function group_name()
{
global $db_link;
global $lang;
// OBTAIN NAME OF GROUP IN DISPLAYED LIST
// Force $this->group_id to an integer equal to 0 or greater
$this->group_id = intval($this->group_id);
if ($this->group_id <= 0) {
$this->group_id = 0;
}
// group_id = 0 --> "All Entries"
if ($this->group_id == 0) {
$this->group_name = $lang['GROUP_ALL_LABEL'];
} elseif ($this->group_id == 1) {
$this->group_name = $lang['GROUP_UNGROUPED_LABEL'];
} elseif ($this->group_id == 2) {
// Admin check
if ($_SESSION['usertype'] != "admin") {
reportScriptError("URL tampering detected.");
exit;
}
$this->group_name = $lang['GROUP_HIDDEN_LABEL'];
// "Hidden Entries"
} else {
$tbl_grouplist = mysql_fetch_array(mysql_query("SELECT * FROM " . TABLE_GROUPLIST . " AS grouplist WHERE groupid={$this->group_id}", $db_link));
$this->group_name = $tbl_grouplist['groupname'];
// Reassign to "All Entries" if given a groupid that doesn't exist
if ($this->group_name == "") {
$this->group_id = 0;
$this->group_name = "All Entries";
}
}
// Return value
return $this->group_name;
}
function openDatabase($db_hostname, $db_username, $db_password, $db_name)
{
session_start();
// Default to local host if a hostname is not provided
if (!$db_hostname) {
$db_hostname = "localhost";
}
// Opens connection to MySQL server
$db_link = @mysql_connect($db_hostname, $db_username, $db_password) or die(reportScriptError("<B>An error occurred while trying to connect to the MySQL server.</B> MySQL returned the following error information: " . mysql_error() . " (error #" . mysql_errno() . ")"));
// Retrieves the database.
$db_get = mysql_select_db($db_name, $db_link) or die(reportScriptError("<B>Unable to locate the database.</B> Please double check <I>config.php</I> to make sure the <I>\$db_name</I> variable is set correctly."));
// Return the connection
return $db_link;
}
*
*************************************************************/
// ** GET CONFIGURATION DATA **
require_once 'constants.inc';
require_once FILE_FUNCTIONS;
require_once FILE_CLASS_OPTIONS;
session_start();
$username = $_SESSION['username'];
//echo $username;
// ** OPEN CONNECTION TO THE DATABASE **
$db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name);
// ** CHECK FOR LOGIN **
checkForLogin();
// RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE
$options = new Options();
$options = mysql_fetch_array(mysql_query("SELECT displayAsPopup FROM " . TABLE_OPTIONS . " LIMIT 1", $db_link)) or die(reportScriptError("Unable to retrieve options."));
$options->displayAsPopup = $options['displayAsPopup'];
// PHP code is placed BEFORE sending any HTML information because we want the script to
// stop processing and send another file instead if a single entry is found.
// Because we don't rely on the browser to redirect, this allows pressing 'back' on the
// browser to take us back to the list, and not keep forwarding.
// See if search terms have been passed to this page.
$goTo = $_POST['goTo'];
if (!$goTo and !$search) {
echo "<P>" . $lang['SEARCH_TERMS'];
exit;
}
// goTo functionality
// Search does not work so we'll make it do the same thing as goTo for now.
if ($search) {
$goTo = $search;
$feedback .= ' There was a problem updating your e-mail address. ';
// This used to double check for incorrect username and password, but these
// are things that should already hopefully be taken care of in a login screen.
// However, entering the same e-mail address as before will also cause
// mysql_affected_rows to equal 0, so the error message has changed.
} else {
$mail = new PHPMailer();
$mail->SetLanguage(LANGUAGE_CODE, "lib/phpmailer/language/");
$mail->From = 'noreply@' . $_SERVER['SERVER_NAME'];
$mail->FromName = 'noreply@' . $_SERVER['SERVER_NAME'];
$message = $lang['SALUTATION'] . " {$username},\n" . $lang['EMAIL_CHANGE'] . "\n\n http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . "/register.php?mode=confirm&hash={$hash}&email={$new_email}";
$mail->Subject = $lang[TAB] . ' - ' . $lang['EMAIL_CHANGE_SUBJ'];
$mail->Body = $message;
$mail->AddAddress($new_email);
if (!$mail->Send()) {
reportScriptError($lang['ERR_MAIL_NOT_SENT'] . $mail->ErrorInfo);
} else {
$actionMsg = $lang['MSG_EMAIL_CHANGED'];
}
}
} else {
$actionMsg .= $lang['ERR_USER_EMAIL_INVALID'];
}
break;
case "addinfo":
//$nnuser = $_POST['nnnuser'];
$nuser = $_POST['nnnuser'];
$newuserDepartment = $_POST['newuserDepartment'];
$newuserBatch = $_POST['newuserBatch'];
$newuserDesignation = $_POST['newuserDesignation'];
$sqlu = "UPDATE " . TABLE_USERS . " SET department='" . $newuserDepartment . "', batch='" . $newuserBatch . "', designation = '" . $newuserDesignation . "' WHERE username = '******'";
$contact_nickname = stripslashes($tbl_contact['nickname']);
$contact_pictureURL = stripslashes($tbl_contact['pictureURL']);
$contact_notes = stripslashes($tbl_contact['notes']);
$contact_lastUpdate = stripslashes($tbl_lastUpdate['lastUpdate']);
$contact_hidden = $tbl_contact['hidden'];
$contact_whoAdded = stripslashes($tbl_contact['whoAdded']);
// BIRTHDAY... if field is empty, make it equal to "0000-00-00"
if (!$contact_birthday) {
$contact_birthday = "0000-00-00";
}
// Check to see if the person who got to this edit record is the person whoAdded it.
// Without this code, someone could click on a record they are allowed to edit, then change the id in the URL to any other.
if ($contact_whoAdded != $_SESSION['username'] and $_SESSION['usertype'] != 'admin' and $mode != 'new' or $_SESSION['usertype'] == 'guest') {
$_SESSION = array();
session_destroy();
reportScriptError("URL tampering detected. You have been logged out.");
}
}
// BEGIN OUTPUT BUFFER
ob_start("callback");
?>
<HTML>
<HEAD>
<TITLE><?php
echo $lang['TITLE_TAB'] . " ";
if ($mode == 'new') {
echo $lang['EDIT_TITLE_ADD'];
} else {
echo $lang['EDIT_TITLE_EDIT'] . " {$contact_firstname} {$contact_lastname}\n";
}
?>
*************************************************************/
// ** GET CONFIGURATION DATA **
require_once 'constants.inc';
require_once FILE_FUNCTIONS;
// ** OPEN CONNECTION TO THE DATABASE **
$db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name);
// ** CHECK FOR LOGIN **
checkForLogin("admin");
// ** PERFORM USER UPDATE TASKS **
$actionMsg = "";
switch ($_GET['action']) {
// EDIT A GROUP
case "edit":
// CHECK FOR GROUP ID
if (!$_GET['id']) {
reportScriptError("<B>No group provided for this action.</B>");
exit;
}
// DETERMINE THE GROUP TO DISPLAY
$group_id = $_GET['id'];
// OBTAIN GROUP NAME
if ($group_id <= 1 || !$group_id) {
$group_name = "All Entries";
} elseif ($group_id == 2) {
$group_name = "Ungrouped Entries";
} else {
$r_grouplist = mysql_query("SELECT * FROM " . TABLE_GROUPLIST . " AS grouplist WHERE groupid={$group_id}", $db_link);
$tbl_grouplist = mysql_fetch_array($r_grouplist);
$group_name = $tbl_grouplist["groupname"];
// Reassign to "All Entries" if given a groupid that doesn't exist
if ($group_name == "") {
function optimizeTable($table)
{
global $db_link;
mysql_query("OPTIMIZE TABLE {$table}", $db_link) or die(reportScriptError("<B>There was a problem optimizing table {$table}.</B>"));
// end function
}
function set_user()
{
// This function overrides admin-specified options with user options.
// Call this function if you need to restore the user settings after resetting
// to global settings.
// Note: If you do not call this function, you can still obtain the user settings
// directly using the $this->user_options variable.
global $db_link;
$this->user_options = mysql_fetch_array(mysql_query("SELECT * FROM " . TABLE_USERS . " WHERE username='******'username'] . "' LIMIT 1", $db_link)) or die(reportScriptError("Unable to retrieve user options."));
if (!is_null($this->user_options['bdayInterval'])) {
$this->bdayInterval = $this->user_options['bdayInterval'];
}
if (!is_null($this->user_options['bdayDisplay'])) {
$this->bdayDisplay = $this->user_options['bdayDisplay'];
}
if (!is_null($this->user_options['displayAsPopup'])) {
$this->displayAsPopup = $this->user_options['displayAsPopup'];
}
if (!is_null($this->user_options['useMailScript'])) {
$this->useMailScript = $this->user_options['useMailScript'];
}
if (!is_null($this->user_options['language'])) {
$this->language = $this->load_lang($this->user_options['language']);
}
if (!is_null($this->user_options['defaultLetter'])) {
$this->defaultLetter = $this->user_options['defaultLetter'];
}
if (!is_null($this->user_options['limitEntries'])) {
$this->limitEntries = $this->user_options['limitEntries'];
}
}
* Upload pictures for entries.
*
*************************************************************/
// ** GET CONFIGURATION DATA **
require_once 'constants.inc';
require_once FILE_FUNCTIONS;
require_once FILE_CLASS_OPTIONS;
// ** OPEN CONNECTION TO THE DATABASE **
$db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name);
// ** CHECK FOR LOGIN **
checkForLogin("admin", "user");
// ** RETRIEVE OPTIONS THAT PERTAIN TO THIS PAGE **
$options = new Options();
// ** DENY ACCESS IF UPLOAD IS NOT ALLOWED
if ($options->picAllowUpload != 1 && $_SESSION['usertype'] != "admin") {
reportScriptError("File uploading has been turned off in this installation.");
exit;
}
// ** BEGIN
require FILE_LIB_UPLOAD;
#--------------------------------#
# Variables
#--------------------------------#
// The name of the file field in your form.
$upload_file_name = "userfile";
$path = "mugshots/";
// ACCEPT mode - if you only want to accept
// a certain type of file.
// possible file types that PHP recognizes includes:
//
// OPTIONS INCLUDE:
