function blocks_rss_update($row)
{
list($dbconn) = pnDBGetConn();
list($args['rssurl'], $args['maxitems'], $args['showimage'], $args['showsearch'], $args['showdescriptions'], $args['altstyle']) = pnVarCleanFromInput('rssurl', 'maxitems', 'showimage', 'showsearch', 'showdescriptions', 'altstyle');
// Remove old URL if there
unset($row['url']);
// Defaults
if (!isset($args['rssurl'])) {
$args['rssurl'] = '';
}
if (!isset($args['maxitems'])) {
$args['maxitems'] = 5;
}
if (!isset($args['showdescriptions'])) {
$args['showdescriptions'] = 0;
}
if (!isset($args['altstyle'])) {
$args['altstyle'] = 0;
}
if (!isset($args['showimage'])) {
$args['showimage'] = 0;
}
if (!isset($args['showsearch'])) {
$args['showsearch'] = 0;
}
$row['content'] = pnBlockVarsToContent($args);
// Refresh data
$row = blocks_rss_refresh($row, 1);
return $row;
}
/**
* $Id$
*
* PostCalendar::PostNuke Events Calendar Module
* Copyright (C) 2002 The PostCalendar Team
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
function smarty_function_pc_form_nav_close($args = array())
{
extract($args);
unset($args);
if (_SETTING_OPEN_NEW_WINDOW || isset($print)) {
$target = 'target="csCalendar"';
} else {
$target = '';
}
if (!defined('_PC_FORM_DATE')) {
$Date = postcalendar_getDate();
echo '<input type="hidden" name="Date" value="' . $Date . '" />';
}
if (!defined('_PC_FORM_VIEW_TYPE')) {
echo '<input type="hidden" name="viewtype" value="' . pnVarCleanFromInput('viewtype') . '" />';
}
if (!defined('_PC_FORM_TEMPLATE')) {
echo '<input type="hidden" name="tplview" value="' . pnVarCleanFromInput('tplview') . '" />';
}
if (!defined('_PC_FORM_USERNAME')) {
echo '<input type="hidden" name="pc_username" value="' . pnVarCleanFromInput('pc_username') . '" />';
}
if (!defined('_PC_FORM_CATEGORY')) {
echo '<input type="hidden" name="pc_category" value="' . pnVarCleanFromInput('pc_category') . '" />';
}
if (!defined('_PC_FORM_TOPIC')) {
echo '<input type="hidden" name="pc_topic" value="' . pnVarCleanFromInput('pc_topic') . '" />';
}
echo '</form>';
}
/**
* $Id$
*
* PostCalendar::PostNuke Events Calendar Module
* Copyright (C) 2002 The PostCalendar Team
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
function smarty_function_pc_view_select($args)
{
@define('_PC_FORM_TEMPLATE', true);
$Date = postcalendar_getDate();
if (!isset($y)) {
$y = substr($Date, 0, 4);
}
if (!isset($m)) {
$m = substr($Date, 4, 2);
}
if (!isset($d)) {
$d = substr($Date, 6, 2);
}
$tplview = pnVarCleanFromInput('tplview');
$viewtype = pnVarCleanFromInput('viewtype');
if (!isset($viewtype)) {
$viewtype = _SETTING_DEFAULT_VIEW;
}
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$mdir = pnVarPrepForOS($modinfo['directory']);
unset($modinfo);
$pcTemplate = pnVarPrepForOS(_SETTING_TEMPLATE);
if (empty($pcTemplate)) {
$pcTemplate = 'default';
}
$viewlist = array();
$handle = opendir("modules/{$mdir}/pntemplates/{$pcTemplate}/views/{$viewtype}");
$hide_list = array('.', '..', 'CVS', 'index.html');
while ($f = readdir($handle)) {
if (!in_array($f, $hide_list)) {
$viewlist[] = $f;
}
}
closedir($handle);
unset($no_list);
sort($viewlist);
$tcount = count($viewlist);
//$options = "<select id=\"tplview\" name=\"tplview\" class=\"$args[class]\">"; - pennfirm
$options = "<select id=\"tplview\" name=\"viewtype\" class=\"{$args['class']}\">";
$selected = $tplview;
for ($t = 0; $t < $tcount; $t++) {
$id = str_replace('.html', '', $viewlist[$t]);
$sel = $selected == $id ? 'selected' : '';
$options .= "<option value=\"{$id}\" {$sel} class=\"{$args['class']}\">{$id}</option>";
}
$options .= '</select>';
if (!isset($args['label'])) {
$args['label'] = _PC_TPL_VIEW_SUBMIT;
}
$submit = '<input type="submit" valign="middle" name="submit" value="' . $args['label'] . '" class="' . $args['class'] . '" />';
// build the form
if ($t > 1) {
echo $options, $submit;
}
}
/**
* update module information
* @param $args['mid'] the id number of the module to update
* @param $args['displayname'] the new display name of the module
* @param $args['description'] the new description of the module
* @returns bool
* @return true on success, false on failure
*/
function modules_adminapi_update($args)
{
// Get arguments from argument array
extract($args);
// Argument check
if (!isset($mid) || !is_numeric($mid) || !isset($displayname) || !isset($description)) {
pnSessionSetVar('errormsg', _MODARGSERROR);
return false;
}
// Security check
if (!pnSecAuthAction(0, 'Modules::', "::{$mid}", ACCESS_ADMIN)) {
pnSessionSetVar('errormsg', _MODULESAPINOAUTH);
return false;
}
// Rename operation
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$modulestable = $pntable['modules'];
$modulescolumn =& $pntable['modules_column'];
$query = "UPDATE {$modulestable}\n SET {$modulescolumn['displayname']} = '" . pnVarPrepForStore($displayname) . "',\n {$modulescolumn['description']} = '" . pnVarPrepForStore($description) . "'\n WHERE {$modulescolumn['id']} = " . (int) pnVarPrepForStore($mid);
$dbconn->Execute($query);
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _MODULESAPIUPDATEFAILED);
return false;
}
// Hooks
// Get module name
$modinfo = pnModGetInfo($mid);
$hookstable = $pntable['hooks'];
$hookscolumn =& $pntable['hooks_column'];
$sql = "SELECT DISTINCT {$hookscolumn['id']},\n {$hookscolumn['smodule']},\n {$hookscolumn['stype']},\n {$hookscolumn['object']},\n {$hookscolumn['action']},\n {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']}\n FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} IS NULL\n ORDER BY {$hookscolumn['tmodule']},\n {$hookscolumn['smodule']} DESC";
$result = $dbconn->Execute($sql);
$displayed = array();
for (; !$result->EOF; $result->MoveNext()) {
list($hookid, $hooksmodname, $hookstype, $hookobject, $hookaction, $hooktarea, $hooktmodule, $hookttype, $hooktfunc, ) = $result->fields;
// Delete hook regardless
$sql = "DELETE FROM {$hookstable}\n WHERE {$hookscolumn['smodule']} = '" . pnVarPrepForStore($modinfo['name']) . "'\n AND {$hookscolumn['tmodule']} = '" . pnVarPrepForStore($hooktmodule) . "'";
$dbconn->Execute($sql);
// Get selected value of hook
$hookvalue = pnVarCleanFromInput("hooks_{$hooktmodule}");
// See if this is checked and isn't in the database
if (isset($hookvalue) && empty($hooksmodname)) {
// Insert hook if required
$sql = "INSERT INTO {$hookstable} (\n {$hookscolumn['id']},\n {$hookscolumn['object']},\n {$hookscolumn['action']},\n {$hookscolumn['smodule']},\n {$hookscolumn['tarea']},\n {$hookscolumn['tmodule']},\n {$hookscolumn['ttype']},\n {$hookscolumn['tfunc']})\n VALUES (\n " . pnVarPrepForStore($dbconn->GenId($hookstable)) . ",\n '" . pnVarPrepForStore($hookobject) . "',\n '" . pnVarPrepForStore($hookaction) . "',\n '" . pnVarPrepForStore($modinfo['name']) . "',\n '" . pnVarPrepForStore($hooktarea) . "',\n '" . pnVarPrepForStore($hooktmodule) . "',\n '" . pnVarPrepForStore($hookttype) . "',\n '" . pnVarPrepForStore($hooktfunc) . "')";
$dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
return false;
}
}
}
$result->Close();
return true;
}
/**
* $Id$
*
* PostCalendar::PostNuke Events Calendar Module
* Copyright (C) 2002 The PostCalendar Team
* http://postcalendar.tv
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
function smarty_function_pc_form_nav_open($args = array())
{
extract($args);
unset($args);
$viewtype = strtolower(pnVarCleanFromInput('viewtype'));
if (_SETTING_OPEN_NEW_WINDOW && $viewtype == 'details') {
$target = 'target="csCalendar"';
} else {
$target = '';
}
$fstart = '<form action="' . pnModURL(__POSTCALENDAR__, 'user', 'view') . '"' . ' method="post"' . ' enctype="application/x-www-form-urlencoded" ' . $target . '>';
echo $fstart;
}
/**
* confirm an authorisation key is valid
* <br>
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
* @public
* @returns bool
* @return true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey($preview = false)
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($module);
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
if (!$preview) {
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
}
return true;
}
// Not found, assume invalid
return false;
}
/**
* search events
*/
function postcalendar_user_search()
{
if (!(bool) PC_ACCESS_OVERVIEW) {
return _POSTCALENDARNOAUTH;
}
$tpl = new pcSmarty();
$k = formData("pc_keywords", "R");
//from library/formdata.inc.php
$k_andor = pnVarCleanFromInput('pc_keywords_andor');
$pc_category = pnVarCleanFromInput('pc_category');
$pc_facility = pnVarCleanFromInput('pc_facility');
$pc_topic = pnVarCleanFromInput('pc_topic');
$submit = pnVarCleanFromInput('submit');
$event_dur_hours = pnVarCleanFromInput('event_dur_hours');
$event_dur_minutes = pnVarCleanFromInput('event_dur_minutes');
$start = pnVarCleanFromInput('start');
$end = pnVarCleanFromInput('end');
// get list of categories for the user to choose from
$categories = postcalendar_userapi_getCategories();
$cat_options = '';
foreach ($categories as $category) {
$selected = "";
if ($pc_category == $category[id]) {
$selected = " SELECTED ";
}
//modified 8/09 by BM to allow translation if applicable
$cat_options .= "<option value=\"{$category['id']}\" {$selected}>" . xl_appt_category($category[name]) . "</option>";
}
$tpl->assign_by_ref('CATEGORY_OPTIONS', $cat_options);
$tpl->assign('event_dur_hours', $event_dur_hours);
$tpl->assign('event_dur_minutes', $event_dur_minutes);
// create default start and end dates for the search form
if (isset($start) && $start != "") {
$tpl->assign('DATE_START', $start);
} else {
$tpl->assign('DATE_START', date("m/d/Y"));
}
if (isset($end) && $end != "") {
$tpl->assign('DATE_END', $end);
} else {
$tpl->assign('DATE_END', date("m/d/Y", strtotime("+7 Days", time())));
}
// then override the setting if we have a value from the submitted form
$ProviderID = pnVarCleanFromInput("provider_id");
if (is_numeric($ProviderID)) {
$tpl->assign('ProviderID', $ProviderID);
} elseif ($ProviderID == "_ALL_") {
} else {
$tpl->assign('ProviderID', "");
}
$provinfo = getProviderInfo();
$tpl->assign('providers', $provinfo);
// build a list of provider-options for the select box on the input form -- JRM
$provider_options = "<option value='_ALL_' ";
if ($ProviderID == "_ALL_") {
$provider_options .= " SELECTED ";
}
$provider_options .= ">" . xl('All Providers') . "</option>";
foreach ($provinfo as $provider) {
$selected = "";
// if we don't have a ProviderID chosen, pick the first one from the
// pc_username Session variable
if ($ProviderID == "") {
// that variable stores the 'username' and not the numeric 'id'
if ($_SESSION['pc_username'][0] == $provider['username']) {
$selected = " SELECTED ";
}
} else {
if ($ProviderID == $provider['id']) {
$selected = " SELECTED ";
}
}
$provider_options .= "<option value=\"" . $provider['id'] . "\" " . $selected . ">";
$provider_options .= $provider['lname'] . ", " . $provider['fname'] . "</option>";
}
$tpl->assign_by_ref('PROVIDER_OPTIONS', $provider_options);
// build a list of facility options for the select box on the input form -- JRM
$facilities = getFacilities();
$fac_options = "<option value=''>" . xl('All Facilities') . "</option>";
foreach ($facilities as $facility) {
$selected = "";
if ($facility['id'] == $pc_facility) {
$selected = " SELECTED ";
}
$fac_options .= "<option value=\"" . $facility['id'] . "\" " . $selected . ">";
$fac_options .= $facility['name'] . "</option>";
}
$tpl->assign_by_ref('FACILITY_OPTIONS', $fac_options);
$PatientID = pnVarCleanFromInput("patient_id");
// limit the number of results returned by getPatientPID
// this helps to prevent the server from stalling on a request with
// no PID and thousands of PIDs in the database -- JRM
// the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc
$plistlimit = 500;
if (is_numeric($PatientID)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit)));
} else {
$tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit)));
}
$event_endday = pnVarCleanFromInput("event_endday");
$event_endmonth = pnVarCleanFromInput("event_endmonth");
$event_endyear = pnVarCleanFromInput("event_endyear");
$event_startday = pnVarCleanFromInput("event_startday");
$event_startmonth = pnVarCleanFromInput("event_startmonth");
$event_startyear = pnVarCleanFromInput("event_startyear");
if ($event_startday > $event_endday) {
$event_endday = $event_startday;
}
if ($event_startmonth > $event_endmonth) {
$event_endmonth = $event_startmonth;
}
if ($event_startyear > $event_endyear) {
$event_endyear = $event_startyear;
}
$tpl->assign('patient_id', $PatientID);
$tpl->assign('provider_id', $ProviderID);
$tpl->assign("event_category", pnVarCleanFromInput("event_category"));
$tpl->assign("event_subject", pnVarCleanFromInput("event_subject"));
$output = new pnHTML();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata = $output->FormSelectMultiple('event_startday', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data);
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata = $output->FormSelectMultiple('event_startmonth', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata .= $output->FormSelectMultiple('event_startday', $sel_data);
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear));
$formdata .= $output->FormSelectMultiple('event_startyear', $sel_data);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTimeStart', $formdata);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata = $output->FormSelectMultiple('event_endday', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data);
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata = $output->FormSelectMultiple('event_endmonth', $sel_data);
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata .= $output->FormSelectMultiple('event_endday', $sel_data);
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear));
$formdata .= $output->FormSelectMultiple('event_endyear', $sel_data);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTimeEnd', $formdata);
$output = null;
if (_SETTING_DISPLAY_TOPICS) {
$topics = postcalendar_userapi_getTopics();
$top_options = '';
foreach ($topics as $topic) {
$top_options .= "<option value=\"{$topic['id']}\">{$topic['text']}</option>";
}
$tpl->assign_by_ref('TOPIC_OPTIONS', $top_options);
}
//=================================================================
// Find out what Template we're using
//=================================================================
$template_name = _SETTING_TEMPLATE;
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Output the search form
//=================================================================
$tpl->assign('FORM_ACTION', pnModURL(__POSTCALENDAR__, 'user', 'search'));
//=================================================================
// Perform the search if we have data
//=================================================================
if (!empty($submit) && strtolower($submit) == "find first") {
// not sure how we get here...
$searchargs = array();
$searchargs['start'] = pnVarCleanFromInput("event_startmonth") . "/" . pnVarCleanFromInput("event_startday") . "/" . pnVarCleanFromInput("event_startyear");
$searchargs['end'] = pnVarCleanFromInput("event_endmonth") . "/" . pnVarCleanFromInput("event_endday") . "/" . pnVarCleanFromInput("event_endyear");
$searchargs['provider_id'] = pnVarCleanFromInput("provider_id");
$searchargs['faFlag'] = true;
//print_r($searchargs);
//echo "<br />";
//set defaults to current week if empty
if ($searchargs['start'] == "//") {
$searchargs['start'] = date("m/d/Y");
}
if ($searchargs['end'] == "//") {
$searchargs['end'] = date("m/d/Y", strtotime("+7 Days", strtotime($searchargs['start'])));
}
//print_r($searchargs);
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
//print_r($eventsByDate);
$found = findFirstAvailable($eventsByDate);
$tpl->assign('available_times', $found);
//print_r($_POST);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
}
if (!empty($submit) && strtolower($submit) == "listapps") {
// not sure how we get here...
$searchargs = array();
$searchargs['start'] = date("m/d/Y");
$searchargs['end'] = date("m/d/Y", strtotime("+1 year", strtotime($searchargs['start'])));
$searchargs['patient_id'] = pnVarCleanFromInput("patient_id");
$searchargs['listappsFlag'] = true;
$sqlKeywords .= "(a.pc_pid = '" . pnVarCleanFromInput("patient_id") . "' )";
$searchargs['s_keywords'] = $sqlKeywords;
//print_r($searchargs);
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
//print_r($eventsByDate);
$tpl->assign('appointments', $eventsByDate);
//print_r($_POST);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
} elseif (!empty($submit)) {
// we get here by searching via the PostCalendar search
$sqlKeywords = '';
$keywords = explode(' ', $k);
// build our search query
foreach ($keywords as $word) {
if (!empty($sqlKeywords)) {
$sqlKeywords .= " {$k_andor} ";
}
$sqlKeywords .= '(';
$sqlKeywords .= "pd.lname LIKE '%{$word}%' OR ";
$sqlKeywords .= "pd.fname LIKE '%{$word}%' OR ";
$sqlKeywords .= "u.lname LIKE '%{$word}%' OR ";
$sqlKeywords .= "u.fname LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_title LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_hometext LIKE '%{$word}%' OR ";
$sqlKeywords .= "a.pc_location LIKE '%{$word}%'";
$sqlKeywords .= ') ';
}
if (!empty($pc_category)) {
$s_category = "a.pc_catid = '{$pc_category}'";
}
if (!empty($pc_topic)) {
$s_topic = "a.pc_topic = '{$pc_topic}'";
}
$searchargs = array();
if (!empty($sqlKeywords)) {
$searchargs['s_keywords'] = $sqlKeywords;
}
if (!empty($s_category)) {
$searchargs['s_category'] = $s_category;
}
if (!empty($s_topic)) {
$searchargs['s_topic'] = $s_topic;
}
// some new search parameters introduced in the ajax_search form... JRM March 2008
// the ajax_search form has form parameters for 'start' and 'end' already built in
// so use them if available
$tmpDate = pnVarCleanFromInput("start");
if (isset($tmpDate) && $tmpDate != "") {
$searchargs['start'] = pnVarCleanFromInput("start");
} else {
$searchargs['start'] = "//";
}
$tmpDate = pnVarCleanFromInput("end");
if (isset($tmpDate) && $tmpDate != "") {
$searchargs['end'] = pnVarCleanFromInput("end");
} else {
$searchargs['end'] = "//";
}
// we can limit our search by provider -- JRM March 2008
if (isset($ProviderID) && $ProviderID != "") {
// && $ProviderID != "_ALL_") {
$searchargs['provider_id'] = array();
array_push($searchargs['provider_id'], $ProviderID);
}
$eventsByDate =& postcalendar_userapi_pcGetEvents($searchargs);
// we can limit our search by facility -- JRM March 2008
if (isset($pc_facility) && $pc_facility != "") {
$searchargs['pc_facility'] = $pc_facility;
}
//print_r($eventsByDate);
$tpl->assign('SEARCH_PERFORMED', true);
$tpl->assign('A_EVENTS', $eventsByDate);
}
$tpl->caching = false;
$tpl->assign('STYLE', $GLOBALS['style']);
$pageSetup =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'pageSetup');
if (pnVarCleanFromInput("no_nav") == 1) {
$return = $pageSetup . $tpl->fetch($template_name . '/user/findfirst.html');
} elseif (pnVarCleanFromInput("no_nav") == 2) {
$return = $pageSetup . $tpl->fetch($template_name . '/user/listapps.html');
} else {
$return = $pageSetup . $tpl->fetch($template_name . '/user/search.html');
}
return $return;
}
function postcalendar_admin_categoryLimitsUpdate()
{
if (!PC_ACCESS_ADMIN) {
return _POSTCALENDAR_NOAUTH;
}
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
list($id, $del, $catId, $startTimeH, $startTimeM, $endTimeH, $endTimeM, $limit, $newCatId, $newStartTimeH, $newStartTimeM, $newEndTimeH, $newEndTimeM, $newLimit, ) = pnVarCleanFromInput('id', 'del', 'catid', 'starttimeh', 'starttimem', 'endtimeh', 'endtimem', 'limit', 'newcatid', 'newstarttimeh', 'newstarttimem', 'newendtimeh', 'newendtimem', 'newlimit');
$updates = array();
if (isset($id)) {
foreach ($id as $k => $i) {
$found = false;
if (count($del)) {
foreach ($del as $d) {
if ($i == $d) {
$found = true;
break;
}
}
}
if (!$found) {
$start = date("H:i:s", mktime($startTimeH[$k], $startTimeM[$k], 0));
$end = date("H:i:s", mktime($endTimeH[$k], $endTimeM[$k], 0));
$update_sql = "UPDATE {$pntable['postcalendar_limits']}\n\t\t SET pc_catid='" . pnVarPrepForStore($catId[$k]) . "',\n\t\t pc_starttime='" . pnVarPrepForStore($start) . "',\n\t\t pc_endtime='" . pnVarPrepForStore($end) . "',\n\t\t pc_limit='" . pnVarPrepForStore($limit[$k]) . "'\n\t\t WHERE pc_limitid={$i}";
array_push($updates, $update_sql);
}
}
}
$dels = implode(",", $del);
$delete = "DELETE FROM {$pntable['postcalendar_limits']} WHERE pc_limitid IN ({$dels})";
$e = $msg = '';
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'updateCategoryLimit', array('updates' => $updates))) {
$e .= 'UPDATE FAILED';
}
if (isset($dels)) {
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'deleteCategoryLimit', array('delete' => $delete))) {
$e .= 'DELETE FAILED';
}
}
if (isset($newLimit) && $newLimit > 0) {
$start = date("H:i:s", mktime($newStartTimeH, $newStartTimeM, 0));
$end = date("H:i:s", mktime($newEndTimeH, $newEndTimeM, 0));
if (!pnModAPIFunc(__POSTCALENDAR__, 'admin', 'addCategoryLimit', array('catid' => $newCatId, 'starttime' => $start, 'endtime' => $end, 'limit' => $newLimit))) {
$e .= 'INSERT FAILED';
}
}
if (empty($e)) {
$msg = 'DONE';
}
$output->Text(postcalendar_admin_categoryLimits($msg, $e));
return $output->GetOutput();
}
function postcalendar_userapi_eventDetail($args, $admin = false)
{
if (!(bool) PC_ACCESS_READ) {
return _POSTCALENDARNOAUTH;
}
// get the theme globals :: is there a better way to do this?
pnThemeLoad(pnUserGetTheme());
global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5;
global $textcolor1, $textcolor2;
$popup = pnVarCleanFromInput('popup');
extract($args);
unset($args);
if (!isset($cacheid)) {
$cacheid = null;
}
if (!isset($eid)) {
return false;
}
if (!isset($nopop)) {
$nopop = false;
}
$uid = pnUserGetVar('uid');
//=================================================================
// Find out what Template we're using
//=================================================================
$template_name = _SETTING_TEMPLATE;
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Setup Smarty Template Engine
//=================================================================
$tpl = new pcSmarty();
if ($admin) {
$template = $template_name . '/admin/details.html';
$args['cacheid'] = '';
$print = 0;
$Date =& postcalendar_getDate();
$tpl->caching = false;
} else {
$template = $template_name . '/user/details.html';
}
if (!$tpl->is_cached($template, $cacheid)) {
// let's get the DB information
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// get the event's information
$event =& postcalendar_userapi_pcGetEventDetails($eid);
// if the above is false, it's a private event for another user
// we should not diplay this - so we just exit gracefully
if ($event === false) {
return false;
}
//=================================================================
// get event's topic information
//=================================================================
$topics_table = $pntable['topics'];
$topics_column = $pntable['topics_column'];
$topicsql = "SELECT {$topics_column['topictext']},{$topics_column['topicimage']}\n FROM {$topics_table}\n WHERE {$topics_column['topicid']} = {$event['topic']}\n LIMIT 1";
$topic_result = $dbconn->Execute($topicsql);
list($event['topictext'], $event['topicimg']) = $topic_result->fields;
$location = unserialize($event['location']);
$event['location'] = $location['event_location'];
$event['street1'] = $location['event_street1'];
$event['street2'] = $location['event_street2'];
$event['city'] = $location['event_city'];
$event['state'] = $location['event_state'];
$event['postal'] = $location['event_postal'];
$event['date'] = str_replace('-', '', $Date);
//=================================================================
// populate the template
//=================================================================
if (!empty($event['location']) || !empty($event['street1']) || !empty($event['street2']) || !empty($event['city']) || !empty($event['state']) || !empty($event['postal'])) {
$tpl->assign('LOCATION_INFO', true);
} else {
$tpl->assign('LOCATION_INFO', false);
}
if (!empty($event['contname']) || !empty($event['contemail']) || !empty($event['conttel']) || !empty($event['website'])) {
$tpl->assign('CONTACT_INFO', true);
} else {
$tpl->assign('CONTACT_INFO', false);
}
$display_type = substr($event['hometext'], 0, 6);
if ($display_type == ':text:') {
$prepFunction = 'pcVarPrepForDisplay';
$event['hometext'] = substr($event['hometext'], 6);
} elseif ($display_type == ':html:') {
$prepFunction = 'pcVarPrepHTMLDisplay';
$event['hometext'] = substr($event['hometext'], 6);
} else {
$prepFunction = 'pcVarPrepHTMLDisplay';
}
unset($display_type);
// prep the vars for output
$event['title'] =& $prepFunction($event['title']);
$event['hometext'] =& $prepFunction($event['hometext']);
$event['desc'] =& $event['hometext'];
$event['conttel'] =& $prepFunction($event['conttel']);
$event['contname'] =& $prepFunction($event['contname']);
$event['contemail'] =& $prepFunction($event['contemail']);
$event['website'] =& $prepFunction(postcalendar_makeValidURL($event['website']));
$event['fee'] =& $prepFunction($event['fee']);
$event['location'] =& $prepFunction($event['location']);
$event['street1'] =& $prepFunction($event['street1']);
$event['street2'] =& $prepFunction($event['street2']);
$event['city'] =& $prepFunction($event['city']);
$event['state'] =& $prepFunction($event['state']);
$event['postal'] =& $prepFunction($event['postal']);
$tpl->assign_by_ref('A_EVENT', $event);
//=================================================================
// populate the template $ADMIN_OPTIONS
//=================================================================
$target = '';
if (_SETTING_OPEN_NEW_WINDOW) {
$target = 'target="csCalendar"';
}
$admin_edit_url = $admin_delete_url = '';
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN)) {
$admin_edit_url = pnModURL(__POSTCALENDAR__, 'admin', 'submit', array('pc_event_id' => $eid));
$admin_delete_url = pnModURL(__POSTCALENDAR__, 'admin', 'adminevents', array('action' => _ACTION_DELETE, 'pc_event_id' => $eid));
}
$user_edit_url = $user_delete_url = '';
if (pnUserLoggedIn()) {
$logged_in_uname = $_SESSION['authUser'];
} else {
$logged_in_uname = '';
}
$can_edit = false;
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADD) && validateGroupStatus($logged_in_uname, getUsername($event['uname']))) {
$user_edit_url = pnModURL(__POSTCALENDAR__, 'user', 'submit', array('pc_event_id' => $eid));
$user_delete_url = pnModURL(__POSTCALENDAR__, 'user', 'delete', array('pc_event_id' => $eid));
$can_edit = true;
}
$tpl->assign('STYLE', $GLOBALS['style']);
$tpl->assign_by_ref('ADMIN_TARGET', $target);
$tpl->assign_by_ref('ADMIN_EDIT', $admin_edit_url);
$tpl->assign_by_ref('ADMIN_DELETE', $admin_delete_url);
$tpl->assign_by_ref('USER_TARGET', $target);
$tpl->assign_by_ref('USER_EDIT', $user_edit_url);
$tpl->assign_by_ref('USER_DELETE', $user_delete_url);
$tpl->assign_by_ref('USER_CAN_EDIT', $can_edit);
}
//=================================================================
// Parse the template
//=================================================================
if ($popup != 1 && $print != 1) {
$output = "\n\n<!-- START POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n";
$output .= $tpl->fetch($template, $cacheid);
$output .= "\n\n<!-- END POSTCALENDAR OUTPUT [-: HTTP://POSTCALENDAR.TV :-] -->\n\n";
} else {
$theme = pnUserGetTheme();
echo "<html><head>";
echo "<LINK REL=\"StyleSheet\" HREF=\"themes/{$theme}/style/styleNN.css\" TYPE=\"text/css\">\n\n\n";
echo "<style type=\"text/css\">\n";
echo "@import url(\"themes/{$theme}/style/style.css\"); ";
echo "</style>\n";
echo "</head><body>\n";
$tpl->display($template, $cacheid);
echo postcalendar_footer();
echo "\n</body></html>";
session_write_close();
exit;
}
return $output;
}
/**
* get name of current top-level module
* @returns string
* @return the name of the current top-level module, false if not in a module
*/
function pnModGetName()
{
$modname = pnVarCleanFromInput('module');
if (empty($modname)) {
$name = pnVarCleanFromInput('name');
if (empty($name)) {
global $ModName;
if (empty($ModName)) {
return false;
}
$modname = preg_replace('/^NS-/', '', $ModName);
return $modname;
}
return $name;
} else {
$modname = preg_replace('/^NS-/', '', $modname);
return $modname;
}
}
function Lenses_admin_update_company($args)
{
// Clean input from the form.
$company = pnVarCleanFromInput('company');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
// Attempt to update company.
if (pnModAPIFunc('Lenses', 'admin', 'update_company', array('company' => $company))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'admin', 'viewall_companies'));
}
/**
* Initialise PostNuke
* <br>
* Carries out a number of initialisation tasks to get PostNuke up and
* running.
* @returns void
*/
function pnInit()
{
// proper error_repoting
// e_all for development
// error_reporting(E_ALL);
// without warnings and notices for release
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED);
// Hack for some weird PHP systems that should have the
// LC_* constants defined, but don't
if (!defined('LC_TIME')) {
define('LC_TIME', 'LC_TIME');
}
// ADODB configuration
define('ADODB_DIR', 'pnadodb');
require 'pnadodb/adodb.inc.php';
// Temporary fix for hacking the hlpfile global
// TODO - remove with pre-0.71 code
global $hlpfile;
$hlpfile = '';
// Initialise and load configuration
global $pnconfig, $pndebug;
$pnconfig = array();
include 'config.php';
// Set up multisites
// added this @define for .71, ugly ?
// i guess the E_ALL stuff.
@define('WHERE_IS_PERSO', '');
// Initialise and load pntables
global $pntable;
$pntable = array();
// if a multisite has its own pntables.
if (file_exists(WHERE_IS_PERSO . 'pntables.php')) {
include WHERE_IS_PERSO . 'pntables.php';
} else {
require 'pntables.php';
}
// Decode encoded DB parameters
if ($pnconfig['encoded']) {
$pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
$pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
$pnconfig['encoded'] = 0;
}
// Connect to database
if (!pnDBInit()) {
die('Database initialisation failed');
}
// debugger if required
if ($pndebug['debug']) {
include_once 'includes/lensdebug.inc.php';
global $dbg, $debug_sqlcalls;
$dbg = new LensDebug();
$debug_sqlcalls = 0;
}
// Build up old config array
pnConfigInit();
// Set compression on if desired
//
if (pnConfigGetVar('UseCompression') == 1) {
ob_start("ob_gzhandler");
}
// Other includes
include 'includes/pnSession.php';
include 'includes/pnUser.php';
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
include 'includes/security.php';
// See if a language update is required
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang)) {
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
$lang = pnSessionGetVar('lang');
}
// Load global language defines
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
include 'modules/NS-Languages/api.php';
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
$pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
if ($pnAntiCrackerMode == 1) {
pnSecureInput();
}
// Banner system
include 'includes/pnBanners.php';
// Other other includes
include 'includes/advblocks.php';
include 'includes/counter.php';
include 'includes/pnHTML.php';
include 'includes/pnMod.php';
include 'includes/queryutil.php';
include 'includes/xhtml.php';
include 'includes/oldfuncs.php';
// Handle referer
if (pnConfigGetVar('httpref') == 1) {
include 'referer.php';
httpreferer();
}
return true;
}
function Lenses_userapi_search_report($args)
{
$time = pnVarCleanFromInput('time');
// Permission check.
if (!pnSecAuthAction(0, 'Lenses::', '::', ACCESS_OVERVIEW)) {
return $items_array;
}
extract($args);
$items_array = array();
// Get a reference to the database object.
$dbconn =& pnDBGetConn(true);
// Get a reference to PostNuke's table info.
$pntable =& pnDBGetTables();
$table =& $pntable['lenses_stats'];
$field =& $pntable['lenses_stats_column'];
$lens_table =& $pntable['lenses'];
$lens_field =& $pntable['lenses_column'];
$sql = "SELECT {$field['id']}, {$lens_field['name']}, {$field['this_month']}, {$field['last_month']}, {$field['total']}\n \t\tFROM {$table}, {$lens_table}\n\t\t\t\t\t\tWHERE {$field['id']} = {$lens_field['tid']} \n \t\t\tORDER BY {$field[$time]} DESC LIMIT 0,40";
//print ($sql);
// Execute the SQL query.
$result = $dbconn->Execute($sql);
// Check for any database errors.
if ($dbconn->ErrorNo() != 0) {
pnSessionSetVar('errormsg', _GETFAILED);
return false;
}
// A switch to extract the data from a given result set.
for (; !$result->EOF; $result->MoveNext()) {
list($id, $name, $total, $last_month, $this_month) = $result->fields;
$items_array[] = array('id' => $id, 'name' => $name, 'total' => $total, 'last_month' => $last_month, 'this_month' => $this_month);
}
$result->Close();
//print_r($items_array);
return $items_array;
}
/**
* Load language files for the current language
*
* @return void
*/
function pnLangLoad()
{
// See if a language update is required for ml-enviroments
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang) && pnConfigGetVar('multilingual') == 1) {
$langlist = languagelist();
if (file_exists('language/' . pnVarPrepForOS($newlang) . '/global.php') && isset($langlist[$newlang])) {
// newlang is valid and exists
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
// newlang is either not valid or doesn't exist - restore default values
$lang = pnConfigGetVar('language');
pnSessionSetVar('lang', $lang);
}
} else {
$detectlang = pnConfigGetVar('language_detect');
$defaultlang = pnConfigGetVar('language');
switch ($detectlang) {
case 1:
// Detect Browser Language
$cnvlanguage = cnvlanguagelist();
$currentlang = '';
$langs = split('[,;]', $_SERVER['HTTP_ACCEPT_LANGUAGE']);
foreach ($langs as $lang) {
if (isset($cnvlanguage[$lang]) && file_exists('language/' . pnVarPrepForOS($cnvlanguage[$lang]) . '/global.php')) {
$currentlang = $cnvlanguage[$lang];
break;
}
}
if ($currentlang == '') {
$currentlang = $defaultlang;
}
break;
default:
$currentlang = $defaultlang;
}
$lang = pnSessionGetVar('lang');
}
// Load global language defines
// these are deprecated and will be moved to the relevant modules
// with .8x
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
$oscurrentlang = pnVarPrepForOS($currentlang);
if (file_exists('language/' . $oscurrentlang . '/global.php')) {
include 'language/' . $oscurrentlang . '/global.php';
}
// load the languge language file
if (file_exists('language/languages.php')) {
include 'language/languages.php';
}
// load the core language file
if (file_exists('language/' . $oscurrentlang . '/core.php')) {
include 'language/' . $oscurrentlang . '/core.php';
}
// set the correct locale
// note: windows has different requires for the setlocale funciton to other OS's
// See: http://uk.php.net/setlocale
if (stristr(getenv('OS'), 'windows')) {
// for windows we either use the _LOCALEWIN define or the existing language code
if (defined('_LOCALEWIN')) {
setlocale(LC_ALL, _LOCALEWIN);
} else {
setlocale(LC_ALL, $currentlang);
}
} else {
// for other OS's we use the _LOCALE define
setlocale(LC_ALL, _LOCALE);
}
}
/**
* get the user's theme
* @public
* @returns string
* @return the name of the user's theme
*/
function pnUserGetTheme()
{
// Order of theme priority:
// - page-specific
// - user
// - system
// - PostNuke
// Page-specific theme
$pagetheme = pnVarCleanFromInput('theme');
if (!empty($pagetheme)) {
if (@opendir("themes/" . pnVarPrepForOS($pagetheme))) {
return $pagetheme;
}
}
if (pnUserLoggedIn() && !pnConfigGetVar('theme_change')) {
$usertheme = pnUserGetVar('theme');
// modification mouzaia .71
if (!empty($usertheme)) {
if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($usertheme))) {
return $usertheme;
}
if (@opendir("themes/" . pnVarPrepForOS($usertheme))) {
return $usertheme;
}
}
}
$systemtheme = pnConfigGetVar('Default_Theme');
if (!empty($systemtheme)) {
if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($systemtheme))) {
return $systemtheme;
}
if (@opendir("themes/" . pnVarPrepForOS($systemtheme))) {
return $systemtheme;
}
}
// why is this hard coded ??????
// $defaulttheme = 'PostNuke';
$defaulttheme = pnConfigGetVar('Default_Theme');
if (@opendir(WHERE_IS_PERSO . "themes/" . pnVarPrepForOS($defaulttheme))) {
return $defaulttheme;
}
if (@opendir("themes/" . pnVarPrepForOS($defaulttheme))) {
return $defaulttheme;
}
return false;
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
if (!pnModAvailable('News')) {
return;
}
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = '';
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= ' AND (';
$start_flag = true;
}
if ($flag) {
$query .= ' OR ';
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ') ';
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= ' AND (';
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= ' OR ';
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != '') {
if (!$no_flag) {
$query .= ' AND (';
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= ' AND';
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = '1';
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author);
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= '&bool=' . pnVarPrepForDisplay($bool);
if (isset($q)) {
$url .= '&q=' . pnVarPrepForDisplay($q);
}
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>');
$output->Text('<dd>');
$output->Text(pnVarPrepForDisplay($row['fdate']) . ' (');
if (!empty($row['topicid'])) {
$output->Text($row['topictext']);
}
if (!empty($row['catid'])) {
$output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title']));
}
$output->Text(')</dd>');
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_STORIES_TOPICS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function Lenses_admin_update_lens($args)
{
// Clean input from the form.
$lens_data = pnVarCleanFromInput('lens_data');
$bc = pnVarCleanFromInput('bc');
$enh_colors = pnVarCleanFromInput('enh_colors');
$opaque_colors = pnVarCleanFromInput('opaque_colors');
// Extract any extra arguments.
extract($args);
// Confirm $authid hidden field from form template.
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', pnVarPrepHTMLDisplay(_BADAUTHKEY));
return pnRedirect(pnModURL('Lenses', 'admin', 'main'));
}
//take the arrays for the base curves and the simple opaque and enhancer colors
//and create a string that's added to the appropriate parts of the $lens_data array
$lens_data[bc_simple] = $bc[0] . " " . $bc[1] . " " . $bc[2];
$lens_data[enh_names_simple] = "";
$lens_data[opaque_names_simple] = "";
foreach ($enh_colors as $value) {
$lens_data[enh_names_simple] .= $value . " ";
}
foreach ($opaque_colors as $value) {
$lens_data[opaque_names_simple] .= $value . " ";
}
// Attempt to update lens.
if (pnModAPIFunc('Lenses', 'admin', 'update_lens', array('lens_data' => $lens_data))) {
pnSessionSetVar('statusmsg', pnVarPrepHTMLDisplay(_UPDATESUCCEDED));
}
// No output. Redirect user.
return pnRedirect(pnModURL('Lenses', 'user', 'view', array('tid' => $lens_data[tid])));
}
/**
* postcalendar_userapi_pcQueryEvents
* INPUT
* $args = Array of values possibly containing:
* $provider_id = array of provider ID numbers
*
* Returns an array containing the event's information
* @params array(key=>value)
* @params string key eventstatus
* @params int value -1 == hidden ; 0 == queued ; 1 == approved
* @return array $events[][]
*/
function &postcalendar_userapi_pcQueryEvents($args)
{
$end = '0000-00-00';
extract($args);
// echo "<!-- args = "; print_r($args); echo " -->\n"; // debugging
// $pc_username = pnVarCleanFromInput('pc_username');
$pc_username = $_SESSION['pc_username'];
// from Michael Brinson 2006-09-19
if (empty($pc_username) || is_array($pc_username)) {
$pc_username = "******";
}
//echo "DEBUG pc_username: $pc_username \n"; // debugging
$topic = pnVarCleanFromInput('pc_topic');
$category = pnVarCleanFromInput('pc_category');
if (!empty($pc_username) && strtolower($pc_username) != 'anonymous') {
if ($pc_username == '__PC_ALL__' || $pc_username == -1) {
$ruserid = -1;
} else {
$ruserid = getIDfromUser($pc_username);
}
}
if (!isset($eventstatus)) {
$eventstatus = 1;
}
// sanity check on eventstatus
if ((int) $eventstatus < -1 || (int) $eventstatus > 1) {
$eventstatus = 1;
}
if (!isset($start)) {
$start = Date_Calc::dateNow('%Y-%m-%d');
}
list($sy, $sm, $sd) = explode('-', $start);
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// link to the events tables
$table = $pntable['postcalendar_events'];
$cattable = $pntable['postcalendar_categories'];
$topictable = $pntable['postcalendar_topics'];
$sql = "SELECT DISTINCT a.pc_eid, a.pc_informant, a.pc_catid, " . "a.pc_title, a.pc_time, a.pc_hometext, a.pc_eventDate, a.pc_duration, " . "a.pc_endDate, a.pc_startTime, a.pc_recurrtype, a.pc_recurrfreq, " . "a.pc_recurrspec, a.pc_topic, a.pc_alldayevent, a.pc_location, " . "a.pc_conttel, a.pc_contname, a.pc_contemail, a.pc_website, a.pc_fee, " . "a.pc_sharing, a.pc_prefcatid, b.pc_catcolor, b.pc_catname, " . "b.pc_catdesc, a.pc_pid, a.pc_apptstatus, a.pc_aid, " . "concat(u.fname,' ',u.lname) as provider_name, " . "concat(pd.lname,', ',pd.fname) as patient_name, " . "concat(u2.fname, ' ', u2.lname) as owner_name, " . "DOB as patient_dob, a.pc_facility, pd.pubpid " . "FROM ( {$table} AS a ) " . "LEFT JOIN {$cattable} AS b ON b.pc_catid = a.pc_catid " . "LEFT JOIN users as u ON a.pc_aid = u.id " . "LEFT JOIN users as u2 ON a.pc_aid = u2.id " . "LEFT JOIN patient_data as pd ON a.pc_pid = pd.pid " . "WHERE a.pc_eventstatus = {$eventstatus} " . "AND ((a.pc_endDate >= '{$start}' AND a.pc_eventDate <= '{$end}') OR " . "(a.pc_endDate = '0000-00-00' AND a.pc_eventDate >= '{$start}' AND " . "a.pc_eventDate <= '{$end}')) ";
//==================================
//FACILITY FILTERING (lemonsoftware)(CHEMED)
if ($_SESSION['pc_facility']) {
$pc_facility = $_SESSION['pc_facility'];
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*
AND u.facility_id = $pc_facility
AND u2.facility_id = $pc_facility "; */
} else {
if ($pc_facility) {
// pc_facility could be provided in the search arguments -- JRM March 2008
$sql .= " AND a.pc_facility = {$pc_facility} ";
/*.
" AND u.facility_id = $pc_facility".
" AND u2.facility_id = $pc_facility "; */
}
}
//EOS FACILITY FILTERING (lemonsoftware)
//==================================
// The above 3 lines replaced these:
// AND (a.pc_endDate >= '$start' OR a.pc_endDate = '0000-00-00')
// AND a.pc_eventDate <= '$end' ";
if (!empty($providerID)) {
$ruserid = $providerID;
}
// eliminate ruserid if we're trying to query by provider_id -- JRM
if (!empty($provider_id)) {
unset($ruserid);
}
if (isset($ruserid)) {
// get all events for the specified username
if ($ruserid == -1) {
$sql .= "AND (a.pc_sharing = '" . SHARING_BUSY . "' ";
$sql .= "OR a.pc_sharing = '" . SHARING_PUBLIC . "') ";
} else {
$sql .= "AND a.pc_aid IN (0, " . $ruserid . ") ";
}
} elseif (!pnUserLoggedIn()) {
// get all events for anonymous users
$sql .= "AND a.pc_sharing = '" . SHARING_GLOBAL . "' ";
} elseif (!empty($provider_id)) {
// get all events for a variety of provider IDs -- JRM
if ($provider_id[0] != "_ALL_") {
/**add all the events from the clinic provider id = 0*/
$sql .= "AND a.pc_aid in (0," . implode(",", $provider_id) . ") ";
}
} else {
// get all events for logged in user plus global events
$sql .= "AND (a.pc_aid IN (0," . $_SESSION['authUserID'] . ") OR a.pc_sharing = '" . SHARING_GLOBAL . "') ";
}
//======================================================================
// START SEARCH FUNCTIONALITY
//======================================================================
if (!empty($s_keywords)) {
$sql .= "AND ({$s_keywords}) ";
}
if (!empty($s_category)) {
$sql .= "AND ({$s_category}) ";
}
if (!empty($s_topic)) {
$sql .= "AND ({$s_topic}) ";
}
if (!empty($category)) {
$sql .= "AND (a.pc_catid = '" . pnVarPrepForStore($category) . "') ";
}
if (!empty($topic)) {
$sql .= "AND (a.pc_topic = '" . pnVarPrepForStore($topic) . "') ";
}
//======================================================================
// Search sort and limitation
//======================================================================
if (empty($sort)) {
$sql .= "GROUP BY a.pc_eid ORDER BY a.pc_time DESC";
} else {
$sql .= "GROUP BY a.pc_eid ORDER BY a.{$sort}";
}
//======================================================================
// END SEARCH FUNCTIONALITY
//======================================================================
//echo "<br>sq: $sql<br />";
// echo "<!-- " . $sql . " -->\n"; // debugging
$result = $dbconn->Execute($sql);
if ($dbconn->ErrorNo() != 0) {
die($dbconn->ErrorMsg());
}
// put the information into an array for easy access
$events = array();
// return an empty array if we don't have any results
if (!isset($result)) {
return $events;
}
for ($i = 0; !$result->EOF; $result->MoveNext()) {
// WHY are we using an array for intermediate storage??? -- Rod
// get the results from the query
if (isset($tmp)) {
unset($tmp);
}
$tmp = array();
list($tmp['eid'], $tmp['uname'], $tmp['catid'], $tmp['title'], $tmp['time'], $tmp['hometext'], $tmp['eventDate'], $tmp['duration'], $tmp['endDate'], $tmp['startTime'], $tmp['recurrtype'], $tmp['recurrfreq'], $tmp['recurrspec'], $tmp['topic'], $tmp['alldayevent'], $tmp['location'], $tmp['conttel'], $tmp['contname'], $tmp['contemail'], $tmp['website'], $tmp['fee'], $tmp['sharing'], $tmp['prefcatid'], $tmp['catcolor'], $tmp['catname'], $tmp['catdesc'], $tmp['pid'], $tmp['apptstatus'], $tmp['aid'], $tmp['provider_name'], $tmp['patient_name'], $tmp['owner_name'], $tmp['patient_dob'], $tmp['facility'], $tmp['pubpid']) = $result->fields;
// grab the name of the topic
$topicname = pcGetTopicName($tmp['topic']);
// get the user id of event's author
$cuserid = @$nuke_users[strtolower($tmp['uname'])];
// check the current event's permissions
// the user does not have permission to view this event
// if any of the following evaluate as false
if (!pnSecAuthAction(0, 'PostCalendar::Event', "{$tmp['title']}::{$tmp['eid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Category', "{$tmp['catname']}::{$tmp['catid']}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::User', "{$tmp['uname']}::{$cuserid}", ACCESS_OVERVIEW)) {
continue;
} elseif (!pnSecAuthAction(0, 'PostCalendar::Topic', "{$topicname}::{$tmp['topic']}", ACCESS_OVERVIEW)) {
continue;
} elseif ($tmp['sharing'] == SHARING_PRIVATE && $cuserid != $userid) {
continue;
}
// add event to the array if we passed the permissions check
// this is the common information
$events[$i]['intervals'] = $tmp['duration'] / 60 / $GLOBALS['day_calandar_interval'];
//sets the number of rows this event should span
$events[$i]['eid'] = $tmp['eid'];
$events[$i]['uname'] = $tmp['uname'];
$events[$i]['uid'] = $cuserid;
$events[$i]['catid'] = $tmp['catid'];
$events[$i]['time'] = $tmp['time'];
$events[$i]['eventDate'] = $tmp['eventDate'];
$events[$i]['duration'] = $tmp['duration'];
// there has to be a more intelligent way to do this
@(list($events[$i]['duration_hours'], $dmin) = @explode('.', $tmp['duration'] / 60 / 60));
$events[$i]['duration_minutes'] = substr(sprintf('%.2f', '.' . 60 * ($dmin / 100)), 2, 2);
//''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
$events[$i]['endDate'] = $tmp['endDate'];
$events[$i]['startTime'] = $tmp['startTime'];
$events[$i]['recurrtype'] = $tmp['recurrtype'];
$events[$i]['recurrfreq'] = $tmp['recurrfreq'];
$events[$i]['recurrspec'] = $tmp['recurrspec'];
$events[$i]['topic'] = $tmp['topic'];
$events[$i]['alldayevent'] = $tmp['alldayevent'];
$events[$i]['catcolor'] = $tmp['catcolor'];
// Modified 06-2009 by BM to translate the category if applicable
$events[$i]['catname'] = xl_appt_category($tmp['catname']);
$events[$i]['catdesc'] = $tmp['catdesc'];
$events[$i]['pid'] = $tmp['pid'];
$events[$i]['apptstatus'] = $tmp['apptstatus'];
$events[$i]['pubpid'] = $tmp['pubpid'];
$events[$i]['patient_name'] = $tmp['patient_name'];
$events[$i]['provider_name'] = $tmp['provider_name'];
$events[$i]['owner_name'] = $tmp['owner_name'];
$events[$i]['patient_dob'] = $tmp['patient_dob'];
$events[$i]['patient_age'] = getPatientAge($tmp['patient_dob']);
$events[$i]['facility'] = getFacility($tmp['facility']);
$events[$i]['sharing'] = $tmp['sharing'];
$events[$i]['prefcatid'] = $tmp['prefcatid'];
$events[$i]['aid'] = $tmp['aid'];
$events[$i]['topictext'] = $topicname;
$events[$i]['intervals'] = ceil($tmp['duration'] / 60 / $GLOBALS['calendar_interval']);
if ($events[$i]['intervals'] == 0) {
$events[$i]['intervals'] = 1;
}
// is this a public event to be shown as busy?
if ($tmp['sharing'] == SHARING_BUSY && $cuserid != $userid) {
// make it not display any information
$events[$i]['title'] = _USER_BUSY_TITLE;
$events[$i]['hometext'] = _USER_BUSY_MESSAGE;
$events[$i]['desc'] = _USER_BUSY_MESSAGE;
$events[$i]['conttel'] = '';
$events[$i]['contname'] = '';
$events[$i]['contemail'] = '';
$events[$i]['website'] = '';
$events[$i]['fee'] = '';
$events[$i]['location'] = '';
$events[$i]['street1'] = '';
$events[$i]['street2'] = '';
$events[$i]['city'] = '';
$events[$i]['state'] = '';
$events[$i]['postal'] = '';
} else {
$display_type = substr($tmp['hometext'], 0, 6);
if ($display_type == ':text:') {
$prepFunction = 'pcVarPrepForDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} elseif ($display_type == ':html:') {
$prepFunction = 'pcVarPrepHTMLDisplay';
$tmp['hometext'] = substr($tmp['hometext'], 6);
} else {
$prepFunction = 'pcVarPrepHTMLDisplay';
}
unset($display_type);
$events[$i]['title'] = $prepFunction($tmp['title']);
$events[$i]['hometext'] = $prepFunction($tmp['hometext']);
$events[$i]['desc'] = $events[$i]['hometext'];
$events[$i]['conttel'] = $prepFunction($tmp['conttel']);
$events[$i]['contname'] = $prepFunction($tmp['contname']);
$events[$i]['contemail'] = $prepFunction($tmp['contemail']);
$events[$i]['website'] = $prepFunction(postcalendar_makeValidURL($tmp['website']));
$events[$i]['fee'] = $prepFunction($tmp['fee']);
$loc = unserialize($tmp['location']);
$events[$i]['location'] = $prepFunction($loc['event_location']);
$events[$i]['street1'] = $prepFunction($loc['event_street1']);
$events[$i]['street2'] = $prepFunction($loc['event_street2']);
$events[$i]['city'] = $prepFunction($loc['event_city']);
$events[$i]['state'] = $prepFunction($loc['event_state']);
$events[$i]['postal'] = $prepFunction($loc['event_postal']);
}
$i++;
}
unset($tmp);
$result->Close();
return $events;
}
function blocks_menu_update($row)
{
list($vars['displaymodules'], $vars['displaywaiting'], $vars['style']) = pnVarCleanFromInput('displaymodules', 'displaywaiting', 'style');
// Defaults
if (empty($vars['displaymodules'])) {
$vars['displaymodules'] = 0;
}
if (empty($vars['displaywaiting'])) {
$vars['displaywaiting'] = 0;
}
if (empty($vars['style'])) {
$vars['style'] = 1;
}
// User links
$content = array();
$c = 1;
if (isset($row['linkname'])) {
list($linkurl, $linkname, $linkdesc) = pnVarCleanFromInput('linkurl', 'linkname', 'linkdesc');
foreach ($row['linkname'] as $v) {
if (!isset($row['linkdelete'][$c])) {
$content[] = "{$linkurl[$c]}|{$linkname[$c]}|{$linkdesc[$c]}";
}
if (isset($row['linkinsert'][$c])) {
$content[] = "||";
}
$c++;
}
}
if ($row['new_linkname']) {
$content[] = pnVarCleanFromInput('new_linkurl') . '|' . pnVarCleanFromInput('new_linkname') . '|' . pnVarCleanFromInput('new_linkdesc');
}
$vars['content'] = implode("LINESPLIT", $content);
$row['content'] = pnBlockVarsToContent($vars);
return $row;
}
function modules_admin_remove()
{
// Security and sanity checks
if (!pnSecConfirmAuthKey()) {
pnSessionSetVar('errormsg', _BADAUTHKEY);
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
$id = pnVarCleanFromInput('id');
if (empty($id) || !is_numeric($id)) {
pnSessionSetVar('errormsg', _MODULESNOMODID);
pnRedirect(pnModURL('Modules', 'admin', 'list'));
}
// Load in API
pnModAPILoad('Modules', 'admin');
// Remove module
if (pnModAPIFunc('Modules', 'admin', 'remove', array('mid' => $id))) {
// Success
pnSessionSetVar('statusmsg', _MODREMOVED);
}
pnRedirect(pnModURL('Modules', 'admin', 'list'));
return true;
}
/**
* update block settings
*/
function template_firstblock_update($blockinfo)
{
$vars['numitems'] = pnVarCleanFromInput('numitems');
$blockinfo['content'] = pnBlockVarsToContent($vars);
return $blockinfo;
}
function search_users()
{
list($active_users, $startnum, $total, $bool, $q) = pnVarCleanFromInput('active_users', 'startnum', 'total', 'bool', 'q');
if (empty($active_users)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['users_column'];
$query = "SELECT {$column['name']} as name, {$column['uname']} as uname, {$column['uid']} as uid FROM {$pntable['users']} WHERE ";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$column['uname']} LIKE '{$word}' OR ";
$query .= "{$column['name']} LIKE '{$word}'";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['uname']}";
if (empty($total)) {
$countres = $dbconn->Execute($query);
$total = $countres->PO_RecordCount();
$countres->Close();
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text('<font class="pn-normal">' . _SMEMBERS . ': ' . $total . ' ' . _SEARCHRESULTS . '</font>');
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_users=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// some basic authcheck - might result in a wrong count...
if (pnSecAuthAction(0, "Users::", "{$row['uname']}::{$row['uid']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"user.php?op=userinfo&uname={$row['uname']}&module=NS-User\">{$row['uname']}</a><br>{$row['name']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_MEMBERS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
// $_SESSION['last_calendar_page'] = $_SERVER['PHP_SELF'] . "?" . $_SERVER['QUERY_STRING'];
//}
/*
print_r($_POST);
print_r($_GET);
print_r($_SESSION);
die;
*/
//print_r($_SESSION);
// start PN
pnInit();
// Get variables
list($module, $func, $op, $name, $file, $type, ) = pnVarCleanFromInput('module', 'func', 'op', 'name', 'file', 'type');
// Defaults for variables
if (isset($catid)) {
pnVarCleanFromInput('catid');
}
// check requested module and set to start module if not present
if (empty($name)) {
$name = pnConfigGetVar('startpage');
// fixed for the new style of loading modules and set start page for them [class007]
if (empty($module)) {
$module = $name;
}
}
// get module information
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
if ($modinfo['type'] == 2) {
// New-new style of loading modules
if (empty($type)) {
$type = 'user';
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* To read the license please read the docs/license.txt or visit
* http://www.gnu.org/copyleft/gpl.html
*
*/
// grab the form variables
$tplview = pnVarCleanFromInput('tplview');
$viewtype = pnVarCleanFromInput('viewtype');
$eid = pnVarCleanFromInput('eid');
$Date = pnVarCleanFromInput('Date');
$print = pnVarCleanFromInput('print');
$uid = pnUserGetVar('uid');
$pc_username = pnVarCleanFromInput('pc_username');
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!pnModAPILoad('postcalendar', 'user')) {
die('Could not load PostCalendar user API');
}
$theme = pnUserGetTheme();
if (!pnThemeLoad($theme)) {
die('Could not load theme');
}
$output->Text('<html><head>');
$output->Text("<title>" . pnConfigGetVar('sitename') . ' :: ' . pnConfigGetVar('slogan') . "</title>\n");
$output->Text('<link rel="StyleSheet" href="themes/' . $theme . '/style/styleNN.css" type="text/css" />');
$output->Text('<style type="text/css">@import url("themes/' . $theme . '/style/style.css"); </style>');
$output->Text('</head>');
$output->Text('<body bgcolor="#ffffff">');
// Redirect to new style admin panel
pnRedirect(pnModURL($module, 'admin'));
exit;
}
if (!file_exists($adminfile = 'modules/' . pnVarPrepForOS($modinfo['directory']) . '/admin.php')) {
// Module claims to be old-style, but no admin.php present - quit here
header('HTTP/1.0 404 Not Found');
include 'header.php';
echo 'Wrong call for Adminfunction in Module <strong>' . pnVarPrepForDisplay($module) . '</strong>';
include 'footer.php';
exit;
}
/**
* old style module administration
*/
list($func, $op, $name, $file, $type) = pnVarCleanFromInput('func', 'op', 'name', 'file', 'type');
// load the legacy includes
include_once 'modules/Admin/pnlegacy/tools.php';
// set a constant so we can check the correct entry point later
define('LOADED_AS_MODULE', '1');
$ModName = $module;
include $adminfile;
modules_get_manual();
if (substr($module, 0, 3) == 'NS-') {
$function = substr($module, 3) . '_admin_';
} else {
$function = $module . '_admin_';
}
if (empty($op)) {
$op = 'main';
}
function search_weblinks()
{
list($active_weblinks, $startnum, $total, $q, $bool) = pnVarCleanFromInput('active_weblinks', 'startnum', 'total', 'q', 'bool');
if (empty($active_weblinks)) {
return;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['links_links_column'];
$query = "SELECT {$column['url']} as url, {$column['title']} as title, {$column['linkratingsummary']} as linkratingsummary, {$column['totalcomments']} as totalcomments, {$column['hits']} as hits, {$column['submitter']} as submitter, {$column['description']} as description, {$column['lid']} as lid, {$column['cat_id']} as cat_id\n FROM {$pntable['links_links']}\n WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// web links
$query .= "{$column['description']} LIKE '{$word}' OR \n";
$query .= "{$column['url']} LIKE '{$word}' OR \n";
$query .= "{$column['submitter']} LIKE '{$word}' OR \n";
$query .= "{$column['title']} LIKE '{$word}' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres = $dbconn->Execute($query);
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
if (!$result->EOF) {
$output->Text(_WEBLINKS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "modules.php?op=modload&name=Search&file=index&action=search&active_weblinks=1&bool={$bool}&q={$q}";
$output->Text("<ul>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a link id so get its category
$column2 =& $pntable['links_categories_column'];
$result2 = $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['links_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cat_id']}={$row['cat_id']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Web Links::Link', "{$title}:{$row['title']}:{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Web Links::Category', "{$title}::{$row['cat_id']}", ACCESS_READ)) {
$output->Text("<li><a class=\"pn-normal\" href=\"{$row['url']}\" target=\"_new\">{$row['title']}</a> <font class=\"pn-normal\">(rating: {$row['linkratingsummary']} - comments: {$row['totalcomments']} - hits: {$row['hits']})</font><br>Submitter: {$row['submitter']}<br>{$row['description']}</li>");
}
$result->MoveNext();
}
$output->Text("</ul>");
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text('<font class="pn-normal">' . _SEARCH_NO_LINKS . '</font>');
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* confirm an authorisation key is valid
* <br />
* See description of <code>pnSecGenAuthKey</code> for information on
* this function
*
* @public
* @return bool true if the key is valid, false if it is not
*/
function pnSecConfirmAuthKey()
{
list($module, $authid) = pnVarCleanFromInput('module', 'authid');
// get the module info
$modinfo = pnModGetInfo(pnModGetIDFromName($module));
// Regenerate static part of key
$partkey = pnSessionGetVar('rand') . strtolower($modinfo['name']);
// Not using time-sensitive keys for the moment
// // Key life is 5 minutes, so search backwards and forwards 5
// // minutes to see if there is a match anywhere
// for ($i=-5; $i<=5; $i++) {
// $testdate = mktime(date('G'), date('i')+$i, 0, date('m') , date('d'), date('Y'));
// $testauthid = md5($partkey . date('YmdGi', $testdate));
// if ($testauthid == $authid) {
// // Match
// // We've used up the current random
// // number, make up a new one
// srand((double)microtime()*1000000);
// pnSessionSetVar('rand', rand());
// return true;
// }
// }
if (md5($partkey) == $authid) {
// Match - generate new random number for next key and leave happy
srand((double) microtime() * 1000000);
pnSessionSetVar('rand', rand());
return true;
}
// Not found, assume invalid
return false;
}
/**
* update block settings
*/
function postcalendar_calendarblock_update($blockinfo)
{
// Security check
if (!pnSecAuthAction(0, 'PostCalendar:calendarblock:', "{$blockinfo['title']}::", ACCESS_ADMIN)) {
return false;
}
list($vars['pcbshowcalendar'], $vars['pcbeventslimit'], $vars['pcbeventoverview'], $vars['pcbnextevents'], $vars['pcbeventsrange'], $vars['pcbshowsslinks']) = pnVarCleanFromInput('pcbshowcalendar', 'pcbeventslimit', 'pcbeventoverview', 'pcbnextevents', 'pcbeventsrange', 'pcbshowsslinks');
// set up defaults if not defined
if (!isset($vars['pcbshowcalendar'])) {
$vars['pcbshowcalendar'] = 0;
}
if (!isset($vars['pcbeventslimit'])) {
$vars['pcbeventslimit'] = 5;
}
if (!isset($vars['pcbeventoverview'])) {
$vars['pcbeventoverview'] = 0;
}
if (!isset($vars['pcbnextevents'])) {
$vars['pcbnextevents'] = 0;
}
if (!isset($vars['pcbeventsrange'])) {
$vars['pcbeventsrange'] = 6;
}
if (!isset($vars['pcbshowsslinks'])) {
$vars['pcbshowsslinks'] = 0;
}
$tpl =& new pcSmarty();
$tpl->clear_all_cache();
$blockinfo['content'] = serialize($vars);
return $blockinfo;
}
/**
* get the user's theme
* <br />
* This function will return the current theme for the user.
* Order of theme priority:
* - page-specific
* - category
* - user
* - system
*
* @public
* @return string the name of the user's theme
**/
function pnUserGetTheme()
{
static $theme;
if (isset($theme)) {
return $theme;
}
// Page-specific theme
$pagetheme = pnVarCleanFromInput('theme');
if (!empty($pagetheme)) {
$themeinfo = pnThemeInfo($pagetheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $pagetheme;
return $pagetheme;
}
}
// set a new theme for the user
$pagetheme = pnVarCleanFromInput('newtheme');
if (!empty($pagetheme) && !pnConfigGetVar('theme_change')) {
$themeinfo = pnThemeInfo($pagetheme);
if ($themeinfo && $themeinfo['active']) {
if (pnUserLoggedIn()) {
$uid = pnUserGetVar('uid');
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$column =& $pntable['users_column'];
$sql = "UPDATE {$pntable['users']}\n SET {$column['theme']}='" . pnVarPrepForStore($pagetheme) . "'\n WHERE {$column['uid']}='" . pnVarPrepForStore($uid) . "'";
$dbconn->Execute($sql);
} else {
pnSessionSetVar('theme', $pagetheme);
}
$theme = $pagetheme;
return $pagetheme;
}
}
// eugenio themeover 20020413
// override the theme per category or story
// precedence is story over category override
list($sid, $file) = pnVarCleanFromInput('sid', 'file');
if (pnModGetName() == 'News' && (!empty($sid) || strtolower($file) == 'article')) {
$modinfo = pnModGetInfo(pnModGetIDFromName('News'));
include_once 'modules/' . $modinfo['directory'] . '/funcs.php';
$pntable =& pnDBGetTables();
$results = getArticles("{$pntable['stories_column']['sid']}='" . (int) pnVarPrepForStore($sid) . "'", "", "");
if (is_array($results) && count($results) > 0) {
$info = genArticleInfo($results[0]);
$themeinfo = pnThemeInfo($info['catthemeoverride']);
if ($themeinfo && $themeinfo['active']) {
$theme = $info['catthemeoverride'];
return $theme;
}
$themeinfo = pnThemeInfo($info['themeoverride']);
if ($themeinfo && $themeinfo['active']) {
$theme = $info['themeoverride'];
return $theme;
}
}
}
// User theme
if (!pnConfigGetVar('theme_change')) {
if (pnUserLoggedIn()) {
$usertheme = pnUserGetVar('theme');
} else {
$usertheme = pnSessionGetVar('theme');
}
$themeinfo = pnThemeInfo($usertheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $usertheme;
return $usertheme;
}
}
// default site theme
$defaulttheme = pnConfigGetVar('Default_Theme');
$themeinfo = pnThemeInfo($defaulttheme);
if ($themeinfo && $themeinfo['active']) {
$theme = $defaulttheme;
return $theme;
}
return false;
}
function __construct()
{
$theme = pnUserGetTheme();
$osTheme = pnVarPrepForOS($theme);
pnThemeLoad($theme);
global $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $bgcolor5, $bgcolor6, $textcolor1, $textcolor2;
// call constructor
parent::__construct();
// gather module information
$pcModInfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$pcDir = pnVarPrepForOS($pcModInfo['directory']);
$pcDisplayName = $pcModInfo['displayname'];
unset($pcModInfo);
// setup up pcSmarty configs
$this->compile_check = true;
$this->force_compile = false;
$this->debugging = false;
$this->template_dir = "modules/{$pcDir}/pntemplates";
array_push($this->plugins_dir, "modules/{$pcDir}/pnincludes/Smarty/plugins");
array_push($this->plugins_dir, "modules/{$pcDir}/plugins");
$this->compile_dir = "modules/{$pcDir}/pntemplates/compiled";
$this->cache_dir = "modules/{$pcDir}/pntemplates/cache";
$this->caching = _SETTING_USE_CACHE;
$this->cache_lifetime = _SETTING_CACHE_LIFETIME;
$this->left_delimiter = '[-';
$this->right_delimiter = '-]';
//============================================================
// checks for safe mode
// i think it's safe to say we can do this automagically now
//============================================================
$safe_mode = ini_get('safe_mode');
$safe_mode_gid = ini_get('safe_mode_gid');
$open_basedir = ini_get('open_basedir');
$use_safe_mode = (bool) $safe_mode || (bool) $safe_mode_gid || !empty($open_basedir);
if ($use_safe_mode) {
$this->use_sub_dirs = false;
} else {
$this->use_sub_dirs = true;
}
unset($use_safe_mode, $safe_mode, $safe_mode_gid, $open_basedir);
$this->autoload_filters = array('output' => array('trimwhitespace'));
$lang = pnUserGetLang();
$func = pnVarCleanFromInput('func');
$print = pnVarCleanFromInput('print');
// assign theme globals
$this->assign_by_ref('BGCOLOR1', $bgcolor1);
$this->assign_by_ref('BGCOLOR2', $bgcolor2);
$this->assign_by_ref('BGCOLOR3', $bgcolor3);
$this->assign_by_ref('BGCOLOR4', $bgcolor4);
$this->assign_by_ref('BGCOLOR5', $bgcolor5);
$this->assign_by_ref('BGCOLOR6', $bgcolor6);
$this->assign_by_ref('TEXTCOLOR1', $textcolor1);
$this->assign_by_ref('TEXTCOLOR2', $textcolor2);
$this->assign_by_ref('USER_LANG', $lang);
$this->assign_by_ref('FUNCTION', $func);
$this->assign('PRINT_VIEW', $print);
$this->assign('USE_POPUPS', _SETTING_USE_POPUPS);
$this->assign('USE_TOPICS', _SETTING_DISPLAY_TOPICS);
$this->assign('USE_INT_DATES', _SETTING_USE_INT_DATES);
$this->assign('OPEN_NEW_WINDOW', _SETTING_OPEN_NEW_WINDOW);
$this->assign('EVENT_DATE_FORMAT', _SETTING_DATE_FORMAT);
$this->assign('HIGHLIGHT_COLOR', _SETTING_DAY_HICOLOR);
$this->assign('24HOUR_TIME', _SETTING_TIME_24HOUR);
$this->assign_by_ref('MODULE_NAME', $pcDisplayName);
$this->assign_by_ref('MODULE_DIR', $pcDir);
$this->assign('ACCESS_NONE', PC_ACCESS_NONE);
$this->assign('ACCESS_OVERVIEW', PC_ACCESS_OVERVIEW);
$this->assign('ACCESS_READ', PC_ACCESS_READ);
$this->assign('ACCESS_COMMENT', PC_ACCESS_COMMENT);
$this->assign('ACCESS_MODERATE', PC_ACCESS_MODERATE);
$this->assign('ACCESS_EDIT', PC_ACCESS_EDIT);
$this->assign('ACCESS_ADD', PC_ACCESS_ADD);
$this->assign('ACCESS_DELETE', PC_ACCESS_DELETE);
$this->assign('ACCESS_ADMIN', PC_ACCESS_ADMIN);
//=================================================================
// Find out what Template we're using
//=================================================================
$template_name = _SETTING_TEMPLATE;
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Find out what Template View to use
//=================================================================
$template_view = pnVarCleanFromInput('tplview');
if (!isset($template_view)) {
$template_view = 'default';
}
$this->config_dir = "modules/{$pcDir}/pntemplates/{$template_name}/config/";
$this->assign_by_ref('TPL_NAME', $template_name);
$this->assign_by_ref('TPL_VIEW', $template_view);
$this->assign('TPL_IMAGE_PATH', $GLOBALS['rootdir'] . "/main/calendar/modules/{$pcDir}/pntemplates/{$template_name}/images");
$this->assign('TPL_ROOTDIR', $GLOBALS['rootdir']);
$this->assign('TPL_STYLE_PATH', "modules/{$pcDir}/pntemplates/{$template_name}/style");
$this->assign('THEME_PATH', "themes/{$osTheme}");
}
