Пример #1
0
         $static = safesql(serialize($static), "text");
         $subsites = safesql(serialize($subsites), "text");
         $name = explode(".", $_POST['name']);
         if ($name[1] == "user") {
             $type = 1;
         } else {
             $type = 2;
         }
         $name = safesql($name[0], "text");
         $sql = $data->update_query("auth", "authname = {$name}, dynamic = {$dynamic}, permission = {$permissions}, static = {$static}, subsites = {$subsites}, type={$type}", "id={$safe_id}");
         if ($sql) {
             show_admin_message("Authorization item updated", $pagename);
         }
     }
 }
 if ($action == "new" && pageauth("auth", "add") == 1 || $action == "edit" && pageauth("auth", "edit") == 1) {
     $safe_id = safesql($id, "int");
     $sql = $data->select_query("functions", "WHERE type=2 ORDER BY name ASC", "id, name, code");
     $numdynamic = $data->num_rows($sql);
     $dynamic = array();
     while ($dynamic[] = $data->fetch_array($sql)) {
     }
     $sql = $data->select_query("functions", "WHERE type=3 ORDER BY name ASC", "id, name, code");
     $numperms = $data->num_rows($sql);
     $permissions = array();
     while ($permissions[] = $data->fetch_array($sql)) {
     }
     $sql = $data->select_query("static_content", "WHERE type=0 ORDER BY friendly ASC", "id, name, friendly");
     $numstatic = $data->num_rows($sql);
     $static = array();
     while ($static[] = $data->fetch_array($sql)) {
Пример #2
0
 $custom = array();
 while ($temp = $data->fetch_array($sql)) {
     $temp['options'] = unserialize($temp['options']);
     if ($temp['type'] == 4) {
         $temp2 = array();
         $temp2[] = 0;
         for ($i = 1; $i <= $temp['options'][0]; $i++) {
             $temp2[] = $_POST[$temp['name'] . $i] ? 1 : 0;
         }
         $custom[$temp['name']] = $temp2;
     } else {
         $custom[$temp['name']] = $_POST[$temp['name']];
     }
 }
 $custom = serialize($custom);
 if (pageauth("users", "limit") == 0) {
     if ($status != $user['status']) {
         if ($status == 1) {
             email_user($user['id'], "account_actived");
         } else {
             email_user($user['id'], "account_deactiv");
         }
     }
     $insertSQL = sprintf("uname=%s, status=%s, timezone=%s, firstname=%s, lastname=%s, email=%s, custom=%s", safesql($username, "text"), safesql($status, "text"), safesql($_POST['zone'], "text"), safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text"));
     if ($password) {
         $insertSQL .= ", passwd=" . safesql(md5($password), "text");
     }
     $Result1 = $data->update_query("users", $insertSQL, "id={$id}");
     if ($Result1) {
         show_admin_message("User details updated", "admin.php?page=users");
     }
Пример #3
0
    the Free Software Foundation; either version 2 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
**************************************************************************/
if (!empty($getmodules)) {
    return;
} else {
    if (pageauth("users", "add")) {
        if ($_POST['Submit'] == "Submit") {
            $firstname = safesql($_POST['firstname'], "text");
            $lastname = safesql($_POST['lastname'], "text");
            $email = safesql($_POST['email'], "text");
            $username = safesql($_POST['usernames'], "text");
            $password = safesql(md5($_POST['passwords']), "text");
            $status = safesql($_POST['status'], "int");
            $zone = safesql($_POST['zone'], "int");
            if ($config['dubemail'] == 0) {
                $email = safesql($_POST['email'], "text");
                $datas = $data->select_query("users", "WHERE email={$email}");
                $numrows = $data->num_rows($datas);
                if ($numrows > 0) {
                    show_admin_message("That email address has already been used, please use another email address.", "admin.php?page=users&subpage=add_user", true);
                }
Пример #4
0
     if (pageauth("photo", "limit") == 1) {
         $groupsqllist = group_sql_list_id("id", "OR", true);
         $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1");
     } else {
         $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1");
     }
     $tpl->assign('teams', $teams);
     $tpl->assign('numteams', $numteams);
     if ($_POST['submit'] == "Add Album") {
         $group = safesql($_POST['patrol'], "int");
         $name = safesql($_POST['album_name'], "text");
         $data->insert_query("album_track", "'', {$name}, {$group}, 1, 0");
         show_admin_message("Album added", "{$pagename}");
     }
 } elseif ($action == "") {
     if (pageauth("photo", "limit")) {
         $patrollist = group_sql_list_id("patrol", "OR");
         $result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC");
     } else {
         $result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC");
     }
     $albums = array();
     while ($temp = $data->fetch_array($result)) {
         if ($temp['patrol'] > 0) {
             $temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
             $temp['patrol'] = $temp2['teamname'];
         } elseif ($temp['patrol'] == 0) {
             $temp['patrol'] = "None";
         }
         $albums[] = $temp;
     }
Пример #5
0
        }
        if ($messages['type'] == 1) {
            $tpl->assign("nohide", true);
        }
    }
    /********************************************End Content Generation*****************************************/
    //Compile page
    if ($config['softdebug'] == 1) {
        $endtime = microtime();
        $totaltime = $endtime - $starttime;
        $counter = $data->get_counter();
        $debug .= "<br />This page took {$totaltime} seconds to render<br />CMScout performed {$counter} database queries";
    }
    $tpl->assign('debug', $debug);
    $tpl->assign('config', $config);
    $tpl->assign("addallowed", pageauth($page, "add"));
    $tpl->assign("editallowed", pageauth($page, "edit"));
    $tpl->assign("deleteallowed", pageauth($page, "delete"));
    $tpl->assign("publishallowed", pageauth($page, "publish"));
    $tpl->assign("limitgroup", pageauth($page, "limit"));
    $tpl->assign("script", $script);
    $tpl->assign("onDomReady", $onDomReady);
    $tpl->assign("activetab", $_GET['activetab']);
    $templateinfo['invalid'] = "#ad0000";
    $templateinfo['valid'] = "#06ad00";
    $templateinfo['default'] = "#deffff";
    $tpl->assign("templateinfo", $templateinfo);
    $tpl->display('admin/admin.tpl');
    $error = false;
    $loggedout = false;
}
Пример #6
0
        }
        $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
        $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
        $server = $_SERVER['PHP_SELF'];
        header("Location: {$server}" . "?page=customprofile");
    } elseif ($action == "movedown" && pageauth("customprofile", "edit") == 1) {
        $sql = $data->select_query("profilefields", "WHERE id={$safe_id}");
        $row = $data->fetch_array($sql);
        $pos1 = $row['pos'];
        $temppos = $pos1 + 1;
        $sql = $data->select_query("profilefields", "WHERE pos='{$temppos}' AND place=0");
        $row2 = $data->fetch_array($sql);
        $pos2 = $row2['position'];
        $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
        $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
        $server = $_SERVER['PHP_SELF'];
        header("Location: {$server}" . "?page=customprofile");
    } elseif ($action == "edit" && pageauth("customprofile", "edit") == 1) {
        $item = $data->select_fetch_one_row("profilefields", "WHERE id={$safe_id}");
        $item['options'] = unserialize($item['options']);
        $tpl->assign("item", $item);
    } elseif ($action == "delete" && pageauth("customprofile", "delete") == 1) {
        $delete = $data->delete_query("profilefields", "id={$safe_id}");
        if ($delete) {
            show_admin_message("Field deleted", "{$pagename}");
        }
        $action = "";
    }
    $tpl->assign("action", $action);
    $filetouse = "admin_customprofile.tpl";
}
Пример #7
0
} else {
    $editFormAction = $_SERVER['PHP_SELF'];
    if (isset($_SERVER['QUERY_STRING'])) {
        $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
    }
    $Submit = $_POST['Submit'];
    $id = $_GET['id'];
    $action = $_GET['action'];
    // Edit content
    if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) {
        $id = safesql($id, "int");
        $subject = safesql($_POST['subject'], "text");
        $email = safesql($_POST['email'], "text");
        if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) {
            show_admin_message("Email updated", $pagename);
        }
    }
    // Show specific content
    if ($id != "" && pageauth("emailedit", "edit") == 1) {
        // Show selected content
        $id = safesql($id, "int");
        $email = $data->select_fetch_one_row("emails", "WHERE id={$id}");
        $tpl->assign("email", $email);
    }
    // Show all news
    $emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC");
    $tpl->assign('action', $action);
    $tpl->assign('numemails', $numemails);
    $tpl->assign('emails', $emails);
    $filetouse = "admin_emailedit.tpl";
}
Пример #8
0
     $temp['downloads'] = $downloadtemp;
     $downloads[] = $temp;
 }
 $tpl->assign("numcategories", $numcategories);
 $tpl->assign("downloads", $downloads);
 $sql = $data->select_query("calendar_downloads", "WHERE eid={$id}");
 $event_downloads = array();
 $numeventdownloads = $data->num_rows($sql);
 while ($temp = $data->fetch_array($sql)) {
     $temp1 = $data->select_fetch_one_row("downloads", "WHERE id={$temp['did']}", "name");
     $temp['name'] = $temp1['name'];
     $event_downloads[] = $temp;
 }
 $tpl->assign("numeventdownloads", $numeventdownloads);
 $tpl->assign("event_downloads", $event_downloads);
 $tpl->assign("download_editallowed", pageauth("downloads", "edit"));
 if ($_POST['Submit'] == "Update") {
     $attendies = $_POST['attend'];
     $options = $_POST['options'];
     $data->delete_query("attendies", "eid={$id}");
     foreach ($attendies as $uid => $attend) {
         if ($attend == 1) {
             $useroption = safesql(serialize($options[$uid]), "text");
             if ($data->num_rows($data->select_query("attendies", "WHERE uid={$uid} AND eid = {$id}")) == 0) {
                 $data->insert_query("attendies", "'', {$uid}, {$id}, {$useroption}");
             } else {
                 $data->update_query("attendies", "options = {$useroption}", "uid={$uid} AND eid={$id}");
             }
         }
     }
     show_admin_message("Attendies Updated", "{$pagename}&action=signups&id={$id}&activetab=events");
Пример #9
0
 } elseif ($action == "moveitemup" && pageauth("links", "edit") == 1) {
     $sql = $data->select_query("links", "WHERE id='{$did}'");
     $row = $data->fetch_array($sql);
     $pos1 = $row['position'];
     $temppos = $pos1 - 1;
     $sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['position'];
     if ($pos2 == 0 || $pos1 == 0) {
         header("Location: {$server}" . "?page=links&action=view&id={$id}");
     }
     $data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false);
     $data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=links&action=view&id={$id}");
 } elseif ($action == "moveitemdown" && pageauth("links", "edit") == 1) {
     $sql = $data->select_query("links", "WHERE id='{$did}'");
     $row = $data->fetch_array($sql);
     $pos1 = $row['position'];
     $temppos = $pos1 + 1;
     $sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['position'];
     $data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false);
     $data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=links&action=view&id={$id}");
 } else {
     $cats = $data->select_query("links_cats", "ORDER BY position ASC");
     $row_cats = array();
     $num_cats = $data->num_rows($cats);
Пример #10
0
     $data->update_query("submenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
 } elseif ($action == "movedown" && pageauth("subsite", "edit")) {
     $sql = $data->select_query("submenu", "WHERE id={$id}");
     $row = $data->fetch_array($sql);
     $pos1 = $row['pos'];
     $temppos = $pos1 + 1;
     $sql = $data->select_query("submenu", "WHERE pos='{$temppos}' AND site={$safe_siteid}");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['pos'];
     $data->update_query("submenu", "pos={$pos2}", "id={$row['id']}", "", "", false);
     $data->update_query("submenu", "pos={$pos1}", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
 } elseif ($action == "fixcat" && pageauth("subsite", "edit") == 1) {
     $sql = $data->select_query("submenu", "WHERE site={$safe_siteid} ORDER BY pos ASC");
     if ($data->num_rows($sql) > 0) {
         $i = 1;
         while ($temp = $data->fetch_array($sql)) {
             $data->update_query("submenu", "pos={$i}", "id={$temp['id']}");
             $i++;
         }
     }
     header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
 }
 $tpl->assign("sitename", $sitename);
 $tpl->assign("siteid", $siteid);
 $tpl->assign('cid', $cid);
 $tpl->assign('id', $id);
 $tpl->assign('action', $action);
Пример #11
0
     $tpl->assign('numfunc', $numfunc);
     $tpl->assign('page', $pages);
     $tpl->assign('numpages', $numpages);
 } elseif ($action == "moveup" && pageauth("frontpage", "edit") == 1) {
     $sql = $data->select_query("frontpage", "WHERE id={$id}");
     $row = $data->fetch_array($sql);
     $pos1 = $row['pos'];
     $temppos = $pos1 - 1;
     $sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['pos'];
     $data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false);
     $data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=frontpage");
 } elseif ($action == "movedown" && pageauth("frontpage", "edit") == 1) {
     $sql = $data->select_query("frontpage", "WHERE id={$id}");
     $row = $data->fetch_array($sql);
     $pos1 = $row['pos'];
     $temppos = $pos1 + 1;
     $sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['pos'];
     $data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false);
     $data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=frontpage");
 }
 $tpl->assign('id', $id);
 $tpl->assign('action', $action);
 $tpl->assign('editFormAction', $editFormAction);
Пример #12
0
         $patrollist = group_sql_list_id("patrol", "OR");
         $membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
     } else {
         $membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
     }
     $nummembers = $data->num_rows($membersql);
     $member = array();
     while ($memberTemp = $data->fetch_array($membersql)) {
         $safe_memberid = safesql($memberTemp['id'], "int");
         $recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme =  {$safe_scheme}");
         $memberTemp['require'] = unserialize($recordsql['requirements']);
         $memberTemp['comment'] = unserialize($recordsql['comment']);
         $member[] = $memberTemp;
     }
 } elseif ($action == "view_badges") {
     if (pageauth("troop_records", "limit")) {
         $patrollist = group_sql_list_id("patrol", "OR");
         $membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
     } else {
         $membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
     }
     $nummembers = $data->num_rows($membersql);
     $memberBadges = array();
     while ($memberTemp = $data->fetch_array($membersql)) {
         $safe_memberid = safesql($memberTemp['id'], "int");
         $badgesql = $data->select_query("userbadges", "WHERE userid = {$safe_memberid}");
         $numbadge = 0;
         while ($temp = $data->fetch_array($badgesql)) {
             $result = $data->select_fetch_one_row("badges", "WHERE id = {$temp['badgeid']} AND scheme={$safe_scheme}");
             if ($result != '') {
                 $temp['name'] = $result['name'];
Пример #13
0
         }
     }
 } elseif ($action == "delete" && pageauth("group", "delete") == 1) {
     $sql3 = $data->delete_query("groups", "id={$id}");
     if ($sql3) {
         $data->delete_query("static_content", "type=1 AND pid={$id}");
         $data->delete_query("patrolmenu", "patrol={$id}");
         $data->delete_query("auth", "authname={$id} AND type=2");
         $data->delete_query("usergroups", "groupid={$id}");
         $data->update_query("patrol_articles", "patrol=0", "patrol={$id}");
         $data->update_query("album_track", "patrol=0", "patrol={$id}");
         $data->delete_query("forummods", "mid={$id} AND type=1");
         $data->delete_query("owners", "owner_id={$id} AND owner_type=1");
         show_admin_message("Group Deleted", $pagename);
     }
 } elseif ($action == "auth" && pageauth("group", "publish") == 1) {
     if ($_POST['Submit'] == "Submit") {
         $user = array();
         $ass = array();
         $gpl = array();
         for ($i = 0; $i < $modulenumbers; $i++) {
             $moduleid = $moduledetails[$i]['id'];
             $user['adminpanel'] = $_POST["user_adminpanel"] == 1 ? 1 : 0;
             $ass['adminpanel'] = $_POST["ass_adminpanel"] == 1 ? 1 : 0;
             $gpl['adminpanel'] = $_POST["gpl_adminpanel"] == 1 ? 1 : 0;
             $user['access'][$moduleid] = $_POST["user_" . $moduleid . "_access"] == 1 ? 1 : 0;
             $user['add'][$moduleid] = $_POST["user_" . $moduleid . "_add"] == 1 ? 1 : 0;
             $user['edit'][$moduleid] = $_POST["user_" . $moduleid . "_edit"] == 1 ? 1 : 0;
             $user['delete'][$moduleid] = $_POST["user_" . $moduleid . "_delete"] == 1 ? 1 : 0;
             $user['publish'][$moduleid] = $_POST["user_" . $moduleid . "_pub"] == 1 ? 1 : 0;
             $user['limit'][$moduleid] = $_POST["user_" . $moduleid . "_limit"] == 1 ? 1 : 0;
Пример #14
0
     $Show = $data->select_query("static_content", "WHERE id='{$id}' AND trash=0");
     $ShowRow = $data->fetch_array($Show);
     $Showcontent = $ShowRow["content"];
     $name = $ShowRow['name'];
     $tpl->assign("contents", $ShowRow);
     $tpl->assign("editor", true);
 }
 if ($action == "delete" && pageauth("content", "delete") == 1) {
     $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
     if ($delete) {
         show_admin_message("Content sent to trash", "{$pagename}");
     }
     $action = "";
 } elseif ($action == "new") {
     $tpl->assign("editor", true);
 } elseif ($action == "moveitem" && pageauth("content", "edit")) {
     $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
     $patrols = array();
     $numpatrols = $data->num_rows($sql);
     while ($patrols[] = $data->fetch_array($sql)) {
     }
     $sql = $data->select_query("subsites", "ORDER BY name ASC");
     $subsites = array();
     $numsubsites = $data->num_rows($sql);
     while ($subsites[] = $data->fetch_array($sql)) {
     }
     $tpl->assign("numpatrols", $numpatrols);
     $tpl->assign("patrols", $patrols);
     $tpl->assign("numsubsites", $numsubsites);
     $tpl->assign("subsites", $subsites);
     if ($Submit == "Move") {
Пример #15
0
            $comments = safesql(serialize($_POST['comment']), "text");
            $data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}");
        }
        show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements");
    } elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) {
        $badgeid = safesql($_POST['bid'], "int");
        $comment = safesql($_POST['comment'], "text");
        $date = safesql(time(), "int");
        $data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}");
        show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges");
    }
}
$schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC");
$tpl->assign("schemes", $schemes);
$tpl->assign("numschemes", $numschemes);
if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) {
    $advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC");
    $numadva = $data->num_rows($advansql);
    $advancements = array();
    $numitems = 0;
    $recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
    $scoutRecord['requirement'] = unserialize($recordsql['requirements']);
    $scoutRecord['comment'] = unserialize($recordsql['comment']);
    while ($temp = $data->fetch_array($advansql)) {
        $getrequirements = $data->select_query("requirements", "WHERE advancement = '{$temp["ID"]}' ORDER BY position ASC");
        $temp['numitems'] = $data->num_rows($getrequirements);
        while ($temp['items'][] = $data->fetch_array($getrequirements)) {
        }
        $advancements[] = $temp;
    }
    $tpl->assign("scoutRecord", $scoutRecord);
Пример #16
0
        $groupinfo['numusers'] = $data->num_rows($gusql);
        $groups[] = $groupinfo;
    }
    $sql = $data->select_query("members", "WHERE type=0 ORDER BY lastName, firstName ASC");
    $nummembers = $data->num_rows($sql);
    $members = array();
    while ($temp = $data->fetch_array($sql)) {
        if ($temp['type'] == 0) {
            $pa = $data->select_fetch_one_row("members", "WHERE id={$temp['fatherId']}");
            $ma = $data->select_fetch_one_row("members", "WHERE id={$temp['motherId']}");
            $temp['relations'] = "Father: <b>" . (isset($pa['firstName']) ? $pa['lastName'] . ', ' . $pa['firstName'] : "Not in System") . "</b><br />Mother: <b>" . (isset($ma['firstName']) ? $ma['lastName'] . ', ' . $ma['firstName'] : "Not in System") . "</b>";
        }
        $members[] = $temp;
    }
    $mainpageauth['logfile'] = pageauth('logfile', "access");
    $mainpageauth['menus'] = pageauth('menus', "access");
    $mainpageauth['users'] = pageauth('users', "access");
    $mainpageauth['group'] = pageauth('group', "access");
    $mainpageauth['patrol'] = pageauth('patrol', "access");
    $mainpageauth['subsite'] = pageauth('subsite', "access");
    $mainpageauth['config'] = pageauth('config', "access");
    $tpl->assign("mainpageauth", $mainpageauth);
    $tpl->assign("members", $members);
    $tpl->assign("nummembers", $nummembers);
    $tpl->assign("groups", $groups);
    $tpl->assign("numgroups", $numgroups);
    $tpl->assign("stats", $siteinfo);
    $tpl->assign("numusers", $numusers);
    $tpl->assign("onlineusers", $onlineusers);
    $filetouse = 'admin_main.tpl';
}
Пример #17
0
        $sql = $data->select_query("forummods", "WHERE fid={$fid}");
        $nummods = $data->num_rows($sql);
        $mods = array();
        while ($temp = $data->fetch_array($sql)) {
            if ($temp['type'] == 0) {
                $sql2 = $data->select_query("users", "WHERE id={$temp['mid']}", "uname");
                $temp2 = $data->fetch_array($sql2);
                $temp['name'] = "User: "******"groups", "WHERE id={$temp['mid']}", "teamname");
                $temp2 = $data->fetch_array($sql2);
                $temp['name'] = "Group: " . $temp2['teamname'];
            }
            $mods[] = $temp;
        }
        $tpl->assign("forum", $forum);
        $tpl->assign("groups", $groups);
        $tpl->assign("numgroups", $numgroups);
        $tpl->assign("users", $users);
        $tpl->assign("numusers", $numusers);
        $tpl->assign("mods", $mods);
        $tpl->assign("nummods", $nummods);
    } elseif ($action == "deletemod" && pageauth("forums", "delete") == 1) {
        $id = safesql($_GET['id'], "int");
        $data->delete_query("forummods", "id={$id}");
        show_admin_message("Moderator Deleted", "{$pagename}&action=moderator&fid={$fid}&cid={$cid}");
    }
    $tpl->assign('editFormAction', $editFormAction);
    $tpl->assign('action', $action);
    $filetouse = "admin_forums.tpl";
}
Пример #18
0
            $group_ids = group_users_id_array($usergroups[$i]);
            $first = true;
            for ($j = 0; $j < count($group_ids); $j++) {
                if ($first == false) {
                    $userquery .= " OR ";
                } else {
                    $first = false;
                }
                $userquery .= "id=" . $group_ids[$j];
            }
        }
        $sql = $data->select_query("users", "WHERE {$userquery}  ORDER BY uname ASC");
    } else {
        $sql = $data->select_query("users", "ORDER BY uname ASC");
    }
    $numusers = $data->num_rows($sql);
    while ($temp = $data->fetch_array($sql)) {
        $temp['team'] = user_groups_list($temp['id']);
        $temp['custom'] = unserialize($temp['custom']);
        $row[] = $temp;
    }
    $filetouse = "admin_user_list.tpl";
    $tpl->assign("action", $action);
    $tpl->assign('numusers', $numusers);
    $tpl->assign('editFormAction', $editFormAction);
    $tpl->assign('row', $row);
    $tpl->assign('fields', $fields);
    $tpl->assign('record', $record);
    $tpl->assign("uname", $check['uname']);
    $tpl->assign("ownerallowed", pageauth("owners", "edit"));
}
Пример #19
0
    You should have received a copy of the GNU General Public License
    along with this program; if not, write to the Free Software
    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
**************************************************************************/
if (!empty($getmodules)) {
    $module['Configuration']['Module Manager'] = "modules";
    $moduledetails[$modulenumbers]['name'] = "Module Manager";
    $moduledetails[$modulenumbers]['details'] = "Manage CMScout modules";
    $moduledetails[$modulenumbers]['access'] = "Allowed to access the module manager";
    $moduledetails[$modulenumbers]['add'] = "notused";
    $moduledetails[$modulenumbers]['edit'] = "notused";
    $moduledetails[$modulenumbers]['delete'] = "notused";
    $moduledetails[$modulenumbers]['publish'] = "Allowed to deactivate and reactivate modules";
    $moduledetails[$modulenumbers]['limit'] = "notused";
    $moduledetails[$modulenumbers]['id'] = "modules";
    return;
} else {
    $id = safesql($_GET['id'], "int");
    if ($_GET['action'] == 'activate' && pageauth("modules", "publish")) {
        $sqlq = $data->update_query("functions", "active = 1", "id={$id}");
        header("Location: {$pagename}");
    } elseif ($_GET['action'] == 'deactivate' && pageauth("modules", "publish")) {
        $sqlq = $data->update_query("functions", "active = 0", "id={$id}");
        header("Location: {$pagename}");
    }
    $modules = $data->select_fetch_all_rows($nummodule, "functions", "WHERE type != 3 ORDER BY name ASC", "id, name, type, active");
    $tpl->assign("modules", $modules);
    $tpl->assign("nummodule", $nummodule);
    $filetouse = "admin_modules.tpl";
}
Пример #20
0
        show_admin_message("User type changed", str_replace('&amp;', '&', $pagename) . "&gid={$gid}");
    }
    $sql = $data->select_query("groups", "WHERE id={$gid}");
    $groupinfo = $data->fetch_array($sql);
    $sql = $data->select_query("usergroups", "WHERE groupid={$gid}");
    $groupusers = array();
    $numgroupusers = $data->num_rows($sql);
    while ($temp = $data->fetch_array($sql)) {
        $sql2 = $data->select_query("users", "WHERE id={$temp['userid']}", "id, uname");
        $temp2 = $data->fetch_array($sql2);
        $temp2['type'] = $temp['utype'];
        $groupusers[] = $temp2;
    }
    $sql = $data->select_query("users", "ORDER BY uname ASC");
    $numusers = 0;
    $users = array();
    while ($temp = $data->fetch_array($sql)) {
        if ($data->num_rows($data->select_query("usergroups", "WHERE groupid={$gid} and userid={$temp['id']}")) == 0) {
            $users[] = $temp;
            $numusers++;
        }
    }
    $tpl->assign("editallowed_page", pageauth("group", "edit"));
    $tpl->assign("numusers", $numusers);
    $tpl->assign("users", $users);
    $tpl->assign("uname", $check['uname']);
    $tpl->assign("numgroupusers", $numgroupusers);
    $tpl->assign("groupusers", $groupusers);
    $tpl->assign("groupinfo", $groupinfo);
    $filetouse = "admin_groupusers.tpl";
}
Пример #21
0
        }
        show_admin_message("User type changed", str_replace('&amp;', '&', $pagename) . "&uid={$uid}");
    }
    $sql = $data->select_query("users", "WHERE id={$uid}");
    $userinfo = $data->fetch_array($sql);
    $sql = $data->select_query("usergroups", "WHERE userid={$uid}");
    $usergroups = array();
    $numusergroups = $data->num_rows($sql);
    while ($temp = $data->fetch_array($sql)) {
        $sql2 = $data->select_query("groups", "WHERE id={$temp['groupid']}", "id, teamname");
        $temp2 = $data->fetch_array($sql2);
        $temp2['type'] = $temp['utype'];
        $usergroups[] = $temp2;
    }
    $sql = $data->select_query("groups");
    $numgroups = 0;
    $groups = array();
    while ($temp = $data->fetch_array($sql)) {
        if ($data->num_rows($data->select_query("usergroups", "WHERE userid={$uid} and groupid={$temp['id']}")) == 0) {
            $groups[] = $temp;
            $numgroups++;
        }
    }
    $tpl->assign("editallowed_page", pageauth("users", "edit"));
    $tpl->assign("numgroups", $numgroups);
    $tpl->assign("groups", $groups);
    $tpl->assign("numusergroups", $numusergroups);
    $tpl->assign("usergroups", $usergroups);
    $tpl->assign("userinfo", $userinfo);
    $filetouse = "admin_usergroups.tpl";
}
Пример #22
0
     $data->update_query("patrolmenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}");
 } elseif ($action == "movedown" && pageauth("patrol", "edit")) {
     $sql = $data->select_query("patrolmenu", "WHERE id={$id}");
     $row = $data->fetch_array($sql);
     $pos1 = $row['pos'];
     $temppos = $pos1 + 1;
     $sql = $data->select_query("patrolmenu", "WHERE pos='{$temppos}' AND patrol={$safe_patrolid}");
     $row2 = $data->fetch_array($sql);
     $pos2 = $row2['pos'];
     $data->update_query("patrolmenu", "pos={$pos2}", "id={$row['id']}", "", "", false);
     $data->update_query("patrolmenu", "pos={$pos1}", "id={$row2['id']}", "", "", false);
     $server = $_SERVER['PHP_SELF'];
     header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}");
 } elseif ($action == "fixcat" && pageauth("patrol", "edit") == 1) {
     $sql = $data->select_query("patrolmenu", "WHERE patrol={$safe_patrolid} ORDER BY pos ASC");
     if ($data->num_rows($sql) > 0) {
         $i = 1;
         while ($temp = $data->fetch_array($sql)) {
             $data->update_query("patrolmenu", "pos={$i}", "id={$temp['id']}");
             $i++;
         }
     }
     header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
 }
 $tpl->assign("patrolid", $patrolid);
 $tpl->assign("patrolname", $patrolname);
 $tpl->assign('cid', $cid);
 $tpl->assign('id', $id);
 $tpl->assign('action', $action);
Пример #23
0
            $articles = $ownedSql ? $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE {$ownedSql} ORDER BY title") : '';
            $tpl->assign("articles", $articles);
            $tpl->assign("numarticles", $numarticles);
            $ownedSql = getSqlList('events', "id", $userid);
            $events = $ownedSql ? $data->select_fetch_all_rows($numevents, "calendar_items", "WHERE {$ownedSql} ORDER BY summary") : '';
            $tpl->assign("events", $events);
            $tpl->assign("numevents", $numevents);
            $ownedSql = getSqlList('downloads', "id", $userid);
            $downloads = $ownedSql ? $data->select_fetch_all_rows($numdownloads, "downloads", "WHERE {$ownedSql} ORDER BY name") : '';
            $tpl->assign("downloads", $downloads);
            $tpl->assign("numdownloads", $numdownloads);
            $ownedSql = getSqlList('newsitem', "id", $userid);
            $news = $ownedSql ? $data->select_fetch_all_rows($numnews, "newscontent", "WHERE {$ownedSql} ORDER BY title") : '';
            $tpl->assign("news", $news);
            $tpl->assign("numnews", $numnews);
            $ownedSql = getSqlList('pollitems', "id", $userid);
            $polls = $ownedSql ? $data->select_fetch_all_rows($numpolls, "polls", "WHERE {$ownedSql} ORDER BY question") : '';
            $tpl->assign("polls", $polls);
            $tpl->assign("numpolls", $numpolls);
            $permissions['album'] = pageauth("photo", "edit");
            $permissions['patrolart'] = pageauth("patrolart", "edit");
            $permissions['events'] = pageauth("events", "edit");
            $permissions['downloads'] = pageauth("downloads", "edit");
            $permissions['news'] = pageauth("news", "edit");
            $permissions['polls'] = pageauth("poll", "edit");
            $tpl->assign('permissions', $permissions);
            break;
    }
    $filetouse = "admin_owners.tpl";
    $tpl->assign('action', $action);
}
Пример #24
0
         if ($sql) {
             show_admin_message("Section added", $pagename);
         }
     } elseif ($action == "edit" && pageauth("sections", "edit")) {
         $name = safesql($_POST['name'], "text");
         $sql = $data->update_query("sections", "name = {$name}", "id = {$id}");
         if ($sql) {
             show_admin_message("Section updated", $pagename);
         }
     }
 }
 if ($action == "edit" && pageauth("sections", "edit")) {
     $result = $data->select_query("sections", "WHERE id = '{$id}'");
     $section = $data->fetch_array($result);
     $tpl->assign("section", $section);
 } elseif ($action == "delete" && pageauth("sections", "delete")) {
     $sql = $data->delete_query("sections", "id = '{$id}'");
     if ($sql) {
         show_admin_message("Section deleted", $pagename);
     }
 } else {
     $result = $data->select_query("sections", "ORDER BY name ASC");
     $sections = array();
     $numsections = $data->num_rows($result);
     while ($sections[] = $data->fetch_array($result)) {
     }
     $tpl->assign('sections', $sections);
     $tpl->assign('numsections', $numsections);
 }
 $tpl->assign('action', $action);
 $filetouse = "admin_sections.tpl";
Пример #25
0
 }
 // Delete News
 if ($action == "delete" && pageauth("news", "delete") == 1) {
     $Delete = $data->update_query("newscontent", "trash=1", "id='{$id}'");
     if ($Delete) {
         show_admin_message("News trashed", "{$pagename}");
     }
 } elseif ($action == 'publish' && pageauth("news", "publish") == 1) {
     $sqlq = $data->update_query("newscontent", "allowed = 1", "id={$id}");
     if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='news'"))) {
         $item = $data->select_fetch_one_row("newscontent", "WHERE id={$id}");
         email('newitem', array("news", $item));
         $data->delete_query("review", "item_id={$id} AND type='news'");
     }
     header("Location: {$pagename}");
 } elseif ($action == 'unpublish' && pageauth("news", "publish") == 1) {
     $sqlq = $data->update_query("newscontent", "allowed = 0", "id={$id}");
     header("Location: {$pagename}");
 }
 // Show specific news
 if ($id != "") {
     // Show selected news
     $Show = $data->select_query("newscontent", "WHERE id='{$id}' AND trash=0");
     $shownews = $data->fetch_array($Show);
     $tpl->assign('shownews', $shownews);
     $tpl->assign("editor", true);
 }
 if ($action == "new") {
     $tpl->assign("editor", true);
 }
 if ($action == "new" || $action == "edit") {
Пример #26
0
    $module['Module Management']['Group Site Manager'] = "patrol";
    $moduledetails[$modulenumbers]['name'] = "Group Site Manager";
    $moduledetails[$modulenumbers]['details'] = "Manages group websites";
    $moduledetails[$modulenumbers]['access'] = "Allowed to access group site manager";
    $moduledetails[$modulenumbers]['add'] = "Allowed to add new pages and menu items";
    $moduledetails[$modulenumbers]['edit'] = "Allowed to edit existing pages and menu items";
    $moduledetails[$modulenumbers]['delete'] = "Allowed to delete pages and menu items";
    $moduledetails[$modulenumbers]['publish'] = "notused";
    $moduledetails[$modulenumbers]['limit'] = "Limit to groups the user is part of";
    $moduledetails[$modulenumbers]['id'] = "patrol";
    return;
} else {
    $subpage = $_GET['subpage'] != '' ? $_GET['subpage'] : '';
    if (!$subpage) {
        $action = $_GET['action'];
        if (pageauth("patrol", "limit")) {
            $patrollist = group_sql_list_normal("teamname", "OR");
            $result = $data->select_query("groups", "WHERE ({$patrollist}) AND ispublic=1 ORDER BY teamname ASC");
        } else {
            $result = $data->select_query("groups", "WHERE ispublic=1 ORDER BY teamname ASC");
        }
        $patrol = array();
        while ($patrol[] = $data->fetch_array($result)) {
        }
        $numpatrols = $data->num_rows($result);
        $tpl->assign('patrol', $patrol);
        $tpl->assign('patrolInfo', $patrolInfo);
        $tpl->assign('action', $action);
        $tpl->assign('numpatrol', $numpatrols);
        $filetouse = "admin_patrol.tpl";
    } else {
Пример #27
0
 if ($action == "edit") {
     $tpl->assign("cmtags_active", true);
     $tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}");
 } elseif ($action == "new") {
     $tpl->assign("cmtags_active", true);
     $tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}");
 } elseif ($action == "delete" && pageauth("patrol", "delete") == 1) {
     $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
     if ($delete) {
         show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=patrol&subpage=patrolcontent&pid={$patrolid}");
     }
     $action = "";
 } elseif ($action == "putfront" && pageauth("patrol", "edit")) {
     $sql = $data->update_query("static_content", "frontpage=0", "type=1 AND pid={$safe_patrolid}");
     $sql = $data->update_query("static_content", "frontpage=1", "type=1 AND id={$safe_id}");
 } elseif ($action == "moveitem" && pageauth("patrol", "edit") && !pageauth("patrol", "limit")) {
     $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
     $patrols = array();
     $numpatrols = $data->num_rows($sql);
     while ($patrols[] = $data->fetch_array($sql)) {
     }
     $sql = $data->select_query("subsites", "ORDER BY name ASC");
     $subsites = array();
     $numsubsites = $data->num_rows($sql);
     while ($subsites[] = $data->fetch_array($sql)) {
     }
     $tpl->assign("numpatrols", $numpatrols);
     $tpl->assign("patrols", $patrols);
     $tpl->assign("numsubsites", $numsubsites);
     $tpl->assign("subsites", $subsites);
     if ($Submit == "Move") {
Пример #28
0
 }
 // Show specific content
 if ($id != "") {
     // Show selected content
     $item = $data->select_fetch_one_row("static_content", "WHERE id={$safe_id} AND type=2 AND pid={$safe_siteid}");
 }
 if ($action == "delete" && pageauth("subsite", "delete") == 1) {
     $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
     if ($delete) {
         show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=subsite&subpage=subcontent&sid={$siteid}");
     }
     $action = "";
 } elseif ($action == "putfront" && pageauth("subsite", "edit")) {
     $sql = $data->update_query("static_content", "frontpage=0", "type=2 AND pid={$safe_siteid}");
     $sql = $data->update_query("static_content", "frontpage=1", "type=2 AND id={$safe_id}");
 } elseif ($action == "moveitem" && pageauth("subsite", "edit")) {
     $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
     $patrols = array();
     $numpatrols = $data->num_rows($sql);
     while ($patrols[] = $data->fetch_array($sql)) {
     }
     $sql = $data->select_query("subsites", "ORDER BY name ASC");
     $subsites = array();
     $numsubsites = $data->num_rows($sql);
     while ($subsites[] = $data->fetch_array($sql)) {
     }
     $tpl->assign("numpatrols", $numpatrols);
     $tpl->assign("patrols", $patrols);
     $tpl->assign("numsubsites", $numsubsites);
     $tpl->assign("subsites", $subsites);
     if ($Submit == "Move") {
Пример #29
0
         $order = safesql($_POST['order'], "text");
         $display = safesql($_POST['display'], "int");
         $groupallowed = safesql(serialize($_POST['groups']), "text");
         $description = safesql($_POST['description'], "text");
         $perpage = safesql($_POST['perpage'], "int");
         $sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}");
         if ($sql) {
             show_admin_message("Topic added", "{$pagename}&activetab=topics");
         }
     }
 } else {
     $action = "";
 }
 if ($action == "") {
     $row = array();
     if (pageauth("patrolart", "limit")) {
         $patrol = group_sql_list_id("patrol", "OR", true);
         $result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC");
     } else {
         $result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC");
     }
     $numarticles = $data->num_rows($result);
     while ($temp = $data->fetch_array($result)) {
         $sql = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
         $temp['patrol'] = $sql['teamname'];
         $topics = unserialize($temp['topics']);
         $temp['topics'] = '';
         $num = 1;
         if (is_array($topics)) {
             foreach ($topics as $topicid => $value) {
                 $topicdetail = $data->select_fetch_one_row("articletopics", "WHERE id = {$topicid}", "title");
Пример #30
0
     $row = $data->fetch_array($result);
     $advan = $row['name'];
     $tpl->assign("advan", $advan);
     $tpl->assign("id", $id);
 } elseif ($action == "editadd" && pageauth("advancements", "edit")) {
     $result = $data->select_query("advancements", "WHERE ID = '{$id}'");
     $row = $data->fetch_array($result);
     $advan = $row['advancement'];
     $tpl->assign("sid", $sid);
     $tpl->assign("advan", $advan);
     $tpl->assign("id", $id);
 } elseif ($action == "newadd" && pageauth("advancements", "add")) {
     $tpl->assign("sid", $sid);
 } elseif ($action == "newbadge" && pageauth("advancements", "add")) {
     $tpl->assign("sid", $sid);
 } elseif ($action == "editbadge" && pageauth("advancements", "edit")) {
     $result = $data->select_query("badges", "WHERE id = '{$id}'");
     $row = $data->fetch_array($result);
     $tpl->assign("sid", $sid);
     $tpl->assign("badge", $row);
     $tpl->assign("id", $id);
 } else {
     $result = $data->select_query("awardschemes");
     $adv = array();
     $numschemes = $data->num_rows($result);
     while ($row = $data->fetch_array($result)) {
         $sql = $data->select_query("advancements", "WHERE scheme ={$row['id']}");
         $row['numitems'] = $data->num_rows($sql);
         $schemes[] = $row;
     }
 }