function secureArea($group)
{
global $SETTINGS;
if (!isUserInRole($group)) {
setError('Du besitzt nicht die nötigen Rechte!');
header("location: {$SETTINGS['url']}/");
exit;
}
}
function reportCard(node) {
window.open("matchcard.php?id=" + node);
}
<?php
}
}
$crud = new MatchCrud();
$crud->dialogwidth = 450;
$crud->title = "Match Details";
$crud->allowAdd = false;
$crud->allowEdit = isUserInRole("SUPERUSER");
$crud->allowRemove = false;
$crud->allowFilter = false;
$crud->allowView = false;
$crud->table = "{$_SESSION['DB_PREFIX']}matchdetails";
if (isUserInRole("ADMIN")) {
$crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t ORDER BY A.id DESC";
} else {
if (isUserInRole("SECRETARY")) {
$clubid = getLoggedOnClubID();
$crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE C.teamid = {$clubid};\n\t\t\t\t\t ORDER BY A.id DESC";
} else {
$teamid = getLoggedOnTeamID();
$crud->sql = "SELECT A.*, A.id AS uniqueid,\n\t\t\t\t\t B.name AS refereename, C.age,\n\t\t\t\t\t C.name AS submittedteamname\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}matchdetails A\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}referee B\n\t\t\t\t\t ON B.id = A.refereeid\n\t\t\t\t\t LEFT OUTER JOIN {$_SESSION['DB_PREFIX']}teamagegroup C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$teamid};\n\t\t\t\t\t ORDER BY A.id DESC";
}
}
$crud->columns = array(array('name' => 'matchdate', 'length' => 12, 'datatype' => 'date', 'label' => 'Match Date'), array('name' => 'ageref', 'function' => 'ageReference', 'sortcolumn' => 'C.age', 'type' => 'DERIVED', 'length' => 10, 'editable' => false, 'bind' => false, 'filter' => false, 'label' => 'Age Group'), array('name' => 'division', 'length' => 17, 'label' => 'Division / Group', 'type' => 'COMBO', 'options' => array(array('value' => 'X', 'text' => 'N/A'), array('value' => 'P', 'text' => 'Premier'), array('value' => '1', 'text' => '1'), array('value' => '2', 'text' => '2'), array('value' => '3', 'text' => '3'), array('value' => '4', 'text' => '4'), array('value' => '5', 'text' => '5'), array('value' => '6', 'text' => '6'), array('value' => 'A', 'text' => 'A'), array('value' => 'B', 'text' => 'B'), array('value' => 'C', 'text' => 'C'), array('value' => 'D', 'text' => 'D'), array('value' => 'E', 'text' => 'E'), array('value' => 'F', 'text' => 'F'), array('value' => 'G', 'text' => 'G'), array('value' => 'H', 'text' => 'H'))), array('name' => 'leaguecup', 'length' => 15, 'label' => 'Competition', 'type' => 'COMBO', 'options' => array(array('value' => 'L', 'text' => 'League'), array('value' => 'N', 'text' => 'Combination'), array('value' => 'C', 'text' => 'Challenge Cup'), array('value' => 'T', 'text' => 'Challenge Trophy'))), array('name' => 'hometeam', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Home Team'), array('name' => 'hometeamscore', 'length' => 5, 'align' => 'center', 'label' => 'Score'), array('name' => 'opposition', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Away Team'), array('name' => 'awayteamscore', 'length' => 5, 'align' => 'center', 'label' => 'Score'), array('name' => 'id', 'length' => 5, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'teamid', 'type' => 'DATACOMBO', 'length' => 28, 'label' => 'Submitted By Team', 'table' => 'teamagegroup', 'required' => true, 'table_id' => 'id', 'alias' => 'submittedteamname', 'table_name' => 'name'));
$crud->subapplications = array(array('title' => 'Match Result Form', 'imageurl' => 'images/print.png', 'script' => 'reportCard'));
$crud->run();
<tr>
<td>Confirm Password </td>
<td><input name="cpassword" type="password" class="textfield" id="cpassword" /></td>
</tr>
<tr>
<td> </td>
<td>
<span class="wrapper"><a class='link1' href="javascript:if (verify()) $('#loginForm').submit();"><em><b>Update</b></em></a></span>
</td>
</tr>
</table>
<script>
$(document).ready(
function() {
<?php
if ($memberid != $_SESSION['SESS_MEMBER_ID'] && !isUserInRole("ADMIN")) {
?>
$("#fname").attr("disabled", true);
$("#lname").attr("disabled", true);
$("#email").attr("disabled", true);
<?php
}
?>
$(".pwd").blur(verifypassword);
$("#cpassword").blur(verifycpassword);
$("#fname").focus();
});
function verify() {
require_once 'lib/login.php';
require_once 'lib/voc.php';
if (!connect_mysql()) {
exit;
}
include 'lib/loginfilter.php';
secureArea('user');
if (!isset($_GET['id'])) {
header("location: {$SETTINGS['url']}/");
exit;
}
$id = $_GET['id'];
$nav = array('Synonyme ändern' => substr($_SERVER['REQUEST_URI'], strlen($SETTINGS['path'])));
include 'lib/navbar.php';
$voc = getVocByID($id);
if ($voc === false || !isUserInRole('admin') && $voc->deleted == 'yes') {
setError('Wort nicht in der Datenbank vorhanden!');
header("location: {$SETTINGS['url']}/");
exit;
}
$vocs = getVocsByGerman($voc->german);
$rows = '';
foreach ($vocs as $voc) {
$german = htmlspecialchars($voc->german, 0, 'UTF-8');
$english = htmlspecialchars($voc->english, 0, 'UTF-8');
$id = $voc->id;
$rows .= <<<EOT
\t\t<tr>
\t\t\t<td><a href="{$SETTINGS['path']}/mod/{$id}">{$german}</a></td>
\t\t\t<td><a href="{$SETTINGS['path']}/mod/{$id}">{$english}</a></td>
\t\t</tr>
} else {
if (isset($_GET['sessionid'])) {
$qry = "SELECT A.*, DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(A.lastmodifieddate, '%d/%m/%Y') AS lastmodifieddate, " . "B.firstname, B.lastname " . "FROM {$_SESSION['DB_PREFIX']}documents A " . "INNER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.createdby " . "WHERE A.sessionid = '" . $_GET['sessionid'] . "' " . "ORDER BY A.id";
} else {
$qry = "SELECT A.*, DATE_FORMAT(A.createddate, '%d/%m/%Y') AS createddate, " . "DATE_FORMAT(A.lastmodifieddate, '%d/%m/%Y') AS lastmodifieddate, " . "B.firstname, B.lastname," . "C.prefix, C.id AS quoteid, C.status " . "FROM {$_SESSION['DB_PREFIX']}documents A " . "INNER JOIN {$_SESSION['DB_PREFIX']}members B " . "ON B.member_id = A.createdby " . "INNER JOIN {$_SESSION['DB_PREFIX']}trainingcode C " . "ON C.id = A.headerid " . $where . " " . "ORDER BY A.id";
}
}
$result = mysql_query($qry);
if (!$result) {
logError("Error: " . mysql_error());
}
//Check whether the query was successful or not
if ($result) {
while ($member = mysql_fetch_assoc($result)) {
echo "<tr>\n";
if (isUserInRole("ADMIN")) {
echo "<td width='20px' title='Delete' onclick='deleteDocument(" . $member['id'] . ")'><img src='images/delete.png' /></td>\n";
} else {
echo "<td width='20px'> </td>\n";
}
if ($member['name'] == null || trim($member['name']) == "") {
echo "<td><a target='_new' href='viewdocuments.php?id=" . $member['id'] . "'>" . $member['filename'] . "</a></td>\n";
} else {
echo "<td><a target='_new' href='viewdocuments.php?id=" . $member['id'] . "'>" . $member['name'] . "</a></td>\n";
}
echo "<td>" . $member['filename'] . "</td>\n";
echo "<td>" . $member['size'] . "</td>\n";
echo "<td>" . $member['createddate'] . "</td>\n";
echo "<td>" . $member['firstname'] . " " . $member['lastname'] . "</td>\n";
echo "</tr>\n";
}
public function run()
{
for ($i = 0; $i < count($this->subapplications); $i++) {
$this->subapplications[$i] = array_merge($this->defaultsubappcolumn, $this->subapplications[$i]);
}
for ($i = 0; $i < count($this->applications); $i++) {
$this->applications[$i] = array_merge($this->defaultappcolumn, $this->applications[$i]);
}
for ($i = 0; $i < count($this->columns); $i++) {
$this->columns[$i] = array_merge($this->defaultcolumn, $this->columns[$i]);
if ($this->columns[$i]['type'] == "GEOLOCATION") {
$this->geolocation = true;
}
if ($this->columns[$i]['viewname'] == "") {
$this->columns[$i]['viewname'] = $this->columns[$i]['name'];
}
if ($this->columns[$i]['viewname'] == "id") {
$this->columns[$i]['viewname'] = "uniqueid";
}
if ($this->columns[$i]['pk'] == true) {
$this->pkName = $this->columns[$i]['name'];
$this->pkViewName = $this->columns[$i]['viewname'];
}
if ($this->columns[$i]['sortby'] == true) {
$this->orderColumn = $this->columns[$i]['name'];
}
if ($this->columns[$i]['role'] != null) {
$allowed = false;
foreach ($this->columns[$i]['role'] as $roleid) {
if (isUserInRole($roleid)) {
$allowed = true;
break;
}
}
if (!$allowed) {
$this->columns[$i]['showInView'] = false;
$this->columns[$i]['editable'] = false;
$this->columns[$i]['filter'] = false;
}
}
}
if ($this->geolocation) {
foreach ($this->columns as $col) {
if ($col['type'] == 'GEOLOCATION') {
$this->columns[count($this->columns)] = array_merge($this->defaultcolumn, array('name' => $col['name'] . '_lat', 'datatype' => 'float', 'length' => 10, 'required' => false, 'showInView' => false, 'hidden' => true, 'label' => 'Latitude'));
$this->columns[count($this->columns)] = array_merge($this->defaultcolumn, array('name' => $col['name'] . '_lng', 'datatype' => 'float', 'length' => 10, 'showInView' => false, 'required' => false, 'hidden' => true, 'label' => 'Longtitude'));
}
}
}
for ($i = 0; $i < count($this->columns); $i++) {
foreach ($this->columns[$i]['associatedcolumns'] as $associated) {
for ($j = 0; $j < count($this->columns); $j++) {
if ($associated == $this->columns[$j]['name']) {
$this->columns[$j]['associated'] = true;
}
}
}
}
if ($this->orderColumn == "") {
$this->orderColumn = $this->columns[0]['name'];
}
$this->preCommandEvent();
if (isset($_POST['crudcmd'])) {
if ($_POST['crudcmd'] == "update") {
$this->update($_POST['crudid']);
$this->triggerRefresh();
} else {
if ($_POST['crudcmd'] == "insert") {
$this->insert();
$this->triggerRefresh();
} else {
if ($_POST['crudcmd'] == "filtersave") {
$this->filterSave();
$this->view();
} else {
if ($_POST['crudcmd'] == "filter") {
$this->fromrow = 0;
$this->torow = $this->pagesize;
$this->autoPopulate = true;
$this->view();
} else {
$_POST['crudcmd']($this);
if ($_POST['triggerrefresh'] != "") {
$this->triggerRefresh();
}
}
}
}
}
mysql_query("COMMIT");
} else {
$this->view();
}
}
function redirectWithoutRole($role, $location)
{
start_db();
initialise_db();
if (!isUserInRole($role)) {
header("location: {$location}");
}
}
false
);
}
);
function validatePlayerForm() {
if (parseFloat($("#registrationnumber").val().substring(0, 2)) != agegroup) {
pwAlert("Registration number does match the age group of under " + agegroup + "'s");
return false;
}
}
function editDocuments(node) {
viewDocument(node, "addplayerdocument.php", node, "playerdocs", "playerid");
}
<?php
}
}
$agegroupid = $_GET['id'];
$crud = new PlayerCrud();
$crud->dialogwidth = 450;
$crud->title = "Players";
$crud->allowFilter = false;
$crud->allowAdd = isUserInRole("TEAM");
$crud->allowEdit = isUserInRole("TEAM");
$crud->allowRemove = isUserInRole("TEAM");
$crud->validateForm = "validatePlayerForm";
$crud->table = "{$_SESSION['DB_PREFIX']}player";
$crud->sql = "SELECT A.*, B.name AS teamname, C.name AS clubname\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}player A\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}teamagegroup B\n\t\t\t\t ON B.id = A.agegroupid\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t ON C.id = B.teamid\n\t\t\t\t WHERE A.agegroupid = {$agegroupid}\n\t\t\t\t ORDER BY A.firstname, A.lastname";
$crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'agegroupid', 'datatype' => 'integer', 'length' => 6, 'showInView' => false, 'filter' => false, 'editable' => false, 'default' => $agegroupid, 'label' => 'Team'), array('name' => 'clubname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Club'), array('name' => 'teamname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Team'), array('name' => 'firstname', 'length' => 15, 'label' => 'First Name'), array('name' => 'lastname', 'length' => 15, 'label' => 'Last Name'), array('name' => 'registrationnumber', 'length' => 30, 'label' => 'Registration Number'));
$crud->run();
function editDocuments(node) {
viewDocument(node, "addleveldocument.php", node, "teamagegroupdocs", "agegroupid");
}
<?php
}
}
$crud = new TeamCrud();
if (isset($_GET['id'])) {
$teamid = $_GET['id'];
$crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$teamid}\n\t\t\t\t\t ORDER BY A.age";
} else {
if (isUserInRole("SECRETARY")) {
$clubid = getLoggedOnClubID();
$crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.teamid = {$clubid}\n\t\t\t\t\t ORDER BY A.age";
} else {
$teamid = getLoggedOnTeamID();
$crud->sql = "SELECT A.*, C.name AS clubname,\n\t\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.teamid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.teamid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.teamid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t\t FROM {$_SESSION['DB_PREFIX']}teamagegroup A\n\t\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}team C\n\t\t\t\t\t ON C.id = A.teamid\n\t\t\t\t\t WHERE A.id = {$teamid}\n\t\t\t\t\t ORDER BY A.age";
}
}
$crud->dialogwidth = 450;
$crud->allowFilter = false;
$crud->allowAdd = isUserInRole("ADMIN");
$crud->allowEdit = isUserInRole("ADMIN");
$crud->allowRemove = isUserInRole("ADMIN");
$crud->title = "Teams";
$crud->table = "{$_SESSION['DB_PREFIX']}teamagegroup";
$crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'clubname', 'length' => 28, 'editable' => false, 'bind' => false, 'label' => 'Club'), array('name' => 'name', 'length' => 28, 'label' => 'Team'), array('name' => 'teamid', 'length' => 28, 'default' => $_GET['id'], 'label' => 'Team', 'showInView' => false, 'editable' => false), array('name' => 'age', 'type' => 'COMBO', 'onchange' => 'age_onchange', 'options' => array(array('value' => '7', 'text' => 'Under 7'), array('value' => '8', 'text' => 'Under 8'), array('value' => '9', 'text' => 'Under 9'), array('value' => '10', 'text' => 'Under 10'), array('value' => '11', 'text' => 'Under 11'), array('value' => '12', 'text' => 'Under 12'), array('value' => '13', 'text' => 'Under 13'), array('value' => '14', 'text' => 'Under 14'), array('value' => '15', 'text' => 'Under 15'), array('value' => '16', 'text' => 'Under 16'), array('value' => '17', 'text' => 'Under 17'), array('value' => '18', 'text' => 'Under 18')), 'length' => 15, 'label' => 'Age Group'), array('name' => 'fullname', 'length' => 25, 'readonly' => true, 'bind' => false, 'required' => false, 'label' => 'Manager'), array('name' => 'email', 'length' => 40, 'bind' => false, 'readonly' => true, 'required' => false, 'label' => 'Email'), array('name' => 'telephone', 'length' => 12, 'readonly' => true, 'bind' => false, 'required' => false, 'label' => 'Telephone'));
$crud->subapplications = array(array('title' => 'Players', 'imageurl' => 'images/team.png', 'application' => 'players.php'), array('title' => 'Managers', 'imageurl' => 'images/team.png', 'application' => 'clubmanagers.php'), array('title' => 'Log In', 'imageurl' => 'images/lock.png', 'script' => 'login'));
$crud->run();
<?php
require_once 'lib/settings.php';
require_once 'lib/db.php';
require_once 'lib/users.php';
require_once 'lib/session.php';
require_once 'lib/login.php';
require_once 'lib/voc.php';
if (!connect_mysql()) {
exit;
}
include 'lib/loginfilter.php';
include 'lib/navbar.php';
$isAdmin = isUserInRole('admin');
$isUser = isUserInRole('user');
$voc = getVoc($isAdmin);
$table = '';
if ($voc === false) {
setError('Fehler beim Abrufen der Vokabeln');
} else {
if (count($voc) == 0) {
setError('Keine Vokabeln vorhanden');
} else {
$xhdr = $isAdmin ? '<th>Ersteller</th>' : '';
$xhdr = $isUser ? "<th></th>{$xhdr}<th class=\"time\">Datum</th>" : '';
$top = "<tr><th>Englisch</th><th>Deutsch</th>{$xhdr}</tr>";
$rows = '';
foreach ($voc as $v) {
$id = htmlspecialchars($v->id);
$german = htmlspecialchars($v->german, 0, 'UTF-8');
$english = htmlspecialchars($v->english, 0, 'UTF-8');
<?php
require_once 'lib/settings.php';
require_once 'lib/db.php';
require_once 'lib/users.php';
require_once 'lib/session.php';
require_once 'lib/login.php';
require_once 'lib/voc.php';
if (!connect_mysql()) {
exit;
}
include 'lib/loginfilter.php';
$nav = array('Benutzer' => $_SERVER['REQUEST_URI']);
include 'lib/navbar.php';
$isAdmin = isUserInRole('admin');
if (!$isAdmin) {
setError('Du bist kein Administrator!');
header("location: {$SETTINGS['url']}/");
exit;
}
if (!isset($_GET['id'])) {
header("location: {$SETTINGS['url']}/");
exit;
}
$userid = $_GET['id'];
if (isset($_POST['lastname'])) {
$newlastname = trim($_POST['lastname']);
if (strlen($newlastname) < 2) {
setError('Dein Nachname ist ungütig!');
} else {
if (setLastName($userid, $newlastname)) {
{
/* Post header event. */
public function postHeaderEvent()
{
createDocumentLink();
}
public function postScriptEvent()
{
?>
function editDocuments(node) {
viewDocument(node, "addteamdocument.php", node, "teamdocs", "teamid");
}
<?php
}
}
$crud = new TeamCrud();
$crud->dialogwidth = 650;
$crud->title = "Clubs";
$crud->allowFilter = false;
$crud->allowEdit = isUserInRole("ADMIN");
$crud->allowRemove = isUserInRole("ADMIN");
$crud->allowAdd = isUserInRole("ADMIN");
$crud->table = "{$_SESSION['DB_PREFIX']}team";
$crud->sql = "SELECT A.*, \n\t\t\t\t (SELECT B.fullname FROM {$_SESSION['DB_PREFIX']}members B WHERE B.clubid = A.id ORDER BY member_id LIMIT 1) AS fullname,\n\t\t\t\t (SELECT C.email FROM {$_SESSION['DB_PREFIX']}members C WHERE C.clubid = A.id ORDER BY member_id LIMIT 1) AS email,\n\t\t\t\t (SELECT D.landline FROM {$_SESSION['DB_PREFIX']}members D WHERE D.clubid = A.id ORDER BY member_id LIMIT 1) AS telephone\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}team A\n\t\t\t\t ORDER BY A.name";
$crud->columns = array(array('name' => 'id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'name', 'length' => 30, 'label' => 'Name'), array('name' => 'fullname', 'length' => 25, 'readonly' => true, 'required' => false, 'bind' => false, 'label' => 'Secretary'), array('name' => 'email', 'bind' => false, 'length' => 35, 'readonly' => true, 'required' => false, 'label' => 'Email'), array('name' => 'telephone', 'length' => 14, 'bind' => false, 'readonly' => true, 'required' => false, 'label' => 'Telephone'));
$crud->subapplications = array(array('title' => 'Documents', 'imageurl' => 'images/document.gif', 'script' => 'editDocuments'), array('title' => 'Teams', 'imageurl' => 'images/team.png', 'application' => 'levels.php'), array('title' => 'Secretaries', 'imageurl' => 'images/team.png', 'application' => 'clubsecretaries.php'));
$crud->run();
?>
?>
<?php
require_once "system-db.php";
start_db();
if (isUserInRole("TEAM")) {
header("location: match.php");
} else {
header("location: matchdetails.php");
}
<?php
$elements = array();
if (isLoggedIn()) {
$elements = array('Vokabelliste' => '/', 'Synonyme' => '/synonyms', 'Hinzufügen' => '/add', 'Trainer' => '/trainer', 'Statistik' => '/statistics', 'Einstellungen' => '/settings', 'Logout' => '/logout');
if (!isUserInRole('user')) {
unset($elements['Hinzufügen']);
}
} else {
$elements = array('Login' => '/', 'Anmeldung' => '/register', 'Vokabelliste' => '/print');
}
if (!isset($nav)) {
$nav = $elements;
} else {
foreach ($elements as $name => $value) {
$nav[$name] = $value;
}
}
function getFilteredData($sql)
{
if (!isset($_SESSION['SITE_CONFIG'])) {
return $sql;
}
$parser = new PHPSQLParser($sql);
$tablealias = null;
$data = getSiteConfigData();
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_members") {
if ($table['alias'] != "") {
$tablealias = $table['alias']['name'];
} else {
$tablealias = $table['table'];
}
}
}
// echo $sql . "\n";
// print_r($parser->parsed);
if (!isset($parser->parsed['WHERE'])) {
/* Create where clause. */
$parser->parsed['WHERE'] = array();
} else {
/* Add to the where clause. */
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "AND", "sub_tree" => "");
}
if (isUserInRole($data->adminrole) || isUserInRole($data->managementrole)) {
/* Do nothing, access rights to all. */
return $sql;
}
if (isUserInRole($data->trainingmanagementrole)) {
/* Not restricted by anything training related.
* Page roles will prevent access to parts of the system
* that are not appropriate to training management.
*/
return $sql;
}
if (isUserInRole($data->officeadminrole)) {
/* Restricted to.
* Personal details for APPRAISALS only.
*/
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] != "horizon_appraisal") {
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "");
}
}
}
if (isUserInRole($data->compliancerole)) {
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_holiday") {
/* Compliance don't restrict holidays */
return $sql;
}
}
/* Restricted to.
* All technicians and team leaders.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
} else {
if (isUserInRole($data->regionalservicemanagerrole)) {
/* Restricted to.
* All personnel and team leaders.
*/
$parser->parsed['OPTIONS'][] = "DISTINCT";
$parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userteams", "alias" => array("as" => "", "name" => "horizon_userteams", "base_expr" => "horizon_userteams"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => getLoggedOnMemberID(), "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userteams.teamid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => $tablealias . ".teamid", "sub_tree" => "")));
} else {
if (isUserInRole($data->officerole)) {
$appraisal = false;
foreach ($parser->parsed['FROM'] as $table) {
if ($table['table'] == "horizon_appraisal") {
/* Compliance don't restrict holidays */
$appraisal = true;
}
}
if (!$appraisal) {
return $sql;
}
/* Restricted to.
* All technicians and team leaders.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->technicianposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".position", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->teamleaderposition . "'", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "OR", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "")));
} else {
if (isUserInRole($data->officemanagerrole)) {
/* Restricted to.
* All personnel and team leaders.
*/
$parser->parsed['OPTIONS'][] = "DISTINCT";
$parser->parsed['FROM'][] = array("expr_type" => "table", "table" => "horizon_userroles", "alias" => array("as" => "", "name" => "horizon_userroles", "base_expr" => "horizon_userroles"), "join_type" => "JOIN", "ref_type" => "ON", "ref_clause" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.memberid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "")));
$parser->parsed['WHERE'][] = array("expr_type" => "bracket_expression", "sub_tree" => array(array("expr_type" => "colref", "base_expr" => "horizon_userroles.roleid", "sub_tree" => ""), array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => ""), array("expr_type" => "const", "base_expr" => "'" . $data->officepersonnelrole . "'", "sub_tree" => "")));
} else {
if (isUserInRole($data->teamleaderrole)) {
/* Restricted to.
* Team personnel and themselves.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => "");
} else {
if (isUserInRole($data->areacoordinatorrole)) {
/* Restricted to.
* Team personnel and themselves.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".teamid", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnTeamID(), "sub_tree" => "");
} else {
/* Restricted to.
* Technician Level 1 – Personal details.
*/
$parser->parsed['WHERE'][] = array("expr_type" => "colref", "base_expr" => $tablealias . ".member_id", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "operator", "base_expr" => "=", "sub_tree" => "");
$parser->parsed['WHERE'][] = array("expr_type" => "const", "base_expr" => getLoggedOnMemberID(), "sub_tree" => "");
}
}
}
}
}
}
$creator = new PHPSQLCreator($parser->parsed);
$created = $creator->created;
return $created;
}
<?php
require_once "crud.php";
class TeamCrud extends Crud
{
}
$teamid = $_GET['id'];
$crud = new TeamCrud();
$crud->dialogwidth = 650;
$crud->title = "Club Managers";
$crud->allowFilter = false;
$crud->allowEdit = false;
$crud->allowRemove = isUserInRole("SECRETARY");
$crud->allowAdd = false;
$crud->table = "{$_SESSION['DB_PREFIX']}members";
$crud->sql = "SELECT A.*, B.name\n\t\t\t\t FROM {$_SESSION['DB_PREFIX']}members A\n\t\t\t\t INNER JOIN {$_SESSION['DB_PREFIX']}teamagegroup B\n\t\t\t\t ON B.id = A.teamid\n\t\t\t\t WHERE A.teamid = {$teamid}\n\t\t\t\t ORDER BY A.firstname, A.lastname";
$crud->columns = array(array('name' => 'member_id', 'viewname' => 'uniqueid', 'length' => 6, 'showInView' => false, 'filter' => false, 'bind' => false, 'editable' => false, 'pk' => true, 'label' => 'ID'), array('name' => 'name', 'length' => 30, 'bind' => false, 'editable' => false, 'label' => 'Name'), array('name' => 'firstname', 'length' => 15, 'label' => 'First Name'), array('name' => 'lastname', 'length' => 15, 'label' => 'Last Name'), array('name' => 'email', 'length' => 40, 'label' => 'Email'), array('name' => 'telephone', 'length' => 12, 'label' => 'Contact Number'));
$crud->run();
