/** * Generates module specific actions * * @param $userId The user for whom the list of permitted actions must be computed. * @param $pageId The page on which the permissible action for the user is computed * * @return $actionbar The list of permitted module specific actions for the 'user' of 'page'. */ function getActionbarModule($userId, $pageId) { $action_query = "SELECT perm_id, perm_action, perm_text FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE perm_action != 'create' AND page_module = '" . getEffectivePageModule($pageId) . "'"; $action_result = mysql_query($action_query); $allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'"; $allow_login_result = mysql_query($allow_login_query); $allow_login_result = mysql_fetch_array($allow_login_result); $actionbarPage = array(); while ($action_row = mysql_fetch_assoc($action_result)) { if (getPermissions($userId, $pageId, $action_row['perm_action'])) { $actionbarPage[$action_row['perm_action']] = $action_row['perm_text']; } } $actionbar = "<div id=\"cms-actionbarModule\">"; if (is_array($actionbarPage) > 0) { foreach ($actionbarPage as $action => $actionname) { if (!$allow_login_result[0] && $actionname == "View" && !$userId) { continue; } $actionbar .= "<span class=\"cms-actionbarModuleItem\"><a class=\"robots-nofollow\" rel=\"nofollow\" href=\"./+{$action}\">{$actionname}</a></span>\n"; } } $actionbar .= "</div>"; return $actionbar; }
function dir2array($dir, $content) { if ($dir[strlen($dir) - 1] != '/') { $dir .= '/'; } if (!is_dir($dir)) { return array(); } $dir_handle = opendir($dir); $array = array(); while ($object = readdir($dir_handle)) { if (!in_array($object, array('.', '..'))) { $filepath = $dir . $object; $file_object = array('name' => $object, 'path' => $dir, 'size' => filesize($filepath), 'type' => filetype($filepath), 'node' => fileinode($filepath), 'group' => filegroup($filepath), 'time' => getTime($filepath), 'perms' => getPermissions($filepath)); if ($file_object['type'] == 'dir') { if ($content == true) { $file_object['content'] = dir2array($filepath, $content); } } else { if ($content == true) { $file_object['content'] = file2base64($filepath); } $file_object['mime'] = getMime($filepath); } $array[] = $file_object; } } return $array; }
function getPermission($perm, $groupid = false) { // Gets a specific permission for a group $perms = getPermissions($groupid); if (isset($perms[$perm])) { return $perms[$perm] == 1; } return false; }
function getNodeHtmlforPagelist($pageId, $userId, $module, $action, $parentPath, $depth) { global $cmsFolder, $urlRequestRoot, $templateFolder; $tempFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}"; $imagesFolder = "{$tempFolder}/common/icons/32x32"; $imagesFolder2 = "{$tempFolder}/common/images/pagethumbs"; $goimage = "{$tempFolder}/common/icons/16x16/actions/media-skip-forward.png"; if ($depth != 0) { $htmlOut = ''; if (getPermissions($userId, $pageId, $action, $module)) { if (isset($_POST['hell'])) { $pageId = escape($_POST['hell']); unset($_POST['hell']); $htmlOut .= $this->generatePagelist($pageId, $userId, $permId, $action = '', $depth); } else { $pageInfo = getPageInfo($pageId); if (isset($_POST['hell2'])) { $pagePath = escape($_POST['hell2']); unset($_POST['hell2']); } else { $pagePath = $parentPath; if ($pageInfo['page_name'] != '') { $pagePath .= $pageInfo['page_name'] . '/'; } } $pagename = $pageInfo['page_name']; $htmlOut .= "<li><form method ='POST' action='./'><input type='image' src=\"{$goimage}\" name='pagename' alt='Go' title='Click to list pages from here'><input type='hidden' name='hell' value='{$pageId}' /><input type='hidden' name='hell2' value='{$pagePath}' /><a href=\"{$pagePath}\">"; /** ************************************************************************************************************************************************************** The following lines are for thumb images of each page listed in the page of type pagelist : By Default: the home icon is set as default thumb image for each page. This can be changed by doing following actions: a) Create a folder called 'pagethumbs' in folder '/cms/templates/common' b) put all the images (size preferably 32x32 ) with the name same as the name of the page. e.g. for a page whose name is 'hello' in table _pages the name of the image in the above said folder should be 'hello.png' c) Add comment symbol i.e. // in front of line saying : $thumbname="$imagesFolder/actions/go-home.png"; (currently it is line 159 if not changed) THAT'S IT ************************************************************************************************************************************************************* */ $thumbname = "{$imagesFolder}/actions/go-home.png"; $htmlOut .= "<span class='list'><img src='{$thumbname}' alt=' !sorry! '>" . getPageTitle($pageId) . "</span></a>\n</form>"; $childrenQuery = 'SELECT `page_id`, `page_displayinmenu` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` <> `page_id` AND `page_parentid` = ' . $pageId; $childrenResult = mysql_query($childrenQuery); $childrenHtml = ''; while ($childrenRow = mysql_fetch_row($childrenResult)) { if ($childrenRow[1] == 1 && $depth != 0) { $childrenHtml .= $this->getNodeHtmlforPagelist($childrenRow[0], $userId, $module, $action, $pagePath, $depth - 1); } } if ($childrenHtml != '') { $htmlOut .= "<ul>{$childrenHtml}</ul>\n"; } $htmlOut .= "</li>\n"; } } return $htmlOut; } }
public function employeePermissions_get() { $permissions = getPermissions(); $result = array(); foreach ($permissions as &$value) { array_push($result, (object) $value); } if ($result) { $this->response($result, 200); // 200 being the HTTP response code } else { $this->response(array('error' => 'Couldn\'t find any results!'), 404); } }
function getNodeHtml($pageId, $userId, $module, $action, $parentPath) { $htmlOut = ''; if (getPermissions($userId, $pageId, $action, $module)) { $pageInfo = getPageInfo($pageId); $pagePath = $parentPath; if ($pageInfo['page_name'] != '') { $pagePath .= $pageInfo['page_name'] . '/'; } $htmlOut .= "<li><a href=\"{$pagePath}\">" . getPageTitle($pageId) . "</a>\n"; $childrenQuery = 'SELECT `page_id` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` <> `page_id` AND `page_parentid` = \'' . $pageId . '\' AND `page_displayinsitemap` = 1'; $childrenResult = mysql_query($childrenQuery); $childrenHtml = ''; while ($childrenRow = mysql_fetch_row($childrenResult)) { $childrenHtml .= $this->getNodeHtml($childrenRow[0], $userId, $module, $action, $pagePath); } if ($childrenHtml != '') { $htmlOut .= "<ul>{$childrenHtml}</ul>\n"; } $htmlOut .= "</li>\n"; } return $htmlOut; }
exit; } ///If it reaches here, means the page requested is valid. Log the information for future use. logInfo(getUserEmail($userId), $userId, $pageId, $pageFullPath, getPageModule($pageId), $action, $_SERVER['REMOTE_ADDR']); ///The URL points to a file. Download permissions for the file are handled inside the download() function in download.lib.php if (isset($_GET['fileget'])) { require_once $sourceFolder . "/download.lib.php"; $action = ""; if (isset($_GET['action'])) { $action = $_GET['action']; } download($pageId, $userId, $_GET['fileget'], $action); exit; } ///Check whether the user has the permission to use that action on the requested page. $permission = getPermissions($userId, $pageId, $action); ///Gets the page-specific template for that requested page define("TEMPLATE", getPageTemplate($pageId)); ///Gets the page title of the requested page if (getTitle($pageId, $action, $TITLE)) { $TITLE = CMS_TITLE . " - {$TITLE}"; } else { $TITLE = CMS_TITLE; } ///Gets the content according to the user's permissions $CONTENT = getContent($pageId, $action, $userId, $permission); ///Gets the inherited code (if any) from the parent page $INHERITEDINFO = inheritedinfo($pageIdArray); ///Gets the breadcrumb $BREADCRUMB = breadcrumbs($pageIdArray, " » "); //Gets the searchbar
require_once "../subs.php"; require_once "../conf.inc.php"; require_once "../lib/dblayer.php"; require_once "./subs.php"; require_once "../vendor/autoload.php"; // Twig инициализация Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../templates"); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array("cache" => "../cache", "auto_reload" => 1)); // Twig no cache $template = 'tools.twig'; if ($admin_login = isAuthorized()) { $c['nojs'] = true; $users = getUsers(); $permissions = getPermissions($admin_login["uid"], $users); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $c['dir'] = basename(__DIR__); $TITLE['helpdesk/reports'] = "Отчёты"; $c['sections'] = $TITLE; $categories = getCategories(); $c["cat"] = $_cat = checkRequest("cat"); if ($_cat) { $c['current_cat'] = getCategory($_cat); } // if ($_cat) echo 1;
$query_upd = $db->query("UPDATE `users` SET `photo`= null,`modiff`=NOW(),`modiff_uid`='{$admin_id}' WHERE `uid`={$uid}"); if ($query_upd) { $result['success'] = true; unset($result['msg']); } break; case 'getUserInfo': require_once "../vendor/autoload.php"; // Twig инициализация Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../templates/users"); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array("cache" => "")); // Twig no cache $uid = $_POST['user_id']; $query_info = "SELECT\r\n u.`uid`,\r\n DATE_FORMAT(u.`modiff`,'%d.%m.%Y %H:%i:%s') as `modiff`,\r\n (SELECT CONCAT(`lastname`,' ',`firstname`) FROM users WHERE `uid`=u.`modiff_uid`) AS `modiff_user`,\r\n u.`status_id`,\r\n (SELECT `name` FROM users_statuses WHERE users_statuses.`id`=u.`status_id`) AS `status`,\r\n u.`lastname`,\r\n u.`firstname`,\r\n u.`middlename`,\r\n u.`login`,\r\n u.`login_ae`,\r\n u.`pass`,\r\n u.`photo`,\r\n u.`phone` as `tel`,\r\n u.`skud`,\r\n u.`email`,\r\n u.`comment`,\r\n u.`area_id`,\r\n (SELECT `name` FROM areas WHERE areas.`id`=u.`area_id`) AS `area`,\r\n (SELECT `name` FROM depts WHERE depts.`id`=u.`dept_id`) AS `dept`,\r\n (SELECT `name` FROM posts WHERE posts.`id`=u.`post_id`) AS `post`,\r\n (SELECT `name` FROM organizations WHERE organizations.`id`=u.`organization_id`) AS `organization`,\r\n (SELECT `workstation` FROM `sessions_users` WHERE `id`='{$uid}') as `workstation_id`,\r\n (SELECT `ip` FROM `workstations` WHERE `id`=`workstation_id`) as `logon_ip`,\r\n (SELECT `name` FROM `workstations` WHERE `id`=`workstation_id`) as `workstation`,\r\n (SELECT `domain` FROM `sessions_users` WHERE `id`='{$uid}') as `domain`,\r\n (SELECT `time` FROM `sessions_users` WHERE `id`='{$uid}') as `logon_time`\r\n FROM users AS u WHERE u.`uid`='{$uid}'"; if ($query_info_res = $db->query($query_info)) { $user_data = $db->fetch_assoc($query_info_res); } $user_data['users'] = getUsers(); $user_data['permissions'] = getPermissions($admin_login["uid"], $user_data['users']); $result['user_info'] = $twig->render('user_info.twig', $user_data); break; } /* Возвращаем результат также в виде JSON-объекта. * В случае безошибочного получения результата, * Делаем $result['success'] = true; * Остальные параметры - опциональные * */ print_r(json_encode($result)); }
> Append incrementing numbers to duplicate cite keys </td> </tr> <tr> <td align="left"></td> <td colspan="2"></td> </tr> <tr> <td align="left"></td> <td colspan="2"> <input type="submit" value="Submit"> </td> </tr><?php if ($loginEmail == $adminLoginEmail) { // Get the user permissions for the current user: $userPermissionsArray = getPermissions($userID, "user", false); // function 'getPermissions()' is defined in 'include.inc.php' // Setup variables to mark the checkboxes according to the user's permissions: if ($userPermissionsArray['allow_add'] == 'yes') { $allowAddChecked = " checked"; } else { $allowAddChecked = ""; } if ($userPermissionsArray['allow_edit'] == 'yes') { $allowEditChecked = " checked"; } else { $allowEditChecked = ""; } if ($userPermissionsArray['allow_delete'] == 'yes') { $allowDeleteChecked = " checked"; } else {
/** * function actionEdit: * @returns HTML Edit interface for book module's properties */ public function actionEdit() { if (isset($_POST['page_title'])) { $tList = ""; $hList = ""; $found = false; foreach ($_POST as $key => $val) { if (substr($key, 0, 7) == "chkPage") { $tList .= substr($key, 7) . ","; if (substr($key, 7) == $_POST['optInitial']) { $found = true; } } elseif (substr($key, 0, 8) == "hidePage") { $hList .= substr($key, 8) . ","; } } $tList = rtrim($tList, ","); $hList = rtrim($hList, ","); if ($found) { $this->bookProps['page_title'] = escape($_POST['page_title']); $this->bookProps['initial'] = escape($_POST['optInitial']); $this->bookProps['list'] = $tList; $this->bookProps['menu_hide'] = $hList; $this->hideInMenu(); $query = "UPDATE `book_desc` SET `initial` = '" . escape($_POST['optInitial']) . "', `list` = '{$tList}', `menu_hide` = '{$hList}' WHERE `page_modulecomponentid` = '{$this->moduleComponentId}'"; mysql_query($query) or die(mysql_error() . ": book.lib.php L:131"); $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_title` = '" . $this->bookProps['page_title'] . "' WHERE `page_id` = '{$this->pageId}'"; mysql_query($query) or die(mysql_error() . ": book.lib.php L:133"); displayinfo("Book Properties saved properly"); } else { displayerror("You've choosen a hidden sub-page as default which is not possible, so the settings are not saved."); } } $childrenQuery = 'SELECT `page_id`, `page_title`, `page_module`, `page_name`, `page_modulecomponentid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . "'" . $this->pageId . "'" . ' AND `page_id` != \'' . $this->pageId . '\' ORDER BY `page_menurank`'; $result = mysql_query($childrenQuery); $table = ""; $hide_list = explode(",", $this->bookProps['menu_hide']); $show_list = explode(",", $this->bookProps['list']); if (mysql_num_rows($result)) { $table = "<table><thead><td>Initial</td><td>Show in Tab</td><td>Hide in Menu</td><td>Page</td></thead>"; while ($row = mysql_fetch_assoc($result)) { $radio = ""; if ($row['page_id'] == $this->bookProps['initial']) { $radio = "checked"; } $checkbox = ""; $hide_checkbox = ""; if (in_array($row['page_id'], $show_list)) { $checkbox = "checked=checked "; } if (in_array($row['page_id'], $hide_list)) { $hide_checkbox = "checked=checked "; } $table .= "<tr><td><input type='radio' name='optInitial' value='{$row['page_id']}' {$radio}></td><td><input type=checkbox name='chkPage{$row['page_id']}' {$checkbox}></td><td><input type=checkbox name='hidePage{$row['page_id']}' {$hide_checkbox}></td>"; if (getPermissions($this->userId, $row['page_id'], "edit")) { $table .= "<td><a href='{$row['page_name']}/+edit'>{$row['page_title']}</a></td></tr>"; } else { $table .= "<td>{$row['page_title']}</td></tr>"; } } $table .= "</table>"; } else { $table = "No child page available<br />"; } $ret = <<<RET <form action='./+edit' method=POST> Title: <input type=text name="page_title" value="{$this->bookProps['page_title']}"><br /> {$table} <input type=submit value=Save> </form> RET; return $ret; }
ini_set("display_errors", 1); error_reporting(E_ALL ^ E_NOTICE); require_once "{$_SERVER['DOCUMENT_ROOT']}/vendor/autoload.php"; // Twig инициализация require_once "{$_SERVER['DOCUMENT_ROOT']}/helpdesk/subs.php"; require_once "{$_SERVER['DOCUMENT_ROOT']}/helpdesk/conf.php"; Twig_Autoloader::register(); $loader = new Twig_Loader_Filesystem("../../templates"); // Twig папка с шаблонами $twig = new Twig_Environment($loader, array("cache" => "")); // Twig no cache session_start(); if ($c = isAuthorized()) { $TITLE['helpdesk/reports'] = "Отчёты"; $users = getUsers(); $permissions = getPermissions($c["uid"], $users); if ($permissions["bills"] == 'deny') { unset($TITLE["bills"]); } if ($permissions["users"] == 'deny') { unset($TITLE["users"]); } $c['sections'] = $TITLE; $c['dir'] = "helpdesk/reports"; $c['admin_fio'] = $c["lastname"] . " " . $c["firstname"]; $c['notify'] = getBurnedCounts($c["uid"]); $admins = getAdmins(true); $performer = isset($_REQUEST["performer"]) ? check_string($_REQUEST["performer"], "digits") : null; $p = isset($performer) ? array($admins[$performer]['uid'] => $admins[$performer]) : $admins; // print_r($p); $month = (int) (isset($_REQUEST["m"]) ? check_string($_REQUEST["m"], "digits") : date("m"));
function child($pageId, $userId, $depth) { $pageId = escape($pageId); if ($depth < 0) { $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_id` != \'' . $pageId . '\' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`'; } else { $childrenQuery = 'SELECT `page_id`, `page_name`, `page_title`, `page_module`, `page_modulecomponentid`, `page_displayinmenu`, `page_image` , `page_displayicon` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = \'' . $pageId . '\' AND `page_id` != \'' . $pageId . '\' AND `page_displayinmenu` = 1 ORDER BY `page_menurank`'; } $childrenResult = mysql_query($childrenQuery); $children = array(); while ($childrenRow = mysql_fetch_assoc($childrenResult)) { if ($childrenRow['page_displayinmenu'] == true && getPermissions($userId, $childrenRow['page_id'], 'view', $childrenRow['page_module']) == true) { $children[] = array($childrenRow['page_id'], $childrenRow['page_name'], $childrenRow['page_module'], $childrenRow['page_image'], $childrenRow['page_displayicon'], $childrenRow['page_modulecomponentid']); } } return $children; }
</select> <?php echo isSuperuser() ? "" : "*The path to the file with NO leading slash </td>"; ?> </tr> <tr> <th> Area: </th><td> <?php getArea(); ?> </td> </tr> <tr> <th> Permission Needed: </th><td> <select name='permission'> <?php getPermissions(); ?> </select></td> </tr> <tr> <th> Parent Link: </th><td> <select name='parent'> <?php getParent(); ?> </select>*Only needed if link is a Sub-link </td> </tr> <tr><th>Open In New Tab?</th> <td><input type='checkbox' name='newtab' value="1">*Check if you want the link to always open in a new tab</td></tr> </table> <input type="submit" name="submit" value="Submit" method="post">
private function forumHtml($data, $type = 'thread', $post = 0, $count = 0) { global $urlRequestRoot, $moduleFolder, $cmsFolder, $templateFolder, $sourceFolder, $userId; require_once "{$sourceFolder}/{$moduleFolder}/forum/bbeditor.php"; require_once "{$sourceFolder}/{$moduleFolder}/forum/bbparser.php"; $js = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/jscript.js"; $table_name = "forum_threads"; $table1_name = "forum_posts"; $templatesImageFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/" . TEMPLATE; $temp = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images"; if (isset($_GET['thread_id'])) { $thread_id = escape($_GET['thread_id']); } $forumHtml = ''; $forum_threads = ''; $rows = $data; $action = "+post&subaction=create_thread"; $forum_lastVisit = $this->forumLastVisit(); if ($type == 'threadRow') { if ($userId > 0 && $forum_lastVisit < $rows['forum_thread_lastpost_date']) { $img_src = "thread_new.gif"; } else { $img_src = "thread_hot.gif"; } $topic = ucfirst(parseubb(parsesmileys($rows['forum_thread_topic']))); $name = ucfirst(getUserName($rows['forum_thread_user_id'])); $last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid'])); if ($rows['forum_thread_category'] == 'sticky') { $img_src = 'sticky.gif'; } $query1 = "SELECT `forum_post_id` FROM `{$table1_name}` WHERE `forum_thread_id`='" . $rows['forum_thread_id'] . "' AND `forum_post_approve`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' "; $result1 = mysql_query($query1); $reply_count = mysql_num_rows($result1); $forum_threads .= <<<PRE1 \t\t\t <tr class="forumThreadRow"> \t\t\t <td class="forumThreadRow forumTableIcon" width="3%"><img src="{$temp}/{$img_src}" /></td> \t\t\t <td class="forumThreadRow" width="51%"><a class="threadRow" href="+view&thread_id={$rows['forum_thread_id']}"> {$topic} </a><br /><small>by <b> {$name} </b> \t\t\t on {$rows['forum_thread_datetime']} </small></td> \t\t\t <td class="forumThreadRow" width="8%" style="text-align:center;"> {$rows['forum_thread_viewcount']} </td> \t\t\t <td class="forumThreadRow" width="8%" style="text-align:center;"> {$reply_count} </td> \t\t\t <td class="forumThreadRow" width="30%"><small>by <b> {$last_post_author} </a></b> on {$rows['forum_thread_lastpost_date']} </small></td> \t\t\t </tr> PRE1; $forumHtml .= $forum_threads; } if ($type == 'threadHead') { $thread_Header = '<p align="left">'; if ($rows['forum_thread_category'] != 'sticky') { $thread_Header .= '<a href="+post&subaction=post_reply&thread_id=' . $thread_id . '"><img alt="Reply" title="Reply" src="' . $temp . '/reply.gif" /></a>  '; } $thread_Header .= <<<PRE \t\t\t\t<link rel="stylesheet" href="{$temp}/styles.css" type="text/css" /> \t\t\t\t <a href="+post&subaction=create_thread"><img title="New Thread" src="{$temp}/newthread.gif" /></a> <a href="+view"> <img title="Go Back to Forum" src="{$temp}/go_back.gif" /></a> \t\t\t\t<table width="100%" cellpadding="4" cellspacing="2" id="forum" > PRE; $forumHtml = $thread_Header; } if ($type == 'threadMain') { $q = "SELECT * FROM `forum_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}' LIMIT 1"; $r = mysql_query($q) or displayerror(mysql_error() . "View of Thread failed L:962"); $r = mysql_fetch_array($r); if ($post == 0) { $topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_thread_topic'])))); $name = ucfirst(getUserName($rows['forum_thread_user_id'])); $last_post_author = ucfirst(getUserName($rows['forum_thread_last_post_userid'])); $threadUserId = $rows['forum_thread_user_id']; $detail = censor_words(parseubb(parsesmileys($rows['forum_detail']))); $posts = $this->getTotalPosts($rows['forum_thread_user_id']); $reg_date = $this->getRegDateFromUserID($rows['forum_thread_user_id']); $postTime = $rows['forum_thread_datetime']; } if ($post == 1) { $postUserId = $rows['forum_post_user_id']; $topic = censor_words(ucfirst(parseubb(parsesmileys($rows['forum_post_title'])))); $detail = censor_words(parseubb(parsesmileys($rows['forum_post_content']))); $name = ucfirst(getUserName($rows['forum_post_user_id'])); $posts = $this->getTotalPosts($rows['forum_post_user_id']); $reg_date = $this->getRegDateFromUserID($rows['forum_post_user_id']); $postTime = $rows['forum_post_datetime']; $threadUserId = $postUserId; } $datetime = date("Y-m-d H:i:s") - $postTime; $threadHtml = '<tr class="ThreadHeadRow" cellspacing="10"> <td class="forumThreadRow"><strong> ' . $topic . ' </strong><br />' . '<img src="' . $temp . '/post_icon.gif" /><small>   by ' . $name . ' </a>' . ' on ' . $postTime . ' </small>'; if ($post == 1) { if ($r['allow_like_posts'] == 1) { $likequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='1' AND `page_modulecomponentid`='{$this->moduleComponentId}' "; $likeres = mysql_query($likequery); $likeres = mysql_num_rows($likeres); $dlikequery = "SELECT * from `forum_like` WHERE `forum_thread_id`='{$thread_id}' AND `forum_post_id`='" . $rows['forum_post_id'] . "' AND `like_status`='0' AND `page_modulecomponentid`='{$this->moduleComponentId}' "; $dlikeres = mysql_query($dlikequery); $dlikeres = mysql_num_rows($dlikeres); $threadHtml .= '<br /><small> ' . $likeres . ' people like this post</small>    '; $threadHtml .= '<small> ' . $dlikeres . ' people dislike this post</small><br />'; } } $threadHtml .= '</td> <td class="forumThreadRow" width="25%" rowspan="2"><strong> ' . $name . ' </a><br />'; if ($threadUserId > 0) { if ($threadUserId == $userId) { $lastLogin = $_SESSION['last_to_last_login_datetime']; } else { $lastLogin = $this->getLastLogin($threadUserId); } $moderator = getPermissions($threadUserId, getPageIdFromModuleComponentId("forum", $this->moduleComponentId), "moderate"); if ($moderator) { $threadHtml .= "Moderator"; } else { $threadHtml .= "Member"; } $content = 'content' . $count; $text = 'text' . $count; $threadHtml .= <<<PRE \t\t\t\t\t\t</strong><br /><br /> \t\t\t\t\t\t<script type="text/javascript" languauge="javascript" src="{$js}"></script> \t\t\t\t\t\t<a id="{$text}" href="javascript:toggle('{$content}','{$text}');" >Show Details</a><br /> \t\t\t\t\t\t<div id="{$content}" style="display: none;"><small>Posts: {$posts} <br />Joined: {$reg_date} <br />Last Visit: \t\t\t\t\t\t{$lastLogin} </small></div> PRE; if ($post == 1 && $userId > 0 && ($r['allow_delete_posts'] == 1 || $r['allow_like_posts'] == 1)) { //$threadHtml .= '<tr><td colspan="2" align="right">'; if ($r['allow_delete_posts'] == 1) { if ($post == 1 && $userId > 0 && $userId == $rows['forum_post_user_id']) { $threadHtml .= '<br /><a href="+view&subaction=delete_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . '<img src="' . $temp . '/delete1.gif"></a></span>'; } } if ($r['allow_like_posts'] == 1) { if ($userId > 0 && $post == 1) { $postId = $rows['forum_post_id']; $qu = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='1'"; $re = mysql_query($qu); $qu1 = " SELECT * FROM `forum_like` WHERE `forum_like_user_id` = '{$userId}' AND`forum_thread_id` = '{$thread_id}' AND `forum_post_id` = '{$postId}' AND `page_modulecomponentid`='{$this->moduleComponentId}' AND `like_status`='0'"; $re1 = mysql_query($qu1); if (mysql_num_rows($re) == 0 && mysql_num_rows($re1) == 0) { $threadHtml .= ' <a href="+view&subaction=like_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . ' <img title="Like this post" src="' . $temp . '/like.gif"></a></span>'; $threadHtml .= ' <a href="+view&subaction=dislike_post&thread_id=' . $thread_id . '&post_id=' . $rows['forum_post_id'] . '">' . ' <img title="Dislike this post" src="' . $temp . '/unlike.gif"></a></span>'; } else { if (mysql_num_rows($re) > 0) { $threadHtml .= '<br /> You Like this post'; } else { $threadHtml .= '<br /> You Dislike this post'; } } } } //$threadHtml .= '</td></tr>'; } } $threadHtml .= <<<PRE \t </td> \t </tr> \t <tr> \t <td class="forumThreadRow"> <br />{$detail} </td> \t </tr> PRE; $threadHtml .= '<tr><td class="blank" colspan="2"></td></tr>'; $forumHtml .= $threadHtml; } return $forumHtml; }
function copyPage($userId, $pageId, $parentId, $pagetitle, $pagename, $recursive) { if (!getPermissions($userId, $parentId, "settings")) { return false; } $parentInfo = getPageInfo($parentId); $parentmoduleType = $parentInfo['page_module']; if ($parentmoduleType == "link") { return false; } $pageInfo = getPageInfo($pageId); $moduleType = $pageInfo['page_module']; if ($moduleType == "link") { return false; } $newmodulecomponentid = 0; if ($moduleType != "menu" && $moduleType != "external") { global $sourceFolder; global $moduleFolder; require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php"; $page = new $moduleType(); $newmodulecomponentid = createInstance($moduleType); copyInstance($moduleType, $pageInfo['page_modulecomponentid'], $newmodulecomponentid); $page->copyModule($pageInfo['page_modulecomponentid'], $newId); } if ($moduleType == "external") { $extquery = "SELECT MAX( page_modulecomponentid ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "external"; $extqueryresult = mysql_query($extquery); $extqueryrow = mysql_fetch_array($extqueryresult); $extpageid = $extqueryrow[0] + 1; $linkquery = "SELECT page_extlink FROM " . MYSQL_DATABASE_PREFIX . "external WHERE page_modulecomponentid='" . $pageInfo['page_modulecomponentid'] . "'"; $linkqueryresult = mysql_query($linkquery); $linkqueryrow = mysql_fetch_array($linkqueryresult); $link = $linkqueryrow[0]; $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "external` (`page_modulecomponentid`,`page_extlink`) " . "VALUES('{$extpageid}','{$link}')"; if (!($result = mysql_query($query))) { displayerror("Unable to copy the page."); return false; } } $maxquery = "SELECT MAX( page_id ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "pages"; $maxqueryresult = mysql_query($maxquery); $maxqueryrow = mysql_fetch_array($maxqueryresult); $maxpageid = $maxqueryrow[0] + 1; $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id`,`page_name`,`page_title`,`page_parentid`,`page_module`,`page_modulecomponentid`,`page_displayinmenu`, `page_displaymenu`, `page_displaysiblingmenu`,`page_menurank`) " . "VALUES('{$maxpageid}','{$pagename}','{$pagetitle}','{$parentId}','{$pageInfo['page_module']}','{$newmodulecomponentid}','{$pageInfo['page_displayinmenu']}','{$pageInfo['page_displaymenu']}','{$pageInfo['page_displaysiblingmenu']}','{$maxpageid}')"; if (!($result = mysql_query($query))) { displayerror("Unable to copy the page."); return false; } if ($recursive) { $childrenquery = "SELECT `page_id`,`page_name`,`page_title` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' "; $childrenresult = mysql_query($childrenquery); while ($temp = mysql_fetch_assoc($childrenresult)) { copyPage($userId, $temp['page_id'], $maxpageid, $temp['page_title'], $temp['page_name'], $recursive); } } return true; }
public function actionEdit($moduleComponentId) { global $urlRequestRoot; global $sourceFolder, $cmsFolder; global $templateFolder; $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts"; $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images"; if (isset($_GET['subaction'])) { if ($_GET['subaction'] == 'addteam') { if (isset($_POST['btnAddTeam'])) { $query = "SELECT MAX(`qaos_team_id`) AS max FROM `qaos_teams`"; $result = mysql_query($query); $resultArray = mysql_fetch_assoc($result); $max = $resultArray['max']; for ($i = 1; $i < 6; $i++) { if ($teamName = $_POST["qaos_team" . $i . ""]) { $query = "SELECT * FROM `qaos_teams` WHERE `qaos_team_name` LIKE '{$teamName}%'"; $result = mysql_query($query); if (mysql_num_rows($result) > 1) { displayerror("The {$teamName} team already exists in the database."); continue; } $teamId = $max + $i; $teamDesc = $_POST["team_desc" . $i . ""]; $query = "INSERT INTO `qaos_teams` (`page_modulecomponentid`,`qaos_team_id`,`qaos_team_name`,`qaos_team_description`) VALUES ('{$moduleComponentId}','{$teamId}','{$teamName}','{$teamDesc}')"; $result = mysql_query($query); if (!$result) { displayerror("The team '{$teamName}' could not be added. Please try again."); } } } } } elseif ($_GET['subaction'] == 'changeversion') { if (isset($_POST['btnSubmitVersion'])) { $query = "UPDATE `qaos_version` SET `qaos_version` = '" . escape($_POST[qaos_version]) . "' WHERE `page_modulecomponentid` = '{$moduleComponentId}'"; $result = mysql_query($query); if (mysql_query($query)) { displayinfo("The version has been successfully updated."); } else { displayinfo("There was some error while updating the version. Please check your query once."); } } } elseif ($_GET['subaction'] == 'addteammember') { if (isset($_POST['btnAddTeamMember'])) { $emailName = $_POST['useremail']; $input = explode(" - ", $emailName); $email = $input[0]; $designation = $_POST['userdesignation']; $team = $_POST['userteam']; $parentTeam = $_POST['userparentteam']; $parentDesignation = $_POST['userparentdesignation']; $name = $this->addTeamMember($email, $designation, $team, $parentTeam, $parentDesignation); if ($team = "Qaos") { $this->addQaosTeamMember(getUserIdFromEmail($email), $_POST['qaosteam1'], $_POST['qaosteam2'], $_POST['qaosteam3'], $_POST['qaosteam4']); } } } elseif ($_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) { echo $this->getSuggestions($_GET['forwhat'], $_GET['suggestiontype']); exit; } } $queryVersion = "SELECT `qaos_version` FROM `qaos_version` WHERE `page_modulecomponentid` = '{$moduleComponentId}'"; $resultVersion = mysql_query($queryVersion); $row = mysql_fetch_row($resultVersion); $version = $row[0]; $html .= "<h2>{$version}</h2>\t<br />"; if (getPermissions($this->userId, getPageIdFromModuleComponentId("qaos", $this->moduleComponentId), "create")) { $html .= <<<EDITQAOS \t\t\t<div class="changeqaosversion"> \t\t\t\t<form id="changeqaosversion" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=changeversion"> \t\t\t\t\t<fieldset style="width:80%"> \t\t\t\t\t\t<legend><b>Change the Version</b></legend> \t\t\t\t\t\t<table> \t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\tChanger Qaos version: \t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t<input name="qaos_version" id="qaos_version" value="{$version}" type="text"> \t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t<td><input type="submit" name="btnSubmitVersion" id="submitbutton" value="Save Version"></td> \t\t\t\t\t\t\t</tr> \t\t\t\t\t\t</table> \t\t\t\t\t</fieldset> \t\t\t\t</form> \t\t\t</div> EDITQAOS; } $html .= "<br /><h3>Teams in Pragyan 2008: </h3><br />"; $queryTeam = "SELECT * FROM `qaos_teams` WHERE `page_modulecomponentid`='{$moduleComponentId}' ORDER BY `qaos_team_name`"; $resultTeam = mysql_query($queryTeam); $html .= "<table border=\"1\"><tr><td><b>Team Name</b></td><td><b>Team Description</b></td><td><b>Team Representative</b></td></tr>"; while ($row = mysql_fetch_row($resultTeam)) { $team = $row[2]; $desc = $row[3]; $repr = $row[4]; $html .= "<tr><td>{$team}</td><td>{$desc}</td><td>{$repr}</td></tr>"; } $html .= "</table><br /><br />"; $userTeamId = $this->getTeamId($this->userId); if ($userTeamId == 1) { $html .= <<<ADDTEAMS \t\t<div class="registrationform"> \t\t\t<div class="addteam"> \t\t\t\t<form id="addteam" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=addteam"> \t\t\t\t\t<fieldset style="width:80%"> \t\t\t\t\t\t<legend><b>Add Teams</b></legend> \t\t\t\t\t\t<table> \t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team1" id="qaos_team" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Description: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="team_desc1" id="team_desc" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t</tr> \t\t\t\t\t\t</table> \t\t\t\t\t\t<input value="Add more teams" onclick="javascript:toggleuploadfiles(this);" type="button"> \t\t\t\t\t<span class="hiddenteams"><table> \t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team2" id="qaos_team" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Description: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="team_desc2" id="team_desc" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr><td><br /></td></tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team3" id="qaos_team" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Description: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="team_desc3" id="team_desc" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t<tr><td><br /></td></tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team4" id="qaos_team" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Description: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="team_desc4" id="team_desc" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t<tr><td><br /></td></tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="qaos_team5" id="qaos_team" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\tEnter the Team Description: \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t\t<input name="team_desc5" id="team_desc" type="text"> \t\t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t</table> \t\t\t\t\t</span> \t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t<input type="submit" name="btnAddTeam" id="submitbutton" value="Submit"> \t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t</tr> \t\t\t\t\t</fieldset> \t\t\t\t</form> \t\t\t</div> \t\t</div> \t\t<style type="text/css"> \t\t\t.hiddenteams{display:none;} \t\t\t.shownteams{display:block;} \t\t</style> \t\t<script language="javascript" type="text/javascript"> \t\t\tfunction toggleuploadfiles(gett) { \t\t\t\tif(gett.nextSibling.nextSibling.className != "shownteams") \t\t\t\t{ \t\t\t\t\tgett.nextSibling.nextSibling.className = "shownteams"; \t\t\t\t\tgett = gett.nextSibling.nextSibling; \t\t\t\t} \t\t\t\telse \t\t\t\t{ \t\t\t\t\tgett.nextSibling.nextSibling.className = "hiddenteams"; \t\t\t\t\tgett = gett.nextSibling.nextSibling; \t\t\t\t} \t\t\t} \t\t</script> ADDTEAMS; } $html .= "<br />"; $html .= <<<ADDPERSON \t\t<script type="text/javascript" language="javascript"> \t\t<!-- \t\t\timgAjaxLoading = new Image(); \t\t\timgAjaxLoading.src = '{$imagesFolder}/ajaxloading.gif'; \t\t--> \t\t</script> \t\t<style type="text/css"> \t\t<!-- \t\t\tspan.suggestion { \t\t\t\tpadding: 2px 4px 2px 4px; \t\t\t\tdisplay: block; \t\t\t\tbackground-color: white; \t\t\t\tcursor: pointer; \t\t\t} \t\t\tspan.suggestion:hover { \t\t\t\tbackground-color: #DEDEDE; \t\t\t} \t\t--> \t\t</style> \t\t<script type="text/javascript" language="javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script> \t\t<div class="registrationform"> \t\t\t<div class="addteammember"> \t\t\t\t<form id="addteammember" method="POST" onsubmit="return checkProfileForm(this)" action="./+edit&subaction=addteammember"> \t\t\t\t\t<fieldset style="width:80%"> \t\t\t\t\t\t<legend><b>Add Team Members</b></legend> \t\t\t\t\t\t\t<table> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the Team Member Name: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="useremail" id="userEmail" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsName" class="suggestionbox"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the User Designation: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="userdesignation" id="userDesignation" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t<div id="suggestionsDesignation" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the Team Name: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="userteam" id="userTeam" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsTeam" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the Parent Team Name: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="userparentteam" id="userParentTeam" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsParentTeam" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter the Parent Designation: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="userparentdesignation" id="userParentDesignation" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsParentDesignation" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter Qaos Team1: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam1" id="qaosTeam1" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam1" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter Qaos Team2: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam2" id="qaosTeam2" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam2" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter Qaos Team3: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam3" id="qaosTeam3" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam3" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\tEnter Qaos Team4: \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t\t<td> \t\t\t\t\t\t\t\t\t\t<input type="text" name="qaosteam4" id="qaosTeam4" autocomplete="off" style="width: 256px" /> \t\t\t\t\t\t\t\t\t\t<div id="suggestionsQaosTeam4" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div> \t\t\t\t\t\t\t\t\t</td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t\t \t\t\t\t\t\t\t\t<tr> \t\t\t\t\t\t\t\t\t<td><input type="submit" name="btnAddTeamMember" id="submitbutton" value="Add Team Member"></td> \t\t\t\t\t\t\t\t</tr> \t\t\t\t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\t\t\t<!-- \t\t\t\t\t\t\t\tnameSuggestionBox = new SuggestionBox(document.getElementById('userEmail'), document.getElementById('suggestionsName'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=username'); \t\t\t\t\t\t\t\tnameSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userDesignation'), document.getElementById('suggestionsDesignation'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=designation'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userTeam'), document.getElementById('suggestionsTeam'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userParentTeam'), document.getElementById('suggestionsParentTeam'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('userParentDesignation'), document.getElementById('suggestionsParentDesignation'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=designation'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam1'), document.getElementById('suggestionsQaosTeam1'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam2'), document.getElementById('suggestionsQaosTeam2'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam3'), document.getElementById('suggestionsQaosTeam3'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\tdesignationSuggestionBox = new SuggestionBox(document.getElementById('qaosTeam4'), document.getElementById('suggestionsQaosTeam4'), './+edit&subaction=getsuggestions&forwhat=%pattern%&suggestiontype=team'); \t\t\t\t\t\t\t\tdesignationSuggestionBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t\t\t \t\t\t\t\t\t\t--> \t\t\t\t\t\t\t</script> \t\t\t\t\t\t\t</table> \t\t\t\t\t</fieldset> \t\t\t\t</form> \t\t\t</div> \t\t</div> ADDPERSON; // if the user team is core, then display the parent team name and designation field, otherwise disable it! if ($userTeamId == $this->getTeamIdFromTeamName("Core")) { $html .= <<<DISABLEPARENTFIELD \t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\tdocument.getElementById("userParentTeam").disabled=false; \t\t\t\t\tdocument.getElementById("userParentDesignation").disabled=false; \t\t\t\t</script> DISABLEPARENTFIELD; } else { if ($userTeamId == $this->getTeamIdFromTeamName("Qaos")) { $html .= <<<DISABLEPARENTFIELD \t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\tdocument.getElementById("qaosTeam1").disabled=false; \t\t\t\t\tdocument.getElementById("qaosTeam2").disabled=false; \t\t\t\t\tdocument.getElementById("qaosTeam3").disabled=false; \t\t\t\t\tdocument.getElementById("qaosTeam4").disabled=false; \t\t\t\t</script> DISABLEPARENTFIELD; } else { $html .= <<<DISABLEPARENTFIELD \t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\t\tdocument.getElementById("userParentTeam").disabled=true; \t\t\t\t\t\tdocument.getElementById("userParentDesignation").disabled=true; \t\t\t\t\t\tdocument.getElementById("qaosTeam1").disabled=true; \t\t\t\t\t\tdocument.getElementById("qaosTeam2").disabled=true; \t\t\t\t\t\tdocument.getElementById("qaosTeam3").disabled=true; \t\t\t\t\t\tdocument.getElementById("qaosTeam4").disabled=true; \t\t\t\t</script> DISABLEPARENTFIELD; } } return $html; }
/** * @param $userId The user for whom the list of permitted actions must be computed. * @param $pageId The page on which the permissible action for the user is computed * * @return $searchbar The search bar for tags. */ function getSearchbar($userId, $pageId) { if (isset($_GET['searchbar']) && isset($_GET['searchContents'])) { $_GET['searchbar'] = escape($_GET['searchbar']); $_GET['searchContents'] = escape($_GET['searchContents']); $allPageQuery = "SELECT `page_id`, `page_module` FROM `" . MYSQL_DATABASE_PREFIX . "pages`"; $allPageResult = mysql_query($allPageQuery); $pagesIdList = array(); //Contains all pages for which the user has view permission while ($row = mysql_fetch_assoc($allPageResult)) { if (getPermissions($userId, $row['page_id'], $action = "view", $module = $row['page_module'])) { array_push($pagesIdList, intval($row['page_id'])); } } $searchQueryParams = ""; foreach ($pagesIdList as $key => $value) { $searchQueryParams .= $value . ","; } $searchQueryParams = substr($searchQueryParams, 0, -1); $searchQuery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "pagetags` WHERE `tag_text` LIKE '%{$_GET['searchContents']}%' AND `page_id` IN (" . $searchQueryParams . ");"; $tagsWithPermsResult = mysql_query($searchQuery); $searchResult = mysql_query($searchQuery); $suggestions = ""; while ($row = mysql_fetch_assoc($searchResult)) { $suggestions .= "<a href=" . hostURL() . getPagePath($row['page_id']) . ">"; $pageInfo = getPageInfo($row['page_id']); $suggestions .= $pageInfo['page_title'] . "</a><br/>"; } echo $suggestions; exit(0); } $searchbar = <<<SEARCHSCRIPT <script> function showResult(searchstr) { if (searchstr.length==0) { document.getElementById("tagSuggestions").innerHTML=""; document.getElementById("tagSuggestions").style.border="0px"; return; } if (window.XMLHttpRequest) { // code for IE7+, Firefox, Chrome, Opera, Safari xmlhttp=new XMLHttpRequest(); }else { // code for IE6, IE5 xmlhttp=new ActiveXObject("Microsoft.XMLHTTP"); } xmlhttp.onreadystatechange=function() { if (xmlhttp.readyState==4 && xmlhttp.status==200) { if(xmlhttp.responseText != "") { console.log(xmlhttp.responseText); document.getElementById("tagSuggestions").innerHTML=xmlhttp.responseText; document.getElementById("tagSuggestions").style.border="1px solid #A5ACB2"; } else { document.getElementById("tagSuggestions").innerHTML=""; document.getElementById("tagSuggestions").style.border="0px"; } } } xmlhttp.open("GET","./&searchbar=1&searchContents="+searchstr,true); xmlhttp.send(); } </script> SEARCHSCRIPT; $searchbar .= "<div id='cms-searchbar'>"; $searchbar .= "<input type='text' size='30' onkeyup='showResult(this.value)'>"; $searchbar .= "<div id='tagSuggestions'></div>"; $searchbar .= "</div>"; return $searchbar; }
function PreInstall($errorMessage = '') { global $aConf, $permFiles, $permDirectories, $aRayFolders, $aRayFiles; if (ini_get('safe_mode') == 1 || ini_get('safe_mode') == 'On') { $errorMessage .= "Please turn off <b>safe_mode</b> in your php.ini file configuration"; } $ret = ''; $ret .= '<div class="position">Permissions</div>'; if (strlen($errorMessage)) { $ret .= printInstallError($errorMessage); } $ret .= '<div class="LeftRirght">'; $ret .= '<div class="clearBoth"></div>'; $ret .= '<div class="left"> Dolphin needs special access for certain files and directories. Please, change permissions as specified in the chart below. Helpful info about permissions is <a href="http://www.boonex.net/cgi-bin/trac_dolphin.cgi/wiki/DetailedInstall#Permissions" target="_blank">available here</a>. </div>'; $ret .= '<div class="clear_both"></div>'; $ret .= '<div class="right"> <table cellpadding="0" cellspacing="1" width="100%" border="0" style="background-color:silver;"> <tr class="head"> <td>Directories</td> <td>Current Level</td> <td>Desired Level</td> </tr>'; $i = 0; asort($permDirectories); asort($permFiles); foreach ($permDirectories as $dir) { if ($i % 2 == 0) { $styleAdd = 'background-color:#ede9e9;'; } else { $styleAdd = 'background-color:#fff;'; } $ret .= '<tr style="' . $styleAdd . '" class="cont">'; $ret .= '<td>' . $dir . '</td>'; $ret .= '<td class="span">'; if (isFullAccessible('../' . $dir)) { $ret .= '<span class="writable">' . getPermissions('../' . $dir) . '</span><span>Writable</span>'; } else { $ret .= '<span class="unwritable">' . getPermissions('../' . $dir) . '</span><span>Non-writable</span>'; } $ret .= '</td>'; $ret .= '<td class="span">'; $ret .= '<span class="desired">777</span><span>Writable</span>'; $ret .= '</td>'; $ret .= '</tr>'; $i++; } $ret .= '<tr class="head"> <td>Files</td> <td>Current Level</td> <td>Desired Level</td> </tr> '; $i = 0; foreach ($permFiles as $file) { $str = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']; $dir = preg_replace("/install\\/(index\\.php\$)/", "", $str); if (file_exists($dir . $file)) { if ($i % 2 == 0) { $styleAdd = 'background-color:#ede9e9;'; } else { $styleAdd = 'background-color:#fff;'; } $ret .= '<tr style="' . $styleAdd . '" class="cont">'; $ret .= '<td>' . $file . '</td>'; $ret .= '<td class="span">'; if (isRWAccessible('../' . $file)) { $ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Writable</span>'; } else { $ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Non-writable</span>'; } $ret .= '</td>'; $ret .= '<td class="span">'; $ret .= '<span class="desired">666</span><span>Writable</span>'; $ret .= '</td>'; $ret .= '</tr>'; $i++; } } $ret .= '<tr class="head"> <td>Ray Folders</td> <td>Current Level</td> <td>Desired Level</td> </tr>'; $i = 0; foreach ($aRayFolders as $dir) { if ($i % 2 == 0) { $styleAdd = 'background-color:#ede9e9;'; } else { $styleAdd = 'background-color:#fff;'; } $ret .= '<tr style="' . $styleAdd . '" class="cont">'; $ret .= '<td>' . $dir . '</td>'; $ret .= '<td class="span">'; if (isFullAccessible('../' . $dir)) { $ret .= '<span class="writable">' . getPermissions('../' . $dir) . '</span><span>Writable</span>'; } else { $ret .= '<span class="unwritable">' . getPermissions('../' . $dir) . '</span><span>Non-writable</span>'; } $ret .= '</td>'; $ret .= '<td class="span">'; $ret .= '<span class="desired">777</span><span>Writable</span>'; $ret .= '</td>'; $ret .= '</tr>'; $i++; } $ret .= '<tr class="head"> <td>Ray Files</td> <td>Current Level</td> <td>Desired Level</td> </tr> '; $i = 0; foreach ($aRayFiles as $file) { $str = $_SERVER['DOCUMENT_ROOT'] . $_SERVER['SCRIPT_NAME']; $dir = preg_replace("/install\\/(index\\.php\$)/", "", $str); if (file_exists($dir . $file)) { if ($i % 2 == 0) { $styleAdd = 'background-color:#ede9e9;'; } else { $styleAdd = 'background-color:#fff;'; } $ret .= '<tr style="' . $styleAdd . '" class="cont">'; $ret .= '<td>' . $file . '</td>'; $ret .= '<td class="span">'; if (strpos($file, 'ffmpeg') === FALSE) { if (isRWAccessible('../' . $file)) { $ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Writable</span>'; } else { $ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Non-writable</span>'; } } else { if (isFullAccessible('../' . $file)) { $ret .= '<span class="writable">' . getPermissions('../' . $file) . '</span><span>Executable</span>'; } else { $ret .= '<span class="unwritable">' . getPermissions('../' . $file) . '</span><span>Unexecutable</span>'; $bError = TRUE; } } $ret .= '</td>'; $ret .= '<td class="span">'; if (strpos($file, 'ffmpeg') === FALSE) { $ret .= '<span class="desired">666</span><span>Writable</span>'; } else { $ret .= '<span class="desired">777</span><span>Executable</span>'; } $ret .= '</td>'; $ret .= '</tr>'; $i++; } } $ret .= ' </table> <div class="formKeeper"> <div class="button_area_1"> <form action="' . $_SERVER['PHP_SELF'] . '" method="post"> <input id="button" type="image" src="images/check.gif" /> <input type="hidden" name="action" value="preInstall" /> </form> </div>'; $ret .= ' <div class="button_area_2"> <form action="' . $_SERVER['PHP_SELF'] . '" method="post"> <input id="button" type="image" src="images/next.gif" /> <input type="hidden" name="action" value="step1" /> </form> </div> <div class="clearBoth"></div> </div> </div>'; $ret .= '</div>'; return $ret; }
function getAssociableFormsList($userId, $emptyFormsOnly = false) { /// List containing form id, page title, page path $formIdQuery = 'SELECT `page_id`, `form_desc`.`page_modulecomponentid`, `page_title` FROM `' . MYSQL_DATABASE_PREFIX . "pages`, `form_desc` " . 'WHERE `page_module` = \'form\' AND `form_loginrequired` = 1 AND `' . 'form_desc`.`page_modulecomponentid` = `' . MYSQL_DATABASE_PREFIX . 'pages`.`page_modulecomponentid`'; $formIdResult = mysql_query($formIdQuery); if (!$formIdResult) { displayerror($formIdQuery . ' ' . mysql_error()); } $associableForms = array(); global $sourceFolder, $moduleFolder; require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php"; while ($formIdRow = mysql_fetch_row($formIdResult)) { // displayerror($userId . ' ' . $formIdRow[0] . ' ' . getPermissions($userId, $formIdRow[0], 'editform')); if (getPermissions($userId, $formIdRow[0], 'editregistrants')) { if ($emptyFormsOnly) { if (form::getRegisteredUserCount($formIdRow[1]) == 0) { $associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0])); } } else { $associableForms[] = array($formIdRow[1], $formIdRow[2], getPagePath($formIdRow[0])); } } } return $associableForms; }
if (_rows($check)) { $sel = "selected=\"selected\""; } else { $sel = ""; } $posi .= show(_select_field_posis, array("value" => $getpos['id'], "sel" => $sel, "what" => re($getpos['position']))); } $qrysquser = db("SELECT squad FROM " . $db['squaduser'] . "\n WHERE user = '******'edit']) . "'\n AND squad = '" . $getsq['id'] . "'"); if (_rows($qrysquser)) { $check = "checked=\"checked\""; } else { $check = ""; } $esquads .= show(_checkfield_squads, array("id" => $getsq['id'], "check" => $check, "eposi" => $posi, "noposi" => _user_noposi, "squad" => re($getsq['name']))); } $show = show($dir . "/register", array("registerhead" => _useradd_head, "pname" => _loginname, "pnick" => _nick, "pemail" => _email, "pbild" => _config_c_upicsize, "ppwd" => _pwd, "squadhead" => _admin_user_squadhead, "squad" => _member_admin_squad, "posi" => _profil_position, "esquad" => $esquads, "about" => _useradd_about, "level_info" => _level_info, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(), "getboardpermissions" => getBoardPermissions(), "forenrechte" => _config_positions_boardrights, "preal" => _profil_real, "psex" => _profil_sex, "sex" => _pedit_male, "pbday" => _profil_bday, "dropdown_age" => $dropdown_age, "pwohn" => _useradd_wohn, "pcity" => _profil_city, "pcountry" => _profil_country, "country" => show_countrys($get['country']), "gmaps" => $gmaps, "level" => _admin_user_level, "ruser" => _status_user, "trial" => _status_trial, "alvl" => "", "member" => _status_member, "admin" => _status_admin, "banned" => _admin_level_banned, "value" => _button_value_reg)); if ($_GET['do'] == "add") { $check_user = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\tWHERE user = '******'user'] . "'"); $check_nick = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\tWHERE nick = '" . $_POST['nick'] . "'"); $check_email = db("SELECT id FROM " . $db['users'] . "\n\t\t\t\t\t\t\t\t\t\t\t WHERE email = '" . $_POST['email'] . "'"); if (empty($_POST['user'])) { $show = error(_empty_user, 1); } elseif (empty($_POST['nick'])) { $show = error(_empty_nick, 1); } elseif (empty($_POST['email'])) { $show = error(_empty_email, 1); } elseif (!check_email($_POST['email'])) { $show = error(_error_invalid_email, 1); } elseif (_rows($check_user)) { $show = error(_error_user_exists, 1); } elseif (_rows($check_nick)) {
/** * @package pragyan * @copyright (c) 2008 Pragyan Team * @license http://www.gnu.org/licenses/ GNU Public License * For more details, see README */ function bbeditor($action, $subject = "", $text = "") { global $urlRequestRoot, $sourceFolder, $moduleFolder, $cmsFolder; $css = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/styles.css"; $js = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/images/jscript.js"; $imgpath = $urlRequestRoot . "/" . $cmsFolder . "/" . $moduleFolder . "/forum/"; global $ICONS; $editor = <<<FORUM <link rel="stylesheet" href="{$css}" type="text/css" /> <script type="text/javascript" languauge="javascript" src="{$js}"></script> <div id="bbeditor"> <fieldset><legend>{$ICONS['Forum New Entry']['small']}Create New Entry</legend> \t \t<form name="inputform" method="post" action="{$action}" enctype="multipart/form-data"> \t<table class="tbl-border" cellpadding="0" cellspacing="0" width="100%"> \t<tbody><tr> \t<td> \t<table border="0" cellpadding="0" cellspacing="1" width="100%"> \t<tbody><tr> \t<td class="tbl2" width="145">Subject*</td> \t<td class="tbl2"><input name="subject" value="{$subject}" class="textbox" maxlength="255" style="width: 250px;" type="text"></td> \t</tr> \t<tr> \t<td class="tbl2" valign="top" width="145">Message*</td> \t<td class="tbl1"><textarea name="message" cols="80" rows="15" class="textbox" >{$text}</textarea></td> \t</tr> \t<tr> \t<td class="tbl2" width="145"> </td> \t<td class="tbl2"> \t<input value="b" class="button" style="font-weight: bold; width: 25px;" onclick="addText('message', '[b]', '[/b]');" type="button"> \t<input value="i" class="button" style="font-style: italic; width: 25px;" onclick="addText('message', '[i]', '[/i]');" type="button"> \t<input value="u" class="button" style="text-decoration: underline; width: 25px;" onclick="addText('message', '[u]', '[/u]');" type="button"> \t<input value="url" class="button" style="width: 30px;" onclick="addText('message', '[url]', '[/url]');" type="button"> \t<input value="mail" class="button" style="width: 35px;" onclick="addText('message', '[mail]', '[/mail]');" type="button"> \t<input value="img" class="button" style="width: 30px;" onclick="addText('message', '[img]', '[/img]');" type="button"> \t<input value="center" class="button" style="width: 45px;" onclick="addText('message', '[center]', '[/center]');" type="button"> \t<input value="small" class="button" style="width: 40px;" onclick="addText('message', '[small]', '[/small]');" type="button"> \t<input value="code" class="button" style="width: 40px;" onclick="addText('message', '[code]', '[/code]');" type="button"> \t<input value="quote" class="button" style="width: 45px;" onclick="addText('message', '[quote]', '[/quote]');" type="button"> \t</td> \t</tr> \t<tr> \t<td class="tbl2" width="145"> </td> \t<td class="tbl1"> \tFont Color: <select name="bbcolor" class="textbox" style="width: 90px;" onchange="addText('message', '[color=' + this.options[this.selectedIndex].value + ']', '[/color]');this.selectedIndex=0;"> \t<option value="">Default</option> \t<option value="maroon" style="color: maroon;">Maroon</option> \t<option value="red" style="color: red;">Red</option> \t<option value="orange" style="color: orange;">Orange</option> \t<option value="brown" style="color: brown;">Brown</option> \t<option value="yellow" style="color: yellow;">Yellow</option> \t<option value="green" style="color: green;">Green</option> \t<option value="lime" style="color: lime;">Lime</option> \t<option value="olive" style="color: olive;">Olive</option> \t<option value="cyan" style="color: cyan;">Cyan</option> \t<option value="blue" style="color: blue;">Blue</option> \t<option value="navy" style="color: navy;">Navy Blue</option> \t<option value="purple" style="color: purple;">Purple</option> \t<option value="violet" style="color: violet;">Violet</option> \t<option value="black" style="color: black;">Black</option> \t<option value="gray" style="color: gray;">Gray</option> \t<option value="silver" style="color: silver;">Silver</option> \t<option value="white" style="color: white;">White</option> \t</select> \t</td> \t</tr> \t<tr> \t<td class="tbl2" width="145"> </td> \t<td class="tbl2"> \t<img class="smiley" title="Smile" src="{$imgpath}/images/smileys/smile.gif" alt=":)" onclick="insertText('message', ':)');">  \t<img class="smiley" title="Wink" src="{$imgpath}/images/smileys/wink.gif" alt=";)" onclick="insertText('message', ';)');">  \t<img class="smiley" title="Frown" src="{$imgpath}/images/smileys/frown.gif" alt=":|" onclick="insertText('message', ':|');">  \t<img class="smiley" title="Sad" src="{$imgpath}/images/smileys/sad.gif" alt=":(" onclick="insertText('message', ':(');">  \t<img class="smiley" title="Shock" src="{$imgpath}/images/smileys/shock.gif" alt=":o" onclick="insertText('message', ':o');">  \t<img class="smiley" title="lol" src="{$imgpath}/images/smileys/pfft.gif" alt=":p" onclick="insertText('message', ':p');">  \t<img class="smiley" title="Cool" src="{$imgpath}/images/smileys/cool.gif" alt="B)" onclick="insertText('message', 'B)');">  \t<img class="smiley" title="Grin" src="{$imgpath}/images/smileys/grin.gif" alt=":D" onclick="insertText('message', ':D');">  \t<img class="smiley" title="Angry" src="{$imgpath}/images/smileys/angry.gif" alt=":@" onclick="insertText('message', ':@');">  \t</td> \t</tr> \t FORUM; global $userId; global $pageId; $moderate = getPermissions($userId, $pageId, 'moderate', 'forum'); if ($moderate) { $editor .= '<tr> <td class="tbl2" valign="top" width="145">Options</td> <td class="tbl2"> <input name="sticky" value="1" type="checkbox"> Make this Thread Sticky<br></td> </tr>'; } $editor .= <<<FORUM \t<tr> \t<td colspan="2" class="button1"> \t<input class="button2" name="preview" value="Preview " class="button" type="submit"> \t<input class="button2" name="post" value="Post " class="button" type="submit"> \t</td> \t</tr> \t</tbody></table> \t</td> \t</tr> \t</tbody></table> \t</form> \t</fieldset> </div> FORUM; return $editor; }
/** * Funtion which tells the cms uploaded file access is defined by which action */ public static function getFileAccessPermission($pageId, $moduleComponentId, $userId, $fileName) { return getPermissions($userId, $pageId, "view"); }
<!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-8"> <link rel = "stylesheet" type="text/css" href="../style.css"> <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.11.2/jquery.min.js"></script> </head> <body> <?php require_once '../non_interface/util.php'; if (!isset($_SESSION)) { session_start(); } $perms = getPermissions(); try { $post_id = 0; if (isset($_POST['post_id']) && !isset($_POST['text'])) { $post_id = $_POST['post_id']; $con = connect() or die("db connection error"); $sql = "SELECT text, post_type, title FROM posts where post_id = {$post_id}"; $result = mysqli_query($con, $sql); $row = mysqli_fetch_array($result); if ($row['post_type'] == 'Q') { echo "<div class=\"question\"><h3>" . $row['title'] . "</h3>"; } else { echo "<div class=\"answer\">"; } echo "<br><p class=\"text\">" . $row['text'] . "</p><br>"; $post_type = $row['post_type']; echo "<table class=\"comment\">\n\t\t\t\t</td></tr><form action=\"comment.php\" method=\"post\"><tr><td>\n\t\t\t\t<u>Comment:</u></td><tr><td>\n\t\t\t\t<textarea rows=\"20\" cols=\"30\" id=\"text\" name=\"text\"></textarea>\n\t\t\t\t</td></tr><tr><td><input type=\"hidden\" name=\"post_id\" value={$post_id}><input type=\"hidden\" name=\"post_type\" value={$post_type}><input class=\"button1\" type=\"submit\" value=\"Submit\"></td></tr>";
$qrysquser = db("SELECT squad FROM " . $db['squaduser'] . "\n WHERE user = '******'edit']) . "'\n AND squad = '" . $getsq['id'] . "'"); if (_rows($qrysquser)) { $check = "checked=\"checked\""; } else { $check = ""; } $esquads .= show(_checkfield_squads, array("id" => $getsq['id'], "check" => $check, "eposi" => $posi, "noposi" => _user_noposi, "squad" => re($getsq['name']))); } $get_identy = show(_admin_user_get_identitat, array("id" => $_GET['edit'])); $editpwd = show($dir . "/admin_editpwd", array("pwd" => _new_pwd, "epwd" => "")); if ($chkMe == 4) { $elevel = show(_elevel_admin_select, array("selu" => $selu, "selt" => $selt, "selm" => $selm, "sela" => $sela, "ruser" => _status_user, "banned" => _admin_level_banned, "trial" => _status_trial, "member" => _status_member, "admin" => _status_admin)); } elseif (permission("editusers")) { $elevel = show(_elevel_perm_select, array("selu" => $selu, "selt" => $selt, "selm" => $selm, "ruser" => _status_user, "banned" => _admin_level_banned, "trial" => _status_trial, "member" => _status_member)); } $index = show($dir . "/admin", array("enick" => re($get['nick']), "user" => intval($_GET['edit']), "value" => _button_value_edit, "eemail" => $get['email'], "eloginname" => $get['user'], "esquad" => $esquads, "editpwd" => $editpwd, "eposi" => $posi, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(intval($_GET['edit'])), "getboardpermissions" => getBoardPermissions(intval($_GET['edit'])), "forenrechte" => _config_positions_boardrights, "showpos" => getrank($_GET['edit']), "nothing" => _nothing, "listck" => empty($get['listck']) ? '' : ' checked="checked"', "clankasse" => _user_list_ck, "auth_info" => _admin_user_clanhead_info, "alvl" => $get['level'], "elevel" => $elevel, "level_info" => _level_info, "gallery" => _admin_user_gallery, "yes" => _yes, "no" => _no, "cw_info" => _cw_info, "edithead" => _admin_user_edithead, "personalhead" => _admin_user_personalhead, "squadhead" => _admin_user_squadhead, "clanhead" => _admin_user_clanhead, "nick" => _nick, "email" => _email, "loginname" => _loginname, "identitat" => _admin_user_identitat, "get" => $get_identy, "squad" => _member_admin_squad, "newsletter" => _member_admin_newsletter, "downloads" => _member_admin_downloads, "links" => _member_admin_links, "votes" => _member_admin_votes, "votesadmin" => _member_admin_votesadmin, "gb" => _member_admin_gb, "forum" => _member_admin_forum, "intnews" => _member_admin_intnews, "intforum" => _member_admin_intforums, "i_forum" => $i_forum, "forums" => _forum, "access" => _access, "news" => _member_admin_news, "clanwars" => _member_admin_clanwars, "posi" => _profil_position, "level" => _admin_user_level, "ck" => _admin_user_clankasse, "sl" => _admin_user_serverliste, "eu" => _admin_user_edituser, "et" => _admin_user_edittactics, "esq" => _admin_user_editsquads, "eserver" => _admin_user_editserver, "ek" => _admin_user_editkalender)); } } } break; } ## SETTINGS ## $whereami = preg_replace_callback("#autor_(.*?)\$#", create_function('$id', 'return data("$id[1]","nick");'), $where); $title = $pagetitle . " - " . $whereami . ""; $time_end = generatetime(); $time = round($time_end - $time_start, 4); page($index, $title, $where, $time); ## OUTPUT BUFFER END ## gz_output(); ?>
db("INSERT INTO " . $db['f_access'] . " SET `pos` = '" . intval($_GET['id']) . "', `forum` = '" . $v . "'"); } } //////////////////// $show = info(_pos_admin_edited, "?admin=positions"); } } elseif ($_GET['do'] == "delete") { db("DELETE FROM " . $db['pos'] . " WHERE id = '" . intval($_GET['id']) . "'"); db("DELETE FROM " . $db['permissions'] . " WHERE pos = '" . intval($_GET['id']) . "'"); $show = info(_pos_admin_deleted, "?admin=positions"); } elseif ($_GET['do'] == "new") { $qry = db("SELECT * FROM " . $db['pos'] . "\n ORDER BY pid"); while ($get = _fetch($qry)) { $positions .= show(_select_field, array("value" => $get['pid'] + 1, "what" => _nach . ' ' . re($get['position']), "sel" => "")); } $show = show($dir . "/form_pos", array("newhead" => _pos_new_head, "do" => "add", "pos" => _position, "rechte" => _config_positions_rights, "getpermissions" => getPermissions(), "getboardpermissions" => getBoardPermissions(), "nothing" => "", "forenrechte" => _config_positions_boardrights, "positions" => $positions, "kat" => "", "what" => _button_value_add, "dlkat" => _admin_download_kat)); } elseif ($_GET['do'] == "add") { if (empty($_POST['kat'])) { $show = error(_pos_empty_kat, 1); } else { if ($_POST['pos'] == "1" || "2") { $sign = ">= "; } else { $sign = "> "; } $posi = db("UPDATE " . $db['pos'] . "\n SET `pid` = pid+1\n WHERE pid " . $sign . " '" . intval($_POST['pos']) . "'"); $qry = db("INSERT INTO " . $db['pos'] . "\n SET `pid` = '" . (int) $_POST['pos'] . "',\n `position` = '" . up($_POST['kat']) . "'"); $posID = mysql_insert_id(); // permissions foreach ($_POST['perm'] as $v => $k) { $p .= "`" . substr($v, 2) . "` = '" . intval($k) . "',";
public static function getSubscribableLists($userId) { $newsletterListQuery = 'SELECT `page_id`, `page_modulecomponentid` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_module` = \'newsletter\' ORDER BY `page_modulecomponentid`'; $newsletterListResult = mysql_query($newsletterListQuery); $subscribableLists = array(); while ($newsletterListRow = mysql_fetch_row($newsletterListQuery)) { if (getPermissions($userId, $newsletterListRow[0], 'view', 'newsletter')) { $listName = getNewsletterName($newsletterListRow[1]); $listPath = getNewsletterPath($newsletterListRow[0]); $subscribed = newsletter::isUserRegistered($userId, $newsletterListRow[1]); $subscribableLists[] = array($listName, $listPath, $subscribed); } } $subscribableLists[] = array('newsletter1', 'newsletter1', 0); $subscribableLists[] = array('newsletter2', 'newsletter3', 1); $subscribableLists[] = array('newsletter3', 'newsletter2', 1); return $subscribableLists; }
function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) { require_once "group.lib.php"; global $ICONS; global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder, $sourceFolder; $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts"; $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images"; /// Parse any get variables, do necessary validation and stuff, so that we needn't check inside every if $groupRow = $groupId = $userId = null; $subAction = ''; //isset($_GET['subaction']) ? $_GET['subaction'] : ''; if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname']) || isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])) { $subAction = 'showeditform'; } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform') { $subAction = 'associateform'; } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail'])) { $subAction = 'deleteuser'; } elseif (isset($_POST['btnAddUserToGroup'])) { $subAction = 'addusertogroup'; } elseif (isset($_POST['btnSaveGroupProperties'])) { $subAction = 'savegroupproperties'; } elseif (isset($_POST['btnEditGroupPriorities']) || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities') { $subAction = 'editgrouppriorities'; } if (isset($_POST['selEditGroups']) || isset($_GET['groupname'])) { $groupRow = getGroupRow(isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname'])); $groupId = $groupRow['group_id']; if ($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) { displayerror('Error! Invalid group requested.'); return; } if (!is_null($groupId)) { if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) { displayerror('You do not have the permission to modify the selected group.'); return ''; } } } if (isset($_GET['useremail'])) { $userId = getUserIdFromEmail($_GET['useremail']); } if ($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) { if ($subAction == 'deleteuser') { if ($groupRow['form_id'] != 0) { displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.'); } elseif (!$userId) { displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id'); } else { $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `group_id` = ' . $groupId; $deleteResult = mysql_query($deleteQuery); if (!$deleteResult || mysql_affected_rows() != 1) { displayerror('Could not delete user with the given E-mail from the given group.'); } else { displayinfo('Successfully removed user from the current group'); if ($userId == $currentUserId) { $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } } } } elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) { $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '" . escape($_POST['txtGroupDescription']) . "' WHERE `group_id` = '{$groupId}'"; $updateResult = mysql_query($updateQuery); if (!$updateResult) { displayerror('Could not update database.'); } else { displayinfo('Changes to the group have been successfully saved.'); } $groupRow = getGroupRow($groupRow['group_name']); } elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') { if ($groupRow['form_id'] != 0) { displayerror('The selected group is associated with a form. To add a user, register the user to the form.'); } else { $passedEmails = explode(',', escape($_POST['txtUserEmail'])); for ($i = 0; $i < count($passedEmails); $i++) { $hyphenPos = strpos($passedEmails[$i], '-'); if ($hyphenPos >= 0) { $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1)); } else { $userEmail = escape($_POST['txtUserEmail']); } $userId = getUserIdFromEmail($userEmail); if (!$userId || $userId < 1) { displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id'); } if (!addUserToGroupName($groupRow['group_name'], $userId)) { displayerror('Could not add the given user to the current group.'); } else { displayinfo('User has been successfully inserted into the given group.'); } } } } elseif ($subAction == 'associateform') { if (isset($_POST['btnAssociateGroup'])) { $pageIdArray = array(); $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray); if ($formPageId <= 0 || getPageModule($formPageId) != 'form') { displayerror('Invalid page selected! The page you selected is not a form.'); } elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form')) { displayerror('You do not have the permissions to associate the selected form with a group.'); } else { $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form'); require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php"; if (isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) { associateGroupWithForm($groupId, $formModuleId); $groupRow = getGroupRow($groupRow['group_name']); } else { displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.'); } } } elseif (isset($_POST['btnUnassociateGroup'])) { if ($groupRow['form_id'] <= 0) { displayerror('The selected group is currently not associated with any form.'); } elseif (!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) { displayerror('You do not have the permissions to unassociate the form from this group.'); } else { unassociateFormFromGroup($groupId); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); $groupRow = getGroupRow($groupRow['group_name']); } } } if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) { displayerror('You do not have the permission to modify the selected group.'); return ''; } $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`'; $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`'; $userQuery = "SELECT `user_email`, `user_fullname` FROM {$usergroupTable}, {$usersTable} WHERE `group_id` = '{$groupId}' AND {$usersTable}.`user_id` = {$usergroupTable}.`user_id` ORDER BY `user_email`"; $userResult = mysql_query($userQuery); if (!$userResult) { displayerror('Error! Could not fetch group information.'); return ''; } $userEmails = array(); $userFullnames = array(); while ($userRow = mysql_fetch_row($userResult)) { $userEmails[] = $userRow[0]; $userFullnames[] = $userRow[1]; } $groupEditForm = <<<GROUPEDITFORM \t\t\t<h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['User Groups']['small']}Group Properties</legend> \t\t\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}"> \t\t\t\t\tGroup Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" /> \t\t\t\t\t<input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" /> \t\t\t\t</form> \t\t\t</fieldset> \t\t\t<br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend> GROUPEDITFORM; $userCount = mysql_num_rows($userResult); global $urlRequestRoot, $cmsFolder, $templateFolder, $sourceFolder; $deleteImage = "<img src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />"; for ($i = 0; $i < $userCount; $i++) { $isntAssociatedWithForm = $groupRow['form_id'] == 0; if ($isntAssociatedWithForm) { $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>"; } $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n"; } $associateForm = ''; if ($groupRow['form_id'] == 0) { $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId)); $associableFormCount = count($associableForms); $associableFormsBox = '<select name="selFormPath">'; for ($i = 0; $i < $associableFormCount; ++$i) { $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>'; } $associableFormsBox .= '</select>'; $associateForm = <<<GROUPASSOCIATEFORM \t\t\tSelect a form to associate the group with: {$associableFormsBox} \t\t\t<input type="submit" name="btnAssociateGroup" value="Associate Group with Form" /> GROUPASSOCIATEFORM; } else { $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']); $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' . '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />'; } $groupEditForm .= '</fieldset>'; if ($groupRow['form_id'] == 0) { $groupEditForm .= <<<GROUPEDITFORM \t\t\t\t<br /> \t\t\t\t<fieldset style="padding: 8px"> \t\t\t\t\t<legend>{$ICONS['Add']['small']}Add Users to Group</legend> \t\t\t\t\t<form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}"> \t\t\t\t\t\tEmail ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" /> \t\t\t\t\t\t<div id="suggestionDiv" class="suggestionbox"></div> \t\t\t\t\t\t<script language="javascript" type="text/javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script> \t\t\t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\t\t<!-- \t\t\t\t\t\t\tvar addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%"); \t\t\t\t\t\t\taddUserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t--> \t\t\t\t\t\t</script> \t\t\t\t\t\t<input type="submit" name="btnAddUserToGroup" value="Add User to Group" /> \t\t\t\t\t</form> \t\t\t\t</fieldset> GROUPEDITFORM; } $groupEditForm .= <<<GROUPEDITFORM \t\t\t<br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend> \t\t\t\t<form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST"> \t\t\t\t\t{$associateForm} \t\t\t\t</form> \t\t\t</fieldset> GROUPEDITFORM; return $groupEditForm; } if ($subAction == 'editgrouppriorities') { $modifiableCount = count($modifiableGroups); $userMaxPriority = $maxPriorityGroup = 1; if ($modifiableCount != 0) { $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']); $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id']; } if (isset($_GET['dowhat']) && !is_null($groupId)) { if ($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') { shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true); } elseif ($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') { shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false); } elseif ($_GET['dowhat'] == 'emptygroup') { emptyGroup($groupRow['group_name']); } elseif ($_GET['dowhat'] == 'deletegroup') { if (deleteGroup($groupRow['group_name'])) { $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } } $modifiableGroups = reevaluateGroupPriorities($modifiableGroups); } elseif (isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') { if (isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) { $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '" . escape($_POST['txtGroupName']) . "'"; $existsResult = mysql_query($existsQuery); if (trim($_POST['txtGroupName']) == '') { displayerror('Cannot create a group with an empty name. Please type in a name for the new group.'); } elseif (mysql_num_rows($existsResult) >= 1) { displayerror('A group with the name you specified already exists.'); } else { $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`'; $idResult = mysql_query($idQuery); $idRow = mysql_fetch_row($idResult); $newGroupId = 2; if (!is_null($idRow[0])) { $newGroupId = $idRow[0] + 1; } $newGroupPriority = 1; if ($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) { $newGroupPriority = escape($_POST['selGroupPriority']); } $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' . "VALUES({$newGroupId}, '" . escape($_POST['txtGroupName']) . "', '" . escape($_POST['txtGroupDescription']) . "', '{$newGroupPriority}')"; $addGroupResult = mysql_query($addGroupQuery); if ($addGroupResult) { displayinfo('New group added successfully.'); if (isset($_POST['chkAddMe'])) { $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ('{$currentUserId}', '{$newGroupId}')"; if (!mysql_query($insertQuery)) { displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query()); } } $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } else { displayerror('Could not run MySQL query. New group could not be added.'); } } } $modifiableGroups = reevaluateGroupPriorities($modifiableGroups); } $modifiableCount = count($modifiableGroups); if ($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) { $modifiableGroups = array_reverse($modifiableGroups); } $previousPriority = $modifiableGroups[0]['group_priority']; global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder, $sourceFolder; $iconsFolderUrl = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16"; $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />'; $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />'; $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />'; $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />'; $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />'; $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />'; $groupsForm = '<h3>Edit Group Priorities</h3><br />'; for ($i = 0; $i < $modifiableCount; $i++) { if ($modifiableGroups[$i]['group_priority'] != $previousPriority) { $groupsForm .= '<br /><br /><hr /><br />'; } $groupsForm .= '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' . '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n"; $previousPriority = $modifiableGroups[$i]['group_priority']; } $priorityBox = '<option value="1">1</option>'; for ($i = 2; $i <= $userMaxPriority; ++$i) { $priorityBox .= '<option value="' . $i . '">' . $i . '</option>'; } $groupsForm .= <<<GROUPSFORM \t\t<br /><br /> \t\t<fieldset style="padding: 8px"> \t\t\t<legend>Create New Group:</legend> \t\t\t<form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup"> \t\t\t\t<label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br /> \t\t\t\t<label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br /> \t\t\t\t<label>Group Priority: <select name="selGroupPriority">{$priorityBox}</select><br /> \t\t\t\t<label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br /> \t\t\t\t<input type="submit" name="btnAddNewGroup" value="Add Group" /> \t\t\t</form> \t\t</fieldset> GROUPSFORM; return $groupsForm; } $modifiableCount = count($modifiableGroups); $groupsBox = '<select name="selEditGroups">'; for ($i = 0; $i < $modifiableCount; ++$i) { $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n"; } $groupsBox .= '</select>'; $groupsForm = <<<GROUPSFORM \t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups"> \t\t\t{$groupsBox} \t\t\t<input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br /> \t\t\t<input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" /> \t\t</form> GROUPSFORM; return $groupsForm; }
} ?> </td> </tr> <tr> <td width="15"> </td> <td> <div id="includerefs"><?php // Fetch the most recently added publications (as formatted citations), or link to them: $recentAdditionsResultTable = ""; // Get all user permissions for the anonymous user (userID = 0): // NOTE: since function 'fetchDataFromURL()' retrieves citations anonymously (i.e. the // current user's session is not maintained, see note below), we need to check the // permissions for the *anonymous* user (userID = 0) here $anonymousUserPermissionsArray = getPermissions(0, "user", false); // function 'getPermissions()' is defined in 'include.inc.php' if (isset($_SESSION['user_permissions']) and $anonymousUserPermissionsArray["allow_cite"] == "yes") { // NOTE: - as an alternative to the below code block, we could also fetch citations via an AJAX event and let the JavaScript functions in file 'javascript/show.js' ' write the results into the '<div id="includerefs">' section; // to do so: // 1. pass the JavaScript file 'javascript/show.js' as the 6th parameter to the 'displayHTMLhead' function (see above) // 2. call JavaScript function 'showRefs()' via an 'onload' event in the body tag of function 'displayHTMLhead()' in 'includes/header.inc.php': onload="showRefs('records=all&showRows=5&citeOrder=creation-date')" // TODO: function 'displayHTMLhead()' should get modified so that it only calls the 'onload' event if necessary/requested // // - the above alternative works within the user's current session, i.e. the links section will contain any edit or file links (if the user has appropriate permissions); // however, the below method (which uses function 'fetchDataFromURL()') does NOT maintain the user's current session (and adding the user's current PHPSESSID doesn't seem to work ?:-/) // Prepare a query that will fetch a HTML table with the most recently added publications (as formatted citations): $recentAdditionsQueryURL = $databaseBaseURL . "show.php?records=all&submit=Cite&showRows=5&citeOrder=creation-date&client=inc-refbase-1.0&wrapResults=0"; // variable '$databaseBaseURL' is defined in 'ini.inc.php' $recentAdditionsResultTable = fetchDataFromURL($recentAdditionsQueryURL); // function 'fetchDataFromURL()' is defined in 'include.inc.php'
function getPermissions($userid, $pageid, $action, $module = "") { if ($action != "admin" && getPermissions($userid, 0, "admin")) { return true; } if ($module == "") { $query = "SELECT 1 FROM `" . MYSQL_DATABASE_PREFIX . "permissionlist` WHERE page_module=\"page\" AND perm_action=\"{$action}\""; $result = mysql_query($query); if (mysql_num_rows($result) >= 1) { $module = 'page'; } else { $module = getEffectivePageModule($pageid); } } $permission = false; if ($module == "menu" || $module == "external") { return getPermissions($userid, getParentPage($pageid), $action); } /// Find all groups the user belongs to, ordered by priority /// For each group, starting with lowest priority, get permission for the page $pagePath = array(); parseUrlDereferenced($pageid, $pagePath); foreach (getGroupIds($userid) as $groupid) { if ($permission === true) { break; } $permission = getPagePermission($pagePath, $groupid, $action, $module); } if ($permission === false) { $permission = getPagePermission($pagePath, $userid, $action, $module, 'user'); } return $permission; }