function execEditGroup($userID, $groupID, $checkedUser)
{
if (gettype($checkedUser) != "array") {
return "Wrong type of group member!";
}
$checkedUser[] = $userID;
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if (!isValidID($groupID)) {
return "Invalid group ID!";
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Group doesn't exist!";
}
if ($group->getOwner()->getUserID() !== $userID) {
return "You are not the owner of this group!";
}
$gmDAO = new GroupMemberDAO();
$gms = $gmDAO->getGroupMembersByGroup($group);
foreach ($gms as $gm) {
$alreadyUser = $gm->getUser();
if (in_array($alreadyUser->getUserID(), $checkedUser)) {
continue;
}
$gmDAO->deleteGroupMember($gm);
}
return true;
}
function execChangeProfile($firstname, $lastname, $sex, $departmentID)
{
if (!isValidName($firstname) || !isValidName($lastname)) {
return "Please enter valid names!";
}
if (!isValidID($departmentID)) {
return "Invalid department id!";
}
$departDAO = new DepartmentDAO();
$depart = $departDAO->getDepartmentByID($departmentID);
if ($depart === null) {
return "Could not find the depart!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
$user->setDepartment($depart);
if ($user->getFirstName() != $firstname) {
$user->setFirstName($firstname);
}
if ($user->getLastName() != $lastname) {
$user->setLastName($lastname);
}
if ($user->getGender() != $sex) {
$user->setGender($sex);
}
if (isset($_FILES["uploadphoto"])) {
$ans = uploadPhoto($user, $_FILES["uploadphoto"]);
if ($ans !== true) {
return $ans;
}
}
$userDAO->updateUser($user);
return true;
}
function verify()
{
if (isset($_GET["groupid"]) && isset($_GET["accept"])) {
$groupID = $_GET["groupid"];
if (!isValidID($groupID)) {
return;
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return;
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($_SESSION["userID"]);
$gmDAO = new GroupMemberDAO();
$gm = $gmDAO->getGroupMember($group, $user);
if ($gm === null) {
return;
}
$status = $gm->getAcceptStatus();
if ($status == "1") {
return;
}
if ($_GET["accept"] == "1") {
$gm->setAcceptStatus("1");
$gmDAO->updateGroupMember($gm);
} elseif ($_GET["accept"] == "3") {
$gmDAO->deleteGroupMember($gm);
}
}
}
function uploadFile($userID, $groupID, $file)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to upload file!";
}
if (!isValidID($groupID)) {
return "Group id is not valid!";
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Can not find this group!";
}
if ($group->getActivateStatus() === "2") {
return "Group is not activated!";
}
$groupMemberDAO = new GroupMemberDAO();
$groupMember = $groupMemberDAO->getGroupMember($group, $user);
if ($groupMember === null) {
return "User didn't belong to this group!";
}
if (gettype($file["error"]) == "array") {
return "Only accept one file!";
}
$res = isValidUploadFile($file["error"]);
if ($res !== true) {
return $res;
}
$fileType = -1;
$res = isValidImage($file["name"]);
if ($res === true) {
$fileType = "2";
}
$res = isValidFile($file["name"]);
if ($res === true) {
$fileType = "3";
}
if ($fileType === -1) {
return "Only accepts jpeg/jpg/gif/png/zip file!";
}
$record = new Record($group, $user, $fileType, "temp", "1");
$recordDAO = new RecordDAO();
$recordDAO->insertRecord($record);
$fileDir = "upload/";
$filePath = $fileDir . $record->getRecordID() . "_" . $file["name"];
$record->setContent($filePath);
$recordDAO->updateRecord($record);
if (file_exists($filePath)) {
unlink($filePath);
}
if (!move_uploaded_file($file['tmp_name'], $filePath)) {
return "Fail to move file, please contact administrator!";
}
return true;
}
function postRecord($userID, $groupID, $messageType, $content)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to post!";
}
if (!isValidID($groupID)) {
return "Group id is not valid!";
}
if (!isValidMessageType($messageType)) {
return "Message type is not valid!";
}
if (gettype($content) != "string" || strlen($content) > 1000) {
return "Wrong type content or exceed max length(1000)!";
}
if ($messageType == "4") {
if (!preg_match("/^http:\\/\\//i", $content)) {
return "Only accept http url!";
}
$content = substr($content, 7);
if ($content === "") {
return "Invalid url!";
}
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Can not find this group!";
}
if ($group->getActivateStatus() === "2") {
return "Group is not activated!";
}
$groupMemberDAO = new GroupMemberDAO();
$groupMember = $groupMemberDAO->getGroupMember($group, $user);
if ($groupMember === null) {
return "User didn't belong to this group!";
}
$record = new Record($group, $user, $messageType, $content, "1");
$recordDAO = new RecordDAO();
$recordDAO->insertRecord($record);
return true;
}
function execAddToGroup($userID, $groupID, $adduserIDs)
{
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
if (!isValidID($groupID)) {
return "Invalid group ID!";
}
if (gettype($adduserIDs) != "array") {
return "Wrong type of user id!";
}
if (count($adduserIDs) === 0) {
return "You have to choose users to add to this group!";
}
foreach ($adduserIDs as $adduserID) {
if (!isValidID($adduserID)) {
return "Invalid user ID!";
}
}
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Group doesn't exist!";
}
if ($group->getOwner()->getUserID() !== $userID) {
return "You are not the owner of this group!";
}
$gmDAO = new GroupMemberDAO();
foreach ($adduserIDs as $auID) {
$aduser = $userDAO->getUserByID($auID);
if ($aduser === null) {
continue;
}
$gm = $gmDAO->getGroupMember($group, $aduser);
if ($gm !== null) {
continue;
}
$gm = new GroupMember($group, $aduser, "2");
$gmDAO->insertGroupMember($gm);
}
return true;
}
function execEditDep($userID, $departmentID, $departmentName)
{
if (!isValidID($departmentID)) {
return "Invalid parent ID!";
}
if (!isValidDepartmentName($departmentName)) {
return "Invalid department name!";
}
$departDAO = new DepartmentDAO();
$depart = $departDAO->getDepartmentByID($departmentID);
if ($depart === null) {
return "Could not find this department!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
$role = $user->getRole();
if ($role->getRoleID() == "4" || $role->getRoleID() == "3") {
return "You have no right to do this!";
}
$depart->setDepartmentName($departmentName);
$departDAO->updateDepartment($depart);
return true;
}
<?php
require_once "classes/Recipe.class.php";
require_once "classes/DBUtils.class.php";
// Determine if the user has access to add new recipes, or edit this current one
if (!$SMObj->isUserLoggedIn()) {
die($LangUI->_('You must be logged into perform the requested action.'));
}
// Proceed to the next step
$iterator = 0;
$item_id = "recipe_id_" . $iterator;
$item_delete = "recipe_selected_" . $iterator;
while (isset($_REQUEST[$item_id])) {
// check to see if it is in the list
if (isset($_REQUEST[$item_delete]) && $_REQUEST[$item_delete] == "yes") {
$recipe_id = isValidID($_REQUEST[$item_id]) ? $_REQUEST[$item_id] : 0;
// Figure out who the owner of this recipe is, Editors can edit anyones recipes
// The owner of a recipe does not change when someone edits it.
if (!$SMObj->checkAccessLevel("EDITOR")) {
$sql = "SELECT recipe_user FROM {$db_table_recipes} WHERE recipe_id = " . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
if ($rc->fields['recipe_user'] != "" && $rc->fields['recipe_user'] != $SMObj->getUserID()) {
die($LangUI->_('You do not have sufficient privileges to delete this recipe!'));
}
}
/* Go ahead and do the delete */
// clean up the old picture if we are suppose to
if ($g_rb_database_type == "postgres") {
$sql = "SELECT recipe_picture FROM {$db_table_recipes} WHERE recipe_id=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
<?php
require_once "classes/Pager.class.php";
$where = isset($_GET['where']) && isValidLetter($_GET['where'], "%") ? $_GET['where'] : '';
$page = isset($_GET['page']) && isValidID($_GET['page']) ? $_GET['page'] : 1;
if (empty($where)) {
$where = $alphabet[0];
// Set the default on to 'a' so that we don't have everything listed (faster this way)
}
// Pull First Letters
$let = ":";
$sql = "SELECT DISTINCT LOWER(SUBSTRING(ingredient_name, 1, 1)) AS A FROM {$db_table_ingredients} WHERE ingredient_user = '******'";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
while (!$rc->EOF) {
if (ord($rc->fields[0]) >= 192 and ord($rc->fields[0]) <= 222 and ord($rc->fields[0]) != 215) {
// "Select lower"
$rc->fields[0] = chr(ord($rc->fields[0]) + 32);
}
// above doesn't work with ascii > 192, this fixes it
$let .= $rc->fields[0];
// it could be "a" or "A", so just go with the only returned item
$rc->MoveNext();
}
?>
<table cellspacing="0" cellpadding="1" border="0" width="100%">
<tr>
<td align="left" class="title"><?php
echo $LangUI->_('Ingredient Index');
?>
function changeUserProfile($userID, $departmentID, $firstname, $lastname, $gender)
{
$userDAO = new UserDAO();
$departmentDAO = new DepartmentDAO();
$user = $userDAO->getUserByID($userID);
$department = $departmentDAO->getDepartmentByID($departmentID);
if (!isValidID($userID) || !isValidID($departmentID)) {
return "Invalid ID!";
}
if ($department === null) {
return "Department: " . $departmentID . " doesn't exist!";
}
$user->setDepartment($dept);
if (!isValidName($firstname)) {
return "Invalid first name!";
}
$user->setFirstName($firstname);
if (!isValidName($lastname)) {
return "Invalid last name!";
}
$user->setLastName($lastname);
if ($gender !== 0 && $gender !== 1) {
return "Please select Male or Female!";
}
$user->setGender($gender);
$userDAO->updateUser($user);
}
<!-- Load Data Section -->
<?php
$store_id = isValidID($_GET['store_id']) ? $_GET['store_id'] : 0;
$sql = "SELECT store_name,store_layout FROM {$db_table_stores} WHERE store_id=" . $DB_LINK->addq($store_id, get_magic_quotes_gpc()) . " AND store_user='******'";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
$store_name = $rc->fields['store_name'];
$store_layout = split(',', $rc->fields['store_layout']);
$sql = "SELECT location_id, location_desc FROM {$db_table_locations}";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
$locations = DBUtils::createList($rc, 'location_id', 'location_desc');
?>
<!-- Navigation section -->
<table cellspacing="0" cellpadding="1" border="0" width="100%">
<tr>
<td align="left" class="title">
<?php
echo $LangUI->_('Store Layout For: ') . $store_name . "<br>";
?>
</td>
</tr>
</table>
<table cellspacing="1" cellpadding="2" border="0" class="ing" width="40%">
<tr>
<th><?php
echo $LangUI->_('Section Name');
?>
</th>
</tr>
<?php
require_once "classes/DBUtils.class.php";
$recipe_id = isValidID($_GET['recipe_id']) ? $_GET['recipe_id'] : 0;
?>
<table cellspacing="0" cellpadding="1" border="0" width="100%">
<tr>
<td align="left" class="title"><?php
echo $LangUI->_('Parent recipes');
?>
</td>
</tr>
</table>
<p>
<?php
$sql = "SELECT related_parent,recipe_name FROM {$db_table_related_recipes}\n\t\tLEFT JOIN {$db_table_recipes} ON recipe_id=related_parent\n\t\tWHERE related_child=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
// Test to see if we found anything
if ($rc->RecordCount() == 0) {
echo $LangUI->_('No matching recipes found') . '.';
}
// Display all of the matching recipes that use said ingredient
while (!$rc->EOF) {
echo '<a href="index.php?m=recipes&a=view&recipe_id=' . $rc->fields['related_parent'] . '">' . $rc->fields['recipe_name'] . "</a><br />\n";
$rc->MoveNext();
}
<?php
require_once "classes/Units.class.php";
require_once "classes/DBUtils.class.php";
$recipe_id = isset($_GET['recipe_id']) && isValidID($_GET['recipe_id']) ? $_GET['recipe_id'] : 0;
$total_ingredients = isset($_GET['total_ingredients']) && isValidID($_REQUEST['total_ingredients']) ? $_REQUEST['total_ingredients'] : 0;
$total_related = isset($_GET['total_related']) && isValidID($_REQUEST['total_related']) ? $_REQUEST['total_related'] : 0;
$show_ingredient_ordering = isset($_REQUEST['show_ingredient_order']) ? 'yes' : '';
$private = isset($_REQUEST['private']) ? TRUE : FALSE;
// Declarations
$n = 0;
$p = 0;
$ingredients = null;
if ($g_rb_debug) {
$show_ingredient_ordering = "yes";
}
// Determine if the user has access to add new recipes, or edit this current one
if (!$SMObj->isUserLoggedIn()) {
die($LangUI->_('You must be logged into perform the requested action.'));
}
if ($recipe_id && !$SMObj->checkAccessLevel("EDITOR")) {
// Figure out who the owner of this recipe is, Editors can edit anyones recipes
// The owner of a recipe does not change when someone edits it.
$sql = "SELECT recipe_user FROM {$db_table_recipes} WHERE recipe_id = " . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
if ($rc->fields['recipe_user'] != "" && $rc->fields['recipe_user'] != $SMObj->getUserID()) {
die($LangUI->_('You are not the owner of this recipe, you are not allowed to edit it'));
}
}
// get the information about the recipe (empty query if new recipe)
</script>
<hr size=1 noshade>
<?php
$query = "";
$query_order = " ORDER BY ingredient_name";
$query_all = "SELECT * FROM {$db_table_ingredients} WHERE ingredient_user = '******' AND";
// Do not display anything if no search has been requested
if (!isset($_REQUEST['search'])) {
$query = "";
} else {
// Construct the query
$query = $query_all;
if ($_REQUEST['name'] != "") {
$query .= " ingredient_name LIKE '%" . $DB_LINK->addq($_REQUEST['name'], get_magic_quotes_gpc()) . "%' AND";
}
if (isValidID($_REQUEST['location_id'])) {
$query .= " ingredient_location=" . $DB_LINK->addq($_REQUEST['location_id'], get_magic_quotes_gpc());
}
$query = preg_replace("/AND\$/", "", $query);
// Put the order on the end
$query .= $query_order;
}
/* ----------------------
The Query has been made, format and output the values returned from the database
----------------------*/
if ($query != "") {
$counter = 0;
$rc = $DB_LINK->Execute($query);
DBUtils::checkResult($rc, NULL, NULL, $query);
// Error check
# exit if we did not find any matches
<?php
require_once "libraries/head.php";
if (!isLogin()) {
sendAjaxRedirect("index.php");
}
if (isset($_POST["userid"]) && isset($_POST["newrole"])) {
if (!isValidID($_POST["userid"]) || !isValidID($_POST["newrole"])) {
sendAjaxResErr("User or role status invalid!");
}
$result = executeChange($_SESSION["userID"], $_POST["userid"], $_POST["newrole"]);
if ($result === true) {
sendAjaxResSuc("Change role status successfully!");
} else {
sendAjaxResErr($result);
}
}
function executeChange($currUser, $userid, $newrole)
{
if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") {
return "Invalid status!";
}
$userDAO = new UserDAO();
$userChan = $userDAO->getUserByID($userid);
$userCurr = $userDAO->getUserByID($currUser);
//get current session user
if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") {
return "You have no right to change user status!";
}
if ($userChan === null) {
//database
<?php
require_once "classes/DBUtils.class.php";
require_once "classes/Fraction.class.php";
// Read in the globals
$mode = isset($_REQUEST['mode']) ? $_REQUEST['mode'] : 'print';
$store_id = isset($_REQUEST['store_id']) && isValidID($_REQUEST['store_id']) ? stripslashes($_REQUEST['store_id']) : 0;
// the selected store layout
$show_sections = isset($_REQUEST['show_sections']) ? $_REQUEST['show_sections'] : '';
$listObj = $_SESSION['shoppinglist'];
// The layout contains the sections
$useLayout = array();
// Load the store names from the database
$sql = "SELECT store_id, store_name FROM {$db_table_stores} WHERE store_user = '******'";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
$stores = DBUtils::createList($rc, 'store_id', 'store_name');
$stores = array("0" => $LangUI->_("(Show All)")) + $stores;
// Load the section names so we can print them for headers later (only if requested)
$sql = "SELECT location_id, location_desc FROM {$db_table_locations} ORDER BY location_desc ASC";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
$locations = DBUtils::createList($rc, 'location_id', 'location_desc');
if ($store_id > 0) {
// We need to do the query again (MySQL odd behavior)
$sql = "SELECT store_layout FROM {$db_table_stores} WHERE store_user = '******' AND store_id = " . $DB_LINK->addq($store_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
// get the list of sections to display, default is 'default'
$useLayout = split(',', $rc->fields[0]);
if (!count($useLayout)) {
$sql = "DELETE FROM {$db_table_ingredientmaps} WHERE map_recipe=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$result = $DB_LINK->Execute($sql);
// Also clear out the related_recipes
$sql = "DELETE FROM {$db_table_related_recipes} WHERE related_parent=" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc());
$result = $DB_LINK->Execute($sql);
}
$recipe_id = $recipeObj->getID();
/*
Add the ingredients into the database. The order field is needed because mysql does not consistently put them in or retrieve them
in a specific order.
*/
foreach ($ingArray as $ing) {
$ing->setID($recipe_id);
$ing->insertMap();
}
// Add all the related recipes in.
$i = 0;
while (isset($_POST['relatedId_' . $i]) && isValidID($_POST['relatedId_' . $i])) {
if (isset($_POST['relatedRequired_' . $i])) {
$required = $DB_LINK->true;
} else {
$required = $DB_LINK->false;
}
$sql = "INSERT INTO {$db_table_related_recipes} (related_parent, related_child, related_required, related_order) VALUES (" . $DB_LINK->addq($recipe_id, get_magic_quotes_gpc()) . ", " . $DB_LINK->addq($_POST['relatedId_' . $i], get_magic_quotes_gpc()) . ", '" . $required . "', " . $i . ")";
$rc = $DB_LINK->Execute($sql);
DBUtils::checkResult($rc, NULL, NULL, $sql);
$i++;
}
?>
<?php
require_once "libraries/head.php";
require_once "libraries/class.FastTemplate.php";
if (!isLogin()) {
exit;
}
$tpl = new FastTemplate("templates/");
$tpl->define(array("group_checked_member" => "index/group_checked_member.html"));
if (isset($_POST["groupid"])) {
$groupID = $_POST["groupid"];
if (!isValidID($groupID)) {
return;
}
$userID = $_SESSION["userID"];
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return;
}
$gmDAO = new GroupMemberDAO();
$gms = $gmDAO->getGroupMembersByGroup($group);
$flag = false;
foreach ($gms as $gm) {
if ($gm->getUser()->getUserID() === $userID) {
continue;
}
$tpl->assign("INDEX_GROUP_CHECKED_USERID", $gm->getUser()->getUserID());
$tpl->assign("INDEX_GROUP_CHECKED_USERNAME", $gm->getUser()->getFirstName() . " " . $gm->getUser()->getLastName());
$tpl->parse("MAIN", ".group_checked_member");
$flag = true;
function inputOK($postVal, $dtyID, $rtyID)
{
if (!@$labelToID) {
$labelToID = mysql__select_assoc("defTerms", "trm_Label", "trm_ID", "1");
}
/*****DEBUG****/
//error_log("postvalue = ".print_r($postVal,true));
// if value is term label
if (!is_numeric($postVal) && array_key_exists($postVal, $labelToID)) {
$postVal = $labelToID[$postVal];
}
return isValidID($postVal, $dtyID, $rtyID);
}
echo "Welcome " . $user->data['username'] . "!";
?>
<br /><br />
<div id='errorBox'>
<div id='keymanage'>
Search for server keys by user:
<input class='user' maxlength='40' type='text' value=''/>
</div>
</div>
</center>
<?php
} else {
?>
Download
<?php
if (isValidID($user->data['user_type'])) {
?>
<p class="backBtn">| <a href="?managekeys=1">Manage Server Keys</a></p>
<?php
}
?>
<hr class="hr1" />
<br />
<center>
<?php
echo "Welcome " . $user->data['username'] . "!";
if (true || isGroup($userID)) {
?>
<br /><br />
<div id='errorBox'>Notice: this is a beta release. It's unstable and support is limited.
<hr class="hr1">
<?php
require_once "libraries/head.php";
if (!isLogin()) {
sendAjaxRedirect("login.php");
}
if (isset($_POST["groupid"]) && isset($_POST["newstatus"])) {
if (!isValidID($_POST["groupid"]) || !isValidID($_POST["newstatus"])) {
sendAjaxResErr("Group ID or Status invalid!");
}
$result = executeChange($_SESSION["userID"], $_POST["groupid"], $_POST["newstatus"]);
if ($result === true) {
sendAjaxResSuc("Change group status successfully!");
} else {
sendAjaxResErr($result);
}
}
function executeChange($userID, $groupID, $newStatus)
{
$newStatus = $newStatus;
if ($newStatus !== "1" && $newStatus !== "2" && $newStatus !== "3") {
return "Invalid status!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByID($userID);
$groupDAO = new GroupDAO();
$group = $groupDAO->getGroupByID($groupID);
if ($group === null) {
return "Could not find this group!";
}
if ($group->getActivateStatus() === $newStatus) {
function inputOK($postVal, $dtyID, $rtyID)
{
if (!@$labelToID) {
$labelToID = mysql__select_assoc("defTerms", "trm_Label", "trm_ID", "1");
}
// if value is term label
if (!is_numeric($postVal) && array_key_exists($postVal, $labelToID)) {
$postVal = $labelToID[$postVal];
}
return $postVal ? isValidID($postVal, $dtyID, $rtyID) : false;
}
<?php
require_once "classes/Recipe.class.php";
$recipe_id = isValidID($_REQUEST['recipe_id']) ? $_REQUEST['recipe_id'] : 0;
$recipeObj = new Recipe($recipe_id);
$recipeObj->loadRecipe();
?>
<table cellspacing="0" cellpadding="1" border="0" width="100%">
<tr>
<td align="left" class="title">
<?php
echo $LangUI->_('Review Recipe');
?>
</td>
</tr>
</table>
<p>
<table cellspacing="0" cellpadding="1" border="0" width="100%">
<tr>
<td align="center" class="title">
<?php
echo $recipeObj->name;
?>
</td>
</tr>
</table>
<P>
<b><?php
echo $LangUI->_('Rating');
?>
:</b><br />
<?php
require_once 'libs/phpmailer/class.phpmailer.php';
$recipe_id = isset($_POST['recipe_id']) && isValidID($_POST['recipe_id']) ? $_POST['recipe_id'] : 0;
$sendToAddress = isset($_POST['email_address']) ? $_POST['email_address'] : "";
$message = isset($_POST['message']) ? $_POST['message'] : "";
if ($recipe_id == 0 || $sendToAddress == "") {
die($LangUI->_('e-Mail address to send to and recipe ID are required to send a message'));
}
// Only trust logged in users to email
if (!$SMObj->isUserLoggedIn()) {
die($LangUI->_('You must be logged into perform the requested action.'));
}
$htmlData = get_data($g_rb_fullurl . "index.php?m=recipes&a=view&print=yes&format=no&recipe_id=" . $recipe_id);
$htmlData = "<fieldset>" . $message . "</fieldset>" . $htmlData . '<p><a href="' . $g_rb_fullurl . 'index.php?m=recipes&a=view&recipe_id=' . $recipe_id . '">Visit Recipe Website</a></p>';
function get_data($url)
{
$ch = curl_init();
$timeout = 5;
curl_setopt($ch, CURLOPT_URL, $url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout);
$data = curl_exec($ch);
curl_close($ch);
return $data;
}
$mail = new PHPMailer();
$mail->IsSMTP();
// telling the class to use SMTP
//$mail->SMTPDebug = 2; // enables SMTP debug information (for testing)
$mail->SMTPAuth = true;
<div id="ingredientAddEditContainer">
<?php
require_once "classes/Units.class.php";
require_once "classes/DBUtils.class.php";
$ingredient_id = isset($_GET['ingredient_id']) && isValidID($_GET['ingredient_id']) ? $_GET['ingredient_id'] : 0;
if (!$SMObj->isUserLoggedIn()) {
die($LangUI->_('You must be logged into perform the requested action.'));
}
if ($ingredient_id && !$SMObj->checkAccessLevel("EDITOR")) {
// Figure out who the owner of this ingredient is, Editors can edit anyones recipes
// The owner of a ingredient does not change when someone edits it.
$sql = "SELECT ingredient_user FROM {$db_table_ingredients} WHERE ingredient_id = " . $DB_LINK->addq($ingredient_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
if ($rc->fields['ingredient_user'] != "" && $rc->fields['ingredient_user'] != $SMObj->getUserID()) {
die($LangUI->_('You are not the owner of this ingredient, you are not allowed to edit it'));
}
}
// get the information about the Ingredient (empty query if new Ingredient)
if ($ingredient_id) {
$sql = "SELECT *\n\t\t\tFROM {$db_table_ingredients}\n\t\t\tLEFT JOIN {$db_table_units} ON ingredient_unit = unit_id\n\t\t\tWHERE ingredient_id = " . $DB_LINK->addq($ingredient_id, get_magic_quotes_gpc());
$ingredients = $DB_LINK->Execute($sql);
DBUtils::checkResult($ingredients, NULL, NULL, $sql);
}
?>
<script language="javascript">
$(document).ready(function() {
$('#ingredient_form').validate();
$("#ingredient_name").autocomplete({
<?php
$killOverride = true;
$pageTitle = "SeaAuth - Unidentified Account";
require_once "authlib.php";
if (isValidID()) {
$conn = $altConn = null;
header('Location: index.php');
die('');
}
//Check if it's a new ip
$addr = $_SERVER['REMOTE_ADDR'];
$cmd = $conn->prepare("select userID, active from {$userTable} where addr = :addr");
$cmd->bindParam(":addr", $addr, PDO::PARAM_STR, 16);
$cmd->execute();
$results = $cmd->fetchAll();
if (count($results) === 0) {
//For Debugging
if (isset($_SESSION['userID'])) {
unset($_SESSION);
session_destroy();
}
//End of debugging
logEvent($conn, $logTable, "Foreign device connected {$addr}");
$conn = $altConn = null;
header("Location: new-user.php");
die('');
} else {
if ($results[0]['active'] == '0') {
header('Location: lockout.php');
die('');
<?php
require "libs/lightopenid/openid.php";
$provider = isset($_GET['provider']) ? $_GET['provider'] : 'google';
// I like google
$mode = isset($_GET['mode']) ? $_GET['mode'] : '';
$user_id = isset($_GET['user_id']) && isValidID($_GET['user_id']) ? $_GET['user_id'] : null;
$redirectTo = "index.php";
try {
$openid = new LightOpenID($_SERVER['SERVER_NAME']);
if (!$openid->mode) {
$openid->required = array('namePerson/friendly', 'namePerson/first', 'namePerson/last', 'contact/email', 'pref/language');
if ($provider == "google") {
$openid->identity = 'https://www.google.com/accounts/o8/id';
}
header('Location: ' . $openid->authUrl());
}
if ($openid->mode == 'cancel') {
echo 'Login Canceled!';
} else {
session_start();
$_SESSION['openID_AddIdentity'] = null;
// clear out just in case.
if ($openid->validate()) {
$attribs = $openid->getAttributes();
if ($mode == "create") {
$_SESSION['openID_provider'] = $provider;
$_SESSION['openID_identity'] = $openid->identity;
$_SESSION['openID_name'] = $attribs['namePerson/first'] . " " . $attribs['namePerson/last'];
$_SESSION['openID_email'] = isset($attribs['contact/email']) ? $attribs['contact/email'] : null;
$_SESSION['openID_language'] = isset($attribs['pref/language']) ? $attribs['pref/language'] : "English";
<?php
require_once "classes/DBUtils.class.php";
require_once "classes/Restaurant.class.php";
// Read in the POST values
$restaurant_id = isValidID($_GET['restaurant_id']) ? $_GET['restaurant_id'] : 0;
$restaurant_name = isset($_POST['restaurant_name']) ? htmlentities(stripslashes($_POST['restaurant_name']), ENT_QUOTES) : '';
$restaurant_website = isset($_POST['restaurant_website']) ? htmlentities(stripslashes($_POST['restaurant_website']), ENT_QUOTES) : '';
$restaurant_address = isset($_POST['restaurant_address']) ? htmlentities(stripslashes($_POST['restaurant_address']), ENT_QUOTES) : '';
$restaurant_city = isset($_POST['restaurant_city']) ? htmlentities(stripslashes($_POST['restaurant_city']), ENT_QUOTES) : '';
$restaurant_state = isset($_POST['restaurant_state']) ? htmlentities(stripslashes($_POST['restaurant_state']), ENT_QUOTES) : '';
$restaurant_zip = isset($_POST['restaurant_zip']) ? htmlentities(stripslashes($_POST['restaurant_zip']), ENT_QUOTES) : '';
$restaurant_country = isset($_POST['restaurant_country']) ? htmlentities(stripslashes($_POST['restaurant_country']), ENT_QUOTES) : '';
$restaurant_phone = isset($_POST['restaurant_phone']) ? htmlentities(stripslashes($_POST['restaurant_phone']), ENT_QUOTES) : '';
$restaurant_hours = isset($_POST['restaurant_hours']) ? addslashes($_POST['restaurant_hours']) : '';
$restaurant_price = isValidID($_POST['restaurant_price']) ? $_POST['restaurant_price'] : 0;
$restaurant_delivery = isset($_POST['restaurant_delivery']) ? $DB_LINK->true : $DB_LINK->false;
$restaurant_dine_in = isset($_POST['restaurant_dine_in']) ? $DB_LINK->true : $DB_LINK->false;
$restaurant_carry_out = isset($_POST['restaurant_carry_out']) ? $DB_LINK->true : $DB_LINK->false;
$restaurant_credit = isset($_POST['restaurant_credit']) ? $DB_LINK->true : $DB_LINK->false;
$restaurant_picture_oid = isset($_POST['restaurant_picture_oid']) ? $_POST['restaurant_picture_oid'] : 'NULL';
// to keep postgres clean
$restaurant_picture_type = isset($_FILES['restaurant_picture']['type']) ? $_FILES['restaurant_picture']['type'] : '';
$remove_picture = isset($_POST['remove_picture']) ? $_POST['remove_picture'] : '';
$restaurant_menu_text = isset($_POST['restaurant_menu_text']) ? htmlentities(stripslashes($_POST['restaurant_menu_text']), ENT_QUOTES) : '';
$restaurant_comments = isset($_POST['restaurant_comments']) ? htmlentities(stripslashes($_POST['restaurant_comments']), ENT_QUOTES) : '';
if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) {
// Figure out who the owner of this restaurant is, Editors can edit anyones items
$sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
<?php
require_once "classes/Restaurant.class.php";
require_once "classes/DBUtils.class.php";
$restaurant_id = isValidID($_GET['restaurant_id']) ? $_GET['restaurant_id'] : 0;
if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) {
// Figure out who the owner of this restaurant is, Editors can edit anyones items
$sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
if ($rc->fields['restaurant_user'] != "" && $rc->fields['restaurant_user'] != $SMObj->getUserID()) {
die($LangUI->_('You are not the owner of this restaurant, you are not allowed to delete it'));
}
}
// clean up the old picture if we are suppose to
if ($g_rb_database_type == "postgres") {
$sql = "SELECT restaurant_picture FROM {$db_table_restaurants} WHERE restaurant_id=" . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
if (trim($rc->fields['restaurant_picture']) != "") {
$rc = $DB_LINK->BlobDelete($rc->fields['restaurant_picture']);
DBUtils::checkResult($rc, $LangUI->_('Picture successfully deleted'), NULL, $sql);
}
}
// In Postgres everything will be cleaned up with one delete
$RestaurantObj = new Restaurant($restaurant_id);
$RestaurantObj->delete();
?>
<I><?php
echo $LangUI->_('Restaurant Deleted');
?>
</I>
<?php
require_once "libraries/head.php";
require_once "libraries/class.FastTemplate.php";
if (!isLogin()) {
exit;
}
if (isset($_POST["departid"])) {
if (!isValidID($_POST["departid"])) {
exit;
}
displayDepartUser($_POST["departid"], $_SESSION["userID"]);
}
function displayDepartUser($departID, $userID)
{
$tpl = new FastTemplate("templates/");
$tpl->define(array("user" => "index/user.html", "department" => "index/department.html", "depart_user" => "index/depart_user.html", "header" => "index/header.html"));
$departDAO = new DepartmentDAO();
$depart = $departDAO->getDepartmentByID($departID);
if ($departID == "1" || $depart === null) {
$tpl->assign("INDEX_DEPART_USER_HEADER", "");
} else {
$tpl->assign("INDEX_HEADER_NAME", $depart->getDepartmentName());
$tpl->parse("INDEX_DEPART_USER_HEADER", "header");
}
$result = findDepartAndUser($departID, $userID);
if ($result === false || count($result) === 0) {
$tpl->assign("INDEX_DEPART_USER", "");
} else {
foreach ($result as $node) {
if ($node["type"] == 1) {
