while ($teams[] = $data->fetch_array($team_query)) { } $location = "User Control Panel >> Contributions"; if ($cat != "" || $action != "") { switch ($cat) { case "album": $pagenum = 2; $scriptList['slimbox'] = 1; if ($_POST['Submit'] == "Update") { $group = safesql($_POST['group'], "int"); $name = safesql($_POST['name'], "text"); $data->update_query("album_track", "album_name={$name}, patrol={$group}", "ID = {$safe_id}"); show_message("Album updated.", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}"); } $album = $data->select_fetch_one_row("album_track", "WHERE ID = {$safe_id}"); if (!user_group_id($check['id'], $album['patrol']) && $album['patrol'] != 0 && $album['patrol'] != -1) { $temp = $data->select_fetch_one_row("groups", "WHERE id={$album['patrol']}"); $teams[] = $temp; $numteams++; } $sql = $data->select_query("photos", "WHERE album_id = {$safe_id}"); $numphotos = $data->num_rows($sql); $photos = array(); while ($photos[] = $data->fetch_array($sql)) { } $location = "Edit " . censor($album['album_name']) . " photo album"; $tpl->assign("album", $album); $tpl->assign("numphotos", $numphotos); $tpl->assign("photos", $photos); $tpl->assign("photopath", $config["photopath"] . "/"); if ($_POST['Submit'] == "Upload Photos") {
$temp = $data->fetch_array($sql); $data->delete_query("pms", "id={$temp['id']}"); } $sql = $data->update_query("pms", "date = {$timestamp}, type=2, touser={$users}", "id={$pid}", "", "", false); $message .= "Your message has been sent to the following users: {$usernames}."; } show_message($message, "index.php?page=pmmain&menuid={$menuid}"); } if (isset($_GET['user'])) { $user = safesql($_GET['user'], "int"); $user = $data->select_fetch_one_row("users", "WHERE id={$user}", "uname"); $newpm['touser'] = $user['uname']; $tpl->assign("editpm", $newpm); } elseif (isset($_GET['group'])) { $groupid = safesql($_GET['group'], "int"); if (user_group_id($check['id'], $_GET['group'])) { $groupusers = $data->select_query("usergroups", "WHERE groupid = {$groupid} AND userid != {$check['id']}"); $names = array(); while ($temp = $data->fetch_array($groupusers)) { $names[] = $userIdList[$temp['userid']]; } $newpm['touser'] = implode(', ', $names); $tpl->assign("editpm", $newpm); } } if (($_POST['submit'] == "Send PM" || $_POST['submit'] == "Save PM") && $editit == true && isset($_GET['id'])) { $pid = $_GET['id']; $data->delete_query("pms", "id={$pid}", "", "", false); } if ($_POST['submit'] == "Send PM") { $tousers = explode(',', strip_tags(trim($_POST['touser'])));
$sitecontent = get_frontpage_subs($patrolid, 1); $edit = adminauth("patrol", "edit") && !adminauth("patrol", "limit") || adminauth("patrol", "edit") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false; $add = adminauth("patrol", "add") && !adminauth("patrol", "limit") || adminauth("patrol", "add") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false; $addlink = "admin.php?page=patrol&subpage=patrolcontent&action=new&pid={$patrolid}"; $editlink = "admin.php?page=patrol&subpage=patrolmenus&pid={$patrolid}"; } elseif ($sitecontent == "" && file_exists($content . $phpex)) { if (get_auth($content, 0) == 1) { include $content . $phpex; } else { $dataC = true; $dbpage = false; show_message("You do not have the required permissions to view that page", "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}"); } } else { $edit = adminauth("patrol", "edit") && !adminauth("patrol", "limit") || adminauth("patrol", "edit") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false; $add = adminauth("patrol", "add") && !adminauth("patrol", "limit") || adminauth("patrol", "add") && adminauth("patrol", "limit") && user_group_id($check['id'], $patrolid) ? true : false; $addlink = "admin.php?page=patrol&subpage=patrolcontent&action=new&pid={$patrolid}"; $editlink = "admin.php?page=patrol&subpage=patrolcontent&id={$content}&action=edit&pid={$patrolid}"; } if ($sitecontent === false) { show_message("That page is only accessible by members of the group", $site != NULL ? "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}&site={$site}" : "index.php?page=patrolpages&patrol={$patrolid}&menuid={$menuid}"); } if ($pagenum == 0) { $pagenum = 1; } if ($dbpage == true && isset($pagename) && $pagename != "" && $pagename != "frontpage") { $sitecontent = get_temp($pagename, $pagenum); } elseif (isset($pagename) && $pagename == "frontpage") { $sitecontent = $content; } elseif ($dbpage == false && $message != "") { $sitecontent = $message;
$sql .= "AND userid='{$user}' "; } if ($approver == TRUE && $mode == 'approval') { $sql .= "AND approvedby={$sit[2]} "; } $sql .= "ORDER BY date, length"; $result = mysql_query($sql); if (mysql_error()) { trigger_error("MySQL Query Error " . mysql_error(), E_USER_WARNING); } if (mysql_num_rows($result) > 0) { display_holiday_table($result); if ($mode == 'approval') { echo "<p align='center'><a href='holiday_approve.php?approve=TRUE&user={$user}&view={$user}&startdate=all&type=all'>{$strApproveAll}</a></p>"; } else { $groupid = user_group_id($sit[2]); // extract users (only show users with permission to approve that are not disabled accounts) $sql = "SELECT DISTINCT id, realname, accepting, groupid "; $sql .= "FROM `{$dbUsers}` AS u, `{$dbUserPermissions}` AS up, `{$dbRolePermissions}` AS rp "; $sql .= "WHERE u.id = up.userid AND u.roleid = rp.roleid "; $sql .= "AND (up.permissionid = 50 AND up.granted = 'true' OR "; $sql .= "rp.permissionid = 50 AND rp.granted = 'true') "; $sql .= "AND u.id != {$sit[2]} AND u.status > 0 ORDER BY realname ASC"; $result = mysql_query($sql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } $numapprovers = mysql_num_rows($result); if ($numapprovers > 0) { echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>"; echo "<p align='center'>";
/** * check to see if any fellow group members have holiday on the date specified * @author Ivan Lucas * @param int $userid - user ID * @param int $date - UNIX Timestamp * @param string $length - 'day', 'pm' or 'am' * @return HTML space seperated list of users that are away on the date specified */ function check_group_holiday($userid, $date, $length = 'day') { global $dbUsers, $dbHolidays; $namelist = ''; $groupid = user_group_id($userid); if (!empty($groupid)) { // list group members $msql = "SELECT id AS userid FROM `{$dbUsers}` "; $msql .= "WHERE groupid='{$groupid}' AND id != '{$userid}' "; $mresult = mysql_query($msql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } while ($member = mysql_fetch_object($mresult)) { // check to see if this group member has holiday $hsql = "SELECT id FROM `{$dbHolidays}` WHERE userid='{$member->userid}' AND date = FROM_UNIXTIME({$date}) "; if ($length == 'am' || $length == 'pm') { $hsql .= "AND (length = '{$length}' OR length = 'day') "; } $hresult = mysql_query($hsql); if (mysql_error()) { trigger_error(mysql_error(), E_USER_WARNING); } if (mysql_num_rows($hresult) >= 1) { $namelist .= user_realname($member->userid) . " ({$length})"; $namelist .= " "; } } } return $namelist; }