function generatenexlistFieldHTML($did, $row) { global $_CONF, $_TABLES; $p = new Template($_CONF['path_layout'] . 'nexlist'); $p->set_file(array('fields' => 'definition_fields.thtml', 'field_rec' => 'definition_field_record.thtml')); $p->set_var('definition_id', $did); $p->set_var('rowid', $row); $sql = "SELECT * FROM {$_TABLES['nexlistfields']} WHERE lid='{$did}' ORDER BY id"; $FLD_query = DB_Query($sql); $numfields = DB_numrows($FLD_query); if ($numfields > 0) { $j = 1; $p->set_var('show_fields', ''); while ($FLD = DB_fetchArray($FLD_query, false)) { $edit_link = " [<a href=\"#\" onClick='editListField({$row},{$j});'>Edit</a> ]"; $del_link = " [<a href=\"#\" onClick='ajaxUpdateDefinition(\"deleteField\",{$row},{$j});'\">Delete</a> ]"; $p->set_var('field_recid', $FLD['id']); $p->set_var('field_name', $FLD['fieldname']); $p->set_var('field_value', $FLD['value_by_function']); $p->set_var('field_width', $FLD['width']); $p->set_var('field_id', $j); $p->set_var('edit_link', $edit_link); $p->set_var('delete_link', $del_link); if ($FLD['predefined_function'] == 1) { $checked = 'CHECKED'; $display_ftext = 'none'; $display_fddown = ''; $p->set_var('function_dropdown_options', nexlist_getCustomListFunctionOptions($FLD['value_by_function'])); } else { $checked = ''; $display_ftext = ''; $display_fddown = 'none'; $p->set_var('function_dropdown_options', nexlist_getCustomListFunctionOptions()); } $p->set_var('checked', $checked); $p->set_var('display_ftext', $display_ftext); $p->set_var('display_fddown', $display_fddown); if ($j == 1) { $p->parse('definition_field_records', 'field_rec'); } else { $p->parse('definition_field_records', 'field_rec', true); } $j++; } $p->parse('definition_fields', 'fields'); } else { $p->set_var('show_fields', 'none'); $p->set_var('definition_field_records', ''); } $p->parse('output', 'fields'); $html = $p->finish($p->get_var('output')); $html = htmlentities($html); return $html; }
function forum_addForum($name, $category, $dscp = "", $order = "", $grp_id = 2, $is_readonly = 0, $is_hidden = 0, $no_newposts = 0) { global $_TABLES, $_USER; DB_query("INSERT INTO {$_TABLES['forum_forums']} (forum_order,forum_name,forum_dscp,forum_cat,grp_id,is_readonly,is_hidden,no_newposts)\n VALUES ('{$order}','{$name}','{$dscp}','{$category}','{$grp_id}','{$is_readonly}','{$is_hidden}','{$no_newposts}')"); $query = DB_query("SELECT MAX(forum_id) FROM {$_TABLES['forum_forums']} "); list($forumid) = DB_fetchArray($query); $modquery = DB_query("SELECT * FROM {$_TABLES['forum_moderators']} WHERE mod_uid='{$_USER['uid']}' AND mod_forum='{$forumid}'"); if (DB_numrows($modquery) < 1) { DB_query("INSERT INTO {$_TABLES['forum_moderators']} (mod_uid,mod_username,mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick) VALUES ('{$_USER['uid']}','{$_USER[username]}', '{$forumid}','1','1','1','1','1')"); } return $forumid; }
function phpblock_shoutblock() { global $_TABLES, $_USER, $HTTP_COOKIE_VARS, $HTTP_POST_VARS, $PHP_SELF, $REMOTE_ADDR, $LANG01, $_CONF; $shout_out = ""; $wrap_width = 20; $max_stories = 5; $welcome = "Welcome to shoutbox.<p>"; $shout_out .= $welcome; if ($HTTP_POST_VARS["shout_submit"]) { $shout_name = addslashes(COM_checkWords(strip_tags($HTTP_POST_VARS["shout_name"]))); $shout_message = addslashes(COM_checkWords(strip_tags($HTTP_POST_VARS["shout_message"]))); $result = DB_query("INSERT INTO shoutbox (name,message,time)" . "VALUES (\"{$shout_name}\", \"{$shout_message}\",now() )"); } $count = DB_query("select count(*) as count from shoutbox"); $A = DB_fetchArray($count); $shout_out .= '<b>' . $A['count'] . '</b> shouts already<p>'; $result = DB_query("select * from shoutbox order by id desc limit {$max_stories}"); $nrows = DB_numrows($result); for ($i = 1; $i <= $nrows; $i++) { $A = DB_fetchArray($result); $shout_out .= '<b>' . $A['name'] . '</b>'; $thetime = COM_getUserDateTimeFormat($A['time']); $shout_time = $thetime[0]; $shout_out .= '<i> on ' . $shout_time . '</i><br>'; $shout_out .= wordwrap($A['message'], $wrap_width, "<br>", 1) . '<br><br>'; } $shout_out .= "\n<form name='shoutform' action='{$PHP_SELF}' method='post'>"; if (!empty($_USER['uid'])) { $shout_out .= '<b>Name: ' . $_USER['username'] . '</b><br>'; $shout_out .= '<input type="hidden" value="' . $_USER['username'] . '"'; } else { $shout_out .= '<b>Name: Anonymous</b><br>'; $shout_out .= '<input type="hidden" value="Anonymous"'; } $shout_out .= ' name="shout_name"><b>Message:</b>'; $shout_out .= "\n<input type='text' value='Your Message' name='shout_message' size=20 maxlength='100'><br>"; $shout_out .= "\n<input type='submit' name='shout_submit' value='Shout it!'>"; $shout_out .= "\n</form>"; return $shout_out; }
function generateTemplateVariableHTML($rec, $cntr) { global $_TABLES, $_CONF; $p = new Template($_CONF['path_layout'] . 'nexflow/admin'); $p->set_file('variables', 'template_variables.thtml'); $p->set_file('variable_rec', 'template_variable_record.thtml'); $p->set_var('template_id', $rec); $p->set_var('cntr', $cntr); $sql = "SELECT * FROM {$_TABLES['nf_templatevariables']} WHERE nf_templateID='{$rec}' ORDER BY id"; $query = DB_Query($sql); $numrows = DB_numrows($query); if ($numrows > 0) { $j = 1; $p->set_var('show_vars', ''); $p->set_var('vdivid', ''); while ($A = DB_fetchArray($query)) { $edit_link = "[ <a href=\"#\" onClick='ajaxUpdateTemplateVar(\"edit\",{$rec},{$cntr},{$j});'\">Edit</a> ]"; $del_link = "[ <a href=\"#\" onClick='ajaxUpdateTemplateVar(\"delete\",{$rec},{$cntr},{$j});'\">Delete</a> ]"; $p->set_var('variable_name', $A['variableName']); $p->set_var('variable_value', $A['variableValue']); $p->set_var('var_id', $j); $p->set_var('edit_link', $edit_link); $p->set_var('delete_link', $del_link); if ($j == 1) { $p->parse('template_variable_records', 'variable_rec'); } else { $p->parse('template_variable_records', 'variable_rec', true); } $j++; } } else { $p->set_var('show_vars', 'none'); $p->set_var('vdivid', "vars{$cntr}"); $p->set_var('template_variable_records', ''); } $p->parse('output', 'variables'); $html = $p->finish($p->get_var('output')); $html = htmlentities($html); return $html; }
$sql .= "{$_TABLES['gf_topic']}.lastupdated,{$_TABLES['gf_topic']}.replies "; $sql .= "FROM {$_TABLES['gf_topic']}, {$_TABLES['users']} "; $sql .= "WHERE forum={$A['fid']} AND pid=0 "; $sql .= "AND {$_TABLES['gf_topic']}.uid={$_TABLES['users']}.uid "; $sql .= "ORDER BY {$block5->sortingValue}"; $result = DB_query($sql); $block5->recordsTotal = DB_numrows($result); $sql = "SELECT {$_TABLES['gf_topic']}.id,{$_TABLES['gf_topic']}.pid,"; $sql .= "{$_TABLES['gf_topic']}.subject,{$_TABLES['users']}.fullname,"; $sql .= "{$_TABLES['gf_topic']}.lastupdated,{$_TABLES['gf_topic']}.replies "; $sql .= "FROM {$_TABLES['gf_topic']}, {$_TABLES['users']} "; $sql .= "WHERE forum={$A['fid']} AND pid=0 "; $sql .= "AND {$_TABLES['gf_topic']}.uid={$_TABLES['users']}.uid "; $sql .= "ORDER BY {$block5->sortingValue} LIMIT {$block5->borne},{$block5->rowsLimit}"; $result = DB_query($sql); $comptListTasks = DB_numrows($result); if ($comptListTasks != "0") { $block5->openResults(); $block5->labels($labels = array(0 => $strings["Subject"], 1 => $strings["Author"], 2 => $strings["lastUpdated"], 3 => $strings["Replies"]), "true"); for ($i = 0; $i < $comptListTasks; $i++) { list($listForum->topic[$i], $parent, $listForum->subject[$i], $listForum->author[$i], $listForum->date[$i], $listForum->replies[$i]) = DB_fetchArray($result); $block5->openRow(); $block5->checkboxRow($listForum->topic[$i]); $block5->cellRow($blockPage->buildLink($_CONF['site_url'] . "/forum/viewtopic.php?forum=" . $A[fid] . "&showtopic=" . $listForum->topic[$i], $listForum->subject[$i], "in", 'Click to View Discussion')); $block5->cellRow($listForum->author[$i]); $block5->cellRow(strftime("%Y/%m/%d %H:%M", $listForum->date[$i])); $block5->cellRow($listForum->replies[$i]); $block5->closeRow(); } $block5->closeResults(); $block5->bornesFooter("5", $blockPage->bornesNumber, "", "pid={$pid}");
/** * Delete a single image from an ad * @param boolean $admin True if this is an admin, false if not * @param string $adTable Table ID, either production or submission * @return string Error message, if any */ function imgDelete($admin = false, $adTable = 'ad_ads') { global $_TABLES, $_USER, $_CONF_ADVT; $mid = isset($_REQUEST['mid']) ? intval($_REQUEST['mid']) : 0; if (!$mid) { return "No image selected"; } if ($adTable != 'ad_ads' && $adTable != 'ad_submission') { return "Invalid ad table specified"; } // find the ad corresponding to this image. Don't trust the input. $sql = "SELECT ad_id, filename\n FROM {$_TABLES['ad_photo']} \n WHERE photo_id={$mid}"; $result = DB_query($sql, 1); if (!$result || DB_numrows($result) < 1) { return ''; } $row = DB_fetchArray($result, false); // now get the ad id. We're really just checking that the current // user is the ad's owner. $sql = "\n SELECT \n ad_id \n FROM \n {$_TABLES[$adTable]} \n WHERE \n ad_id={$row['ad_id']}\n "; // Set up base url for links here while we're checking admin status if (!$admin) { $base_url = $_CONF['site_url'] . '/' . $_CONF_ADVT['pi_name'] . '/index.php'; $sql .= "AND uid='{$_USER['uid']}'"; } else { $base_url = $_CONF['site_admin_url'] . '/plugins'; } $result = DB_query($sql, 1); if (DB_numrows($result) < 1) { return "Unauthorized Access"; } // Otherwise, this is the right owner for this ad, so delete the image // and thumbnail from the filesystem and database if (file_exists(CLASSIFIEDS_IMGPATH . '/' . $row['filename'])) { unlink(CLASSIFIEDS_IMGPATH . '/' . $row['filename']); } DB_delete($_TABLES['ad_photo'], 'photo_id', $mid); // No text returned unless there was an error return ''; }
function nexlistShowDefinitions($plugin = '', $category = '') { global $_USER, $_CONF, $_TABLES, $actionurl; $p = new Template($_CONF['path_layout'] . 'nexlist'); $p->set_file(array('page' => 'viewdefinitions.thtml', 'javascript' => 'javascript/definitions.thtml', 'def_rec' => 'definition_record.thtml', 'fields' => 'definition_fields.thtml', 'field_rec' => 'definition_field_record.thtml')); $p->set_var('actionurl', $actionurl); $p->set_var('LANG_DELCONFIRM', 'Are you sure you want to delete this definition?'); if (!SEC_hasRights('nexlist.edit')) { $p->set_var('hide_adddef', 'none'); } if ($GLOBALS['errmsg'] != '') { $p->set_var('error_msg', $GLOBALS['errmsg']); } else { $p->set_var('hide_errormsg', 'none'); } $linkoptions = ''; $imgset = $_CONF['layout_url'] . '/nexlist/images/admin/'; $view_definition_icon = $imgset . 'view.gif'; $edit_definition_icon = $imgset . 'edit.gif'; $del_definition_icon = $imgset . 'delete.gif'; $copy_definition_icon = $imgset . 'copy.gif'; $editDefLink = '<a id="edefinition_%s" href="#" onClick="return false;"><img src="' . $imgset . 'edit.gif" border="0" TITLE="Edit Definition"></a>'; $copyDefLink = '<a href="' . $actionurl . '?op=copy_def&listid=%s"><img src="' . $copy_definition_icon . '" border="0" TITLE="Copy Definition"></a>'; $delDefLink = '<a href="' . $actionurl . '?op=delete_def&listid=%s"><img src="' . $del_definition_icon . '" border="0" TITLE="Delete Definition"></a>'; $sql = "SELECT * FROM {$_TABLES['nexlist']} "; if ($plugin != '') { $sql .= " WHERE plugin='{$plugin}' "; $p->set_var('show_plugin', 'none'); $p->set_var('pluginmode', $plugin); $linkoptions = "&pluginmode={$plugin}"; if ($category != '') { $sql .= "AND category='{$category}'"; $p->set_var('show_category', 'none'); $p->set_var('new_category', $category); $p->set_var('catmode', $category); $linkoptions .= "&catmode={$category}"; } } elseif ($category != '') { $sql .= "WHERE category='{$category}'"; $p->set_var('show_category', 'none'); $p->set_var('new_category', $category); $p->set_var('catmode', $category); $linkoptions = "&catmode={$category}"; } $chk_editperms = true; if (!SEC_inGroup('Root', $uid)) { $GROUPS = SEC_getUserGroups($_USER['uid']); if ($plugin != '') { $sql .= ' AND '; } else { $sql .= ' WHERE '; } $sql .= "view_perms IN (" . implode(',', $GROUPS) . ") "; } $sql .= " ORDER BY name"; $DEF_query = DB_query($sql); $new_plugin_options = '<option value="all">All Plugins</option>'; $query = DB_query("SELECT pi_name FROM {$_TABLES['plugins']}"); while (list($pi_name) = DB_fetchArray($query)) { $new_plugin_options .= '<option value="' . $pi_name . '">' . $pi_name . '</option>'; } $p->set_var('new_editperms', COM_optionList($_TABLES['groups'], 'grp_id,grp_name')); $p->set_var('new_plugin_options', $new_plugin_options); $i = 1; $max_numfields = 0; $p->set_var('num_records', DB_numRows($DEF_query)); while ($DEF = DB_fetchArray($DEF_query)) { $plugin_options = '<option value="all">All Plugins</option>'; $query = DB_query("SELECT pi_name FROM {$_TABLES['plugins']}"); while (list($pi_name) = DB_fetchArray($query)) { if ($pi_name == $DEF['plugin']) { $plugin_options .= '<option value="' . $pi_name . '" SELECTED=selected>' . $pi_name . '</option>'; } else { $plugin_options .= '<option value="' . $pi_name . '">' . $pi_name . '</option>'; } } $p->set_var('rowid', $i); $p->set_var('cssid', $i % 2 + 1); $p->set_var('definition_id', $DEF['id']); $p->set_var('definition_name', $DEF['name']); $p->set_var('plugin', $DEF['plugin']); $p->set_var('plugin_options', $plugin_options); $p->set_var('category', $DEF['category']); $p->set_var('description', nl2br($DEF['description'])); $view_definition_url = $actionurl . '?op=list_def&listid=' . $DEF['id']; $p->set_var('view_definition_url', $view_definition_url . $linkoptions); $p->set_var('view_definition_icon', $view_definition_icon); if (SEC_inGroup($DEF['edit_perms'])) { $p->set_var('editperms_link', sprintf($editDefLink, $i)); $p->set_var('copyperms_link', sprintf($copyDefLink, $DEF['id'])); $p->set_var('delperms_link', sprintf($delDefLink, $DEF['id'])); $p->set_var('edit_description', $DEF['description']); $p->set_var('viewperms', COM_optionList($_TABLES['groups'], 'grp_id,grp_name', $DEF['view_perms'])); $p->set_var('editperms', COM_optionList($_TABLES['groups'], 'grp_id,grp_name', $DEF['edit_perms'])); $p->set_var('editdef_link', '<a href="#" onClick="editDefinition(' . $i . ');return false;">Edit Details</a>'); } else { $p->set_var('editperms_link', ''); $p->set_var('copyperms_link', ''); $p->set_var('delperms_link', ''); $p->set_var('editdef_link', ''); } $sql = "SELECT * FROM {$_TABLES['nexlistfields']} WHERE lid='{$DEF['id']}' ORDER BY id"; $FLD_query = DB_Query($sql); $numfields = DB_numrows($FLD_query); $max_numfields = $numfields > $max_numfields ? $numfields : $max_numfields; if ($numfields > 0) { $j = 1; $p->set_var('show_fields', ''); $p->set_var('num_fields', $numfields); while ($FLD = DB_fetchArray($FLD_query, false)) { $edit_link = " [<a href=\"#\" onClick='editListField({$i},{$j});return false;'>Edit</a> ]"; $del_link = " [<a href=\"#\" onClick='ajaxUpdateDefinition(\"deleteField\",{$i},{$j});'\">Delete</a> ]"; $p->set_var('field_recid', $FLD['id']); $p->set_var('field_name', $FLD['fieldname']); $p->set_var('field_value', $FLD['value_by_function']); $p->set_var('field_width', $FLD['width']); $p->set_var('field_id', $j); if ($FLD['predefined_function'] == 1) { $checked = 'CHECKED'; $display_ftext = 'none'; $display_fddown = ''; $p->set_var('function_dropdown_options', nexlist_getCustomListFunctionOptions($FLD['value_by_function'])); } else { $checked = ''; $display_ftext = ''; $display_fddown = 'none'; $p->set_var('function_dropdown_options', nexlist_getCustomListFunctionOptions()); } $p->set_var('checked', $checked); $p->set_var('display_ftext', $display_ftext); $p->set_var('display_fddown', $display_fddown); $p->set_var('edit_link', $edit_link); $p->set_var('delete_link', $del_link); if ($j == 1) { $p->parse('definition_field_records', 'field_rec'); } else { $p->parse('definition_field_records', 'field_rec', true); } $j++; } $p->parse('definition_fields', 'fields'); } else { $p->set_var('show_fields', 'none'); $p->set_var('definition_field_records', ''); $p->parse('definition_fields', 'fields'); } $p->parse('definition_records', 'def_rec', true); $i++; } $p->set_var('max_numfields', $max_numfields); $p->parse('javascript_code', 'javascript'); $p->parse('output', 'page'); return $p->finish($p->get_var('output')); }
function prj_drawProjectTasksGanttBar(&$graph, &$row, &$count, $pid = 0, $nameIndent = '', $tid = 0, $sampleCounting = 0, $sm, $stm) { global $_TABLES, $_CONF, $showMonitor, $showTeamMember, $userid, $_PRJCONF, $filterCSV; $sql = 'SELECT tid,name,start_date, estimated_end_date,parent_task, progress, progress_id '; $sql .= "FROM {$_TABLES['prj_tasks']} "; if ($pid == 0) { $sql .= 'WHERE pid=0 '; } else { $sql .= "WHERE pid='{$pid}' "; } $sql .= "and parent_task={$tid} "; if ($filterCSV != '') { $sql .= "AND {$_TABLES['prj_tasks']}.pid in ({$filterCSV}) "; } $sql .= ' ORDER BY lhs ASC'; $result = DB_query($sql, true); $testnumrows = DB_numRows($result); if ($testnumrows == 0) { //this is to help overcome any COOKIE issues with the filtercsv $sql = 'SELECT tid,name,start_date, estimated_end_date,parent_task, progress, progress_id '; $sql .= "FROM {$_TABLES['prj_tasks']} "; if ($pid == 0) { $sql .= 'WHERE pid=0 '; } else { $sql .= "WHERE pid='{$pid}' "; } $sql .= "and parent_task={$tid} "; $sql .= ' ORDER BY lhs ASC'; $result = DB_query($sql); } for ($j = 0; $j < DB_numrows($result); $j++) { list($tid, $name, $startdate, $enddate, $parent_task, $progress, $status) = DB_fetchArray($result); $permsArray = prj_getProjectPermissions($pid, $userid, $tid); $ownertoken = getTaskToken($tid, $userid, "{$_TABLES['prj_task_users']}", "{$_TABLES['prj_tasks']}"); if ($sm == '1' && $stm == '1') { // all projects if ($permsArray['monitor'] == '1' || $permsArray['teammember'] == '1' || $ownertoken != 0) { $name = html_entity_decode($name); $strdate = strftime("%Y/%m/%d", $startdate); $edate = strftime("%Y/%m/%d", $enddate); $sql = "SELECT c.fullname "; $sql .= "FROM {$_TABLES['prj_task_users']} a "; $sql .= "INNER JOIN {$_TABLES['prj_tasks']} b on a.tid=b.tid "; $sql .= "INNER JOIN {$_TABLES['users']} c on a.uid=c.uid "; $sql .= "WHERE a.role='o' AND a.tid={$tid} "; $result2 = DB_query($sql); list($owner) = DB_fetchArray($result2); $link = $_CONF['site_url'] . "/nexproject/viewproject.php?mode=view&id=" . $tid; $count = $count + 1; if (strlen($name) > $_PRJCONF['project_name_length']) { $name = substr($name, 0, $_PRJCONF['project_name_length']); $name .= "..."; } $name = $nameIndent . $name; if ($strdate == $edate) { $milestone = new Milestone($row, $name, $strdate); $milestone->mark->SetType(MARK_DIAMOND); $graph->Add($milestone); } else { $taskActivity = new GanttBar($count, $name, "{$strdate}", "{$edate}", ""); if ($status == 0) { // Yellow diagonal line pattern on a red background $taskActivity->SetPattern(BAND_RDIAG, "green"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } elseif ($status == 1) { $taskActivity->SetPattern(BAND_RDIAG, "yellow"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } else { $taskActivity->SetPattern(BAND_RDIAG, "red"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } $taskActivity->caption->SetFont(FF_FONT1, FS_NORMAL, 10); $taskActivity->caption->SetColor('black'); $taskActivity->caption->Set($name); // Set absolute height $taskActivity->SetHeight(10); $taskActivity->progress->Set($progress / 100); // Specify progress $taskActivity->SetCSIMTarget("{$link}"); $taskActivity->SetCSIMAlt($progress . "% completed"); $tempval = $_GET['expanded']; $tempval2 = $_SERVER['PHP_SELF']; $taskActivity->title->SetCSIMTarget(""); $taskActivity->title->SetCSIMAlt($progress . "% completed"); $qconstraints = DB_query("SELECT tid FROM {$_TABLES['prj_tasks']} WHERE parent_task='{$tid}' ORDER BY lhs ASC"); $numconstraints = DB_numRows($qconstraints); for ($c = 1; $c <= $numconstraints; $c++) { //$taskActivity->SetConstrain($row+$c,CONSTRAIN_STARTSTART,"maroon4"); } // Add line to Gantt Chart if (!$sampleCounting) { $graph->Add($taskActivity); } } $row++; } } else { // my projects if ($ownertoken != 0) { $name = html_entity_decode($name); $strdate = strftime("%Y/%m/%d", $startdate); $edate = strftime("%Y/%m/%d", $enddate); $sql = "SELECT c.fullname "; $sql .= "FROM {$_TABLES['prj_task_users']} a "; $sql .= "INNER JOIN {$_TABLES['prj_tasks']} b on a.tid=b.tid "; $sql .= "INNER JOIN {$_TABLES['users']} c on a.uid=c.uid "; $sql .= "WHERE a.role='o' AND a.tid={$tid}"; $result2 = DB_query($sql); list($owner) = DB_fetchArray($result2); $link = $_CONF['site_url'] . "/nexproject/viewproject.php?mode=view&id=" . $tid; $count = $count + 1; if (strlen($name) > $_PRJCONF['project_name_length']) { $name = substr($name, 0, $_PRJCONF['project_name_length']); $name .= "..."; } $name = $nameIndent . $name; if ($strdate == $edate) { $milestone = new Milestone($row, $name, $strdate); $milestone->mark->SetType(MARK_DIAMOND); $graph->Add($milestone); } else { $taskActivity = new GanttBar($count, $name, "{$strdate}", "{$edate}", ""); if ($status == 0) { // Yellow diagonal line pattern on a red background $taskActivity->SetPattern(BAND_RDIAG, "green"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } elseif ($status == 1) { $taskActivity->SetPattern(BAND_RDIAG, "yellow"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } else { $taskActivity->SetPattern(BAND_RDIAG, "red"); $taskActivity->progress->SetPattern(GANTT_RDIAG, "black"); $taskActivity->progress->SetFillColor("white"); } $taskActivity->caption->SetFont(FF_FONT1, FS_NORMAL, 10); $taskActivity->caption->SetColor('black'); $taskActivity->caption->Set($name); // Set absolute height $taskActivity->SetHeight(10); $taskActivity->progress->Set($progress / 100); // Specify progress $taskActivity->SetCSIMTarget("{$link}"); $taskActivity->SetCSIMAlt($progress . "% completed"); $tempval = $_GET['expanded']; $tempval2 = $_SERVER['PHP_SELF']; $taskActivity->title->SetCSIMTarget(""); $taskActivity->title->SetCSIMAlt($progress . "% completed"); $qconstraints = DB_query("SELECT tid FROM {$_TABLES['prj_tasks']} WHERE parent_task='{$tid}' ORDER BY lhs ASC"); $numconstraints = DB_numRows($qconstraints); for ($c = 1; $c <= $numconstraints; $c++) { //$taskActivity->SetConstrain($row+$c,CONSTRAIN_STARTSTART,"maroon4"); } // Add line to Gantt Chart if (!$sampleCounting) { $graph->Add($taskActivity); } } $row++; } } if (DB_count($_TABLES['prj_tasks'], 'parent_task', $tid) > 0) { prj_drawProjectTasksGanttBar($graph, $row, $count, $pid, $nameIndent . " ", $tid, $sampleCounting, $sm, $stm); } } //end for }
$selCategory = ''; foreach ($categories as $key => $value) { $selected = in_array($key, $selectedCategories) === true ? ' selected' : ''; $selCategory .= "<option value=\"{$key}\"{$selected}>{$value}</option>"; } $objectives = nexlistOptionList('alist', '', $_PRJCONF['nexlist_objective']); $selectedObjectives = explode(",", $filter['objective']); $selObjective = ''; foreach ($objectives as $key => $value) { $selected = in_array($key, $selectedObjectives) === true ? ' selected' : ''; $selObjective .= "<option value=\"{$key}\"{$selected}>{$value}</option>"; } // Display filter selection section $sqlFilter = "SELECT flid, name FROM {$_TABLES['prj_filters']} WHERE uid = {$_USER['uid']}"; $result = DB_query($sqlFilter); $numFilters = DB_numrows($result); echo '<table width="100%" border="0" cellpadding="1" cellspacing="1"><tr><td class="heading2" colspan="2" align="left">Select by your Saved Filters</TD></tr><tr>'; if ($numFilters != "0") { echo '<td><form action="' . $PHP_SELF . '" method="post"><select name="selFilter" Style="width:200px">'; while (list($flid, $fname) = DB_fetchARRAY($result)) { echo '<option value="' . $flid . '"'; if ($flid == $selFilter) { echo ' SELECTED'; } echo '>' . $fname . '</option>'; } echo '</select><input type="submit" name="submit" value="Edit"><input type="submit" name="submit" value="Delete"></form></td>'; } echo '<td><form action="' . $PHP_SELF . '" method="post">New: <Input Type="text" Name="name"><input type="submit" name="submit" value="New"></form></td></tr></table>'; if (intval($selFilter) > 0) { echo '<form action="' . $PHP_SELF . '" method="post">
$modForum = COM_applyFilter($modForum, true); $modquery = DB_query("SELECT * FROM {$_TABLES['forum_moderators']} WHERE mod_uid='{$modMemberUID}' AND mod_forum='{$modForum}'"); if (DB_numrows($modquery) == 1) { DB_query("DELETE FROM {$_TABLES['forum_moderators']} WHERE mod_uid='{$modMemberUID}' AND mod_forum='{$modForum}'"); } $fields = 'mod_username,mod_uid,mod_groupid, mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick'; $values = "'{$modMemberName}','{$modMemberUID}','0', '{$modForum}','{$mod_delete}','{$mod_ban}','{$mod_edit}','{$mod_move}','{$mod_stick}'"; DB_query("INSERT INTO {$_TABLES['forum_moderators']} ({$fields}) VALUES ({$values})"); } } } elseif ($_POST['modtype'] == 'group' and $_POST['sel_group'] > 0) { $modGroupid = COM_applyfilter($_POST['sel_group'], true); foreach ($_POST['sel_forum'] as $modForum) { $modForum = COM_applyFilter($modForum, true); $modquery = DB_query("SELECT * FROM {$_TABLES['forum_moderators']} WHERE mod_groupid='{$modGroupid}' AND mod_forum='{$modForum}'"); if (DB_numrows($modquery) == 1) { DB_query("DELETE FROM {$_TABLES['forum_moderators']} WHERE mod_groupid='{$modGroupid}' AND mod_forum='{$modForum}'"); } $fields = 'mod_username,mod_uid,mod_groupid, mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick'; $values = "'','0','{$modGroupid}', '{$modForum}','{$mod_delete}','{$mod_ban}','{$mod_edit}','{$mod_move}','{$mod_stick}'"; DB_query("INSERT INTO {$_TABLES['forum_moderators']} ({$fields}) VALUES ({$values})"); } } } } header("Location: mods.php"); exit; break; } // MAIN $filtermode = isset($_POST['filtermode']) ? COM_applyFilter($_POST['filtermode']) : '';
function ff_addForum($name, $category, $dscp = "", $order = "", $grp_id = 2, $is_readonly = 0, $is_hidden = 0, $no_newposts = 0, $attachmentgroup = 1) { global $_TABLES, $_USER; $fields = 'forum_order,forum_name,forum_dscp,forum_cat,grp_id,is_readonly,is_hidden,no_newposts,use_attachment_grpid,rating_view,rating_post'; if (empty($name) || $name == '') { return false; } DB_query("INSERT INTO {$_TABLES['ff_forums']} ({$fields})\n VALUES ('{$order}','{$name}','{$dscp}','{$category}','{$grp_id}','{$is_readonly}','{$is_hidden}','{$no_newposts}',{$attachmentgroup},0,0)"); $query = DB_query("SELECT max(forum_id) FROM {$_TABLES['ff_forums']} "); list($forumid) = DB_fetchArray($query); $modquery = DB_query("SELECT * FROM {$_TABLES['ff_moderators']} WHERE mod_uid='{$_USER['uid']}' AND mod_forum='{$forumid}'"); if (DB_numrows($modquery) < 1) { $fields = 'mod_uid,mod_username,mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick'; DB_query("INSERT INTO {$_TABLES['ff_moderators']} ({$fields}) VALUES ('{$_USER['uid']}','{$_USER['username']}', '{$forumid}','1','1','1','1','1')"); } return $forumid; }
function prj_drawGanttBar(&$graph, $pid, $tid = 0, &$row, &$count) { global $_TABLES, $_CONF, $_PRJCONF; $sql = "SELECT tid,name,start_date, estimated_end_date,parent_task, progress, progress_id "; $sql .= "FROM {$_TABLES['prj_tasks']} "; if ($tid == 0) { $sql .= "WHERE pid={$pid} AND parent_task=0 ORDER BY lhs ASC"; } else { $sql .= "WHERE parent_task='{$tid}' ORDER BY lhs ASC"; } $result = DB_query($sql); for ($j = 0; $j < DB_numrows($result); $j++) { list($tid, $name, $startdate, $enddate, $parent_task, $progress, $status) = DB_fetchArray($result); $name = html_entity_decode($name); $strdate = strftime("%Y/%m/%d", $startdate); $edate = strftime("%Y/%m/%d", $enddate); $sql = "SELECT fullname FROM {$_TABLES['users']}, {$_TABLES['prj_task_users']} "; $sql .= "WHERE {$_TABLES['prj_task_users']}.tid={$tid} AND {$_TABLES['prj_task_users']}.uid={$_TABLES['users']}.uid"; $result2 = DB_query($sql); list($owner) = DB_fetchArray($result2); $link = $_CONF['site_url'] . "/nexproject/viewproject.php?mode=view&id=" . $tid; $count = $count + 1; //echo "<br>Count:$count, row:$row"; //$constrains[$j]=array($count, $parentcount, "CONSTRAIN_STARTEND"); if (strlen($name) > $_PRJCONF['project_name_length']) { $name = substr($name, 0, $_PRJCONF['project_name_length']); $name .= "..."; } if ($strdate == $edate) { $milestone = new Milestone($row, $name, $strdate); $milestone->mark->SetType(MARK_DIAMOND); $graph->Add($milestone); } else { $activity = new GanttBar($count, "{$name}", "{$strdate}", "{$edate}", "{$owner}"); if ($status == 0) { // Yellow diagonal line pattern on a red background $activity->SetPattern(GANTT_SOLID, "darkgreen"); $activity->progress->SetPattern(GANTT_RDIAG, "black"); $activity->progress->SetFillColor("white"); } elseif ($status == 1) { $activity->SetPattern(GANTT_SOLID, "yellow"); $activity->progress->SetPattern(GANTT_RDIAG, "black"); $activity->progress->SetFillColor("white"); } else { $activity->SetPattern(GANTT_SOLID, "red"); $activity->progress->SetPattern(GANTT_RDIAG, "black"); $activity->progress->SetFillColor("white"); } // Set absolute height $activity->SetHeight(10); $activity->progress->Set($progress / 100); // Specify progress $activity->SetCSIMTarget("{$link}"); $activity->SetCSIMAlt($progress . "% completed"); $activity->title->SetCSIMTarget("{$link}"); $activity->title->SetCSIMAlt($progress . "% completed"); $qconstraints = DB_query("SELECT tid FROM {$_TABLES['prj_tasks']} WHERE parent_task='{$tid}' ORDER BY lhs ASC"); $numconstraints = DB_numRows($qconstraints); for ($c = 1; $c <= $numconstraints; $c++) { $activity->SetConstrain($row + $c, CONSTRAIN_STARTSTART, "maroon4"); } // Add line to Gnatt Chart $graph->Add($activity); } $row++; if (DB_count($_TABLES['prj_tasks'], 'parent_task', $tid) > 0) { prj_drawGanttBar($graph, $pid, $tid, $row, $count); } } }
/** * Send an email to all subscribers for the ad's category, or any * parent category. * * Email is only sent if the ad is approved and a notification * hasn't already been sent. * * @param int $ad_id ID number of ad */ function catNotify($ad_id = '') { global $_TABLES, $_CONF, $_CONF_ADVT; // require a valid ad ID $ad_id = COM_sanitizeID($ad_id); if ($ad_id == '') { return; } // retrieve the ad info. $result = DB_query("SELECT \n * \n FROM \n {$_TABLES['ad_ads']} \n WHERE \n ad_id='{$ad_id}'"); if (!$result || DB_numrows($result) < 1) { return; } $adinfo = DB_fetchArray($result); // check approval status and whether a notification was already sent. if ($adinfo['sentnotify'] == 1) { return; } $cat = (int) $adinfo['cat_id']; $subject = trim($adinfo['subject']); $descript = trim($adinfo['descript']); $price = trim($adinfo['price']); // Collect all the parent categories into a comma-separated list, and // find all the subscribers in any of the categories $catlist = CLASSIFIEDS_ParentCatList($cat); $sql = "SELECT \n uid \n FROM \n {$_TABLES['ad_notice']} \n WHERE cat_id IN ({$catlist})"; $notice = @DB_query($sql); if (!$notice) { return; } // send the notification to subscribers while ($row = DB_fetchArray($notice)) { $result = DB_query("\n SELECT \n username, email, language\n FROM \n {$_TABLES['users']} \n WHERE \n uid='{$row['uid']}'\n "); if (!$result) { continue; } $name = DB_fetchArray($result); // Select the template for the message $template_dir = CLASSIFIEDS_PI_PATH . '/templates/notify/' . $name['language']; if (!file_exists($template_dir . '/subscriber.thtml')) { $template_dir = CLASSIFIEDS_PI_PATH . '/templates/notify/english'; } // Load the recipient's language. $LANG_ADVT is *not* global here // to avoid overwriting the global language strings. $LANG = plugin_loadlanguage_classifieds($name['language']); $T = new Template($template_dir); $T->set_file('message', 'subscriber.thtml'); //$ad_type = ($adinfo['forsale'] == 1) ? // $LANG['forsale'] : $LANG['wanted']; //$ad_type = CLASSIFIEDS_getAdTypeString($adinfo['ad_type']); $ad_type = AdType::GetDescription($adinfo['ad_type']); $T->set_var('site_url', $_CONF['site_url']); $T->set_var('site_name', $_CONF['site_name']); $T->set_var('cat', CLASSIFIEDS_BreadCrumbs($cat), false); $T->set_var('subject', $subject); $T->set_var('description', $descript); $T->set_var('username', COM_getDisplayName($row['uid'])); $T->set_var('ad_url', "{$_CONF['site_url']}/{$_CONF_ADVT['pi_name']}/index.php?mode=detail&id={$ad_id}"); $T->set_var('price', $price); $T->set_var('ad_type', $ad_type); $T->parse('output', 'message'); $message = $T->finish($T->get_var('output')); COM_mail($name['email'], "{$LANG['new_ad_listing']} {$_CONF['site_name']}", $message, "{$_CONF['site_name']} <{$_CONF['site_mail']}>", true); } // update the ad's flag to indicate that a notification has been sent @DB_query("\n UPDATE\n {$_TABLES['ad_ads']} \n SET\n sentnotify=1\n WHERE\n ad_id='{$ad_id}'\n "); }
DB_query("INSERT INTO {$_TABLES['nxfile_access']} (catid,uid,view, upload, upload_direct, upload_ver, approval, admin) VALUES ('{$newcid}','{$uid}','1','1','1','1','1','1')"); if ($is_private_project_flag == 'N') { DB_query("INSERT INTO {$_TABLES['nxfile_access']} (catid,grp_id, view, upload, upload_direct, upload_ver, approval, admin) VALUES ('{$newcid}','2','1','0','0','0','0','0')"); } } else { $errmsg = $catresult['1']; } } // Create Discussion Board if ($is_using_forum_flag == 'Y') { DB_query("INSERT INTO {$_TABLES['gf_forums']} (forum_order,forum_name,forum_dscp,forum_cat,grp_id) VALUES ('0','{$name}','{$description}','{$_PRJCONF['forum_parent']}','2')"); $newfid = DB_insertId(); $uid = $_USER['uid']; DB_query("UPDATE {$_TABLES['prj_projects']} SET fid={$newfid} WHERE pid={$lastid}"); $modquery = DB_query("SELECT * FROM {$_TABLES['gf_moderators']} WHERE mod_username='******'username']}' AND mod_forum='{$forumid}'"); if (DB_numrows($modquery) < 1) { DB_query("INSERT INTO {$_TABLES['gf_moderators']} (mod_username,mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick) VALUES ('{$_USER['username']}', '{$forumid}','1','1','1','1','1')"); } } // Copy the Project Resources $results1 = DB_query("SELECT uid FROM {$_TABLES['prj_users']} WHERE pid={$id}"); $nrows = DB_numRows($results1); if ($nrows != "0") { for ($i = 0; $i < $nrows; $i++) { list($adduid) = DB_fetchArray($results1); $currentuid = $_USER['uid']; if ($adduid != $currentuid) { DB_query("INSERT INTO {$_TABLES['prj_users']} (pid, uid, role) VALUES ({$lastid}, {$adduid}, 'r')"); if ($is_using_docmgmt_flag == 'Y') { DB_query("INSERT INTO {$_TABLES['nxfile_access']} (catid,uid,view, upload, upload_direct, upload_ver, approval, admin) VALUES ('{$newcid}','{$adduid}','1','1','0','0','0','0')"); }
function AT_loadTags() { global $_TABLES, $_AM_CONF; $A = array(); $sql = "SELECT * FROM {$_TABLES['autotags']} WHERE is_enabled = 1"; $result = DB_query($sql, 1); $rows = DB_numrows($result); $allow_php = $_AM_CONF['allow_php'] == 1 ? true : false; for ($i = 0; $i < $rows; ++$i) { $R = DB_fetchArray($result); $isfunction = $R['is_function'] == 1 ? true : false; if (!$isfunction or $isfunction and $allow_php) { $A[$R['tag']] = $R; } } return $A; }
function prj_displayMyProjectTasks(&$blockPage) { global $_TABLES, $_CONF, $_USER, $_COOKIE, $subTaskImg, $progress, $priority, $strings, $labels, $_PRJCONF; $limitbase = $_COOKIE['alltasksmin']; if ($limitbase == '') { $limitbase = 0; } $useThisTIDforAjax = 0; $filterCSV = COM_applyFilter($_COOKIE['filterTasks']); if ($blockPage == NULL or $blockPage == '') { $blockPage = new block(); } $block2 = new block(); if ($msg != "") { require_once "includes/messages.php"; $blockPage->messagebox($msgLabel); } if (!isset($_USER['uid']) or $_USER['uid'] == "") { $uid = 1; } else { $uid = $_USER['uid']; } //my tasks $blockPage->bornesNumber = "2"; $block2 = new block(); $block2->form = "taP"; $block2->openForm($_CONF['site_url'] . "/nexproject/index.php?" . "#" . $block2->form . "Anchor"); $headingTitle = $strings['my_tasks']; $headingStatusArea = '<span id="ajaxstatus_tasks" class="pluginInfo" style="display:none"> </span>'; $block2->headingToggle($headingTitle, $headingStatusArea); $block2->borne = $blockPage->returnBorne("2"); $block2->rowsLimit = $_PRJCONF['task_block_rows']; $lim = $limitbase * $block2->rowsLimit; echo '<!--startMyTasks-->'; echo '<div id="divMyTasks">'; $sql = "SELECT {$_TABLES['prj_tasks']}.tid FROM {$_TABLES['prj_tasks']}, {$_TABLES['prj_task_users']}, {$_TABLES['users']} "; $sql .= "WHERE {$_TABLES['prj_task_users']}.uid={$uid} AND {$_TABLES['prj_task_users']}.tid={$_TABLES['prj_tasks']}.tid "; $sql .= "AND {$_TABLES['prj_task_users']}.uid={$_TABLES['users']}.uid AND {$_TABLES['prj_task_users']}.uid={$uid} "; $sql .= "AND {$_TABLES['prj_task_users']}.role='o' AND {$_TABLES['prj_tasks']}.status_id in (0,3) "; $result = DB_query($sql); $block2->recordsTotal = DB_numrows($result); $lim = $limitbase * $block2->rowsLimit; $sql = "SELECT {$_TABLES['prj_tasks']}.tid,{$_TABLES['prj_tasks']}.progress_id, {$_TABLES['prj_projects']}.name, "; $sql .= "{$_TABLES['prj_tasks']}.priority_id, {$_TABLES['prj_tasks']}.name, {$_TABLES['prj_tasks']}.estimated_end_date, "; $sql .= "{$_TABLES['prj_tasks']}.start_date, {$_TABLES['prj_tasks']}.pid FROM {$_TABLES['prj_tasks']}, "; $sql .= "{$_TABLES['prj_task_users']}, {$_TABLES['users']}, {$_TABLES['prj_projects']} "; $sql .= "WHERE {$_TABLES['prj_task_users']}.uid={$uid} AND {$_TABLES['prj_task_users']}.tid={$_TABLES['prj_tasks']}.tid "; $sql .= "AND {$_TABLES['prj_task_users']}.uid={$_TABLES['users']}.uid AND {$_TABLES['prj_task_users']}.role='o' "; $sql .= "AND {$_TABLES['prj_task_users']}.uid={$uid} AND {$_TABLES['prj_tasks']}.pid={$_TABLES['prj_projects']}.pid "; $sql .= "AND {$_TABLES['prj_tasks']}.status_id in (0,3) "; if ($filterCSV != '') { $sql .= "AND {$_TABLES['prj_tasks']}.pid in ({$filterCSV})"; } $sql .= " ORDER BY {$_TABLES['prj_tasks']}.estimated_end_date "; $sql .= " LIMIT {$lim}, {$block2->rowsLimit} "; $result = DB_query($sql, true); $comptListTasks = DB_numrows($result); if ($result == FALSE) { //remove the filterCSV as there might be a cookie issue with it... $sql = "SELECT {$_TABLES['prj_tasks']}.tid,{$_TABLES['prj_tasks']}.progress_id, {$_TABLES['prj_projects']}.name, "; $sql .= "{$_TABLES['prj_tasks']}.priority_id, {$_TABLES['prj_tasks']}.name, {$_TABLES['prj_tasks']}.estimated_end_date, "; $sql .= "{$_TABLES['prj_tasks']}.start_date, {$_TABLES['prj_tasks']}.pid FROM {$_TABLES['prj_tasks']}, "; $sql .= "{$_TABLES['prj_task_users']}, {$_TABLES['users']}, {$_TABLES['prj_projects']} "; $sql .= "WHERE {$_TABLES['prj_task_users']}.uid={$uid} AND {$_TABLES['prj_task_users']}.tid={$_TABLES['prj_tasks']}.tid "; $sql .= "AND {$_TABLES['prj_task_users']}.uid={$_TABLES['users']}.uid AND {$_TABLES['prj_task_users']}.role='o' "; $sql .= "AND {$_TABLES['prj_task_users']}.uid={$uid} AND {$_TABLES['prj_tasks']}.pid={$_TABLES['prj_projects']}.pid "; $sql .= "AND {$_TABLES['prj_tasks']}.status_id in (0,3) "; $sql .= " ORDER BY {$_TABLES['prj_tasks']}.estimated_end_date "; $sql .= " LIMIT {$lim}, {$block2->rowsLimit} "; $result = DB_query($sql); $comptListTasks = DB_numrows($result); } if ($comptListTasks != "0") { $block2->openResults(false); $block2->labels($labels = array(0 => $strings["task"], 1 => $strings["priority"], 2 => $strings["project"], 3 => $strings["start_date"], 4 => $strings["estimated_end_date"]), "true"); for ($i = 0; $i < DB_numrows($result); $i++) { list($tid, $idProgress, $projectname, $idPriority, $taskname, $estenddate, $startdate, $pid) = DB_fetchArray($result); $full_projectname = $projectname; $full_taskname = $taskname; if (strlen($taskname) > 25) { $taskname = substr($taskname, 0, 25) . "...."; } if (strlen($projectname) > 20) { $projectname = substr($projectname, 0, 20) . "...."; } $block2->openRow(); //$block2->checkboxRow($pid); $block2->cellProgress($progress[$idProgress]); $block2->cellRow($blockPage->buildLink("{$_CONF['site_url']}/nexproject/viewproject.php?mode=view&id={$tid}", $taskname, "mytaskcontext", $full_taskname, '', $tid)); $block2->cellRow($priority[$idPriority]); $block2->cellRow($blockPage->buildLink("{$_CONF['site_url']}/nexproject/viewproject.php?pid={$pid}", $projectname, "context", $full_projectname, $pid)); $block2->cellRow(strftime("%Y/%m/%d", $startdate)); $block2->cellRow(strftime("%Y/%m/%d", $estenddate)); $block2->closeRow(); } $block2->closeResults(); $pages = intval($block2->recordsTotal / $block2->rowsLimit); if (fmod($block2->recordsTotal, $block2->rowsLimit) > 0) { $pages += 1; } if ($pages > 1) { for ($pagecntr = 0; $pagecntr < $pages; $pagecntr++) { echo '<span style="text-decoration:underline;cursor: hand" onclick=\'setCookie("alltasksmin","'; echo $pagecntr; echo '","","");prj_getMyTasks("myprj_refresh", "' . $useThisTIDforAjax . '" )\'>'; if ($limitbase == $pagecntr) { echo '<span style="color:red">'; echo $pagecntr + 1; echo '</span>'; } else { echo $pagecntr + 1; } echo '</span> '; } echo ' <span style="text-decoration:underline;cursor: hand" TITLE="Return to page 1" onclick=\'setCookie("alltasksmin","","","");prj_getMyTasks("myprj_refresh", "' . $useThisTIDforAjax . '" )\'>'; echo '<<</span>'; } } else { $block2->noresults(); } echo '</div>'; echo '<!--endMyTasks-->'; echo '<input type=hidden name=pid value=' . $pid . '>'; $block2->closeToggle(); $block2->closeFormResults(); }
function board_add_forum_save() { global $_CONF, $_TABLES, $_USER, $_FF_CONF, $LANG_GF93; $retval = false; $statusText = array(); $numErrors = 0; $category = isset($_POST['category']) ? COM_applyFilter($_POST['category'], true) : 0; $name = isset($_POST['name']) ? $_POST['name'] : ''; $dscp = isset($_POST['dscp']) ? $_POST['dscp'] : ''; $is_readonly = isset($_POST['is_readonly']) ? COM_applyFilter($_POST['is_readonly'], true) : 0; $is_hidden = isset($_POST['is_hidden']) ? COM_applyFilter($_POST['is_hidden'], true) : 0; $no_newposts = isset($_POST['no_newposts']) ? COM_applyFilter($_POST['no_newposts'], true) : 0; $privgroup = isset($_POST['privgroup']) ? COM_applyFilter($_POST['privgroup'], true) : 0; $forum_order_id = isset($_POST['order']) ? COM_applyFilter($_POST['order'], true) : 0; if ($privgroup == 0) { $privgroup = 2; } $attachmentgroup = COM_applyFilter($_POST['attachmentgroup'], true); if ($attachmentgroup == 0) { $privgroup = 1; } if ($forum_order_id == 0) { $forum_order = 0; } else { $forum_order = DB_getItem($_TABLES['ff_forums'], 'forum_order', 'forum_id=' . (int) $forum_order_id); } $order = $forum_order++; // data validation if (empty($name)) { $statusText[] = $LANG_GF93['name_blank']; $numErrors++; } if (MBYTE_strlen($name) > 70) { $name = MBYTE_substr($name, 0, 70); } if (empty($dscp)) { $statusText[] = $LANG_GF93['desc_blank']; $numErrors++; } if ($numErrors == 0) { $name = _ff_preparefordb($name, 'text'); $dscp = _ff_preparefordb($dscp, 'text'); $fields = 'forum_order,forum_name,forum_dscp,forum_cat,grp_id,is_readonly,is_hidden,no_newposts,use_attachment_grpid,rating_view,rating_post'; DB_query("INSERT INTO {$_TABLES['ff_forums']} ({$fields})\n VALUES ('{$order}','{$name}','{$dscp}','{$category}','{$privgroup}','{$is_readonly}','{$is_hidden}','{$no_newposts}',{$attachmentgroup},0,0)"); $query = DB_query("SELECT max(forum_id) FROM {$_TABLES['ff_forums']} "); list($forumid) = DB_fetchArray($query); $modquery = DB_query("SELECT * FROM {$_TABLES['ff_moderators']} WHERE mod_uid='{$_USER['uid']}' AND mod_forum='{$forumid}'"); if (DB_numrows($modquery) < 1) { $fields = 'mod_uid,mod_username,mod_forum,mod_delete,mod_ban,mod_edit,mod_move,mod_stick'; DB_query("INSERT INTO {$_TABLES['ff_moderators']} ({$fields}) VALUES ('{$_USER['uid']}','{$_USER['username']}', '{$forumid}','1','1','1','1','1')"); } reorderForums($category); $retval = true; $statusText[] = $LANG_GF93['forumadded']; } return array($retval, $statusText); }
/** * Gets everything a user has permissions to within the system * This is part of the Geeklog security implementation. This function * will get all the permissions the current user has. Calls itself recursively. * * @param int $grp_id DO NOT USE (Used for recursion) Current group function is working on * @param int $uid User to check, if empty current user. * @return string returns comma delimited list of features the user has access to */ function SEC_getUserPermissions($grp_id = '', $uid = '') { global $_TABLES, $_USER, $_SEC_VERBOSE, $_GROUPS; $retval = ''; if ($_SEC_VERBOSE) { COM_errorLog("**********inside SEC_getUserPermissions(grp_id={$grp_id})**********", 1); } // Get user ID if we don't already have it if (empty($uid)) { if (empty($_USER['uid'])) { $uid = 1; } else { $uid = $_USER['uid']; } } if (empty($_USER['uid']) && $uid == 1 || !empty($_USER['uid']) && $uid == $_USER['uid']) { if (empty($_GROUPS)) { $_GROUPS = SEC_getUserGroups($uid); } $groups = $_GROUPS; } else { $groups = SEC_getUserGroups($uid); } if (empty($groups)) { // this shouldn't happen - make a graceful exit to avoid an SQL error return ''; } $glist = implode(',', $groups); $result = DB_query("SELECT DISTINCT ft_name FROM {$_TABLES["access"]},{$_TABLES["features"]} " . "WHERE ft_id = acc_ft_id AND acc_grp_id IN ({$glist})"); $nrows = DB_numrows($result); for ($j = 1; $j <= $nrows; $j++) { $A = DB_fetchArray($result); if ($_SEC_VERBOSE) { COM_errorLog('Adding right ' . $A['ft_name'] . ' in SEC_getUserPermissions', 1); } $retval .= $A['ft_name']; if ($j < $nrows) { $retval .= ','; } } return $retval; }
$p->set_var('copy_template_icon', $copy_template_icon); $p->set_var('copy_template_url', $copy_template_url); $p->set_var('editNeedPrj_check', $useProject_check); $p->set_var('export_template_icon', $export_template_icon); $thisAppGroupID = DB_getItem($_TABLES['nf_template'], 'AppGroup', "id='{$templateId}'"); $appGroupDDL = nf_makeDropDownWithSelected('id', 'AppGroup', $_TABLES['nf_appgroups'], $thisAppGroupID, '', 1); $p->set_var('editUseApp', $appGroupDDL); $appGroupDDL = nf_makeDropDownWithSelected('id', 'AppGroup', $_TABLES['nf_appgroups'], '', '', 1); $p->set_var('deleteAppGroup', $appGroupDDL); //$p->set_var('copy_template_url',$copy_template_url); //$p->set_var('copy_template_icon',$copy_template_icon); $p->set_var('editname_link', $editname_link); $p->set_var('LANG_DELCONFIRM', 'Are you sure you want to delete this definition?'); $sql = "SELECT * FROM {$_TABLES['nf_templatevariables']} WHERE nf_templateID='{$templateId}' ORDER BY id"; $query = DB_Query($sql); $numrows = DB_numrows($query); if ($numrows > 0) { $j = 1; $p->set_var('show_vars', ''); $p->set_var('vdivid', ''); while ($A = DB_fetchArray($query)) { $edit_link = " [<a href=\"#\" onClick='ajaxUpdateTemplateVar(\"edit\",{$templateId},{$cntr},{$j});'>Edit</a> ]"; $del_link = " [<a href=\"#\" onClick='ajaxUpdateTemplateVar(\"delete\",{$templateId},{$cntr},{$j});'\">Delete</a> ]"; $p->set_var('variable_id', "[{$A['id']}]"); $p->set_var('variable_name', $A['variableName']); $p->set_var('variable_value', $A['variableValue']); $p->set_var('var_id', $j); $p->set_var('edit_link', $edit_link); $p->set_var('delete_link', $del_link); if ($j == 1) { $p->parse('template_variable_records', 'variable_rec');