while ($teams[] = $data->fetch_array($team_query)) {
}
$location = "User Control Panel >> Contributions";
if ($cat != "" || $action != "") {
switch ($cat) {
case "album":
$pagenum = 2;
$scriptList['slimbox'] = 1;
if ($_POST['Submit'] == "Update") {
$group = safesql($_POST['group'], "int");
$name = safesql($_POST['name'], "text");
$data->update_query("album_track", "album_name={$name}, patrol={$group}", "ID = {$safe_id}");
show_message("Album updated.", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}");
}
$album = $data->select_fetch_one_row("album_track", "WHERE ID = {$safe_id}");
if (!user_group_id($check['id'], $album['patrol']) && $album['patrol'] != 0 && $album['patrol'] != -1) {
$temp = $data->select_fetch_one_row("groups", "WHERE id={$album['patrol']}");
$teams[] = $temp;
$numteams++;
}
$sql = $data->select_query("photos", "WHERE album_id = {$safe_id}");
$numphotos = $data->num_rows($sql);
$photos = array();
while ($photos[] = $data->fetch_array($sql)) {
}
$location = "Edit " . censor($album['album_name']) . " photo album";
$tpl->assign("album", $album);
$tpl->assign("numphotos", $numphotos);
$tpl->assign("photos", $photos);
$tpl->assign("photopath", $config["photopath"] . "/");
if ($_POST['Submit'] == "Upload Photos") {
$temp = $data->fetch_array($sql);
$data->delete_query("pms", "id={$temp['id']}");
}
$sql = $data->update_query("pms", "date = {$timestamp}, type=2, touser={$users}", "id={$pid}", "", "", false);
$message .= "Your message has been sent to the following users: {$usernames}.";
}
show_message($message, "index.php?page=pmmain&menuid={$menuid}");
}
if (isset($_GET['user'])) {
$user = safesql($_GET['user'], "int");
$user = $data->select_fetch_one_row("users", "WHERE id={$user}", "uname");
$newpm['touser'] = $user['uname'];
$tpl->assign("editpm", $newpm);
} elseif (isset($_GET['group'])) {
$groupid = safesql($_GET['group'], "int");
if (user_group_id($check['id'], $_GET['group'])) {
$groupusers = $data->select_query("usergroups", "WHERE groupid = {$groupid} AND userid != {$check['id']}");
$names = array();
while ($temp = $data->fetch_array($groupusers)) {
$names[] = $userIdList[$temp['userid']];
}
$newpm['touser'] = implode(', ', $names);
$tpl->assign("editpm", $newpm);
}
}
if (($_POST['submit'] == "Send PM" || $_POST['submit'] == "Save PM") && $editit == true && isset($_GET['id'])) {
$pid = $_GET['id'];
$data->delete_query("pms", "id={$pid}", "", "", false);
}
if ($_POST['submit'] == "Send PM") {
$tousers = explode(',', strip_tags(trim($_POST['touser'])));
$sitecontent = get_frontpage_subs($patrolid, 1);
$edit = adminauth("patrol", "edit") && !adminauth("patrol", "limit") || adminauth("patrol", "edit") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false;
$add = adminauth("patrol", "add") && !adminauth("patrol", "limit") || adminauth("patrol", "add") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false;
$addlink = "admin.php?page=patrol&subpage=patrolcontent&action=new&pid={$patrolid}";
$editlink = "admin.php?page=patrol&subpage=patrolmenus&pid={$patrolid}";
} elseif ($sitecontent == "" && file_exists($content . $phpex)) {
if (get_auth($content, 0) == 1) {
include $content . $phpex;
} else {
$dataC = true;
$dbpage = false;
show_message("You do not have the required permissions to view that page", "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}");
}
} else {
$edit = adminauth("patrol", "edit") && !adminauth("patrol", "limit") || adminauth("patrol", "edit") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false;
$add = adminauth("patrol", "add") && !adminauth("patrol", "limit") || adminauth("patrol", "add") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false;
$addlink = "admin.php?page=patrol&subpage=patrolcontent&action=new&pid={$patrolid}";
$editlink = "admin.php?page=patrol&subpage=patrolcontent&id={$content}&action=edit&pid={$patrolid}";
}
if ($sitecontent === false) {
show_message("That page is only accessible by members of the group", $site != NULL ? "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}&site={$site}" : "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}");
}
if ($pagenum == 0) {
$pagenum = 1;
}
if ($dbpage == true && isset($pagename) && $pagename != "" && $pagename != "frontpage") {
$sitecontent = get_temp($pagename, $pagenum);
} elseif (isset($pagename) && $pagename == "frontpage") {
$sitecontent = $content;
} elseif ($dbpage == false && $message != "") {
$sitecontent = $message;
$sql .= "AND userid='{$user}' ";
}
if ($approver == TRUE && $mode == 'approval') {
$sql .= "AND approvedby={$sit[2]} ";
}
$sql .= "ORDER BY date, length";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($result) > 0) {
display_holiday_table($result);
if ($mode == 'approval') {
echo "<p align='center'><a href='holiday_approve.php?approve=TRUE&user={$user}&view={$user}&startdate=all&type=all'>{$strApproveAll}</a></p>";
} else {
$groupid = user_group_id($sit[2]);
// extract users (only show users with permission to approve that are not disabled accounts)
$sql = "SELECT DISTINCT id, realname, accepting, groupid ";
$sql .= "FROM `{$dbUsers}` AS u, `{$dbUserPermissions}` AS up, `{$dbRolePermissions}` AS rp ";
$sql .= "WHERE u.id = up.userid AND u.roleid = rp.roleid ";
$sql .= "AND (up.permissionid = 50 AND up.granted = 'true' OR ";
$sql .= "rp.permissionid = 50 AND rp.granted = 'true') ";
$sql .= "AND u.id != {$sit[2]} AND u.status > 0 ORDER BY realname ASC";
$result = mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
$numapprovers = mysql_num_rows($result);
if ($numapprovers > 0) {
echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>";
echo "<p align='center'>";
/**
* check to see if any fellow group members have holiday on the date specified
* @author Ivan Lucas
* @param int $userid - user ID
* @param int $date - UNIX Timestamp
* @param string $length - 'day', 'pm' or 'am'
* @return HTML space seperated list of users that are away on the date specified
*/
function check_group_holiday($userid, $date, $length = 'day')
{
global $dbUsers, $dbHolidays;
$namelist = '';
$groupid = user_group_id($userid);
if (!empty($groupid)) {
// list group members
$msql = "SELECT id AS userid FROM `{$dbUsers}` ";
$msql .= "WHERE groupid='{$groupid}' AND id != '{$userid}' ";
$mresult = mysql_query($msql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
while ($member = mysql_fetch_object($mresult)) {
// check to see if this group member has holiday
$hsql = "SELECT id FROM `{$dbHolidays}` WHERE userid='{$member->userid}' AND date = FROM_UNIXTIME({$date}) ";
if ($length == 'am' || $length == 'pm') {
$hsql .= "AND (length = '{$length}' OR length = 'day') ";
}
$hresult = mysql_query($hsql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($hresult) >= 1) {
$namelist .= user_realname($member->userid) . " ({$length})";
$namelist .= " ";
}
}
}
return $namelist;
}
