function get_edit_announcement_input_form($announcement_r, $HTTP_VARS = NULL)
{
global $PHP_SELF;
$buffer .= "<form action=\"{$PHP_SELF}\" method=\"POST\">";
$buffer .= "\n<input type=\"hidden\" name=\"type\" value=\"announcements\">";
if (is_array($announcement_r)) {
$buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"update\">" . "\n<input type=\"hidden\" name=\"announcement_id\" value=\"" . $announcement_r['announcement_id'] . "\">";
} else {
$buffer .= "\n<input type=\"hidden\" name=\"op\" value=\"insert\">";
}
$buffer .= "<table>";
$buffer .= get_input_field("title", NULL, 'Title', "text(50,500)", "Y", ifempty($announcement_r['title'], $HTTP_VARS['title']), TRUE);
$buffer .= get_input_field("content", NULL, 'Announcement', "htmlarea(60,15)", "Y", ifempty($announcement_r['content'], $HTTP_VARS['content']), TRUE);
$buffer .= get_input_field("display_days", NULL, 'Display Days', "number(10,10)", "Y", ifempty($announcement_r['display_days'], $HTTP_VARS['display_days']), TRUE);
if (is_array($announcement_r)) {
$buffer .= get_input_field("closed_ind", NULL, 'Closed', "checkbox(Y,N)", "N", ifempty($announcement_r['closed_ind'], $HTTP_VARS['closed_ind']), TRUE);
}
$buffer .= "</table>";
$help_r[] = array('img' => 'compulsory.gif', 'text' => get_opendb_lang_var('compulsory_field'), id => 'compulsory');
$help_r[] = array('text' => 'A zero in Display Days indicates the announcment will never expire.');
$help_r[] = array('text' => 'No validation is performed on HTML entered in the Announcement text field.');
$buffer .= format_help_block($help_r);
if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
$onclick_event = "if(!checkForm(this.form)){return false;}else{this.form.submit();}";
} else {
$onclick_event = "this.form.submit();";
}
$buffer .= "<input type=\"button\" class=\"button\" onclick=\"{$onclick_event}\" value=\"Save\">";
$buffer .= "\n</form>";
return $buffer;
}
function get_announcements_block()
{
$buffer = '';
if (is_user_granted_permission(PERM_ADMIN_ANNOUNCEMENTS)) {
// include a login warning if user password and email are still the defaults
if (get_opendb_session_var('user_id') == 'admin') {
$announcements_rs = get_admin_announcements_rs();
while (list(, $announcement_r) = each($announcements_rs)) {
$buffer .= "<li><h4>" . $announcement_r['heading'] . "</h4>\n\t\t\t\t\t<p class=\"content\">" . $announcement_r['message'] . "<a class=\"adminLink\" href=\"" . $announcement_r['link'] . "\">" . $announcement_r['link_text'] . "</a></p>";
}
}
}
if (get_opendb_config_var('welcome.announcements', 'enable') !== FALSE && is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
$results = fetch_announcement_rs('submit_on', 'DESC', 0, get_opendb_config_var('welcome.announcements', 'display_count'), 'Y', 'Y');
if ($results) {
while ($announcement_r = db_fetch_assoc($results)) {
$buffer .= "<li><h4>" . $announcement_r['title'] . "</h4>";
$buffer .= "<small class=\"submitDate\">" . get_localised_timestamp(get_opendb_config_var('welcome.announcements', 'datetime_mask'), $announcement_r['submit_on']) . "</small>";
$buffer .= "<p class=\"content\">" . nl2br($announcement_r['content']) . "</p></li>";
}
db_free_result($results);
}
}
if (strlen($buffer) > 0) {
return "\n<div id=\"announcements\">" . "<h3>" . get_opendb_lang_var('announcements') . "</h3>" . "\n<ul>" . $buffer . "\n</ul></div>";
} else {
return NULL;
}
}
function get_lang_var_days_r($abbrev = FALSE)
{
$suffix = '';
if ($abbrev) {
$suffix = '_abbrev';
}
return array(get_opendb_lang_var('sunday' . $suffix), get_opendb_lang_var('monday' . $suffix), get_opendb_lang_var('tuesday' . $suffix), get_opendb_lang_var('wednesday' . $suffix), get_opendb_lang_var('thursday' . $suffix), get_opendb_lang_var('friday' . $suffix), get_opendb_lang_var('saturday' . $suffix));
}
function getHeading()
{
if (strlen($this->_titlelangvar) > 0) {
return '<h3>' . get_opendb_lang_var($this->_titlelangvar) . '</h3>';
} else {
return NULL;
}
}
function theme_footer($pageid, $user_id)
{
echo "</div>";
if ($pageid != 'install') {
echo "<div id=\"footer\"><a href=\"http://github.com/pellcorp/opendb\">" . get_opendb_lang_var('powered_by_site', 'site', get_opendb_title_and_version()) . "</a></div>";
}
echo "</body></html>";
}
function get_opendb_rss_feeds()
{
$feeds_r = array();
if (is_user_granted_permission(PERM_VIEW_ANNOUNCEMENTS)) {
$feeds_r[] = array(feed => 'announcements', title => get_opendb_lang_var('announcements'));
}
if (is_user_granted_permission(PERM_VIEW_LISTINGS)) {
$feeds_r[] = array(feed => 'new_items', title => get_opendb_lang_var('new_items_added'));
}
return $feeds_r;
}
function get_ilcc_derived_prompt($item_listing_column_conf_r)
{
switch ($item_listing_column_conf_r['column_type']) {
case 's_field_type':
switch ($item_listing_column_conf_r['s_field_type']) {
case 'ITEMTYPE':
return get_opendb_lang_var('type');
case 'ITEM_ID':
$v_attribute_type_r = fetch_attribute_type_r('S_ITEM_ID');
return $v_attribute_type_r['prompt'];
break;
case 'TITLE':
return get_opendb_lang_var('title');
break;
case 'OWNER':
return get_opendb_lang_var('owner');
break;
case 'CATEGORY':
return get_opendb_lang_var('category');
break;
case 'STATUSTYPE':
return get_opendb_lang_var('status');
break;
case 'STATUSCMNT':
return get_opendb_lang_var('status_comment');
break;
case 'RATING':
$v_attribute_type_r = fetch_attribute_type_r('S_RATING');
return $v_attribute_type_r['prompt'];
break;
}
break;
case 'action_links':
return get_opendb_lang_var('action');
break;
case 'borrow_status':
return get_opendb_lang_var('borrow_status');
break;
case 's_attribute_type':
if (strlen($item_listing_column_conf_r['s_attribute_type']) > 0) {
$v_attribute_type_r = fetch_attribute_type_r($item_listing_column_conf_r['s_attribute_type']);
return $v_attribute_type_r['prompt'];
} else {
return NULL;
}
break;
}
//else
return NULL;
}
function validate_review_input($HTTP_VARS, &$errors)
{
$errors = NULL;
if (get_opendb_config_var('item_review', 'comment_compulsory') == TRUE && strlen($HTTP_VARS['comment']) == 0) {
$errors[] = array(error => get_opendb_lang_var('prompt_must_be_specified', 'prompt', get_opendb_lang_var('review')));
}
if (get_opendb_config_var('item_review', 'rating_compulsory') == TRUE && strlen($HTTP_VARS['rating']) == 0) {
$errors[] = array(error => get_opendb_lang_var('prompt_must_be_specified', 'prompt', get_opendb_lang_var('rating')));
}
if (is_array($errors)) {
return FALSE;
} else {
return TRUE;
}
}
function handleImport()
{
$parser = xml_parser_create('ISO-8859-1');
xml_parser_set_option($parser, XML_OPTION_CASE_FOLDING, FALSE);
xml_set_object($parser, $this);
xml_set_element_handler($parser, "__startElement", "__endElement");
xml_set_character_data_handler($parser, "__characterData");
while (($data = $this->fileHandler->readLine()) !== FALSE) {
if (!xml_parse($parser, $data, $this->fileHandler->isEof())) {
$this->_error = get_opendb_lang_var('xml_error', array('xml_error_string' => xml_error_string(xml_get_error_code($parser)), 'xml_error_line' => xml_get_current_line_number($parser)));
return FALSE;
}
}
xml_parser_free($parser);
return TRUE;
}
function getItemsPerPageControl($PHP_SELF, $HTTP_VARS)
{
$buffer = '';
$items_per_page_options_r = get_opendb_config_var('listings', 'items_per_page_options');
if (is_not_empty_array($items_per_page_options_r)) {
$items_per_page_rs = array();
while (list(, $items_per_page) = each($items_per_page_options_r)) {
if ($items_per_page == '0') {
$display = get_opendb_lang_var('all');
} else {
$display = $items_per_page;
}
$items_per_page_rs[] = array('value' => $items_per_page, 'display' => $display);
}
$buffer .= "<form class=\"itemsPerPageControl\" id=\"form-items_per_page\" action=\"" . $PHP_SELF . "\" method=\"GET\">" . get_url_fields($HTTP_VARS) . "<label for=\"select-items_per_page\">" . get_opendb_lang_var('items_per_page') . '</label>' . "<select id=\"select-items_per_page\" name=\"items_per_page\" class=\"footer\" onChange=\"this.form.submit()\">" . custom_select('items_per_page', $items_per_page_rs, '%display%', 'NA', ifempty($HTTP_VARS['items_per_page'], get_opendb_config_var('listings', 'items_per_page')), 'value') . "\n</select></form>";
}
return $buffer;
}
function Listing($PHP_SELF, $HTTP_VARS)
{
$this->_php_self = $PHP_SELF;
$this->_http_vars = $HTTP_VARS;
$this->_mode = $mode;
if (isset($HTTP_VARS['items_per_page'])) {
$this->_items_per_page = $HTTP_VARS['items_per_page'];
} else {
$this->_items_per_page = get_opendb_config_var('listings', 'items_per_page');
}
// initialise these, as they will most likely NOT be initialised via setTotalItems
if (!is_numeric($this->_items_per_page)) {
$this->_page_no = 1;
$this->_start_index = NULL;
}
$this->_current_orderby = $this->_http_vars['order_by'];
$this->_current_sortorder = $this->_http_vars['sortorder'];
// initialise to default.
$this->_no_rows_message = get_opendb_lang_var('no_matches_found');
$this->_titleMaskCfg = new TitleMask('item_listing');
}
echo "<ul class=\"listingControls\">";
if (get_opendb_config_var('listings', 'allow_override_show_item_image') !== FALSE) {
echo "<li>" . getToggleControl($PHP_SELF, $HTTP_VARS, get_opendb_lang_var('show_item_image'), 'show_item_image', ifempty($HTTP_VARS['show_item_image'], get_opendb_config_var('listings', 'show_item_image') == TRUE ? 'Y' : 'N')) . "</li>";
}
echo "<li>" . getItemsPerPageControl($PHP_SELF, $HTTP_VARS) . "</li>";
echo "</ul>";
echo "<p class=\"listingDate\">" . get_opendb_lang_var('listing_generated', 'datetime', get_localised_timestamp(get_opendb_config_var('listings', 'print_listing_datetime_mask'))) . "</p>";
echo format_footer_links($footer_links_r);
echo _theme_footer();
}
//end if($show_listings)
} else {
//no guests allowed!
opendb_not_authorised_page(PERM_USER_BORROWER, $HTTP_VARS);
}
} else {
//borrow functionality disabled.
echo _theme_header(get_opendb_lang_var('borrow_not_supported'));
echo "<p class=\"error\">" . get_opendb_lang_var('borrow_not_supported') . "</p>";
echo _theme_footer();
}
} else {
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
function endItem()
{
if ($this->_is_item_finished !== TRUE) {
if ($this->_item_obj != NULL) {
// instance was not closed, close it now!
if ($this->_is_item_instance) {
$this->_is_item_instance = FALSE;
}
// if not item instance, create one
if (is_empty_array($this->_instance_item_obj_rs)) {
$this->startItemInstance();
$this->endItemInstance();
}
// The item is finished, no more additions are allowed, until the
// startItem method is called again.
$this->_is_item_finished = TRUE;
$item_vars = $this->__getItemHTTPVars($this->_item_obj);
$item_vars['trial_run'] = $this->_cfg_is_trial_run ? 'true' : 'false';
$item_vars['confirmed'] = $this->_cfg_ignore_duplicate_title ? 'true' : 'false';
$item_r = array(s_item_type => $this->_item_obj->getItemType(), owner_id => $this->getOwner(), title => $this->_item_obj->getTitle());
$instance_valid = FALSE;
$errors = array();
$return_val = handle_item_insert($item_r, $item_vars, $errors);
if ($return_val === TRUE) {
// store item id for later use
if ($this->_cfg_is_trial_run !== TRUE && is_numeric($item_r['item_id'])) {
$this->_item_id_list_r[] = $item_r['item_id'];
}
for ($i = 0; $i < count($this->_instance_item_obj_rs); $i++) {
$instanceObj = $this->_instance_item_obj_rs[$i];
// if status type is to be overriden, do it here!
if ($this->_cfg_override_status_type) {
$status_type_r = $this->_cfg_default_status_type_r;
} else {
$status_type_r = fetch_status_type_r($instanceObj->getStatusType());
// if illegal type, then override by default.
if ($status_type_r['closed_ind'] == 'Y') {
$status_type_r = $this->_cfg_default_status_type_r;
}
}
$item_r['owner_id'] = $instanceObj->getOwnerID();
$item_r['s_status_type'] = $status_type_r['s_status_type'];
$instance_vars = $this->__getItemHTTPVars($instanceObj);
// we are missing instance attributes if already set in item
$instance_vars = array_merge($instance_vars, $item_vars);
$return_val = handle_item_instance_insert($item_r, $status_type_r, $item_vars, $errors);
if ($return_val !== FALSE) {
$item_r['instance_no'] = $this->_cfg_is_trial_run ? $i + 1 : $item_r['instance_no'];
//$instanceObj->setInstanceNo($this->_cfg_is_trial_run?$i+1:$item_r['instance_no']);
$this->__listing_item_import_result_row($item_r, $status_type_r, $instance_vars, NULL);
// indicates at least one instance inserted.
$instance_valid = TRUE;
} else {
$item_r['instance_no'] = $this->_cfg_is_trial_run ? $i + 1 : $item_r['instance_no'];
//$instanceObj->setInstanceNo($this->_cfg_is_trial_run?$i+1:$item_r['instance_no']);
$this->__listing_item_import_result_row($item_r, $status_type_r, $instance_vars, $errors);
}
}
} else {
$this->__listing_item_import_result_row($item_r, NULL, $item_vars, $errors);
}
$this->_item_obj = NULL;
// end of parent item.
return TRUE;
} else {
$this->_item_obj = NULL;
$this->addError('endItem', get_opendb_lang_var('undefined_error'));
return FALSE;
}
} else {
// if($this->_is_item_finished !== TRUE)
return FALSE;
}
}
// make sure it ends in html
if (is_exists_language($language) && ends_with($page, ".html") && @file_exists("./help/{$language}/{$page}")) {
return "./help/{$language}/{$page}";
}
// else
return NULL;
}
if (is_site_enabled()) {
if (is_opendb_valid_session() || is_site_public_access()) {
echo _theme_header(get_opendb_lang_var('help'), FALSE);
if (($page_location = validate_opendb_lang_help_page_url($HTTP_VARS['page'])) != NULL) {
$page_title = get_opendb_lang_var('site_help', 'site', get_opendb_config_var('site', 'title'));
echo "<h2>" . $page_title . "</h2>";
// TODO: Add support for topic and subtopic
include $page_location;
} else {
echo _theme_header(get_opendb_lang_var('no_help_available'), FALSE);
echo "<p class=\"error\">" . get_opendb_lang_var('no_help_available') . "</p>";
}
echo _theme_footer();
} else {
//not a valid session.
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
} else {
echo "\n<h3>New Attribute type</h3>";
$save_op = 'insert';
$save_button = 'Insert';
}
if (is_not_empty_array($errors)) {
echo format_error_block($errors);
}
echo "\n<form name=\"s_attribute_type\" action=\"{$PHP_SELF}\" method=\"POST\">";
echo "\n<input type=\"hidden\" name=\"type\" value=\"" . $HTTP_VARS['type'] . "\">";
echo "\n<input type=\"hidden\" name=\"op\" value=\"{$save_op}\">";
echo "\n<input type=\"hidden\" name=\"active_tab\" value=\"" . $HTTP_VARS['active_tab'] . "\">";
echo "\n<table>";
display_edit_form($attribute_type_r, $HTTP_VARS);
echo "\n</table>";
echo format_help_block(array('img' => 'compulsory.gif', 'text' => get_opendb_lang_var('compulsory_field'), id => 'compulsory'));
if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
echo "\n<input type=\"button\" class=\"button\" value=\"{$save_button}\" onclick=\"if(!checkForm(this.form)){return false;}else{this.form.submit();}\">";
} else {
echo "\n<input type=\"button\" class=\"button\" value=\"{$save_button}\" onclick=\"this.form.submit();\">";
}
echo "\n</form>";
} else {
if ($HTTP_VARS['op'] == 'edit-lookups') {
// ################################################################
// Do for both 'update' and 'edit'
// ################################################################
echo "<p>[<a href=\"{$PHP_SELF}?type={$ADMIN_TYPE}&active_tab=" . $HTTP_VARS['active_tab'] . "\">Back to Main</a>]</p>";
echo "<script language=\"JavaScript1.2\">\n\t\tfunction toggleChecked(element, name)\n\t\t{\n\t\t\tvar form = element.form;\n\n\t\t\t// then we have to uncheck everything else.\n\t\t\tfor (var i=0; i < form.length; i++)\n\t\t\t{\n\t\t if (form.elements[i].type.toLowerCase() == 'checkbox' && form.elements[i].name.substring(0, name.length+1) == name+'[')\n\t\t\t\t{\n\t\t\t\t\tif(element.checked && form.elements[i].name != element.name)\n\t\t form.elements[i].checked = false;\n\t\t\t\t}\n\t\t\t}\n\t\t}</script>";
echo "\n<h3>Edit " . $HTTP_VARS['s_attribute_type'] . " Attribute Type Lookups</h3>";
if (is_not_empty_array($errors)) {
/**
@param $item_r where provided will give the item_id / instance_no, where not provided is safe to assume that this
is a new item insert field and this information is not relevant.
*/
function url($name, $item_r, $item_attribute_type_r, $prompt, $length, $maxlength, $content_groups, $value, $onchange_event, $disabled = FALSE, $multi_value = FALSE)
{
// Default size.
$size = $length;
if (!is_numeric($size) || $size <= 0) {
$size = 50;
}
if (get_opendb_config_var('widgets', 'enable_javascript_validation') !== FALSE) {
if (strlen(trim($content_groups)) > 0) {
// might be an array of content groups
$content_group_r = prc_args($content_groups);
$extensions_r = fetch_file_type_extensions_r($content_group_r);
if (is_not_empty_array($extensions_r)) {
$extensions = implode(', ', $extensions_r);
} else {
// else just list of extensions otherwise
$extensions = $content_groups;
$extensions_r = $content_group_r;
}
$url_is_not_valid_message = addslashes(get_opendb_lang_var('url_is_not_valid', array('prompt' => $prompt, 'extensions' => $extensions)));
$onchange = "onchange=\"if(!isValidExtension(this.value, " . encode_javascript_array($extensions_r) . ")){alert('" . $url_is_not_valid_message . "'); this.focus(); return false;} {$onchange_event} return true;\"";
}
} else {
$onchange = "onchange=\"{$onchange_event}\"";
}
if ($item_attribute_type_r['file_attribute_ind'] == 'Y') {
$field .= "\n<ul class=\"urlOptionsMenu\" id=\"{$name}-tab-menu\" class=\"file-upload-menu\">";
$field .= "<li id=\"menu-{$name}_saveurl\" class=\"activeTab\" onclick=\"return activateTab('{$name}_saveurl', '{$name}-tab-menu', '{$name}-tab-content', 'activeTab', 'fieldContent');\">URL</li>";
if (is_file_upload_enabled()) {
$field .= "<li id=\"menu-{$name}_upload\" onclick=\"return activateTab('{$name}_upload', '{$name}-tab-menu', '{$name}-tab-content', 'activeTab', 'fieldContent');\">Upload File</li>";
}
$field .= "</ul>";
$field .= "<div class=\"urlOptionsContainer\" id=\"{$name}-tab-content\">";
$field .= "\n<div class=\"fieldContent\" id=\"{$name}_saveurl\">";
$field .= "<input type=\"text\" class=\"text\" name=\"{$name}\" value=\"{$value}\" {$onchange} size=\"" . $length . "\" " . (is_numeric($maxlength) ? "maxlength=\"" . $maxlength . "\"" : "") . ">";
$field .= "<input type=\"button\" class=\"button\" onclick=\"if(this.form['{$name}'].value.length>0){popup(this.form['{$name}'].value,'400','300');}else{alert('" . get_opendb_lang_var('prompt_must_be_specified', 'prompt', $prompt) . "');}\" value=\"" . get_opendb_lang_var('view') . "\"" . ($disabled ? ' DISABLED' : '') . ">";
$field .= "</div>";
if (is_file_upload_enabled()) {
$field .= "<div class=\"fieldContentHidden\" id=\"{$name}_upload\">";
$field .= "<input type=\"file\" class=\"file\" name=\"{$name}_upload\" {$onchange} size=\"" . $size . "\"" . ($disabled ? ' DISABLED' : '') . ">";
$field .= "</div>";
}
$field .= '</div>';
} else {
if ($multi_value) {
return multivalue_text_field('text', $name, $size, $maxlength, $onchange, $value);
} else {
return singlevalue_text_field('text', $name, $size, $maxlength, $onchange, $value, $disabled);
}
}
return $field;
}
function validate_borrower_id($borrower_id, &$errors)
{
if (strlen($borrower_id) > 0) {
if (!is_user_active($borrower_id)) {
$errors[] = get_opendb_lang_var('invalid_borrower_user', 'user_id', $HTTP_VARS['borrower_id']);
return FALSE;
} else {
if (!is_user_granted_permission(PERM_USER_BORROWER, $borrower_id)) {
$errors[] = get_opendb_lang_var('user_must_be_borrower', 'user_id', $HTTP_VARS['borrower_id']);
return FALSE;
} else {
return TRUE;
}
}
} else {
return FALSE;
}
}
function render_secret_image_form_field()
{
$random_num = get_secret_image_random_num();
$buffer .= "\n<input type=\"hidden\" name=\"gfx_random_number\" value=\"{$random_num}\">";
$buffer .= "<p class=\"verifyCode\"><label for=\"gfx_code_check\">" . get_opendb_lang_var('verify_code') . "</label>" . "<img width=\"120\" height=\"25\" src=\"secretimage.php?op=gfx_code_check&gfx_random_number={$random_num}\">" . "<input type=\"text\" class=\"text\" id=\"gfx_code_check\" name=\"gfx_code_check\" size=\"15\" maxlength=\"6\"></p>";
return $buffer;
}
require_once "./include/begin.inc.php";
include_once "./lib/JsonRpcServer.class.php";
// TODO - enable a plugin layer
include_once "./lib/jsonrpc/ItemSearch.class.php";
function request_http_basic_auth()
{
header('WWW-Authenticate: Basic realm="' . htmlspecialchars(get_opendb_title()) . '"');
header('HTTP/1.0 401 Unauthorized');
}
if (is_site_enabled()) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
request_http_basic_auth();
} else {
$userId = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if (is_user_active($userId) && validate_user_passwd($userId, $password)) {
$server = new JsonRpcServer();
// TODO - currently no role based permissions are being performed for these services.
$server->registerClass(new ItemSearch());
$server->handle();
} else {
request_http_basic_auth();
}
}
} else {
header('HTTP/1.0 503 Service Unavailable');
echo "<h1>" . get_opendb_lang_var('site_is_disabled') . "</h1>";
echo get_opendb_lang_var('site_is_disabled');
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
function send_email_to_userids($user_id_rs, $from_userid, $subject, $message, &$errors)
{
if (strlen($subject) == 0) {
$errors[] = get_opendb_lang_var('invalid_subject');
return FALSE;
}
reset($user_id_rs);
while (list(, $user_id) = each($user_id_rs)) {
$touser_r = fetch_user_r($user_id);
if (is_not_empty_array($touser_r)) {
if (opendb_user_email($touser_r['user_id'], $from_userid, $subject, $message, $errors)) {
$success[] = $touser_r['fullname'] . " (" . $user_id . ")";
} else {
$failures[] = array(user => $touser_r['fullname'] . " (" . $user_id . ")", error => $errors);
}
$errors = NULL;
}
}
if (is_not_empty_array($success)) {
echo "<p class=\"success\">" . get_opendb_lang_var('message_sent_to') . ": <ul>";
while (list(, $touser) = each($success)) {
echo "<li class=\"smsuccess\">" . $touser . "</li>";
}
echo "</ul></p>";
}
if (is_not_empty_array($failures)) {
echo "<p class=\"error\">" . get_opendb_lang_var('message_not_sent_to') . ": <ul>";
while (list(, $failure_r) = each($failures)) {
echo "<li class=\\smerror\">" . $failure_r['user'] . format_error_block($failure_r['error']) . "</li>";
}
echo "</ul></p>";
}
return TRUE;
}
function perform_newpassword($HTTP_VARS, &$errors)
{
if (!is_user_valid($HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not exist', array($HTTP_VARS['uid']));
// make user look successful to prevent mining for valid userids
return TRUE;
} else {
if (!is_user_active($HTTP_VARS['uid'])) {
// Do not allow new password operation for 'deactivated' user.
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User is not active', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (!is_user_granted_permission(PERM_CHANGE_PASSWORD, $HTTP_VARS['uid'])) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: User does not have permission to change password', array($HTTP_VARS['uid']));
return FALSE;
} else {
if (get_opendb_config_var('user_admin', 'user_passwd_change_allowed') === FALSE && !is_user_granted_permission(PERM_ADMIN_CHANGE_PASSWORD)) {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'New password request failure: Password change is disabled', array($HTTP_VARS['uid']));
return FALSE;
} else {
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User requested to be emailed a new password', array($HTTP_VARS['uid']));
$user_r = fetch_user_r($HTTP_VARS['uid']);
$user_passwd = generate_password(8);
// only send if valid user (email)
if (strlen($user_r['email_addr']) > 0) {
$pass_result = update_user_passwd($HTTP_VARS['uid'], $user_passwd);
if ($pass_result === TRUE) {
$subject = get_opendb_lang_var('lost_password');
$message = get_opendb_lang_var('to_user_email_intro', 'fullname', $user_r['fullname']) . "\n\n" . get_opendb_lang_var('new_passwd_email') . "\n\n" . get_opendb_lang_var('userid') . ": " . $HTTP_VARS['uid'] . "\n" . get_opendb_lang_var('password') . ": " . $user_passwd;
if (opendb_user_email($user_r['user_id'], NULL, $subject, $message, $errors)) {
return TRUE;
} else {
return "EMAIL_NOT_SENT";
}
}
} else {
$errors[] = "User '" . $HTTP_VARS['uid'] . "' does not have a valid email address.";
return FALSE;
}
}
}
}
}
}
function get_op_confirm_form($PHP_SELF, $confirm_message, $HTTP_VARS)
{
$formContents = "\n<form class=\"confirmForm\" action=\"{$PHP_SELF}\" method=\"POST\">";
$formContents .= "<p>" . $confirm_message . "</p>" . get_url_fields($HTTP_VARS, NULL, array('confirmed')) . "<fieldset>" . "<label for=\"confirm_yes\">" . get_opendb_lang_var('yes') . "</label>" . "<input type=\"radio\" class=\"radio\" name=\"confirmed\" id=\"confirm_yes\" value=\"true\">" . "<label for=\"confirm_no\">" . get_opendb_lang_var('no') . "</label>" . "<input type=\"radio\" class=\"radio\" name=\"confirmed\" id=\"confirm_no\" value=\"false\" CHECKED>" . "</fieldset>" . "<input type=\"submit\" class=\"submit\" value=\"" . get_opendb_lang_var('submit') . "\">" . "</form>\n";
return $formContents;
}
/**
* Email to be sent from one OpenDb user to another
*
* @from_userid can be null, and in this case, the from address will be the configured no-reply address for
* the psuedo administrator.
*/
function opendb_user_email($to_userid, $from_userid, $subject, $message, &$errors, $append_site_to_subject = TRUE)
{
$to_userid = trim($to_userid);
if (is_user_permitted_to_receive_email($to_userid)) {
$to_user_r = fetch_user_r($to_userid);
$to_email_addr = trim($to_user_r['email_addr']);
$to_name = trim($to_user_r['fullname']);
$from_userid = trim($from_userid);
if (is_user_valid($from_userid)) {
$from_user_r = fetch_user_r($from_userid);
$from_email_addr = trim($from_user_r['email_addr']);
$from_name = trim($from_user_r['fullname']);
} else {
if (strlen($from_userid) == 0) {
$from_email_addr = trim(get_opendb_config_var('email', 'noreply_address'));
$from_name = trim(get_opendb_lang_var('noreply'));
} else {
//if(is_valid_email_addr($from_userid))
$from_email_addr = $from_userid;
}
}
if (!is_valid_email_addr($to_email_addr)) {
$errors[] = get_opendb_lang_var('invalid_to_address');
return FALSE;
}
if (!is_valid_email_addr($from_email_addr)) {
$errors[] = get_opendb_lang_var('invalid_from_address');
return FALSE;
}
$subject = trim(stripslashes($subject));
if (strlen($subject) == 0) {
$errors[] = get_opendb_lang_var('invalid_subject');
return FALSE;
}
if ($append_site_to_subject) {
$subject .= " [" . get_opendb_config_var('site', 'title') . "]";
}
$message = trim(stripslashes($message));
$message .= get_email_footer();
if (sendEmail($to_email_addr, $to_name, $from_email_addr, $from_name, $subject, $message, $errors)) {
// insert email function will set this to NULL if from user provided!
insert_email($to_userid, $from_userid != $from_email_addr ? $from_userid : NULL, $from_email_addr, $subject, $message);
return TRUE;
}
}
//else
return FALSE;
}
if ($files_deleted > 0) {
$success[] = 'Deleted ' . $files_deleted . ' cache files';
}
$HTTP_VARS['op'] = '';
}
}
if (strlen($HTTP_VARS['op']) == 0) {
if (is_not_empty_array($success)) {
echo format_error_block($success, 'information');
}
echo "<p>[<a href=\"admin.php?type={$ADMIN_TYPE}&op=flushexpired\">Delete expired cache entries</a>] " . "[<a href=\"admin.php?type={$ADMIN_TYPE}&op=flush\">Delete all cache entries</a>]</p>";
if (strlen($HTTP_VARS['order_by']) == 0) {
$HTTP_VARS['order_by'] = 'cache_date';
}
$listingObject = new HTML_Listing($PHP_SELF, $HTTP_VARS);
$listingObject->setNoRowsMessage(get_opendb_lang_var('no_items_found'));
$listingObject->startListing();
$listingObject->addHeaderColumn('URL', 'url');
$listingObject->addHeaderColumn('Cached', 'cache_date');
$listingObject->addHeaderColumn('Expires', 'expire_date');
if (is_numeric($listingObject->getItemsPerPage())) {
$listingObject->setTotalItems(fetch_file_cache_cnt($HTTP_VARS['cache_type']));
}
$results = fetch_file_cache_rs($HTTP_VARS['cache_type'], $listingObject->getCurrentOrderBy(), $listingObject->getCurrentSortOrder(), $listingObject->getStartIndex(), $listingObject->getItemsPerPage());
if ($results) {
while ($file_cache_r = db_fetch_assoc($results)) {
$listingObject->startRow();
if (file_cache_get_cache_file($file_cache_r)) {
$popupUrl = "url.php?id=" . $file_cache_r['sequence_number'];
$listingObject->addColumn("<a href=\"" . $file_cache_r['url'] . "\" onclick=\"popup('{$popupUrl}'); return false;\" target=\"_new\">" . get_overflow_tooltip_column($file_cache_r['url'], 100) . "</a>");
} else {
}
db_free_result($addr_results);
}
if (is_valid_opendb_mailer() && strlen($user_r['email_addr']) > 0 && is_user_granted_permission(PERM_SEND_EMAIL) && is_user_permitted_to_receive_email($user_r['user_id'])) {
$url = 'email.php?' . get_url_string(array('op' => 'send_to_uid', 'uid' => $user_r['user_id'], 'inc_menu' => 'N', 'subject' => ifempty($HTTP_VARS['subject'], get_opendb_lang_var('no_subject'))));
$footer_links_r[] = array(url => $url, target => 'popup(640,480)', text => get_opendb_lang_var('send_email'));
}
if (is_user_granted_permission(PERM_VIEW_LISTINGS) && $user_r['active_ind'] == 'Y') {
$footer_links_r[] = array(url => "listings.php?owner_id=" . $user_r['user_id'], text => get_opendb_lang_var('list_user_items'));
}
if (is_user_granted_permission(PERM_ADMIN_USER_LISTING) && is_opendb_session_var('user_listing_url_vars')) {
$footer_links_r[] = array(url => "user_listing.php?" . get_url_string(get_opendb_session_var('user_listing_url_vars')), text => get_opendb_lang_var('back_to_user_listing'));
}
echo format_footer_links($footer_links_r);
} else {
$message = get_opendb_lang_var('user_not_found', array('user_id' => $user_r['user_id']));
echo _theme_header($message);
echo "<p class=\"error\">" . $message . "</p>";
echo _theme_footer();
}
} else {
opendb_not_authorised_page(PERM_VIEW_USER_PROFILE, $HTTP_VARS);
}
} else {
// invalid login, so login instead.
redirect_login($PHP_SELF, $HTTP_VARS);
}
} else {
//if(is_site_enabled())
opendb_site_disabled();
}
function handle_item_relation_delete($item_r, $status_type_r, $HTTP_VARS, &$errors)
{
if ($item_r['owner_id'] != get_opendb_session_var('user_id') && !is_user_granted_permission(PERM_ITEM_ADMIN)) {
$errors = array('error' => get_opendb_lang_var('cannot_delete_relation_item_not_owned'), 'detail' => '');
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User to delete item relationship they do not own', $item_r);
return FALSE;
}
if ($HTTP_VARS['confirmed'] == 'true') {
delete_related_item_instance_relationship($item_r['item_id'], $item_r['instance_no'], $HTTP_VARS['parent_item_id'], $HTTP_VARS['parent_instance_no']);
} else {
if ($HTTP_VARS['confirmed'] != 'false') {
return "__CONFIRM__";
} else {
// confirmation required.
return "__ABORTED__";
}
}
}
function is_newinstance_status_type_valid($item_id, $owner_id, $new_status_type_r, &$errors)
{
if ($new_status_type_r['closed_ind'] != 'Y') {
if ((get_opendb_config_var('item_input', 'item_instance_support') !== FALSE || !is_exists_item_instance($item_id)) && (get_opendb_config_var('item_input', 'new_instance_owner_only') !== TRUE || is_user_owner_of_item($item_id, NULL, $owner_id))) {
return TRUE;
} else {
$errors = array('error' => get_opendb_lang_var('operation_not_avail_new_instance'), 'detail' => '');
return FALSE;
}
} else {
$errors = array('error' => get_opendb_lang_var('s_status_type_not_supported', 's_status_type_desc', $new_status_type_r['description']), 'detail' => '');
return FALSE;
}
}
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
// This must be first - includes config.php
require_once "./include/begin.inc.php";
if ($_OpendbBrowserSniffer->isBrowserSupported()) {
$pageTitle = get_opendb_lang_var('browser_supported');
} else {
$pageTitle = get_opendb_lang_var('browser_not_supported');
}
echo _theme_header($pageTitle, FALSE);
echo "<h1>" . $pageTitle . "</h1>";
if (!$_OpendbBrowserSniffer->isBrowserSupported()) {
echo "<p class=\"error\">" . get_opendb_lang_var('browser_not_supported_text') . "</p>";
$supportedBrowsers = array(array('url' => 'http://www.mozilla.com/firefox/', 'icon' => 'firefox.jpg'), array('url' => 'http://www.microsoft.com/windows/products/winfamily/ie/default.mspx', 'icon' => 'icon_ie7.gif'), array('url' => 'http://www.apple.com/safari/', 'icon' => 'safari.png'));
echo "<ul class=\"browsers\">";
while (list(, $browser_r) = each($supportedBrowsers)) {
if (file_exists('./images/browsers/' . $browser_r['icon'])) {
$browser_r['icon'] = './images/browsers/' . $browser_r['icon'];
} else {
$browser_r['icon'] = NULL;
}
echo "<li><a href=\"" . $browser_r['url'] . "\" title=\"" . $browser_r['name'] . "\"><img src=\"" . $browser_r['icon'] . "\"></a></li>";
}
echo "</ul>";
}
echo _theme_footer();
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
function send_signup_info_to_admin($HTTP_VARS, &$errors)
{
global $PHP_SELF;
$role_r = fetch_role_r($HTTP_VARS['user_role']);
$user_info_lines = get_opendb_lang_var('userid') . ": " . $HTTP_VARS['user_id'] . "\n" . get_opendb_lang_var('fullname') . ": " . $HTTP_VARS['fullname'] . "\n" . get_opendb_lang_var('user_role') . ": " . $role_r['description'] . "\n" . get_opendb_lang_var('user_theme') . ": " . $HTTP_VARS['uid_theme'] . "\n" . get_opendb_lang_var('email') . ": " . $HTTP_VARS['email_addr'];
$addr_results = fetch_address_type_rs(TRUE);
if ($addr_results) {
while ($address_type_r = db_fetch_assoc($addr_results)) {
$address_type = strtolower($address_type_r['s_address_type']);
$attr_results = fetch_address_type_attribute_type_rs($address_type_r['s_address_type'], 'update', TRUE);
if ($attr_results) {
while ($addr_attribute_type_r = db_fetch_assoc($attr_results)) {
$fieldname = get_field_name($addr_attribute_type_r['s_attribute_type'], $addr_attribute_type_r['order_no']);
// may have to change this if statement, if fieldname will contain array, instead of scalar value
if (is_not_empty_array($HTTP_VARS[$address_type][$fieldname]) || !is_array($HTTP_VARS[$address_type][$fieldname]) && strlen($HTTP_VARS[$address_type][$fieldname]) > 0) {
if (is_not_empty_array($HTTP_VARS[$address_type][$fieldname])) {
$value = '';
for ($i = 0; $i < count($HTTP_VARS[$address_type][$fieldname]); $i++) {
if (strlen($value) > 0) {
$value .= ',';
}
$value .= $HTTP_VARS[$address_type][$fieldname][$i];
}
} else {
$value = $HTTP_VARS[$address_type][$fieldname];
}
$user_info_lines .= "\n" . $addr_attribute_type_r['prompt'] . ": " . $value;
}
}
db_free_result($attr_results);
}
//if($attr_results)
}
db_free_result($addr_results);
}
//if($addr_results)
$activate_url = get_site_url() . 'user_admin.php?op=activate&user_id=' . $HTTP_VARS['user_id'];
$delete_url = get_site_url() . 'user_admin.php?op=delete&user_id=' . $HTTP_VARS['user_id'];
$message = get_opendb_lang_var('new_account_email', array('admin_name' => get_opendb_lang_var('site_administrator', 'site', get_opendb_config_var('site', 'title')), 'user_info' => $user_info_lines, 'site' => get_opendb_config_var('site', 'title'), 'activate_url' => $activate_url, 'delete_url' => $delete_url));
return send_email_to_site_admins(PERM_ADMIN_CREATE_USER, $HTTP_VARS['email_addr'], get_opendb_lang_var('new_account'), $message, $errors);
}
function ajax_remove_all_interest_level()
{
$user_id = get_opendb_session_var('user_id');
$objResponse = new xajaxResponse();
if (db_remove_all_interest_level($user_id)) {
// We update all the images
$objResponse->call(doRemoveInterestAllInterestLevel, theme_image_src('interest_0.gif'), get_opendb_lang_var('interest_mark'));
}
return $objResponse;
}