function plug_rss($hub, $preview)
{
if ($hub) {
$_GET['hub'] = $hub;
}
if ($preview == '=' or !$preview) {
$preview = 2;
}
if (!$hub) {
return slct_menus(ses('mn'), '/plug/rss/', '', '', '', 'kv');
}
require_once '../prog/lib.php';
req('pop,art');
require '../plug/sys.php';
require '../plug/lib.php';
$fnod = $_SESSION["qb"] . '_cache';
$main = msql_read_b('users', $fnod, '', 1);
$nb_arts = count($main);
$lastid = lastid('qda');
$last_art = $main[$lastid];
$newest = key($main);
$oldest = array_pop($main);
$nb_days = round((time() - $oldest[0]) / 86400);
$cache = 1;
$f = '../plug/_data/' . $_SESSION["qb"] . '_' . $newest . '_' . $preview . '.xml';
if (is_file($f) && !$_GET['rebuild'] && $cache) {
return read_file($f);
} else {
$http = host();
if ($preview) {
req('tri,pop,art');
}
//spe,mod
$xml .= '<' . '?xml version="1.0" encoding="iso-8859-1"?' . '>' . "\n";
$xml .= '<rss version="2.0">' . "\n";
$xml .= '<channel>' . "\n";
$xml .= bal('title', $_SESSION['qb']) . "\n";
$xml .= bal('link', $http) . "\n";
$xml .= bal('description', $nb_arts . ' articles / ' . $nb_days . ' days - preview=' . $preview . ' - static url=' . $http . substr($f, 2)) . "\n";
$xml .= bal('language', 'fr') . "\n";
$xml .= bal('lastBuildDate', date("r", $last_art[0])) . "\n";
if ($main) {
$xml .= flux_xml($main, $preview) . "\n";
}
$xml .= '</channel>' . "\n";
$xml .= '</rss>' . "\n";
write_file($f, $xml);
rss_del_old($newest);
}
//eye
eye('rss');
return $xml;
}
/**
* takes user info and returns a user_id that refers to that user data. will
* add user to the DB if necessary
*/
function synchronizeUserDB($user, $email, $fullname, $type, $loginMethod)
{
$query = "\n\t\tSELECT \n\t\t\t* \n\t\tFROM \n\t\t\tuser \n\t\tWHERE \n\t\t\tuser_uname='" . addslashes($user) . "'\n\t";
$r = db_query($query);
if (!db_num_rows($r)) {
// add the user to the DB with $loginMethod
//$fullname = addslashes($fullname);
$query = "\n\t\t\tINSERT INTO \n\t\t\t\tuser \n\t\t\tSET \n\t\t\t\tuser_uname='" . addslashes($user) . "', \n\t\t\t\tuser_email='" . addslashes($email) . "', \n\t\t\t\tuser_fname='" . addslashes($fullname) . "',\n\t\t\t\tuser_type='" . addslashes($type) . "', \n\t\t\t\tuser_pass='******', \n\t\t\t\tuser_authtype='" . addslashes($loginMethod) . "'\n\t\t";
$r = db_query($query);
// the query could fail if a user with that username is already in the database, but: (?)
if (!$r) {
return 0;
}
$id = lastid();
return $id;
}
$r = db_fetch_assoc($r);
return $r['user_id'];
}
function serverCopySite($orig, $dest)
{
$sections = decode_array(db_get_value("sites", "sections", "name='{$orig}'"));
$nsections = array();
foreach ($sections as $s) {
$sa = db_get_line("sections", "id={$s}");
$squery = "insert into sections set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()";
$squery .= ",title='{$sa['title']}', active={$sa['active']}, type='{$sa['type']}', url='{$sa['url']}'";
$pages = decode_array($sa[pages]);
$npages = array();
foreach ($pages as $p) {
$pa = db_get_line("pages", "id={$p}");
$pquery = "insert into pages set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()";
$pquery .= ",ediscussion=1,archiveby='{$pa['archiveby']}',url='{$pa['url']}',type='{$pa['type']}',title='{$pa['title']}', showcreator={$pa['showcreator']}, showdate={$pa['showdate']}, locked={$pa['locked']}, active={$pa['active']}";
$stories = decode_array($pa[stories]);
$nstories = array();
foreach ($stories as $st) {
$sta = db_get_line("stories", "id={$st}");
$stquery = "insert into stories set addedby='" . addslashes($_SESSION['auser']) . "', addedtimestamp=NOW()";
$stquery .= ",type='{$sta['type']}',texttype='{$sta['texttype']}',category='{$sta['category']}',title='{$sta['title']}', discuss={$sta['discuss']}, discusspermissions='{$sta['discusspermissions']}', shorttext='{$sta['shorttext']}', longertext='{$sta['longertext']}', locked={$sta['locked']}, url='{$sa['url']}'";
db_query($stquery);
// print "$stquery<br />";
$nstories[] = lastid();
}
$stories = encode_array($nstories);
$pquery .= ",stories='{$stories}'";
db_query($pquery);
$npages[] = lastid();
// print "$pquery<br />";
}
$pages = encode_array($npages);
$squery .= ",pages='{$pages}'";
db_query($squery);
$nsections[] = lastid();
// print "$squery<br />";
}
$sections = encode_array($nsections);
$query = "update sites set sections='{$sections}' where name='{$dest}'";
db_query($query);
// print "$query<br />";
}
function updateDB()
{
// get owner id
$query = "SELECT user_id FROM user WHERE user_uname = '" . addslashes($this->owner) . "'";
// echo $query."<br />";
$r = db_query($query);
if (db_num_rows($r) == 0) {
return false;
} else {
$a = db_fetch_assoc($r);
$owner_id = $a[user_id];
}
// if this classgroup has not been inserted into the db yet, do it!
if (!$this->exists($this->name)) {
$query = "\n\t\t\t\tINSERT INTO \n\t\t\t\t\tclassgroup \n\t\t\t\tSET \n\t\t\t\t\tFK_owner = '" . addslashes($owner_id) . "',\n\t\t\t\t\tclassgroup_name = '" . addslashes($this->name) . "'\n\t\t\t";
// echo $query."<br />";
$r = db_query($query);
$this->id = lastid();
} else {
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\tclassgroup \n\t\t\t\tSET \n\t\t\t\t\tFK_owner = '" . addslashes($owner_id) . "', \n\t\t\t\t\tclassgroup_name = '" . addslashes($this->name) . "'\n\t\t\t";
// echo $query."<br />";
}
// now that the group is in the db, update the foreign key for the classes
// first, reset classes that used to be part of this classgroup
$query = "\n\t\t\tUPDATE \n\t\t\t\tclass \n\t\t\tSET \n\t\t\t\tFK_classgroup = NULL \n\t\t\tWHERE \n\t\t\t\tFK_classgroup = '" . addslashes($this->id) . "'\n\t\t";
// echo $query."<br />";
$r = db_query($query);
// then, set new forign key
if (count($this->classes) > 0) {
// $classes = "'".implode("','",$this->classes)."'";
// $query = "UPDATE class SET FK_classgroup = ".$this->id." WHERE class_code IN ($classes)";
foreach ($this->classes as $class_code) {
$query = "\n\t\t\t\t\tUPDATE\n\t\t\t\t\t\tclass\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_classgroup = '" . addslashes($this->id) . "'\n\t\t\t\t\tWHERE\n\t\t\t\t\t\t" . generateTermsFromCode($class_code) . "\n\t\t\t\t";
// echo $query."<br />";
$r = db_query($query);
}
}
}
* register -> newuser: no matching user found therefore create new user
* and authenticate
******************************************************************************/
} else {
if ($_REQUEST[action] == "newuser" && $error != TRUE) {
$name = $email;
$obj =& new user();
$obj->uname = $_REQUEST['email'];
$obj->fname = $_REQUEST['uname'];
$obj->email = $_REQUEST['email'];
$obj->type = "visitor";
$obj->authtype = 'db';
$obj->randpass(5, 3);
$obj->insertDB();
$obj->sendemail();
$visitor_id = lastid();
$message = "Thank you for registering. Your user account information has been emailed to you. Use this information to log into Segue.<br /><br />";
$message .= "<div align='center'><input type='button' value='Return' onclick='refreshParent()' /></div><br />";
}
}
}
/******************************************************************************
* log in -> auth
******************************************************************************/
} else {
if ($_REQUEST[action] == "auth") {
$name = $_REQUEST['uname'];
$pass = $_REQUEST['password'];
$valid = 0;
foreach ($_auth_mods as $_auth) {
$func = "_valid_" . $_auth;
if (!$owner_id) {
error("The class owner you selected is not a register Segue user.");
}
$external_id = $_REQUEST['external_id'];
$duplicate_ids_num = 0;
$query = "\n\t\tSELECT class_external_id\n\t\tFROM\n\t\t\tclass\n\t\tWHERE\n\t\t\tclass_external_id = '" . addslashes($external_id) . "'\n\t";
$duplicate_ids = db_query($query);
$duplicate_ids_num = db_num_rows($duplicate_ids);
if ($duplicate_ids_num != 0) {
error("A class with this external ID has already been created. You must select a unique external ID.");
}
// all good
if (!$error) {
$query = "\n\t\t\tINSERT INTO\n\t\t\t\tugroup\n\t\t\tSET\n\t\t\t\tugroup_name = '" . generateCodeFromData($_REQUEST['department'], $_REQUEST['number'], $_REQUEST['section'], $_REQUEST['semester'], $_REQUEST['year']) . "',\n\t\t\t\tugroup_type = 'class'\n\t\t";
db_query($query);
$ugroup_id = lastid();
if ($owner_id) {
$query = "\n\t\t\t\tINSERT INTO\n\t\t\t\t\tugroup_user\n\t\t\t\tSET\n\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\tFK_user = '******'\n\t\t\t";
db_query($query);
}
$obj =& new course();
$obj->external_id = $_REQUEST['external_id'];
$obj->department = $_REQUEST['department'];
$obj->number = $_REQUEST['number'];
$obj->section = $_REQUEST['section'];
$obj->semester = $_REQUEST['semester'];
$obj->year = $_REQUEST['year'];
$obj->name = $_REQUEST['name'];
$obj->owner = $owner_id;
$obj->ugroup = $ugroup_id;
// $obj->classgroup = $_REQUEST['classgroup'];
}
// linked user found
if (db_num_rows($r) > 0) {
// print "linked moodle user found<br>";
// update authentication table with new auth_token
$query = "\n\t\t\tUpdate\n\t\t\t\tauthentication\n\t\t\tSET\n\t\t\t\tauth_token = '" . addslashes($auth_token) . "',\n\t\t\t\tauth_time = NOW(),\n\t\t\t\treferer = " . $referer . "\n\t\t\tWHERE\n\t\t\t\tuser_id = '" . addslashes($segue_user_id) . "'\t\t\n\t\t";
// print $query."<br>";
$r = db_query($query);
//no linked user found
} else {
// print "no linked moodle user found<br>";
$query = "\n\t\t\tINSERT INTO\n\t\t\t\tauthentication\n\t\t\tSET\n\t\t\t\tsystem = 'segue',\n\t\t\t\tusername = '******',\n\t\t\t\tfirstname = '" . addslashes($firstname) . "',\n\t\t\t\tlastname = '" . addslashes($lastname) . "',\n\t\t\t\temail = '" . addslashes($_SESSION[aemail]) . "',\n\t\t\t\tuser_id = '" . addslashes($segue_user_id) . "',\n\t\t\t\tauth_token = '" . addslashes($auth_token) . "',\n\t\t\t\tauth_time = NOW(),\n\t\t\t\treferer = " . $referer . "\n\t\t\t";
// print $query."<br>";
// exit;
$r = db_query($query);
$auth_id = lastid($r);
$query = "\n\t\t\tINSERT INTO\n\t\t\t\tuser_link\n\t\t\tSET\n\t\t\t\tFK_auth_id = '" . addslashes($auth_id) . "'\n\t\t\t";
// print $query."<br>";
$r = db_query($query);
}
//exit;
if ($_REQUEST['continue'] == "1" || $_SESSION[ltype] != "admin") {
header("Location: " . $moodle_url . "/segue/segue_link.php?userid=" . addslashes($segue_user_id) . "&siteid=" . addslashes($segue_site_id) . "&auth_token=" . addslashes($auth_token));
}
/******************************************************************************
* Segue Admin Report
******************************************************************************/
if ($_SESSION[ltype] == "admin") {
print "<div class='connection'>";
print "Segue Administrator Reference<br /><br />";
print "<form action='{$PHP_SELF}' method='post'>";
function copyuserfile($file, $site, $replace, $replace_id, $allreadyuploaded = 0)
{
global $uploaddir;
$sitename = $site;
$query = "SELECT FK_site FROM slot WHERE slot_name='" . addslashes($site) . "'";
$r = db_query($query);
$a = db_fetch_assoc($r);
$siteid = $a[FK_site];
if (!$file[name]) {
print "No File";
return "ERROR";
}
$siteObj =& new site($site);
$userdir = "{$uploaddir}/{$site}";
$name = ereg_replace("['\"]", '', stripslashes(trim($file['name'])));
$extn = explode(".", $name);
$last = count($extn) - 1;
$extn = strtolower($extn[$last]);
// print "$extn <br />";
$image_extns = array("jpeg", "jpg", "gif", "bmp", "png", "tiff");
if (in_array($extn, $image_extns)) {
$type = "image";
} else {
$type = "file";
}
// print "$userdir/$file[name]<br />";
if (!is_dir($userdir)) {
mkdir($userdir, 0700);
chmod($userdir, 0700);
}
if ($replace) {
$unlink = unlink($userdir . "/" . $name);
/* print "unlink: $unlink"; */
}
if (!is_writeable($userdir)) {
print "<strong>Can not write to '" . $userdir . "'. <br />Please contact your system administrator with the message above to fix this problem.</strong> <br />";
return "ERROR";
}
if (file_exists($userdir . "/" . $name) && !is_writeable($userdir . "/" . $name)) {
print "<strong>Can not write to '" . $userdir . "/" . $name . "'. <br />Please contact your system administrator with the message above to fix this problem.</strong> <br />";
return "ERROR";
}
if ($allreadyuploaded) {
$r = copy($file[tmp_name], "{$userdir}/" . $name);
} else {
/* print "move uploaded file ($file[tmp_name], $userdir/$file[name])<br />"; */
$r = move_uploaded_file($file['tmp_name'], $userdir . "/" . $name);
}
if (!$r) {
print "Upload file error!<br />";
log_entry("media_error", "File upload attempt by " . $_SESSION[auser] . " in site {$site} failed.", $site, $siteid, "site");
return "ERROR";
} else {
if ($replace) {
$size = filesize($userdir . "/" . $name);
$query = "UPDATE media SET\n\t\t\tmedia_updated_tstamp=NOW(),\n\t\t\tFK_updatedby='" . addslashes($_SESSION[aid]) . "',\n\t\t\tmedia_size='" . addslashes($size) . "',\n\t\t\tis_published ='" . $file['is_published'] . "',\n\t\t\ttitle_whole ='" . $file['title_whole'] . "',\n\t\t\ttitle_part ='" . $file['title_part'] . "',\n\t\t\tauthor ='" . $file['author'] . "',\n\t\t\tpagerange ='" . $file['pagerange'] . "',\n\t\t\tpublisher ='" . $file['publisher'] . "',\n\t\t\tpubyear ='" . $file['pubyear'] . "',\n\t\t\tisbn ='" . $file['isbn'] . "'\n\t\tWHERE \n\t\t\tmedia_id='" . addslashes($replace_id) . "'\n\t\t";
/* print $query."<br />"; */
db_query($query);
print mysql_error() . "<br />";
$media_id = $replace_id;
log_entry("media_upload", "{$_SESSION['auser']} updated file: {$name}, id: {$media_id}, in site {$site}", $site, $siteid, "site");
return $media_id;
} else {
$size = filesize($userdir . "/" . $name);
$query = "INSERT INTO media SET\n\t\t\tmedia_tag='" . addslashes($name) . "',\t\t\t\n\t\t\tFK_site='" . addslashes($siteid) . "',\t\t\t\n\t\t\tFK_createdby='" . addslashes($_SESSION[aid]) . "',\t\t\t\n\t\t\tFK_updatedby='" . addslashes($_SESSION[aid]) . "',\n\t\t\tmedia_type='" . addslashes($type) . "',\n\t\t\tmedia_size='" . addslashes($size) . "',\n\t\t\tis_published ='" . $file['is_published'] . "',\n\t\t\ttitle_whole ='" . $file['title_whole'] . "',\n\t\t\ttitle_part ='" . $file['title_part'] . "',\n\t\t\tauthor ='" . $file['author'] . "',\n\t\t\tpagerange ='" . $file['pagerange'] . "',\n\t\t\tpublisher ='" . $file['publisher'] . "',\n\t\t\tpubyear ='" . $file['pubyear'] . "',\n\t\t\tisbn ='" . $file['isbn'] . "'\t\t\t\t\t\t\t\n\t\t";
db_query($query);
// print mysql_error()."<br />";
$media_id = lastid();
log_entry("media_upload", "{$_SESSION['auser']} uploaded file: {$name}, id: {$media_id}, to site {$site}", $site, $siteid, "site");
return $media_id;
}
}
}
function insertDB($down = 0, $copysite = 0, $importing = 0, $keepDiscussions = 0)
{
$a = $this->createSQLArray(1);
if (!$importing) {
$a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'";
$a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()";
$a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'";
} else {
$a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->data[addedby]) . "'");
$a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'";
$a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->data[editedby]) . "'");
$a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'";
}
// insert into the site table
$query = "INSERT INTO site SET " . implode(",", $a) . ";";
/* print "<br />query = $query<br />"; */
db_query($query);
$this->id = lastid();
/* print "<H1>ID = ".$this->id."</H1>"; */
// in order to insert a site, the active user must own a slot
// update the name for that slot
if (slot::exists($this->data[name])) {
$query = "UPDATE slot";
$where = " WHERE slot_name = '" . addslashes($this->data[name]) . "' AND FK_owner = '" . addslashes($_SESSION[aid]) . "'";
} else {
$query = "INSERT INTO slot";
$where = "";
}
$query .= " \n\t\t\tSET \n\t\t\t\tslot_name = '" . addslashes($this->data[name]) . "',\n\t\t\t\tFK_owner = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\tslot_type = '" . addslashes($this->data[type]) . "',\n\t\t\t\tFK_site = '" . addslashes($this->id) . "'" . $where;
/* echo $query."<br />"; */
db_query($query);
// See if there is a site hash (meaning that we are being copied).
// If so, try to match our id with the hash entry for 'NEXT'.
if ($GLOBALS['__site_hash']['site'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['site']))) {
$GLOBALS['__site_hash']['site'][$oldId] = $this->name;
}
// the sections haven't been created yet, so we don't have to insert data[sections] for now
// add new permissions entry.. force update
$this->updatePermissionsDB(1);
// add log entry
/* log_entry("add_site",$this->name,"","","$_SESSION[auser] added ".$this->name); */
// insert down (insert sections)
if ($down && $this->fetcheddown && $this->sections) {
foreach (array_keys($this->sections) as $id) {
// Mark our Id as the next one to set
if (is_array($GLOBALS['__site_hash']['sections'])) {
$GLOBALS['__site_hash']['sections'][$id] = 'NEXT';
}
$this->sections[$id]->id = 0;
// createSQLArray uses this to tell if we are inserting or updating
$this->sections[$id]->insertDB(1, $this->name, $copysite, $importing, $keepDiscussions);
}
}
return 1;
}
function _auth_check_db($x, $add_to_db = 0)
{
// check to see if the user is already in the db... if not, add their info (if add_to_db is set)
// $x is an array that contains user info
// $x[user] and $x[method] must be set
global $dbuser, $dbhost, $dbpass, $dbdb;
db_connect($dbhost, $dbuser, $dbpass, $dbdb);
$query = "\n\t\tSELECT \n\t\t\t* \n\t\tFROM \n\t\t\tuser \n\t\tWHERE \n\t\t\tuser_uname='" . addslashes($x[user]) . "'\n\t";
$r = db_query($query);
if (db_num_rows($r)) {
// they have an entry already -- pull down their info
$a = db_fetch_assoc($r);
// if their authentication method is not db, then sync the db to the other method
if (strtolower($a[user_authtype]) != "db" && ($x[fullname] != $a[user_fname] || $x[email] != $a[user_email] || $x[type] != $a[user_type] && $a[user_type] != "admin")) {
//$x[fullname] = addslashes($x[fullname]);
$query = "\n\t\t\t\tUPDATE\n\t\t\t\t\tuser \n\t\t\t\tSET \n\t\t\t\t\tuser_email='" . addslashes($x[email]) . "', \n\t\t\t\t\tuser_fname='" . addslashes($x[fullname]) . "'\n\t\t\t";
if ($a[user_type] != "admin") {
$query .= ", user_type='" . addslashes($x[type]) . "'";
}
$query .= "\n\t\t\t\tWHERE\n\t\t\t\t\tuser_uname='" . addslashes($x[user]) . "'\n\t\t\t";
$r = db_query($query);
}
if ($a[user_type] == 'admin') {
$x[type] = $a[user_type];
}
$x[id] = $a[user_id];
// return the new array with info
return $x;
} else {
// they have no database entry
if ($add_to_db) {
// add them to the database and return new id
//$x[fullname] = addslashes($x[fullname]);
$query = "\n\t\t\t\tINSERT INTO \n\t\t\t\t\tuser \n\t\t\t\tSET \n\t\t\t\t\tuser_uname='" . addslashes($x[user]) . "',\n\t\t\t\t\tuser_email='" . addslashes($x[email]) . "', \n\t\t\t\t\tuser_fname='" . addslashes($x[fullname]) . "', \n\t\t\t\t\tuser_type='" . addslashes($x[type]) . "', \n\t\t\t\t\tuser_pass='******',\n\t\t\t\t\tuser_authtype='" . addslashes($x[method]) . "'\t\t\t\t\t\t\t\t\n\t\t\t";
$r = db_query($query);
// the query could fail if a user with that username is already in the database, but:
if (!$r) {
return 0;
}
//echo $query."<br />";
// if (!$r) error occured;
$x[id] = lastid();
return $x;
} else {
return 0;
}
// no database entry, don't add to db, so return 0
}
}
function mbd_upload($id)
{
$id = ses('read');
$id = $id ? $id : lastid('qda') + 1;
$ret = input(1, 'upim', 'Url" size="40', '', 1) . ' ';
$ret .= ljc('', 'popb', 'pop-ajxf_uplim___upim', "ok", 5) . br();
//?
$ret .= upload_btn('upl', 'read=' . $id . '_1', 'upload') . ' ';
$ret .= lj('txtx', 'popup_placeim___' . $id, 'portfolio');
return $ret;
}
function reflush($bs, $o = '')
{
msquery('alter table ' . $_SESSION[$bs] . ' order by id');
if ($o) {
msquery('alter table ' . $_SESSION[$bs] . ' AUTO_INCREMENT=' . (lastid($bs) + 1));
}
}
function insertDB($down = 0, $newsite = null, $removeOrigional = 0, $keepaddedby = 0, $keepDiscussions = 0)
{
$origsite = $this->owning_site;
$origid = $this->id;
if ($newsite) {
$this->owning_site = $newsite;
unset($this->owningSiteObj);
}
$this->fetchUp(1);
/*********************************************************
* Re-Key the ordering of the rest of the sections in the
* site to make sure that there are no holes in the order
*********************************************************/
foreach ($this->owningSiteObj->getField("sections") as $order => $sectionId) {
$query = "UPDATE\n\t\t\t\t\tsection\n\t\t\t\tSET\n\t\t\t\t\tsection_order = '" . addslashes($order) . "'\n\t\t\t\tWHERE\n\t\t\t\t\tsection_id = '" . $sectionId . "'";
// printpre($query);
db_query($query);
}
$a = $this->createSQLArray(1);
if (!$keepaddedby) {
$a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'";
$a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()";
$a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'";
} else {
$a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("addedby")) . "'");
$a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'";
$a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("editedby")) . "'");
$a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'";
}
// insert media (url)
if ($this->data[url]) {
// first see, if media item already exists in media table
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\tmedia_id\n\t\t\t\tFROM\n\t\t\t\t\tmedia\n\t\t\t\tWHERE\n\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "' AND\n\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "' AND\n\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "' AND\n\t\t\t\t\tmedia_location = 'remote'\n\t\t\t";
$r = db_query($query);
// if not in media table insert it
if (!db_num_rows($r)) {
$query = "\n\t\t\t\t\tINSERT\n\t\t\t\t\tINTO media\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "',\n\t\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "',\n\t\t\t\t\t\tmedia_location = 'remote',\n\t\t\t\t\t\tFK_updatedby = '" . addslashes($_SESSION[aid]) . "'\n\t\t\t\t";
db_query($query);
$a[] = "FK_media=" . lastid();
} else {
$arr = db_fetch_assoc($r);
$a[] = "FK_media='" . addslashes($arr[media_id]) . "'";
}
}
$query = "INSERT INTO section SET " . implode(",", $a);
db_query($query);
$this->id = lastid();
// See if there is a site hash (meaning that we are being copied).
// If so, try to match our id with the hash entry for 'NEXT'.
if ($GLOBALS['__site_hash']['sections'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['sections']))) {
$GLOBALS['__site_hash']['sections'][$oldId] = $this->id;
}
// $this->fetchUp(1);
/* print "<br />remove origionl: $removeOrigional<br />"; */
if ($removeOrigional) {
$this->owningSiteObj->delSection($origid, 0);
}
/* print "<pre>this->owningsiteobject: "; print_r($this->owningSiteObj); print "</pre>"; */
$this->owningSiteObj->updateDB();
// add new permissions entry.. force update
// $this->updatePermissionsDB(1); // We shouldn't need this because new sections will just
//inherit the permissions of their parent sites
// add log entry
/* log_entry("add_section",$this->owning_site,$this->id,"","$_SESSION[auser] added section id ".$this->id." to site ".$this->owning_site); */
// insert down
if ($down && $this->fetcheddown && $this->pages) {
foreach (array_keys($this->pages) as $k => $i) {
// Mark our Id as the next one to set
if (is_array($GLOBALS['__site_hash']['pages'])) {
$GLOBALS['__site_hash']['pages'][$i] = 'NEXT';
}
$this->pages[$i]->id = 0;
// createSQLArray uses this to tell if we are inserting or updating
$this->pages[$i]->insertDB(1, $this->owning_site, $this->id, 1, $keepaddedby, $keepDiscussions);
}
}
return true;
}
if (isset($_SESSION['usrid'])) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_FILES['upvideo']) && isset($_POST['videotitle']) && isset($_POST['videodescription']) && isset($_POST['videolocation']) && $_POST['videotitle'] != '') {
$tname = $_POST['videotitle'];
$tname = strlen($tname) > 50 ? substr($tname, 0, 47) . "..." : $tname;
//truncate the name
if ($_FILES['upvideo']['size'] > $max_file_size_bytes) {
$alert = 'file to big';
$type = 'alert-danger';
} else {
$ext = pathinfo($_FILES['upvideo']['name'], PATHINFO_EXTENSION);
$valid_formats = array('ogv', 'mp4', 'webm');
$dir = "./video/";
if (in_array($ext, $valid_formats)) {
//better check mime type
$uniq = lastid() + 1;
//other options sha1_file($_FILES['upvideo']['tmp_name']) or uniqid('',true) for a 23 char long
$uniq_file_name = $uniq . "." . $ext;
if (move_uploaded_file($_FILES['upvideo']['tmp_name'], $dir . $uniq_file_name)) {
shell_exec($dirffmpeg . ' -i "./video/' . $uniq_file_name . '" -ss 00:00:01 "./thumbnail/large/' . $uniq . '.png" -y 2>&1');
//if you got an error try echo(ing) this
shell_exec($dirffmpeg . ' -i ./thumbnail/large/' . $uniq . '.png -s 160x120 ./thumbnail/little/' . $uniq . '.png -y 2>&1');
//on server ffmpeg is in the /usr
insertvideo($uniq, $tname, $_POST['videodescription'], $_SESSION['usrid'], $ext, date('Y/m/d'), $_POST['videolocation']);
shell_exec('sh ' . $dirscript . ' ' . $uniq . ' ' . $ext . ' > /dev/null 2>/dev/null &');
//call bash script independently
$alert = "Your file has been uploaded";
$type = 'alert-success';
}
} else {
$alert = 'no compatible format';
function insertDB($down = 0, $newsite = null, $newsection = 0, $newpage = 0, $removeOrigional = 0, $keepaddedby = 0, $keepDiscussions = 0, $storyTags = null)
{
$origsite = $this->owning_site;
$origid = $this->id;
if ($newsite) {
$this->owning_site = $newsite;
unset($this->owningSiteObj);
}
if ($newsection) {
$this->owning_section = $newsection;
unset($this->owningSectionObj);
}
if ($newpage) {
$this->owning_page = $newpage;
unset($this->owningPageObj);
}
$this->fetchUp(1);
/*********************************************************
* Re-Key the ordering of the rest of the stories in the
* section to make sure that there are no holes
*********************************************************/
foreach ($this->owningPageObj->getField("stories") as $order => $storyId) {
$query = "UPDATE\n\t\t\t\t\tstory\n\t\t\t\tSET\n\t\t\t\t\tstory_order = '" . addslashes($order) . "'\n\t\t\t\tWHERE\n\t\t\t\t\tstory_id = '" . $storyId . "'";
// printpre($query);
db_query($query);
}
// if moving to a new site, copy the media
if ($origsite != $this->owning_site && $down) {
$images = array();
if ($this->getField("type") == "image" || $this->getField("type") == "rss" || $this->getField("type") == "file") {
$media_id = $this->getField("longertext");
$this->setField("longertext", copy_media($media_id, $newsite));
} else {
if ($this->getField("type") == "story") {
// These do some moving of files based on a ####id##### syntax
// for storing inline images.
// Adam 2005-06-27: I don't believe that these were ever used, but
// I'll leave them here so as not to break any old data that uses them.
$ids = segue::getMediaIDs("shorttext");
segue::replaceMediaIDs($ids, "shorttext", $newsite);
$ids = segue::getMediaIDs("longertext");
segue::replaceMediaIDs($ids, "longertext", $newsite);
// Search for and copy images that use the "[[mediapath]]/filename.ext"
// syntax.
preg_match_all("/\\[\\[mediapath\\]\\]\\/([^'\"]+)/", $this->getField("shorttext") . $this->getField("longertext"), $matches);
$fnames = array_unique($matches[1]);
foreach ($fnames as $fname) {
copy_media_with_fname($fname, $origsite, $newsite);
}
}
}
}
$a = $this->createSQLArray(1);
if (!$keepaddedby) {
$a[] = "FK_createdby='" . addslashes($_SESSION[aid]) . "'";
$a[] = $this->_datafields[addedtimestamp][1][0] . "=NOW()";
$a[] = "FK_updatedby='" . addslashes($_SESSION[aid]) . "'";
} else {
$a[] = "FK_createdby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("addedby")) . "'");
$a[] = $this->_datafields[addedtimestamp][1][0] . "='" . addslashes($this->getField("addedtimestamp")) . "'";
$a[] = "FK_updatedby=" . db_get_value("user", "user_id", "user_uname='" . addslashes($this->getField("editedby")) . "'");
$a[] = $this->_datafields[editedtimestamp][1][0] . "='" . addslashes($this->getField("editedtimestamp")) . "'";
}
// insert media (url)
if ($this->data[url] && ($this->data['type'] == 'link' || $this->data['type'] == 'rss')) {
// first see, if media item already exists in media table
$query = "\n\t\t\t\tSELECT\n\t\t\t\t\tmedia_id\n\t\t\t\tFROM\n\t\t\t\t\tmedia\n\t\t\t\tWHERE\n\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "' AND\n\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "' AND\n\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "' AND\n\t\t\t\t\tmedia_location = 'remote'\n\t\t\t";
$r = db_query($query);
// if not in media table insert it
if (!db_num_rows($r)) {
$query = "\n\t\t\t\t\tINSERT INTO \n\t\t\t\t\t\tmedia\n\t\t\t\t\tSET\n\t\t\t\t\t\tFK_site = '" . addslashes($this->owningSiteObj->id) . "',\n\t\t\t\t\t\tFK_createdby = '" . addslashes($_SESSION[aid]) . "',\n\t\t\t\t\t\tmedia_tag = '" . addslashes($this->data[url]) . "',\n\t\t\t\t\t\tmedia_location = 'remote',\n\t\t\t\t\t\tFK_updatedby = '" . addslashes($_SESSION[aid]) . "'\n\t\t\t\t";
db_query($query);
$a[] = "FK_media=" . lastid();
} else {
$arr = db_fetch_assoc($r);
$a[] = "FK_media='" . addslashes($arr[media_id]) . "'";
}
}
$query = "INSERT INTO story SET " . implode(",", $a);
db_query($query);
$this->id = lastid();
/******************************************************************************
* get story text, convert wiki links to internal links
******************************************************************************/
// $text = $this->getField("shorttext");
// $text = convertWikiMarkupToLinks($this->owning_site, $this->owning_section, $this->owning_page, $this->id, "page", $text);
// $text = recordInternalLinks ($_SESSION[settings][site],$_SESSION[settings][section],$_SESSION[settings][page], $page_title, $text);
// $shorttext = convertInteralLinksToTags($this->owning_site, $text);
// $text = $this->getField("longertext");
// $text = convertWikiMarkupToLinks($this->owning_site, $this->owning_section, $this->owning_page, $this->id, "page", $text);
// $text = recordInternalLinks ($_SESSION[settings][site],$_SESSION[settings][section],$_SESSION[settings][page], $page_title, $text);
// $longertext = convertInteralLinksToTags($this->owning_site, $text);
// update table with new short and long text
// $query = "UPDATE
// story
// SET
// story_text_short ='".addslashes($shorttext)."',
// story_text_long ='".addslashes($longertext)."'
// WHERE
// story_id ='".addslashes($this->id)."'
// ";
//
// db_query($query);
//
// See if there is a site hash (meaning that we are being copied).
// If so, try to match our id with the hash entry for 'NEXT'.
if ($GLOBALS['__site_hash']['stories'] && ($oldId = array_search('NEXT', $GLOBALS['__site_hash']['stories']))) {
$GLOBALS['__site_hash']['stories'][$oldId] = $this->id;
}
$this->fetchUp();
/* $this->owningPageObj->addStory($this->id); */
if ($removeOrigional) {
$this->owningPageObj->delStory($origid, 0);
$this->owningPageObj->updateDB();
}
/******************************************************************************
* update the page updated timestamp
******************************************************************************/
$query = "\n\t\t\t\tUPDATE \n\t\t\t\t\tpage \n\t\t\t\tSET \n\t\t\t\t\tpage_updated_tstamp = NOW()\n\t\t\t\tWHERE \n\t\t\t\t\tpage_id='" . addslashes($this->getField("page_id")) . "'\n\t\t\t";
db_query($query);
/******************************************************************************
* Update version table
******************************************************************************/
save_version($this->getField("shorttext"), $this->getField("longertext"), $this->id, $this->version_comments);
// add new permissions entry.. force update
$this->updatePermissionsDB(1);
if ($keepDiscussions && $this->fetcheddown && $this->data[discussions]) {
$idMapping = array();
$discussionData = array();
// The discussions objects are way to f****d up to use to copy the
// posts so we are going to have to do this 'maunally'.
// Fetch all of the discussling data
foreach ($this->data[discussions] as $discussionId) {
// Get all the posts and dump their properties into an array.
$query = "\n\t\t\t\t\tSELECT\n\t\t\t\t\t\t*\n\t\t\t\t\tFROM\n\t\t\t\t\t\tdiscussion\n\t\t\t\t\tWHERE\n\t\t\t\t\t\tdiscussion_id='" . addslashes($discussionId) . "'";
$r = db_query($query);
$discussionData[$discussionId] = db_fetch_assoc($r);
}
// Insert new posts, pointing to the new story
foreach (array_keys($discussionData) as $oldId) {
// Insert the post
$query = "INSERT INTO\n\t\t\t\t\t\tdiscussion\n\t\t\t\t\tSET";
// Set the FK_story to our new story ID
$discussionData[$oldId]['FK_story'] = $this->id;
// Add the rest of the fields.
$i = 0;
foreach ($discussionData[$oldId] as $field => $val) {
if ($field != 'discussion_id' && $val) {
$query .= "\n\t" . ($i == 0 ? "" : ", ") . $field . "='" . addslashes($val) . "'";
$i++;
}
}
$r = db_query($query);
// store the id mapping
$idMapping[$oldId] = lastid();
if ($GLOBALS['__site_hash']['discussions']) {
$GLOBALS['__site_hash']['discussions'][$oldId] = lastid();
}
}
// go through and update all of the FK_parents to point to the new Ids.
// Also, rebuild the discussions array in case we try to access it after
// the copy.
$this->data[discussions] = array();
foreach (array_keys($discussionData) as $oldId) {
$newId = $idMapping[$oldId];
$this->data[discussions][] = $newId;
// If we were a reply, update our parent key
if ($discussionData[$oldId]['FK_parent']) {
$query = "\n\t\t\t\t\t\tUPDATE\n\t\t\t\t\t\t\tdiscussion\n\t\t\t\t\t\tSET\n\t\t\t\t\t\t\tFK_parent = '" . addslashes($idMapping[$discussionData[$oldId]['FK_parent']]) . "',\n\t\t\t\t\t\t\tdiscussion_tstamp = '" . addslashes($discussionData[$oldId]['discussion_tstamp']) . "'\n\t\t\t\t\t\t\t\n\t\t\t\t\t\tWHERE\n\t\t\t\t\t\t\tdiscussion_id = '" . addslashes($newId) . "'\n\t\t\t\t\t";
// printpre($query);
$res = db_query($query);
}
}
}
// Update any story tags
if (is_array($storyTags)) {
save_record_tags($storyTags, null, $this->id, $_SESSION[aid], "story");
}
return true;
}
function plug_search($d, $n, $opt = '', $res = '')
{
list($b, $o, $t, $ph) = split('-', $opt);
chrono();
$rech = good_rech($d);
$_GET['search'] = $rech;
list($cat, $tag) = ajxr($res);
$rech = str_replace(array("’", '«', '»', " "), array("'", '"', '"', ' '), trim($rech));
if (!$n) {
$n = $_SESSION['nbj'];
}
$_GET['dig'] = $n;
$_GET['cat'] = $cat;
$_GET['tag'] = $tag;
$_GET['bool'] = $b;
$_GET['titles'] = $t;
//$_GET['pho']=$ph;
$vrf = normalize($rech . $n . $b . $o . $t . $ph . $res);
if ($rech == 'last') {
$id = lastid('qda');
$load[$id] = 1;
} elseif (isset($_SESSION['recache'][$vrf])) {
$load = $_SESSION['recache'][$vrf];
$cac = $vrf;
} elseif ($d && is_numeric($d) && $d < lastid('qda')) {
$load[$d] = 1;
} elseif (strpos($rech, ';') && strpos($rech, ':')) {
list($rch, $cat, $tag, $utg) = rech_script($rech);
} elseif (strpos($rech, '=')) {
$load = make_list_arts($rech);
} else {
$load = rech($rech, $n);
}
if ($load && !is_array($load)) {
$load = '';
}
if (!$load && ($cat or $tag or $utg)) {
$load = rech_catag($cat, $tag, $utg, $n);
}
$_SESSION['load'] = $load;
$_SESSION['recache'][$vrf] = $load;
$ret = rech_titles($rech, $n, $opt, $cac, $cat, $tag, $tag2);
$_SESSION['page'] = 1;
$_SESSION['popm'] = chrono('search');
if ($load[0]) {
unset($load[0]);
}
if ($load[1]) {
unset($load[1]);
}
if ($load) {
$ret .= scroll($load, divd($vrf, output_pages($load, '', '')), 2, '', 400);
}
return $ret;
}
function _commithttpdata()
{
global $sid, $error, $_full_uri;
global $mailposts, $cfg;
//require_once("htmleditor/editor.inc.php");
if ($_REQUEST['commit'] && ($cfg['disable_discussion'] != TRUE || $_SESSION['ltype'] == 'admin')) {
// indeed, we are supposed to commit
$site = $_REQUEST['site'];
$action = $_REQUEST['action'];
$a = $_REQUEST['discuss'];
if (!$_REQUEST['subject']) {
error("You must enter a subject.\n");
}
if (!$_REQUEST['content']) {
error("You must enter some text to post.\n");
}
if (isset($_REQUEST['rating']) && !is_numeric($_REQUEST['rating']) && $_REQUEST['rating'] != "") {
$error = "Post rating must be numeric.\n";
}
if ($error) {
unset($_REQUEST['commit']);
return false;
}
/******************************************************************************
* if public discussion and no log in then add user to user table
* uname = email address, type = visitor
******************************************************************************/
if (!$_SESSION[auser]) {
if (user::userEmailExists($_REQUEST['visitor_email'])) {
error("A user with that email address already exists. Please log in before posting.");
}
/******************************************************************************
* Visitor account validation:
* check that a name has been entered
* check that the email enter doesn't already exist in Segue and
* is not part of the $cfg[visitor_email_excludes] specified in the config
******************************************************************************/
if (!$_REQUEST['visitor_name']) {
error("You must enter a username.");
}
if (!$_REQUEST['visitor_email'] || !ereg("@", $_REQUEST['visitor_email'])) {
error("You must enter a valid email address.");
} else {
if ($_REQUEST['visitor_email']) {
foreach ($cfg[visitor_email_excludes] as $visitor_email_exclude) {
if ($exclude = ereg($visitor_email_exclude, $_REQUEST['visitor_email'])) {
error("Please log in above with your {$cfg['inst_name']} account.");
}
}
}
}
// all good
if (!$error) {
$obj =& new user();
$obj->uname = $_REQUEST['visitor_email'];
$obj->fname = $_REQUEST['visitor_name'];
$obj->email = $_REQUEST['visitor_email'];
$obj->type = "visitor";
$obj->authtype = 'db';
$obj->randpass(5, 3);
$obj->insertDB();
$obj->sendemail();
$visitor_id = lastid();
}
}
if ($error) {
unset($_REQUEST['commit']);
return false;
}
if ($a == 'edit') {
$d =& new discussion($_REQUEST['story']);
$d->fetchID($_REQUEST['id']);
if ($_SESSION['auser'] != $d->authoruname) {
return false;
}
$d->subject = $_REQUEST['subject'];
$d->content = cleanEditorText($_REQUEST['content']);
$d->content = convertInteralLinksToTags($site, $d->content);
$d->update();
//log_entry("discussion","$_SESSION[auser] edited story ".$_REQUEST['story']." discussion post id ".$_REQUEST['id']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story");
unset($_REQUEST['discuss'], $_REQUEST['commit']);
//unset($d);
}
if ($a == 'rate') {
$d =& new discussion($_REQUEST['story']);
$d->fetchID($_REQUEST['id']);
$d->rating = $_REQUEST['rating'];
$d->update();
//log_entry("discussion","$_SESSION[auser] edited story ".$_REQUEST['story']." discussion post id ".$_REQUEST['id']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story");
unset($_REQUEST['discuss'], $_REQUEST['commit']);
// unset($d);
}
if ($a == 'reply' || $a == 'newpost') {
$d =& new discussion($_REQUEST['story']);
$d->subject = $_REQUEST['subject'];
// Lets pass the cleaning of editor text off to the editor.
$d->content = cleanEditorText($_REQUEST['content']);
$d->content = convertInteralLinksToTags($site, $d->content);
if ($a == 'reply') {
$d->parentid = $_REQUEST['replyto'];
//log_entry("discussion","$_SESSION[auser] replied to story ".$_REQUEST['story']." discussion post id ".$_REQUEST['replyto']." in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story");
} else {
//log_entry("discussion","$_SESSION[auser] posted to story ".$_REQUEST['story']." discussion in site ".$_REQUEST['site'],$_REQUEST['site'],$_REQUEST['story'],"story");
}
$d->authorid = $_SESSION['aid'] ? $_SESSION['aid'] : $visitor_id;
$d->authorfname = $_SESSION['afname'] ? $_SESSION['afname'] : $_REQUEST['visitor_name'];
$d->libraryfileid = $_REQUEST['libraryfileid'];
$newid = $d->insert();
}
/******************************************************************************
* gather data for sendmail function
******************************************************************************/
if ($mailposts == 1) {
//printpre("email sending...");
$this->sendemail($newid);
}
unset($_REQUEST['discuss'], $_REQUEST['commit']);
}
}
function b64img($d)
{
$f = $_SESSION['qb'] . '_' . (lastid('qda') + 1) . '_b64.jpg';
write_file('img/' . $f, base64_decode(substr($d, strpos($d, ',') + 1)));
return $f;
}
function getuserclasses($user, $time = "all")
{
$user = strtolower($user);
global $cfg;
$ldap_user = $cfg[ldap_voadmin_user_dn];
$ldap_pass = $cfg[ldap_voadmin_pass];
$classes = array();
if (!$user) {
return $classes;
}
$c = ldap_connect($cfg[ldap_server]);
$r = @ldap_bind($c, $ldap_user, $ldap_pass);
if ($r && true) {
// connected & logged in
$return = array($cfg[ldap_username_attribute], $cfg[ldap_fullname_attribute], $cfg[ldap_email_attribute], $cfg[ldap_group_attribute]);
$userSearchDN = ($cfg[ldap_user_dn] ? $cfg[ldap_user_dn] . "," : "") . $cfg[ldap_base_dn];
$searchFilter = "(" . $cfg[ldap_username_attribute] . "=" . $user . ")";
$sr = ldap_search($c, $userSearchDN, $searchFilter, $return);
$res = ldap_get_entries($c, $sr);
if ($res['count']) {
$res[0] = array_change_key_case($res[0], CASE_LOWER);
// print "<pre>";print_r($res);print"</pre>";
$num = ldap_count_entries($c, $sr);
// print "num: $num<br />";
ldap_close($c);
if ($num) {
for ($i = 0; $i < $res[0][strtolower($cfg[ldap_group_attribute])]['count']; $i++) {
$f = $res[0][strtolower($cfg[ldap_group_attribute])][$i];
// print "$f<br />";
$parts = explode(",", $f);
foreach ($parts as $p) {
if (eregi($cfg[ldap_groupname_attribute] . "=([a-zA-Z]{0,4})([0-9]{1,4})([a-zA-Z]{0,1})-([a-zA-Z]{1,})([0-9]{2})", $p, $r)) {
// print "goood!";
$semester = currentsemester();
/* print "<pre>"; */
/* print_r($r); */
/* print "</pre>"; */
$class = $r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5];
/******************************************************************************
* update the classes table with the ldap information
******************************************************************************/
$sem = $r[4];
$year = $r[5];
$user_id = db_get_value("user", "user_id", "user_uname = '" . addslashes($user) . "'");
$ugroup_id = db_get_value("ugroup", "ugroup_id", "ugroup_name='" . addslashes($class) . "'");
$classinfo = db_get_line("class", "\n\t\t\t\t\t\t\t\t\t\tclass_department='" . addslashes($r[1]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_number='" . addslashes($r[2]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_section='" . addslashes($r[3]) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_semester='" . addslashes($sem) . "' AND\n\t\t\t\t\t\t\t\t\t\tclass_year='20" . addslashes($r[5]) . "'");
if (!$ugroup_id) {
$query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tugroup_name = '" . addslashes($class) . "',\n\t\t\t\t\t\t\t\t\t\tugroup_type = 'class'\n\t\t\t\t\t\t\t\t";
db_query($query);
$ugroup_id = lastid();
}
if (!$classinfo) {
$query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tclass\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tclass_external_id='" . addslashes($class) . "',\n\t\t\t\t\t\t\t\t\t\tclass_department='" . addslashes($r[1]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_number='" . addslashes($r[2]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_section='" . addslashes($r[3]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_semester='" . addslashes($sem) . "',\n\t\t\t\t\t\t\t\t\t\tclass_year='20" . addslashes($r[5]) . "',\n\t\t\t\t\t\t\t\t\t\tclass_name='',\n\t\t\t\t\t\t\t\t\t\tFK_owner=NULL,\n\t\t\t\t\t\t\t\t\t\tFK_ugroup='" . addslashes($ugroup_id) . "'\n\t\t\t\t\t\t\t\t";
db_query($query);
}
$ugroup_userinfo = db_get_line("ugroup_user", "FK_ugroup='" . addslashes($ugroup_id) . "' AND FK_user='******'");
if (!$ugroup_userinfo) {
$query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup_user\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\t\t\t\t\t\tFK_user = '******'\n\t\t\t\t\t\t\t\t";
db_query($query);
}
/******************************************************************************
* end update
******************************************************************************/
if ($time == "now" && isSemesterNow($r[4], $r[5])) {
$classes[$class] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]);
} else {
if ($time == "past" && isSemesterPast($r[4], $r[5])) {
$classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]);
} else {
if ($time == "future" && isSemesterFuture($r[4], $r[5])) {
$classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]);
} else {
if ($time == "all") {
$classes[$r[1] . $r[2] . $r[3] . "-" . $r[4] . $r[5]] = array("code" => "{$r['1']}{$r['2']}", "sect" => $r[3], "sem" => $r[4], "year" => $r[5]);
}
}
}
}
/******************************************************************************
* if not a class group then get group name and add to ugroup table
******************************************************************************/
} else {
if (eregi('^' . $cfg[ldap_groupname_attribute] . '=(.+)$', $p, $matches)) {
$group_name = $matches[1];
$user_id = db_get_value("user", "user_id", "user_uname = '" . addslashes($user) . "'");
$ugroup_id = db_get_value("ugroup", "ugroup_id", "ugroup_name='" . addslashes($group_name) . "'");
/******************************************************************************
* insert group_name into ugroup table with group if not already in table
******************************************************************************/
if (!$ugroup_id) {
$query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tugroup_name = '" . addslashes($group_name) . "',\n\t\t\t\t\t\t\t\t\t\tugroup_type = 'other'\n\t\t\t\t\t\t\t\t";
//printpre($query);
db_query($query);
$ugroup_id = lastid();
}
/******************************************************************************
* if user not part of group then add to ugroup_user table
******************************************************************************/
$ugroup_userinfo = db_get_line("ugroup_user", "FK_ugroup='" . addslashes($ugroup_id) . "' AND FK_user='******'");
if (!$ugroup_userinfo) {
$query = "\n\t\t\t\t\t\t\t\t\tINSERT INTO\n\t\t\t\t\t\t\t\t\t\tugroup_user\n\t\t\t\t\t\t\t\t\tSET\n\t\t\t\t\t\t\t\t\t\tFK_ugroup = '" . addslashes($ugroup_id) . "',\n\t\t\t\t\t\t\t\t\t\tFK_user = '******'\n\t\t\t\t\t\t\t\t";
//printpre($query);
db_query($query);
}
/******************************************************************************
* get other members of this ugroup and add to ugroup_user table
* (this may not be necessary since users will be added when they log in...)
******************************************************************************/
}
}
}
}
}
}
}
// add in the DB classes
$query = "\n\t\tSELECT\n\t\t\tclass_department,\n\t\t\tclass_number,\n\t\t\tclass_section,\n\t\t\tclass_semester,\n\t\t\tclass_year\n\t\tFROM\n\t\t\tuser\n\t\t\t\tINNER JOIN\n\t\t\tugroup_user\n\t\t\t\tON\n\t\t\tuser_id = FK_user\n\t\t\t\tINNER JOIN\n\t\t\tclass\n\t\t\t\tON\n\t\t\tclass.FK_ugroup = ugroup_user.FK_ugroup\n\t\tWHERE\n\t\t\tuser_uname = '" . addslashes($user) . "'\n\t";
$semester = currentsemester();
$r = db_query($query);
while ($a = db_fetch_assoc($r)) {
$class_code = generateCodeFromData($a[class_department], $a[class_number], $a[class_section], $a[class_semester], $a[class_year]);
if (!$classes[$class_code]) {
if ($time == "now" && isSemesterNow($a[class_semester], $a[class_year])) {
$classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]);
} else {
if ($time == "past" && isSemesterPast($a[class_semester], $a[class_year])) {
$classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]);
} else {
if ($time == "future" && isSemesterFuture($a[class_semester], $a[class_year])) {
$classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]);
} else {
if ($time == "all") {
$classes[$class_code] = array("code" => "{$class_code}", "sect" => $a[class_section], "sem" => $a[class_semester], "year" => $a[class_year]);
}
}
}
}
}
}
return $classes;
}
function f_inp($mil, $link)
{
$_SESSION['cur_div'] = 'content';
$ip = hostname();
$qda = $_SESSION['qda'];
$USE = $_SESSION['USE'];
$cont = $_GET['continue'];
$read = $_SESSION['read'];
$raed = $_SESSION['raed'];
$frm = $_SESSION['frm'];
if ($USE) {
$us = $USE;
} else {
list($us, $ml) = sql('name,mail', 'qdi', 'r', 'host="' . $ip . '" ORDER BY id DESC LIMIT 1');
}
$currid = lastid('qda') + 1;
if ($frm == "" or $frm == "Home") {
$frm = "public";
}
//sections
if ($_GET['edit'] == "=") {
$cit = "&edit==";
}
$goto = '/?read=' . $read . $cit;
if (substr($link, 0, 4) == 'http' && !$cont) {
$link = https(utmsrc($link));
//vacuum
$_GET['urlsrc'] = $link;
list($suj, $msg) = vacuum($link, '');
}
//elseif($read)$link=$_SESSION['rqt'][$read][9];
if (!$cont) {
$r['urlsrc'] = autoclic('urlsrc', "url", '10" id="urlsrc" onClick="SaveI(\'urlsrc\')" onContextMenu="SaveIt()" value="' . $link, '250', '') . btd('urledt', '');
}
//urlsrc
if ($USE && !$cont) {
$r['trkname'] = hidden('name', 'trkname', $USE) . hidden('mail', 'trkmail', '');
$r['slcat'] = select_j('frm', 'category', $frm, '3', $frm, '');
} elseif (!$USE) {
$gn = '" onkeyup="log_goodname(\'trkname\');';
$r['trkname'] = autoclic('name" id="trkname' . $gn, $us ? $us : nms(38), '8', '50', 'txtx');
//name
$r['trkmail'] = autoclic('mail" id="trkmail', $ml ? $ml : 'mail', '13', '50', 'txtx');
}
//mail
if (!$cont) {
$r['parent'] = select_jp('ib', 'parent', rstr(10) ? $read : '', '0', picto('topo'), '1');
}
//if(!$cont)$r['parent']=togbub();
if (!$cont && auth(3)) {
$r['publish'] = checkbox_j('pub', $_SESSION['auth'] < 4 ? 0 : rstr(11), nms(29));
} else {
$r['publish'] = hidden('pub', 'pub', 0);
}
if (!$cont) {
//new
$r['pstdat'] = select_j('postdat', 'date', date('y-m-d-H-i'), 0, picto('time'), 0);
$r['pstsuj'] = balise('input', array('', '', 'suj', 'suj1', '', 'editor', 7 => 255, 16 => 'width:100%;', 23 => $suj ? $suj : nms(71)), '');
}
if ($cont) {
$msg = sql('msg', 'qdm', 'v', 'id=' . $read);
$btcntn = 'continue=ok#' . $read;
$alrt = conn_correct($msg);
} else {
$goto = '/?read=' . $currid;
$btcntn = 'insert=ok';
}
//&continue==#'.$currid
$msg = str_replace("\r", "", $msg);
//msg
$msg = str_replace(array("<br />\n", "<br />", "<br>"), "\n", $msg);
//save
$ids = 'suj1|frm|urlsrc|postdat|trkname|trkmail|ib|pub';
//|sub
$c = 'popbt';
$sav = ljb($c, 'SaveJb', 'socket_saveart_txtarea_id4_' . $read . '_no\',\'art' . $read . '_readart___' . $read, picto('save'));
if ($cont && rstr(53)) {
$sav .= ljb($c, 'SaveJb', 'txarea_saveart_txtarea_id4_' . $read . '\',\'art' . $read . '_readart___' . $read, nms(57)) . ' ';
} elseif (!rstr(53)) {
$sav .= submitj($c, 'sav', nms(57)) . ' ';
} else {
$sav .= lj($c, 'socket_newart_txtarea_' . (rstr(57) ? 7 : 9) . '_____' . $ids, nms(57)) . ' ';
}
//pop
$btdt = lj('', 'popup_artwedit_txtarea__', pictit('editor', nms(107))) . ' ';
$btdt .= ljb('' . '" title="test', 'captslct', 'preview', picto('valid')) . ' ';
if ($cont && $read) {
$btdt .= urledt_id($read);
}
//defcon//urledt($link)
$ret = '<form method="POST" id="sav" action="' . $goto . '&' . $btcntn . '">' . "\n";
//form
$ret .= btd('bts' . $read, $sav) . ' ' . $btdt;
$ret .= implode(' ', $r);
$ret .= sesmk('conn_edit', '', '');
//1
$ret .= $alrt;
$ret .= divd('txarea', txarea1($msg));
//if(auth(4))$ret.=checkbox("randim","ok","rename_img",0);
$ret .= ' </form>' . "\n";
return $ret;
}
