
$form->addCheckbox("isAdmin", "Admin Post?", $t["isAdmin"], "(check if yes)", true);
}
$form->addCheckbox("temporary", "Lifespan", $t['temporary'], "Check Box to Delete Post After 30 Days");
$form->addRow("itext", "Subject", "title", $t["title"], "", true);
$form->addRow("textarea", "Message", "description", $t["description"], "", true);
$form->addRow("submit", "edit topic");
$form->draw("Edit Bulletin Board Topic");
drawBottom();