<?php
$included = isset($_josh);
if (!$included) {
include '../include.php';
}
$r = false;
if ($posting) {
langTranslatePost('title,description,publication');
$id = db_save("press_clips");
if (getOption('channels')) {
db_checkboxes('channels', 'press_clips_to_channels', 'clip_id', 'channel_id', $id);
}
url_change_post("/press-clips/clip.php?id=" . $id);
} elseif ($included) {
$action = getString('add_new');
$_josh["request"]["path_query"] = "edit.php";
//shoddy way of setting the form target
$r["url"] = "http://";
} elseif (url_id()) {
$action = getString('edit');
echo drawTop();
$r = db_grab("SELECT id, title, url, publication, pub_date, description, type_id from press_clips WHERE id = " . $_GET["id"]);
$r["title"] = format_title($r["title"], "US");
} else {
$action = getString('add_new');
echo drawTop();
if (isset($_GET["title"])) {
$r["title"] = format_title($_GET["title"], "US");
}
if (isset($_GET["url"])) {
<?php
include "../../include.php";
url_query_require();
if ($posting) {
$id = db_save("wiki_topics");
db_checkboxes("tags", "wiki_topics_to_tags", "topicID", "tagID", $id);
url_change("topic.php?id=" . $id);
}
echo drawTop();
$r = db_grab("SELECT id, title, description, type_id FROM wiki_topics WHERE id = " . $_GET["id"]);
$form = new intranet_form();
if ($page['is_admin']) {
$form->addUser("created_user", "Posted By", $_SESSION["user_id"], false, true);
}
$form->addRow("itext", "Title", "title", $r["title"], "", true, 255);
$form->addRow("select", "Type", "type_id", "SELECT id, description FROM wiki_topics_types", $r["type_id"], true);
$form->addCheckboxes("tags", "Tags", "wiki_tags", "wiki_topics_to_tags", "topicID", "tagID", $_GET["id"]);
$form->addRow("textarea", "Description", "description", $r["description"], "", true);
$form->addRow("submit", "post wiki topic");
$form->draw("Add a Wiki Topic");
echo drawBottom();
<?php
include "include.php";
if ($posting) {
langTranslatePost('title,description');
$id = db_save('cal_events');
if (getOption('channels')) {
db_checkboxes('channels', 'cal_events_to_channels', 'event_id', 'channel_id', $id);
}
url_query_add(array("month" => $_POST['start_dateMonth'], "year" => $_POST['start_dateYear']));
}
if (!isset($_GET['month']) || !isset($_GET['year'])) {
url_query_add(array("month" => $_josh['month'], "year" => $_josh['year']));
}
echo drawTop();
echo drawNavigationCal($_GET['month'], $_GET['year']);
//get events
$result = db_query('SELECT
e.id,
DAY(e.start_date) startDay,
e.title' . langExt() . ' title,
t.color
FROM cal_events e
JOIN cal_events_types t ON e.type_id = t.id
' . getChannelsWhere('cal_events', 'e', 'event_id') . '
AND
MONTH(e.start_date) = ' . $_GET['month'] . ' AND
YEAR(e.start_date) = ' . $_GET['year']);
while ($r = db_fetch($result)) {
$events[$r['startDay']][$r['id']]['title'] = $r['title'];
$events[$r['startDay']][$r['id']]['color'] = $r['color'];
<?php
include '../include.php';
if ($posting) {
error_debug('user is posting', __FILE__, __LINE__);
if ($uploading) {
list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types');
}
langTranslatePost('title,description');
$id = db_save('docs');
//debug();
db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id);
if (getOption('channels')) {
db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id);
}
url_change('info.php?id=' . $id);
}
if (url_id()) {
$d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']);
$pageAction = getString('edit');
} else {
$pageAction = getString('add_new');
}
echo drawTop();
//load code for JS
$extensions = array();
$doctypes = array();
$types = db_query('SELECT description, extension FROM docs_types ORDER BY description');
while ($t = db_fetch($types)) {
$extensions[] = '(extension != "' . $t['extension'] . '")';
$doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
<?php
include '../../include.php';
if ($posting) {
if ($_GET['doc_id'] == 'new') {
$_GET['doc_id'] = false;
}
if ($uploading) {
$_POST['extension'] = file_type($_FILES['content']['name']);
$_POST['content'] = file_get_uploaded('content');
}
$id = db_save('dl_docs', @$_GET['doc_id']);
db_checkboxes('categories', 'dl_docs_to_categories', 'doc_id', 'category_id', $id);
url_drop('id');
} elseif (url_action('delete')) {
db_delete('dl_docs');
url_drop('id,action');
}
echo drawTop();
if (!empty($_GET['doc_id'])) {
if ($_GET['doc_id'] == 'new') {
$_GET['doc_id'] = false;
}
$f = new form('dl_docs', @$_GET['doc_id'], ($_GET['doc_id'] ? 'Edit' : 'Add') . ' Document');
$f->set_title_prefix($page['breadcrumbs']);
$f->set_field(array('name' => 'title', 'label' => getString('title'), 'type' => 'text'));
$f->unset_fields('extension');
$f->set_field(array('name' => 'content', 'label' => getString('file'), 'type' => 'file', 'additional' => getString('upload_max') . file_get_max()));
$f->set_field(array('name' => 'categories', 'label' => getString('categories'), 'type' => 'checkboxes', 'options_table' => 'dl_categories', 'option_title' => 'title', 'linking_table' => 'dl_docs_to_categories', 'object_id' => 'doc_id', 'option_id' => 'category_id'));
echo $f->draw();
} else {
if (isset($_josh)) {
//included
$_josh["request"]["path_query"] = "/news/edit.php";
} else {
//page loaded on its own
include "../../include.php";
if ($posting) {
if (isset($_FILES["content"]["name"]) && !empty($_FILES["content"]["name"])) {
list($_POST["content"], $_POST["fileTypeID"]) = file_get_uploaded("content", "docs_types");
}
if (isset($_FILES["image"]["name"]) && !empty($_FILES["image"]["name"])) {
list($_POST["image"], $_POST["imageTypeID"]) = file_get_uploaded("image", "docs_types");
//die($_POST["image"]);
}
$id = db_save("news_stories");
db_checkboxes("corporationID", "news_stories_to_organizations", "newsID", "organizationID", $id);
url_change("./?id=" . $id);
}
echo drawTop();
$r = db_grab("SELECT \n\t\tn.headline,\n\t\tn.outlet,\n\t\tn.pubdate,\n\t\tn.url,\n\t\tn.description\n\t\tFROM news_stories n\n\t\tWHERE id = " . $_GET["id"]);
}
$form = new intranet_form();
$form->addCheckboxes("corporationID", "Organization", "organizations", "news_stories_to_organizations", "newsID", "organizationID", @$_GET["id"]);
$form->addRow("itext", "Headline", "headline", @$r["headline"], "", true, 255);
$form->addRow("itext", "News Outlet", "outlet", @$r["outlet"], "", true, 255);
$form->addRow("date", "Date", "pubdate", @$r["pubdate"], "", true);
$form->addRow("file", "Image<br>(optional)", "image", "", "", false);
$form->addRow("file", "File<br>(optional)", "content", "", "", true);
$form->addRow("itext", "URL<br>(optional)", "url", @$r["url"], "", false, 255);
$form->addRow("textarea-plain", "Description<br>(optional)", "description", @$r["description"]);
$form->addRow("submit", "Save Changes");
<?php
include 'include.php';
if ($posting) {
error_debug('handling bb post', __FILE__, __LINE__);
format_post_bits('is_admin');
langTranslatePost('title,description');
$id = db_save('bb_topics');
db_query('UPDATE bb_topics SET thread_date = GETDATE(), replies = (SELECT COUNT(*) FROM bb_followups WHERE topic_id = ' . $id . ') WHERE id = ' . $id);
if (getOption('channels')) {
db_checkboxes('channels', 'bb_topics_to_channels', 'topic_id', 'channel_id', $id);
}
//notification
if ($_POST['is_admin'] == '1') {
//get addresses of everyone & send with message
emailUser(db_array('SELECT email FROM users WHERE is_active = 1'), $_POST['title'], drawEmail(bbDrawTopic($id, true)));
} elseif (getOption('bb_notifypost') && getOption('channels') && getOption('languages')) {
//get addresses of everyone with indicated interests and send
$channels = array_post_checkboxes('channels');
$languages = db_table('SELECT id, code FROM languages');
foreach ($languages as $l) {
$addresses = db_array('SELECT DISTINCT u.email FROM users u JOIN users_to_channels_prefs u2cp ON u.id = u2cp.user_id WHERE u.is_active = 1 AND u.language_id = ' . $l['id'] . ' AND u2cp.channel_id IN (' . implode(',', $channels) . ')');
$topic = db_grab('SELECT
ISNULL(u.nickname, u.firstname) firstname,
u.lastname,
t.title' . langExt($l['code']) . ' title,
t.description' . langExt($l['code']) . ' description,
y.title' . langExt($l['code']) . ' type,
t.created_date
FROM bb_topics t
LEFT JOIN bb_topics_types y ON t.type_id = y.id
<?php
$included = isset($_josh);
if (!$included) {
include '../include.php';
}
$r = array();
if ($posting) {
langTranslatePost('title,description');
$id = db_save('external_orgs');
db_checkboxes('types', 'external_orgs_to_types', 'org_id', 'type_id', $id);
if (getOption('channels')) {
db_checkboxes('channels', 'external_orgs_to_channels', 'org_id', 'channel_id', $id);
}
url_change_post('./type.php?id=' . db_grab('SELECT type_id FROM external_orgs_to_types WHERE org_id = ' . $id));
//pure hackery
} elseif ($included) {
$title = getString('add_new');
$_josh['referrer'] = false;
$_josh['request']['path_query'] = 'edit.php';
//shoddy way of setting the form target
$r['url'] = 'http://';
} else {
url_query_require();
echo drawTop();
$title = $page['title'];
$r = db_grab('SELECT id, title, url, description from external_orgs WHERE id = ' . $_GET['id']);
}
if ($included) {
$_GET['id'] = false;
}
$email_address = $_POST["email"];
//db_enter is going to mess it up; i should fix that!
$id = db_enter("intranet_users", "firstname nickname lastname title email rankID *startDate *endDate #corporationID #departmentID #officeID phone bio homeAddress1 homeAddress2 homeCity homeStateID homeZIP homePhone homeCell homeEmail emerCont1Name emerCont1Relationship emerCont1Phone emerCont1Cell emerCont1Email emerCont2Name emerCont2Relationship emerCont2Phone emerCont2Cell emerCont2Email", "userID");
//if new user, reset password, delete request, and send invite
if (!isset($_GET["id"])) {
db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = " . $id);
if (isset($_GET["requestID"])) {
db_query("DELETE FROM users_requests WHERE id = " . $_GET["requestID"]);
}
//send invitation
$name = str_replace("'", "", $_POST["nickname"] == "NULL" ? $_POST["firstname"] : $_POST["nickname"]);
email_invite($id, $email_address, $name);
}
//update permissions
db_checkboxes("permissions", "administrators", "userID", "moduleID", $id);
db_checkboxes("skills", "users_to_skills", "user_id", "skill_id", $id);
//check long distance code
if ($locale == "/_seedco/" && $_POST["officeID"] == "1") {
if (!db_grab("SELECT longdistancecode FROM intranet_users WHERE userID = " . $id)) {
$code = db_grab("SELECT code FROM ldcodes WHERE code NOT IN ( SELECT longdistancecode FROM intranet_users WHERE isActive = 1 AND longdistancecode IS NOT NULL)");
db_query("UPDATE intranet_users SET longDistanceCode = {$code} WHERE userID = " . $id);
}
}
} else {
$id = db_enter("intranet_users", "firstname nickname lastname email title #corporationID departmentID officeID phone bio homeAddress1 homeAddress2 homeCity homeStateID homeZIP homePhone homeCell homeEmail emerCont1Name emerCont1Relationship emerCont1Phone emerCont1Cell emerCont1Email emerCont2Name emerCont2Relationship emerCont2Phone emerCont2Cell emerCont2Email", "userID");
}
//upload new staff image
if ($uploading && file_ext($_FILES["userfile"]['name']) == 'jpg') {
define('DIRECTORY_ROOT', $_SERVER['DOCUMENT_ROOT']);
define('DIRECTORY_WRITE', '/uploads');
$image = format_image($_FILES["userfile"]["tmp_name"], 'jpg');
if ($_POST['officeID'] == 1) {
if (!url_id() || !db_grab('SELECT longDistanceCode FROM users WHERE id = ' . url_id())) {
//user doesn't have a long distance code but needs one
if (!($code = db_grab('SELECT l.code FROM ldcodes l WHERE (SELECT COUNT(*) FROM users u WHERE u.longDistanceCode = l.code AND u.is_active = 1) = 0'))) {
error_hande('out of codes', 'the intranet is out of long distance codes to assign to new users, such as for ' . $_POST['firstname'] . ' ' . $_POST['lastname']);
} else {
$_POST['longDistanceCode'] = $code;
}
}
}
}
$id = db_save('users');
if (getOption('channels')) {
db_checkboxes('channels', 'users_to_channels', 'user_id', 'channel_id', $id);
if (admin() || url_id() == user()) {
db_checkboxes('email_prefs', 'users_to_channels_prefs', 'user_id', 'channel_id', $id);
}
}
if ($_SESSION['is_admin']) {
if (!empty($_POST['is_admin'])) {
//is admin, so delete permissions
db_query('DELETE FROM users_to_modules WHERE user_id = ' . $id);
db_query('DELETE FROM users_to_modulettes WHERE user_id = ' . $id);
} else {
//handle permissions updates
db_query('UPDATE users_to_modules SET is_admin = 0 WHERE user_id = ' . $id);
$modules = array_checkboxes('modules');
foreach ($modules as $m) {
if (db_grab('SELECT COUNT(*) FROM users_to_modules WHERE user_id = ' . $id . ' AND module_id = ' . $m)) {
db_query('UPDATE users_to_modules SET is_admin = 1 WHERE user_id = ' . $id . ' AND module_id = ' . $m);
} else {
