function drawDeleteLink($prompt = "Are you sure?", $id = false, $action = "delete", $index = "id") { global $_GET; if (!$id && isset($_GET[$index])) { $id = $_GET[$index]; } $prompt = "'" . str_replace("'", '"', $prompt) . "'"; return "javascript:url_prompt('" . url_query_add(array("action" => $action, $index => $id), false) . "', " . $prompt . ");"; }
function url_action_add($action = false, $go = false) { return url_query_add(array("action" => $action), $go); }
<th class='delete'></th> </tr> </thead> <tbody> <?php $intranet_offices = db_query('SELECT id, name, address FROM intranet_offices ORDER BY precedence'); if ($max = db_found($intranet_offices)) { while ($l = db_fetch($intranet_offices)) { ?> <tr id='<?php echo $l['id']; ?> '> <td class='reorder'><i class='glyphicon glyphicon-menu-hamburger'></i></td> <td><a href="<?php echo url_query_add(array('id' => $l['id']), false); ?> "><?php echo $l['name']; ?> </a></td> <td><?php echo nl2br($l['address']); ?> </td> <?php echo deleteColumn('Are you sure?', $l['id']); ?> </tr> <?php }
$f->unset_fields('extension'); $f->set_field(array('name' => 'content', 'label' => getString('file'), 'type' => 'file', 'additional' => getString('upload_max') . file_get_max())); $f->set_field(array('name' => 'categories', 'label' => getString('categories'), 'type' => 'checkboxes', 'options_table' => 'dl_categories', 'option_title' => 'title', 'linking_table' => 'dl_docs_to_categories', 'object_id' => 'doc_id', 'option_id' => 'category_id')); echo $f->draw(); } else { $result = db_table('SELECT d.id, d.title, ' . db_updated('d') . ', d.extension, c.title "group" FROM dl_docs d JOIN dl_docs_to_categories d2c ON d.id = d2c.doc_id JOIN dl_categories c ON d2c.category_id = c.id ORDER BY c.precedence, d.title;'); $links = $page['is_admin'] ? array(url_query_add(array('doc_id' => 'new'), false) => getString('add_new')) : false; $t = new table('dl_docs', drawHeader($links)); $t->set_column('icon', 'd', ' '); $t->set_column('title', 'l', getString('title')); $t->set_column('updated', 'r', getString('updated')); foreach ($result as &$r) { $link = 'info.php?id=' . $r['id']; $r['icon'] = file_icon($r['extension'], $link); $r['title'] = draw_link($link, $r['title']); if (getOption('languages')) { $r['title'] .= ' (' . $r['language'] . ')'; } $r['updated'] = format_date($r['updated']); } echo $t->draw($result, getString('documents_empty')); }
<?php include 'include.php'; if (!url_id()) { url_query_add(array('id' => 1)); } drawTop(); $locations = db_query("SELECT \n\t\to.id, \n\t\to.name\n\tFROM intranet_offices o \n\tORDER BY (SELECT COUNT(*) FROM intranet_users u WHERE u.officeID = o.id) DESC"); if (db_found($locations)) { $pages = array(); while ($l = db_fetch($locations)) { $pages["/staff/locations.php?id=" . $l["id"]] = $l["name"]; } echo drawNavigationRow($pages, $location, true); } if ($_GET["id"] == "other") { echo drawStaffList("u.isactive = 1 AND u.officeID <> 1 AND u.officeID <> 6 AND u.officeID <> 11 AND u.officeID <> 9"); } else { $l = db_grab('SELECT name, address FROM intranet_offices WHERE id = ' . $_GET['id']); if (!empty($l['address'])) { echo drawServerMessage('<center><strong>' . $l['name'] . ' Office</strong><br>' . nl2br($l['address']) . '</center>'); } echo drawStaffList("u.isactive = 1 and u.officeID = " . $_GET["id"]); } drawBottom();
if (url_action("delete")) { db_query("UPDATE policy_docs SET is_active = 0, deleted_date = GETDATE(), deleted_user = {$_SESSION["user_id"]} WHERE id = " . $_GET["id"]); url_drop("id, action"); } elseif (url_id()) { $d = db_grab("SELECT d.name, t.extension, d.content FROM policy_docs d JOIN docs_types t ON d.type_id = t.id WHERE d.id = " . $_GET["id"]); //db_query("INSERT INTO docs_views ( documentID, user_id, viewedOn ) VALUES ( {$_GET["id"]}, {$_SESSION["user_id"]}, GETDATE() )"); file_download($d["content"], $d["name"], $d["extension"]); } //get nav options $options = array(); $categories = db_query("SELECT id, description FROM policy_categories ORDER BY description"); while ($c = db_fetch($categories)) { if (!isset($_GET["category"])) { url_query_add(array("category" => $c["id"])); } $options[str_replace(url_base(), "", url_query_add(array("category" => $c["id"]), false))] = $c["description"]; } echo drawTop(); echo drawNavigationRow($options, "areas", true); ?> <table class="left"> <?php if ($page['is_admin']) { echo drawheaderRow("", 4, "add", "edit/"); } else { echo drawheaderRow("", 3); } $docs = db_query("SELECT d.id, d.name, t.icon, ISNULL(d.updated_date, d.created_date) updated_date FROM policy_docs d JOIN docs_types t ON d.type_id = t.id WHERE d.is_active = 1 AND d.categoryID = " . $_GET["category"] . " ORDER BY d.name"); if (db_found($docs)) { ?> <tr>
function drawBottom() { global $_josh, $modules, $helpdeskOptions, $helpdeskStatus, $modulettes, $page; $return = ' </div> <div id="right"> <div id="tools"> <a class="right button" href="/index.php?action=logout">' . getString('log_out') . '</a> ' . getString('hello') . ' <a href="/staff/view.php?id=' . $_SESSION['user_id'] . '"><b>' . $_SESSION['full_name'] . '</b></a>'; //search $return .= '<form name="search" accept-charset="utf-8" method="get" action="/staff/search.php" onsubmit="javascript:return doSearch(this);"> <input type="text" name="q" placeholder="' . getString('staff_search') . '"/> </form>'; //channel or language selectors if (getOption('channels')) { //$return .= draw_form_select('channel_id', 'SELECT id, title' . langExt() . ' title FROM channels WHERE is_active = 1 AND is_private = 0 ORDER BY precedence', $_SESSION['channel_id'], false, 'channels', 'url_query_set(\'channel_id\', this.value)', getString('networks_view_all')); $return .= draw_form_select('channel_id', 'SELECT c.id, c.title' . langExt() . ' title FROM channels c WHERE c.is_active = 1 AND (c.is_private = 0 OR (SELECT COUNT(*) FROM users_to_channels u2c WHERE u2c.channel_id = c.id AND u2c.user_id = ' . user() . ') > 0) ORDER BY precedence', $_SESSION['channel_id'], false, 'channels', 'url_query_set(\'channel_id\', this.value)', getString('networks_view_all')); } if (getOption('languages')) { $return .= draw_form_select('language_id', 'SELECT id, title FROM languages ORDER BY title', $_SESSION['language_id'], true, 'languages', 'url_query_set(\'language_id\', this.value)'); } //links $links = db_table('SELECT title' . langExt() . ' title, url FROM links WHERE is_active = 1 ORDER BY precedence'); foreach ($links as &$l) { $l = draw_link($l['url'], $l['title'], true); } $return .= draw_div('#links', draw_container('h3', getString('links')) . (admin() ? draw_link('/a/admin/links.php', getString('edit'), false, array('class' => 'right button')) : false) . draw_list($links)); $return .= '</div>'; foreach ($modules as $m) { $return .= ' <table class="right ' . $m['folder'] . '" cellspacing="1"> <tr> <td colspan="2" class="head" style="background-color:#' . $m['color'] . ';"> <a href="/' . $m['folder'] . '/" class="left">' . $m['title'] . '</a> ' . draw_img('/images/arrows-new/' . format_boolean($m['is_closed'], 'up|down') . '.png', url_query_add(array('module' => $m['id']), false)) . ' </td> </tr>'; if (!$m['is_closed']) { include DIRECTORY_ROOT . DIRECTORY_SEPARATOR . $m['folder'] . DIRECTORY_SEPARATOR . 'pallet.php'; } $return .= '</table>'; } $return .= '</div> <div id="footer">'; //if (admin()) $return .= 'page rendered in ' . format_time_exec() . '<br/>'; $return .= getString('copyright') . '<br/>'; if (getOption('legal')) { $return .= draw_link('/login/legal.php', getString('legal_title')); } $return .= '</div></div> <div id="subfooter"></div> </body> </html>'; //record pageview if ($page['id'] && user()) { db_query('INSERT INTO pages_views ( page_id, user_id, timestamp ) VALUES ( ' . $page['id'] . ', ' . user('NULL') . ', GETDATE() )'); } return $return; }
<?php include "include.php"; if (url_action('delete')) { db_delete('bb_topics_types'); url_drop('action,id'); } echo drawTop(); $t = new table('bb_topics_types', drawHeader($page['is_admin'] ? array('category_edit.php' => getString('category_new')) : false)); $t->set_column('category', 'l', getString('category')); $t->set_column('topics', 'r', getString('topics')); if ($page['is_admin']) { $t->set_column('delete', 'd', ' '); } $result = db_table('SELECT y.id, y.title' . langExt() . ' category, (SELECT COUNT(*) FROM bb_topics t WHERE t.type_id = y.id AND t.is_active = 1) topics FROM bb_topics_types y WHERE y.is_active = 1 ORDER BY y.title'); foreach ($result as &$r) { $r['category'] = draw_link('category.php?id=' . $r['id'], $r['category']); if ($page['is_admin']) { $r['delete'] = draw_img('/images/icons/delete.png', url_query_add(array('action' => 'delete', 'id' => $r['id']), false)); } } echo $t->draw($result, 'No categories added yet'); echo drawBottom();
} elseif (url_action('delete')) { db_delete('dl_categories'); url_drop('action,id'); } echo drawTop(); if (!empty($_GET['category_id'])) { //category form if ($_GET['category_id'] == 'new') { $_GET['category_id'] = false; } $f = new form('dl_categories', $_GET['category_id'], ($_GET['category_id'] ? 'Edit' : 'Add') . ' Category'); $f->set_title_prefix($page['breadcrumbs']); echo $f->draw(); } else { //list of categories $result = db_table('SELECT id, title, ' . db_updated() . ' FROM dl_categories WHERE is_active = 1 ORDER BY precedence'); $links = $page['is_admin'] ? array(url_query_add(array('category_id' => 'new'), false) => getString('add_new')) : false; $t = new table('dl_categories', drawHeader($links)); $t->set_column('draggy', 'd', ' '); $t->set_column('title', 'l', getString('title')); $t->set_column('updated', 'r', getString('updated')); $t->set_column('delete', 'd', ' '); foreach ($result as &$r) { $r['draggy'] = draw_img('/images/icons/move.png'); $r['title'] = draw_link(url_query_add(array('category_id' => $r['id']), false), $r['title']); $r['updated'] = format_date($r['updated']); $r['delete'] = draw_link(url_query_add(array('action' => 'delete', 'id' => $r['id']), false), 'x', false, 'confirm'); } echo $t->draw($result, getString('categories_empty')); } echo drawBottom();
include "include.php"; $e = db_grab("SELECT \n\t\te.title, \n\t\te.description, \n\t\te.startDate, \n\t\tISNULL(u.nickname, u.firstname) first,\n\t\tu.lastname last,\n\t\te.createdBy,\n\t\te.createdOn,\n\t\tt.color,\n\t\tt.description type,\n\t\tMONTH(e.startDate) month, \n\t\tYEAR(e.startDate) year\n\tFROM calendar_events e\n\tJOIN intranet_users u ON e.createdBy = u.userID\n\tJOIN calendar_events_types t ON e.typeID = t.id\n\tWHERE e.id = " . $_GET["id"]); if (url_action("delete")) { db_query("DELETE FROM calendar_events WHERE id = " . $_GET["id"]); url_change("/cal/?month=" . $e["month"] . "&year=" . $e["year"]); } drawTop(); echo drawNavigationCal($e["month"], $e["year"], true); ?> <table class="left" cellspacing="1"> <?php if ($isAdmin) { echo drawHeaderRow("Event Details", 2, "edit", "event_edit.php?id=" . $_GET["id"], "delete", url_query_add(array("action" => "delete"), false)); } elseif ($user["id"] == $e["createdBy"]) { echo drawHeaderRow("Event Details", 2, "edit", "event_edit.php?id=" . $_GET["id"], "delete", url_query_add(array("action" => "delete"), false)); } else { echo drawHeaderRow("Event Details", 2); } ?> <tr> <td class="left">Title</td> <td class="right" bgcolor="#ffffff"><b><?php echo $e["title"]; ?> </b></td> </tr> <tr> <td class="left">Type</td> <td><span class="block" style="background-color:<?php echo $e["color"];
<?php include "../include.php"; cookie("last_login"); if ($posting) { if ($r = db_grab("SELECT userID FROM intranet_users WHERE email = '{$_POST["email"]}' AND isActive = 1")) { email_user($_POST["email"], "Reset Your Password", drawEmptyResult('To reset your password, please <a href="http://' . $_josh["request"]["host"] . '/login/password_reset.php?id=' . $r . '">follow this link</a>.')); url_change("password_confirm.php"); } else { url_query_add(array("msg" => "email-not-found", "email" => $_POST["email"])); //bad email } } elseif (isset($_GET["id"])) { db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = {$_GET["id"]} AND isActive = 1"); if ($r = db_grab("SELECT u.email, p.url FROM intranet_users u JOIN pages p ON u.homePageID = p.ID WHERE u.userID = {$_GET["id"]} AND u.isActive = 1")) { login($r["email"], "", true); cookie("last_login", $r["email"]); url_change($r["url"]); } else { url_change(false); } } ?> <html> <head> <title>Reset Your Password</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> <script language="javascript" src="/javascript.js"></script>
<td align="right"><?php echo format_date($r["checkoutEnd"], ""); ?> </td> <td align="center"><nobr><?php if ($r["laptopStatusDesc"] == "In") { ?> <a href="laptop_checkout.php?id=<?php echo $r["laptopID"]; ?> ">check out</a> <?php } else { ?> <a href="<?php echo url_query_add(array("checkin" => $r["laptopID"]), false); ?> ">check in</a> <?php } ?> </nobr></td> <td width="16"><a href="javascript:deactivateLaptop(<?php echo $r["laptopID"]; ?> ,'<?php echo $r["laptopName"]; ?> ');"><img src="/images/icons/delete.png" width="16" height="16" border="0"></a></td> </tr> <?php
<?php include "include.php"; if ($posting) { $_POST["isActive"] = 1; $id = db_enter("calendar_events", "title description *startDate typeID"); url_query_add(array("month" => $_POST["startDateMonth"], "year" => $_POST["startDateYear"])); } if (!isset($_GET["month"]) || !isset($_GET["year"])) { url_query_add(array("month" => $_josh["month"], "year" => $_josh["year"])); } drawTop(); echo drawNavigationCal($_GET["month"], $_GET["year"]); //get events $result = db_query("SELECT \n\t\t\te.id,\n\t\t\tDAY(e.startDate) startDay,\n\t\t\te.title,\n\t\t\tt.color\n\t\tFROM calendar_events e\n\t\tJOIN calendar_events_types t ON e.typeID = t.id\n\t\tWHERE e.isActive = 1 AND \n\t\t\tMONTH(e.startDate) = {$_GET["month"]} AND\n\t\t\tYEAR(e.startDate) = " . $_GET["year"]); while ($r = db_fetch($result)) { $events[$r["startDay"]][$r["id"]]["title"] = $r["title"]; $events[$r["startDay"]][$r["id"]]["color"] = $r["color"]; } //SET UP VARIABLES $monthname = $_josh["months"][$_GET['month'] - 1]; $firstday = date("w", mktime(0, 0, 0, $_GET["month"], 1, $_GET["year"])); $lastday = date("d", mktime(0, 0, 0, $_GET["month"] + 1, 0, $_GET["year"])); $prevmonth = $_GET['month'] - 1; $prevyear = $_GET['year']; $nextmonth = $_GET['month'] + 1; $nextyear = $_GET['year']; if ($prevmonth == 0) { $prevmonth = 12; $prevyear = $_GET['year'] - 1; } elseif ($nextmonth == 13) {
function drawTicketRow($r, $mode = "status") { //mode can be status or type global $priorityOptions, $statusOptions, $ownerOptions, $typeOptions, $_josh; $return = ' <tr> <td rowspan="2">' . drawName($r["created_user"], $r["first"] . ' ' . $r["last"], $r["created_date"], true, $r['updated']) . '</td> <td colspan="3"><a href="ticket.php?id=' . $r["id"] . '"><b>' . $r["title"] . '</b></a></td> <td rowspan="2">' . draw_img("/images/icons/delete.png", drawDeleteLink("Delete this ticket?", $r["id"], "delete", "ticketID")) . '</td> </tr> <tr>'; $t = array("ticketID" => $r["id"]); if ($mode == "status") { $return .= '<td>' . draw_form_select("", $priorityOptions, $r["priorityID"], false, "field", "location.href='" . url_query_add($t, false) . "&newPriority=' + this.value") . '</td> <td>' . draw_form_select("", $statusOptions, $r["statusID"], true, "field", "location.href='" . url_query_add($t, false) . "&newStatus=' + this.value") . '</td> <td>' . draw_form_select("", $ownerOptions, $r["ownerID"], false, "field", "location.href='" . url_query_add($t, false) . "&newOwner=' + this.value") . '</td>'; } elseif ($mode == "type") { $return .= '<td colspan="3">' . draw_form_select("", $typeOptions, $r["type_id"], false, "field", "location.href='" . url_query_add($t, false) . "&newType=' + this.value") . '</td>'; } $return .= '</tr>'; return $return; }
function drawTop() { global $user, $_josh, $page, $isAdmin, $printing, $locale; error_debug("starting top"); $title = $page["module"] . " > " . $page["name"]; ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1"> <title><?php echo $title; ?> </title> <link rel="stylesheet" type="text/css" href="/assets/vendor/bootstrap/dist/css/bootstrap.min.css"> <link rel="stylesheet" type="text/css" href="/assets/css/style.css"> <!--[if IE]> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style-ie.css" /> <![endif]--> </head> <body> <?php if (!$printing) { ?> <div class="container"> <div class="row banner"> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-cc.png" width="240" height="86" class="img-responsive"></a> </div> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-hla.png" width="330" height="64" class="img-responsive"></a> </div> <div class="col-md-4"> <a href="/bb/"><img src="/assets/img/logo-hcfa.png" width="186" height="102" class="img-responsive"></a> </div> </div> <div class="row"> <div id="left" class="col-md-8"> <div id="help"> <a class="button left" href="/bb/"> <i class="glyphicon glyphicon-home"></i> Home </a> <a class="button right" href="<?php echo url_query_add(array("toggleMenuPref" => "isOpenHelp"), false); ?> "> <i class="glyphicon glyphicon-info-sign"></i> <?php if ($user["isOpenHelp"]) { ?> Hide<?php } else { ?> Show<?php } ?> Help </a> <?php if ($user["isOpenHelp"]) { if ($user["isAdmin"]) { ?> <a class="button right" href="/admin/edit-help.php?id=<?php echo $page["id"]; ?> &returnTo=<?php echo urlencode($_josh["request"]["path_query"]); ?> "> <i class="glyphicon glyphicon-edit"></i> Edit Page Info </a> <?php } ?> <div class="text"> <?php echo $page["helpText"] ? $page["helpText"] : "No help is available for this page."; ?> </div> <?php } ?> </div> <?php } if ($_josh["request"]["folder"] == "helpdesk") { echo drawNavigationHelpdesk(); } echo drawNavigation(); $_josh["drawn"]["top"] = true; error_debug("finished drawing top"); }
<?php include "include.php"; if ($posting) { langTranslatePost('title,description'); $id = db_save('cal_events'); if (getOption('channels')) { db_checkboxes('channels', 'cal_events_to_channels', 'event_id', 'channel_id', $id); } url_query_add(array("month" => $_POST['start_dateMonth'], "year" => $_POST['start_dateYear'])); } if (!isset($_GET['month']) || !isset($_GET['year'])) { url_query_add(array("month" => $_josh['month'], "year" => $_josh['year'])); } echo drawTop(); echo drawNavigationCal($_GET['month'], $_GET['year']); //get events $result = db_query('SELECT e.id, DAY(e.start_date) startDay, e.title' . langExt() . ' title, t.color FROM cal_events e JOIN cal_events_types t ON e.type_id = t.id ' . getChannelsWhere('cal_events', 'e', 'event_id') . ' AND MONTH(e.start_date) = ' . $_GET['month'] . ' AND YEAR(e.start_date) = ' . $_GET['year']); while ($r = db_fetch($result)) { $events[$r['startDay']][$r['id']]['title'] = $r['title']; $events[$r['startDay']][$r['id']]['color'] = $r['color'];
echo format_date_time($r["createdOn"]); ?> </td> <td width="16"><?php echo draw_img($locale . "images/icons/delete.gif", url_query_add(array("action" => "deletereq", "id" => $r["id"]), false)); ?> </td> </tr> <?php } } else { echo drawEmptyResult("No pending requests!"); } echo drawTableEnd(); echo drawTableStart(); echo drawHeaderRow("Never Logged In", 3, "invite them all", url_query_add(array("action" => "invite"), false)); $result = db_query("SELECT userid, lastname, firstname, createdOn FROM intranet_users WHERE lastlogin IS NULL AND isactive = 1 ORDER BY lastname"); if (db_found($result)) { ?> <tr> <th width="70%">Name</th> <th width="30%" class="r">Created Date</th> <th></th> </tr> <?php while ($r = db_fetch($result)) { ?> <tr> <td><a href="view.php?id=<?php echo $r["userid"]; ?>
?> </td> <td width="16"><?php echo draw_img("/images/icons/delete.png", url_query_add(array("action" => "deletereq", "id" => $r["id"]), false)); ?> </td> </tr> <?php } } else { echo drawEmptyResult(getString('staff_requests_empty')); } echo drawTableEnd(); //never logged in echo drawTableStart(); echo drawHeaderRow(getString('staff_never_logged_in'), 3, getString('staff_invite_all'), url_query_add(array("action" => "invite"), false)); $result = db_query("SELECT id, lastname, firstname, created_date FROM users WHERE lastlogin IS NULL AND is_active = 1 ORDER BY lastname"); if (db_found($result)) { ?> <tr> <th width="70%"><?php echo getString('name'); ?> </th> <th width="30%" class="r"><?php echo getString('date_created'); ?> </th> <th></th> </tr> <?php
<?php include "../include.php"; echo drawTop(); if (url_id()) { $title = db_grab('SELECT title' . langExt() . ' title FROM press_clips_types WHERE id = ' . $_GET["id"]); $result = db_table('SELECT c.id, c.title' . langExt() . ' title, c.pub_date, c.publication' . langExt() . ' publication, ISNULL(c.created_date, c.updated_date) updated FROM press_clips c ' . getChannelsWhere('press_clips', 'c', 'clip_id') . ' AND c.type_id = ' . $_GET["id"] . ' ORDER BY updated DESC'); $t = new table('press_clips', drawHeader(false, $title)); $t->set_column('title', 'l', getString('title')); $t->set_column('publication', 'l', getString('publication')); $t->set_column('pub_date', 'r', getString('published')); foreach ($result as &$r) { $r['title'] = draw_link('clip.php?id=' . $r['id'], format_string($r['title'], 50)); $r['pub_date'] = format_date($r['pub_date']); } echo $t->draw($result, 'There are no clips tagged <i>' . $title . '</i>.'); } else { $t = new table('press_clips', drawHeader()); $t->set_column('category', 'l', getString('category')); $t->set_column('clips', 'r', getString('clips')); $result = db_table('SELECT t.id, t.title' . langExt() . ' category, (SELECT COUNT(*) FROM press_clips c WHERE c.type_id = t.id) clips FROM press_clips_types t ORDER BY t.precedence'); foreach ($result as &$r) { $r['category'] = draw_link(url_query_add(array('id' => $r['id']), false), $r['category']); } echo $t->draw($result); } echo drawBottom();
function drawStaffRow($r, $searchterms = false) { global $isAdmin, $locale; if ($searchterms) { global $fields; foreach ($fields as $f) { if (isset($r[$f])) { $r[$f] = format_hilite($r[$f], $searchterms); } } } $return = '<tr height="38">'; $return .= '<td class="image"><a href="/staff/view.php?id=' . $r["userID"] . '">' . drawImg($r["userID"]) . '</a></td>'; $return .= '<td><nobr><a href="view.php?id=' . $r["userID"] . '">' . $r["lastname"] . ', ' . $r["firstname"] . '</a>'; //if (!$r["isMain"]) $return .= "<br>" . $r["office"]; $return .= '</nobr></td><td>'; if ($r["title"]) { $return .= $r["title"] . '<br>'; } if ($r["departmentName"]) { $return .= '<i>' . $r["departmentName"] . '</i><br>'; } if ($r["corporationName"]) { $return .= '<a href="/staff/organizations.php?id=' . $r["corporationID"] . '">' . $r["corporationName"] . '</a>'; } $return .= '</td> <td class="r"><nobr>' . format_phone($r["phone"]) . '</nobr></td> '; if ($isAdmin) { $return .= '<td class="delete"><a href="javascript:promptRedirect(\'' . url_query_add(array("action" => "delete", "staffID" => $r["userID"]), false) . '\', \'Delete this staff member?\');"><i class="glyphicon glyphicon-remove"></i></a></td>'; } return $return . '</tr>'; }
<?php $pageIsPublic = true; include '../include.php'; if ($posting) { if ($r = db_grab('SELECT id FROM users WHERE email = "' . $_POST['email'] . '" AND is_active = 1')) { emailPassword($r); url_change('password_confirm.php'); } else { url_query_add(array('msg' => 'email-not-found', 'email' => $_POST['email'])); //bad email } } elseif (url_id()) { $_SESSION['user_id'] = false; db_query('UPDATE users SET password = NULL WHERE id = ' . $_GET['id'] . ' AND is_active = 1'); if ($email = db_grab('SELECT email FROM users WHERE id = ' . $_GET['id'] . ' AND is_active = 1')) { login($email, '', true); url_change($_SESSION['homepage']); } else { url_change(false); } } else { cookie('last_login'); $_SESSION['user_id'] = false; } echo drawSimpleTop(getString('password_reset')); if (@$_GET['msg'] == 'email-not-found') { echo drawMessage(getString('login_password_reset_msg_email_not_found')); } else { echo drawMessage(getString('login_password_reset_msg')); }