/** * @package pragyan * @copyright (c) 2008 Pragyan Team * @license http://www.gnu.org/licenses/ GNU Public License * For more details, see README */ function displayNews() { $news = <<<NEWS \t\t<style type="text/css"> \t\ta.tickl{font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;line-height:12px;text-decoration:none;color:#fff;font-weight:bold;} \t\t.tickls{color:#666;} \t\t</style> \t\t<div id="newsbox" style="font-size:0.9em;position:absolute;right:45px;width:375px;top:80px;color:#fff;z-index:2;"> \t\t<div class="ticki" > \t\t<a class="tickl" href="/08/home/news/"><span class="tickls">UPDATES</span></a> \t\t<a id="tickerAnchor" class="tickl" target="_top" href=""></a> \t\t</div> \t\t</div> \t\t<script type="text/javascript" language="JavaScript"> \t\t <!-- \t\t var theCharacterTimeout = 50; \t\t var theStoryTimeout = 5000; \t\t var theWidgetOne = "_"; \t\t var theWidgetTwo = "-"; \t\t var theWidgetNone = ""; \t\t var theLeadString = ": "; \t\t var theSummaries = new Array(); \t\t var theSiteLinks = new Array(); NEWS; global $sourceFolder; global $moduleFolder; global $urlRequestRoot; global $pageIdArray; require_once "{$sourceFolder}/{$moduleFolder}/news.lib.php"; $tmpNewsObj = new news(); $pageFullPath = "/news/"; ///<Replace with path of news page $pageId = parseUrlReal($pageFullPath, $pageIdArray); $pageInfo = getPageInfo($pageId); $newsArray = $tmpNewsObj->getNewsArray($pageInfo['page_modulecomponentid']); $news .= "var theItemCount =" . sizeof($newsArray) . ";"; for ($i = 0; $i < sizeof($newsArray); $i++) { $newsFeed = $newsArray[$i]['news_title']; $newsFeed .= " - " . $newsArray[$i]['news_feed']; $newsLink = $newsArray[$i]['news_link']; // displayerror() if (strlen($newsFeed) >= 48) { $newsFeed = substr($newsFeed, 0, 48); $newsFeed = substr($newsFeed, 0, strrpos($newsFeed, " ")); $newsFeed .= "..."; } $news .= "theSummaries[{$i}] = \"{$newsFeed}\";"; if ($newsLink == "") { $newsLink = $urlRequestRoot . $pageFullPath . "&id=" . $newsArray[$i]['news_id']; } $news .= "theSiteLinks[{$i}] = \"{$newsLink}\";"; } $news .= <<<NEWS \t\t startTicker(); \t\t //--> \t\t</script> NEWS; return $news; }
function displayNew() { global $sourceFolder; global $moduleFolder; global $urlRequestRoot; global $pageIdArray; require_once "{$sourceFolder}/{$moduleFolder}/news.lib.php"; $tmpNewsObj = new news(); $pageFullPath = "/whatsnew/"; ///<Replace with path of news page $pageId = parseUrlReal($pageFullPath, $pageIdArray); $pageInfo = getPageInfo($pageId); $newsArray = $tmpNewsObj->getNewsArray($pageInfo['page_modulecomponentid']); $newsFeed = ''; for ($i = 0; $i < sizeof($newsArray); $i++) { $newsTitle = str_replace("'", "'", $newsArray[$i]['news_title']); $newsBody = str_replace("'", "'", $newsArray[$i]['news_feed']); $newsTitle = rtrim($newsTitle); $newsBody = rtrim($newsBody); $days = 20; // if(time()<(strtotime($newsArray[$i]['news_date'])+($days*24*60*60))) { // $newsBody .= '<font color="#f9dc72"><strong> NEW!</strong></font>'; // } if ($newsArray[$i]['news_link'] == '') { $newsFeed .= '\'<a href=/09/home/whatsnew>' . $newsTitle . ' ' . $newsBody . '</a>\','; } else { $newsFeed .= '\'<a href=' . $newsArray[$i]['news_link'] . '>' . $newsTitle . ' ' . $newsBody . '</a>\','; } } $newsFeed = rtrim($newsFeed, ','); /** if (strlen($newsFeed) >= 48) { $newsFeed = substr($newsFeed, 0, 48); $newsFeed = substr($newsFeed, 0, strrpos($newsFeed, " ")); $newsFeed .= "..."; } */ $news = <<<NEWS <script> var pausecontent2=new Array({$newsFeed}) </script> NEWS; return $news; }
/** * @package pragyan * @copyright (c) 2008 Pragyan Team * @license http://www.gnu.org/licenses/ GNU Public License * For more details, see README */ function displayNews2() { global $sourceFolder; global $moduleFolder; global $urlRequestRoot; global $pageIdArray; require_once "{$sourceFolder}/{$moduleFolder}/news.lib.php"; $tmpNewsObj = new news(); $pageFullPath = "/news/"; ///<Replace with path of news page $pageId = parseUrlReal($pageFullPath, $pageIdArray); $pageInfo = getPageInfo($pageId); $newsArray = $tmpNewsObj->getNewsArray(0); for ($i = 0; $i < sizeof($newsArray); $i++) { $divopen = "<div class=\"news_style\" rel=\"{$newsArray[$i]}[news_title]\" id=\"news{$i}\">"; $heading = "<h4>{$newsArray[$i]}[news_title]</h4>"; $content = "{$newsArray[$i]}[news_feed]"; $divclose = "</div>"; $fulldiv = $divopen . $heading . $content . $divclose; echo $fulldiv; } return 1; }
function getContent($pageId, $action, $userId, $permission, $recursed = 0) { if ($action == "login") { if ($userId == 0) { ///Commented the requirement of login.lib.php because it is already included in /index.php //require_once("login.lib.php"); $newUserId = login(); if (is_numeric($newUserId)) { return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0); } else { return $newUserId; } ///<The login page } else { displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout."); } return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0); } if ($action == "profile") { if ($userId != 0) { require_once "profile.lib.php"; return profile($userId); } else { displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!"); } } if ($action == "logout") { if ($userId != 0) { $newUserId = resetAuth(); displayinfo("You have been logged out!"); global $openid_enabled; if ($openid_enabled == 'true') { displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !"); } return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0); } else { displayinfo("You need to <a href=\"./+login\">login</a> first to logout!"); } } if ($action == "search") { require_once "search.lib.php"; $ret = getSearchBox(); if (isset($_POST['query'])) { $ret .= getSearchResultString($_POST['query']); } elseif (isset($_GET['query'])) { $ret .= getSearchResultString($_GET['query']); } return $ret; } if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') { if (isset($_GET['parentpath'])) { global $urlRequestRoot; require_once 'menu.lib.php'; $pidarr = array(); parseUrlReal(escape($_GET['parentpath']), $pidarr); $pid = $pidarr[count($pidarr) - 1]; $children = getChildren($pid, $userId); $response = array(); $response['path'] = escape($_GET['parentpath']); $response['items'] = array(); foreach ($children as $child) { $response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]); } //echo json_encode($response); exit; } } if ($permission != true) { if ($userId == 0) { $suggestion = "(Try <a href=\"./+login\">logging in?</a>)"; } else { $suggestion = ""; } displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />"); return ''; } if ($action == "admin") { require_once "admin.lib.php"; return admin($pageId, $userId); } ///default actions also to be defined here (and not outside) /// Coz work to be done after these actions do involve the page $pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'"; $pagetype_result = mysql_query($pagetype_query); $pagetype_values = mysql_fetch_assoc($pagetype_result); if (!$pagetype_values) { displayerror("The requested page does not exist."); return ""; } $moduleType = $pagetype_values['page_module']; $moduleComponentId = $pagetype_values['page_modulecomponentid']; if ($action == "settings") { ///<done here because we needed to check if the page exists for sure. require_once "pagesettings.lib.php"; return pagesettings($pageId, $userId); } if ($action == "widgets") { return handleWidgetPageSettings($pageId); } if ($recursed == 0) { $pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'"; $pagetypeupdate_result = mysql_query($pagetypeupdate_query); if (!$pagetypeupdate_result) { return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>'; } } if ($moduleType == "link") { return getContent($moduleComponentId, $action, $userId, true, 1); } if ($action == "grant") { return grantPermissions($userId, $pageId); } if ($moduleType == "menu") { return getContent(getParentPage($pageId), $action, $userId, true, 1); } if ($moduleType == "external") { $query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')"; $result = mysql_query($query); $values = mysql_fetch_array($result); $link = $values[0]; header("Location: {$link}"); } global $sourceFolder; global $moduleFolder; require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php"; $page = new $moduleType(); if (!$page instanceof module) { displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>"); return ""; } $createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'"; $createperms_result = mysql_query($createperms_query); if (mysql_num_rows($createperms_result) < 1) { displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>"); return ""; } $availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'"; $availableperms_result = mysql_query($availableperms_query); $permlist = array(); while ($value = mysql_fetch_assoc($availableperms_result)) { array_push($permlist, $value['perm_action']); } array_push($permlist, "view"); $class_methods = get_class_methods($moduleType); foreach ($permlist as $perm) { if (!in_array("action" . ucfirst($perm), $class_methods)) { displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>"); return ""; } } if ($action == "pdf") { if (isset($_GET['depth'])) { $depth = $_GET['depth']; } else { $depth = 0; } if (!is_numeric($depth)) { $depth = 0; } global $TITLE; global $sourceFolder; require_once "{$sourceFolder}/modules/pdf/html2fpdf.php"; $pdf = new HTML2FPDF(); $pdf->setModuleComponentId($moduleComponentId); $pdf->AddPage(); $pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view")); $cp = array(); $j = 0; if ($depth == -1) { $cp = child($pageId, $userId, $depth); if ($cp[0][0]) { for ($i = 0; $cp[$i][0] != NULL; $i++) { require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php"; $page1 = new $cp[$i][2](); $modCompId = $cp[$i][5]; $pdf->setModuleComponentId($modCompId); $pdf->AddPage(); $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view")); } } } else { if ($depth > 0) { $cp = child($pageId, $userId, $depth); --$depth; while ($depth > 0) { $count = count($cp); for ($j; $j < $count; $j++) { $cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth)); } --$depth; } if ($cp[0][0]) { for ($i = 0; isset($cp[$i]); $i++) { require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php"; $page1 = new $cp[$i][2](); $modCompId = $cp[$i][5]; $pdf->setModuleComponentId($modCompId); $pdf->AddPage(); $pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view")); } } } } $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf"; while (file_exists($filePath)) { $filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf"; } $pdf->Output($filePath); header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Cache-Control: private", false); header("Content-Type: application/pdf"); header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . filesize($filePath)); @readfile("{$filePath}"); unlink($filePath); } return $page->getHtml($userId, $moduleComponentId, $action); }
///The URL may contain some harmful GET variables, so filter and block such URLs. if (URLSecurityCheck($_GET)) { define("TEMPLATE", getPageTemplate(0)); $pageId = parseUrlReal("home", $pageIdArray); $TITLE = CMS_TITLE; $MENUBAR = ''; $CONTENT = "The requested URL was found to have invalid syntax and cannot be processed for security reasons.<br/> If you believe its a" . "correct URL, please contact the administrator immediately..<br />{$_SERVER['SERVER_SIGNATURE']}" . "<br /><br />Click <a href='" . $urlRequestRoot . "'>here </a> to return to the home page"; templateReplace($TITLE, $MENUBAR, $ACTIONBARMODULE, $ACTIONBARPAGE, $BREADCRUMB, $SEARCHBAR, $PAGEKEYWORDS, $INHERITEDINFO, $CONTENT, $FOOTER, $DEBUGINFO, $ERRORSTRING, $WARNINGSTRING, $INFOSTRING, $STARTSCRIPTS, $LOGINFORM); exit; } ///Parse the URL and retrieve the PageID of the request page if its valid $pageId = parseUrlReal($pageFullPath, $pageIdArray); ///Means that the requested URL is not valid. if ($pageId === false) { define("TEMPLATE", getPageTemplate(0)); $pageId = parseUrlReal("home", $pageIdArray); $TITLE = CMS_TITLE; $MENUBAR = ''; $CONTENT = "The requested URL was not found on this server.<br />{$_SERVER['SERVER_SIGNATURE']}" . "<br /><br />Click <a href='" . $urlRequestRoot . "'>here </a> to return to the home page"; templateReplace($TITLE, $MENUBAR, $ACTIONBARMODULE, $ACTIONBARPAGE, $BREADCRUMB, $SEARCHBAR, $PAGEKEYWORDS, $INHERITEDINFO, $CONTENT, $FOOTER, $DEBUGINFO, $ERRORSTRING, $WARNINGSTRING, $INFOSTRING, $STARTSCRIPTS, $LOGINFORM); exit; } ///If it reaches here, means the page requested is valid. Log the information for future use. logInfo(getUserEmail($userId), $userId, $pageId, $pageFullPath, getPageModule($pageId), $action, $_SERVER['REMOTE_ADDR']); ///The URL points to a file. Download permissions for the file are handled inside the download() function in download.lib.php if (isset($_GET['fileget'])) { require_once $sourceFolder . "/download.lib.php"; $action = ""; if (isset($_GET['action'])) { $action = $_GET['action']; }
/** * Displays a page settings form, as well as handles its submission, given a page id and a user id * @param $pageId Page id of the page where the user is trying to modify settings * @param $userId User id of the current user * @return HTML content for the page (the form, or the notifications after the form handling) */ function pagesettings($pageId, $userId) { $pageId = escape($pageId); $userId = escape($userId); global $sourceFolder; $chkquery = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute`='allow_pagespecific_template'"; $row = mysql_fetch_row(mysql_query($chkquery)); $allow_pagespecific_templates = $row[0]; // 0 if disabled, 1 if enabled require_once $sourceFolder . "/tree.lib.php"; if (isset($_GET['displayinfo'])) { displayinfo(safe_html($_GET['displayinfo'])); } if (isset($_GET['displayerror'])) { displayerror(safe_html($_GET['displayerror'])); } if (isset($_GET['subaction'])) { if ($_GET['subaction'] == "pagesettings") { $childPageName = escape($_GET['pageName']); if (isset($_POST['btnSubmit'])) { global $sourceFolder; require_once $sourceFolder . "/parseurl.lib.php"; if (isset($_POST['link'])) { $lpageIdArray = array(); $linkpageid = parseUrlReal(escape($_POST['link']), $lpageIdArray); } else { if (isset($_POST['exlink'])) { $exlink = escape($_POST['exlink']); } } $visibleChildList = array(); $visibleiChildList = array(); $visiblesChildList = array(); if (isset($_POST['menubarshowchildren']) && is_array($_POST['menubarshowchildren'])) { for ($i = 0; $i < count($_POST['menubarshowchildren']); $i++) { $visibleChildList[] = escape($_POST['menubarshowchildren'][$i]); } } if (isset($_POST['sitemapshowchildren']) && is_array($_POST['sitemapshowchildren'])) { for ($i = 0; $i < count($_POST['sitemapshowchildren']); $i++) { $visiblesChildList[] = escape($_POST['sitemapshowchildren'][$i]); } } if (isset($_POST['childrenshowicon']) && is_array($_POST['childrenshowicon'])) { for ($i = 0; $i < count($_POST['childrenshowicon']); $i++) { $visibleiChildList[] = escape($_POST['childrenshowicon'][$i]); } } $pageInfoRow = getPageInfo($pageId); if (isset($_POST['default_template']) || $allow_pagespecific_templates == 0) { $page_template = DEF_TEMPLATE; } else { $page_template = escape($_POST['page_template']); } $template_propogate = isset($_POST['template_propogate']) ? true : false; $menu_propogate = isset($_POST['menustyle_propogate']) ? true : false; $icon_propogate = isset($_POST['icon_propogate']) ? true : false; $_POST['pagename'] = isset($_POST['pagename']) ? $_POST['pagename'] : ""; $_POST['pagetitle'] = isset($_POST['pagetitle']) ? $_POST['pagetitle'] : ""; $var = isset($_POST['allowComments']) ? 1 : 0; $modulecomponentid = mysql_fetch_array(mysql_query("SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id` = '{$pageId}'")); $modulecomponentid = $modulecomponentid['page_modulecomponentid']; mysql_query("UPDATE `article_content` SET `allowComments` = {$var} WHERE `page_modulecomponentid` = '{$modulecomponentid}'"); if (isset($_POST['exlink'])) { mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "external` SET `page_extlink` = '{$exlink}' WHERE `page_modulecomponentid`= '{$modulecomponentid}'"); } else { if (isset($_POST['link'])) { mysql_query("UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_modulecomponentid` = '{$linkpageid}' WHERE `page_id`= '{$pageId}'"); } } $updateErrors = updateSettings($pageId, $userId, escape($_POST['pagename']), escape($_POST['pagetitle']), isset($_POST['showinmenu']), isset($_POST['showheading']), isset($_POST['showmenubar']), isset($_POST['showsiblingmenu']), $visibleChildList, $visiblesChildList, $visibleiChildList, $page_template, $template_propogate, escape($_POST['menutype']), isset($_POST['menudepth']) ? escape($_POST['menudepth']) : NULL, $menu_propogate, isset($_POST['showinsitemap']), isset($_POST['displayicon']), $icon_propogate); $pageInfoRow = getPageInfo($pageId); if ($updateErrors == '') { //disconnect(); //header("Location: ../{$pageInfoRow['page_name']}+settings&displayinfo=".rawurlencode('Page settings updated successfully!')); displayinfo("Page settings updated successfully!"); } else { //disconnect(); //header("Location: ../{$pageInfoRow['page_name']}+settings&displayerror=".rawurlencode($updateErrors)); displayerror("Could not update page settings : " . $updateErrors); } } if (isset($_POST['moveUp']) || isset($_POST['moveDn'])) { if (isset($_POST['moveUp'])) { $comparison = "<="; $sortOrder = "DESC"; } else { $comparison = ">="; $sortOrder = "ASC"; } $childPageName = escape($_GET['pageName']); $query = "SELECT `page_menurank`,`page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}' AND `page_id` != '{$pageId}' ORDER BY `page_menurank` {$sortOrder} LIMIT 0,1 "; $result = mysql_query($query); $temp = mysql_fetch_assoc($result); $childPageId = $temp['page_id']; $query = "SELECT `page_menurank`,`page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`={$pageId} AND `page_menurank` {$comparison}(SELECT `page_menurank` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}') AND `page_id` != '{$childPageId}' AND `page_parentid` != `page_id` ORDER BY `page_menurank` {$sortOrder} LIMIT 0,1 "; $result = mysql_query($query) or displayinfo(mysql_error()); if (mysql_num_rows($result) == 0) { displayerror("You cannot move up/down the first/last page in menu"); } $tempTarg = mysql_fetch_assoc($result); $query = "SELECT `page_menurank`,`page_parentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`='{$childPageId}'"; $result = mysql_query($query); $tempSrc = mysql_fetch_assoc($result); if ($tempTarg['page_menurank'] == $tempSrc['page_menurank']) { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` = `page_id` WHERE `page_parentid`='{$tempSrc['page_parentid']}'"; mysql_query($query); displayinfo("Error in menu rank corrected. Please reorder the pages"); } else { $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` ='{$tempSrc['page_menurank']}' WHERE `page_id` = '{$tempTarg['page_id']}' "; mysql_query($query); $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "pages` SET `page_menurank` ='{$tempTarg['page_menurank']}' WHERE `page_id` = '{$childPageId}' "; mysql_query($query); } } if (isset($_POST['deletePage'])) { if (isset($_GET['pageName']) && $_GET['pageName'] != "") { $childPageName = escape($_GET['pageName']); $query = "SELECT `page_id` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_parentid`='{$pageId}' AND `page_name`='{$childPageName}'"; $result = mysql_query($query); $temp = mysql_fetch_assoc($result); $childPageId = $temp['page_id']; if (deletePage($childPageId, $userId)) { displayinfo("Page deleted successfully."); } } else { displayerror("Not enough information available"); } } } elseif ($_GET['subaction'] == "move") { if ($_POST['parentpagepath'] == '') { $updateErrors = "Null page id"; } else { global $sourceFolder; require_once $sourceFolder . "/parseurl.lib.php"; $pageIdArray = array(); $parentId = parseUrlReal(escape($_POST['parentpagepath']), $pageIdArray); $updateErrors = move_page($userId, $pageId, $parentId, escape($_POST['destinationpagetitle']), escape($_POST['destinationpagename']), isset($_POST['deleteoriginalpage'])); } if ($updateErrors != '') { displayerror($updateErrors); } } elseif ($_GET['subaction'] == "create") { /** * Have page rank equal to page id to ensure unique ranks * for links, rank equals to page id of the target sure, coz we can sure the pageid of parent page is unique at destination * check if there is any child page with same name * page name should not contain any special characters. (esp space) * ask for page name only and page title = ucfirst(pagename) * check if the guy has permission to create the page of that type * call modules createModule function */ if (isset($_POST['childpagetype']) && isset($_POST['childpagename'])) { if (isset($_POST['default_template']) || $allow_pagespecific_templates == 0) { $page_template = DEF_TEMPLATE; } else { $page_template = escape($_POST['page_template']); } $maxquery = "SELECT MAX( page_id ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "pages"; $maxqueryresult = mysql_query($maxquery); $maxqueryrow = mysql_fetch_array($maxqueryresult); $maxpageid = $maxqueryrow[0] + 1; $menutypequery = "SELECT `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu` FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id=" . $pageId; $menutyperesult = mysql_query($menutypequery); $menutyperow = mysql_fetch_array($menutyperesult); $alreadyexistquery = "SELECT page_name FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_parentid='{$pageId}' AND page_name='" . escape($_POST['childpagename']) . "'"; $alreadyexistqueryresult = mysql_query($alreadyexistquery); $alreadyexistquerynumrows = mysql_num_rows($alreadyexistqueryresult); $childPageName = str_replace(' ', '_', escape(strtolower($_POST['childpagename']))); $childPageTitle = escape($_POST['childpagename']); if (!preg_match('/^[a-z][\\_a-z0-9]*$/', $childPageName)) { displayerror("Invalid page name."); } elseif ($alreadyexistquerynumrows >= 1) { displayerror("A page with the given name already exists at this location."); } elseif ($_POST['childpagetype'] == "menu") { $menuquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . $childPageName . "', '{$pageId}', '" . $childPageTitle . "', '" . escape($_POST['childpagetype']) . "', '0', '{$page_template}', '{$maxpageid}', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($menuquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page'); } else { displayinfo("Menu successfully created! <a href='./{$childPageName}+settings'>Click here</a> to go to its page-settings and start creating links in the menu."); } } elseif ($_POST['childpagetype'] == "link") { global $sourceFolder; require_once $sourceFolder . "/parseurl.lib.php"; $pageIdArray = array(); $parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray); if (getPermissions($userId, $parentId, "settings")) { if ($_POST['linkselect'] == "Same Tab") { $parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray); $linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$parentId}', '{$page_template}', '{$maxpageid}', '0', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($linkquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page'); } } if ($_POST['linkselect'] == "New Tab") { $parentId = parseUrlReal(escape($_POST['childpagelink']), $pageIdArray); $linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$parentId}', '{$page_template}', '{$maxpageid}', '1', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($linkquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page'); } } } else { displayerror("Not enough permission to create a link for that location."); } } elseif ($_POST['childpagetype'] == "external") { $extquery = "SELECT MAX( page_modulecomponentid ) AS MAX FROM " . MYSQL_DATABASE_PREFIX . "external"; $extqueryresult = mysql_query($extquery); $extqueryrow = mysql_fetch_array($extqueryresult); $extpageid = $extqueryrow[0] + 1; $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "external` (`page_modulecomponentid`,`page_extlink`) " . "VALUES('{$extpageid}','" . escape($_POST['externallink']) . "')"; if (!($result = mysql_query($query))) { displayerror("Unable to create an external link."); return false; } if ($_POST['linkselectex'] == "New Tab") { $linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`,`page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . escape($_POST['childpagename']) . "', '{$pageId}', '" . escape(ucfirst(escape($_POST['childpagename']))) . "', '" . escape($_POST['childpagetype']) . "', '{$extpageid}', '{$page_template}' ,'{$maxpageid}','1', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($linkquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page'); return false; } } else { $linkquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`,`page_openinnewtab`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '" . escape($_POST['childpagename']) . "', '{$pageId}', '" . escape(ucfirst(escape($_POST['childpagename']))) . "', '" . escape($_POST['childpagetype']) . "', '{$extpageid}', '{$page_template}' ,'{$maxpageid}','0', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($linkquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page'); return false; } } displayinfo("External link has been created!"); } else { $moduleType = escape($_POST['childpagetype']); global $sourceFolder; global $moduleFolder; require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php"; $page = new $moduleType(); $newId = createInstance($moduleType); $page->createModule($newId); $createquery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pages` (`page_id` ,`page_name` ,`page_parentid` ,`page_title` ,`page_module` ,`page_modulecomponentid` , `page_template`, `page_menurank`, `page_menutype`,`page_menudepth`,`page_displaysiblingmenu`,`page_displayicon`,`page_displayinmenu`) " . "VALUES ('{$maxpageid}', '{$childPageName}', '{$pageId}', '{$childPageTitle}', '" . escape($_POST['childpagetype']) . "', '{$newId}', '{$page_template}', '{$maxpageid}', '{$menutyperow['0']}','{$menutyperow['1']}','{$menutyperow['2']}','{$menutyperow['3']}','{$menutyperow['4']}')"; mysql_query($createquery); if (mysql_affected_rows() != 1) { displayerror('Unable to create a new page.'); } } } else { displayerror("One or more parameters not set."); } } else { if ($_GET['subaction'] == 'editinheritedinfo') { updatePageInheritedInfo($pageId, escape($_POST['txtInheritedInfo'])); } else { if ($_GET['subaction'] == 'tags') { if (isset($_GET['delTag']) && $_GET['delTag'] != "") { //DELETING THE TAG mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "pagetags` WHERE `tag_id` = '" . escape($_GET['delTag']) . "'"); if (mysql_affected_rows()) { displayinfo("Tag deleted!"); } else { displayerror("Error in deleting tag."); } } if (isset($_POST[newTag]) && $_POST[newTag] != "") { //INSERTING THE TAG $newTagQuery = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "pagetags` (`tag_id`, `page_id`, `tag_text`) VALUES (NULL, " . $pageId . ", '" . escape($_POST[newTag]) . "');"; $newTagResult = mysql_query($newTagQuery); if ($newTagResult) { displayinfo("Tag added!"); } else { displayerror("Error in adding tag."); } } } } } } if ($settingsForm = getSettingsForm($pageId, $userId)) { return $settingsForm; } else { displayerror('Could not find page settings for the requested page.'); return ''; } }
/** * @package pragyan * @copyright (c) 2010 Pragyan Team * @license http://www.gnu.org/licenses/ GNU Public License * For more details, see README */ $newsItems = "<div style=\"display: none;\" id=\"newscontainer\">"; global $sourceFolder; global $moduleFolder; global $urlRequestRoot; global $pageIdArray; require_once "{$sourceFolder}/{$moduleFolder}/news.lib.php"; $tmpNewsObj = new news(); $pageFullPath = "/news/"; ///<Replace with path of news page $pageId = parseUrlReal($pageFullPath, $pageIdArray); $pageInfo = getPageInfo($pageId); $newsArray = $tmpNewsObj->getNewsArray(0); for ($i = 0; $i < count($newsArray); $i++) { $newstitle = $newsArray[$i]['news_title']; $newsfeed = $newsArray[$i]['news_feed']; $newslink = $newsArray[$i]['news_link']; $divopen = "<div class=\"news_style\" rel=\"{$newstitle}\" id=\"news{$i}\">"; $heading = "<h4><a href='" . $newslink . "'>" . $newstitle . "</a></h4>"; $content = "{$newsfeed}"; $divclose = "</div>"; $fulldiv = $divopen . $heading . $content . $divclose; $newsItems .= $fulldiv; } $newsItems .= "</div>"; /*
function groupManagementForm($currentUserId, $modifiableGroups, &$pagePath) { require_once "group.lib.php"; global $ICONS; global $urlRequestRoot, $cmsFolder, $templateFolder, $moduleFolder, $sourceFolder; $scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts"; $imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images"; /// Parse any get variables, do necessary validation and stuff, so that we needn't check inside every if $groupRow = $groupId = $userId = null; $subAction = ''; //isset($_GET['subaction']) ? $_GET['subaction'] : ''; if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgroup' && isset($_GET['groupname']) || isset($_POST['btnEditGroup']) && isset($_POST['selEditGroups'])) { $subAction = 'showeditform'; } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'associateform') { $subAction = 'associateform'; } elseif (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'deleteuser' && isset($_GET['groupname']) && isset($_GET['useremail'])) { $subAction = 'deleteuser'; } elseif (isset($_POST['btnAddUserToGroup'])) { $subAction = 'addusertogroup'; } elseif (isset($_POST['btnSaveGroupProperties'])) { $subAction = 'savegroupproperties'; } elseif (isset($_POST['btnEditGroupPriorities']) || isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'editgrouppriorities') { $subAction = 'editgrouppriorities'; } if (isset($_POST['selEditGroups']) || isset($_GET['groupname'])) { $groupRow = getGroupRow(isset($_POST['selEditGroups']) ? escape($_POST['selEditGroups']) : escape($_GET['groupname'])); $groupId = $groupRow['group_id']; if ($subAction != 'editgrouppriorities' && (!$groupRow || !$groupId || $groupId < 2)) { displayerror('Error! Invalid group requested.'); return; } if (!is_null($groupId)) { if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) { displayerror('You do not have the permission to modify the selected group.'); return ''; } } } if (isset($_GET['useremail'])) { $userId = getUserIdFromEmail($_GET['useremail']); } if ($subAction != 'editgrouppriorities' && (isset($_GET['subaction']) && $_GET['subaction'] == 'editgroups' && !is_null($groupId))) { if ($subAction == 'deleteuser') { if ($groupRow['form_id'] != 0) { displayerror('The group is associated with a form. To remove a user, use the edit registrants in the assoicated form.'); } elseif (!$userId) { displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id'); } else { $deleteQuery = 'DELETE FROM `' . MYSQL_DATABASE_PREFIX . 'usergroup` WHERE `user_id` = \'' . $userId . '\' AND `group_id` = ' . $groupId; $deleteResult = mysql_query($deleteQuery); if (!$deleteResult || mysql_affected_rows() != 1) { displayerror('Could not delete user with the given E-mail from the given group.'); } else { displayinfo('Successfully removed user from the current group'); if ($userId == $currentUserId) { $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } } } } elseif ($subAction == 'savegroupproperties' && isset($_POST['txtGroupDescription'])) { $updateQuery = "UPDATE `" . MYSQL_DATABASE_PREFIX . "groups` SET `group_description` = '" . escape($_POST['txtGroupDescription']) . "' WHERE `group_id` = '{$groupId}'"; $updateResult = mysql_query($updateQuery); if (!$updateResult) { displayerror('Could not update database.'); } else { displayinfo('Changes to the group have been successfully saved.'); } $groupRow = getGroupRow($groupRow['group_name']); } elseif ($subAction == 'addusertogroup' && isset($_POST['txtUserEmail']) && trim($_POST['txtUserEmail']) != '') { if ($groupRow['form_id'] != 0) { displayerror('The selected group is associated with a form. To add a user, register the user to the form.'); } else { $passedEmails = explode(',', escape($_POST['txtUserEmail'])); for ($i = 0; $i < count($passedEmails); $i++) { $hyphenPos = strpos($passedEmails[$i], '-'); if ($hyphenPos >= 0) { $userEmail = trim(substr($passedEmails[$i], 0, $hyphenPos - 1)); } else { $userEmail = escape($_POST['txtUserEmail']); } $userId = getUserIdFromEmail($userEmail); if (!$userId || $userId < 1) { displayerror('Unknown E-mail. Could not find a registered user with the given E-mail Id'); } if (!addUserToGroupName($groupRow['group_name'], $userId)) { displayerror('Could not add the given user to the current group.'); } else { displayinfo('User has been successfully inserted into the given group.'); } } } } elseif ($subAction == 'associateform') { if (isset($_POST['btnAssociateGroup'])) { $pageIdArray = array(); $formPageId = parseUrlReal(escape($_POST['selFormPath']), $pageIdArray); if ($formPageId <= 0 || getPageModule($formPageId) != 'form') { displayerror('Invalid page selected! The page you selected is not a form.'); } elseif (!getPermissions($currentUserId, $formPageId, 'editregistrants', 'form')) { displayerror('You do not have the permissions to associate the selected form with a group.'); } else { $formModuleId = getModuleComponentIdFromPageId($formPageId, 'form'); require_once "{$sourceFolder}/{$moduleFolder}/form.lib.php"; if (isGroupEmpty($groupId) || form::getRegisteredUserCount($formModuleId) == 0) { associateGroupWithForm($groupId, $formModuleId); $groupRow = getGroupRow($groupRow['group_name']); } else { displayerror('Both the group and the form already contain registered users, and the group cannot be associated with the selected form.'); } } } elseif (isset($_POST['btnUnassociateGroup'])) { if ($groupRow['form_id'] <= 0) { displayerror('The selected group is currently not associated with any form.'); } elseif (!getPermissions($currentUserId, getPageIdFromModuleComponentId('form', $groupRow['form_id']), 'editregistrants', 'form')) { displayerror('You do not have the permissions to unassociate the form from this group.'); } else { unassociateFormFromGroup($groupId); $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); $groupRow = getGroupRow($groupRow['group_name']); } } } if ($modifiableGroups[count($modifiableGroups) - 1]['group_priority'] < $groupRow['group_priority']) { displayerror('You do not have the permission to modify the selected group.'); return ''; } $usersTable = '`' . MYSQL_DATABASE_PREFIX . 'users`'; $usergroupTable = '`' . MYSQL_DATABASE_PREFIX . 'usergroup`'; $userQuery = "SELECT `user_email`, `user_fullname` FROM {$usergroupTable}, {$usersTable} WHERE `group_id` = '{$groupId}' AND {$usersTable}.`user_id` = {$usergroupTable}.`user_id` ORDER BY `user_email`"; $userResult = mysql_query($userQuery); if (!$userResult) { displayerror('Error! Could not fetch group information.'); return ''; } $userEmails = array(); $userFullnames = array(); while ($userRow = mysql_fetch_row($userResult)) { $userEmails[] = $userRow[0]; $userFullnames[] = $userRow[1]; } $groupEditForm = <<<GROUPEDITFORM \t\t\t<h2>Group '{$groupRow['group_name']}' - '{$groupRow['group_description']}'</h2><br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['User Groups']['small']}Group Properties</legend> \t\t\t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}"> \t\t\t\t\tGroup Description: <input type="text" name="txtGroupDescription" value="{$groupRow['group_description']}" /> \t\t\t\t\t<input type="submit" name="btnSaveGroupProperties" value="Save Group Properties" /> \t\t\t\t</form> \t\t\t</fieldset> \t\t\t<br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['User Groups']['small']}Existing Users in Group:</legend> GROUPEDITFORM; $userCount = mysql_num_rows($userResult); global $urlRequestRoot, $cmsFolder, $templateFolder, $sourceFolder; $deleteImage = "<img src=\"{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16/actions/edit-delete.png\" alt=\"Remove user from the group\" title=\"Remove user from the group\" />"; for ($i = 0; $i < $userCount; $i++) { $isntAssociatedWithForm = $groupRow['form_id'] == 0; if ($isntAssociatedWithForm) { $groupEditForm .= '<a onclick="return confirm(\'Are you sure you wish to remove this user from this group?\')" href="./+admin&subaction=editgroups&subsubaction=deleteuser&groupname=' . $groupRow['group_name'] . '&useremail=' . $userEmails[$i] . '">' . $deleteImage . "</a>"; } $groupEditForm .= " {$userEmails[$i]} - {$userFullnames[$i]}<br />\n"; } $associateForm = ''; if ($groupRow['form_id'] == 0) { $associableForms = getAssociableFormsList($currentUserId, !isGroupEmpty($groupId)); $associableFormCount = count($associableForms); $associableFormsBox = '<select name="selFormPath">'; for ($i = 0; $i < $associableFormCount; ++$i) { $associableFormsBox .= '<option value="' . $associableForms[$i][2] . '">' . $associableForms[$i][1] . ' - ' . $associableForms[$i][2] . '</option>'; } $associableFormsBox .= '</select>'; $associateForm = <<<GROUPASSOCIATEFORM \t\t\tSelect a form to associate the group with: {$associableFormsBox} \t\t\t<input type="submit" name="btnAssociateGroup" value="Associate Group with Form" /> GROUPASSOCIATEFORM; } else { $associatedFormPageId = getPageIdFromModuleComponentId('form', $groupRow['form_id']); $associateForm = 'This group is currently associated with the form: ' . getPageTitle($associatedFormPageId) . ' (' . getPagePath($associatedFormPageId) . ')<br />' . '<input type="submit" name="btnUnassociateGroup" value="Unassociate" />'; } $groupEditForm .= '</fieldset>'; if ($groupRow['form_id'] == 0) { $groupEditForm .= <<<GROUPEDITFORM \t\t\t\t<br /> \t\t\t\t<fieldset style="padding: 8px"> \t\t\t\t\t<legend>{$ICONS['Add']['small']}Add Users to Group</legend> \t\t\t\t\t<form name="addusertogroup" method="POST" action="./+admin&subaction=editgroups&groupname={$groupRow['group_name']}"> \t\t\t\t\t\tEmail ID: <input type="text" name="txtUserEmail" id="txtUserEmail" value="" style="width: 256px" autocomplete="off" /> \t\t\t\t\t\t<div id="suggestionDiv" class="suggestionbox"></div> \t\t\t\t\t\t<script language="javascript" type="text/javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js"></script> \t\t\t\t\t\t<script language="javascript" type="text/javascript"> \t\t\t\t\t\t<!-- \t\t\t\t\t\t\tvar addUserBox = new SuggestionBox(document.getElementById('txtUserEmail'), document.getElementById('suggestionDiv'), "./+admin&doaction=getsuggestions&forwhat=%pattern%"); \t\t\t\t\t\t\taddUserBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif'; \t\t\t\t\t\t--> \t\t\t\t\t\t</script> \t\t\t\t\t\t<input type="submit" name="btnAddUserToGroup" value="Add User to Group" /> \t\t\t\t\t</form> \t\t\t\t</fieldset> GROUPEDITFORM; } $groupEditForm .= <<<GROUPEDITFORM \t\t\t<br /> \t\t\t<fieldset style="padding: 8px"> \t\t\t\t<legend>{$ICONS['Group Associate Form']['small']}Associate With Form</legend> \t\t\t\t<form name="groupassociationform" action="./+admin&subaction=editgroups&subsubaction=associateform&groupname={$groupRow['group_name']}" method="POST"> \t\t\t\t\t{$associateForm} \t\t\t\t</form> \t\t\t</fieldset> GROUPEDITFORM; return $groupEditForm; } if ($subAction == 'editgrouppriorities') { $modifiableCount = count($modifiableGroups); $userMaxPriority = $maxPriorityGroup = 1; if ($modifiableCount != 0) { $userMaxPriority = max($modifiableGroups[0]['group_priority'], $modifiableGroups[$modifiableCount - 1]['group_priority']); $maxPriorityGroup = $modifiableGroups[0]['group_priority'] > $modifiableGroups[$modifiableCount - 1]['group_priority'] ? $modifiableGroups[0]['group_id'] : $modifiableGroups[$modifiableCount - 1]['group_id']; } if (isset($_GET['dowhat']) && !is_null($groupId)) { if ($_GET['dowhat'] == 'incrementpriority' || $_GET['dowhat'] == 'decrementpriority') { shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'incrementpriority' ? 'up' : 'down', $userMaxPriority, true); } elseif ($_GET['dowhat'] == 'movegroupup' || $_GET['dowhat'] == 'movegroupdown') { shiftGroupPriority($currentUserId, $groupRow['group_name'], $_GET['dowhat'] == 'movegroupup' ? 'up' : 'down', $userMaxPriority, false); } elseif ($_GET['dowhat'] == 'emptygroup') { emptyGroup($groupRow['group_name']); } elseif ($_GET['dowhat'] == 'deletegroup') { if (deleteGroup($groupRow['group_name'])) { $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } } $modifiableGroups = reevaluateGroupPriorities($modifiableGroups); } elseif (isset($_GET['dowhat']) && $_GET['dowhat'] == 'addgroup') { if (isset($_POST['txtGroupName']) && isset($_POST['txtGroupDescription']) && isset($_POST['selGroupPriority'])) { $existsQuery = 'SELECT `group_id` FROM `' . MYSQL_DATABASE_PREFIX . "groups` WHERE `group_name` = '" . escape($_POST['txtGroupName']) . "'"; $existsResult = mysql_query($existsQuery); if (trim($_POST['txtGroupName']) == '') { displayerror('Cannot create a group with an empty name. Please type in a name for the new group.'); } elseif (mysql_num_rows($existsResult) >= 1) { displayerror('A group with the name you specified already exists.'); } else { $idQuery = 'SELECT MAX(`group_id`) FROM `' . MYSQL_DATABASE_PREFIX . 'groups`'; $idResult = mysql_query($idQuery); $idRow = mysql_fetch_row($idResult); $newGroupId = 2; if (!is_null($idRow[0])) { $newGroupId = $idRow[0] + 1; } $newGroupPriority = 1; if ($_POST['selGroupPriority'] <= $userMaxPriority && $_POST['selGroupPriority'] > 0) { $newGroupPriority = escape($_POST['selGroupPriority']); } $addGroupQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . 'groups` (`group_id`, `group_name`, `group_description`, `group_priority`) ' . "VALUES({$newGroupId}, '" . escape($_POST['txtGroupName']) . "', '" . escape($_POST['txtGroupDescription']) . "', '{$newGroupPriority}')"; $addGroupResult = mysql_query($addGroupQuery); if ($addGroupResult) { displayinfo('New group added successfully.'); if (isset($_POST['chkAddMe'])) { $insertQuery = 'INSERT INTO `' . MYSQL_DATABASE_PREFIX . "usergroup`(`user_id`, `group_id`) VALUES ('{$currentUserId}', '{$newGroupId}')"; if (!mysql_query($insertQuery)) { displayerror('Error adding user to newly created group: ' . $insertQuery . '<br />' . mysql_query()); } } $virtue = ''; $maxPriorityGroup = getMaxPriorityGroup($pagePath, $currentUserId, array_reverse(getGroupIds($currentUserId)), $virtue); $modifiableGroups = getModifiableGroups($currentUserId, $maxPriorityGroup, $ordering = 'asc'); } else { displayerror('Could not run MySQL query. New group could not be added.'); } } } $modifiableGroups = reevaluateGroupPriorities($modifiableGroups); } $modifiableCount = count($modifiableGroups); if ($modifiableGroups[0]['group_priority'] < $modifiableGroups[$modifiableCount - 1]['group_priority']) { $modifiableGroups = array_reverse($modifiableGroups); } $previousPriority = $modifiableGroups[0]['group_priority']; global $cmsFolder, $urlRequestRoot, $moduleFolder, $templateFolder, $sourceFolder; $iconsFolderUrl = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/icons/16x16"; $moveUpImage = '<img src="' . $iconsFolderUrl . '/actions/go-up.png" title="Increment Group Priority" alt="Increment Group Priority" />'; $moveDownImage = '<img src="' . $iconsFolderUrl . '/actions/go-down.png" alt="Decrement Group Priority" title="Decrement Group Priority" />'; $moveTopImage = '<img src="' . $iconsFolderUrl . '/actions/go-top.png" alt="Move to next higher priority level" title="Move to next higher priority level" />'; $moveBottomImage = '<img src="' . $iconsFolderUrl . '/actions/go-bottom.png" alt="Move to next lower priority level" title="Move to next lower priority level" />'; $emptyImage = '<img src="' . $iconsFolderUrl . '/actions/edit-clear.png" alt="Empty Group" title="Empty Group" />'; $deleteImage = '<img src="' . $iconsFolderUrl . '/actions/edit-delete.png" alt="Delete Group" title="Delete Group" />'; $groupsForm = '<h3>Edit Group Priorities</h3><br />'; for ($i = 0; $i < $modifiableCount; $i++) { if ($modifiableGroups[$i]['group_priority'] != $previousPriority) { $groupsForm .= '<br /><br /><hr /><br />'; } $groupsForm .= '<span style="margin: 4px;" title="' . $modifiableGroups[$i]['group_description'] . '">' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=incrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveUpImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=decrementpriority&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveDownImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveTopImage . '</a>' . '<a href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=movegroupdown&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $moveBottomImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to empty this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=emptygroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $emptyImage . '</a>' . '<a onclick="return confirm(\'Are you sure you want to delete this group?\')" href="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=deletegroup&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $deleteImage . '</a>' . '<a href="./+admin&subaction=editgroups&groupname=' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . "</a></span>\n"; $previousPriority = $modifiableGroups[$i]['group_priority']; } $priorityBox = '<option value="1">1</option>'; for ($i = 2; $i <= $userMaxPriority; ++$i) { $priorityBox .= '<option value="' . $i . '">' . $i . '</option>'; } $groupsForm .= <<<GROUPSFORM \t\t<br /><br /> \t\t<fieldset style="padding: 8px"> \t\t\t<legend>Create New Group:</legend> \t\t\t<form name="groupaddform" method="POST" action="./+admin&subaction=editgroups&subsubaction=editgrouppriorities&dowhat=addgroup"> \t\t\t\t<label>Group Name: <input type="text" name="txtGroupName" value="" /></label><br /> \t\t\t\t<label>Group Description: <input type="text" name="txtGroupDescription" value="" /></label><br /> \t\t\t\t<label>Group Priority: <select name="selGroupPriority">{$priorityBox}</select><br /> \t\t\t\t<label><input type="checkbox" name="chkAddMe" value="addme" /> Add me to group</label><br /> \t\t\t\t<input type="submit" name="btnAddNewGroup" value="Add Group" /> \t\t\t</form> \t\t</fieldset> GROUPSFORM; return $groupsForm; } $modifiableCount = count($modifiableGroups); $groupsBox = '<select name="selEditGroups">'; for ($i = 0; $i < $modifiableCount; ++$i) { $groupsBox .= '<option value="' . $modifiableGroups[$i]['group_name'] . '">' . $modifiableGroups[$i]['group_name'] . ' - ' . $modifiableGroups[$i]['group_description'] . "</option>\n"; } $groupsBox .= '</select>'; $groupsForm = <<<GROUPSFORM \t\t<form name="groupeditform" method="POST" action="./+admin&subaction=editgroups"> \t\t\t{$groupsBox} \t\t\t<input type="submit" name="btnEditGroup" value="Edit Selected Group" /><br /><br /> \t\t\t<input type="submit" name="btnEditGroupPriorities" value="Add/Shuffle/Remove Groups" /> \t\t</form> GROUPSFORM; return $groupsForm; }