public function actionEdit() { global $ICONS; global $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot; $editTemplateForm = ""; if (isset($_POST['templateChange'])) { $newTemplate = escape($_POST['template']); $chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$newTemplate}'"; $chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery); if (mysql_num_rows($chkTemplateExistsResult) > 0) { $changeQuery = "Update `faculty_module` SET `templateId`={$newTemplate}"; $changeResult = mysql_query($changeQuery); if (mysql_affected_rows() != 1) { displayerror("Unable to update. Try again after some time."); } else { displayinfo("Successfully updated template"); } } else { displayerror("Selected template doesnot exit."); } $abc = "hi"; return $abc; } if (isset($_POST['templateEdit']) || isset($_GET['templateEdit'])) { if (isset($_POST['templateEdit'])) { $template = escape($_POST['template']); } if (isset($_GET['templateEdit'])) { $template = escape($_GET['template']); } $chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$template}'"; $chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery); if (mysql_num_rows($chkTemplateExistsResult) > 0) { $templateName = mysql_fetch_array($chkTemplateExistsResult); require_once "{$sourceFolder}/{$moduleFolder}/faculty/template_edit.php"; $editTemplateForm = templateDesc($template, $templateName[0]); } else { displayerror("Selected template doesnot exit."); } } // Get Selected Template for Page Start $selectedTemplateQuery = "SELECT `templateId` FROM `faculty_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'"; $selectedTemplateResult = mysql_query($selectedTemplateQuery) or displayerror("Error in getting Faculty Settings"); $selectedTemplate = mysql_fetch_row($selectedTemplateResult); // Get Selected Template for Page Finish $chkDataQuery = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId` IN (SELECT `template_sectionId` FROM `faculty_template` WHERE `template_id`={$selectedTemplate['0']})"; $chkDataResult = mysql_query($chkDataQuery) or displayerror("Error in checking for data"); if (mysql_num_rows($chkDataResult) > 0) { displaywarning("This page contains some data. If you change the template, all the data will be lost!!!"); } // Get list of templates start $options = ""; $templateQuery = "SELECT `template_id`,`template_name` FROM `faculty_template` GROUP BY `template_id`"; $templateResult = mysql_query($templateQuery) or displayerror("Error in selecting Templates"); if (mysql_num_rows($templateResult) > 0) { while ($templateRow = mysql_fetch_array($templateResult)) { if ($templateRow[0] == $selectedTemplate[0]) { $selected = 'selected="selected"'; } else { $selected = ''; } $options .= "<option value='{$templateRow['0']}' {$selected} > {$templateRow['1']}</option>"; } } // Get list of templates start $settingFormHtml = <<<PRE \t\t<fieldset> \t\t<legend>{$ICONS['Forum Settings']['small']}Faculty Settings</legend> \t\t<form method="post" name="faculty_settings" action="./+edit"> \t\t\t<table> \t\t\t\t<tr> \t\t\t\t\t<td> \t\t\t\t\t\tFaculty Templates \t\t\t\t\t</td> \t\t\t\t\t<td> \t\t\t\t\t\t<select name="template" style="width:100px;"> \t\t\t\t\t\t\t{$options} \t\t\t\t\t\t</select> \t\t\t\t\t</td> \t\t\t\t</tr> \t\t\t\t<tr> \t\t\t\t\t<td> \t\t\t\t\t\t<input type="submit" name="templateChange" value="Change Template"> \t\t\t\t\t</td> \t\t\t\t\t<td> \t\t\t\t\t\t<input type="submit" name="templateEdit" value="Edit Template"> \t\t\t\t\t</td> \t\t\t\t</tr> \t\t\t</table> \t\t</form> \t\t</fieldset> PRE; return $settingFormHtml . $editTemplateForm; }
/** * function move*: * moves section, question etc */ function moveItem($itemId, $itemRank, $tableName, $idFieldName, $rankFieldName, $conditions, $direction) { $function = $direction == 'up' ? 'DESC' : 'ASC'; $operator = $direction == 'up' ? '<' : '>'; $neighbourQuery = "SELECT `{$idFieldName}`, `{$rankFieldName}` FROM `{$tableName}` WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$rankFieldName}` {$operator} {$itemRank} ORDER BY `{$rankFieldName}` {$function} LIMIT 1"; $neighbourResult = mysql_query($neighbourQuery); if (!$neighbourResult) { displayerror('Database Error. Could not fetch information about the given item.'); return false; } if (mysql_num_rows($neighbourResult) == 0) { displaywarning('The item that you tried to move ' . $direction . ' is already at the ' . ($direction == 'up' ? 'top' : 'bottom') . ' of the list.'); return true; } $neighbourRow = mysql_fetch_assoc($neighbourResult); $itemId2 = $neighbourRow[$idFieldName]; $itemRank2 = $neighbourRow[$rankFieldName]; $updateQuery1 = "UPDATE `{$tableName}` SET `{$rankFieldName}` = {$itemRank2} WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$idFieldName}` = '{$itemId}'"; $updateQuery2 = "UPDATE `{$tableName}` SET `{$rankFieldName}` = {$itemRank} WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$idFieldName}` = '{$itemId2}'"; if (!mysql_query($updateQuery1) || !mysql_query($updateQuery2)) { displayerror('Database Error. Could not move the specified item.'); return false; } return true; }
function getContent($pageId, $action, $userId, $permission, $recursed = 0) { if ($action == "login") { if ($userId == 0) { ///Commented the requirement of login.lib.php because it is already included in /index.php //require_once("login.lib.php"); $newUserId = login(); if (is_numeric($newUserId)) { return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0); } else { return $newUserId; } ///<The login page } else { displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout."); } return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0); } if ($action == "profile") { if ($userId != 0) { require_once "profile.lib.php"; return profile($userId); } else { displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!"); } } if ($action == "logout") { if ($userId != 0) { $newUserId = resetAuth(); displayinfo("You have been logged out!"); global $openid_enabled; if ($openid_enabled == 'true') { displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !"); } return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0); } else { displayinfo("You need to <a href=\"./+login\">login</a> first to logout!"); } } if ($action == "search") { require_once "search.lib.php"; $ret = getSearchBox(); if (isset($_POST['query'])) { $ret .= getSearchResultString($_POST['query']); } elseif (isset($_GET['query'])) { $ret .= getSearchResultString($_GET['query']); } return $ret; } if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') { if (isset($_GET['parentpath'])) { global $urlRequestRoot; require_once 'menu.lib.php'; $pidarr = array(); parseUrlReal(escape($_GET['parentpath']), $pidarr); $pid = $pidarr[count($pidarr) - 1]; $children = getChildren($pid, $userId); $response = array(); $response['path'] = escape($_GET['parentpath']); $response['items'] = array(); foreach ($children as $child) { $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]); } //echo json_encode($response); exit; } } if ($permission != true) { if ($userId == 0) { $suggestion = "(Try <a href=\"./+login\">logging in?</a>)"; } else { $suggestion = ""; } displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); return ''; } if ($action == "admin") { require_once "admin.lib.php"; return admin($pageId, $userId); } ///default actions also to be defined here (and not outside) /// Coz work to be done after these actions do involve the page $pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'"; $pagetype_result = mysql_query($pagetype_query); $pagetype_values = mysql_fetch_assoc($pagetype_result); if (!$pagetype_values) { displayerror("The requested page does not exist."); return ""; } $moduleType = $pagetype_values['page_module']; $moduleComponentId = $pagetype_values['page_modulecomponentid']; if ($action == "settings") { ///<done here because we needed to check if the page exists for sure. require_once "pagesettings.lib.php"; return pagesettings($pageId, $userId); } if ($action == "widgets") { return handleWidgetPageSettings($pageId); } if ($recursed == 0) { $pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'"; $pagetypeupdate_result = mysql_query($pagetypeupdate_query); if (!$pagetypeupdate_result) { return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>'; } } if ($moduleType == "link") { return getContent($moduleComponentId, $action, $userId, true, 1); } if ($action == "grant") { return grantPermissions($userId, $pageId); } if ($moduleType == "menu") { return getContent(getParentPage($pageId), $action, $userId, true, 1); } if ($moduleType == "external") { $query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')"; $result = mysql_query($query); $values = mysql_fetch_array($result); $link = $values[0]; header("Location: {$link}"); } global $sourceFolder; global $moduleFolder; require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php"; $page = new $moduleType(); if (!$page instanceof module) { displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>"); return ""; } $createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'"; $createperms_result = mysql_query($createperms_query); if (mysql_num_rows($createperms_result) < 1) { displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>"); return ""; } $availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'"; $availableperms_result = mysql_query($availableperms_query); $permlist = array(); while ($value = mysql_fetch_assoc($availableperms_result)) { array_push($permlist, $value['perm_action']); } array_push($permlist, "view"); $class_methods = get_class_methods($moduleType); foreach ($permlist as $perm) { if (!in_array("action" . ucfirst($perm), $class_methods)) { displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>"); return ""; } } if ($action == "pdf") { if (isset($_GET['depth'])) { $depth = $_GET['depth']; } else { $depth = 0; } if (!is_numeric($depth)) { $depth = 0; } global $TITLE; global $sourceFolder; require_once "{$sourceFolder}/modules/pdf/html2fpdf.php"; $pdf = new HTML2FPDF(); $pdf->setModuleComponentId($moduleComponentId); $pdf->AddPage(); $pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view")); $cp = array(); $j = 0; if ($depth == -1) { $cp = child($pageId, $userId, $depth); if ($cp[0][0]) { for ($i = 0; $cp[$i][0] != NULL; $i++) { require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php"; $page1 = new $cp[$i][2](); $modCompId = $cp[$i][5]; $pdf->setModuleComponentId($modCompId); $pdf->AddPage(); $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view")); } } } else { if ($depth > 0) { $cp = child($pageId, $userId, $depth); --$depth; while ($depth > 0) { $count = count($cp); for ($j; $j < $count; $j++) { $cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth)); } --$depth; } if ($cp[0][0]) { for ($i = 0; isset($cp[$i]); $i++) { require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php"; $page1 = new $cp[$i][2](); $modCompId = $cp[$i][5]; $pdf->setModuleComponentId($modCompId); $pdf->AddPage(); $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view")); } } } } $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf"; while (file_exists($filePath)) { $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf"; } $pdf->Output($filePath); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: application/pdf"); header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($filePath)); @readfile("{$filePath}"); unlink($filePath); } return $page->getHtml($userId, $moduleComponentId, $action); }
/** Undocumented Function. * Basically performs the whole login routine * @todo Document it */ function login() { $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'"; $allow_login_result = mysql_query($allow_login_query); $allow_login_result = mysql_fetch_array($allow_login_result); if (isset($_GET['subaction'])) { if ($_GET['subaction'] == "resetPasswd") { return resetPasswd($allow_login_result[0]); } if ($allow_login_result[0]) { if ($_GET['subaction'] == "register") { require_once "registration.lib.php"; return register(); } } global $openid_enabled; if ($openid_enabled == 'true' && $allow_login_result[0]) { if ($_GET['subaction'] == "openid_login") { if (isset($_POST['process'])) { $openid_url = trim($_POST['openid_identifier']); openid_endpoint($openid_url); } } if ($_GET['subaction'] == "openid_verify") { if ($_GET['openid_mode'] != "cancel") { $openid_url = $_GET['openid_identity']; // Get the user's OpenID Identity as returned to us from the OpenID Provider $openid = new Dope_OpenID($openid_url); //Create a new Dope_OpenID object. $validate_result = $openid->validateWithServer(); //validate to see if everything was recieved properly if ($validate_result === TRUE) { $userinfo = $openid->filterUserInfo($_GET); return openid_login($userinfo); } else { if ($openid->isError() === TRUE) { // Else if you're here, there was some sort of error during processing. $the_error = $openid->getError(); $error = "Error Code: {$the_error['code']}<br />"; $error .= "Error Description: {$the_error['description']}<br />"; } else { //Else validation with the server failed for some reason. $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}"; } } } else { displayerror("User cancelled the OpenID authorization"); } } if ($_GET['subaction'] == "openid_pass") { if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) { displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first."); return; } else { $openid_url = $_SESSION['openid_url']; $openid_email = $_SESSION['openid_email']; unset($_SESSION['openid_url']); unset($_SESSION['openid_email']); if (!isset($_POST['user_password'])) { displayerror("Empty Passwords not allowed"); return; } $user_passwd = $_POST['user_password']; $info = getUserInfo($openid_email); if (!$info) { displayerror("No user with Email {$openid_email}"); } else { $check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd); if ($check) { //Password was correct. Link the account $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account"); if ($result) { displayinfo("Account successfully Linked. Log In one more time to continue."); } } else { displayerror("The password you specified was incorrect"); } } } } if ($_GET['subaction'] == "quick_openid_reg") { if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) { displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first."); return; } else { $openid_url = $_SESSION['openid_url']; $openid_email = $_SESSION['openid_email']; unset($_SESSION['openid_url']); unset($_SESSION['openid_email']); if (!isset($_POST['user_name']) || $_POST['user_name'] == "") { displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again."); return; } $openid_fname = escape($_POST['user_name']); //Now let's start making the dummy user $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account"); if ($result) { $id = mysql_insert_id(); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")"; $result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account"); if ($result) { displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in."); } } return ""; } } } } if (!isset($_POST['user_email'])) { return loginForm($allow_login_result[0]); } else { /*if it is, then userLDAPVerify($user_email,$user_passwd); if the password is correct, update his password in DB else $dontloginLDAP = true; } else { if(userLDAPVerify($user_email,$user_passwd)) { create his row in DB with loginmethod = ldap and user_activated = 1 (for this, use the createUser funciton in common.lib.php) } }*/ global $cookieSupported; $login_status = false; if ($cookieSupported == true) { if ($_POST['user_email'] == "" || $_POST['user_password'] == "") { displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); return loginForm($allow_login_result[0]); } else { $user_email = escape($_POST['user_email']); $user_passwd = escape($_POST['user_password']); $login_method = ''; if (!check_email($user_email)) { displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator"); return loginForm($allow_login_result[0]); } if ($temp = getUserInfo($user_email)) { // check if exists in DB $login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd); // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old. if ($login_status) { updateUserPassword($user_email, $user_passwd); } //update passwd in db } else { //if user is not in db global $authmethods; if (strpos($user_email, '@') > -1) { $tmp = explode('@', $user_email); $user_name = $tmp[0]; $user_domain = strtolower($tmp[1]); } else { $user_name = $user_email; } if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) { if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) { $login_method = 'imap'; } } elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) { if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) { $login_method = 'ads'; } } elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) { if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) { $login_method = 'ldap'; } } if ($login_status) { //create new user in db and activate the user (only if user's login is valid) $user_fullname = strtoupper($user_name); $user_md5passwd = md5($user_passwd); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')"; mysql_query($query) or die(mysql_error() . " creating new user !"); } else { displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user")); } } if ($login_status) { $temp = getUserInfo($user_email); if (!$temp['user_activated']) { displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); // if user exists in db and admin has set user_activated = false delibrately // then it means that the user has been denied access !!! } else { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'"; mysql_query($query) or die(mysql_error() . " in login.lib.L:111"); $_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin']; setAuth($temp['user_id']); //exit(); //displayinfo("Welcome " . $temp['user_name'] . "!"); return $temp['user_id']; } } else { displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />"); return loginForm($allow_login_result[0]); } } return 0; } else { showCookieWarning(); return 0; } } }
function handleUserMgmt() { global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php"; if (isset($_GET['userid'])) { $_GET['userid'] = escape($_GET['userid']); } if (isset($_POST['editusertype'])) { $_POST['editusertype'] = escape($_POST['editusertype']); } if (isset($_POST['user_selected_activate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't activate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_deactivate'])) { foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot deactivate administrator!"); continue; } if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) { $result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'"); if ($result) { $row = mysql_fetch_assoc($result); displayerror("Couldn't deactivate user, {$row['user_fullname']}"); } } } } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_selected_delete'])) { $done = true; foreach ($_POST as $key => $var) { if (substr($key, 0, 9) == "selected_") { if ((int) substr($key, 9) == ADMIN_USERID) { displayerror("You cannot delete administrator!"); continue; } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'"; if (!mysql_query($query)) { $done = false; } } else { $done = false; } } } if (!$done) { displayerror("Some problem in deleting selected users"); } return registeredUsersList($_POST['editusertype'], "edit", false); } if (isset($_POST['user_activate'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Activated!"); } else { displayerror("User Not Activated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['activate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1"; if (mysql_query($query)) { displayInfo("All users activated successfully!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_deactivate'])) { if ($_GET['userid'] == ADMIN_USERID) { displayError("You cannot deactivate administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'"; if (mysql_query($query)) { displayInfo("User Successfully Deactivated!"); } else { displayerror("User Not Deactivated!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['deactivate_all_users'])) { $query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID; if (mysql_query($query)) { displayInfo("All users deactivated successfully except Administrator!"); } else { displayerror("Users Not Deactivated!"); } return; } else { if (isset($_POST['user_delete'])) { $userId = $_GET['userid']; if ($userId == ADMIN_USERID) { displayError("You cannot delete administrator!"); return registeredUsersList($_POST['editusertype'], "edit", false); } $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { $query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'"; if (mysql_query($query)) { displayinfo("User Successfully Deleted!"); } else { displayerror("User not deleted from OpenID database!"); } } else { displayerror("User Not Deleted!"); } return registeredUsersList($_POST['editusertype'], "edit", false); } else { if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) { if (isset($_POST['user_info_update'])) { $updates = array(); $userId = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'"; $row = mysql_fetch_assoc(mysql_query($query)); $errors = false; if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) { $chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'"; $result = mysql_query($chkquery) or die("failed : {$chkquery}"); if (mysql_num_rows($result) > 0) { displayerror("User Name already exists in database!"); $errors = true; } } if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) { $updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'"; } if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) { $updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'"; } if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) { $updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'"; } if ($_POST['user_password'] != '') { if ($_POST['user_password'] != $_POST['user_password2']) { displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.'); $errors = true; } else { if (md5($_POST['user_password']) != $row['user_password']) { $updates[] = "`user_password` = MD5('{$_POST['user_password']}')"; } } } if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) { $updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'"; } if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) { $updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'"; } if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) { $checked = isset($_POST['user_activated']) ? 1 : 0; $updates[] = "`user_activated` = {$checked}"; } if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) { $updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'"; if ($_POST['user_loginmethod'] != 'db') { displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website."); } } if (!$errors) { if (count($updates) > 0) { $profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'"; $profileResult = mysql_query($profileQuery); if (!$profileResult) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } } global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (!$errors && !submitRegistrationForm(0, $userId, true, true)) { displayerror('An error was encountered while attempting to process your request.' . $profileQuery); $errors = true; } else { displayinfo('All fields updated successfully!'); } } } $userid = $_GET['userid']; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}"; $columnList = getColumnList(0, false, false, false, false, false); $xcolumnIds = array_keys($columnList); $xcolumnNames = array_values($columnList); $row = mysql_fetch_assoc(mysql_query($query)); $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>"; $usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames); for ($i = 0; $i < count($usertablefields); $i++) { if (isset($_POST[$usertablefields[$i] . '_sel'])) { $userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>"; } } $userinfo .= "<input type='hidden' name='not_first_time' />"; $userinfo .= userProfileForm($userfieldprettynames, $row, false, true); $userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>"; return $userinfo; } else { if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) { return registeredUsersList("all", "view", false); } else { if (isset($_POST['edit_reg_users'])) { return registeredUsersList("all", "edit", false); } else { if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) { return registeredUsersList("activated", "view", false); } else { if (isset($_POST['edit_activated_users'])) { return registeredUsersList("activated", "edit", false); } else { if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) { return registeredUsersList("nonactivated", "view", false); } else { if (isset($_POST['edit_nonactivated_users'])) { return registeredUsersList("nonactivated", "edit", false); } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') { $results = ""; $userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); $first = true; $qstring = ""; foreach ($usertablefields as $field) { if (isset($_POST[$field]) && $_POST[$field] != '') { if ($first == false) { $qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR "; } $val = escape($_POST[$field]); if ($field == 'user_activated') { ${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0; } else { ${$field . '_lastval'} = $val; } $qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) "; $first = false; } } if ($qstring != "") { $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} "; $resultSearch = mysql_query($query); if (mysql_num_rows($resultSearch) > 0) { $num = mysql_num_rows($resultSearch); $userInfo = array(); while ($row = mysql_fetch_assoc($resultSearch)) { $userInfo['user_id'][] = $row['user_id']; $userInfo['user_name'][] = $row['user_name']; $userInfo['user_email'][] = $row['user_email']; $userInfo['user_fullname'][] = $row['user_fullname']; $userInfo['user_password'][] = $row['user_password']; $userInfo['user_lastlogin'][] = $row['user_lastlogin']; $userInfo['user_regdate'][] = $row['user_regdate']; $userInfo['user_activated'][] = $row['user_activated']; $userInfo['user_loginmethod'][] = $row['user_loginmethod']; } $results = registeredUsersList("all", "edit", false, $userInfo); } else { displayerror("No users matched your query!"); } } $searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>"; $xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $searchForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { if (isset(${$field . '_lastval'})) { $infoarray[$field] = ${$field . '_lastval'}; } else { $infoarray[$field] = ""; } } $searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false); $searchForm .= "Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>"; return $results . $searchForm; } else { if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') { $userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method"); $usertablefields = getTableFieldsName('users'); if (isset($_POST['create_user_submit'])) { $incomplete = false; foreach ($usertablefields as $field) { if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) { displayerror("New user could not be created. Some fields are missing!{$field}"); $incomplete = true; break; } ${$field} = escape($_POST[$field]); } if (!$incomplete) { $user_id = $_GET['userid']; $chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'"; $result = mysql_query($chkquery); $row = mysql_fetch_row($result); if ($row[0] > 0) { displayerror("Another user with the same name or email already exists!"); } else { if ($user_password != $_POST['user_password2']) { displayerror("Passwords mismatch!"); } else { if (isset($_POST['user_activated'])) { $user_activated = 1; } $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')"; $result = mysql_query($query) or die(mysql_error()); global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) { displayinfo("User {$user_fullname} Successfully Created!"); } else { displayerror("Failed to create user"); } } } } } $nextUserId = getNextUserId(); $userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>"; $xcolumnNames = array_values(getColumnList(0, false, false, false, false, false)); $usertablefields2 = array_merge($usertablefields, $xcolumnNames); $calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}"; $userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>'; for ($i = 0; $i < count($usertablefields2); $i++) { if (isset($_POST[$usertablefields2[$i] . '_sel'])) { $userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>"; } } $userForm .= "<input type='hidden' name='not_first_time' />"; $infoarray = array(); foreach ($usertablefields as $field) { $infoarray[$field] = ""; } $infoarray['user_id'] = $nextUserId; $userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true); $userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>"; return $userForm; } } } } } } } } } } } } } } }
function downloadAsZipFile($mcid, $evtId = 0) { global $sourceFolder, $uploadFolder; $uploadDir = $sourceFolder . "/" . $uploadFolder; if (!createFolder($uploadDir)) { return false; } $uploadDir .= "/qaos1"; if (!createFolder($uploadDir)) { return false; } $uploadDir .= "/tmp/"; if (!createFolder($uploadDir)) { return false; } $date = date_create(); $timeStamp = date_timestamp_get($date); $uploadDir .= "events_" . $timeStamp . ".zip"; $zip = new ZipArchive(); if ($zip->open($uploadDir, ZipArchive::OVERWRITE) !== TRUE) { displaywarning("zip file not created"); return false; } $getFileData = "SELECT events.* , uploads.upload_fileid FROM `qaos1_bills` AS events , " . MYSQL_DATABASE_PREFIX . "uploads AS uploads "; $getFileData .= " WHERE events.qaos1_imgname = uploads.upload_filename AND events.page_modulecomponentid = {$mcid} AND"; $getFileData .= " uploads.page_modulecomponentid = {$mcid} AND uploads.page_module = 'qaos1' "; $getFileData .= $evtId != 0 ? "AND events.qaos1_eventid= {$evtId}" : ""; $getFileData .= " ORDER BY events.qaos1_eventid "; // displayinfo($getFileData); $getFileDataRes = mysql_query($getFileData) or displayerror(mysql_error()); if ($getFileDataRes == "") { return false; } $billNo = array(); while ($result = mysql_fetch_assoc($getFileDataRes)) { $upload_fileid = $result['upload_fileid']; $fileName = $result['qaos1_imgname']; $filename = str_repeat("0", 10 - strlen((string) $upload_fileid)) . $upload_fileid . "_" . $fileName; $file = $sourceFolder . "/" . $uploadFolder . "/qaos1/" . $filename; if (!file_exists($file)) { displaywarning("Biil No - #" . $result['bill_no'] . "does not exist"); continue; } $evtName = getEventNameFromId($result['qaos1_eventid'], $mcid); if (!isset($billNo[$evtName])) { $billNo[$evtName] = 1; } $newFileName = "Pragyan13_" . $result['qaos1_cluster'] . "_" . $evtName . "_bill" . $billNo[$evtName]++; //."_".$fileName; // $newFileName=$evtName."_bill".$result['bill_no']."_".$fileName; $tmpFolder = $evtName; //getEventNameFromId($result['qaos1_eventid'],$mcid); if (!$zip->addEmptyDir($tmpFolder)) { displaywarning("Biil No - #" . $result['bill_no'] . "not copied"); } $zip->addFile($file, $tmpFolder . "/" . $newFileName); } $zip->close(); header('Content-Type: application/zip'); header('Content-disposition: attachment; filename=events.zip'); header('Content-Length: ' . filesize($uploadDir)); readfile($uploadDir); unlink($uploadDir); exit(0); }
function finalizeInstallation($uploadId, $type) { global $sourceFolder, $widgetFolder, $templateFolder; $result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'")); if ($result != NULL) { $zipFile = $result['filePath']; $temp = explode(";", $result['info']); $extractedPath = $temp[0]; $moduleActualPath = $temp[1]; $moduleName = $temp[2]; } // die("Zipfile: {$zipFile}<br />extratedPath: {$extractedPath}<br />moduleActualPath: {$moduleActualPath}<br />moduleName: {$moduleName}"); $issues = ""; $function = "checkFor{$type}Issues"; $ret = $function($moduleActualPath, $moduleName, $issues); if ($ret[0] == 1) { displayerror("Your {$type} is still not compatible with Pragyan CMS. Please fix the reported issues during installation."); delDir($extractedPath); unlink($zipFile); mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error()); return ""; } if ($type == "Module") { $colName = "module_name"; $tableName = "modules"; } else { if ($type == "Widget") { $colName = "widget_foldername"; $tableName = "widgetsinfo"; } else { if ($type == "Template") { $colName = "template_name"; $tableName = "templates"; } } } if (mysql_fetch_array(mysql_query("SELECT `{$colName}` FROM `" . MYSQL_DATABASE_PREFIX . "{$tableName}` WHERE `{$colName}` = '{$moduleName}'"))) { displayerror("{$type} Installation failed : {$type} already exist"); delDir($extractedPath); unlink($zipFile); mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error()); return ""; } if ($type == "Module") { installModuleFiles($moduleActualPath, $sourceFolder . "/modules/", $moduleName); } else { if ($type == "Widget") { $destination = "{$sourceFolder}/{$widgetFolder}/{$moduleName}/"; if (!file_exists($destination)) { mkdir($destination); } rename($moduleActualPath, $destination); } else { if ($type == "Template") { $destination = "{$sourceFolder}/{$templateFolder}/{$moduleName}/"; if (!file_exists($destination)) { mkdir($destination); } rename($moduleActualPath, $destination); } } } $notice = ""; if ($type == "Module") { $handle = @fopen($moduleActualPath . "/moduleQueries.sql", "r"); $query = ""; if ($handle) { while (!feof($handle)) { $buffer = fgets($handle, 4096); if (strpos($buffer, "--") !== 0) { $query .= $buffer; } } fclose($handle); } $query = str_replace("pragyanV3_", MYSQL_DATABASE_PREFIX, $query); $singlequeries = explode(";\n", $query); foreach ($singlequeries as $singlequery) { if (trim($singlequery) != "") { $result1 = mysql_query($singlequery); if (!$result1) { displayerror("<h3>Error:</h3><pre>" . $singlequery . "</pre>\n<br/>Unable to execute query. " . mysql_error()); } } } mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "modules`(`module_name`,`module_tables`) VALUES('{$moduleName}','" . escape(file_get_contents($moduleActualPath . "moduleTables.txt")) . "')") or displayerror(mysql_error()); $notice = ""; if (file_exists($moduleActualPath . "moduleNotice.txt")) { $notice = ", New module samoduleTablesys:<br>" . file_get_contents($moduleActualPath . "moduleNotice.txt"); } } else { if ($type == "Widget") { $content = explode("|", file_get_contents($destination . "widget.info")); $widgetName = ''; $widgetClassName = ''; $widgetDescription = ''; $widgetVersion = ''; $widgetAuthor = ''; $widgetFolder = $moduleName; if (count($content) == 5) { $widgetName = escape($content[0]); $widgetClassName = escape($content[1]); $widgetDescription = escape($content[2]); $widgetVersion = escape($content[3]); $widgetAuthor = escape($content[4]); } else { displaywarning("Widget information could not be read properly"); } mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "widgetsinfo`(`widget_name`,`widget_classname`,`widget_description`,`widget_version`,`widget_author`,`widget_foldername`) VALUES ('{$widgetName}','{$widgetClassName}','{$widgetDescription}','{$widgetVersion}','{$widgetAuthor}','{$widgetFolder}')"); if (!mysql_affected_rows()) { displayerror("Installation error, try again later"); delDir($sourceFolder . "/widgets/" . $moduleName); } } else { if ($type == "Template") { mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates`(`template_name`) VALUES('{$moduleName}')"); if (!mysql_affected_rows()) { displayerrro("Problem including uploaded template to database, try <a href='./+admin&subaction=reloadtemplates'>reload templates</a>"); } } } } delDir($extractedPath); unlink($zipFile); mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error()); displayinfo("{$type} installation complete" . $notice); return ""; }
function blockRoomNo($roomId, $mcid) { $roomId = escape($roomId); $blockRoomQuery = "SELECT `hospi_blocked` FROM `prhospi_hostel` WHERE `hospi_blocked`=0 AND `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}"; $blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error()); if (!mysql_num_rows($blockRoomQueryRes)) { displayerror("Room Does Not exist"); return; } $res = mysql_fetch_assoc($blockRoomQueryRes); if ($res['hospi_blocked'] != 0) { displaywarning("Room Blocked Already"); return; } $blockRoomQuery = "UPDATE `prhospi_hostel` SET `hospi_blocked`=1 WHERE `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}"; $blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error()); if ($blockRoomQueryRes) { displayinfo("Room Blocked "); } else { displayinfo("There is a Error.Please contact System Administrator for Details"); } return; }
/** * Uploads the file * @param $moduleComponentId page_modulecomponentid * @param $moduleName The module which is calling this function * @param $uploadFormName The name of the variable used in forms to upload the file * @param $userId The user uploading the file * @return $uploadedFiles An array of the names of the files uploaded. The file name is mysql_escaped and then uploaded * * * TODO : when called by a module check if it exists in enum field in DB if not give error. */ function upload($moduleComponentId, $moduleName, $userId, $uploadFormName, $maxFileSizeInBytes = false, $uploadableFileTypesArray = false) { if ($maxFileSizeInBytes === false) { $maxFileSizeInBytes = 2 * 1024 * 1024; } global $sourceFolder; global $uploadFolder; $uploadDir = $sourceFolder . "/" . $uploadFolder; $defaultUploadableFileTypes = '/\\.(css|xlsx|gif|png|jpe?g|js|html|xml|pdf|doc|docx|ods|odt|oft|pps|ppt|pptx|avi|txt|std|stc|sti|stw|svgz?|sxc|sx.|tex|tiff|txt|chm|mp3|mp2|wave?|ogg|mpe?g|wmv|wma|wmf|rm|avi|gzip|gz|rar|bmp|psd|bz2|tar|zip|swf|fla|flv|eps|ico|xcf|m3u|lit|bcf|xls|mov|xlr|exe|7?z)$/i'; if ($uploadableFileTypesArray === false) { $uploadFileTypesRegexp = $defaultUploadableFileTypes; } else { if (gettype($uploadableFileTypesArray) != "array" || count($uploadableFileTypesArray) == 0) { displayerror("Error in the uploadable types given."); return false; } $uploadFileTypesRegexp = '/\\.(' . join($uploadableFileTypesArray, "|") . ')$/i'; } /// Checking if the upload folder exists and creating it if doesn't exist if (!file_exists($uploadDir)) { displaywarning("The folder {$uploadDir} does not exist. Trying to creating it."); mkdir($uploadDir, 0755); if (!file_exists($uploadDir)) { displayerror("Creation of directory failed"); return false; } else { displayinfo("Created {$uploadDir}."); } } /// Checking for existing directory named as the module and creating it if doesn't exist if (!file_exists($uploadDir . '/' . $moduleName)) { displaywarning("The folder " . $uploadDir . '/' . $moduleName . " does not exist. Trying to create it"); mkdir($uploadDir . '/' . $moduleName, 0755); if (!file_exists($uploadDir . '/' . $moduleName)) { displayerror("Creation of directory failed"); return false; } else { displayinfo("Created " . $uploadDir . '/' . $moduleName); } } $uploadedFiles = array(); //displayinfo( "$uploadDir/$moduleName is " . (is_writable($uploadDir."/".$moduleName) ? "" : "not ") . " now writable<br>"); if (isset($_FILES[$uploadFormName])) { if (is_array($_FILES[$uploadFormName]['error'])) { foreach ($_FILES[$uploadFormName]['error'] as $key => $error) { if ($error == UPLOAD_ERR_OK) { $tmp_name = $_FILES[$uploadFormName]['tmp_name'][$key]; $upload_filename = $_FILES[$uploadFormName]['name'][$key]; $upload_filetype = $_FILES[$uploadFormName]['type'][$key]; if (preg_match($uploadFileTypesRegexp, $upload_filename, $matches) == 0) { displayerror("Error while uploading file {$upload_filename}. Upload of files of this type not allowed."); continue; } if ($_FILES[$uploadFormName]['size'][$key] > $maxFileSizeInBytes) { displayerror("Error while uploading file {$upload_filename}. Max file size of {$maxFileSizeInBytes} bytes exceeded."); continue; } $uploadedFilename = saveUploadedFile($moduleComponentId, $moduleName, $userId, $upload_filename, $tmp_name, $upload_filetype, $uploadDir); if ($uploadedFilename) { $uploadedFiles[] = $uploadedFilename; } } else { if ($error == UPLOAD_ERR_NO_FILE) { continue; } displayerror("Unable to upload file. " . getFileUploadError($error)); } } } else { $uploadTrue = true; $upload_filename = $_FILES[$uploadFormName]['name']; /// Checking if the uploaded file is of the permssible file types. if (preg_match($uploadFileTypesRegexp, $upload_filename, $matches) == 0) { displayerror("Error while uploading file {$upload_filename}. Upload of files of this type not allowed."); $uploadTrue = false; } /// Checking if the uploaded file is below the maximum upload size. if ($uploadTrue && $_FILES[$uploadFormName]['size'] > $maxFileSizeInBytes) { displayerror("Error while uploading file {$upload_filename}. Max file size of {$maxFileSizeInBytes} bytes exceeded."); $uploadTrue = false; } if ($uploadTrue) { $uploadedFilename = saveUploadedFile($moduleComponentId, $moduleName, $userId, $_FILES[$uploadFormName]['name'], $_FILES[$uploadFormName]['tmp_name'], $_FILES[$uploadFormName]['type'], $uploadDir); } if ($uploadedFilename) { $uploadedFiles[] = $uploadedFilename; } } } else { echo "Sorry, there was a problem uploading your file. UPLOAD L:123 {$uploadFormName}"; } return $uploadedFiles; }
/** Unegister a user in form_regdata table and remove his data from elementdata table*/ function unregisterUser($moduleCompId, $userId, $silentOnSuccess = false) { if (verifyUserRegistered($moduleCompId, $userId)) { $unregisteruser_query = "DELETE FROM `form_regdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}'"; $unregisteruser_result = mysql_query($unregisteruser_query); /// Remove any files uploaded by the user $fileFieldQuery = 'SELECT `form_elementdata` FROM `form_elementdata`, `form_elementdesc` WHERE ' . "`form_elementdata`.`page_modulecomponentid` = '{$moduleCompId}' AND `form_elementtype` = 'file' AND " . "`form_elementdata`.`user_id` = '{$userId}' AND `form_elementdesc`.`page_modulecomponentid` = `form_elementdata`.`page_modulecomponentid` AND " . "`form_elementdata`.`form_elementid` = `form_elementdesc`.`form_elementid`"; $fileFieldResult = mysql_query($fileFieldQuery); global $sourceFolder; require_once "{$sourceFolder}/upload.lib.php"; while ($fileFieldRow = mysql_fetch_row($fileFieldResult)) { deleteFile($moduleCompId, 'form', $fileFieldRow[0]); } $deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}' "; $deleteelementdata_result = mysql_query($deleteelementdata_query); if ($deleteelementdata_result) { global $sourceFolder; require_once $sourceFolder . "/group.lib.php"; $groupId = getGroupIdFromFormId($moduleCompId); if ($groupId != false) { if (removeUserFromGroupId($groupId, $userId)) { if (!$silentOnSuccess) { displayinfo("User successfully unregistered"); } return true; } else { displayerror("Unable to unregister user from group."); return false; } } else { if (!$silentOnSuccess) { displayinfo("User successfully unregistered"); } return true; } } else { displayerror("Error in unregistering user."); return false; } } else { displaywarning("User not registered!"); return false; } }
function updateGlobalSettings() { $global = array(); $global['allow_pagespecific_header'] = isset($_POST['allow_page_header']) ? 1 : 0; $global['allow_pagespecific_template'] = isset($_POST['allow_page_template']) ? 1 : 0; $global['default_user_activate'] = isset($_POST['activate_useronreg']) ? 1 : 0; $global['default_mail_verify'] = isset($_POST['send_mail_on_reg']) ? 1 : 0; $global['breadcrumb_submenu'] = isset($_POST['breadcrumb_submenu']) ? 1 : 0; $global['allow_login'] = isset($_POST['allow_login']) ? 1 : 0; $global['deadline_notify'] = $_POST['deadline_notify']; $global['cms_title'] = escape($_POST['cms_title']); $global['default_template'] = escape($_POST['default_template']); $global['cms_email'] = escape($_POST['cms_email']); $global['upload_limit'] = escape($_POST['upload_limit']); $global['reindex_frequency'] = escape($_POST['reindex_frequency']); $global['cms_desc'] = escape($_POST['cms_desc']); $global['cms_keywords'] = escape($_POST['cms_keywords']); $global['cms_footer'] = escape($_POST['cms_footer']); $global['blacklist_domain'] = escape($_POST['blacklist_domain']); $global['blacklist_ip'] = escape($_POST['blacklist_ip']); $global['censor_words'] = safe_html($_POST['censor_words']); $blacklist_domain = safe_html($_POST['blacklist_domain']); $blacklist_ip = safe_html($_POST['blacklist_ip']); if (!($blacklist_domain == "" && $blacklist_ip == "")) { setblacklist($blacklist_domain, $blacklist_ip); } if (isset($_POST['openid_enabled']) && escape($_POST['openid_enabled'] == 'true')) { if (iscurlinstalled()) { //check if curl is enabled $global['openid_enabled'] = 'true'; } else { global $curl_message; displaywarning($curl_message); //dispaly warnning that curl is not enabled $global['openid_enabled'] = 'false'; //disable openid } } else { //if user submitted false $global['openid_enabled'] = 'false'; } //disable openid if (isset($_POST['recaptcha_enable'])) { if ($_POST['public_key'] != NULL && $_POST['private_key'] != NULL) { $global['recaptcha'] = '1'; // enable recaptcha $global['recaptcha_public'] = escape($_POST['public_key']); $global['recaptcha_private'] = escape($_POST['private_key']); } else { displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled"); //dispaly warning $global['recaptcha'] = '0'; //disable recaptcha } } else { $global['recaptcha'] = '0'; } setGlobalSettings($global); displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload."); }
function syncExcelFile($pmcId, $eventId, $fileLoc) { displaywarning($pmcId, $eventId); $excelData = readExcelSheet($fileLoc); displaywarning(print_r($excelData)); for ($i = 1; $i <= count($excelData); $i++) { for ($j = 1; $j <= count($excelData[$i]); $j++) { $userPid = $excelData[$i][$j]; if ($userPid[0] == 'F' || $userPid[0] == 'f') { $userPid = getUserIdFromBookletId($userPid, $pmcId); } if (!empty($excelData[$i][$j])) { $checkDuplicateQuery = "SELECT `user_pid` FROM `events_participants` WHERE `page_moduleComponentId`='{$pmcId}' AND `event_id`='{$eventId}' AND `user_pid`='{$userPid}'"; $checkDuplicateRes = mysql_query($checkDuplicateQuery) or displayerror(mysql_error()); if (mysql_num_rows($checkDuplicateRes) == 0) { $getBookletIdQuery = "SELECT `booklet_id` FROM `prhospi_pr_status` WHERE `user_id`='{$userPid}' AND `page_moduleComponentId`='{$pmcId}'"; $getBookletIdRes = mysql_query($getBookletIdQuery) or displayerror(mysql_error()); if (mysql_num_rows($getBookletIdRes) > 0 || 1) { displaywarning("Am here"); $bookletId = mysql_result($getBookletIdRes, 0); $saveUserIdQuery = "INSERT INTO `events_participants`(`page_moduleComponentId`,`event_id`,`user_pid`,`user_team_id`) VALUES('{$pmcId}','{$eventId}','{$userPid}','{$i}')"; $saveUserIdRes = mysql_query($saveUserIdQuery) or displayerror(mysql_error()); $userInitRankQuery = "INSERT INTO `events_result`(`page_moduleComponentId`,`user_id`,`user_rank`,`event_id`) VALUES('{$pmcId}','{$userPid}','-1','{$eventId}')"; displaywarning($userInitQuery); $userInitRankRes = mysql_query($userInitRankQuery) or displayerror(mysql_error()); } } } } } }
function register() { ///registration formmessenger global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot; require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php"; require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php"; if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) { return getRegistrationForm(); } elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) { $reSendForm = <<<FORM <form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey"> <fieldset> <legend>Resend Activation Link</legend> <table> \t\t<tr> \t\t\t<td><label for="resend_key_email" class="labelrequired">Email</label></td> \t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td> \t\t</tr> \t\t<tr> \t\t\t<td colspan="2"> </td> \t\t</tr> \t\t<tr> \t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td> \t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td> \t\t</tr> \t</table> \t</fieldset> </form> FORM; return $reSendForm; } elseif (isset($_POST['resend_key_email'])) { $email = escape($_POST['resend_key_email']); $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' "; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:131"); if (!mysql_num_rows($result)) { displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>."); } else { $temp = mysql_fetch_assoc($result); if ($temp['user_activated'] == 1) { displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>"); } else { $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']); // send mail code starts here - see common.lib.php for more $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">"; $to = "{$email}"; $mailtype = "activation_mail"; $messenger = new messenger(false); global $onlineSiteUrl; $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl)); if ($messenger->mailer($to, $mailtype, $key, $from)) { displayinfo("Activation link resent. Kindly check your e-mail for activation link."); } else { displayerror("Activation link resending failure. Kindly contact administrator"); } // send mail code ends here } } } elseif (isset($_GET['key'])) { $emailId = escape($_GET['verify']); $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'"; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:76"); $temp = mysql_fetch_assoc($result); if ($temp['user_activated'] == 1) { displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified"); } else { if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='{$emailId}'"; mysql_query($query) or die(mysql_error()); if (mysql_affected_rows() > 0) { displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in."); } else { displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator"); } } else { displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator"); } } } else { if ($_POST['user_email'] == "" || $_POST['user_password'] == "") { displayerror("Blank e-mail/password NOT allowed"); return getRegistrationForm(); } if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") { displayerror("Please fill in your user name and Full name"); return getRegistrationForm(); } if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) { displayerror("Invalid Email Id"); return getRegistrationForm(); } if ($_POST['user_password'] != $_POST['user_repassword']) { displayerror("Passwords are not same"); return getRegistrationForm(); } if (submitCaptcha() == false) { return getRegistrationForm(); } /*For new registrations*/ $umail = escape($_POST['user_email']); $umail = trim($umail); $isValid = check_email($umail); if (!$isValid) { displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator"); return getRegistrationForm(); } $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'"; $result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115"); if (mysql_num_rows($result)) { displaywarning("Email already exists in database. Please use a different e-mail."); return getRegistrationForm(); } else { $passwd = md5($_POST['user_password']); $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")"; $result = mysql_query($query); $query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1"; $result1 = mysql_query($query1); $result1 = mysql_fetch_array($result1); $form_result = submitRegistrationForm(0, $result1[0], true, true); if (!$form_result) { $query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'"; $result = mysql_query($query1); return getRegistrationForm(); } if ($result) { if (ACTIVATE_USER_ON_REG) { displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>."); } else { displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you."); } } if (SEND_MAIL_ON_REGISTRATION) { $email = $umail; $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' "; $result = mysql_query($query) or displayerror(mysql_error() . "registration L:211"); $temp = mysql_fetch_assoc($result); $key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']); // send mail code starts here - see common.lib.php for more $from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">"; $to = "{$email}"; $mailtype = "activation_mail"; $messenger = new messenger(false); global $onlineSiteUrl; $messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl)); if ($messenger->mailer($to, $mailtype, $key, $from)) { displayinfo("Kindly check your e-mail for activation link."); } else { displayerror("Activation link sending failure. Kindly contact administrator"); } // send mail code ends here } } } }
public function actionPrview() { global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder, $moduleFolder; $moduleComponentId = $this->moduleComponentId; $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts"; $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images"; require_once "{$sourceFolder}/{$moduleFolder}/prhospi/prhospi_common.php"; require_once "{$sourceFolder}/{$moduleFolder}/prhospi/accommodation.php"; if (isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) { // echo getSuggestionsForIdOrEmail(escape($_GET['forwhat'])); exit(0); } if (isset($_POST['printthis']) && isset($_POST['printHiddenId'])) { if ($_POST['printHiddenId'] != "") { $pos = strpos($_POST['printHiddenId'], "printHostelAllotmentBill"); if ($pos == 0) { return printDisclaimer($moduleComponentId, substr(escape($_POST['printHiddenId']), 24), "prhead"); } } } if (isset($_POST['txtFormUserId1']) && $_POST['txtFormUserId1'] != '') { // $detailsGiven=explode("- ",escape($_POST['txtFormUserId1'])); $detailsGiven = escape($_POST['txtFormUserId1']); if (!isset($_POST['refundAmt'])) { displaywarning("Refund Amount not declared"); } else { // if(isset($detailsGiven[1])) checkOutPr($detailsGiven[1],escape($_POST['refundAmt']),$moduleComponentId); if (isset($detailsGiven)) { checkOutPr($detailsGiven, escape($_POST['refundAmt']), $moduleComponentId); } else { displaywarning("Invalid Pragyan Id"); } } } $displayTags = <<<TAG \t<table> <tr> <td><a href="./+prview&subaction=viewRegisteredUser"> <div>View Registrants</div></a></td> <td><a href="./+prview"><div>Add User</div></a></td> </tr> </table> TAG; if (isset($_GET['subaction']) && $_GET['subaction'] == 'viewRegisteredUser') { return $displayTags . displayUsersRegisteredToPr($moduleComponentId); } $inputUser = <<<USER <h2> CHECK IN FORM </h2> <form method="POST" id="prCheckInForm" action="./+Prview"> Enter UserId or Email:<input type="text" name="txtFormUserId" id="txtFormUserId" autofocus autocomplete="off" style="width: 256px" /> <div id="suggestionsBox" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> <input type="submit" Value="Find User"/> <script type="text/javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/prhospi/prregister.js"></script> USER; $userDetails = ""; $displayActions = ""; if (isset($_POST['txtFormUserId']) && $_POST['txtFormUserId'] != '') { $detailsGiven = escape($_POST['txtFormUserId']); if (isset($detailsGiven)) { $userDetails .= submitDetailsForPr($detailsGiven, $moduleComponentId, $this->userId); } else { displaywarning("Invalid Pragyan Id"); } } $amtToCollect = getAmount("prhead", $moduleComponentId); $checkOutFORM = <<<checkOut <hr/> <h2> CHECK OUT FORM </h2> <form method="POST" action="./+prview"> <table border="1"> <tr> <td>Enter UserId or Email:</td> <td><input type="text" name="txtFormUserId1" id="txtFormUserId1" autocomplete="off" style="width: 256px" /> <div id="suggestionsBox1" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div><br/> </td> </tr> <tr> <td>Refund Amount:</td> <td><input type="text" disabled="disabled" name="refundAmt1" value="{$amtToCollect}"/> <input type="hidden" name="refundAmt" value="{$amtToCollect}"/></td> </tr> <tr> <td colspan="2"><input type="submit" Value="Find User"/></td> </tr> </table> <!-- <script type="text/javascript" language="javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"> </script> <script language="javascript"> var userBox = new SuggestionBox(document.getElementById('txtFormUserId1'), document.getElementById('suggestionsBox1'), "./+prview&subaction=getsuggestions&forwhat=%pattern%"); userBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; </script>--> </form> checkOut; return $displayTags . $inputUser . $userDetails . $checkOutFORM; }
/** * function actionCorrect: * handles all actions in Correct * Corrects user submission and displays userList with their Marks */ public function actionCorrect() { if (isset($_POST['btnSetMark'])) { $quizid = escape($_POST['quizid']); $sectionid = escape($_POST['sectionid']); $questionid = escape($_POST['questionid']); $userid = escape($_POST['userid']); $mark = escape($_POST['mark']); $condition = "`page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}' AND `user_id` = '{$userid}'"; $result = mysql_query("SELECT `quiz_submittedanswer` FROM `quiz_answersubmissions` WHERE {$condition}"); if ($row = mysql_fetch_array($result)) { $result = mysql_fetch_array(mysql_query("SELECT `question_positivemarks`, `question_negativemarks` FROM `quiz_weightmarks` WHERE `page_modulecomponentid` = '{$quizid}' AND `question_weight` = (SELECT `quiz_questionweight` FROM `quiz_questions` WHERE `page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}')")); if ($_POST['mark'] > $result['question_positivemarks'] || $_POST['mark'] < -1 * $result['question_negativemarks']) { displaywarning('Mark out of range for this question, so mark not set'); } else { mysql_query("UPDATE `quiz_answersubmissions` SET `quiz_marksallotted` = {$mark} WHERE {$condition}"); updateSectionMarks($quizid); displayinfo('Mark set'); } } else { displayerror('Unable to set value'); } } if (isset($_GET['useremail'])) { $userId = getUserIdFromEmail($_GET['useremail']); if ($userId) { return getQuizCorrectForm($this->moduleComponentId, $userId); } else { displayerror('Error. Could not find user.'); } } elseif (isset($_POST['btnDeleteUser']) && isset($_POST['hdnUserId']) && is_numeric($_POST['hdnUserId'])) { $quizObject = $this->getNewQuizObject(); if ($quizObject !== false) { $quizObject->deleteEntries(intval($_POST['hdnUserId'])); } } return getQuizUserListHtml($this->moduleComponentId); }
function installTemplate($str) { global $sourceFolder; $len = strlen($str); $templateName = name($str, "."); if (substr($str, $len - 4, 4) == ".zip") { $zip = new ZipArchive(); if ($zip->open($str) === TRUE) { $templatePath = $sourceFolder . "/uploads/templates/" . $templateName . "/"; while (file_exists($templatePath)) { $templatePath = $sourceFolder . "/uploads/templates/" . rand() . "/"; } $zip->extractTo($templatePath); $zip->close(); } else { return array("1", $str); } } else { return array("2", $str); } $templateArray = ""; $templates = getAvailableTemplates(); foreach ($templates as $template) { $templateArray .= "'" . $template . "', "; } $templateArray = rtrim($templateArray, ", "); $templateActualPath = actualPath($templatePath); if ($templateActualPath == NULL) { return array("0", $str, $templatePath); } $call = ""; $issueExcess = ""; $ignoreall = ""; $issues = ""; $issuetypes = reportIssues($templateActualPath, $issues); if ($issues != "") { $issues = "\n\t <table name='issues_table'>\n\t <tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>\n\t {$issues}\n\t </table>\n\t "; } if ($issuetypes[0] == 1) { //$issuetypes[0] is fatal and [1] is ignorable displayerror("Some fatal issues were found with the template. Please click on Cancel Installation button and fix the issues"); $call = "2"; } if ($issuetypes[0] == 0 && $issuetypes[1] == 1) { displaywarning("Some issues were found with the template. You may chose to ignore them."); $ignoreall = "<input type=button value='Ignore All' onClick='igall();'>"; $issueExcess = <<<EXTRA <script type="text/javascript"> function igall() { \tvar id = 0; \twhile(document.getElementById('issue_' + id)) \t\tignore(id++); } </script> EXTRA; } global $ICONS; $RET = <<<RET <script type="text/javascript"> function ignore(id) { \tif(document.getElementById('button_' + id)) { \t\tdocument.getElementById('issue_' + id).className = 'ignored'; \t\tdocument.getElementById('button_' + id).value = 'Ignored !'; \t\tdocument.getElementById('button_' + id).disabled = 'disabled'; \t} } function validate() { \tvar id = 0; \twhile(document.getElementById('issue_' + id)) { \t\tif(document.getElementById('issue_' + id).className == 'issue') { \t\t\talert("There are one or more issue(s) unresolved. Fix them and Submit."); \t\t\treturn false; \t\t} \t\tid++; \t} \tvar templates = new Array('common',{$templateArray}); \tfor(template in templates) \t\tif(document.getElementById('templatename').value == templates[template]) { \t\t\talert("Template with that name already exist in server. Choose some other name."); \t\t\treturn false; \t\t} \treturn true; } function validate2() { \talert("You have one or more required variable missing. So you can not submit the template. Hit cancel."); \treturn false; } </script> <fieldset> <legend>{$ICONS['Templates Management']['small']}Finalize Template</legend> {$issues} {$ignoreall} {$issueExcess} <form method=POST action='./+admin&subaction=template&subsubaction=finalize' onSubmit='return validate{$call}()'> Template Name: <input type=text id='templatename' name='template' value='{$templateName}'><input type=submit value="Install Template"><br/><br/> The following template names are already used :<b> 'common', {$templateArray}</b><br/> <input type=hidden name='path' value='{$templateActualPath}'> <input type=hidden name='del' value='{$templatePath}'> <input type=hidden name='file' value='{$str}'> </form> <form method=POST action='./+admin&subaction=template&subsubaction=cancel' onSubmit='myconfirm()'> <input type=hidden name='path' value='{$templatePath}'> <input type=hidden name='file' value='{$str}'> <input type=submit value="Cancel Installation"> </form> </fieldset> RET; return $RET; }
/** * function actionView: * @returns HTML View of the Book according to the properties set */ public function actionView() { global $INFOSTRING, $WARNINGSTRING, $ERRORSTRING; $childrenQuery = 'SELECT `page_title`, `page_id`, `page_module`, `page_modulecomponentid`, `page_name` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . $this->pageId . ' AND `page_id` IN (' . $this->bookProps['list'] . ') ORDER BY `page_menurank`'; $result = mysql_query($childrenQuery); $ret = $this->tabScript(); $ret .= <<<RET <h2>{$this->bookProps['page_title']}</h2> <div class='tabEnvelope'> RET; $navigate = $this->bookProps['initial']; if (isset($_GET['navigate']) && $this->isPresent($this->pageId, $_GET['navigate'])) { $navigate = escape($_GET['navigate']); } $tabList = "<div id='tabList'>"; $contentList = ""; $backup_info = $INFOSTRING; $backup_warning = $WARNINGSTRING; $backup_error = $ERRORSTRING; while ($row = mysql_fetch_assoc($result)) { if (getPermissions($this->userId, $row['page_id'], "view")) { $INFOSTRING = ""; $WARNINGSTRING = ""; $ERRORSTRING = ""; $moduleType = $row['page_module']; $active = ""; if ($navigate == $row['page_id'] || getPageModule($row['page_id']) == 'book' && $this->isPresent($row['page_id'], $navigate)) { $active = ' active'; } $tabList .= "<div class='tabElement'><a id='Content{$this->pageId}_{$row['page_id']}' href='./+view&navigate={$row['page_id']}'><span class='tabItem' id='cms-tabItem'>{$row['page_title']}</span></a></div>"; $content = getContent($row['page_id'], "view", $this->userId, true); $content = preg_replace('/<a(.*)href=[\'"](.\\/)+(.*)[\'"](.*)>(.*)<\\/a>/i', '<a$1href="./' . $row['page_name'] . '/$3"$4>$5</a>', $content); $content = preg_replace('/<form(.*)action=[\'"](.\\/)+(.*)[\'"](.*)>/i', '<form$1action="./' . $row['page_name'] . '/$3"$4>', $content); $content = preg_replace('/<img(.*)src=[\'"](.\\/)+(.*)[\'"](.*)>/i', '<img$1src="./' . $row['page_name'] . '/$3"$4>', $content); $contentList .= "<div class='tabContent{$active}' id='tabContent{$this->pageId}_{$row['page_id']}'>" . $INFOSTRING . $WARNINGSTRING . $ERRORSTRING . $content . "</div>"; } } if ($tabList == "") { displaywarning("No child pages are selected to display in this book.<br/> To change book settings click <a href='./+edit'>here</a> and to create child pages for this book, click <a href='./+settings#childpageform'>here</a>."); } $tabList .= "</div>"; $ret .= $tabList . $contentList . "</div>"; $INFOSTRING = $backup_info; $WARNINGSTRING = $backup_warning; $ERRORSTRING = $backup_error; return $ret; }
function isAvailable($mcId, $str) { $str = escape($str); $query = "SELECT `value` FROM `oc_config` WHERE `page_moduleComponentId` = '{$mcId}' AND `key` = '{$str}'"; $queryResult = mysql_query($query) or displayerror(mysql_error()); if (!$queryResult) { return false; } if (!mysql_num_rows($queryResult)) { displaywarning("Invalid Key Given"); return false; } $value = mysql_fetch_assoc($queryResult); if ($value['value'] == 'Yes') { return true; } return false; }