<?php
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
$commentID = get_id(2);
$commentsClass = new comments();
$comment = $commentsClass->get($commentID);
if (!is_array($comment)) {
addErrorMessage($langArray['wrong_comment'], '', 'error');
} else {
abr('show_form', 'yes');
abr('comment', $comment);
}
$total_money = floatval($item['prepaid_price']) + floatval($item['your_profit']);
$ordersClass->buy($total_money);
refresh('/' . $languageURL . 'download/', $langArray['complete_buy_theme'], 'complete');
}
}
} elseif ($_POST['licence'] == 'extended') {
if (isset($_POST['pay_method']) && $_POST['pay_method'] == 'paymethod') {
$orderID = $ordersClass->add($item['extended_price'], 'true');
if (isset($_SESSION['tmp']['deposit_id'])) {
unset($_SESSION['tmp']['deposit_id']);
}
$_SESSION['tmp']['order_id'] = $orderID;
refresh('/' . $languageURL . 'items/payment/');
} else {
if ($_SESSION['user']['total'] < $item['extended_price']) {
addErrorMessage($langArray['error_not_enought_money'], '', 'error');
} else {
$ordersClass->buy($item['extended_price'], true);
refresh('/' . $languageURL . 'download/', $langArray['complete_buy_theme'], 'complete');
}
}
}
}
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
if ($item['free_file'] == 'true') {
abr('freeFileMessage', langMessageReplace($langArray['free_file_info'], array('URL' => '/' . $languageURL . 'users/downloads/' . $item['id'])));
}
#加载其它作品
$otherItems = $itemsClass->getAll(0, 6, " `status` = 'active' AND `id` <> '" . intval($itemID) . "' AND `user_id` = '" . intval($item['user_id']) . "' ", "RAND()");
#加载类别
$categoriesClass = new ccategories();
$categories = $categoriesClass->getAll(0, 0, " `visible` = 'true'");
abr('categories', $categories);
#发送联系支持请求
if (isset($_POST['action'])) {
//验证码验证
if (isset($_POST['verify'])) {
if (empty($_POST['verify'])) {
addErrorMessage($langArray['error_verify_invalid_empty'], '', 'error');
}
require_once ROOT_PATH . '/classes/Verify.class.php';
$verify = new Verify();
$yz_verify = $verify->check($_POST['verify'], 1);
if (!$yz_verify) {
addErrorMessage($langArray['error_invalid_verify'], '', 'error');
} else {
$contactsClass = new contacts();
$s = $contactsClass->add();
if ($s === true) {
refresh('/' . $languageURL . 'support/', $langArray['complete_send_email'], 'complete');
} else {
addErrorMessage($langArray['error_all_fields_required'], '', 'error');
}
}
} else {
addErrorMessage($langArray['error_verify_invalid_empty'], '', 'error');
}
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'contacts/" title="">' . $langArray['contacts'] . '</a>');
<?php
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
require_once ROOT_PATH . '/apps/collections/models/collections.class.php';
$collectionsClass = new collections();
if (check_login_bool() && isset($_POST['add_collection'])) {
$s = $collectionsClass->bookmark($itemID);
if ($s === true) {
refresh('/' . $languageURL . 'items/' . $itemID, $langArray['complete_bookmark_item'], 'complete');
} else {
addErrorMessage($s, '还没有创建书签集', 'error');
}
}
if (check_login_bool()) {
$collections = $collectionsClass->getAll(0, 0, " `user_id` = '" . intval($_SESSION['user']['user_id']) . "' ");
abr('bookCollections', $collections);
}
}
if ($dnid = $_POST['default']) {
c2r_user_number_default($uid, $dnid);
}
} else {
if (isset($_POST['validate_unid']) && ($vunid = $_POST['validate_unid'])) {
c2r_user_number_activate($vunid, $_POST['code']);
}
if (isset($_POST['number']) && ($number = $_POST['number'])) {
if (!eregi("^\\+[0-9]+\$", $number)) {
addErrorMessage(t('This phone number has a wrong format. Please use the + sign, followed by country code, area code and your individual number.'));
} else {
$sql = "select number from users u, user_number un where u.is_active=True and un.user_id=u.id and number='{$number}'";
$result = query($sql);
if (pg_fetch_row($result)) {
addErrorMessage('This number is already used!');
} else {
c2r_user_number_add($user->id, $number);
addInfoMessage(t('Please validate ') . $number . t('. Enter the Code you get via SMS.'));
}
}
}
if (isset($_GET['number_delete']) && ($del_unid = $_GET['number_delete'])) {
addInfoMessage(t('Phone number deleted'));
c2r_user_number_delete($del_unid);
}
if (isset($_POST['default']) && ($dnid = $_POST['default'])) {
c2r_user_number_default($user->id, $dnid);
}
if (isset($_POST['dlid']) && ($dlid = $_POST['dlid']) && isset($_POST['language']) && ($lng = $_POST['language'])) {
c2r_user_update_default_location($user->id, $dlid);
$has_errors = true;
}
}
}
if (!$has_errors) {
c2r_userinfo_insert($_POST['name'], $_POST['email'], $_POST['cid'], $_POST['dlid'], $_POST['gid'], $_POST['is_active'], $_POST['number']);
unset($_POST);
} else {
if ($duplicate_email) {
$e_msg = 'Duplicate Email: ' . $_POST['email'];
addErrorMessage($e_msg);
c2r_log_error('Add User', $e_msg);
}
if ($duplicate_number) {
$e_msg = 'Duplicate Numbers: ' . $_POST['number'];
addErrorMessage($e_msg);
c2r_log_error('Add User', $e_msg);
}
}
}
$users = c2r_users_get($user->group_id < 3 ? $user->company_id : 0);
foreach ($users as $uid => $u) {
$ui = c2r_get_user_info_object($uid);
$users[$uid]->ui = $ui;
}
$locations = c2r_locations_get(0, $user->group_id < 3 ? $user->company_id : 0);
$companies = c2r_companies_get();
$smarty->assign('companies', $companies);
$smarty->assign('locations', $locations);
$smarty->assign('has_errors', $has_errors);
$smarty->assign('users', $users);
_setView(__FILE__);
_setTitle($langArray['make_payment_setTitle']);
$deposit_id = 0;
if (isset($_SESSION['tmp']['deposit_id'])) {
$deposit_id = (int) $_SESSION['tmp']['deposit_id'];
}
require_once ROOT_PATH . '/apps/users/models/deposit.class.php';
$cms = new deposit();
$deposit_info = $cms->get($deposit_id);
//充值信息
if ($deposit_info) {
$payments = glob(dirname(dirname(dirname(__FILE__))) . '/payments/controllers/*.php');
$payments_data = array();
//充值方式
if ($payments) {
$order_obj = array();
$key = 'chinabank';
require_once ROOT_PATH . '/apps/payments/models/' . $key . '.class.php';
$order_obj[$key] = new $key();
$payments_data[$key] = array('title' => '网银在线', 'description' => '网银在线订单支付', 'form' => $order_obj[$key]->generateDepositForm($deposit_info), 'logo' => '');
if ($payments_data) {
abr('payments_data', $payments_data);
} else {
addErrorMessage($langArray['no_payment_methods'], '', 'error');
}
} else {
addErrorMessage($langArray['no_payment_methods'], '', 'error');
}
} else {
addErrorMessage($langArray['deposit_is_expired'], '', 'error');
}
<?php
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
if (!isset($_GET['email'])) {
refresh('/');
}
require_once ROOT_PATH . "/apps/bulletin/models/bulletin.class.php";
$bulletinClass = new bulletin();
$bulletinClass->deleteEmail($_GET['email']);
addErrorMessage($_GET['email'] . $langArray['complete_unsubscribe'], '', 'complete');
<?php
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
_setTitle($langArray['view']);
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
refresh('?m=' . $_GET['m'] . '&c=list', 'INVALID ID', 'error');
}
if (!isset($_GET['p'])) {
$_GET['p'] = '';
}
$cms = new contacts();
$data = $cms->get($_GET['id']);
if (isset($_POST['send'])) {
$s = $cms->sendAnswer();
if ($s === true) {
refresh('?m=' . $_GET['m'] . '&c=list', $langArray['complete_answer_issue'], 'complete');
} else {
addErrorMessage($langArray['error_answer_issue'], '', 'error');
}
}
$_POST = $data;
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
$quizClass = new quiz();
$answersClass = new answers();
$questions = $quizClass->getAll(0, 0, '', 'RAND()');
abr('questions', $questions);
$answers = $answersClass->getAll(0, 0, '', true);
abr('answers', $answers);
if ($_SESSION['user']['quiz'] != 'false') {
refresh('/' . $languageURL . 'author_dashboard/');
}
#检查测验
if (isset($_POST['submit'])) {
$rightAnswers = 0;
if (isset($_POST['answers']) && is_array($_POST['answers'])) {
foreach ($_POST['answers'] as $question => $answer) {
if (isset($answers[$question][$answer]) && $answers[$question][$answer]['right'] == 'true') {
$rightAnswers++;
}
}
}
if ($rightAnswers > 0 && count($questions) == $rightAnswers) {
$_SESSION['user']['quiz'] = 'true';
require_once ROOT_PATH . '/apps/users/models/users.class.php';
$usersClass = new users();
$usersClass->updateQuiz($_SESSION['user']['user_id'], 'true');
refresh('/' . $languageURL . 'users/dashboard/', $langArray['complete_score_quiz'], 'complete');
} else {
addErrorMessage(langMessageReplace($langArray['error_quiz'], array('RIGHT' => $rightAnswers, 'TOTAL' => count($questions))), '', 'error');
}
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'quiz/" title="">' . $langArray['quiz'] . '</a>');
/**
* do several things??? with groups and memberships
*
* TODO: rename, maybe to groupMembership?
*
* @return string; html form
*/
function subscribeGroup()
{
global $user;
include_once CHURCHDB . '/churchdb_db.php';
$sql_gruppenteilnahme = "SELECT g.bezeichnung, gpg.*\n FROM {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, {cdb_gruppe} g\n WHERE gpg.gemeindeperson_id=gp.id AND gp.person_id=:person_id AND gpg.gruppe_id=g.id AND g.id=:g_id";
$sGroup = getVar("subscribegroup");
// if ($sGroup = getVar("subscribegroup")) { // should also work
if ($sGroup > 0) {
$res = db_query("SELECT * FROM {cdb_gruppe}\n WHERE id=:id AND offen_yn=1", array(":id" => $sGroup))->fetch();
if (!$res) {
addErrorMessage(t("error.requesting.group.membership"));
} else {
include_once CHURCHDB . '/churchdb_ajax.php';
$grp = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $sGroup))->fetch();
if (!$grp) {
churchdb_addPersonGroupRelation($user->id, $res->id, -2, null, null, null, t("request.by.form"));
} else {
_churchdb_editPersonGroupRelation($user->id, $res->id, -2, null, "null", t("request.quit.membership.by.form"));
}
addInfoMessage(t("membership.requested.by.form.leader.will.be.informed", "<i>{$res->bezeichnung}</i>"));
}
}
$uGroup = getVar("unsubscribegroup");
// if ($uGroup = getVar("unsubscribegroup")) { // should also work
if ($uGroup > 0) {
$res = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $uGroup))->fetch();
if (!$res) {
addErrorMessage(t("error.quitting.membership"));
} else {
include_once CHURCHDB . '/churchdb_ajax.php';
_churchdb_editPersonGroupRelation($user->id, $res->gruppe_id, -1, null, "null", t("request.quit.membership.by.form"));
addInfoMessage(t("membership.marked.for.deleting", "<i>{$res->bezeichnung}</i>"));
}
}
// get groups the user is member of or requested membership
$res = db_query("SELECT gpg.gruppe_id, status_no\n FROM {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp\n WHERE gpg.gemeindeperson_id=gp.id AND gp.person_id={$user->id}");
$mygroups = array();
foreach ($res as $p) {
$mygroups[$p->gruppe_id] = $p;
}
// get all open groups
$res = db_query("SELECT * FROM {cdb_gruppe} p\n WHERE offen_yn=1 AND ((abschlussdatum IS NULL) OR (DATE_ADD( abschlussdatum, INTERVAL 1 DAY ) > NOW( )))");
$txt = "";
$txt_subscribe = "";
$txt_unsubscribe = "";
foreach ($res as $g) {
// groups user is not member of
if (!isset($mygroups[$g->id]) || $mygroups[$g->id]->status_no == -1) {
if ($g->max_teilnehmer == null || churchdb_countMembersInGroup($g->id) < $g->max_teilnehmer) {
$txt_subscribe .= "<option value='{$g->id}'>{$g->bezeichnung}";
if ($g->max_teilnehmer) {
$txt_subscribe .= " (max. {$g->max_teilnehmer})";
}
}
} else {
if ($mygroups[$g->id]->status_no <= 0) {
$txt_unsubscribe .= "<option value='{$g->id}'>{$g->bezeichnung}";
if ($mygroups[$g->id]->status_no == -2) {
$txt_unsubscribe .= " [beantragt]";
}
}
}
}
if ($txt_subscribe || $txt_unsubscribe) {
$txt = '<form method="GET" action="?q=home">';
if ($txt_subscribe) {
$txt .= '<p>' . t("apply.for.group.membership") . ':<p><select name="subscribegroup"><option>' . $txt_subscribe . '</select>';
}
if ($txt_unsubscribe) {
$txt .= '<p>' . t("quit.group.membership") . ':<p><select name="unsubscribegroup"><option>' . $txt_unsubscribe . '</select>';
}
$txt .= '<P><button class="btn" type="submit" name="btn">' . t("send") . '</button>';
$txt .= '</form>';
}
return $txt;
}
if (check_login_bool() && isset($_POST['add'])) {
$s = $commentsClass->add();
if ($s === true) {
refresh('/' . $languageURL . 'items/comments/' . $itemID, $langArray['complete_add_comment'], 'complete');
} else {
addErrorMessage($langArray['error_item_comment'], '', 'error');
}
} elseif (isset($_POST['add_reply'])) {
if (!isset($_POST['comment_id'])) {
$_POST['comment_id'] = 0;
}
$s = $commentsClass->add($_POST['comment_id']);
if ($s === true) {
refresh('/' . $languageURL . 'items/comments/' . $itemID, $langArray['complete_add_reply'], 'complete');
} else {
addErrorMessage($langArray['error_item_comment'], '', 'error');
}
}
$comments = $commentsClass->getAll(START, LIMIT, " `item_id` = '" . intval($itemID) . "' AND `reply_to` = '0' ", true, '`datetime` ASC');
if (is_array($comments)) {
$users = $usersClass->getAll(0, 0, $commentsClass->usersQuery);
abr('users', $users);
$ordersClass = new orders();
$buyFromUsers = $ordersClass->isItemBuyed($itemID, $commentsClass->usersQuery);
abr('buyFromUsers', $buyFromUsers);
}
abr('comments', $comments);
abr('paging', paging('/' . $languageURL . 'items/comments/' . $itemID . '/?p=', '', PAGE, LIMIT, $commentsClass->foundRows));
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
if (!$has_error) {
if ($_GET['route']) {
$r = c2r_routes_get($_GET['route_id']);
$res = c2r_request_ride_route($_GET['user_number_id'], $_GET['location_id'], $r->key, $_GET['reverse'], $time_earliest, $time_latest, $sdate);
} else {
$sp = c2r_pickuppoints_get($_GET['start_point']);
$ep = c2r_pickuppoints_get($_GET['end_point']);
$res = c2r_request_ride($_GET['user_number_id'], $_GET['location_id'], $sp->key, $ep->key, $time_earliest, $time_latest, $sdate);
}
if ($res) {
addInfoMessage($res);
header("Location: " . OCP_BASE_URL . "matchingoffers.php");
/* Redirect browser */
exit;
} else {
addErrorMessage(t('An error occurred'));
}
}
}
smarty_display('request');
exit;
$title = 'Request';
$page_id = 'index';
include 'design/header.php';
?>
<script type="text/javascript" charset="utf-8">
function change_select (val) {
if (val) {
$('#point_select').hide();
$('#route_select').show();
/**
* view log
*
* TODO: maybe the html should be in a sort of template?
*/
function churchcore__logviewer()
{
if (!user_access("view logfile", "churchcore")) {
addErrorMessage(t("no.permission.for", "LogViewer"));
return " ";
}
$txt = '<div class="row-fluid">';
$txt .= '<div class="span3 bs-docs-sidebar">';
$txt .= '<ul id="navlist" class="nav nav-list bs-docs-sidenav affix-top">';
$txt .= '<li><a href="#log1">' . t("important.logs") . '</a>';
$txt .= '<li><a href="#log2">' . t("last.accesses") . '</a>';
$txt .= '<li><a href="#log3">' . t("top.accesses") . '</a>';
$txt .= '</div>';
$txt .= '<div class="span9">';
$limit = 200;
if (getVar("showmore")) {
$limit = 1000;
}
$filter = "txt LIKE 'Sende Mail%' OR txt LIKE 'Gruppe:%' OR level<3";
$val = "";
$params = array();
if ($f = getVar("filter")) {
$filter = "txt LIKE :filter";
$params[":filter"] = '%' . $f . '%';
$val = $f;
}
$txt .= '<anchor id="log1"/><h2>' . t("logviewer") . '</h2>';
$res = db_query("SELECT p.id p_id, p.vorname, p.name, log.datum, log.level, log.domain_type, log.domain_id, log.txt\n FROM {cdb_person} p RIGHT JOIN\n (SELECT person_id, datum, level, domain_type, domain_id, txt\n FROM {cdb_log} l\n WHERE {$filter}\n \t\t\t\t ORDER BY l.id DESC\n \t\t\t\t LIMIT 0,{$limit}) AS log ON (log.person_id=p.id)", $params);
$txt .= '<form class="form-inline" action="">';
$txt .= '<input type="hidden" name="q" value="churchcore/logviewer"/>';
$txt .= '<input name="filter" class="input-medium" type="text" value="' . $val . '"></input> <input type="submit" class="btn" value="' . t("filter") . '"/></form>';
$txt .= '<table class="table table-condensed table-bordered">';
$txt .= "<tr><th>" . t("date") . "<th>#<th>Object<th>" . t("name") . "<th>Log";
$counter = 0;
foreach ($res as $arr) {
$txt .= "<tr><td><nobr>{$arr->datum} </nobr><td>{$arr->level}<td>{$arr->domain_type}" . ($arr->domain_id != -1 ? "[{$arr->domain_id}]" : "");
$txt .= "<td>";
if (isset($arr->p_id)) {
$txt .= "<nobr>{$arr->vorname} {$arr->name} [{$arr->p_id}]</nobr>";
}
$txt .= "<td><small style=\"color:grey\">{$arr->txt}</small>";
$counter++;
}
$txt .= '</table>';
if (!getVar("showmore") && $counter >= $limit) {
$txt .= '<a href="?q=churchcore/logviewer&showmore=true" class="btn">' . t("show.more.rows") . '</a> ';
}
$txt .= '<anchor id="log2"><h2>' . t("last.accesses") . '</h2>';
$txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
$res = db_query("SELECT p.id pid, vorname, name, COUNT( l.id ) count, MAX( lastlogin ) maxdatum\n FROM {cdb_log} l, {cdb_person} p\n WHERE l.person_id=p.id\n GROUP BY pid, vorname, name\n ORDER BY max( lastlogin ) DESC ");
foreach ($res as $arr) {
$txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
}
$txt .= "</table><br/><br/>";
$txt .= '<anchor id="log3"><h2>' . t("top.accesses") . '</h2>';
$txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
$res = db_query("SELECT p.id pid, vorname, name, COUNT( l.id ) count, MAX( lastlogin ) maxdatum\n FROM {cdb_log} l, {cdb_person} p\n WHERE l.person_id=p.id\n GROUP BY pid, vorname, name\n ORDER BY count(l.id) DESC ");
foreach ($res as $arr) {
$txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
}
$txt .= "</table><br/><br/>";
$txt .= "</div></div>";
$txt .= '
<script>
!function ($) {
$(function(){
// carousel demo
$("#navlist").affix({offset: {top: 15}});
})
}(window.jQuery)
</script>';
return $txt;
}
/**
* TODO: put this into churchtools_main, no need for two functions
*
* Main entry point for churchtools.
* This will be called from /index.php
* Function loads i18n, configuration, check data security.
* If everything is ok, it calls churchtools_processRequest()
*/
function churchtools_app()
{
global $q, $q_orig, $currentModule, $add_header, $config, $mapping, $content, $base_url, $files_dir, $user, $embedded, $i18n;
include_once CHURCHCORE . "/churchcore_db.php";
$files_dir = DEFAULT_SITE;
// which module is requested?
$q = $q_orig = getVar("q", userLoggedIn() ? "home" : getConf("site_startpage", "home"));
// $currentModule is needed for class autoloading and maybe other include paths
list($currentModule) = explode('/', getVar("q"));
// get first part of $q or churchcore
$embedded = getVar("embedded", false);
$base_url = getBaseUrl();
$config = loadConfig();
if ($config) {
if (db_connect()) {
// DBConfig overwrites the config files
loadDBConfig();
if (empty($config['site_name'])) {
$config['site_name'] = 'ChurchTools';
}
//dont allow site_name to be empty
date_default_timezone_set(getConf("timezone", "Europe/Berlin"));
if (isset($_COOKIE["language"])) {
$config["language"] = $_COOKIE["language"];
}
// Load i18n churchcore-bundle
if (!isset($config["language"])) {
if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) {
$config["language"] = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
} else {
$config["language"] = DEFAULT_LANGUAGE;
}
}
$i18n = new TextBundle(CHURCHCORE . "/resources/messages");
$i18n->load("churchcore", $config["language"] != null ? $config["language"] : null);
// Session Init
if (!file_exists($files_dir . "/tmp")) {
@mkdir($files_dir . "/tmp", 0775, true);
}
if (!file_exists($files_dir . "/tmp")) {
// Admin should act accordingly, default suggestion is 0755.
addErrorMessage(t("permission.denied.write.dir", $files_dir));
} else {
session_save_path($files_dir . "/tmp");
}
session_name("ChurchTools_" . $config["db_name"]);
session_start();
register_shutdown_function('handleShutdown');
// Check for offline mode. If it's activated display message and return false;
if (getConf("site_offline") == 1) {
if (!isset($_SESSION["user"]) || !in_array($_SESSION["user"]->id, getConf("admin_ids"))) {
echo t("site.is.down");
return false;
}
}
$embedded = getVar("embedded", false);
$mapping = loadMapping();
$success = true;
// Check for DB-Updates and loginstr only if this is not an ajax call.
if (strrpos($q, "ajax") === false) {
$success = checkForDBUpdates();
}
// Log if debug ist activated
if (isset($config["debug"])) {
logParams();
}
if ($success) {
// Is there a loginstr which does not fit to the current logged in user?
if (getVar("loginstr") && getVar("id") && userLoggedIn() && $_SESSION["user"]->id != getVar("id")) {
logout_current_user();
session_start();
} else {
loadUserObjectInSession();
}
}
if ($success) {
if (isset($_SESSION['user'])) {
$user = $_SESSION['user'];
}
// Accept data security?
if (userLoggedIn() && !isset($_SESSION["simulate"]) && $q != "logout" && isset($config["accept_datasecurity"]) && $config["accept_datasecurity"] == 1 && !isset($user->acceptedsecurity)) {
$content .= pleaseAcceptDatasecurity();
} else {
$content .= churchtools_processRequest($q);
}
}
}
}
// TODO: i changed header/footer to a sort of template
// probably some more logic could be removed from them by setting some more variables here
// put header/footer into new file layout.php and add a variable $content
$lang = getConf("language");
$simulate = getVar("simulate", false, $_SESSION);
$sitename = getConf("site_name");
if (getConf("test")) {
$sitename .= " TEST ";
}
$logo = ($logo = getConf("site_logo")) ? "{$files_dir}/files/logo/{$logo}" : '';
include INCLUDES . "/header.php";
echo $content;
include INCLUDES . "/footer.php";
}
// +----------------------------------------------------------------------
// | Demila [ Beautiful Digital Content Trading System ]
// +----------------------------------------------------------------------
// | Copyright (c) 2015 http://demila.org All rights reserved.
// +----------------------------------------------------------------------
// | Licensed ( http://www.apache.org/licenses/LICENSE-2.0 )
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
_setTitle($langArray['edit']);
if (!isset($_GET['id']) || !is_numeric($_GET['id'])) {
refresh('?m=' . $_GET['m'] . '&c=withdraws', 'INVALID ID', 'error');
}
$cms = new deposit();
$data = $cms->getWithdraw($_GET['id']);
abr('data', $data);
$usersClass = new users();
$user = $usersClass->get($data['user_id']);
abr('user', $user);
if (isset($_POST['edit'])) {
$status = $cms->payoutWithdraw();
if ($status !== true) {
addErrorMessage($status, '', 'error');
} else {
refresh("?m=" . $_GET['m'] . "&c=withdraws", $langArray['complete_withdraw']);
}
} else {
$_POST = $data;
}
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
}
/* PW Lost */
if ($key = $_GET['pwlost']) {
check_lost_password($key);
// if script continues, then key was invalid
addErrorMessage(t('This key is invalid, please use the password lost function again'));
}
/* Login */
if (isset($_POST['email'])) {
$email = strtolower($_POST['email']);
$password = $_POST['password'];
if (!loginUser($email, $password)) {
addErrorMessage(t('Wrong email address or password'));
}
}
/* Password lost */
if (isset($_POST['lost_email'])) {
$email = strtolower($_POST['lost_email']);
$keeponpage = true;
$res = c2r_lost_password($email);
if ($res == 1) {
addInfoMessage(t('We sent you a login link via email. Please check your email account.'));
} else {
addErrorMessage(t('Unknown email address. You can register a new account with this email address.'));
}
}
if (!$keeponpage && $user) {
header('Location: ' . OCP_BASE_URL);
exit;
}
smarty_display(t('login'));
$s = $usersClass->login();
if ($s === true) {
if (isset($_SESSION['temp']['golink'])) {
$web = $_SESSION['temp']['golink'];
unset($_SESSION['temp']['golink']);
refresh($web);
}
refresh('/' . $languageURL);
} else {
// error_invalid_username_or_password
//账号未激活
if ($s == 'error_invalid_activation_no') {
//通过用户名密码获取用户信息
$username = $_POST['username'];
$password = $_POST['password'];
$user_info = $usersClass->getuserinfoByNamePwd($username, $password);
$usersClass->res_send($user_info['user_id']);
$res_data['show_status'] = 1;
$res_mail = 'http://' . $usersClass->gotomail($user_info['email']);
$_SESSION["THE_USER_RES_SEND_MAIL_4_M_MAIL"] = $res_mail;
$_SESSION["THE_USER_RES_SEND_MAIL_4_M"] = $user_info['user_id'];
} else {
$res_data['user_info'] = array();
$res_data['show_status'] = 0;
}
abr('res_data', $res_data);
addErrorMessage($langArray[$s], '', 'error');
}
}
#面包屑
abr('breadcrumb', '<a href="/' . $languageURL . '" title="">' . $langArray['home'] . '</a> \\ <a href="/' . $languageURL . 'users/login/" title="">' . $langArray['login'] . '</a>');
function parseInputs() {
global $inputs, $results;
//create the results array, with true as the default
$results[0] = "true";
//catch the posted inputs and store them in the inputs array
foreach ($_POST as $field => $value) {
$inputs[$field] = $value;
}
//perform misc functions to make sure the inputs won't do anything
//malicious (such as trimming, stripping html tags, and preventing
//sql injections)
foreach ($inputs as $field => $value) {
$inputs[$field] = trim($value);
$inputs[$field] = htmlspecialchars($value);
$inputs[$field] = strip_tags($value);
$inputs[$field] = nl2br($value);
$inputs[$field] = mysql_real_escape_string($value);
}
//make sure any inputs that are marked as required aren't empty, and
//that all fields conform to the proper data type, if one is indicated
foreach ($inputs as $field => $value) {
//reset these flags for each input
$isRequired = false;
$foundError = false;
//make sure required fields aren't empty
if (strrpos($field, '$R', 0) != false) {
//this field is required
$isRequired = true;
if ($value == "") {
//this field is required, but it's empty. log an error
addErrorMessage("\"" . restoreFieldName($field) . "\" is a required field, you must enter a value");
//set this so we don't check this field for data type
$foundError = true;
}
}
//we only care about the data type if the field has a value, and
//we haven't already found a problem with this input
if (($value != "") && (!$foundError)) {
//make sure the value is of the proper data type
$dollar_position = strrpos($field, '$', 0);
if ($dollar_position != false) {
//there is a $ in the name of this field (position of it stored in $dollar_position)
if ((substr($field, ($dollar_position + 1), 2) == "is") || (substr($field, ($dollar_position + 2), 2) == "is")) {
//this field name has "is" either right after the $, or 1 char after the $ (allowing for the R)
//this means that this field must conform to a specific data type
$dataType = substr($field, (strpos($field, '$', 0) + 1), strlen($field));
$dataType = substr($dataType, (strpos($dataType, "is", 0) + 2), strlen($dataType));
$dataType = strToLower($dataType);
if (!isCorrectDataType($value, $dataType)) {
//the value does not conform to the data type. log an error
addErrorMessage("\"" . restoreFieldName($field) . "\" must be of the " . $dataType . " data type");
//and now empty this value in the array, so that if this gets sent back and
//preloaded into the form, the faulty value won't go with it
$inputs[$field] = "";
}
}
}
}
}
//lastly, remove the $ and everything after it from the keys of the inputs array
foreach ($inputs as $key => $value) {
$oldKey = null;
$newKey = null;
//store the place of the dollar sign in the key (if any)
$dollar_position = strpos($key, "$", 0);
if ($dollar_position != false) {
//there is a $ in the name of this field
//store the current key
$oldKey = $key;
//the new key is the old key from the start up to the position of the dollar sign
$newKey = substr($oldKey, 0, $dollar_position);
//create a new entry in the array with the new key and the same value as the old one
$inputs[$newKey] = $value;
//and remove the old (with the $) entry in the array
unset($GLOBALS["inputs"][$oldKey]);
}
}
}
#END;
/*
* CACHE
*/
$cache = new cache();
$cache->cacheDir = CACHE;
global $cache;
/*
* SESSION
*/
$session = new session();
/*
* 读取$_SESSION中的flash信息
*/
if ($message = getRefreshMessage()) {
addErrorMessage($message['title'], $message['text'], $message['type']);
}
/*
* 设置默认分页变量
* LIMIT = 10
*/
if (!defined('LIMIT')) {
define('LIMIT', 20, true);
}
if (isset($_GET['p']) && is_numeric($_GET['p']) && $_GET['p'] > 1) {
define('PAGE', intval($_GET['p']));
define('START', (PAGE - 1) * LIMIT);
} else {
define('PAGE', 1);
define('START', 0);
}
/**
* db backup into file $files_dir . "/db_backup"
* @return boolean
*/
function dump_database()
{
global $files_dir;
$dir = $files_dir . "/db_backup";
if (!file_exists($dir)) {
mkdir($dir, 0700, true);
}
if (!is_writable($dir)) {
addErrorMessage(t('permission.denied.write.dir', "<i>{$dir}</i>"));
} else {
if (!file_exists($dir . "/.htaccess")) {
$handle = fopen($dir . "/.htaccess", 'w+');
fwrite($handle, "Deny from all");
fclose($handle);
}
$tables = array();
$res = db_query('SHOW TABLES');
foreach ($res as $row) {
$table = "";
foreach ($row as $key => $val) {
$table = $val;
break;
}
if (isCTDBTable($table)) {
$tables[] = $table;
}
}
$return = "";
$dt = new DateTime();
$filename = $dir . '/db-backup-' . $dt->format('YmdHi') . '-' . md5(implode(',', $tables)) . '.sql';
$handle = fopen($filename, 'w+');
foreach ($tables as $table) {
$return .= 'DROP TABLE IF EXISTS ' . $table . ';';
$row2 = db_query('SHOW CREATE TABLE ' . $table)->fetch();
$row2 = (array) $row2;
$return .= "\n" . $row2["Create Table"] . ";\n\n";
$result = db_query('SELECT * FROM ' . $table);
foreach ($result as $content) {
$return .= 'INSERT INTO ' . $table . ' VALUES(';
$arr = array();
foreach ($content as $key => $val) {
if (!isset($val)) {
$val = "NULL";
} else {
$val = '"' . addslashes($val) . '"';
}
$arr[] = $val;
}
$return .= implode(",", $arr) . ");\n";
}
$return .= "\n\n\n";
fwrite($handle, $return);
$return = "";
}
// save file
fclose($handle);
$zip = new ZipArchive();
if ($zip->open($dir . '/db-backup-' . $dt->format('YmdHi') . '.zip', ZIPARCHIVE::OVERWRITE) !== true) {
return false;
}
$zip->addFile($filename);
$zip->close();
unlink($filename);
// delete files older then 30 days
if ($handle = opendir($dir)) {
$now = new DateTime();
while (false !== ($file = readdir($handle))) {
if (preg_match('/\\.sql|zip$/i', $file)) {
$date = DateTime::createFromFormat('YmdHi', substr($file, 10, strpos($file, ".") - 10));
if ($date != null) {
$interval = $date->diff($now);
if ($interval->format('%a') > 30) {
unlink($dir . "/" . $file);
}
}
}
}
}
}
}
$data["thumbnail"] = empty($data["thumbnail"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["thumbnail"];
$data["first_preview"] = empty($data["first_preview"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["first_preview"];
$data["main_file"] = empty($data["main_file"]) ? "" : DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $data["main_file"];
abr('data', $data);
$item = $cms->get($data['item_id']);
if (!is_array($item)) {
refresh('?m=' . $_GET['m'] . '&c=queue_update', 'WRONG ID', 'error');
}
$item['user'] = $usersClass->get($item['user_id']);
$item["thumbnail"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["thumbnail"];
$item["theme_preview"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["theme_preview"];
$item["main_file"] = DATA_SERVER . '/uploads/items/' . $data['item_id'] . '/' . $item["main_file"];
abr('item', $item);
if (isset($_POST['submit'])) {
if ($_POST['action'] == 'approve') {
$s = $cms->approveUpdate($_GET['id']);
if ($s === true) {
refresh("?m=" . $_GET['m'] . "&c=queue_update&p=" . $_GET['p'], $langArray['complete_approve_item_update']);
} else {
addErrorMessage($s, '', 'error');
}
} elseif ($_POST['action'] == 'delete') {
$s = $cms->unapproveDeleteUpdate($_GET['id']);
if ($s === true) {
refresh("?m=" . $_GET['m'] . "&c=queue_update&p=" . $_GET['p'], $langArray['complete_delete_item_update']);
} else {
addErrorMessage($s, '', 'error');
}
}
}
require_once ROOT_PATH . '/apps/lists/leftlist_admin.php';
// +----------------------------------------------------------------------
// | Email author@demila.org
// +----------------------------------------------------------------------
_setView(__FILE__);
$orderID = 0;
if (isset($_SESSION['tmp']['order_id'])) {
$orderID = (int) $_SESSION['tmp']['order_id'];
}
require_once ROOT_PATH . '/apps/items/models/orders.class.php';
$cms = new orders();
$order_info = $cms->get($orderID);
if ($order_info) {
$payments = glob(dirname(dirname(dirname(__FILE__))) . '/payments/controllers/*.php');
$payments_data = array();
if ($payments) {
$order_obj = array();
$key = 'chinabank';
require_once ROOT_PATH . '/apps/payments/models/' . $key . '.class.php';
$order_obj[$key] = new $key();
$payments_data[$key] = array('title' => '网银在线', 'description' => '网银在线订单支付', 'form' => $order_obj[$key]->generateForm($order_info), 'logo' => '');
if ($payments_data) {
abr('payments_data', $payments_data);
} else {
addErrorMessage($langArray['no_payment_methods'], '', 'error');
}
} else {
addErrorMessage($langArray['no_payment_methods'], '', 'error');
}
} else {
addErrorMessage($langArray['order_is_expired'], '', 'error');
}
/**
*
* @param array $u userdata
* @param bool $rember_me
* @return NULL
*/
function login_user($u, $rember_me = false, $redirect = true)
{
global $q, $q_orig, $config;
if (empty($u->id)) {
addErrorMessage(t("login.error.no.id.specified"));
return null;
}
$_SESSION["email"] = $u->email;
if (!$u->cmsuserid) {
$u->cmsuserid = "{$u->vorname} {$u->name} [" . $u->id . "]";
db_query("UPDATE {cdb_person}\n SET cmsuserid=:cmsuserid\n WHERE id=:id", array(':cmsuserid' => $u->cmsuserid, ':id' => $u->id));
}
if ($u->loginstr) {
db_query("UPDATE {cdb_person}\n SET loginstr=NULL\n WHERE id=:id", array(':id' => $u->id));
}
$u->auth = getUserAuthorization($u->id);
$_SESSION["user"] = $u;
// TODO: make time configurable
// login is valid for 6 days
$cookieExpireTime = time() + 60 * 60 * 24 * 6;
setcookie("RememberMe", $rember_me, $cookieExpireTime);
$_SESSION["sessionid"] = random_string();
setcookie("CC_SessionId", $_SESSION["sessionid"], $cookieExpireTime);
$dt = new DateTime();
db_query("UPDATE {cdb_person} SET lastlogin=NOW(), loginerrorcount=0 WHERE id=:id", array(':id' => $u->id));
// Get language form user setting, if not available set it from current cookie
$lang = getUserSetting("churchcore", $u->id, "language");
if (!$lang) {
_churchcore_savePidUserSetting("churchcore", $u->id, "language", getConf("language"));
} else {
setcookie("language", $lang, time() + 60 * 60 * 24 * 30);
}
// 30 days
db_query("DELETE FROM {cc_session} WHERE datediff(NOW(), datum)>7");
db_query("INSERT INTO {cc_session} (person_id, session, hostname, datum)\n VALUES (:id, :session, :host, :date)", array(':id' => $u->id, ':session' => $_SESSION["sessionid"], ':host' => $_SERVER["HTTP_HOST"], ':date' => $dt->format('Y-m-d H:i:s')));
if ($u->email) {
// look for family users with the same email
$res = db_query("SELECT * FROM {cdb_person}\n WHERE email=:email AND archiv_yn=0", array(":email" => $u->email));
$family = array();
$count = 0;
foreach ($res as $p) {
if ($p->id != $u->id) {
$family[$p->id] = $p;
}
$count++;
if ($count > 15) {
break;
}
//no family should have more then 15 users
}
if (count($family)) {
$_SESSION["family"] = $family;
}
}
ct_log("Login succeed: {$u->email} with " . getVar('HTTP_USER_AGENT', "Unkown Browser", $_SERVER), 2, -1, "login");
if ($redirect) {
// on switching family login dont forward to login again
if ($q != $q_orig) {
header("Location: " . $_SERVER["REQUEST_URI"]);
} else {
if ($q == "login") {
header("Location: ?q=home");
}
}
}
}
function home__memberlist_printview()
{
global $base_url, $files_dir, $config;
// $content='<html><head><meta http-equiv="Content-Type" content="application/pdf; charset=utf-8" />';
// drupal_add_css(BOOTSTRAP.'/css/bootstrap.min.css');
// drupal_add_css(CHURCHDB.'/cdb_printview.css');
// $content=$content.drupal_get_header();
if (!user_access("view memberliste", "churchdb")) {
addErrorMessage(t("no.permission.for", t("list.of.members")));
return " ";
}
require_once ASSETS . '/fpdf17/fpdf.php';
$compact = true;
if (isset($_GET["compact"])) {
$compact = $_GET["compact"];
}
// Instanciation of inherited class
$pdf = new PDF('P', 'mm', 'A4');
$pdf->AliasNbPages();
$pdf->AddPage();
$pdf->SetFont('Arial', '', 9);
$res = home_getMemberList();
$pdf->SetLineWidth(0.4);
$pdf->SetDrawColor(200, 200, 200);
$fields = _home__memberlist_getSettingFields()->fields;
foreach ($res as $p) {
$pdf->Line(8, $pdf->GetY() - 1, 204, $pdf->GetY() - 1);
$pdf->Cell(10, 10, "", 0);
if ($p->imageurl == null || !file_exists("{$files_dir}/fotos/{$p->imageurl}")) {
$p->imageurl = "nobody.gif";
}
$pdf->Image("{$files_dir}/fotos/{$p->imageurl}", $pdf->GetX() - 10, $pdf->GetY() + 1, 9);
$pdf->Cell(2);
$pdf->Cell(13, 9, $p->anrede, 0, 0, 'L');
$pdf->Cell(48, 9, utf8_decode("{$p->name}, {$p->vorname}"), 0, 0, 'L');
$pdf->Cell(45, 9, utf8_decode("{$p->strasse}"), 0, 0, 'L');
// TODO: second occurence of code part - whats this for?
$birthday = "";
if ($p->geburtsdatum != null) {
if ($p->year < 7000) {
$birthday = "{$p->day}.{$p->month}.";
}
if ($p->year != 1004 && $fields["memberlist_birthday_full"]->getValue()) {
if ($p->year < 7000) {
$birthday = $birthday . $p->year;
} else {
$birthday = $birthday . $p->year - 7000;
}
}
}
$pdf->Cell(20, 9, $birthday, 0, 0, 'L');
if ($fields["memberlist_telefonprivat"]->getValue() && $p->telefonprivat != "") {
$pdf->Cell(30, 9, $p->telefonprivat, 0, 0, 'L');
} else {
if ($fields["memberlist_telefongeschaeftlich"]->getValue() && $p->telefongeschaeftlich != "") {
$pdf->Cell(30, 9, $p->telefongeschaeftlich, 0, 0, 'L');
} else {
if ($fields["memberlist_telefongeschaeftlich"]->getValue() && $p->fax != "") {
$pdf->Cell(30, 9, $p->fax . " (Fax)", 0, 0, 'L');
} else {
$pdf->Cell(30, 9, "", 0, 0, 'L');
}
}
}
if ($fields["memberlist_telefonhandy"]->getValue() && $p->telefonhandy != "") {
$pdf->Cell(30, 9, $p->telefonhandy, 0, 0, 'L');
}
// Zeilenumbruch
$pdf->Ln(5);
$pdf->Cell(73);
$pdf->Cell(48, 10, "{$p->plz} " . utf8_decode($p->ort), 0, 0, 'L');
$pdf->Cell(17);
if ($fields["memberlist_email"]->getValue() && $p->email != "") {
$pdf->SetFont('Arial', '', 8);
$pdf->Cell(30, 9, $p->email);
$pdf->SetFont('Arial', '', 9);
}
$pdf->Ln(12);
}
$pdf->Output(t("list.of.members") . '.pdf', 'I');
}
function login_user($ret, $rember_me = false)
{
global $q, $q_orig;
if (!isset($ret->id)) {
addErrorMessage("Keine Id vorhanden, Fehler beim Login!");
return null;
}
$_SESSION["email"] = $ret->email;
if ($ret->cmsuserid == "") {
$ret->cmsuserid = $ret->vorname . " " . $ret->name . " [" . $ret->id . "]";
db_query("update {cdb_person} set cmsuserid='" . $ret->cmsuserid . "' where id={$ret->id}");
}
if ($ret->loginstr != null) {
db_query("update {cdb_person} set loginstr=null where id={$ret->id}");
}
$ret->auth = getUserAuthorization($ret->id);
$_SESSION["user"] = $ret;
// 6 Tage h�lt der Login
$ablaufDesCookies = time() + 60 * 60 * 24 * 6;
setcookie("RememberMe", $rember_me, $ablaufDesCookies);
$_SESSION["sessionid"] = random_string();
setcookie("CC_SessionId", $_SESSION["sessionid"], $ablaufDesCookies);
$dt = new DateTime();
db_query("update {cdb_person} set lastlogin=now(), loginerrorcount=0 where id=" . $ret->id);
// db_query("delete from {cc_session} where person_id=".$ret->id." AND hostname='".$_SERVER["HTTP_HOST"]."'");
db_query("delete from {cc_session} where datediff(now(), datum)>7");
db_query("insert into {cc_session} (person_id, session, hostname, datum) \n values (" . $ret->id . ", '" . $_SESSION["sessionid"] . "', '" . $_SERVER["HTTP_HOST"] . "', '" . $dt->format('Y-m-d H:i:s') . "')");
if ($ret->email != '') {
// Suche Leute aus der Familie, die die gleiche EMail-Adresse haben.
$res = db_query("select * from {cdb_person} where email=:email and archiv_yn=0", array(":email" => $ret->email));
$family = null;
$count = 0;
foreach ($res as $p) {
if ($p->id != $ret->id) {
$family[$p->id] = $p;
}
$count++;
if ($count > 15) {
break;
}
}
if ($family != null) {
$_SESSION["family"] = $family;
}
}
ct_log("Login succeed: " . $ret->email . " with " . (isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "Unkown Browser!"), 2, -1, "login");
// Wenn es Ummelden war, dann nicht weiterleiten, denn sonst w�re das ja wieder Login.
if ($q != $q_orig) {
header("Location: ?q={$q_orig}");
} else {
if ($q == "login") {
header("Location: ?q=" . variable_get("site_startpage", "home"));
}
}
}
$usersClass = new users();
$item['user'] = $usersClass->get($item['user_id']);
abr('item', $item);
#添加FAQ条目
if (check_login_bool() && $item['user_id'] == $_SESSION['user']['user_id'] && isset($_POST['add'])) {
$faqClass = new faq();
$s = $faqClass->add($itemID);
if ($s === true) {
refresh('/' . $languageURL . 'items/faq/' . $itemID . '/', $langArray['complete_add_faq'], 'complete');
} else {
$message = '<ul>';
foreach ($s as $e) {
$message .= '<li>' . $e . '</li>';
}
$message .= '</ul>';
addErrorMessage($message, '', 'error');
}
}
$faqClass = new faq();
if (check_login_bool() && $item['user_id'] == $_SESSION['user']['user_id'] && isset($_GET['del']) && is_numeric($_GET['del'])) {
$faqClass->delete($_GET['del'], $itemID);
refresh('/' . $languageURL . 'items/faq/' . $itemID . '/', $langArray['complete_delete_faq'], 'complete');
}
#加载FAQ
$faq = $faqClass->getAll($itemID);
abr('faq', $faq);
#标签标记作品
require_once ROOT_PATH . '/apps/items/controllers/bookmark.php';
#是否免费文件
if ($item['free_file'] == 'true') {
abr('freeFileMessage', langMessageReplace($langArray['free_file_info'], array('URL' => '/' . $languageURL . 'users/downloads/' . $item['id'])));
/**
* do several things??? with groups and memberships
*
* TODO: rename, maybe to groupMembership?
* @return string; html form
*/
function subscribeGroup()
{
global $user;
include_once CHURCHDB . '/churchdb_db.php';
$sql_gruppenteilnahme = "select g.bezeichnung, gpg.* from {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, {cdb_gruppe} g \n where gpg.gemeindeperson_id=gp.id and gp.person_id=:person_id \n and gpg.gruppe_id=g.id and g.id=:g_id";
if (isset($_GET["subscribegroup"]) && $_GET["subscribegroup"] > 0) {
$res = db_query("select * from {cdb_gruppe} where id=:id and offen_yn=1", array(":id" => $_GET["subscribegroup"]))->fetch();
if (!$res) {
addErrorMessage(t("error.requesting.group.membership"));
} else {
include_once CHURCHDB . '/churchdb_ajax.php';
$grp = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $_GET["subscribegroup"]))->fetch();
if (!$grp) {
churchdb_addPersonGroupRelation($user->id, $res->id, -2, null, null, null, t("request.by.form"));
} else {
_churchdb_editPersonGroupRelation($user->id, $res->id, -2, null, "null", t("request.quitting.by.form"));
}
addInfoMessage(t("membership.requested.by.form.leader.will.be.informed"), $res->bezeichnung);
}
}
if (isset($_GET["unsubscribegroup"]) && $_GET["unsubscribegroup"] > 0) {
$res = db_query($sql_gruppenteilnahme, array(":person_id" => $user->id, ":g_id" => $_GET["unsubscribegroup"]))->fetch();
if (!$res) {
addErrorMessage(t("error.quitting.membership"));
} else {
include_once CHURCHDB . '/churchdb_ajax.php';
_churchdb_editPersonGroupRelation($user->id, $res->gruppe_id, -1, null, "null", t("request.quitting.by.form"));
addInfoMessage(t("membership.marked.for.deleting", $res->bezeichnung));
}
}
// get groups the user is member of or requested membership
$res = db_query("select gpg.gruppe_id, status_no from {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp\n where gpg.gemeindeperson_id=gp.id and gp.person_id={$user->id}");
$mygroups = array();
foreach ($res as $p) {
$mygroups[$p->gruppe_id] = $p;
}
// get all open groups
$res = db_query("select * from {cdb_gruppe} p where offen_yn=1 and \n ((abschlussdatum is null) or (DATE_ADD( abschlussdatum, INTERVAL 1 DAY ) > NOW( )))");
$txt = "";
$txt_subscribe = "";
$txt_unsubscribe = "";
foreach ($res as $g) {
// groups i am not member of
if (!isset($mygroups[$g->id]) || $mygroups[$g->id]->status_no == -1) {
if ($g->max_teilnehmer == null || churchdb_countMembersInGroup($g->id) < $g->max_teilnehmer) {
$txt_subscribe .= "<option value=\"" . $g->id . "\">" . $g->bezeichnung;
if ($g->max_teilnehmer != null) {
$txt_subscribe .= " (max. {$g->max_teilnehmer})";
}
}
} else {
if ($mygroups[$g->id]->status_no <= 0) {
$txt_unsubscribe .= '<option value="' . $g->id . '">' . $g->bezeichnung;
if ($mygroups[$g->id]->status_no == -2) {
$txt_unsubscribe .= " [beantragt]";
}
}
}
}
if ($txt_subscribe || $txt_unsubscribe) {
$txt = '<form method="GET" action="?q=home">';
if ($txt_subscribe) {
$txt .= '<p>' . t("apply.for.group.membership") . ':<p><select name="subscribegroup"><option>' . $txt_subscribe . '</select>';
}
if ($txt_unsubscribe) {
$txt .= '<p>' . t("quit.group.membership") . ':<p><select name="unsubscribegroup"><option>' . $txt_unsubscribe . '</select>';
}
$txt .= '<P><button class="btn" type="submit" name="btn">' . t("send") . '</button>';
$txt .= '</form>';
}
return $txt;
}
/**
* view log
*
* TODO: maybe the html should be in a sort of template?
*/
function churchcore__logviewer()
{
if (!user_access("view logfile", "churchcore")) {
addErrorMessage(t("no.permission.for", "LogViewer"));
return " ";
}
$txt = '<div class="row-fluid">';
$txt .= '<div class="span3 bs-docs-sidebar">';
$txt .= '<ul id="navlist" class="nav nav-list bs-docs-sidenav affix-top">';
$txt .= '<li><a href="#log1">' . t("important.logs") . '</a>';
$txt .= '<li><a href="#log2">' . t("last.accesses") . '</a>';
$txt .= '<li><a href="#log3">' . t("top.accesses") . '</a>';
$txt .= '</div>';
$txt .= '<div class="span9">';
$limit = 200;
if (isset($_GET["showmore"])) {
$limit = 1000;
}
$filter = "txt like 'Sende Mail%' or txt like 'Gruppe:%' or level<3";
$val = "";
if (isset($_GET["filter"]) && $_GET["filter"] != "") {
$filter = "txt like '%" . $_GET["filter"] . "%'";
$val = $_GET["filter"];
}
$txt .= '<anchor id="log1"/><h2>' . t("logviewer") . '</h2>';
$res = db_query("select p.id p_id, p.vorname, p.name, log.datum, log.level, log.domain_type, log.domain_id, log.txt from {cdb_person} p\n RIGHT JOIN \n (select person_id, datum, level, domain_type, domain_id, txt \n from {cdb_log} l where\n\t\t\t\t\t\t{$filter}\n\t\t\t\t\t\torder by l.id desc \n\t\t\t\t\t\tlimit 0,{$limit}) as log on (log.person_id=p.id)");
$txt .= '<form class="form-inline" action="">';
$txt .= '<input type="hidden" name="q" value="churchcore/logviewer"/>';
$txt .= '<input name="filter" class="input-medium" type="text" value="' . $val . '"></input> <input type="submit" class="btn" value="' . t("filter") . '"/></form>';
$txt .= '<table class="table table-condensed table-bordered">';
$txt .= "<tr><th>" . t("date") . "<th>#<th>Object<th>" . t("name") . "<th>Log";
$counter = 0;
foreach ($res as $arr) {
$txt .= "<tr><td><nobr>{$arr->datum} </nobr><td>{$arr->level}<td>{$arr->domain_type}" . ($arr->domain_id != -1 ? "[{$arr->domain_id}]" : "");
$txt .= "<td>";
if (isset($arr->p_id)) {
$txt .= "<nobr>{$arr->vorname} {$arr->name} [{$arr->p_id}]</nobr>";
}
$logtxtencoded = htmlspecialchars($arr->txt);
$txt .= "<td><small style=\"color:grey\">{$logtxtencoded}</small>";
$counter++;
}
$txt .= '</table>';
if (!isset($_GET["showmore"]) && $counter >= $limit) {
$txt .= '<a href="?q=churchcore/logviewer&showmore=true" class="btn">' . t("show.more.rows") . '</a> ';
}
$txt .= '<anchor id="log2"><h2>' . t("last.accesses") . '</h2>';
$txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
$res = db_query("SELECT p.id pid, vorname, name, count( l.id ) count, max( lastlogin ) maxdatum\n FROM {cdb_log} l, {cdb_person} p where l.person_id=p.id GROUP BY pid, vorname, name ORDER BY max( lastlogin ) DESC ");
foreach ($res as $arr) {
$txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
}
$txt .= "</table><br/><br/>";
$txt .= '<anchor id="log3"><h2>' . t("top.accesses") . '</h2>';
$txt .= "<table class=\"table table-condensed table-bordered\"><tr><th>" . t("name") . "<th>" . t("count.accesses") . "<th>" . t("last.accesses");
$res = db_query("SELECT p.id pid, vorname, name, count( l.id ) count, max( lastlogin ) maxdatum\n FROM {cdb_log} l, {cdb_person} p where l.person_id=p.id GROUP BY pid, vorname, name ORDER BY count(l.id) DESC ");
foreach ($res as $arr) {
$txt .= "<tr><td>{$arr->vorname} {$arr->name} [{$arr->pid}]<td>" . $arr->count . "<td>" . $arr->maxdatum . "<br/>";
}
$txt .= "</table><br/><br/>";
$txt .= "</div></div>";
$txt .= '
<script>
!function ($) {
$(function(){
// carousel demo
$("#navlist").affix({offset: {top: 15}});
})
}(window.jQuery)
</script>';
return $txt;
}
/**
* save admin settings and reload config
*
* TODO: feature: automatically downsize logo file
*
* @param CTForm $form
*/
function admin_saveSettings($form)
{
$modules = churchcore_getModulesSorted(false, true);
$modules[] = "churchadmin";
foreach ($modules as $module) {
foreach ($form->fields as $key => $value) {
if (function_exists($module . "_validateAdminForm")) {
$res = call_user_func($module . "_validateAdminForm", $key, $value->getValue());
if ($res !== true) {
$form->fields[$key]->setError($res);
addErrorMessage(t("error.occured") . ": " . $res);
return;
}
}
}
}
foreach ($form->fields as $key => $value) {
db_query("INSERT INTO {cc_config} (name, value)\n VALUES (:name,:value)\n ON DUPLICATE KEY UPDATE value=:value", array(":name" => $key, ":value" => $value));
}
// TODO: test if max_uploadfile_size_kb is bigger then allowed in php.ini
loadDBConfig();
}