function nightly(){
//Rollover the feed-content table's statistics
echo "Rolling over statistics...\n";
$sql = "UPDATE `feed_content` SET `yesterday_count` = `display_count`";
sql_command($sql);
//Rolloever the position table's statistics
$sql = "UPDATE `position` SET `yesterday_count` = `display_count`";
sql_command($sql);
//Clear out the old data. I tried making it 1 sql statement, but it didn't work consistently
$sql = "UPDATE `position` SET `display_count` = 0";
sql_command($sql);
$sql = "UPDATE `feed_content` SET `display_count` = 0";
sql_command($sql);
echo "Statistic rollover complete.\n";
echo "Parsing cache...\n";
//Parse the cache!
cache_parse(25);
echo "Completed cache parsing.\n";
echo "Finding expired content in moderation queue...";
deny_expired();
echo "Done dening expired content in mod queue.\n";
}
}
/*---------------------------------------------------------------------------*\
| Delete a user |
\*---------------------------------------------------------------------------*/
if (isset($Action) && $Action == "Delete") {
$target_level = sql_query1("SELECT level FROM {$tbl_users} WHERE id={$Id} LIMIT 1");
if ($target_level < 0) {
fatal_error(TRUE, "Fatal error while deleting a user");
}
// you can't delete a user if you're not some kind of admin, and then you can't
// delete someone higher than you
if ($level < $min_user_editing_level || $level < $target_level) {
showAccessDenied(0, 0, 0, "", "");
exit;
}
$r = sql_command("delete from {$tbl_users} where id={$Id};");
if ($r == -1) {
print_header(0, 0, 0, "", "");
// This is unlikely to happen in normal operation. Do not translate.
print "<form class=\"edit_users_error\" method=\"post\" action=\"" . htmlspecialchars(basename($PHP_SELF)) . "\">\n";
print " <fieldset>\n";
print " <legend></legend>\n";
print " <p class=\"error\">Error deleting entry {$Id} from the {$tbl_users} table.</p>\n";
print " <p class=\"error\">" . sql_error() . "</p>\n";
print " <input type=\"submit\" value=\" " . get_vocab("ok") . " \">\n";
print " </fieldset>\n";
print "</form>\n";
// Print footer and exit
print_footer(TRUE);
}
/* Success. Do not display a message. Simply fall through into the list display. */
// only update these fields if they are set; they might be NULL because
// they have been disabled by JavaScript
$assign_array[] = "{$var}=" . ${$area_var};
}
}
$assign_array[] = "private_enabled=" . $area_private_enabled;
$assign_array[] = "private_default=" . $area_private_default;
$assign_array[] = "private_mandatory=" . $area_private_mandatory;
$assign_array[] = "private_override='" . $area_private_override . "'";
$assign_array[] = "approval_enabled=" . $area_approval_enabled;
$assign_array[] = "reminders_enabled=" . $area_reminders_enabled;
$assign_array[] = "enable_periods=" . $area_enable_periods;
$assign_array[] = "confirmation_enabled=" . $area_confirmation_enabled;
$assign_array[] = "confirmed_default=" . $area_confirmed_default;
$sql .= implode(",", $assign_array) . " WHERE id={$area}";
if (sql_command($sql) < 0) {
echo get_vocab("update_area_failed") . "<br>\n";
trigger_error(sql_error(), E_USER_WARNING);
fatal_error(FALSE, get_vocab("fatal_db_error"));
}
// If the database update worked OK, go back to the admin page
Header("Location: admin.php?day={$day}&month={$month}&year={$year}&area={$area}");
exit;
}
}
}
// PHASE 1 - GET THE USER INPUT
// ----------------------------
print_header($day, $month, $year, isset($area) ? $area : "", isset($room) ? $room : "");
if ($is_admin) {
// Heading is confusing for non-admins
}
for ($j = 0; list($room) = sql_row($room_res, $j); $j++) {
// Now we know room and area
// We have to add some appointments to the day
// four in each room seems good enough
for ($a = 1; $a < 5; $a++) {
// Pick a random hour 8-5
$starthour = mt_rand(7, 16);
$length = mt_rand(1, 5) * 30;
$starttime = mktime($starthour, 0, 0, $month, $day, $year);
$endtime = mktime($starthour, $length, 0, $month, $day, $year);
// Check that this isnt going to overlap
$sql = "select count(*) from {$tbl_entry} where room_id={$room} and ((start_time between {$starttime} and {$endtime}) or (end_time between {$starttime} and {$endtime}) or (start_time = {$starttime} and end_time = {$endtime}))";
$counte = sql_query1($sql);
if ($counte == 0) {
// There are no overlaps
if ($area == 4) {
$name = $jpnames[mt_rand(1, count($jpnames) - 1)];
} else {
$name = $ennames[mt_rand(1, count($ennames) - 1)];
}
$type = $intext[mt_rand(1, 2)];
$sql = "insert into {$tbl_entry} (room_id, create_by, start_time, end_time, type, name, description) values ({$room}, '{$REMOTE_ADDR}', {$starttime}, {$endtime},'{$type}','{$name}','A meeting')";
sql_command($sql);
}
echo "{$area} - {$room} ({$starthour},{$length}), {$type}<br>";
}
}
}
}
}
function log_back()
{
$ip = $_SERVER['REMOTE_ADDR'];
$screen = new Screen($this->screen_id);
$screen->status_update($ip);
//Update the screen last updated and ip stuff
if ($screen->get_powerstate()) {
$sql = "UPDATE position SET display_count = display_count + 1 WHERE screen_id = {$this->screen_id} AND field_id = {$this->field_id} AND feed_id = {$this->feed_id} LIMIT 1";
sql_command($sql);
$sql = "UPDATE feed_content SET display_count = display_count + 1 WHERE feed_id = {$this->feed_id} AND content_id = {$this->content_id} LIMIT 1";
sql_command($sql);
}
return true;
}
}
}
echo "<div id=\"del_room_confirm\">\n";
echo "<p>" . get_vocab("sure") . "</p>\n";
echo "<div id=\"del_room_confirm_links\">\n";
echo "<a href=\"del.php?type=room&room={$room}&confirm=Y\"><span id=\"del_yes\">" . get_vocab("YES") . "!</span></a>\n";
echo "<a href=\"admin.php\"><span id=\"del_no\">" . get_vocab("NO") . "!</span></a>\n";
echo "</div>\n";
echo "</div>\n";
include "trailer.inc";
}
}
if ($type == "area") {
// We are only going to let them delete an area if there are
// no rooms. its easier
$n = sql_query1("select count(*) from {$tbl_room} where area_id={$area}");
if ($n == 0) {
// OK, nothing there, lets blast it away
sql_command("delete from {$tbl_area} where id={$area}");
// Redirect back to the admin page
header("Location: admin.php");
} else {
// There are rooms left in the area
print_header($day, $month, $year, $area);
echo "<p>\n";
echo get_vocab("delarea");
echo "<a href=\"admin.php\">" . get_vocab("backadmin") . "</a>";
echo "</p>\n";
include "trailer.inc";
}
}
function destroyAction()
{
$id = $this->args[1];
if (is_numeric($id)) {
$res = sql_command('DELETE FROM `page` WHERE `page`.`id` = ' . escape($id));
}
if ($res) {
$this->flash('Page destroyed successfully');
redirect_to(ADMIN_URL . '/pages');
} else {
$this->flash('There was an error removing the page.', 'error');
redirect_to(ADMIN_URL . '/pages');
}
}
echo " done.<br>Updating repeating entries: ";
$sql = "select id,name,description from mrbs_repeat";
$repeats_res = sql_query($sql);
for ($i = 0; $row = sql_row($repeats_res, $i); $i++) {
$id = $row[0];
$name = slashes(iconv($encoding, "utf-8", $row[1]));
$desc = slashes(iconv($encoding, "utf-8", $row[2]));
$upd_sql = "update mrbs_repeat set name='{$name}',description='{$desc}' where id={$id}";
sql_command($upd_sql);
echo ".";
}
echo " done.<br>Updating normal entries: ";
$sql = "select id,name,description from mrbs_entry";
$entries_res = sql_query($sql);
for ($i = 0; $row = sql_row($entries_res, $i); $i++) {
$id = $row[0];
$name = slashes(iconv($encoding, "utf-8", $row[1]));
$desc = slashes(iconv($encoding, "utf-8", $row[2]));
$upd_sql = "update mrbs_entry set name='{$name}',description='{$desc}' where id={$id}";
sql_command($upd_sql);
echo ".";
}
echo 'done.<p>
Finished everything, byebye!
';
}
?>
</body>
</html>
// Check the user is authorised for this page
checkAuthorised();
// Check that the user has the highest level of admin rights
$user = getUserName();
$level = authGetUserLevel($user);
if ($level < $max_level) {
exit;
}
// Get non-standard form variables
$ids = get_form_var('ids', 'array');
// Check that $ids consists of an array of integers, to guard against SQL injection
foreach ($ids as $id) {
if (!is_numeric($id) || intval($id) != $id || $id < 0) {
exit;
}
}
// Everything looks OK - go ahead and delete the entries
// Note on performance. It is much quicker to delete entries using the
// WHERE id IN method below than looping through mrbsDelEntry(). Testing
// for 100 entries gave 2.5ms for the IN method against 37.6s for the looping
// method - ie approx 15 times faster. For 1,000 rows the IN method was 19
// times faster.
//
// Because we are not using mrbsDelEntry() we have to delete any orphaned
// rows in the repeat table ourselves - but this does not take long.
$sql = "DELETE FROM {$tbl_entry} WHERE id IN (" . implode(',', $ids) . ")";
$result = sql_command($sql);
// And delete any orphaned rows in the repeat table
$sql = "DELETE FROM {$tbl_repeat} WHERE id NOT IN (SELECT repeat_id FROM {$tbl_entry})";
$orphan_result = sql_command($sql);
echo $result;
// Note that:
// (1) the code assumes that you are an admin with powers to delete anything.
// It checks that you are an admin and so does not bother checking that
// you have rights in that particular area or room, nor does it check that
// the proposed deletion conforms to any policy in force.
// (2) email notifications are not sent, even if they are normally configured
// to be sent. Sending many thousands of emails in the space of a few
// seconds could overwhelm many mail servers, or break the usage policies
// on hosted systems.
require "defaultincludes.inc";
require_once "mrbs_sql.inc";
// Check the user is authorised for this page
checkAuthorised();
// Check that the user has the highest level of admin rights
$user = getUserName();
$level = authGetUserLevel($user);
if ($level < $max_level) {
exit;
}
// Get non-standard form variables
$ids = get_form_var('ids', 'array');
// Check that $ids consists of an array of integers, to guard against SQL injection
foreach ($ids as $id) {
if (!is_numeric($id) || intval($id) != $id || $id < 0) {
exit;
}
}
// Everything looks OK - go ahead and delete the entries
$sql = "DELETE FROM {$tbl_entry} WHERE id IN (" . implode(',', $ids) . ")";
$result = sql_command($sql);
echo $result;
for ($i = 0; $row = sql_row($res, $i); $i++) {
echo "<li>{$row['0']} (";
echo time_date_string($row[1]) . " -> ";
echo time_date_string($row[2]) . ")";
}
echo "</ul>";
}
echo "<center>";
echo "<H1>" . get_vocab("sure") . "</h1>";
echo "<H1><a href=\"del.php?type=room&room={$room}&confirm=Y\">" . get_vocab("YES") . "!</a> <a href=admin.php>" . get_vocab("NO") . "!</a></h1>";
echo "</center>";
include "trailer.inc";
}
}
if ($type == "area") {
# We are only going to let them delete an area if there are
# no rooms. its easier
$n = sql_query1("select count(*) from mrbs_room where area_id={$area}");
if ($n == 0) {
# OK, nothing there, lets blast it away
sql_command("delete from mrbs_area where id={$area}");
# Redirect back to the admin page
header("Location: admin.php");
} else {
# There are rooms left in the area
print_header($day, $month, $year, $area);
echo get_vocab("delarea");
echo "<a href=admin.php>" . get_vocab("backadmin") . "</a>";
include "trailer.inc";
}
}
function sql_mutex_cleanup()
{
global $sql_mutex_shutdown_registered, $sql_mutex_unlock_name;
if (!empty($sql_mutex_unlock_name)) {
sql_command("ABORT");
$sql_mutex_unlock_name = "";
}
}
function convert_one_db($db)
{
global $alterdatabasecharset;
global $altertablecharset;
global $charset;
global $collate;
global $printonly;
global $db_handle;
$db_cha = PMA_getDbCollation($db);
if (substr($db_cha[0], 0, 4) == 'utf8') {
// This doesn't work for me, but isn't a big deal, as the table
// check below works
echo "Skipping utf8 database '{$db}'\n";
return;
}
sql_command("USE {$db}", $db_handle);
$rs = sql_query("SHOW TABLES", $db_handle);
if (!$rs) {
echo "\n\n" . sql_error($db_handle) . "\n\n";
} else {
for ($i = 0; $data = sql_row($rs, $i, $db_handle); $i++) {
echo "Converting '{$data['0']}' table...\n";
$rs1 = sql_query("show FULL columns from {$data['0']}", $db_handle);
if (!$rs1) {
echo "\n\n" . sql_error($db_handle) . "\n\n";
} else {
for ($j = 0; $data1 = sql_row_keyed($rs1, $j, $db_handle); $j++) {
if (in_array(array_shift(split("\\(", $data1['Type'], 2)), array('char', 'varchar', 'tinytext', 'text', 'mediumtext', 'longtext', 'enum', 'set'))) {
if (substr($data1['Collation'], 0, 4) != 'utf8') {
$sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . ' CHARACTER SET binary ' . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL');
if (!$printonly && !sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
} else {
if ($printonly) {
echo $sq . "\n";
}
$sq = "ALTER TABLE `{$data['0']}` CHANGE `" . $data1['Field'] . '` `' . $data1['Field'] . '` ' . $data1['Type'] . " CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}") . ($data1['Default'] == '' ? '' : ($data1['Default'] == 'NULL' ? ' DEFAULT NULL' : ' DEFAULT \'' . addslashes($data1['Default']) . '\'')) . ($data1['Null'] == 'YES' ? ' NULL ' : ' NOT NULL') . ($data1['Comment'] == '' ? '' : ' COMMENT \'' . addslashes($data1['Comment']) . '\'');
if (!$printonly && !sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
} else {
if ($printonly) {
echo $sq . "\n";
}
}
}
// end of if (!$printonly)
}
// end of if (substr)
}
// end of if (in_array)
}
// end of inner for
}
// end of if ($rs1)
if ($altertablecharset) {
$sq = 'ALTER TABLE `' . $data[0] . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}");
if ($printonly) {
echo $sq . "\n";
} else {
if (!sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
}
}
}
// end of if ($altertablecharset)
print "done.<br>\n";
}
// end of outer for
}
// end of if (!$rs)
if ($alterdatabasecharset) {
$sq = 'ALTER DATABASE `' . $db . "` " . "DEFAULT CHARACTER SET {$charset} " . ($collate == '' ? '' : "COLLATE {$collate}");
if ($printonly) {
echo $sq . "\n";
} else {
if (!sql_query($sq, $db_handle)) {
echo "\n\n" . $sq . "\n" . sql_error($db_handle) . "\n\n";
}
}
}
// end of if ($alterdatabasecharset)
}
/** mrbsCreateRepeatEntry()
*
* Creates a repeat entry in the data base
*
* $starttime - Start time of entry
* $endtime - End time of entry
* $rep_type - The repeat type
* $rep_enddate - When the repeating ends
* $rep_opt - Any options associated with the entry
* $room_id - Room ID
* $owner - Owner
* $name - Name
* $type - Type (Internal/External)
* $description - Description
*
* Returns:
* 0 - An error occured while inserting the entry
* non-zero - The entry's ID
*/
function mrbsCreateRepeatEntry($starttime, $endtime, $rep_type, $rep_enddate, $rep_opt, $room_id, $owner, $name, $type, $description, $rep_num_weeks)
{
global $tbl_repeat;
$name = slashes($name);
$description = slashes($description);
$timestamp = time();
// Let's construct the sql statement:
$sql_coln = array();
$sql_val = array();
// Mandatory things:
$sql_coln[] = 'start_time';
$sql_val[] = $starttime;
$sql_coln[] = 'end_time';
$sql_val[] = $endtime;
$sql_coln[] = 'rep_type';
$sql_val[] = $rep_type;
$sql_coln[] = 'end_date';
$sql_val[] = $rep_enddate;
$sql_coln[] = 'room_id';
$sql_val[] = $room_id;
$sql_coln[] = 'create_by';
$sql_val[] = '\'' . $owner . '\'';
$sql_coln[] = 'type';
$sql_val[] = '\'' . $type . '\'';
$sql_coln[] = 'name';
$sql_val[] = '\'' . $name . '\'';
$sql_coln[] = 'timestamp';
$sql_val[] = $timestamp;
// Optional things, pgsql doesn't like empty strings!
if (!empty($rep_opt)) {
$sql_coln[] = 'rep_opt';
$sql_val[] = '\'' . $rep_opt . '\'';
} else {
$sql_coln[] = 'rep_opt';
$sql_val[] = '\'0\'';
}
if (!empty($description)) {
$sql_coln[] = 'description';
$sql_val[] = '\'' . $description . '\'';
}
if (!empty($rep_num_weeks)) {
$sql_coln[] = 'rep_num_weeks';
$sql_val[] = $rep_num_weeks;
}
$sql = 'INSERT INTO ' . $tbl_repeat . ' (' . implode(', ', $sql_coln) . ') ' . 'VALUES (' . implode(', ', $sql_val) . ')';
if (sql_command($sql) < 0) {
return 0;
}
return sql_insert_id("{$tbl_repeat}", "id");
}
function unhide(){
if($this->set){
$sql = 'UPDATE newsfeed SET hidden = 0 WHERE id = ' . $this->id;
sql_command($sql);
return true;
} else {
return false;
}
}
function destroyAction()
{
$id = $this->args[1];
if (is_numeric($id)) {
$res = sql_command('DELETE FROM `page_category` WHERE `page_category`.`id` = ' . escape($id));
}
if ($res > 0) {
$this->flash('Category destroyed successfully');
redirect_to(ADMIN_URL . '/page_categories');
} else {
$this->flash('There was an error removing the category.', 'error');
redirect_to(ADMIN_URL . '/page_categories/show/' . $this->args[1]);
}
}
