if (isset($_GET['start'])) {
$start = $_GET['start'];
}
if (!isset($start)) {
$start = 0;
}
}
/*************Display album on screen******************/
if ($albumid != 0) {
//First get check if the album exists
$sql = $data->select_query("album_track", " WHERE ID = {$albumid} AND allowed=1");
$number_albums = $data->num_rows($sql);
$album_info = $data->fetch_array($sql);
$view_album_name = censor($album_info['album_name']);
if ($number_albums == 0 && !$inarticle) {
show_message_back("No such album");
} elseif ($number_albums == 0 && $inarticle) {
$number_of_photos = 0;
} else {
if (!$inarticle) {
$pagenum = 2;
$edit = is_owner($album_info['ID'], "album") ? true : false;
$editlink = "index.php?page=mythings&cat=album&action=edit&id={$album_info['ID']}&menuid={$menuid}";
$articlesql = $data->select_query("patrol_articles", "WHERE album_id={$album_info['ID']} AND allowed=1 ORDER BY title ASC", "ID, title");
$numarticles = $data->num_rows($articlesql);
$articlelist = array();
while ($articlelist[] = $data->fetch_array($articlesql)) {
}
$tpl->assign("numarticles", $numarticles);
$tpl->assign("articlelist", $articlelist);
}
$parent = array();
while ($parent[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("forums", "WHERE id != {$fid} ORDER BY name ASC");
$numforums = $data->num_rows($sql);
$forums = array();
while ($forums[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("forumscats", "WHERE id != {$cid} ORDER BY pos ASC");
$numcats = $data->num_rows($sql);
$cats = array();
while ($cats[] = $data->fetch_array($sql)) {
}
if ($_POST['Submit'] == "Submit") {
if ($_POST['name'] == '') {
show_message_back("You need to supply a name for the forum");
exit;
}
$forumname = safesql($_POST['name'], "text");
$desc = safesql($_POST['desc'], "text");
$parent = safesql($_POST['parent'], "text");
$limit = safesql($_POST['limit'], "int");
$copypermissions = $_POST['permissions'];
$moveforum = $_POST['move'];
if ($copypermissions != 0) {
$data->delete_query("forumauths", "forum_id={$fid}");
$copy = safesql($copypermissions, "int");
$auths = $data->select_fetch_one_row("forumauths", "WHERE forum_id={$copy}");
$sql = $data->insert_query("forumauths", "{$fid}, '{$auths['new_topic']}', '{$auths['reply_topic']}', '{$auths['edit_post']}', '{$auths['delete_post']}', '{$auths['view_forum']}', '{$auths['read_topics']}', '{$auths['sticky']}', '{$auths['announce']}', '{$auths['poll']}'");
}
if ($moveforum == 0) {
} elseif ($action == "add" && pageauth("downloads", "add") == 1) {
if ($_POST['catname'] == '') {
show_message_back("You need to enter a name for the category");
exit;
}
$catname = safesql($_POST['catname'], "text");
$upauths = safesql(serialize($_POST['upload']), "text");
$downauths = safesql(serialize($_POST['download']), "text");
$sql = $data->insert_query("download_cats", "NULL, {$catname}, {$upauths}, {$downauths}");
if ($sql) {
show_admin_message("Category added", "{$pagename}");
}
$action = "";
} elseif ($action == "edit" && pageauth("downloads", "edit") == 1) {
if ($_POST['catname'] == '') {
show_message_back("You need to enter a name for the category");
exit;
}
$catname = safesql($_POST['catname'], "text");
$upauths = safesql(serialize($_POST['upload']), "text");
$downauths = safesql(serialize($_POST['download']), "text");
$sql = $data->update_query("download_cats", "name = {$catname}, upauth = {$upauths}, downauth = {$downauths}", "id = {$id}");
if ($sql) {
show_admin_message("Category updated", "{$pagename}");
}
}
}
if ($action == "view") {
$query = $data->select_query("download_cats", "WHERE id = {$id}");
$catinfo = $data->fetch_array($query);
$down_query = $data->select_query("downloads", "WHERE cat='{$id}' AND trash=0");
}
if ($sql3) {
show_admin_message("Group Updated", $pagename);
}
$action = '';
}
} elseif ($action == "Add" && pageauth("group", "add") == 1) {
$submit = $_POST['Submit'];
if ($submit == 'Submit') {
$teamname = safesql($_POST['name'], "text");
$ispatrol = safesql($_POST['patrol'], "int");
$ispublic = safesql($_POST['publicgroup'], "int");
$getpoints = safesql($_POST['points'], "int");
$copypermissions = safesql($_POST['permissions'], "int");
if ($data->num_rows($data->select_query("groups", "WHERE teamname={$teamname}")) > 0) {
show_message_back("There is already a group by that name");
exit;
}
if ($copypermissions != 0) {
$otherGroup = $data->select_fetch_one_row("groups", "WHERE id={$copypermissions}");
$normaladmin = safesql($otherGroup['normaladmin'], "text");
$agladmin = safesql($otherGroup['agladmin'], "text");
$gladmin = safesql($otherGroup['gladmin'], "text");
$sql3 = $data->insert_query("groups", "NULL, {$teamname}, {$ispatrol}, {$ispublic}, {$getpoints}, 0, {$normaladmin}, {$agladmin}, {$gladmin}");
} else {
$sql3 = $data->insert_query("groups", "NULL, {$teamname}, {$ispatrol}, {$ispublic}, {$getpoints}, 0, '', '', ''");
}
if ($ispublic == 1) {
$temp = $data->select_fetch_one_row("groups", "WHERE teamname = {$teamname}", "id");
$id = $temp['id'];
$sql = $data->select_query("static_content", "WHERE type = 1 AND pid={$id}");
$numfields = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$temp['options'] = unserialize($temp['options']);
if ($temp['type'] == 4) {
$temp2 = array();
for ($i = 1; $i <= $temp['options'][0]; $i++) {
$temp2[$i] = $_POST[$temp['name'] . $i] ? 1 : 0;
}
$custom[$temp['name']] = $temp2;
} else {
if (isset($_POST[$temp['name']])) {
$custom[$temp['name']] = $_POST[$temp['name']];
}
}
if ($custom[$temp['name']] == '' && $temp['required'] == 1 && ($temp['register'] == 1 && $_POST['type'] == 0 || $temp['register'] == 0)) {
show_message_back("The {$temp['query']} field is required.");
exit;
}
}
$custom = safesql(serialize($custom), "text");
if ($_GET['action'] == "new") {
$firstname = safesql($_POST['firstname'], "text");
$middlename = safesql($_POST['middlename'], "text");
$lastname = safesql($_POST['lastname'], "text");
$sex = safesql($_POST['sex'], "int");
$address = safesql($_POST['address'], "text");
$homenumber = safesql($_POST['homenumber'], "text");
$cellnumber = safesql($_POST['cellnumber'], "text");
$worknumber = safesql($_POST['worknumber'], "text");
$dob = safesql(strtotime($_POST['dob']), "int");
$email = safesql($_POST['email'], "text");
