/** * main * * @return void */ function main() { displayHeader(); if (isset($_POST['submit1'])) { displayStepTwo(); } elseif (isset($_POST['submit2'])) { displayStepThree(); } elseif (isset($_POST['submit3'])) { displayStepFour(); } elseif (isset($_POST['submit4'])) { displayStepFive(); } elseif (isset($_POST['submit5'])) { setupDatabase(); } elseif (file_exists('inc/config_inc.php')) { displayAlreadyInstalled(); displayStepOne(); displayFooter(); return; } else { displayStepOne(); } }
} $result->free(); if ($email_count > 0) { $smarty->assign('emails', $emails); } } else { $err_msg .= 'Error retrieving messages: ' . $msi->error . ' '; } $smarty->assign("localmenu", 1); } else { $smarty->assign('endmessage', $previous_sender == 0 ? "No messages to send" : "No more messages to send"); } } else { $err_msg .= 'Error retrieving next sender: ' . $msi->error . ' '; } displayFooter($smarty, $err_msg); $smarty->display('email_release.tpl'); function delMsg($msi, $hold_msg_id) { $msi_error = false; $msi->autocommit(false); if ($msi->query('delete from hold_msg where hold_msg_id=' . $hold_msg_id)) { if ($msi->query('delete from hold_target where hold_msg_id=' . $hold_msg_id)) { $msi->commit(); } else { $msi_error = true; $err_msg = 'Hold target delete error: ' . $msi->error . ' '; $msi->rollback(); } } else { $msi_error = true;
<div class="group_mid"> <label for="phone_number3">Number <font size="-2" color="#999999">(xxx-xxx-xxxx)</font></label> <input name="phone_number3" type="text" value="" disabled> <input type="hidden" name="phone_rec_id3" value=""> </div> <div class="group_right"> <input id="submitUser" class="press" title="Save form data to the database" type="submit" value="Submit"></input> </div> </div> </div> <div class="group"> <label class="section_label" for="group_info">Your Group - Neighborhood Charlie, Group #12</label> <div class="textLeft"><strong>Group Leader Name: </strong>Carson Venturelli</div> <div class="textLeft indent"><strong>email: </strong>Carson@Venturelli.com</div> <div class="textLeft indent"><strong>phone #:</strong>(650) 248-7898 (cell), (650) 258-7575 (home)</div> <div class="textLeft"><strong>Backup Group Leader: </strong>Joe Schmoe</div> <div class="textLeft indent"><strong>email: </strong>joe@schmoe.com</div> <div class="textLeft indent"><strong>phone #s: </strong>t(650)444-5555 (cell), (650)777-8888 (home)</div> </div> </fieldset> </form> <?php displayFooter(); ?> </body> </html>
/** * displayInvitationDetails * * @param int $id * * @return void */ function displayInvitationDetails($id) { // Get info on who's coming $sql = "SELECT `id`, `user`, `email`, `attending`, `response`, `updated`\n FROM `fcms_invitation`\n WHERE `event_id` = ?\n ORDER BY `updated` DESC"; $rows = $this->fcmsDatabase->getRows($sql, $id); if ($rows === false) { $this->fcmsError->displayError(); displayFooter(); exit; } $yesCount = 0; $noCount = 0; $maybeCount = 0; $undecidedCount = 0; $comingYes = ''; $comingNo = ''; $comingMaybe = ''; $comingUndecided = ''; $responses = array(); $usersLkup = array(); foreach ($rows as $r) { $usersLkup[$r['user']] = array('attending' => $r['attending'], 'id' => $r['id']); $img = ''; $displayname = cleanOutput($r['email']); if ($r['user'] != 0) { $displayname = getUserDisplayName($r['user'], 2); } if ($r['attending'] === null) { $undecidedCount++; $comingUndecided .= "<p>{$displayname}</p>"; } elseif ($r['attending'] == 0) { $noCount++; $img = '<img class="avatar" src="ui/img/attend_no.png" alt="' . T_('No') . '"/>'; $comingNo .= "<p>{$displayname}</p>"; } elseif ($r['attending'] == 1) { $yesCount++; $img = '<img class="avatar" src="ui/img/attend_yes.png" alt="' . T_('Yes') . '"/>'; $comingYes .= "<p>{$displayname}</p>"; } elseif ($r['attending'] > 1) { $maybeCount++; $img = '<img class="avatar" src="ui/img/attend_maybe.png" alt="' . T_('Maybe') . '"/>'; $comingMaybe .= "<p>{$displayname}</p>"; } $responses[] = array('user' => $r['user'], 'updated' => $r['updated'], 'displayname' => $displayname, 'response' => $r['response'], 'attending' => $r['attending'], 'img' => $img); } if (isset($usersLkup[$this->fcmsUser->id]) && $usersLkup[$this->fcmsUser->id]['attending'] === null) { echo ' <form action="calendar.php?event=' . $id . '" method="post"> <h1 id="attending_header">' . T_('Are you attending?') . '</h1> <ul id="attending"> <li> <label for="yes"> <img src="ui/img/attend_yes.png"/><br/> <b>' . T_('Yes') . '</b> </label> <input type="radio" id="yes" name="attending" value="1"/> </li> <li> <label for="maybe"> <img src="ui/img/attend_maybe.png"/><br/> <b>' . T_('Maybe') . '</b> </label> <input type="radio" id="maybe" name="attending" value="2"/> </li> <li> <label for="no"> <img src="ui/img/attend_no.png"/><br/> <b>' . T_('No') . '</b> </label> <input type="radio" id="no" name="attending" value="0"/> </li> <li class="submit"> <textarea id="response" name="response" cols="50" rows="10"></textarea> <input type="hidden" id="id" name="id" value="' . $usersLkup[$this->fcmsUser->id]['id'] . '"/> <input type="submit" id="attend_submit" name="attend_submit" value="' . T_('Submit') . '"/> </li> </ul> </form>'; } echo ' <div id="leftcolumn"> <div id="whos_coming"> <h3>' . T_('Who\'s Coming') . '</h3> <h3 class="coming"><span class="ok"></span>' . T_('Yes') . ' <i>' . $yesCount . '</i></h3> <div class="coming_details">' . $comingYes . '</div> <h3 class="coming"><span class="maybe"></span>' . T_('Maybe') . ' <i>' . $maybeCount . '</i></h3> <div class="coming_details">' . $comingMaybe . '</div> <h3 class="coming"><span class="no"></span>' . T_('No') . ' <i>' . $noCount . '</i></h3> <div class="coming_details">' . $comingNo . '</div> <h3 class="coming">' . T_('Undecided') . ' <i>' . $undecidedCount . '</i></h3> <div class="coming_details">' . $comingUndecided . '</div> </div> </div> <div id="maincolumn">'; foreach ($responses as $response) { if (isset($response['attending'])) { $updated = fixDate(T_('F j, Y g:i a'), $this->fcmsUser->tzOffset, $response['updated']); echo ' <div class="comment_block"> ' . $response['img'] . ' <b>' . $response['displayname'] . '</b> <i>' . $updated . '</i> <p> ' . cleanOutput($response['response']) . ' </p> </div>'; } } echo ' </div>'; }
/** * displayImages * * @return void */ function displayImages() { global $fcmsUser; displayHeader(); if (isset($_SESSION['delete_ok'])) { unset($_SESSION['delete_ok']); echo '<p class="ok-alert">' . T_('Image was Deleted Successfully') . '</p>'; } echo ' <h2>' . T_('Upload Image') . '</h2> <form enctype="multipart/form-data" action="upimages.php" method="post"> <p><input type="file" name="upfile" id="upfile" size="30" title="' . T_('Choose the image you want to upload.') . '"/></p> <div><input type="submit" name="upload" id="upload" value="' . T_('Upload Image') . '"/></div> </form> <p> </p> <h2>' . T_('Uploaded Images') . '</h2> <table>'; $uploadsPath = getUploadsAbsolutePath(); $img_dir = opendir($uploadsPath . 'upimages'); while ($file = readdir($img_dir)) { if ($file !== 'index.htm') { $images_in_dir[] = $file; } } natcasesort($images_in_dir); reset($images_in_dir); $i = 0; $total_size = 0; foreach ($images_in_dir as $file) { // Skip directories that start with a period if ($file[0] === '.') { continue; } $img_name_arr = explode(".", $file); $img_type = end($img_name_arr); $this_size = filesize($uploadsPath . 'upimages/' . $file); $total_size += $this_size; $img_info = getimagesize($uploadsPath . 'upimages/' . $file); $win_w = $img_info[0] + 50; $win_h = $img_info[1] + 50; $path = 'uploads/upimages/'; if (defined('UPLOADS')) { $path = 'file.php?u='; } $i++; echo ' <tr'; if ($i % 2 != 0) { echo 'class="alt"'; } echo '> <td class="v"> <button class="viewbtn" onclick="window.open(\'' . URL_PREFIX . $path . basename($file) . '\',\'file\', \'width=' . $win_w . ',height=' . $win_h . ',resizable=no,location=no,menubar=no,status=no\'); return false;"/> </td> <td class="file"> <a href="#" onclick="insertUpImage(\'[IMG=' . $path . basename($file) . ']\')" title="' . T_('Click to insert image into message.') . '">' . $file . '</a> </td> <td>'; if ($fcmsUser->access < 2) { echo ' <form method="post" action="upimages.php"> <div> <input type="hidden" name="img" value="' . cleanOutput($file) . '"/> <input type="submit" name="delimg" value="' . T_('Delete') . '" class="delbtn" title="' . T_('Delete this Image') . '" onclick="javascript:return confirm(\'' . T_('Are you sure you want to DELETE this image?') . '\');"/> </div> </form>'; } echo ' </td> <td class="n">' . $img_info[0] . 'x' . $img_info[1] . '</td> <td class="n">' . formatSize($this_size) . '</td> </tr>'; } echo ' <tr> <td></td> <td></td> <td></td> <td class="n">' . T_('Total Size') . '</td> <td class="n">' . formatSize($total_size) . '</td> </tr> </table>'; displayFooter(); }
function displayFormTwo() { $sanitized = preg_replace('/[^a-zA-Z0-9\\.\\,\\(\\)@#!?_]/', '', $_POST); writeDB($sanitized['dbhost'], $sanitized['dbuser'], $sanitized['dbpass'], $sanitized['dbname']); displayHeader(); if (strlen($_POST['dboldname']) > 0) { $headerstring = "Installing and migrating..."; $quip = "You probably have time to get a coffee."; } else { $headerstring = "Installing..."; $quip = "This shouldn't take too long."; } if (!isset($_POST['dboldname'])) { $_POST['dboldname'] = ""; } ?> <h2><?php echo $headerstring; ?> </h2> <div class="hero-unit"> <p id="quip"><?php echo $quip; ?> </p> <div class="progress progress-striped active"> <div class="bar" id="progressbar" style="width: 0%;"></div> </div> <div id="waitbar"> </div> <div id="stats"></div> </div> <script language="javascript"> var prunning=0; var pinttimer=0; var online=1; var total = 0; var delay=50; function startInstall(key) { document.getElementById('progressbar').style.width = "1%"; pinttimer=self.setInterval(function(){runInstall(key)},50); runInstall(key); } function runInstall(key) { if (prunning==1) { if(online==2) { var postvar = "getpg=1"; $.post("install.php", postvar, function(data) { if (data[0]=="{") { obj = JSON.parse(data); if (obj.result=='success' && obj.progress>1) { document.getElementById('progressbar').style.width = obj.progress + "%"; document.getElementById('progressbar').style.backgroundColor = "#AA0000"; } } }); } return; } prunning=1; var postvar = "sqlline="+ online + "&dbname=" + "<?php echo $_POST['dbname']; ?> " + "&dboldname=" + "<?php echo $_POST['dboldname']; if (isset($_GET['qa'])) { echo "&qa=" . $_GET['qa']; } if (isset($_GET['debug'])) { echo "&debug=1"; } ?> "; //document.getElementById('waitbar').innerHTML = 'about to post '+postvar; $.ajax({ url: "install.php", type:'POST',data:postvar, error: function(jqXHR, textStatus, errorThrown){ delay=delay+1000; document.getElementById('quip').innerHTML = "Server appears to be throttling connections, setting delay to "+((delay-50)/1000)+ " seconds"; clearInterval(pinttimer); pinttimer=self.setInterval(function(){runInstall(key)},delay); prunning=0; } }).done( function(data){ //document.getElementById('waitbar').innerHTML = "got back "+data; if (data[0]=="{") { obj = JSON.parse(data); if (obj.result=='success') { var perc = Math.round((100*(online/obj.total))); perc = perc/2; if(perc<1) perc=1; document.getElementById('progressbar').style.width = perc + "%"; document.getElementById('progressbar').style.backgroundColor = "#149BDF"; if (!obj.tag) obj.tag = ""; document.getElementById('stats').innerHTML = obj.tag; <?php if (isset($_GET['debug'])) { ?> document.getElementById('stats').innerHTML = obj.tag + " Running line "+online + " of " + obj.total + " (" + perc + "%)"; <?php } ?> if (online==obj.total) { clearInterval(pinttimer); prunning=0; online = 1; pinttimer=self.setInterval(function(){runUpgrade(key)},delay); }else { prunning=0; if (obj.line) online = (obj.line*1) +1; else online = online + 1; if (delay>1050) { delay=delay-1000; document.getElementById('quip').innerHTML = "Server appears to be throttling connections, setting delay to "+((delay-50)/1000)+ " seconds"; clearInterval(pinttimer); pinttimer=self.setInterval(function(){runInstall(key)},delay); } } } } else { clearInterval(pinttimer); if(data.indexOf("Table 'xlsws_customer' already exists")>0) data = "Helpful information: This appears to be an error caused by installing into a database that is not blank. Web Store 3 requires a blank database to install.\n\n" + data; data = "An error has occured. If this does not appear to be an issue you can easily remedy based on the information below, please contact Web Store technical support for additional assistance.\n\n" + data; document.getElementById('progressbar').style.width = 0; document.getElementById('stats').innerHTML = ""; document.getElementById('quip').innerHTML = "Error, install halted."; alert(data); } //document.getElementById('waitbar').innerHTML = "end of function"; }); } function runUpgrade(key) { if (prunning>2400) { clearInterval(pinttimer); prunning=0; alert("The install process has become unresponsive. This may indicate a problem with the database. Please contact technical support for additional information. Error information may be available in the xlsws_log table of your database for troubleshooting purposes."); document.getElementById('progressbar').style.width = 0; document.getElementById('stats').innerHTML = "Check xlsws_log for error information."; document.getElementById('quip').innerHTML = "Error, install halted."; } if (prunning>0) { prunning++; return; } prunning=1; var postvar = "online="+ online + "&total=" + total + "&dbname=" + "<?php echo $_POST['dbname']; ?> " + "&dboldname=" + "<?php echo $_POST['dboldname']; ?> "; var exporturl = window.location.href.replace("/install.php", "/install/<?php echo strlen($_POST['dboldname']) > 0 ? 'upgrade' : 'install'; ?> "); $.ajax({ url: exporturl, type:'POST',data:postvar, error: function(jqXHR, textStatus, errorThrown){ delay=delay+1000; document.getElementById('quip').innerHTML = "Server appears to be throttling connections, setting delay to "+((delay-50)/1000)+ "seconds"; clearInterval(pinttimer); pinttimer=self.setInterval(function(){runUpgrade(key)},delay); prunning=0; } }).done(function(data){ if (data[0]=="{") { obj = JSON.parse(data); if (obj.result=='success') { total = obj.total; online = obj.makeline; var perc = 50 + online; document.getElementById('progressbar').style.width = perc + "%"; if (!obj.tag) obj.tag = ""; document.getElementById('stats').innerHTML = obj.tag; <?php if (isset($_GET['debug'])) { ?> document.getElementById('stats').innerHTML = obj.tag + " at " + " (" + perc + "%)"; <?php } ?> if (online==obj.total) { clearInterval(pinttimer); window.location.href = window.location.href.replace("/install.php", "/admin/license"); }else { prunning=0; } } else { clearInterval(pinttimer); alert(obj.result); } } else { clearInterval(pinttimer); alert(data); } }); } startInstall(); </script> <?php displayFooter(); }
/** * displayUpgradeDatabase * * @return void */ function displayUpgradeDatabase() { $fcmsError = FCMS_Error::getInstance(); $fcmsDatabase = Database::getInstance($fcmsError); $fcmsUpgrade = new Upgrade($fcmsError, $fcmsDatabase); $latestVersion = $_SESSION['latestVersion']; if (!$fcmsUpgrade->upgrade()) { // Jacked html, but should work displayHeader(); $fcmsError->displayError(); displayFooter(); return; } if (!$fcmsUpgrade->updateCurrentVersion($latestVersion)) { // Jacked html, but should work displayHeader(); $fcmsError->displayError(); displayFooter(); return; } header('Location: upgrade.php?manual=1'); }
<?php $login = true; require_once 'libe.php'; if (isset($_POST['username']) && isset($_POST['password'])) { /* check username & pw in db */ if ($stmt = $msi->prepare("select contact_id,password,first_name," . "password_reset from contacts where lower(username)=?")) { $stmt->bind_param('s', $msi->real_escape_string(strtolower($_POST['username']))); $stmt->execute(); $stmt->bind_result($user_id, $pwhash, $HelloName, $password_reset); $stmt->fetch(); $stmt->close(); $phpass = new PasswordHash(12, false); if ($phpass->CheckPassword($_POST['password'], $pwhash)) { $_SESSION['user_id'] = $user_id; $_SESSION['HelloName'] = $HelloName; $_SESSION['username'] = $_POST['username']; if (!$password_reset) { header("Location: pwreset.php"); } else { header("Location: index.php"); } exit; } } else { displayFooter($smarty, "Login: unable to create mysql statement object: " . $msi->error); } } /* if we didn't have a good login re-display form */ $smarty->display('login.tpl');
function updateHold($smarty, $msi, $user_id, $contact_id) { $ButtonAction = $_POST['buttonAction']; $transtype = substr($ButtonAction, 0, 3); $err_msg = ''; if ($transtype == 'Add') { switch ($ButtonAction) { case "AddAddress": insertPostAddress($msi, 'A', 'add', $user_id, $contact_id, $err_msg); break; case "AddPhone": insertPostPhone($msi, 'A', 'add', $user_id, $contact_id, $err_msg); break; case "AddEmail": insertPostEmail($msi, 'A', 'add', $user_id, $contact_id, $err_msg); break; } } elseif ($transtype == 'Del') { /* If there is an A=add rec in the hold table, delete it. A=add recs have the data_id changed to negative. If not, add a D=delete rec */ // First, get id of item to delete $uloc = strrpos($ButtonAction, "_"); $data_id = substr($ButtonAction, $uloc + 1); $ButtonAction = substr($ButtonAction, 0, $uloc); if ($data_id < 0) { /* there is a hold_ table A=add rec for this address/phone/email */ switch ($ButtonAction) { case "DeleteAddress": $stmt = $msi->prepare("delete from hold_address " . "where action='A' and hold_id=?"); break; case "DeletePhone": $stmt = $msi->prepare("delete from hold_phone " . "where action='A' and hold_id=?"); break; case "DeleteEmail": $stmt = $msi->prepare("delete from hold_email " . "where action='A' and hold_id=?"); break; } $hold_id = -$data_id; $stmt->bind_param('i', $hold_id); } else { /* This is to delete a rec that was already in the live database */ switch ($ButtonAction) { case "DeleteAddress": $stmt = $msi->prepare("insert into hold_address " . "(action,contact_id,address_id) " . "values ('D',?,?)"); break; case "DeletePhone": $stmt = $msi->prepare("insert into hold_phone " . "(action,contact_id,phone_id) values ('D',?,?)"); break; case "DeleteEmail": $stmt = $msi->prepare("insert into hold_email " . "(action,contact_id,email_id) values ('D',?,?)"); break; } $stmt->bind_param('ii', $contact_id, $data_id); } $stmt->execute(); $stmt->close(); } else { if ($transtype == 'UnD') { /* undelete - delete D rec from hold table */ // First, get id of item to delete -> $data_id $uloc = strrpos($ButtonAction, "_"); $data_id = substr($ButtonAction, $uloc + 1); $ButtonAction = substr($ButtonAction, 0, $uloc); switch ($ButtonAction) { case "UnDeleteAddress": $stmt = $msi->prepare("delete from hold_address " . "where action='D' and address_id=?"); break; case "UnDeletePhone": $stmt = $msi->prepare("delete from hold_phone " . "where action='D' and phone_id=?"); break; case "UnDeleteEmail": $stmt = $msi->prepare("delete from hold_email " . "where action='D' and email_id=?"); break; } $stmt->bind_param('i', $data_id); $stmt->execute(); $stmt->close(); } else { if ($transtype == 'Sav') { // first, UserData /* Delete hold_contact record for this contact_id if there is one. If there are changes in the $_POST data, a new one will be created */ $stmt = $msi->prepare("delete from hold_contact " . "where contact_id=?"); $stmt->bind_param("i", $contact_id); $stmt->execute(); $stmt->close(); $user_data = new UserData($msi, $smarty, $user_id, $contact_id); if (isChange($user_data->ud, 0, "o")) { $stmt = $msi->prepare("insert into hold_contact " . "(contact_id,user_id,title_id,primary_name," . "first_name,middle_name,degree_id,nickname," . "birth_date,gender,username) values " . "(?,?,?,?,?,?,?,?,str_to_date(?,'%m/%d/%Y'),?,?)"); $stmt->bind_param("iiisssissss", $contact_id, $user_id, $_POST["title_id"], $_POST["primary_name"], $_POST["first_name"], $_POST["middle_name"], $_POST["degree_id"], $_POST["nickname"], $_POST["birth_date"], $_POST["gender"], $_SESSION['username']); $stmt->execute(); $stmt->close(); } unset($user_data); $contact_data = new ContactData($msi, $smarty, $user_id, $contact_id); saveContact($msi, $smarty, 'address', $contact_data->ad, $user_id, $contact_id, insertPostAddress); saveContact($msi, $smarty, 'phone', $contact_data->ph, $user_id, $contact_id, insertPostPhone); saveContact($msi, $smarty, 'email', $contact_data->em, $user_id, $contact_id, insertPostEmail); unset($contact_data); } } } displayFooter($smarty, $err_msg); }