if (isset($_GET['start'])) { $start = $_GET['start']; } if (!isset($start)) { $start = 0; } } /*************Display album on screen******************/ if ($albumid != 0) { //First get check if the album exists $sql = $data->select_query("album_track", " WHERE ID = {$albumid} AND allowed=1"); $number_albums = $data->num_rows($sql); $album_info = $data->fetch_array($sql); $view_album_name = censor($album_info['album_name']); if ($number_albums == 0 && !$inarticle) { show_message_back("No such album"); } elseif ($number_albums == 0 && $inarticle) { $number_of_photos = 0; } else { if (!$inarticle) { $pagenum = 2; $edit = is_owner($album_info['ID'], "album") ? true : false; $editlink = "index.php?page=mythings&cat=album&action=edit&id={$album_info['ID']}&menuid={$menuid}"; $articlesql = $data->select_query("patrol_articles", "WHERE album_id={$album_info['ID']} AND allowed=1 ORDER BY title ASC", "ID, title"); $numarticles = $data->num_rows($articlesql); $articlelist = array(); while ($articlelist[] = $data->fetch_array($articlesql)) { } $tpl->assign("numarticles", $numarticles); $tpl->assign("articlelist", $articlelist); }
$parent = array(); while ($parent[] = $data->fetch_array($sql)) { } $sql = $data->select_query("forums", "WHERE id != {$fid} ORDER BY name ASC"); $numforums = $data->num_rows($sql); $forums = array(); while ($forums[] = $data->fetch_array($sql)) { } $sql = $data->select_query("forumscats", "WHERE id != {$cid} ORDER BY pos ASC"); $numcats = $data->num_rows($sql); $cats = array(); while ($cats[] = $data->fetch_array($sql)) { } if ($_POST['Submit'] == "Submit") { if ($_POST['name'] == '') { show_message_back("You need to supply a name for the forum"); exit; } $forumname = safesql($_POST['name'], "text"); $desc = safesql($_POST['desc'], "text"); $parent = safesql($_POST['parent'], "text"); $limit = safesql($_POST['limit'], "int"); $copypermissions = $_POST['permissions']; $moveforum = $_POST['move']; if ($copypermissions != 0) { $data->delete_query("forumauths", "forum_id={$fid}"); $copy = safesql($copypermissions, "int"); $auths = $data->select_fetch_one_row("forumauths", "WHERE forum_id={$copy}"); $sql = $data->insert_query("forumauths", "{$fid}, '{$auths['new_topic']}', '{$auths['reply_topic']}', '{$auths['edit_post']}', '{$auths['delete_post']}', '{$auths['view_forum']}', '{$auths['read_topics']}', '{$auths['sticky']}', '{$auths['announce']}', '{$auths['poll']}'"); } if ($moveforum == 0) {
} elseif ($action == "add" && pageauth("downloads", "add") == 1) { if ($_POST['catname'] == '') { show_message_back("You need to enter a name for the category"); exit; } $catname = safesql($_POST['catname'], "text"); $upauths = safesql(serialize($_POST['upload']), "text"); $downauths = safesql(serialize($_POST['download']), "text"); $sql = $data->insert_query("download_cats", "NULL, {$catname}, {$upauths}, {$downauths}"); if ($sql) { show_admin_message("Category added", "{$pagename}"); } $action = ""; } elseif ($action == "edit" && pageauth("downloads", "edit") == 1) { if ($_POST['catname'] == '') { show_message_back("You need to enter a name for the category"); exit; } $catname = safesql($_POST['catname'], "text"); $upauths = safesql(serialize($_POST['upload']), "text"); $downauths = safesql(serialize($_POST['download']), "text"); $sql = $data->update_query("download_cats", "name = {$catname}, upauth = {$upauths}, downauth = {$downauths}", "id = {$id}"); if ($sql) { show_admin_message("Category updated", "{$pagename}"); } } } if ($action == "view") { $query = $data->select_query("download_cats", "WHERE id = {$id}"); $catinfo = $data->fetch_array($query); $down_query = $data->select_query("downloads", "WHERE cat='{$id}' AND trash=0");
} if ($sql3) { show_admin_message("Group Updated", $pagename); } $action = ''; } } elseif ($action == "Add" && pageauth("group", "add") == 1) { $submit = $_POST['Submit']; if ($submit == 'Submit') { $teamname = safesql($_POST['name'], "text"); $ispatrol = safesql($_POST['patrol'], "int"); $ispublic = safesql($_POST['publicgroup'], "int"); $getpoints = safesql($_POST['points'], "int"); $copypermissions = safesql($_POST['permissions'], "int"); if ($data->num_rows($data->select_query("groups", "WHERE teamname={$teamname}")) > 0) { show_message_back("There is already a group by that name"); exit; } if ($copypermissions != 0) { $otherGroup = $data->select_fetch_one_row("groups", "WHERE id={$copypermissions}"); $normaladmin = safesql($otherGroup['normaladmin'], "text"); $agladmin = safesql($otherGroup['agladmin'], "text"); $gladmin = safesql($otherGroup['gladmin'], "text"); $sql3 = $data->insert_query("groups", "NULL, {$teamname}, {$ispatrol}, {$ispublic}, {$getpoints}, 0, {$normaladmin}, {$agladmin}, {$gladmin}"); } else { $sql3 = $data->insert_query("groups", "NULL, {$teamname}, {$ispatrol}, {$ispublic}, {$getpoints}, 0, '', '', ''"); } if ($ispublic == 1) { $temp = $data->select_fetch_one_row("groups", "WHERE teamname = {$teamname}", "id"); $id = $temp['id']; $sql = $data->select_query("static_content", "WHERE type = 1 AND pid={$id}");
$numfields = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $temp['options'] = unserialize($temp['options']); if ($temp['type'] == 4) { $temp2 = array(); for ($i = 1; $i <= $temp['options'][0]; $i++) { $temp2[$i] = $_POST[$temp['name'] . $i] ? 1 : 0; } $custom[$temp['name']] = $temp2; } else { if (isset($_POST[$temp['name']])) { $custom[$temp['name']] = $_POST[$temp['name']]; } } if ($custom[$temp['name']] == '' && $temp['required'] == 1 && ($temp['register'] == 1 && $_POST['type'] == 0 || $temp['register'] == 0)) { show_message_back("The {$temp['query']} field is required."); exit; } } $custom = safesql(serialize($custom), "text"); if ($_GET['action'] == "new") { $firstname = safesql($_POST['firstname'], "text"); $middlename = safesql($_POST['middlename'], "text"); $lastname = safesql($_POST['lastname'], "text"); $sex = safesql($_POST['sex'], "int"); $address = safesql($_POST['address'], "text"); $homenumber = safesql($_POST['homenumber'], "text"); $cellnumber = safesql($_POST['cellnumber'], "text"); $worknumber = safesql($_POST['worknumber'], "text"); $dob = safesql(strtotime($_POST['dob']), "int"); $email = safesql($_POST['email'], "text");