if (isset($_POST['submit']) && $_POST['submit'] == "Post Comment") {
$comment = safesql(strip_tags($_POST['comment']), "text");
if ($config['confirmcomment'] == 1) {
$allowed = 0;
} else {
$allowed = 1;
}
$timestamp = time();
$data->insert_query("comments", "'', {$id}, '{$check['id']}', 1, {$timestamp}, {$comment}, {$allowed}", "", "", false);
if (confirm('comment')) {
$page = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$page .= "?" . $_SERVER['QUERY_STRING'];
}
$comment = $data->select_fetch_one_row("comments", "WHERE uid='{$check['id']}' AND item_id={$id} AND date={$timestamp}");
confirmMail("comment", $comment);
show_message("The comment first needs to be reviewed before it will be visible", $page);
}
}
$sql = $data->select_query("comments", "WHERE item_id={$id} AND type=1 AND allowed = 1");
$numcom = $data->num_rows($sql);
$comments = array();
while ($temp = $data->fetch_array($sql)) {
$temp['comment'] = censor($temp['comment']);
$temp2 = $data->select_fetch_one_row("users", "WHERE id={$temp['uid']}", "uname");
$temp['uname'] = $temp2['uname'];
$comments[] = $temp;
}
$tpl->assign("numcom", $numcom);
$tpl->assign("com", $comments);
$tpl->assign("comviewallowed", get_auth('comviewallowed', 2));
$patrol = $_POST['patrol'];
$insertSQL = sprintf("NULL, %s, %s", safesql($album_name, "text"), safesql($patrol, "int"));
if (confirm('album')) {
$message = "Your album has been added, but first needs to be reviewed by an administrator.";
$insertSQL .= ", 0";
} else {
$message = "Your album has been added.";
$insertSQL .= ", 1";
}
$album_name = safesql($album_name, "text");
if ($data->insert_query("album_track", $insertSQL . ", 0")) {
$album = $data->select_fetch_one_row("album_track", "WHERE album_name={$album_name} ORDER BY ID DESC");
$data->update_query("users", "numalbums = numalbums + 1", "uname='{$check['uname']}'");
$data->insert_query("owners", "'', {$album['ID']}, 'album', {$check['id']}, 0, 0, 0");
if (confirm('album')) {
confirmMail("album", $album);
} else {
email('newitem', array("album", $album));
}
show_message("Your photo album has been created. {$extra}", "index.php?page=mythings&cat=album&action=edit&id={$album['ID']}&menuid={$menuid}");
} else {
show_message("There was an error adding your photo album. If this error persists please contact the site administrator.", "index.php?page=addphotoalbum", true);
}
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addphotoalbum&menuid={$menuid}", true);
}
}
$groups = public_group_sql_list_id("id", "OR");
$teams = array();
$team_query = $data->select_query("groups", "WHERE ({$groups}) AND ispublic=1");
$numteams = $data->num_rows($team_query);
$tpl->assign("news", $newsitems);
if ($_POST['submit'] == "Submit") {
if (validate($_POST['validation'])) {
$news = safesql($_POST['story'], "text", false);
$title = safesql($_POST['title'], "text");
$attachment = safesql($_POST['attachment'], "text");
if (confirm('news')) {
$Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 0, 0");
$addon = "The news item first needs to be reviewed before it will be available on the site.";
} else {
$Add = $data->insert_query("newscontent", "NULL, {$title}, {$news}, {$timestamp}, {$attachment}, 1, 0");
}
$data->update_query("users", "numnews = numnews + 1", "id='{$check['id']}'");
$article = $data->fetch_array($data->select_query("newscontent", "WHERE title={$title} AND event={$timestamp} ORDER BY id DESC", "id, title, news"));
if (confirm('news')) {
confirmMail("news", $article);
} else {
email('newitem', array("news", $article));
}
$data->insert_query("owners", "'', {$article['id']}, 'newsitem', {$check['id']}, 0, 0, 0");
show_message("Your news item has been added. {$addon}", "index.php?page=mythings&menuid={$menuid}");
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=mythings&action=addnews&menuid={$menuid}", true);
}
}
} elseif ($action == "deleteowner") {
$sqlq = $data->delete_query("owners", "id={$safe_id}");
if ($sqlq) {
show_message("Owner removed.", "index.php?page=mythings&cat={$_GET['cat']}&action=owner&id={$_GET['itemid']}&menuid={$menuid}");
}
}
$allow = 0;
} else {
$message = "Your poll has been added.";
$allow = 1;
}
$results = array();
for ($i = 0; $i < count($_POST['option']); $i++) {
$results[str_replace(' ', '', $_POST['option'][$i])] = 0;
}
$results = safesql(serialize($results), "text");
$sql = $data->insert_query("polls", "NULL, {$poll['pollq']}, {$timestamp}, {$poll['stopdate']}, {$options}, {$results}, {$allow}, 0");
if ($sql) {
$polling = $data->select_fetch_one_row("polls", "WHERE question = {$poll['pollq']} AND date_start={$timestamp} ORDER BY id DESC", "id");
if ($data->insert_query("owners", "'', {$polling['id']}, 'pollitems', {$check['id']}, 0, 0, 0")) {
if (confirm('poll')) {
confirmMail("poll", $polling);
} else {
email('newitem', array("poll", $polling));
}
show_message($message, "index.php?page=mythings&menuid={$menuid}");
} else {
show_message("There was an error adding your poll. If this error persists please contact the site administrator.", "index.php?page=addpoll&menuid={$menuid}", true);
}
}
}
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addpoll&menuid={$menuid}", true);
}
}
$script .= "{literal}\nfunction initialiseInputs() {\n // Clear any old values from the inputs (that might be cachedate by the browser after a page reload)\n document.getElementById(\"sdate\").value = \"\";\n}\n\ndatePickerController.addEvent(window, 'load', initialiseInputs);\n{/literal}";
$scriptList['datepicker'] = 1;
$roll = mysql_real_escape_string(stripslashes($_POST['roll']));
$pass = mysql_real_escape_string(stripslashes($_POST['password']));
$pass1 = mysql_real_escape_string(stripslashes($_POST['confirm-password']));
$hostel = mysql_real_escape_string(stripslashes($_POST['hostel']));
$email = mysql_real_escape_string(stripslashes($_POST['email']));
if (strcmp($pass, $pass1) == 0) {
$pass = encrypt($pass, ENCRYPTION_KEY);
$query = mysql_query("select * from student where roll='{$roll}'", $connection);
if (mysql_num_rows($query) == 0) {
$query = mysql_query("select * from email where email='{$email}'", $connection);
if (mysql_num_rows($query) == 0) {
$keys = generateRandomString(10);
$query = mysql_query("insert into student (name,roll,password,hostel) values ('" . $name . "','" . $roll . "','" . $pass . "','" . $hostel . "')", $connection);
//$query = mysql_query("insert into")
$query = mysql_query("insert into `email` (`roll`,`email`,`key`) values ('" . $roll . "','" . $email . "','" . $keys . "');", $connection);
if ($query) {
confirmMail($email . '@iitg.ernet.in');
header('location:admin-student.php?error=none');
} else {
header('location:admin-student.php?error=connection');
}
} else {
header('location:admin-student.php?error=email');
}
} else {
header('location:admin-student.php?error=duplicate');
}
} else {
header('location:admin-student.php?error=match');
}
}
}
if (isset($_POST['submit'])) {
$name = mysql_real_escape_string(stripslashes($_POST['name']));
$username = mysql_real_escape_string(stripslashes($_POST['username']));
$pass = mysql_real_escape_string(stripslashes($_POST['password']));
$pass1 = mysql_real_escape_string(stripslashes($_POST['confirm-password']));
$hostel = mysql_real_escape_string(stripslashes($_POST['hostel']));
$role = mysql_real_escape_string(stripslashes($_POST['role']));
if (strcmp($pass, $pass1) == 0) {
$pass = encrypt($pass, ENCRYPTION_KEY);
$query = mysql_query("select * from manager where username='******'", $connection);
if (mysql_num_rows($query) == 0) {
if (strcmp($role, "other") == 0) {
$hostel = "none";
}
$keys = generateRandomString(10);
$query = mysql_query("insert into manager (name,username,password,role,hostel) values ('" . $name . "','" . $username . "','" . $pass . "','" . $role . "','" . $hostel . "')", $connection);
$query = mysql_query("insert into `admin_email` (`email`,`key`) values ('" . $username . "','" . $keys . "');", $connection);
if ($query) {
confirmMail($username . '@iitg.ernet.in');
header('location:admin-manager.php?error=none');
} else {
header('location:admin-manager.php?error=connection');
}
} else {
header('location:admin-manager.php?error=duplicate');
}
} else {
header('location:admin-manager.php?error=match');
}
}
} else {
$message = "Your event has been added.";
$allow = 1;
}
$groupallowed = safesql(serialize($_POST['groups']), "text");
$signup = safesql($_POST['signup'], "int");
$signupusers = safesql($_POST['signupusers'], "int");
$patrols = $signupusers != 3 ? safesql(serialize($_POST['patrols']), "text") : safesql(serialize($_POST['invites']), "text");
$timestamp = time();
if ($data->insert_query("calendar_items", "{$insert}, {$allow}, {$groupallowed}, {$timestamp}, {$colour},{$signup}, {$signupusers},{$patrols}, 0")) {
$title = safesql($_POST['summary'], "text");
$article = $data->select_fetch_one_row("calendar_items", "WHERE summary={$title} AND date_post={$timestamp}");
$data->insert_query("owners", "'', {$article['id']}, 'events', {$check['id']}, 0, 0, 0");
$data->update_query("users", "numevent = numevent + 1", "uname='{$check['uname']}'");
if (confirm('event')) {
confirmMail("event", $article);
} else {
email('newitem', array("event", $article));
}
show_message($message, "index.php?page=mythings&menuid={$menuid}");
} else {
show_message("There was an error adding your event. If this error persists please contact the site administrator.", "index.php?page=addevent", true);
}
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addevent&menuid={$menuid}", true);
}
}
$groups = group_sql_list_id("id", "OR");
$teams = array();
$team_query = $data->select_query("groups", "WHERE ({$groups}) ORDER BY teamname ASC", "id, teamname");
$numteams = $data->num_rows($team_query);
} else {
$message = "Your article has been added.";
$insertSQL .= ", 1";
}
$topics = safesql(serialize($_POST['topics']), "text");
$order = safesql($_POST['order'], "int");
$summary = safesql($_POST['summary'], "text");
$related = safesql(serialize($_POST['articles']), "text");
$insertSQL .= ", {$topics}, {$order}, {$summary}, {$related}";
if ($data->insert_query("patrol_articles", $insertSQL . ", 0")) {
$title = safesql($_POST['title'], "text");
$article = $data->fetch_array($data->select_query("patrol_articles", "WHERE title={$title} AND date_post={$timestamp}"));
$data->update_query("users", "numarticles = numarticles + 1", "id='{$check['id']}'");
$data->insert_query("owners", "'', {$article['ID']}, 'articles', {$check['id']}, 0, 0, 0");
if (confirm('article')) {
confirmMail("article", $article);
} else {
email('newitem', array("article", $article));
}
show_message($message, "index.php?page=mythings&menuid={$menuid}");
} else {
show_message("There was an error adding your article. If this error persists please contact the site administrator.", "index.php?page=addarticle&menuid={$menuid}", true);
}
} else {
show_message("There where some errors with some fields, please check them again and resubmit.", "index.php?page=addarticle&menuid={$menuid}", true);
}
} elseif ($_POST['preview'] == "Preview Article") {
if (validate($_POST['validation'])) {
$post['patrol'] = $_POST['patrol'];
$post['title'] = $_POST['title'];
$post['story'] = stripslashes($_POST['story']);
