예제 #1
 * display block
function admin_messages_messagesblock_display($row)
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!isset($row['title'])) {
        $row['title'] = '';
    if (!pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::", ACCESS_READ)) {
    $messagestable = $pntable['message'];
    $messagescolumn =& $pntable['message_column'];
    if (pnConfigGetVar('multilingual') == 1) {
        $currentlang = pnUserGetLang();
        $querylang = "AND ({$messagescolumn['mlanguage']}='{$currentlang}' OR {$messagescolumn['mlanguage']}='')";
    } else {
        $querylang = '';
    $sql = "SELECT {$messagescolumn['mid']},\n                   {$messagescolumn['title']},\n                   {$messagescolumn['content']},\n                   {$messagescolumn['date']},\n                   {$messagescolumn['view']}\n            FROM {$messagestable}\n            WHERE {$messagescolumn['active']} = 1 \n            AND  ( {$messagescolumn['expire']} > unix_timestamp(now())\n                  OR {$messagescolumn['expire']} = 0)\n            {$querylang}\n            ORDER by {$messagescolumn['mid']} DESC";
    $result = $dbconn->Execute($sql);
    if ($dbconn->ErrorNo() != 0) {
    $output = new pnHTML();
    while (list($mid, $title, $content, $date, $view) = $result->fields) {
        $show = 0;
        if (pnSecAuthAction(0, 'Admin Messages:Messagesblock:', "{$row['title']}::{$mid}", ACCESS_READ)) {
            switch ($view) {
                case 1:
                    // Message for everyone
                    $show = 1;
                case 2:
                    // Message for users
                    if (pnUserLoggedIn()) {
                        $show = 1;
                case 3:
                    // Messages for non-users
                    if (!pnUserLoggedIn()) {
                        $show = 1;
                case 4:
                    // Messages for administrators of any description
                    if (pnSecAuthAction(0, '::', '::', ACCESS_ADMIN)) {
                        $show = 1;
        if ($show) {
            list($title, $content) = pnModCallHooks('item', 'transform', '', array($title, $content));
            $output->TableStart('', '', 0);
            $ttitle = $output->Linebreak();
            $ttitle .= $output->Text($title);
            $ttitle .= $output->Linebreak(2);
            $output->TableAddRow(array("<font class=\"pn-title\">" . pnVarPrepHTMLDisplay($ttitle) . "</font>"), 'center');
            $output->TableAddRow(array("<font class=\"pn-normal\">" . pnVarPrepHTMLDisplay($content) . "</font>"), 'left');
    if ($output->output != "") {
        // Don't want a title
        $row['title'] = '';
        $row['content'] = $output->GetOutput();
        return themesideblock($row);
예제 #2
function postcalendar_user_submit($args)
    // We need at least ADD permission to submit an event
    if (!(bool) PC_ACCESS_ADD) {
    $output = new pnHTML();
    // get the theme globals :: is there a better way to do this?
    global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $textcolor1, $textcolor2;
    // $category = pnVarCleanFromInput('event_category');
    $category = pnVarCleanFromInput('category');
    if (!empty($category)) {
        $category = unserialize(base64_decode($category));
    } else {
        $cat = $_POST['category'];
        $category = unserialize(base64_decode($cat));
    // echo("<!-- Here is the argument array: -->\n");
    // foreach ($args as $tmpkey => $tmpval) { // debugging
    //  echo("<!-- $tmpkey => '$tmpval' -->\n");
    // }
    $Date =& postcalendar_getDate();
    $year = substr($Date, 0, 4);
    $month = substr($Date, 4, 2);
    $day = substr($Date, 6, 2);
    // basic event information
    $event_desc = pnVarCleanFromInput('event_desc');
    $event_category = pnVarCleanFromInput('event_category');
    $event_subject = pnVarCleanFromInput('event_subject');
    $event_sharing = pnVarCleanFromInput('event_sharing');
    $event_topic = pnVarCleanFromInput('event_topic');
    //id of the user the event is for
    $event_userid = pnVarCleanFromInput('event_userid');
    if (!is_numeric($event_userid)) {
        $event_userid = 0;
    $event_pid = pnVarCleanFromInput('event_pid');
    if (!is_numeric($event_pid)) {
        $event_pid = "";
    // event start information
    $event_startmonth = pnVarCleanFromInput('event_startmonth');
    $event_startday = pnVarCleanFromInput('event_startday');
    $event_startyear = pnVarCleanFromInput('event_startyear');
    $event_starttimeh = pnVarCleanFromInput('event_starttimeh');
    $event_starttimem = pnVarCleanFromInput('event_starttimem');
    $event_startampm = pnVarCleanFromInput('event_startampm');
    // location data
    $event_location = pnVarCleanFromInput('event_location');
    $event_street1 = pnVarCleanFromInput('event_street1');
    $event_street2 = pnVarCleanFromInput('event_street2');
    $event_city = pnVarCleanFromInput('event_city');
    $event_state = pnVarCleanFromInput('event_state');
    $event_postal = pnVarCleanFromInput('event_postal');
    $event_location_info = serialize(compact('event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal'));
    // contact data
    $event_contname = pnVarCleanFromInput('event_contname');
    $event_conttel = pnVarCleanFromInput('event_conttel');
    $event_contemail = pnVarCleanFromInput('event_contemail');
    $event_website = pnVarCleanFromInput('event_website');
    $event_fee = pnVarCleanFromInput('event_fee');
    $event_patient_name = pnVarCleanFromInput('patient_name');
    // event repeating data
    if (is_array($category)) {
        //$event_subject        =
        $event_desc = $category['desc'];
        $event_category = $category['id'];
        $event_duration = $category['event_duration'];
        //seconds of the event
        $event_dur_hours = $event_duration / (60 * 60);
        //seconds divided by 60 seconds * 60 minutes
        $event_dur_minutes = $event_duration % (60 * 60) / 60;
        $event_repeat = $category['event_repeat'];
        $event_repeat_freq = $category['event_repeat_freq'];
        $event_repeat_freq_type = $category['event_repeat_freq_type'];
        $event_repeat_on_num = $category['event_repeat_on_num'];
        $event_repeat_on_day = $category['event_repeat_on_day'];
        $event_repeat_on_freq = $category['event_repeat_on_freq'];
        $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
        // event end information
        $multiple = $category['end_date_freq'] . " ";
        switch ($category['end_date_type']) {
            case REPEAT_EVERY_DAY:
            case REPEAT_EVERY_WORK_DAY:
                //end date is in days
                $multiple .= "days";
            case REPEAT_EVERY_WEEK:
                //end date is in weeks
                $multiple .= "weeks";
            case REPEAT_EVERY_MONTH:
                //end date is in months
                $multiple .= "months";
            case REPEAT_EVERY_YEAR:
                //end date is in years
                $multiple .= "years";
        $edate = strtotime(pnVarCleanFromInput('Date'));
        $event_startmonth = date("m", $edate);
        $event_startday = date("d", $edate);
        $event_startyear = date("Y", $edate);
        $event_enddate = strtotime(pnVarCleanFromInput('Date') . " + " . $multiple);
        $event_endmonth = date("m", $event_enddate);
        $event_endday = date("d", $event_enddate);
        $event_endyear = date("Y", $event_enddate);
        $event_endtype = $category['end_date_flag'];
        // I'm pretty sure this was a bug since 'event_all_day' appears nowhere
        // else in the code, but it's hard to tell WTF is going on.
        //    $event_allday         = $category['event_all_day'];
        $event_allday = $category['all_day'];
    } else {
        $event_dur_hours = pnVarCleanFromInput('event_dur_hours');
        $event_dur_minutes = pnVarCleanFromInput('event_dur_minutes');
        $event_duration = 60 * 60 * $event_dur_hours + 60 * $event_dur_minutes;
        $event_repeat = pnVarCleanFromInput('event_repeat');
        $event_repeat_freq = pnVarCleanFromInput('event_repeat_freq');
        $event_repeat_freq_type = pnVarCleanFromInput('event_repeat_freq_type');
        $event_repeat_on_num = pnVarCleanFromInput('event_repeat_on_num');
        $event_repeat_on_day = pnVarCleanFromInput('event_repeat_on_day');
        $event_repeat_on_freq = pnVarCleanFromInput('event_repeat_on_freq');
        $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
        // event end information
        $event_endmonth = pnVarCleanFromInput('event_endmonth');
        $event_endday = pnVarCleanFromInput('event_endday');
        $event_endyear = pnVarCleanFromInput('event_endyear');
        $event_endtype = pnVarCleanFromInput('event_endtype');
        $event_allday = pnVarCleanFromInput('event_allday');
    // Added by Rod:
    if ($event_allday) {
        $event_starttimeh = 0;
        $event_starttimem = 0;
        $event_startampm = 1;
        $event_dur_hours = 24;
        $event_dur_minutes = 0;
        $event_duration = 60 * 60 * $event_dur_hours;
    $form_action = pnVarCleanFromInput('form_action');
    $pc_html_or_text = pnVarCleanFromInput('pc_html_or_text');
    $pc_event_id = pnVarCleanFromInput('pc_event_id');
    $data_loaded = pnVarCleanFromInput('data_loaded');
    $is_update = pnVarCleanFromInput('is_update');
    $authid = pnVarCleanFromInput('authid');
    //pennfirm uname matchup future fix
    //if(pnUserLoggedIn()) { $uname = pnUserGetVar('uname'); }
    //else { $uname = pnConfigGetVar('anonymous'); }
    $uname = $_SESSION['authUser'];
    if (!isset($event_repeat)) {
        $event_repeat = 0;
    if (!isset($pc_event_id) || empty($pc_event_id) || $data_loaded) {
        // lets wrap all the data into array for passing to submit and preview functions
        $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', "event_userid", "event_pid", 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'event_patient_name', 'event_pid');
        $eventdata['is_update'] = $is_update;
        $eventdata['pc_event_id'] = $pc_event_id;
        $eventdata['data_loaded'] = true;
        $eventdata['category'] = base64_encode(serialize($category));
    } else {
        $event =& postcalendar_userapi_pcGetEventDetails($pc_event_id);
        //echo "uname is:$uname  other name is: ".$event['uname'] . "<br />";
        if ($uname != $event['uname']) {
            if (!validateGroupStatus($uname, getUsername($event['uname']))) {
                return _PC_CAN_NOT_EDIT;
        $eventdata['event_subject'] = $event['title'];
        $eventdata['event_desc'] = $event['hometext'];
        $eventdata['event_sharing'] = $event['sharing'];
        $eventdata['event_category'] = $event['catid'];
        $eventdata['event_topic'] = $event['topic'];
        $eventdata['event_startmonth'] = substr($event['eventDate'], 5, 2);
        $eventdata['event_startday'] = substr($event['eventDate'], 8, 2);
        $eventdata['event_startyear'] = substr($event['eventDate'], 0, 4);
        $eventdata['event_starttimeh'] = substr($event['startTime'], 0, 2);
        $eventdata['event_starttimem'] = substr($event['startTime'], 3, 2);
        $eventdata['event_startampm'] = $eventdata['event_starttimeh'] < 12 ? 1 : 2;
        //1 is am , 2 is pm
        $eventdata['event_endmonth'] = substr($event['endDate'], 5, 2);
        $eventdata['event_endday'] = substr($event['endDate'], 8, 2);
        $eventdata['event_endyear'] = substr($event['endDate'], 0, 4);
        $eventdata['event_endtype'] = $event['endDate'] == '0000-00-00' ? '0' : '1';
        $eventdata['event_dur_hours'] = $event['duration_hours'];
        $eventdata['event_dur_minutes'] = $event['duration_minutes'];
        $eventdata['event_duration'] = $event['duration'];
        $eventdata['event_allday'] = $event['alldayevent'];
        $loc_data = unserialize($event['location']);
        $eventdata['event_location'] = $loc_data['event_location'];
        $eventdata['event_street1'] = $loc_data['event_street1'];
        $eventdata['event_street2'] = $loc_data['event_street2'];
        $eventdata['event_city'] = $loc_data['event_city'];
        $eventdata['event_state'] = $loc_data['event_state'];
        $eventdata['event_postal'] = $loc_data['event_postal'];
        $eventdata['event_location_info'] = $loc_data;
        $eventdata['event_contname'] = $event['contname'];
        $eventdata['event_conttel'] = $event['conttel'];
        $eventdata['event_contemail'] = $event['contemail'];
        $eventdata['event_website'] = $event['website'];
        $eventdata['event_fee'] = $event['fee'];
        $eventdata['event_repeat'] = $event['recurrtype'];
        $rspecs = unserialize($event['recurrspec']);
        $eventdata['event_repeat_freq'] = $rspecs['event_repeat_freq'];
        $eventdata['event_repeat_freq_type'] = $rspecs['event_repeat_freq_type'];
        $eventdata['event_repeat_on_num'] = $rspecs['event_repeat_on_num'];
        $eventdata['event_repeat_on_day'] = $rspecs['event_repeat_on_day'];
        $eventdata['event_repeat_on_freq'] = $rspecs['event_repeat_on_freq'];
        $eventdata['event_recurrspec'] = $rspecs;
        $eventdata['uname'] = $uname;
        $eventdata['event_userid'] = $event['event_userid'];
        $eventdata['event_pid'] = $event['pid'];
        $eventdata['event_aid'] = $event['aid'];
        $eventdata['Date'] = $Date;
        $eventdata['year'] = $year;
        $eventdata['month'] = $month;
        $eventdata['day'] = $day;
        $eventdata['is_update'] = true;
        $eventdata['pc_event_id'] = $pc_event_id;
        $event_data['patient_name'] = $event_patient_name;
        $eventdata['data_loaded'] = true;
        $eventdata['pc_html_or_text'] = $pc_html_or_text;
        $eventdata['category'] = base64_encode(serialize($category));
    // lets get the module's information
    $modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
    $categories = pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
    $output->tabindex = 1;
    // removed event_desc as a required_var
    $required_vars = array('event_subject');
    $required_name = array(_PC_EVENT_TITLE, _PC_EVENT_DESC);
    $error_msg = '';
    $reqCount = count($required_vars);
    for ($r = 0; $r < $reqCount; $r++) {
        if (empty(${$required_vars}[$r]) || !preg_match('/\\S/i', ${$required_vars}[$r])) {
            $error_msg .= $output->Text('<b>' . $required_name[$r] . '</b> ' . _PC_SUBMIT_ERROR4);
            $error_msg .= $output->Linebreak();
    // check repeating frequencies
    if ($event_repeat == REPEAT) {
        //can't have a repeating event that doesnt have an end date
        if ($event_endtype == 0) {
            $error_msg .= $output->Text("Repeating events must have an end date set.");
            $error_msg .= $output->Linebreak();
        if (!isset($event_repeat_freq) || $event_repeat_freq < 1 || empty($event_repeat_freq)) {
            $error_msg .= $output->Text(_PC_SUBMIT_ERROR5);
            $error_msg .= $output->Linebreak();
        } elseif (!is_numeric($event_repeat_freq)) {
            $error_msg .= $output->Text(_PC_SUBMIT_ERROR6);
            $error_msg .= $output->Linebreak();
    } elseif ($event_repeat == REPEAT_ON) {
        //can't have a repeating event that doesnt have an end date
        if ($event_endtype == 0) {
            $error_msg .= $output->Text("Repeating events must have an end date set.");
            $error_msg .= $output->Linebreak();
        if (!isset($event_repeat_on_freq) || $event_repeat_on_freq < 1 || empty($event_repeat_on_freq)) {
            $error_msg .= $output->Text(_PC_SUBMIT_ERROR5);
            $error_msg .= $output->Linebreak();
        } elseif (!is_numeric($event_repeat_on_freq)) {
            $error_msg .= $output->Text(_PC_SUBMIT_ERROR6);
            $error_msg .= $output->Linebreak();
    // check date validity
    if (_SETTING_TIME_24HOUR) {
        $startTime = $event_starttimeh . ':' . $event_starttimem;
        $endTime = $event_endtimeh . ':' . $event_endtimem;
    } else {
        if ($event_startampm == _AM_VAL) {
            $event_starttimeh = $event_starttimeh == 12 ? '00' : $event_starttimeh;
        } else {
            $event_starttimeh = $event_starttimeh != 12 ? $event_starttimeh += 12 : $event_starttimeh;
        $startTime = $event_starttimeh . ':' . $event_starttimem;
    $sdate = strtotime($event_startyear . '-' . $event_startmonth . '-' . $event_startday);
    $edate = strtotime($event_endyear . '-' . $event_endmonth . '-' . $event_endday);
    $tdate = strtotime(date('Y-m-d'));
    if ($edate < $sdate && $event_endtype == 1) {
        $error_msg .= $output->Text(_PC_SUBMIT_ERROR1);
        $error_msg .= $output->Linebreak();
    if (!checkdate($event_startmonth, $event_startday, $event_startyear)) {
        $error_msg .= $output->Text(_PC_SUBMIT_ERROR2 . " '{$event_startyear}-{$event_startmonth}-{$event_startday}'");
        $error_msg .= $output->Linebreak();
    if (!checkdate($event_endmonth, $event_endday, $event_endyear)) {
        $error_msg .= $output->Text(_PC_SUBMIT_ERROR3 . " '{$event_endyear}-{$event_endmonth}-{$event_endday}'");
        $error_msg .= $output->Linebreak();
    //check limit on category
    if (($ret = checkCategoryLimits($eventdata)) != null) {
        $error_msg .= $output->Text("This category has a limit of {$ret['limit']} between {$ret['start']} and {$ret['end']} which you have exceeded.");
        $error_msg .= $output->Linebreak();
        //return $output->GetOutput();
    //echo "fa: " . $form_action . " double_book: " . pnVarCleanFromInput("double_book") . " update: " . $eventdata['is_update'] . " em: " . $error_msg;
    //event collision check
    if ($form_action == "commit" && pnVarCleanFromInput("double_book") != 1 && !$eventdata['is_update'] && empty($error_msg)) {
        //check on new shceduling events(in or out of office) to make sure that
        //you don't have more than one set per day
        //event category 1 is in office, event category 2 is out of office
        if ($eventdata['event_category'] == 2 || $eventdata['event_category'] == 3) {
            $searchargs = array();
            $searchargs['start'] = $eventdata['event_startmonth'] . "/" . $eventdata['event_startday'] . "/" . $eventdata['event_startyear'];
            $searchargs['end'] = $eventdata['event_endmonth'] . "/" . $eventdata['event_endday'] . "/" . $eventdata['event_endyear'];
            $searchargs['provider_id'] = $eventdata['event_userid'];
            //faFLag uses pcgeteventsfa, which can search on provider
            $searchargs['faFlag'] = true;
            $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) ";
            $eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
            $ekey = md5($event_data['subject'] . date("U") . rand(0, 1000));
            $oldstatus = $eventdata['event_status'];
            $oldtitle = $eventdata['event_subject'];
            $old_patient_name = $eventdata['patient_name'];
            $old_dur_hours = $eventdata['event_dur_hours'];
            $old_dur_min = $eventdata['event_dur_minutes'];
            $old_duration = $eventdata['event_duration'];
            $eventdata['event_subject'] = mysql_real_escape_string($ekey);
            $eventdata['event_status'] = _EVENT_TEMPORARY;
            if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) {
                $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
                $error_msg .= $output->Text("<b>The system was unable to check you event for conflicts with other events because there was a problem with your database.</b><br />");
                $error_msg .= $output->Text('</div></center>');
                $error_msg .= $output->Linebreak();
                $error_msg .= $output->Text($dbconn->ErrorMsg());
            $searchargs['s_keywords'] = " (a.pc_catid = 2 OR a.pc_catid = 3) AND a.pc_title = '" . $eventdata['event_subject'] . "' ";
            $searchargs['event_status'] = _EVENT_TEMPORARY;
            $submitEventByDate =& postcalendar_userapi_pcGetEvents($searchargs);
            if (!delete_event($ekey)) {
                $error_msg .= $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
                $error_msg .= $output->Text("<b>The system was unable to delete a temporary record it created, this may have left the database in an inconsistent state.</b><br />");
                $error_msg .= $output->Text('</div></center>');
                $error_msg .= $output->Linebreak();
                $error_msg .= $output->Text($dbconn->ErrorMsg());
            $eventdata['event_status'] = $oldstatus;
            $eventdata['event_subject'] = $oldtitle;
            $eventdata['patient_name '] = $old_patient_name;
            $eventdata['event_dur_hours'] = $old_dur_hour;
            $eventdata['event_dur_minutes'] = $old_dur_min;
            foreach ($submitEventByDate as $date => $newevent) {
                if (count($eventsByDate[$date]) > 0 && count($newevent) > 0) {
                    foreach ($eventsByDate[$date] as $con_event) {
                        if ($con_event['catid'] == $newevent[0]['catid']) {
                            $error_msg .= $output->Text('There is a conflict on ' . $date . ' with event ' . $con_event['title']);
                            $error_msg .= $output->Linebreak();
            /*echo "<br /><br />";
              echo "<br /><br />";
        $colls = checkEventCollision($eventdata);
        if (count($colls) > 0) {
            foreach ($colls as $coll) {
                $error_msg .= $output->Text("Event Collides with: " . $coll['title'] . " at " . date("g:i a", strtotime($coll['startTime'])) . "<br />");
                $error_msg .= $output->Linebreak();
            $error_msg .= $output->Text("Submit again to \"Double Book\" <br />To change values click back in your browser.");
            $error_msg .= $output->Linebreak();
            // the following line will display "DOUBLE BOOKED" if when adding an event there is a collistion with anothe appointment
            //$eventdata['event_subject'] = "DOUBLE BOOKED " . $eventdata['event_subject'];
            $eventdata['double_book'] = 1;
    if ($form_action == 'preview') {
        //  Preview the event
        // check authid
        if (!pnSecConfirmAuthKey()) {
            return _NO_DIRECT_ACCESS;
        if (!empty($error_msg)) {
            $preview = false;
            $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">');
            $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">');
            $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>');
        } else {
            $output->Text(pnModAPIFunc(__POSTCALENDAR__, 'user', 'eventPreview', $eventdata));
    } elseif ($form_action == 'commit') {
        //  Enter the event into the DB
        if (!empty($error_msg)) {
            if (!pnSecConfirmAuthKey(true)) {
                return _NO_DIRECT_ACCESS;
        } else {
            if (!pnSecConfirmAuthKey()) {
                return _NO_DIRECT_ACCESS;
        if (!empty($error_msg)) {
            $preview = false;
            $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="red">');
            $output->Text('<table border="0" width="100%" cellpadding="1" cellspacing="0"><tr><td bgcolor="pink">');
            $output->Text('<center><b>' . _PC_SUBMIT_ERROR . '</b></center>');
        } else {
            if (!pnModAPIFunc(__POSTCALENDAR__, 'user', 'submitEvent', $eventdata)) {
                $output->Text('<center><div style="padding:5px; border:1px solid red; background-color: pink;">');
                $output->Text("<b>" . _PC_EVENT_SUBMISSION_FAILED . "</b>");
            } else {
                // clear the Smarty cache
                $tpl = new pcSmarty();
                $output->Text('<center><div style="padding:5px; border:1px solid green; background-color: lightgreen;">');
                if ($is_update) {
                    $output->Text("<b>" . _PC_EVENT_EDIT_SUCCESS . "</b>");
                } else {
                    $output->Text("<b>" . _PC_EVENT_SUBMISSION_SUCCESS . "</b>");
                // clear the form vars
                $event_subject = $event_desc = $event_sharing = $event_category = $event_topic = $event_startmonth = $event_startday = $event_startyear = $event_starttimeh = $event_starttimem = $event_startampm = $event_endmonth = $event_endday = $event_endyear = $event_endtype = $event_dur_hours = $event_dur_minutes = $event_duration = $event_allday = $event_location = $event_street1 = $event_street2 = $event_city = $event_state = $event_postal = $event_location_info = $event_contname = $event_conttel = $event_contemail = $event_website = $event_fee = $event_repeat = $event_repeat_freq = $event_repeat_freq_type = $event_repeat_on_num = $event_repeat_on_day = $event_repeat_on_freq = $event_recurrspec = $uname = $Date = $year = $month = $day = $pc_html_or_text = $event_patient_name = $evnet_pid = null;
                $is_update = false;
                $pc_event_id = 0;
                //$_SESSION['category'] = "";
                // lets wrap all the data into array for passing to submit and preview functions
                $eventdata = compact('event_subject', 'event_desc', 'event_sharing', 'event_category', 'event_topic', 'event_startmonth', 'event_startday', 'event_startyear', 'event_starttimeh', 'event_starttimem', 'event_startampm', 'event_endmonth', 'event_endday', 'event_endyear', 'event_endtype', 'event_dur_hours', 'event_dur_minutes', 'event_duration', 'event_allday', 'event_location', 'event_street1', 'event_street2', 'event_city', 'event_state', 'event_postal', 'event_location_info', 'event_contname', 'event_conttel', 'event_contemail', 'event_website', 'event_fee', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'event_recurrspec', 'uname', 'Date', 'year', 'month', 'day', 'pc_html_or_text', 'is_update', 'pc_event_id', 'event_patient_name');
                //if no using the no_nav format then show form again after submit
                if (pnVarCleanFromInput("no_nav") == 1) {
                    return $output->GetOutput();
    $output->Text(pnModAPIFunc('PostCalendar', 'user', 'buildSubmitForm', $eventdata));
    return $output->GetOutput();
예제 #3
 * display block
function template_firstblock_display($blockinfo)
    // Security check
    if (!pnSecAuthAction(0, 'Template:Firstblock:', "{$blockinfo['title']}::", ACCESS_READ)) {
    // Get variables from content block
    $vars = pnBlockVarsFromContent($blockinfo['content']);
    // Defaults
    if (empty($vars['numitems'])) {
        $vars['numitems'] = 5;
    // Database information
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $templatetable = $pntable['template'];
    $templatecolumn =& $pntable['template_column'];
    // Query
    $sql = "SELECT {$templatecolumn['tid']},\n                   {$templatecolumn['name']}\n            FROM {$templatetable}\n            ORDER by {$templatecolumn['name']}";
    $result = $dbconn->SelectLimit($sql, $vars['numitems']);
    if ($dbconn->ErrorNo() != 0) {
    if ($result->EOF) {
    // Create output object
    $output = new pnHTML();
    // Display each item, permissions permitting
    for (; !$result->EOF; $result->MoveNext()) {
        list($tid, $name) = $result->fields;
        if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_OVERVIEW)) {
            if (pnSecAuthAction(0, 'Template::', "{$name}::{$tid}", ACCESS_READ)) {
                $output->URL(pnModURL('Template', 'user', 'viewdetail', array('tid' => $tid)), $name);
            } else {
    // Populate block info and pass to theme
    $blockinfo['content'] = $output->GetOutput();
    return themesideblock($blockinfo);
예제 #4
function modules_adminmenu()
    $output = new pnHTML();
    if (!pnSecAuthAction(0, 'Modules::', '::', ACCESS_ADMIN)) {
        return $output->GetOutput();
    $columns = array();
    $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'list')), _LIST);
    $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'regenerate', array('authid' => pnSecGenAuthKey()))), _REGENERATE);
    return $output->GetOutput();
예제 #5
function postcalendar_admin_categoriesConfirm()
    if (!PC_ACCESS_ADMIN) {
        return _POSTCALENDAR_NOAUTH;
    $output = new pnHTML();
    $header = <<<EOF
\t<body bgcolor=
    $header .= '"' . $GLOBALS['style']['BGCOLOR2'] . '">';
    list($id, $del, $name, $value_cat_type, $desc, $color, $event_repeat, $event_repeat_freq, $event_repeat_freq_type, $event_repeat_on_num, $event_repeat_on_day, $event_repeat_on_freq, $durationh, $durationm, $end_date_flag, $end_date_type, $end_date_freq, $end_all_day, $newname, $newdesc, $newcolor, $new_event_repeat, $new_event_repeat_freq, $new_event_repeat_freq_type, $new_event_repeat_on_num, $new_event_repeat_on_day, $new_event_repeat_on_freq, $new_durationh, $new_durationm, $new_limitid, $new_end_date_flag, $new_end_date_type, $new_end_date_freq, $new_end_all_day, $new_value_cat_type) = pnVarCleanFromInput('id', 'del', 'name', 'value_cat_type', 'desc', 'color', 'event_repeat', 'event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq', 'durationh', 'durationm', 'end_date_flag', 'end_date_type', 'end_date_freq', 'end_all_day', 'newname', 'newdesc', 'newcolor', 'newevent_repeat', 'newevent_repeat_freq', 'newevent_repeat_freq_type', 'newevent_repeat_on_num', 'newevent_repeat_on_day', 'newevent_repeat_on_freq', 'newdurationh', 'newdurationm', 'newlimitid', 'newend_date_flag', 'newend_date_type', 'newend_date_freq', 'newend_all_day', 'newvalue_cat_type');
    //data validation
    foreach ($name as $i => $item) {
        if (empty($item)) {
            $output->Text(postcalendar_admin_categories($msg, "Category Names must contain a value!"));
            return $output->GetOutput();
        $tmp = $color[$i];
        if (strlen($tmp) != 7 || $tmp[0] != "#") {
            $e = $tmp . " size " . strlen($tmp) . " at 0 " . $tmp[0];
            $output->Text(postcalendar_admin_categories($msg, "You entered an invalid color(USE Pick) {$e}!"));
            return $output->GetOutput();
    foreach ($durationh as $i => $val) {
        if (!is_numeric($durationh[$i]) || !is_numeric($durationm[$i]) || !is_numeric($event_repeat_freq[$i]) || !is_numeric($event_repeat_on_freq[$i]) || !is_numeric($end_date_freq[$i])) {
            $output->Text(postcalendar_admin_categories($msg, " Hours, Minutes and recurrence values must be numeric!"));
            return $output->GetOutput();
    if (!empty($newnam)) {
        if (!is_numeric($new_durationh) || !is_numeric($new_durationm) || !is_numeric($new_event_repeat_freq) || !is_numeric($new_event_repeat_on_freq) || !is_numeric($new_end_date_freq)) {
            $output->Text(postcalendar_admin_categories($msg, "Hours, Minutes and recurrence values must be numeric!"));
            return $output->GetOutput();
    $new_duration = $new_durationh * (60 * 60) + $new_durationm * 60;
    $event_recurrspec = serialize(compact('event_repeat_freq', 'event_repeat_freq_type', 'event_repeat_on_num', 'event_repeat_on_day', 'event_repeat_on_freq'));
    $new_event_recurrspec = serialize(compact('new_event_repeat_freq', 'new_event_repeat_freq_type', 'new_event_repeat_on_num', 'new_event_repeat_on_day', 'new_event_repeat_on_freq'));
    if (is_array($del)) {
        $dels = implode(',', $del);
        $delText = _PC_DELETE_CATS . $dels . '.';
    $output->FormStart(pnModURL(__POSTCALENDAR__, 'admin', 'categoriesUpdate'));
    // deletions
    if (isset($delText)) {
        $output->FormHidden('dels', $dels);
    if (!empty($newname)) {
        $output->FormHidden('newname', $newname);
        $output->FormHidden('newdesc', $newdesc);
        $output->FormHidden('newvalue_cat_type', $new_value_cat_type);
        $output->FormHidden('newcolor', $newcolor);
        $output->FormHidden('newevent_repeat', $new_event_repeat);
        $output->FormHidden('newevent_recurrfreq', $new_event_repeat_freq);
        $output->FormHidden('newevent_recurrspec', $new_event_recurrspec);
        $output->FormHidden('newduration', $new_duration);
        $output->FormHidden('newlimitid', $new_limitid);
        $output->FormHidden('newend_date_flag', $new_end_date_flag);
        $output->FormHidden('newend_date_type', $new_end_date_type);
        $output->FormHidden('newend_date_freq', $new_end_date_freq);
        $output->FormHidden('newend_all_day', $new_end_all_day);
        $output->Text(_PC_ADD_CAT . $newname . '.');
    $output->FormHidden('id', serialize($id));
    $output->FormHidden('del', serialize($del));
    $output->FormHidden('name', serialize($name));
    $output->FormHidden('desc', serialize($desc));
    $output->FormHidden('value_cat_type', serialize($value_cat_type));
    $output->FormHidden('color', serialize($color));
    $output->FormHidden('event_repeat', serialize($event_repeat));
    $output->FormHidden('event_recurrspec', $event_recurrspec);
    $output->FormHidden('durationh', serialize($durationh));
    $output->FormHidden('durationm', serialize($durationm));
    $output->FormHidden('end_date_flag', serialize($end_date_flag));
    $output->FormHidden('end_date_type', serialize($end_date_type));
    $output->FormHidden('end_date_freq', serialize($end_date_freq));
    $output->FormHidden('end_all_day', serialize($end_all_day));
    return $output->GetOutput();
예제 #6
function search_weblinks()
    list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
    if (empty($active_weblinks)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['links_links_column'];
    $query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n              FROM {$pntable['links_links']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        // web links
        $query .= "{$column['description']} LIKE '{$word}' OR \n";
        $query .= "{$column['url']} LIKE '{$word}' OR \n";
        $query .= "{$column['submitter']} LIKE '{$word}' OR \n";
        $query .= "{$column['title']} LIKE '{$word}' \n";
        $query .= ')';
        $flag = true;
    $query .= " ORDER BY {$column['lid']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we have a link id so get its category
            $column2 =& $pntable['links_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_weblinks=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we have a link id so get its category
            $column2 =& $pntable['links_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
    return $output->GetOutput();
예제 #7
function postcalendar_adminapi_buildAdminList($args)
    $output = new pnHTML();
    // get the theme globals :: is there a better way to do this?
    global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5;
    global $textcolor1, $textcolor2;
    $formUrl = pnModUrl(__POSTCALENDAR__, 'admin', 'adminevents');
    $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>');
    $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr><td>');
    $output->Text('<center><font size="4"><b>' . $title . '</b></font></center>');
    $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>');
    $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '">');
    if (!$result || $result->EOF) {
        $output->Text('<tr><td width="100%" bgcolor="' . $bgcolor1 . '" align="center"><b>' . _PC_NO_EVENTS . '</b></td></tr>');
    } else {
        $output->Text('<tr><td bgcolor="' . $bgcolor1 . '" align="center"><b>' . _PC_EVENTS . '</b></td></tr>');
        $output->Text('<table border="0" cellpadding="2" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '">');
        // build sorting urls
        if (!isset($sdir)) {
            $sdir = 1;
        } else {
            $sdir = $sdir ? 0 : 1;
        $title_sort_url = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset, 'sort' => 'title', 'sdir' => $sdir));
        $time_sort_url = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset, 'sort' => 'time', 'sdir' => $sdir));
        $output->Text('<tr><td>select</td><td><a href="' . $title_sort_url . '">title</a></td><td><a href="' . $time_sort_url . '">timestamp</a><td></tr>');
        // output the queued events
        $count = 0;
        for (; !$result->EOF; $result->MoveNext()) {
            list($eid, $title, $timestamp) = $result->fields;
            $output->Text('<td align="center" valign="top">');
            $output->FormCheckbox('pc_event_id[]', false, $eid);
            $output->Text('<td  align="left" valign="top" width="100%">');
            $output->URL(pnModURL(__POSTCALENDAR__, 'admin', 'edit', array('pc_event_id' => $eid)), pnVarPrepHTMLDisplay(postcalendar_removeScriptTags($title)));
            $output->Text('<td  align="left" valign="top" nowrap>');
    if ($result->NumRows()) {
        // action to take?
        $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>');
        $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr>');
        $output->Text('<td align="left" valign="middle">');
        $seldata[0]['id'] = _ADMIN_ACTION_VIEW;
        $seldata[0]['selected'] = 1;
        $seldata[0]['name'] = _PC_ADMIN_ACTION_VIEW;
        $seldata[1]['id'] = _ADMIN_ACTION_APPROVE;
        $seldata[1]['selected'] = 0;
        $seldata[1]['name'] = _PC_ADMIN_ACTION_APPROVE;
        $seldata[2]['id'] = _ADMIN_ACTION_HIDE;
        $seldata[2]['selected'] = 0;
        $seldata[2]['name'] = _PC_ADMIN_ACTION_HIDE;
        $seldata[3]['id'] = _ADMIN_ACTION_DELETE;
        $seldata[3]['selected'] = 0;
        $seldata[3]['name'] = _PC_ADMIN_ACTION_DELETE;
        $output->FormSelectMultiple('action', $seldata);
        $output->FormHidden('thelist', $function);
        // start previous next links
        $output->Text('<table border="0" cellpadding="1" cellspacing="0" width="100%" bgcolor="' . $bgcolor2 . '"><tr><td>');
        $output->Text('<table border="0" cellpadding="5" cellspacing="0" width="100%" bgcolor="' . $bgcolor1 . '"><tr>');
        if ($offset > 1) {
            $output->Text('<td align="left">');
            $next_link = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset - $offset_increment, 'sort' => $sort, 'sdir' => $sdir));
            $output->Text('<a href="' . $next_link . '"><< ' . _PC_PREV . ' ' . $offset_increment . '</a>');
        } else {
            $output->Text('<td align="left"><< ' . _PC_PREV . '</td>');
        if ($result->NumRows() >= $offset_increment) {
            $output->Text('<td align="right">');
            $next_link = pnModUrl(__POSTCALENDAR__, 'admin', $function, array('offset' => $offset + $offset_increment, 'sort' => $sort, 'sdir' => $sdir));
            $output->Text('<a href="' . $next_link . '">' . _PC_NEXT . ' ' . $offset_increment . ' >></a>');
        } else {
            $output->Text('<td align="right">' . _PC_NEXT . ' >></td>');
    // end previous next links
    return $output->GetOutput();
예제 #8
function search_downloads()
    list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
    if (empty($active_downloads)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    // fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't.  We use the column names in assoc array later...
    $column =& $pntable['downloads_downloads_column'];
    $query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['totalvotes']} as totalvotes, {$column['hits']} as hits, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        // downloads
        $query .= "{$column['description']} LIKE '{$word}' OR \n";
        $query .= "{$column['title']} LIKE '{$word}' OR \n";
        $query .= "{$column['submitter']} LIKE '{$word}' OR \n";
        $query .= "{$column['name']} LIKE '{$word}' OR \n";
        $query .= "{$column['homepage']} LIKE '{$word}' \n";
        $query .= ')';
        $flag = true;
    $query .= " ORDER BY {$column['lid']}";
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we have a download id so get its category
            $column2 =& $pntable['downloads_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_downloads=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we have a download id so get its category
            $column2 =& $pntable['downloads_categories_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
            list($title) = $result2->fields;
            if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Downloads&amp;file=index&amp;req=getit&lid={$row['lid']}\">{$row['title']}</a> <font class=\"pn-normal\">(votes: {$row['totalvotes']} - hits: {$row['hits']})</font><br>Uploader: {$row['name']}<br>{$row['description']}</li>");
        // Mung URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_DOWNLOADS . '</font>');
    return $output->GetOutput();
예제 #9
function search_users()
    list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
    if (empty($active_users)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['users_column'];
    $query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        $query .= "{$column['uname']} LIKE '{$word}' OR ";
        $query .= "{$column['name']} LIKE '{$word}'";
        $query .= ')';
        $flag = true;
    $query .= " ORDER BY {$column['uname']}";
    if (empty($total)) {
        $countres = $dbconn->Execute($query);
        $total = $countres->PO_RecordCount();
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_users=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // some basic authcheck - might result in a wrong count...
            if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&amp;uname={$row['uname']}&amp;module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
    return $output->GetOutput();
예제 #10
  * composite function for generic confirmation of action
  * @param string $confirm_text Confirmation message to display
  * @param string $confirm_url URL to go to if confirm button is clicked
  * @param string $cancel_text Link text cor the cancel message
  * @param string $cancel_url URL to go to is action is canceled
  * @param array $arg An array of args to create hidden fields for
  * @access public
 function ConfirmAction($confirm_text, $confirm_url, $cancel_text, $cancel_url, $arg = array())
     $compoutput = new pnHTML();
     $arg['confirm'] = 1;
     $arg['authid'] = pnSecGenAuthKey();
     $arg['confirmation'] = 1;
     $compoutput->URL($cancel_url, $cancel_text);
     if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) {
         return $compoutput->PrintPage();
     } else {
         $this->output .= $compoutput->GetOutput();
예제 #11
function search_comments()
    list($active_comments, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_comments', 'startnum', 'total', 'bool', 'q');
    if (empty($active_comments)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['comments_column'];
    $query = "SELECT {$column['subject']} as subject, {$column['tid']} as tid, ";
    $query .= "{$column['sid']} as sid, {$column['pid']} as pid FROM {$pntable['comments']} WHERE ";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        $query .= "{$column['subject']} LIKE '{$word}' OR ";
        $query .= "{$column['comment']} LIKE '{$word}'";
        $query .= ')';
        $flag = true;
    $query .= " ORDER BY {$column['subject']}";
    if (empty($total)) {
        $countres = $dbconn->Execute($query);
        $total = $countres->PO_RecordCount();
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_COMMENTS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_comments=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if ($row[pid] != 0) {
                // comment with parent posting
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=NS-Comments&amp;file=index&amp;req=showreply&amp;tid={$row['tid']}&amp;sid={$row['sid']}&amp;pid={$row['pid']}\">{$row['subject']}</a></li>");
            } else {
                // comment without parent posting
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=NS-Comments&amp;file=index&amp;tid={$row['tid']}&amp;sid={$row['sid']}#{$row['tid']}\">{$row['subject']}</a></li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_COMMENTS . '</font>');
    return $output->GetOutput();
예제 #12
 * Main administration menu
function template_adminmenu()
    // Create output object - this object will store all of our output so that
    // we can return it easily when required
    $output = new pnHTML();
    // Display status message if any.  Note that in future this functionality
    // will probably be in the theme rather than in this menu, but this is the
    // best place to keep it for now
    // Start options menu
    // Menu options.  These options are all added in a single row, to add
    // multiple rows of options the code below would just be repeated
    $columns = array();
    $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'new')), _NEWTEMPLATE);
    $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'view')), _VIEWTEMPLATE);
    $columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Template', 'admin', 'modifyconfig')), _EDITTEMPLATECONFIG);
    // Return the output that has been generated by this function
    return $output->GetOutput();
예제 #13
function search_sections()
    list($active_sections, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_sections', 'startnum', 'total', 'bool', 'q');
    if (empty($active_sections)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $seccol =& $pntable['seccont_column'];
    $query = "SELECT {$seccol['artid']} as id, {$seccol['title']} as title, {$seccol['secid']} as secid\n              FROM {$pntable['seccont']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        $query .= "{$seccol['title']} LIKE '{$word}' OR \n";
        $query .= "{$seccol['content']} LIKE '{$word}')\n";
        $flag = true;
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$seccol['slanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$seccol['slanguage']}='')";
    $query .= " ORDER BY {$seccol['artid']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            // we know about the section id so let's get the section name
            $column2 =& $pntable['sections_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
            list($secname) = $result2->fields;
            if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_SECTIONS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_sections=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            // we know about the section id so let's get the section name
            $column2 =& $pntable['sections_column'];
            $result2 = $dbconn->Execute("SELECT {$column2['secname']} FROM {$pntable['sections']} WHERE {$column2['secid']}={$row['secid']}");
            list($secname) = $result2->fields;
            if (pnSecAuthAction(0, "Sections::Section", "{$secname}::{$row['secid']}", ACCESS_READ) && pnSecAuthAction(0, "Sections::Article", "{$row['title']}:{$secname}:{$row['id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Sections&amp;file=index&amp;req=viewarticle&amp;artid={$row['id']}\">{$row['title']}</a><br></li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_SECTIONS . '</font>');
    return $output->GetOutput();
예제 #14
function search_faqs()
    list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
    if (empty($active_faqs)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $column =& $pntable['faqanswer_column'];
    $faqcatcol =& $pntable['faqcategories_column'];
    $query = "SELECT {$column['id_cat']} as id_cat, \n    \t\t\t\t{$column['question']} as question, \n    \t\t\t\t{$column['answer']} as answer,\n    \t\t\t\t{$faqcatcol['categories']} as categories\n              FROM {$pntable['faqanswer']} \n              LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        // faqs
        $query .= "{$column['question']} LIKE '{$word}' OR \n";
        $query .= "{$column['answer']} LIKE '{$word}'\n";
        $query .= ')';
        $flag = true;
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
    $query .= " ORDER BY {$column['id']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_faqs=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=FAQ&amp;file=index&amp;myfaq=yes&id_cat={$row['id_cat']}\">{$row['question']}</a><br>Answer: " . nl2br($row[answer]) . "</li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_FAQS . '</font>');
    return $output->GetOutput();
예제 #15
function search_stories()
    list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
    if (!isset($active_stories) || !$active_stories) {
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (empty($bool)) {
        $bool = 'OR';
    $flag = false;
    $storcol =& $pntable['stories_column'];
    $stcatcol =& $pntable['stories_cat_column'];
    $topcol =& $pntable['topics_column'];
    $query = "";
    $query1 = "SELECT {$storcol['sid']} as sid,\n                     {$topcol['tid']} as topicid,\n                     {$topcol['topicname']} as topicname,\n                     {$topcol['topictext']} as topictext,\n                     {$storcol['catid']} as catid,\n                     {$storcol['time']} AS fdate,\n                     {$storcol['title']} AS story_title,\n                     {$storcol['aid']} AS aid,\n                     {$stcatcol['title']} AS cat_title\n               FROM {$pntable['stories']}\n               LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n               LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n               WHERE ";
    // hack to get this to work, but much better than what we had before
    //$query .= " 1 = 1 ";
    // words
    $w = search_split_query($q);
    if (isset($w)) {
        foreach ($w as $word) {
            if ($flag) {
                switch ($bool) {
                    case 'AND':
                        $query .= ' AND ';
                    case 'OR':
                        $query .= ' OR ';
            $query .= '(';
            $query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            //$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
            $query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
            $query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
            $query .= ')';
            $flag = true;
            $no_flag = false;
    } else {
        $no_flag = true;
    // topics
    if (isset($stories_topics) && !empty($stories_topics)) {
        $flag = false;
        $start_flag = false;
        // dont set AND/OR if nothing is in front
        foreach ($stories_topics as $v) {
            if (empty($v)) {
            if (!$no_flag and !$start_flag) {
                $query .= " AND (";
                $start_flag = true;
            if ($flag) {
                $query .= " OR ";
            $query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
            $flag = true;
        if (!$no_flag and $start_flag) {
            $query .= ") ";
            $no_flag = false;
    // categories
    if (!is_array($stories_cat)) {
        $stories_cat[0] = '';
    if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
        if (!$no_flag) {
            $query .= " AND (";
        $flag = false;
        foreach ($stories_cat as $v) {
            if ($flag) {
                $query .= " OR ";
            $query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
            $flag = true;
        if (!$no_flag) {
            $query .= ") ";
            $no_flag = false;
    // authors
    if (isset($stories_author) && $stories_author != "") {
        if (!$no_flag) {
            $query .= " AND (";
        $query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
        $result = $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            $query .= " OR {$storcol['aid']}={$row['pn_uid']}";
        if (!$no_flag) {
            $query .= ") ";
            $no_flag = false;
    } else {
        $stories_author = '';
    if (pnConfigGetVar('multilingual') == 1) {
        if (!empty($query)) {
            $query .= " AND";
        $query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
    if (empty($query)) {
        $query = "1";
    $query .= " ORDER BY {$storcol['time']} DESC";
    $query = $query1 . $query;
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_stories=1&amp;stories_author=" . $stories_author;
        if (isset($stories_cat) && $stories_cat) {
            foreach ($stories_cat as $v) {
                $url .= "&amp;stories_cat%5B%5D={$v}";
        if (isset($stories_topics) && $stories_topics) {
            foreach ($stories_topics as $v) {
                $url .= "&amp;stories_topics%5B%5D={$v}";
        $url .= "&amp;bool=" . $bool;
        if (isset($q)) {
            $url .= "&amp;q=" . $q;
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
                $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
                if (!empty($row['topicid'])) {
                    $output->Text("<b><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_stories=1&amp;stories_topics[0]=" . $row['topicid'] . "\">" . $row['topictext'] . "</a></b> - ");
                if (!empty($row['catid'])) {
                    $output->Text("<a href=\"modules.php?op=modload&amp;name=News&amp;file=index&amp;catid=" . $row['catid'] . "\">" . $row['cat_title'] . "</a>: ");
                if ($row['story_title'] == '') {
                    $row['story_title'] = 'No Title';
                $output->Text('<i><a class="pn-normal" href="modules.php?op=modload&amp;name=News&amp;file=article&amp;sid=' . $row['sid'] . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></i> - ' . $row['fdate'] . "</li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_STORIES_TOPICS . '</font>');
    return $output->GetOutput();
예제 #16
function search_reviews()
    list($active_reviews, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_reviews', 'startnum', 'total', 'bool', 'q');
    if (empty($active_reviews)) {
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    $output = new pnHTML();
    if (!isset($startnum) || !is_numeric($startnum)) {
        $startnum = 1;
    if (isset($total) && !is_numeric($total)) {
    $w = search_split_query($q);
    $flag = false;
    $revcol =& $pntable['reviews_column'];
    $comcol =& $pntable['reviews_comments_column'];
    $query = "SELECT DISTINCT {$revcol['id']} as id, {$revcol['title']} as title, {$revcol['score']} as score, {$revcol['hits']} as hits, {$revcol['reviewer']} as reviewer, {$revcol['date']} AS fdate\n              FROM {$pntable['reviews']} LEFT JOIN {$pntable['reviews_comments']} ON {$comcol['rid']}={$revcol['id']}\n              WHERE \n";
    foreach ($w as $word) {
        if ($flag) {
            switch ($bool) {
                case 'AND':
                    $query .= ' AND ';
                case 'OR':
                    $query .= ' OR ';
        $query .= '(';
        // reviews
        $query .= "{$revcol['title']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['text']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['reviewer']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['cover']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['url']} LIKE '{$word}' OR \n";
        $query .= "{$revcol['url_title']} LIKE '{$word}' OR \n";
        // reviews_comments
        $query .= "{$comcol['comments']} LIKE '{$word}'\n";
        $query .= ')';
        $flag = true;
    if (pnConfigGetVar('multilingual') == 1) {
        $query .= " AND ({$revcol['rlanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$revcol['rlanguage']}='')";
    $query .= " ORDER BY {$revcol['date']}";
    // get the total count with permissions!
    if (empty($total)) {
        $total = 0;
        $countres = $dbconn->Execute($query);
        while (!$countres->EOF) {
            $row = $countres->GetRowAssoc(false);
            if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
    $result = $dbconn->SelectLimit($query, 10, $startnum - 1);
    if (!$result->EOF) {
        $output->Text(_REVIEWS . ': ' . $total . ' ' . _SEARCHRESULTS);
        // Rebuild the search string from previous information
        $url = "modules.php?op=modload&amp;name=Search&amp;file=index&amp;action=search&amp;active_reviews=1&amp;bool={$bool}&amp;q={$q}";
        while (!$result->EOF) {
            $row = $result->GetRowAssoc(false);
            $row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
            if (pnSecAuthAction(0, "Reviews::", "{$row['title']}::{$row['id']}", ACCESS_READ)) {
                $output->Text("<li><a class=\"pn-normal\" href=\"modules.php?op=modload&amp;name=Reviews&amp;file=index&amp;req=showcontent&id={$row['id']}\">{$row['title']}</a> <font class=\"pn-sub\">(score: {$row['score']} - hits: {$row['hits']})</font><br>{$row['reviewer']}<br>{$row['fdate']}</li>");
        // Munge URL for template
        $urltemplate = $url . "&amp;startnum=%%&amp;total={$total}";
        $output->Pager($startnum, $total, $urltemplate, 10);
    } else {
        $output->Text('<font class="pn-normal">' . _SEARCH_NO_REVIEWS . '</font>');
    return $output->GetOutput();