function blocks_ephem_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Ephemeridsblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['ephem_column'];
$querylang = "AND ({$column['elanguage']}='" . pnVarPrepForStore($currentlang) . "' OR {$column['elanguage']}='')";
} else {
$querylang = "";
}
$today = getdate();
$eday = $today['mday'];
$emonth = $today['mon'];
$column =& $pntable['ephem_column'];
$result = $dbconn->Execute("SELECT {$column['yid']}, {$column['content']}\n FROM {$pntable['ephem']}\n WHERE {$column['did']}='" . pnVarPrepForStore($eday) . "' AND {$column['mid']}='" . pnVarPrepForStore($emonth) . "' {$querylang}");
$boxstuff = '<span class="pn-normal"><b>' . _ONEDAY . '</b></span><br />';
while (list($yid, $content) = $result->fields) {
$result->MoveNext();
$boxstuff .= '<br /><br />';
$boxstuff .= '<b>' . pnVarPrepForDisplay($yid) . '</b><br />' . pnVarPrepHTMLDisplay(nl2br($content)) . '';
}
if (empty($row['title'])) {
$row['title'] = _EPHEMERIDS;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function blocks_related_block($row)
{
global $sid, $story;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Relatedblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if ($story['topic']) {
$row['content'] = '<font class="pn-normal">';
$column =& $pntable['stories_column'];
$sql = "SELECT {$column['sid']} as sid, {$column['title']} as title FROM {$pntable['stories']} WHERE {$column['topic']}=" . pnVarPrepForStore($story['topic']) . " ORDER BY {$column['counter']} DESC";
$result = $dbconn->SelectLimit($sql, 1);
$mrow = $result->GetRowAssoc(false);
$result->MoveNext();
$column =& $pntable['related_column'];
$result = $dbconn->Execute("SELECT {$column['name']} as name, {$column['url']} as url FROM {$pntable['related']} WHERE {$column['tid']}=" . pnVarPrepForStore($story['topic']) . "");
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
$result->MoveNext();
$row['content'] .= "<strong><big>·</big></strong> <a href=\"{$lrow['url']}\" target=\"_blank\">" . pnVarPrepForDisplay($lrow['name']) . "</a><br>\n";
}
$row['content'] .= "<strong><big>·</big></strong> <a href=\"advtopics.php?topic={$story['topic']}\">" . _MOREABOUT . " " . pnVarPrepForDisplay($story['topicname']) . "</a><br>\n" . "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=Search&file=index&action=search&overview=1&active_stories=1&stories_author={$story['aid']}\">" . _NEWSBY . " " . pnVarPrepForDisplay($story['aid']) . "</a><br>\n" . '</font><br><hr noshade width="95%" size="1"><b>' . _MOSTREAD . " " . pnVarPrepForDisplay($story['topicname']) . ":</b><br>\n" . "<center><a href=\"advarticle.php?sid={$mrow['sid']}\">" . pnVarPrepForDisplay($mrow['title']) . "</a></center><br><br>\n" . '<div align="right">' . "<a href=\"print.php?sid={$mrow['sid']}\"><img src=\"images/global/print.gif\" border=\"0\" alt=\"" . _PRINTER . "\"></a> " . "<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Recommend_Us&file=index&req=FriendSend&sid={$sid}\"><img src=\"images/global/friend.gif\" border=\"0\" Alt=\"" . _FRIEND . "\"></a>\n" . '</div>';
return themesideblock($row);
}
}
function blocks_thelang_block($row)
{
$currentlang = pnUserGetLang();
if (!pnSecAuthAction(0, 'Languageblock::', "{$row['title']}::", ACCESS_OVERVIEW)) {
return;
}
if (!pnConfigGetVar('multilingual')) {
return;
}
$currentURL = $_SERVER['REQUEST_URI'];
if ($currentURL === "") {
$currentURL = "index.php";
}
$pattern = '/\\?newlang=.../';
$currentURL = preg_replace($pattern, '', $currentURL);
$pattern = '/\\&newlang=.../';
$currentURL = pnVarPrepForDisplay(preg_replace($pattern, '', $currentURL));
$append = "&";
if (strpos($currentURL, '?') === false) {
$append = "?";
}
$lang = languagelist();
$handle = opendir('language');
while ($f = readdir($handle)) {
if (is_dir("language/{$f}") && !empty($lang[$f])) {
$langlist[$f] = $lang[$f];
$sel_lang[$f] = '';
}
}
asort($langlist);
$content = '<center><font class="pn-normal">' . _SELECTGUILANG . '</font><br><br>';
if (pnConfigGetVar('useflags')) {
$i = 1;
foreach ($langlist as $k => $v) {
if ($i > 3) {
$content .= "<br>\n";
$i = 1;
}
$imgsize = @getimagesize("images/flags/flag-{$k}.png");
$content .= "<a href=\"{$currentURL}" . $append . "newlang={$k}\"><img src=\"images/flags/flag-{$k}.png\" border=\"0\" alt=\"{$lang[$k]}\" hspace=\"3\" vspace=\"3\" {$imgsize['3']}></a>";
$i++;
}
$content .= '</center>';
} else {
$content .= '<form method="post" action="index.php"><select class="pn-text" name="newlanguage" onChange="top.location.href=this.options[this.selectedIndex].value">';
$sel_lang[$currentlang] = ' selected';
foreach ($langlist as $k => $v) {
$content .= "<option value=\"{$currentURL}" . $append . "newlang={$k}\"{$sel_lang[$k]}>{$v}</option>\n";
}
$content .= '</select></form></center>';
}
if (empty($row['title'])) {
$row['title'] = _SELECTLANGUAGE;
}
$row['content'] = $content;
return themesideblock($row);
}
function blocks_login_block($row)
{
global $HTTP_SERVER_VARS;
if (empty($row['title'])) {
$row['title'] = 'Login';
}
if (!pnSecAuthAction(0, 'Loginblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
// code taken pnGetBaseURI to fix issue with IIS not passing request_uri
// markwest
// Start of with REQUEST_URI
if (isset($HTTP_SERVER_VARS['REQUEST_URI'])) {
$path = $HTTP_SERVER_VARS['REQUEST_URI'];
} else {
$path = getenv('REQUEST_URI');
}
if (empty($path) || substr($path, -1, 1) == '/') {
// REQUEST_URI was empty or pointed to a path
// Try looking at PATH_INFO
$path = getenv('PATH_INFO');
if (empty($path)) {
// No luck there either
// Try SCRIPT_NAME
if (isset($HTTP_SERVER_VARS['SCRIPT_NAME'])) {
$path = $HTTP_SERVER_VARS['SCRIPT_NAME'];
} else {
$path = getenv('SCRIPT_NAME');
}
}
}
if (!pnUserLoggedIn()) {
// prettified a little with a table for inputs and button to avoid bugs like #493456 (Andy Varganov)
$boxstuff = '<form action="user.php" method="post">';
$boxstuff .= '<table border="0" width="100%" cellspacing="0" cellpadding="1"><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKNICKNAME . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="text" name="uname" size="14" maxlength="25"></td></tr><tr><td>';
$boxstuff .= '<span class="pn-normal"> ' . _BLOCKPASSWORD . '</span></td></tr><tr><td>';
$boxstuff .= '<input type="password" name="pass" size="14" maxlength="20"></td></tr><tr><td>';
if (pnConfigGetVar('seclevel') != 'High') {
$boxstuff .= '<input type="checkbox" value="1" name="rememberme" />';
$boxstuff .= '<span class="pn-normal"> ' . _REMEMBERME . '</span></td></tr><tr><td>';
}
$boxstuff .= '<br>';
$boxstuff .= '<input type="hidden" name="module" value="NS-User" />';
$boxstuff .= '<input type="hidden" name="op" value="login" />';
$boxstuff .= '<input type="hidden" name="url" value="' . pnVarPrepForDisplay($path) . '" />';
$boxstuff .= '<input type="submit" value="' . _LOGIN . '" /></td></tr><tr><td>';
$boxstuff .= '<br /><span class="pn-normal">' . _ASREGISTERED . '</span></td></tr><tr><td></table></form>';
if (empty($row['title'])) {
$row['title'] = _LOGIN;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
}
function blocks_category_block($row)
{
global $topic, $catid;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Categoryblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnConfigGetVar('multilingual') == 1) {
$column =& $pntable['stories_column'];
$querylang = "AND ({$column['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$column['alanguage']}='')";
/* the OR is needed to display stories who are posted to ALL languages */
} else {
$querylang = '';
}
$column =& $pntable['stories_cat_column'];
$result = $dbconn->Execute("SELECT {$column['catid']} as catid, {$column['title']} as title FROM {$pntable['stories_cat']} ORDER BY {$column['title']}");
if ($result->EOF) {
return;
} else {
$boxstuff = '<span class="pn-normal">';
if ($catid == "") {
// $boxstuff .= '<strong><big>·</big></strong> <b>'._ALL_CATEGORIES.'</b><br />';
$boxstuff .= "";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name=News&file=index&topic={$topic}\">" . _ALL_CATEGORIES . "</a><br />";
}
for (; !$result->EOF; $result->MoveNext()) {
$srow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Category', "{$srow['title']}::{$srow['catid']}", ACCESS_READ)) {
$column =& $pntable['stories_column'];
$result2 = $dbconn->Execute("SELECT {$column['time']} AS unixtime\n FROM {$pntable['stories']}\n WHERE {$column['catid']}=" . pnVarPrepForStore($srow['catid']) . " {$querylang}\n ORDER BY {$column['time']} DESC");
if (!$result2->EOF) {
$story = $result2->GetRowAssoc(false);
$story['unixtime'] = $result2->UnixTimeStamp($story['unixtime']);
$sdate = ml_ftime(_DATEBRIEF, $story['unixtime']);
if ($catid == $srow['catid']) {
$boxstuff .= "<strong><big>·</big></strong> <span class=\"pn-title\"><b>" . pnVarPrepForDisplay($srow['title']) . "</b></span> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
} else {
$boxstuff .= "<strong><big>·</big></strong> <a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=index&catid={$srow['catid']}&topic={$topic}\">" . pnVarPrepForDisplay($srow['title']) . "</a> <span class=\"pn-sub\">(" . pnVarPrepForDisplay($sdate) . ")</span><br />";
}
}
}
}
}
$boxstuff .= '</span>';
if (empty($row['title'])) {
$row['title'] = _CATEGORIES;
}
$row['content'] = $boxstuff;
return themesideblock($row);
}
function blocks_weblinks_display($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Weblinksblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$url = explode('|', $row['url']);
if (!$url[0]) {
$row['content'] = 'You forgot to set the module name!';
return themesideblock($row);
}
if (!$url[1]) {
$url[1] = 10;
}
$links_col =& $pntable['links_links_column'];
$linksok = 0;
$linkcount = 0;
$result = $dbconn->Execute("SELECT {$links_col['cat_id']}, {$links_col['title']} FROM {$pntable['links_links']} ORDER BY {$links_col['date']} DESC");
while (list($cid, $title) = $result->fields) {
$result->MoveNext();
$linkcount++;
if (pnSecAuthAction(0, "Web Links::Category", "{$title}::{$cid}", ACCESS_READ)) {
$linksok++;
}
if ($linksok == $url[1]) {
break;
}
}
$oldurl = $url[1];
$url[1] = $linkcount;
$row['content'] = '<span class="pn-normal">';
$links_col =& $pntable['links_links_column'];
$cats_col =& $pntable['links_categories_column'];
$sql = "SELECT {$links_col['lid']} as lid, {$links_col['cat_id']} as catid, {$links_col['title']} as title, {$links_col['description']} as description, {$links_col['hits']} as hits, IF({$links_col['cat_id']}, CONCAT('/', {$cats_col['title']}), {$cats_col['title']}) AS cattitle\n FROM {$pntable['links_links']}\n LEFT JOIN {$pntable['links_categories']}\n ON {$cats_col['cat_id']}={$links_col['cat_id']}\n ORDER BY {$links_col['date']} DESC";
$result = $dbconn->SelectLimit($sql, $url[1]);
while (!$result->EOF) {
$lrow = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "Web Links::Category", "{$lrow['cattitle']}::{$lrow['catid']}", ACCESS_READ)) {
$lrow['title'] = pnVarPrepForDisplay($lrow['title']);
$lrow['description'] = pnVarPrepHTMLDisplay($lrow['description']);
$lrow['cattitle'] = pnVarPrepForDisplay($lrow['cattitle']);
$row['content'] .= "<strong><big>·</big></strong> <a href=\"modules.php?op=modload&name={$url['0']}&file=index&req=visit&lid={$lrow['lid']}\" target=\"_blank\" title=\"{$lrow['cattitle']}:\n{$lrow['description']}\" class=\"pn-sub\">{$lrow['title']}</a><br>\n";
$result->MoveNext();
}
}
//$row['content'] .= "<div align=\"right\"><font class=\"pn-sub\"><a href=\"modules.php?op=modload&name=Web_Links&file=index&req=NewLinks&newlinkshowdays=10\">"._READMORE."</a></font></div>";
$row['content'] .= '</span>';
return themesideblock($row);
}
function blocks_user_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Userblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
if (pnUserLoggedIn() && pnUserGetVar('ublockon') == 1) {
$column =& $pntable['users_column'];
$uid = pnUserGetVar('uid');
$getblock = $dbconn->Execute("SELECT {$column['ublock']} FROM {$pntable['users']} WHERE {$column['uid']}=" . pnVarPrepForStore($uid) . "");
list($ublock) = $getblock->fields;
$username = pnUserGetVar('name');
$row['title'] = _MENUFOR . " " . pnVarPrepForDisplay($username) . "";
$row['content'] = $ublock;
return themesideblock($row);
}
}
function send_email()
{
$adminmail = pnConfigGetVar('adminmail');
$subject = "" . _ERROR404_MAILSUBJECT . "";
$sitename = pnConfigGetVar('sitename');
$remote_addr = pnServerGetVar('REMOTE_ADDR');
$http_referer = pnServerGetVar('HTTP_REFERER');
$redirect_url = pnServerGetVar('REDIRECT_URL');
$server = pnServerGetVar('HTTP_HOST');
$errordoc = "http://{$server}{$redirect_url}";
$errortime = ml_ftime(_DATETIMEBRIEF, date(time()));
$message = "{$subject}\n\n";
$message .= "TIME: {$errortime}\n";
$message .= "REMOTE_ADDR: {$remote_addr}\n";
$message .= "ERRORDOC: " . pnVarPrepForDisplay($errordoc) . "\n";
$message .= "HTTP_REFERER: {$http_referer}\n";
pnMail($adminmail, $subject, $message, "From: \"{$sitename}\" <{$adminmail}>\nX-Mailer: PHP/" . phpversion());
echo "<br /><br /><strong>" . _ERROR404_MAILED . "</strong>\n";
}
function modules_adminmenu()
{
$output = new pnHTML();
if (!pnSecAuthAction(0, 'Modules::', '::', ACCESS_ADMIN)) {
$output->Text(_MODULESNOAUTH);
return $output->GetOutput();
}
$output->Text(pnGetStatusMsg());
$output->Linebreak(2);
$output->TableStart(_MODULES);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$columns = array();
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'list')), _LIST);
$columns[] = $output->URL(pnVarPrepForDisplay(pnModURL('Modules', 'admin', 'regenerate', array('authid' => pnSecGenAuthKey()))), _REGENERATE);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddRow($columns);
$output->SetInputMode(_PNH_PARSEINPUT);
$output->TableEnd();
return $output->GetOutput();
}
function user_title($title)
{
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . pnVarPrepForDisplay($title) . "</b></font></center>";
CloseTable();
}
/**
* Display a block based on the current theme
*
*/
function themesideblock($row)
{
if (!isset($row['bid'])) {
$row['bid'] = '';
}
if (!isset($row['title'])) {
$row['title'] = '';
}
// check for collapsable menus being enabled, and setup the collapsable menu image.
if (file_exists('themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/upb.gif')) {
$upb = '<img src="themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/upb.gif" alt="" />';
} else {
$upb = '<img src="images/global/upb.gif" alt="" />';
}
if (file_exists('themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/downb.gif')) {
$downb = '<img src="themes/' . pnVarPrepForOS(pnUserGetTheme()) . '/images/downb.gif" alt="" />';
} else {
$downb = '<img src="images/global/downb.gif" alt="" />';
}
if (pnUserLoggedIn() && pnModGetVar('Blocks', 'collapseable') == 1 && isset($row['collapsable']) && $row['collapsable'] == '1') {
if (pnCheckUserBlock($row) == '1') {
if (!empty($row['title'])) {
$row['minbox'] = '<a href="' . pnVarPrepForDisplay(pnModURL('Blocks', 'user', 'changestatus', array('bid' => $row['bid'], 'authid' => pnSecGenAuthKey()))) . '">' . $upb . '</a>';
}
} else {
$row['content'] = '';
if (!empty($row['title'])) {
$row['minbox'] = '<a href="' . pnVarPrepForDisplay(pnModURL('Blocks', 'user', 'changestatus', array('bid' => $row['bid'], 'authid' => pnSecGenAuthKey()))) . '">' . $downb . '</a>';
}
}
} else {
$row['minbox'] = '';
}
// end collapseable menu config
return themesidebox($row);
}
function editmsg()
{
list($mid, $authid) = pnVarCleanFromInput('mid', 'authid');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
include "header.php";
GraphicAdmin();
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . _MESSAGESADMIN . "</b></font></center>";
CloseTable();
$column =& $pntable['message_column'];
$result = $dbconn->Execute("SELECT {$column['title']},\n {$column['content']},\n {$column['date']},\n {$column['expire']},\n {$column['active']},\n {$column['view']},\n {$column['mlanguage']} \n FROM {$pntable['message']}\n WHERE {$column['mid']}= '" . pnVarPrepForStore($mid) . "'");
list($title, $content, $mdate, $expire, $active, $view, $mlanguage) = $result->fields;
if (!pnSecAuthAction(0, 'Messages::', "{$title}::{$mid}", ACCESS_EDIT)) {
echo _MESSAGESEDITNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<center><font class=\"pn-title\"><b>" . _EDITMSG . "</b></font></center>";
$asel1 = '';
$asel2 = '';
if ($active == 1) {
$asel1 = "checked";
} elseif ($active == 0) {
$asel2 = "checked";
}
$sel1 = '';
$sel2 = '';
$sel3 = '';
$sel4 = '';
if ($view == 1) {
$sel1 = "selected";
} elseif ($view == 2) {
$sel2 = "selected";
} elseif ($view == 3) {
$sel3 = "selected";
} elseif ($view == 4) {
$sel4 = "selected";
}
$esel1 = '';
$esel2 = '';
$esel3 = '';
$esel4 = '';
$esel5 = '';
$esel6 = '';
if ($expire == 86400) {
$esel1 = "selected";
} elseif ($expire == 172800) {
$esel2 = "selected";
} elseif ($expire == 432000) {
$esel3 = "selected";
} elseif ($expire == 1296000) {
$esel4 = "selected";
} elseif ($expire == 2592000) {
$esel5 = "selected";
} elseif ($expire == 0) {
$esel6 = "selected";
}
echo "<form action=\"admin.php\" method=\"post\">";
echo "<b><font class=\"pn-normal\">" . _MESSAGETITLE . ":</font></b><br>" . "<input type=\"text\" name=\"title\" value=\"" . pnVarPrepForDisplay($title) . "\" size=\"50\" maxlength=\"100\"><br><br>" . "<b><font class=\"pn-normal\">" . _MESSAGECONTENT . ":</font></b><br>" . "<textarea name=\"content\" rows=\"10\" cols=\"80\">" . pnVarPrepForDisplay($content) . "</textarea><br><br><font class=\"pn-normal\">" . '<b>' . _LANGUAGE . ': </b></font>' . '<select name="mlanguage" size="1">' . '<option value="">' . _ALL . '</option>';
$lang = languagelist();
$sel_lang[$mlanguage] = ' selected';
$handle = opendir('language');
while ($f = readdir($handle)) {
if (is_dir("language/{$f}") && !empty($lang[$f])) {
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
// a bit ugly, but it works in E_ALL conditions (Andy Varganov)
foreach ($langlist as $k => $v) {
echo '<option value="' . $k . '"';
if (isset($sel_lang[$k])) {
echo ' selected';
}
echo '>' . $v . '</option>';
}
print '</select><br><br>' . "<font class=\"pn-normal\"><b>" . _ACTIVE . "?</b> <input type=\"radio\" name=\"active\" value=\"1\" {$asel1}>" . _YES . " " . "<input type=\"radio\" name=\"active\" value=\"0\" {$asel2}>" . _NO . "</font>";
if ($active == 1) {
echo "<br><br><font class=\"pn-normal\"><b>" . _CHANGEDATE . "</b>" . "<input type=\"radio\" name=\"chng_date\" value=\"1\">" . _YES . " " . "<input type=\"radio\" name=\"chng_date\" value=\"0\" checked>" . _NO . "</font><br><br>";
} elseif ($active == 0) {
echo "<br><font class=\"pn-sub\">" . _IFYOUACTIVE . "</font><br><br>" . "<input type=\"hidden\" name=\"chng_date\" value=\"1\">";
}
echo "<font class=\"pn-normal\"><b>" . _VIEWPRIV . "</b> <select name=\"view\">" . "<option value=\"1\" {$sel1}>" . _MVALL . "</option>" . "<option value=\"2\" {$sel2}>" . _MVUSERS . "</option>" . "<option value=\"3\" {$sel3}>" . _MVANON . "</option>" . "<option value=\"4\" {$sel4}>" . _MVADMIN . "</option>" . "</select></font><br><br>" . "<input type=\"hidden\" name=\"mdate\" value=\"{$mdate}\">" . "<input type=\"hidden\" name=\"mid\" value=\"{$mid}\">" . "<input type=\"hidden\" name=\"module\" value=\"" . $GLOBALS['module'] . "\">" . "<input type=\"hidden\" name=\"op\" value=\"savemsg\">" . "<input type=\"hidden\" name=\"authid\" value=\"" . pnSecGenAuthKey() . "\">" . "<input type=\"submit\" value=\"" . _SAVECHANGES . "\">" . "</form>";
CloseTable();
include "footer.php";
}
/**
* modify block settings
*/
function template_firstblock_modify($blockinfo)
{
// Create output object
$output = new pnHTML();
// Get current content
$vars = pnBlockVarsFromContent($blockinfo['content']);
// Defaults
if (empty($vars['numitems'])) {
$vars['numitems'] = 5;
}
// Create row
$row = array();
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$row[] = $output->Text(_NUMITEMS);
$row[] = $output->FormText('numitems', pnVarPrepForDisplay($vars['numitems']), 5, 5);
$output->SetOutputMode(_PNH_KEEPOUTPUT);
// Add row
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->TableAddRow($row, 'left');
$output->SetInputMode(_PNH_PARSEINPUT);
// Return output
return $output->GetOutput();
}
function draw_menu()
{
global $hlpfile;
$currentlang = pnVarCleanFromInput('currentlang');
OpenTable();
echo '<center>' . "\n";
if (count($this->options) == 0) {
$this->title_file = '';
}
if ($this->title_file != '') {
echo '<a href="' . $this->title_file . '" class="pn-title">';
}
echo '<font class="pn-title"><b>' . pnVarPrepForDisplay($this->title_text) . '</b></font>';
if ($this->title_file != '') {
echo '</a></center>';
}
echo "\n" . '<br>' . "\n";
// if (($this->detail_menu) or ($GLOBALS['module']=='oldway'))
// {
// if (isset($this->help_file))
// {
$currentlang = pnUserGetLang();
// fixed bug [ #357 ] empty pop up window
if (file_exists($file = "modules/" . $GLOBALS['module'] . "/lang/" . pnVarPrepForOS($currentlang) . "/manual.html")) {
$hlpfile = $file;
echo '<center>[ <a href="javascript:openwindow(' . ')" class="pn-normal">' . _ONLINEMANUAL . '</a> ]' . "</center>\n";
}
// }
// }
if ($this->detail_menu) {
if (count($this->options) == 0) {
echo _ADMIN_NO_OPTION . "\n";
} else {
echo '<br><br>' . "\n" . '<table border="0" width="100%" cellspacing="1">' . "\n";
if ($this->graphic_menu) {
$this->draw_options_graphic();
} else {
$this->draw_options();
}
echo '</table>' . "\n";
}
}
CloseTable();
}
function rss_parse_array($f)
{
$struct = '';
foreach ($f as $line) {
// Fix for CDATA tag not removed when fetching RSS -- bharvey42 6/9/03
$line = preg_replace('#(<\\!\\[CDATA\\[)(.*)(\\]\\]>) #siU', '\\2', $line);
$parse = '';
// get our positions
$sp = strpos($line, '>');
$ep = strrpos($line, '<');
$ep2 = strrpos($line, '>');
// split into first tag, last tag, and content
$first_tag = substr($line, 1, $sp - 1);
$last_tag = substr($line, $ep + 1, $ep2 - $ep - 1);
$content = substr($line, $sp + 1, $ep - 1 - $sp);
if (!$line) {
// blank line
continue;
}
if ($first_tag == $last_tag) {
// no content, single tag line
if ($first_tag[0] == '/') {
$parse['type'] = 'close';
if ($temp_str = strstr($first_tag, ':')) {
$first_tag = $temp_str;
}
$parse['tag'] = strtolower(substr($first_tag, 1, strlen($first_tag) - 1));
} else {
$parse['type'] = 'open';
$first_tag = preg_replace('/^\\S*:/', '', $first_tag);
$first_tag = preg_replace('/\\s.*/', '', $first_tag);
$parse['tag'] = strtolower($first_tag);
}
$parse['value'] = '';
} else {
// complete
$parse['type'] = 'complete';
$parse['tag'] = strtolower($first_tag);
if ($content) {
// Content might have HTML entities, turn it into
// normal text and then parse it through our own
// system
$trans = get_html_translation_table(HTML_ENTITIES);
$trans = array_flip($trans);
// Need to do this twice as some systems pass us quotes like
// &quot; - ug
$content = strtr($content, $trans);
$content = strtr($content, $trans);
$content = pnVarPrepForDisplay($content);
}
$parse['value'] = $content;
}
$struct[] = $parse;
}
return $struct;
}
function search_faqs()
{
list($q, $bool, $startnum, $total, $active_faqs) = pnVarCleanFromInput('q', 'bool', 'startnum', 'total', 'active_faqs');
if (empty($active_faqs)) {
return;
}
if (!pnModAvailable('FAQ')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
$column =& $pntable['faqanswer_column'];
$faqcatcol =& $pntable['faqcategories_column'];
$query = "SELECT {$column['id_cat']} as id_cat, \n \t\t\t\t{$column['question']} as question, \n \t\t\t\t{$column['answer']} as answer,\n \t\t\t\t{$faqcatcol['categories']} as categories\n FROM {$pntable['faqanswer']} \n LEFT JOIN {$pntable['faqcategories']} ON {$column['id_cat']}={$faqcatcol['id_cat']}\n WHERE {$column['answer']} != \"\" AND \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// faqs
$query .= "{$column['question']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['answer']} LIKE '" . pnVarPrepForStore($word) . "'\n";
$query .= ')';
$flag = true;
}
if (pnConfigGetVar('multilingual') == 1) {
$query .= " AND ({$faqcatcol['flanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$faqcatcol['flanguage']}='')";
}
$query .= " ORDER BY {$column['id']}";
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_FAQ . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_faqs=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, "FAQ::", "{$row['categories']}::{$row['id_cat']}", ACCESS_READ)) {
$row['answer'] = strip_tags($row['answer']);
if (strlen($row['answer']) > 128) {
$row['answer'] = substr($row['answer'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=FAQ&myfaq=yes&id_cat={$row['id_cat']}\">" . pnVarPrepForDisplay($row[question]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[answer]) . "</dd>");
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_FAQS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
/**
* Add HTML tags for a file upload field as part of a form.
*
* @access public
* @since 1.13 - 2002/01/23
* @param string $fieldname the name of the field
* @param integer $size (optional) the size of the field on the page in number
* of characters
* @param integer $maxsize (optional) the maximum file size allowed (in bytes)
* @param string $accesskey (optional) accesskey to active this item
* @return string An HTML string if <code>ReturnHTML()</code> has been called,
* otherwise null
*/
function FormFile($fieldname, $size = 32, $maxsize = 1000000, $accesskey = '')
{
if (empty($fieldname)) {
return;
}
$this->tabindex++;
$output = '<input type="hidden" name="MAX_FILE_SIZE" value="' . pnVarPrepForDisplay($maxsize) . '" />';
$output .= '<input' . ' type="file"' . ' name="' . pnVarPrepForDisplay($fieldname) . '"' . ' id="' . pnVarPrepForDisplay($fieldname) . '"' . ' size="' . pnVarPrepForDisplay($size) . '"' . (empty($accesskey) ? '' : ' accesskey="' . pnVarPrepForDisplay($accesskey) . '"') . ' tabindex="' . $this->tabindex . '"' . ' />';
if ($this->GetOutputMode() == _PNH_RETURNOUTPUT) {
return $output;
} else {
$this->output .= $output;
}
}
/**
* Let the client email his
* banner statistics
*/
function EmailStats()
{
list($login, $cid, $bid, $pass) = pnVarCleanFromInput('login', 'cid', 'bid', 'pass');
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$column =& $pntable['bannerclient_column'];
$result2 = $dbconn->Execute("SELECT {$column['name']}, {$column['email']}\n FROM {$pntable['bannerclient']}\n WHERE {$column['cid']}='" . pnVarPrepForStore($cid) . "'");
list($name, $email) = $result2->fields;
if ($email == "") {
include 'header.php';
OpenTable();
echo "<font class=\"pn-normal\">" . _BAN_STATSFORBAN . ";\n echo " . pnVarPrepForDisplay($bid) . "";
echo "" . _BAN_CANTSEND . "" . " " . pnVarPrepForDisplay($name) . "<br>" . "" . _BAN_CONTACTADMIN . "<br><br>" . "<a href=\"javascript:history.go(-1)\">" . _BAN_BACK . "</a>";
CloseTable();
include 'footer.php';
} else {
$column =& $pntable['banner_column'];
$result = $dbconn->Execute("SELECT {$column['bid']}, {$column['imptotal']}, {$column['impmade']}, {$column['clicks']}, {$column['imageurl']}, {$column['clickurl']}, {$column['date']}\n FROM {$pntable['banner']}\n WHERE {$column['bid']}='" . pnVarPrepForStore($bid) . "' AND {$column['cid']}='" . pnVarPrepForStore($cid) . "'");
list($bid, $imptotal, $impmade, $clicks, $imageurl, $clickurl, $date) = $result->fields;
if ($impmade == 0) {
$percent = 0;
} else {
$percent = substr(100 * $clicks / $impmade, 0, 5);
}
if ($imptotal == 0) {
$left = _BAN_UNLIMITED;
$imptotal = _BAN_UNLIMITED;
} else {
$left = $imptotal - $impmade;
}
$sitename = pnConfigGetVar('sitename');
$fecha = date("F jS Y, h:iA.");
$subject = "" . _BAN_YOURSTATS . " {$sitename}";
$message = "" . _BAN_FORMAIL . " {$sitename}:\n\n\n" . _BAN_CLIENTNAME . ": {$name}\n" . _BAN_ID . ": {$bid}\n" . _BAN_IMAGE . ": {$imageurl}\n" . _BAN_URL . ": {$clickurl}\n\n" . _BAN_IMPPURCHASED . ": {$imptotal}\n" . _BAN_IMP_MADE . ": {$impmade}\n" . _BAN_IMP_LEFT . ": {$left}\n" . _BAN_CLICKS . ": {$clicks}\n" . _BAN_PERCENTCLICKS . ": {$percent}%\n\n\n" . _BAN_REPORTMADEON . ": {$fecha}";
$from = "{$sitename}";
pnMail($email, $subject, $message, "" . _BAN_FROM . ": {$from}\nX-Mailer: PHP/" . phpversion());
include 'header.php';
OpenTable();
echo "<font class=\"pn-normal\">" . _BAN_STATSFORBAN . " " . pnVarPrepForDisplay($bid) . " " . _BAN_SENTTO . "<br>" . "<i>" . pnVarPrepForDisplay($email) . "</i> for " . pnVarPrepForDisplay($name) . "<br><br>" . "<a href=\"javascript:history.go(-1)\">" . _BAN_BACK . "</a>";
CloseTable();
}
}
function blocks_menu_select($row)
{
global $pntheme;
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
// Break out options from our content field
$vars = pnBlockVarsFromContent($row['content']);
$row['content'] = "";
// Defaults
if (empty($vars['style'])) {
$vars['style'] = 1;
}
// What style of menu
$output = '<tr><td class="pn-title">' . _MENU_FORMAT . '</td><td></td></tr>';
$output .= '<tr><td class="pn-normal">' . _MENU_AS_LIST . ':</td><td><input type="radio" name="style" value="1"';
if ($vars['style'] == 1) {
$output .= ' checked';
}
$output .= '></td></tr><tr><td class="pn-normal">' . _MENU_AS_DROPDOWN . ':</td><td><input type="radio" name="style" value="2"';
if ($vars['style'] == 2) {
$output .= ' checked';
}
$output .= ' /></td></tr>';
// What to display
$output .= '<tr><td class="pn-title">' . _DISPLAY . '</td><td></td></tr>';
$output .= '<tr><td class="pn-normal">' . _MENU_MODULES . ':</td><td><input type="checkbox" value="1" name="displaymodules"';
if (!empty($vars['displaymodules'])) {
$output .= ' checked';
}
$output .= ' /></td></tr><tr><td class="pn-normal">' . _WAITINGCONT . ':</td><td><input type="checkbox" value="1" name="displaywaiting"';
if (!empty($vars['displaywaiting'])) {
$output .= ' checked';
}
$output .= ' /></td></tr>';
// Content
$c = 1;
$output .= "</table><table>";
$output .= "<tr><td valign=\"top\" class=\"pn-title\">" . _MENU_CONTENT . ":</td><td><table border=\"1\"><tr><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _TITLE . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _URL . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _MENU_DESCRIPTION . " </b><span class=\"pn-sub\"><b>(" . _OPTIONAL . ")</b></span></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _DELETE . "</b></td><td align=\"center\" class=\"pn-normal\" style=\"color:{$pntheme['table_header_text']}; background-color:{$pntheme['table_header']}; text-align:center\"><b>" . _INSERT_BLANK_AFTER . "</b></td></tr>";
if (!empty($vars['content'])) {
$contentlines = explode("LINESPLIT", $vars['content']);
foreach ($contentlines as $contentline) {
$link = explode('|', $contentline);
$output .= "<tr><td valign=\"top\"><input type=\"text\" name=\"linkname[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[1]) . "\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"text\" name=\"linkurl[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[0]) . "\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"text\" name=\"linkdesc[{$c}]\" size=\"30\" maxlength=\"255\" value=\"" . pnVarPrepForDisplay($link[2]) . "\" class=\"pn-normal\" /></td><td valign=\"top\"><input type=\"checkbox\" name=\"linkdelete[{$c}]\" value=\"1\" class=\"pn-normal\"></td><td valign=\"top\"><input type=\"checkbox\" name=\"linkinsert[{$c}]\" value=\"1\" class=\"pn-normal\" /></td></tr>\n";
$c++;
}
}
$output .= "<tr><td><input type=\"text\" name=\"new_linkname\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td><input type=\"text\" name=\"new_linkurl\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td class=\"pn-normal\"><input type=\"text\" name=\"new_linkdesc\" size=\"30\" maxlength=\"255\" class=\"pn-normal\" /></td><td class=\"pn-normal\">" . _NEWONE . "</td><td class=\"pn-normal\"><input type=\"checkbox\" name=\"new_linkinsert\" value=\"1\" class=\"pn-normal\" /></td></tr>\n";
$output .= '</table></td></tr>';
return $output;
}
/**
* Make common language selection dropdown
*
* @author Tim Litwiller
*/
function lang_dropdown()
{
$currentlang = pnUserGetLang();
echo "<select name=\"alanguage\" class=\"pn-text\" id=\"language\">";
$lang = languagelist();
print "<option value=\"\">" . _ALL . '</option>';
$handle = opendir('language');
while (false !== ($f = readdir($handle))) {
if (is_dir("language/{$f}") && @$lang[$f]) {
$langlist[$f] = $lang[$f];
}
}
asort($langlist);
foreach ($langlist as $k => $v) {
echo '<option value="' . $k . '"';
if ($currentlang == $k) {
echo ' selected="selected"';
}
echo '>' . pnVarPrepForDisplay($v) . '</option> ';
}
echo "</select>";
}
function search_stories()
{
list($startnum, $active_stories, $total, $stories_topics, $stories_cat, $stories_author, $q, $bool) = pnVarCleanFromInput('startnum', 'active_stories', 'total', 'stories_topics', 'stories_cat', 'stories_author', 'q', 'bool');
if (!isset($active_stories) || !$active_stories) {
return;
}
if (!pnModAvailable('News')) {
return;
}
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
if (empty($bool)) {
$bool = 'OR';
}
$flag = false;
$storcol =& $pntable['stories_column'];
$stcatcol =& $pntable['stories_cat_column'];
$topcol =& $pntable['topics_column'];
$query = '';
$query1 = "SELECT {$storcol['sid']} as sid,\n {$topcol['tid']} as topicid,\n {$topcol['topicname']} as topicname,\n {$topcol['topictext']} as topictext,\n {$storcol['catid']} as catid,\n {$storcol['time']} AS fdate,\n {$storcol['title']} AS story_title,\n {$storcol['aid']} AS aid,\n {$stcatcol['title']} AS cat_title\n FROM {$pntable['stories']}\n LEFT JOIN {$pntable['stories_cat']} ON ({$storcol['catid']}={$stcatcol['catid']})\n LEFT JOIN {$pntable['topics']} ON ({$storcol['topic']}={$topcol['tid']})\n WHERE ";
// hack to get this to work, but much better than what we had before
//$query .= " 1 = 1 ";
// words
$w = search_split_query($q);
if (isset($w)) {
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
$query .= "{$storcol['title']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['hometext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['bodytext']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
//$query .= "$storcol[comments] LIKE '".pnVarPrepForStore($word)."' OR ";
$query .= "{$storcol['informant']} LIKE '" . pnVarPrepForStore($word) . "' OR ";
$query .= "{$storcol['notes']} LIKE '" . pnVarPrepForStore($word) . "'";
$query .= ')';
$flag = true;
$no_flag = false;
}
} else {
$no_flag = true;
}
// topics
if (isset($stories_topics) && !empty($stories_topics)) {
$flag = false;
$start_flag = false;
// dont set AND/OR if nothing is in front
foreach ($stories_topics as $v) {
if (empty($v)) {
continue;
}
if (!$no_flag and !$start_flag) {
$query .= ' AND (';
$start_flag = true;
}
if ($flag) {
$query .= ' OR ';
}
$query .= "{$storcol['topic']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag and $start_flag) {
$query .= ') ';
$no_flag = false;
}
}
// categories
if (!is_array($stories_cat)) {
$stories_cat[0] = '';
}
if (isset($stories_cat[0]) && !empty($stories_cat[0])) {
if (!$no_flag) {
$query .= ' AND (';
}
$flag = false;
foreach ($stories_cat as $v) {
if ($flag) {
$query .= ' OR ';
}
$query .= "{$stcatcol['catid']}='" . pnVarPrepForStore($v) . "'";
$flag = true;
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
}
// authors
if (isset($stories_author) && $stories_author != '') {
if (!$no_flag) {
$query .= ' AND (';
}
$query .= "{$storcol['informant']}='" . pnVarPrepForStore($stories_author) . "'";
$result =& $dbconn->Execute("SELECT {$pntable['users_column']['uid']} as pn_uid FROM {$pntable['users']} WHERE {$pntable['users_column']['uname']} LIKE '%" . pnVarPrepForStore($stories_author) . "%' OR {$pntable['users_column']['name']} LIKE '%" . pnVarPrepForStore($stories_author) . "%'");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
$query .= " OR {$storcol['aid']}={$row['pn_uid']}";
$result->MoveNext();
}
if (!$no_flag) {
$query .= ') ';
$no_flag = false;
}
} else {
$stories_author = '';
}
if (pnConfigGetVar('multilingual') == 1) {
if (!empty($query)) {
$query .= ' AND';
}
$query .= " ({$storcol['alanguage']}='" . pnVarPrepForStore(pnUserGetLang()) . "' OR {$storcol['alanguage']}='')";
}
if (empty($query)) {
$query = '1';
}
$query .= " ORDER BY {$storcol['time']} DESC";
$query = $query1 . $query;
// get the total count with permissions!
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_STORIES_TOPICS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = 'index.php?name=Search&action=search&active_stories=1&stories_author=' . pnVarPrepForDisplay($stories_author);
if (isset($stories_cat) && $stories_cat) {
foreach ($stories_cat as $v) {
$url .= "&stories_cat%5B%5D={$v}";
}
}
if (isset($stories_topics) && $stories_topics) {
foreach ($stories_topics as $v) {
$url .= "&stories_topics%5B%5D={$v}";
}
}
$url .= '&bool=' . pnVarPrepForDisplay($bool);
if (isset($q)) {
$url .= '&q=' . pnVarPrepForDisplay($q);
}
$output->Text('<dl>');
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
if (pnSecAuthAction(0, 'Stories::Story', "{$row['aid']}:{$row['cat_title']}:{$row['sid']}", ACCESS_READ) && pnSecAuthAction(0, 'Topics::Topic', "{$row['topicname']}::{$row['topicid']}", ACCESS_READ)) {
$row['fdate'] = ml_ftime(_DATELONG, $result->UnixTimeStamp($row['fdate']));
$output->Text('<dt><a href="index.php?name=News&file=article&sid=' . pnVarPrepForDisplay($row['sid']) . '">' . pnVarPrepHTMLDisplay($row['story_title']) . '</a></dt>');
$output->Text('<dd>');
$output->Text(pnVarPrepForDisplay($row['fdate']) . ' (');
if (!empty($row['topicid'])) {
$output->Text($row['topictext']);
}
if (!empty($row['catid'])) {
$output->Text(' - ' . pnVarPrepHTMLDisplay($row['cat_title']));
}
$output->Text(')</dd>');
}
$result->MoveNext();
}
$output->Text('</dl>');
// Munge URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_STORIES_TOPICS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
*/
list($func, $op, $name, $file, $type) = pnVarCleanFromInput('func', 'op', 'name', 'file', 'type');
// load the legacy includes
include_once 'modules/Admin/pnlegacy/tools.php';
// set a constant so we can check the correct entry point later
define('LOADED_AS_MODULE', '1');
$ModName = $module;
include $adminfile;
modules_get_manual();
if (substr($module, 0, 3) == 'NS-') {
$function = substr($module, 3) . '_admin_';
} else {
$function = $module . '_admin_';
}
if (empty($op)) {
$op = 'main';
}
$function_op = $function . $op;
$function_main = $function . 'main';
if (function_exists($function_op)) {
$function_op($_REQUEST);
} elseif (function_exists($function_main)) {
$function_main($_REQUEST);
} else {
// neither function_admin_op nor function_admin_main are available
header('HTTP/1.0 404 Not Found');
include 'header.php';
echo 'Adminfunction <strong>' . pnVarPrepForDisplay($function_op) . '</strong> in Module <strong>' . pnVarPrepForDisplay($module) . '</strong> not available';
include 'footer.php';
exit;
}
/**
* postcalendar_userapi_buildSubmitForm()
* create event submit form
*/
function postcalendar_userapi_buildSubmitForm($args, $admin = false)
{
$_SESSION['category'] = "";
if (!PC_ACCESS_ADD) {
return _POSTCALENDARNOAUTH;
}
extract($args);
unset($args);
//since we seem to clobber category
$cat = $category;
$output = new pnHTML();
$output->SetInputMode(_PNH_VERBATIMINPUT);
// set up Smarty
$tpl = new pcSmarty();
$tpl->caching = false;
$template_name = pnModGetVar(__POSTCALENDAR__, 'pcTemplate');
if (!isset($template_name)) {
$template_name = 'default';
}
//=================================================================
// Setup the correct config file path for the templates
//=================================================================
$modinfo = pnModGetInfo(pnModGetIDFromName(__POSTCALENDAR__));
$modir = pnVarPrepForOS($modinfo['directory']);
$modname = $modinfo['displayname'];
$all_categories =& pnModAPIFunc(__POSTCALENDAR__, 'user', 'getCategories');
//print_r($all_categories);
unset($modinfo);
$tpl->config_dir = "modules/{$modir}/pntemplates/{$template_name}/config/";
//=================================================================
// PARSE MAIN
//=================================================================
$tpl->assign('webroot', $GLOBALS['web_root']);
$tpl->assign_by_ref('TPL_NAME', $template_name);
$tpl->assign('FUNCTION', pnVarCleanFromInput('func'));
$tpl->assign_by_ref('ModuleName', $modname);
$tpl->assign_by_ref('ModuleDirectory', $modir);
$tpl->assign_by_ref('category', $all_categories);
$tpl->assign('NewEventHeader', _PC_NEW_EVENT_HEADER);
$tpl->assign('EventTitle', _PC_EVENT_TITLE);
$tpl->assign('Required', _PC_REQUIRED);
$tpl->assign('DateTimeTitle', _PC_DATE_TIME);
$tpl->assign('AlldayEventTitle', _PC_ALLDAY_EVENT);
$tpl->assign('TimedEventTitle', _PC_TIMED_EVENT);
$tpl->assign('TimedDurationTitle', _PC_TIMED_DURATION);
$tpl->assign('TimedDurationHoursTitle', _PC_TIMED_DURATION_HOURS);
$tpl->assign('TimedDurationMinutesTitle', _PC_TIMED_DURATION_MINUTES);
$tpl->assign('EventDescTitle', _PC_EVENT_DESC);
//the double book variable comes from the eventdata array that is
//passed here and extracted, injection is not an issue here
if (is_numeric($double_book)) {
$tpl->assign('double_book', $double_book);
}
//pennfirm begin patient info handling
$ProviderID = pnVarCleanFromInput("provider_id");
if (is_numeric($ProviderID)) {
$tpl->assign('ProviderID', $ProviderID);
$tpl->assign('provider_id', $ProviderID);
} elseif (is_numeric($event_userid) && $event_userid != 0) {
$tpl->assign('ProviderID', $event_userid);
$tpl->assign('provider_id', $event_userid);
} else {
if ($_SESSION['userauthorized'] == 1) {
$tpl->assign('ProviderID', $_SESSION['authUserID']);
} else {
$tpl->assign('ProviderID', "");
}
}
$provinfo = getProviderInfo();
$tpl->assign('providers', $provinfo);
$PatientID = pnVarCleanFromInput("patient_id");
// limit the number of results returned by getPatientPID
// this helps to prevent the server from stalling on a request with
// no PID and thousands of PIDs in the database -- JRM
// the function getPatientPID($pid, $given, $orderby, $limit, $start) <-- defined in library/patient.inc
$plistlimit = 500;
if (is_numeric($PatientID)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $PatientID, 'limit' => $plistlimit)));
} elseif (is_numeric($event_pid)) {
$tpl->assign('PatientList', getPatientPID(array('pid' => $event_pid, 'limit' => $plistlimit)));
} else {
$tpl->assign('PatientList', getPatientPID(array('limit' => $plistlimit)));
}
$tpl->assign('event_pid', $event_pid);
$tpl->assign('event_aid', $event_aid);
$tpl->assign('event_category', pnVarCleanFromInput("event_category"));
if (empty($event_patient_name)) {
$patient_data = getPatientData($event_pid, $given = "lname, fname");
$event_patient_name = $patient_data['lname'] . ", " . $patient_data['fname'];
}
$tpl->assign('patient_value', $event_patient_name);
//=================================================================
// PARSE INPUT_EVENT_TITLE
//=================================================================
$tpl->assign('InputEventTitle', 'event_subject');
$tpl->assign('ValueEventTitle', pnVarPrepForDisplay($event_subject));
//=================================================================
// PARSE SELECT_DATE_TIME
//=================================================================
// It seems that with Mozilla at least, <select> fields that are disabled
// do not get passed as form data. Therefore we ignore $double_book so
// that the fields will not be disabled. -- Rod 2005-03-22
$output->SetOutputMode(_PNH_RETURNOUTPUT);
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata = $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata .= $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_startmonth));
$formdata = $output->FormSelectMultiple('event_startmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_startday));
$formdata .= $output->FormSelectMultiple('event_startday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_startyear));
$formdata .= $output->FormSelectMultiple('event_startyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectDateTime', $formdata);
$tpl->assign('InputAllday', 'event_allday');
$tpl->assign('ValueAllday', '1');
$tpl->assign('SelectedAllday', $event_allday == 1 ? 'checked' : '');
$tpl->assign('InputTimed', 'event_allday');
$tpl->assign('ValueTimed', '0');
$tpl->assign('SelectedTimed', $event_allday == 0 ? 'checked' : '');
$tpl->assign('STYLE', $GLOBALS['style']);
//=================================================================
// PARSE SELECT_END_DATE_TIME
//=================================================================
$output->SetOutputMode(_PNH_RETURNOUTPUT);
//if there is no end date we want the box to read todays date instead of jan 01 1994 :)
if ($event_endmonth == 0 && $event_endday == 0 && $event_endyear == 0) {
$event_endmonth = $month;
$event_endday = $day;
$event_endyear = $year;
}
if (_SETTING_USE_INT_DATES) {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata = $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata .= $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
} else {
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildMonthSelect', array('pc_month' => $month, 'selected' => $event_endmonth));
$formdata = $output->FormSelectMultiple('event_endmonth', $sel_data, 0, 1, "", "", false, '');
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildDaySelect', array('pc_day' => $day, 'selected' => $event_endday));
$formdata .= $output->FormSelectMultiple('event_endday', $sel_data, 0, 1, "", "", false, '');
}
$sel_data = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildYearSelect', array('pc_year' => $year, 'selected' => $event_endyear));
$formdata .= $output->FormSelectMultiple('event_endyear', $sel_data, 0, 1, "", "", false, '');
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectEndDate', $formdata);
//=================================================================
// PARSE SELECT_TIMED_EVENT
//=================================================================
$stimes = pnModAPIFunc(__POSTCALENDAR__, 'user', 'buildTimeSelect', array('hselected' => $event_starttimeh, 'mselected' => $event_starttimem));
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$timed_hours = $output->FormSelectMultiple('event_starttimeh', $stimes['h'], 0, 1, "", "", false, '');
$timed_minutes = $output->FormSelectMultiple('event_starttimem', $stimes['m'], 0, 1, "", "", false, '');
if (!_SETTING_TIME_24HOUR) {
$ampm = array();
$ampm[0]['id'] = pnVarPrepForStore(_AM_VAL);
$ampm[0]['name'] = pnVarPrepForDisplay(_PC_AM);
$ampm[1]['id'] = pnVarPrepForStore(_PM_VAL);
$ampm[1]['name'] = pnVarPrepForDisplay(_PC_PM);
if ($event_startampm == "AM" || $event_startampm == _AM_VAL) {
$ampm[0]['selected'] = 1;
} else {
$ampm[1]['selected'] = 1;
}
$timed_ampm = $output->FormSelectMultiple('event_startampm', $ampm, 0, 1, "", "", false, '');
} else {
$timed_ampm = '';
}
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$tpl->assign('SelectTimedHours', $timed_hours);
$tpl->assign('SelectTimedMinutes', $timed_minutes);
$tpl->assign('SelectTimedAMPM', $timed_ampm);
$tpl->assign('event_startday', $event_startday);
$tpl->assign('event_startmonth', $event_startmonth);
$tpl->assign('event_startyear', $event_startyear);
$tpl->assign('event_starttimeh', $event_starttimeh);
$tpl->assign('event_starttimem', $event_starttimem);
$tpl->assign('event_startampm', $event_startampm);
$tpl->assign('event_dur_hours', $event_dur_hours);
$tpl->assign('event_dur_minutes', $event_dur_minutes);
//=================================================================
// PARSE SELECT_DURATION
//=================================================================
$event_dur_hours = (int) $event_dur_hours;
for ($i = 0; $i <= 24; $i += 1) {
$TimedDurationHours[$i] = array('value' => $i, 'selected' => $event_dur_hours == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
}
$tpl->assign('TimedDurationHours', $TimedDurationHours);
$tpl->assign('InputTimedDurationHours', 'event_dur_hours');
$found_time = false;
for ($i = 0; $i < 60; $i += _SETTING_TIME_INCREMENT) {
$TimedDurationMinutes[$i] = array('value' => $i, 'selected' => $event_dur_minutes == $i ? 'selected' : '', 'name' => sprintf('%02d', $i));
if ($TimedDurationMinutes[$i]['selected'] == 'selected') {
$found_time = true;
}
}
if (!$found_time) {
$TimedDurationMinutes[$i] = array('value' => $event_dur_minutes, 'selected' => 'selected', 'name' => sprintf('%02d', $event_dur_minutes));
}
$tpl->assign('TimedDurationMinutes', $TimedDurationMinutes);
$tpl->assign('hidden_event_dur_minutes', $event_dur_minutes);
$tpl->assign('InputTimedDurationMinutes', 'event_dur_minutes');
//=================================================================
// PARSE INPUT_EVENT_DESC
//=================================================================
$tpl->assign('InputEventDesc', 'event_desc');
if (empty($pc_html_or_text)) {
$display_type = substr($event_desc, 0, 6);
if ($display_type == ':text:') {
$pc_html_or_text = 'text';
$event_desc = substr($event_desc, 6);
} elseif ($display_type == ':html:') {
$pc_html_or_text = 'html';
$event_desc = substr($event_desc, 6);
} else {
$pc_html_or_text = 'text';
}
unset($display_type);
}
$tpl->assign('ValueEventDesc', pnVarPrepForDisplay($event_desc));
$eventHTMLorText = "<select name=\"pc_html_or_text\">";
if ($pc_html_or_text == 'text') {
$eventHTMLorText .= "<option value=\"text\" selected=\"selected\">" . _PC_SUBMIT_TEXT . "</option>";
} else {
$eventHTMLorText .= "<option value=\"text\">" . _PC_SUBMIT_TEXT . "</option>";
}
if ($pc_html_or_text == 'html') {
$eventHTMLorText .= "<option value=\"html\" selected=\"selected\">" . _PC_SUBMIT_HTML . "</option>";
} else {
$eventHTMLorText .= "<option value=\"html\">" . _PC_SUBMIT_HTML . "</option>";
}
$eventHTMLorText .= "</select>";
$tpl->assign('EventHTMLorText', $eventHTMLorText);
//=================================================================
// PARSE select_event_topic_block
//=================================================================
$tpl->assign('displayTopics', _SETTING_DISPLAY_TOPICS);
if ((bool) _SETTING_DISPLAY_TOPICS) {
$a_topics =& postcalendar_userapi_getTopics();
$topics = array();
foreach ($a_topics as $topic) {
array_push($topics, array('value' => $topic['id'], 'selected' => $topic['id'] == $event_topic ? 'selected' : '', 'name' => $topic['text']));
}
unset($a_topics);
// only show this if we have topics to show
if (count($topics) > 0) {
$tpl->assign('topics', $topics);
$tpl->assign('EventTopicTitle', _PC_EVENT_TOPIC);
$tpl->assign('InputEventTopic', 'event_topic');
}
}
//=================================================================
// PARSE select_event_type_block
//=================================================================
$categories = array();
foreach ($all_categories as $category) {
array_push($categories, array('value' => $category['id'], 'selected' => $category['id'] == $event_category ? 'selected' : '', 'name' => $category['name'], 'color' => $category['color'], 'desc' => $category['desc']));
}
// only show this if we have categories to show
// you should ALWAYS have at least one valid category
if (count($categories) > 0) {
$tpl->assign('categories', $categories);
$tpl->assign('EventCategoriesTitle', _PC_EVENT_CATEGORY);
$tpl->assign('InputEventCategory', 'event_category');
$tpl->assign('hidden_event_category', $event_category);
}
//=================================================================
// PARSE event_sharing_block
//=================================================================
$data = array();
if (_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_PRIVATE, _PC_SHARE_PRIVATE));
array_push($data, array(SHARING_PUBLIC, _PC_SHARE_PUBLIC));
array_push($data, array(SHARING_BUSY, _PC_SHARE_SHOWBUSY));
}
if (pnSecAuthAction(0, 'PostCalendar::', '::', ACCESS_ADMIN) || _SETTING_ALLOW_GLOBAL || !_SETTING_ALLOW_USER_CAL) {
array_push($data, array(SHARING_GLOBAL, _PC_SHARE_GLOBAL));
}
$sharing = array();
foreach ($data as $cell) {
array_push($sharing, array('value' => $cell[0], 'selected' => (int) $event_sharing == $cell[0] ? 'selected' : '', 'name' => $cell[1]));
}
//pennfirm get list of providers from openemr code in calendar.inc
$tpl->assign("user", getCalendarProviderInfo());
$tpl->assign('sharing', $sharing);
$tpl->assign('EventSharingTitle', _PC_SHARING);
$tpl->assign('InputEventSharing', 'event_sharing');
//=================================================================
// location information
//=================================================================
$tpl->assign('EventLocationTitle', _PC_EVENT_LOCATION);
$tpl->assign('InputLocation', 'event_location');
$tpl->assign('ValueLocation', pnVarPrepForDisplay($event_location));
$tpl->assign('EventStreetTitle', _PC_EVENT_STREET);
$tpl->assign('InputStreet1', 'event_street1');
$tpl->assign('ValueStreet1', pnVarPrepForDisplay($event_street1));
$tpl->assign('InputStreet2', 'event_street2');
$tpl->assign('ValueStreet2', pnVarPrepForDisplay($event_street2));
$tpl->assign('EventCityTitle', _PC_EVENT_CITY);
$tpl->assign('InputCity', 'event_city');
$tpl->assign('ValueCity', pnVarPrepForDisplay($event_city));
$tpl->assign('EventStateTitle', _PC_EVENT_STATE);
$tpl->assign('InputState', 'event_state');
$tpl->assign('ValueState', pnVarPrepForDisplay($event_state));
$tpl->assign('EventPostalTitle', _PC_EVENT_POSTAL);
$tpl->assign('InputPostal', 'event_postal');
$tpl->assign('ValuePostal', pnVarPrepForDisplay($event_postal));
//=================================================================
// contact information
//=================================================================
$tpl->assign('EventContactTitle', _PC_EVENT_CONTACT);
$tpl->assign('InputContact', 'event_contname');
$tpl->assign('ValueContact', pnVarPrepForDisplay($event_contname));
$tpl->assign('EventPhoneTitle', _PC_EVENT_PHONE);
$tpl->assign('InputPhone', 'event_conttel');
$tpl->assign('ValuePhone', pnVarPrepForDisplay($event_conttel));
$tpl->assign('EventEmailTitle', _PC_EVENT_EMAIL);
$tpl->assign('InputEmail', 'event_contemail');
$tpl->assign('ValueEmail', pnVarPrepForDisplay($event_contemail));
$tpl->assign('EventWebsiteTitle', _PC_EVENT_WEBSITE);
$tpl->assign('InputWebsite', 'event_website');
$tpl->assign('ValueWebsite', pnVarPrepForDisplay($event_website));
$tpl->assign('EventFeeTitle', _PC_EVENT_FEE);
$tpl->assign('InputFee', 'event_fee');
$tpl->assign('ValueFee', pnVarPrepForDisplay($event_fee));
//=================================================================
// Repeating Information
//=================================================================
$tpl->assign('RepeatingHeader', _PC_REPEATING_HEADER);
$tpl->assign('NoRepeatTitle', _PC_NO_REPEAT);
$tpl->assign('RepeatTitle', _PC_REPEAT);
$tpl->assign('RepeatOnTitle', _PC_REPEAT_ON);
$tpl->assign('OfTheMonthTitle', _PC_OF_THE_MONTH);
$tpl->assign('EndDateTitle', _PC_END_DATE);
$tpl->assign('NoEndDateTitle', _PC_NO_END);
$tpl->assign('InputNoRepeat', 'event_repeat');
$tpl->assign('ValueNoRepeat', '0');
$tpl->assign('SelectedNoRepeat', (int) $event_repeat == 0 ? 'checked' : '');
$tpl->assign('InputRepeat', 'event_repeat');
$tpl->assign('ValueRepeat', '1');
$tpl->assign('SelectedRepeat', (int) $event_repeat == 1 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY, _PC_EVERY_OTHER, _PC_EVERY_THIRD, _PC_EVERY_FOURTH);
$keys = array(REPEAT_EVERY, REPEAT_EVERY_OTHER, REPEAT_EVERY_THIRD, REPEAT_EVERY_FOURTH);
$repeat_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreq', 'event_repeat_freq');
if (empty($event_repeat_freq) || $event_repeat_freq < 1) {
$event_repeat_freq = 1;
}
$tpl->assign('InputRepeatFreqVal', $event_repeat_freq);
$tpl->assign('repeat_freq', $repeat_freq);
unset($in);
$in = array(_PC_EVERY_DAY, _PC_EVERY_WORKDAY, _PC_EVERY_WEEK, _PC_EVERY_MONTH, _PC_EVERY_YEAR);
$keys = array(REPEAT_EVERY_DAY, REPEAT_EVERY_WORK_DAY, REPEAT_EVERY_WEEK, REPEAT_EVERY_MONTH, REPEAT_EVERY_YEAR);
$repeat_freq_type = array();
foreach ($in as $k => $v) {
array_push($repeat_freq_type, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_freq_type ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatFreqType', 'event_repeat_freq_type');
$tpl->assign('repeat_freq_type', $repeat_freq_type);
$tpl->assign('InputRepeatOn', 'event_repeat');
$tpl->assign('ValueRepeatOn', '2');
$tpl->assign('SelectedRepeatOn', (int) $event_repeat == 2 ? 'checked' : '');
unset($in);
$in = array(_PC_EVERY_1ST, _PC_EVERY_2ND, _PC_EVERY_3RD, _PC_EVERY_4TH, _PC_EVERY_LAST);
$keys = array(REPEAT_ON_1ST, REPEAT_ON_2ND, REPEAT_ON_3RD, REPEAT_ON_4TH, REPEAT_ON_LAST);
$repeat_on_num = array();
foreach ($in as $k => $v) {
array_push($repeat_on_num, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_num ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnNum', 'event_repeat_on_num');
$tpl->assign('repeat_on_num', $repeat_on_num);
unset($in);
$in = array(_PC_EVERY_SUN, _PC_EVERY_MON, _PC_EVERY_TUE, _PC_EVERY_WED, _PC_EVERY_THU, _PC_EVERY_FRI, _PC_EVERY_SAT);
$keys = array(REPEAT_ON_SUN, REPEAT_ON_MON, REPEAT_ON_TUE, REPEAT_ON_WED, REPEAT_ON_THU, REPEAT_ON_FRI, REPEAT_ON_SAT);
$repeat_on_day = array();
foreach ($in as $k => $v) {
array_push($repeat_on_day, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_day ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnDay', 'event_repeat_on_day');
$tpl->assign('repeat_on_day', $repeat_on_day);
unset($in);
$in = array(_PC_OF_EVERY_MONTH, _PC_OF_EVERY_2MONTH, _PC_OF_EVERY_3MONTH, _PC_OF_EVERY_4MONTH, _PC_OF_EVERY_6MONTH, _PC_OF_EVERY_YEAR);
$keys = array(REPEAT_ON_MONTH, REPEAT_ON_2MONTH, REPEAT_ON_3MONTH, REPEAT_ON_4MONTH, REPEAT_ON_6MONTH, REPEAT_ON_YEAR);
$repeat_on_freq = array();
foreach ($in as $k => $v) {
array_push($repeat_on_freq, array('value' => $keys[$k], 'selected' => $keys[$k] == $event_repeat_on_freq ? 'selected' : '', 'name' => $v));
}
$tpl->assign('InputRepeatOnFreq', 'event_repeat_on_freq');
if (empty($event_repeat_on_freq) || $event_repeat_on_freq < 1) {
$event_repeat_on_freq = 1;
}
$tpl->assign('InputRepeatOnFreqVal', $event_repeat_on_freq);
$tpl->assign('repeat_on_freq', $repeat_on_freq);
$tpl->assign('MonthsTitle', _PC_MONTHS);
//=================================================================
// PARSE INPUT_END_DATE
//=================================================================
$tpl->assign('InputEndOn', 'event_endtype');
$tpl->assign('ValueEndOn', '1');
$tpl->assign('SelectedEndOn', (int) $event_endtype == 1 ? 'checked' : '');
//=================================================================
// PARSE INPUT_NO_END
//=================================================================
$tpl->assign('InputNoEnd', 'event_endtype');
$tpl->assign('ValueNoEnd', '0');
$tpl->assign('SelectedNoEnd', (int) $event_endtype == 0 ? 'checked' : '');
$qstring = preg_replace("/provider_id=[0-9]*[&]{0,1}/", "", $_SERVER['QUERY_STRING']);
$tpl->assign('qstring', $qstring);
$output->SetOutputMode(_PNH_RETURNOUTPUT);
$authkey = $output->FormHidden('authid', pnSecGenAuthKey());
$output->SetOutputMode(_PNH_KEEPOUTPUT);
$form_hidden = "<input type=\"hidden\" name=\"is_update\" value=\"{$is_update}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"pc_event_id\" value=\"{$pc_event_id}\" />";
$form_hidden .= "<input type=\"hidden\" name=\"category\" value=\"{$cat}\" />";
if (isset($data_loaded)) {
$form_hidden .= "<input type=\"hidden\" name=\"data_loaded\" value=\"{$data_loaded}\" />";
$tpl->assign('FormHidden', $form_hidden);
}
$form_submit = '<input type=hidden name="form_action" value="commit"/>
' . $authkey . '<input type="submit" name="submit" value="go">';
$tpl->assign('FormSubmit', $form_submit);
// do not cache this page
if ($admin) {
$output->Text($tpl->fetch($template_name . '/admin/submit.html'));
} elseif (pnVarCleanFromInput("no_nav") == 1) {
$output->Text($tpl->fetch($template_name . '/user/submit_no_nav.html'));
} else {
$output->Text($tpl->fetch($template_name . '/user/submit.html'));
}
$output->Text(postcalendar_footer());
return $output->GetOutput();
}
function user_main_last10submit($uname)
{
$pntable = pnDBGetTables();
list($dbconn) = pnDBGetConn();
$column =& $pntable['stories_column'];
/**
* Fetch active laguage
*/
if (pnConfigGetVar('multilingual') == 1) {
$querylang = "AND (" . $column['alanguage'] . "='" . pnVarPrepForStore(pnUserGetLang()) . "' OR " . $column['alanguage'] . "='') ";
} else {
$querylang = '';
}
/**
* Build up SQL
*/
$query = "SELECT " . $column['sid'] . ", " . $column['title'] . " " . "FROM " . $pntable['stories'] . " " . "WHERE " . $column['informant'] . "='" . pnVarPrepForStore($uname) . "' " . $querylang . "ORDER BY " . $column['sid'] . " DESC";
/**
* Make limited select
*/
$result = $dbconn->SelectLimit($query, 10, 0);
/**
* Do output
*/
OpenTable();
echo "<font class=\"pn-title\">" . _LAST10SUBMISSIONS . " " . pnVarPrepForDisplay($uname) . ":</font><br><ul>";
while (list($sid, $title) = $result->fields) {
$result->MoveNext();
if (!$title) {
$title = '- no Title -';
}
echo "<li><a class=\"pn-normal\" href=\"modules.php?op=modload&name=News&file=article&sid={$sid}\">" . pnVarPrepForDisplay($title) . "</a><br>";
}
echo "</ul>";
CloseTable();
}
// end of dynamic output
$sitename = pnConfigGetVar('sitename');
if (isset($topicid) && is_numeric($topicid)) {
$title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($topictitle);
} else {
if (isset($catid) && is_numeric($catid)) {
$title = pnVarPrepForDisplay($sitename) . ' :: ' . pnVarPrepForDisplay($categorytitle);
} else {
$title = pnVarPrepForDisplay($sitename);
}
}
$link = pnVarPrepForDisplay(pnGetBaseURL());
$description = pnVarPrepForDisplay(pnConfigGetVar('backend_title'));
$backend_language = pnVarPrepForDisplay($backendlang);
$webmaster = pnVarPrepForDisplay(pnConfigGetVar('adminmail'));
$image_url = $link . 'images/' . pnVarPrepForDisplay(pnConfigGetVar('site_logo'));
$image_title = $title;
// RSS parsers usually use this for the ALT tag on the image
$image_link = $link;
// RSS parsers usually use this as the link when users click on the image
// start the RSS output
echo "<?xml version=\"1.0\" encoding=\"{$charset}\"?>\n\n";
echo "<rss version=\"2.0\" xmlns:dc=\"http://purl.org/dc/elements/1.1/\">";
echo "<channel>\n";
echo "<title>{$title}</title>\n";
echo "<pubDate>" . date('r', strtotime($mostrecentdate)) . "</pubDate>\n";
echo "<link>{$link}</link>\n";
echo "<description>{$description}</description>\n";
echo "<language>{$backend_language}</language>\n";
echo "<image>\n";
echo " <title>{$image_title}</title>\n";
function renameGroup()
{
$module = pnVarCleanFromInput('module');
list($gid, $gname) = pnVarCleanFromInput('gid', 'gname');
if (!pnSecConfirmAuthKey()) {
include 'header.php';
echo _BADAUTHKEY;
include 'footer.php';
exit;
}
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
$groupstable = $pntable['groups'];
$groupscolumn =& $pntable['groups_column'];
// Get details on current group
$query = "SELECT {$groupscolumn['name']}\n FROM {$groupstable}\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
die("No such group ID {$gid}");
}
list($oldgname) = $result->fields;
$result->Close();
if (!pnSecAuthAction(0, 'Groups::', "{$oldgname}::{$gid}", ACCESS_EDIT)) {
include 'header.php';
GraphicAdmin();
OpenTable();
echo "<CENTER><A HREF=\"admin.php?module=" . $module . "&op=secviewgroups\" CLASS=\"pn-title\"><FONT SIZE=\"4\"<B>" . _GROUPADMIN . "</B></FONT></A><font class=\"pn-normal\">: " . pnVarPrepForDisplay($gname) . "</font></CENTER>";
CloseTable();
echo _GROUPSEDITNOAUTH;
include 'footer.php';
return;
}
$query = "UPDATE {$groupstable}\n SET {$groupscolumn['name']}=\"{$gname}\"\n WHERE {$groupscolumn['gid']}='" . (int) pnVarPrepForStore($gid) . "'";
$dbconn->Execute($query);
pnRedirect('admin.php?module=' . $module . '&op=secviewgroup&gid=' . $gid);
}
// echo " <name>op=modload&name=Search&file=index&action=search&active_stories=1&Search</name>\n";
// echo " <link>".$link."/modules.php</link>\n";
// echo "</textinput>\n";
echo "<image>\n";
echo " <title>{$image_title}</title>\n";
echo " <url>{$image_url}</url>\n";
echo " <link>{$image_link}</link>\n";
echo "</image>\n";
echo "<webMaster>{$webmaster}</webMaster>\n";
if ($managingeditor != "") {
echo "<managingEditor>{$managingeditor}</managingEditor>\n";
}
// while(list($sid, $title) = $result->fields) {
while (list($sid, $title, $ihome, $hometext) = $result->fields) {
$title = pnVarPrepHTMLDisplay($title);
$link = pnVarPrepForDisplay(pnGetBaseURL() . "modules.php?op=modload&name=News&file=article&sid={$sid}");
$content = pnVarPrepForDisplay($hometext);
echo "<item>\n";
echo "<title>{$title}</title>\n";
echo "<link>{$link}</link>\n";
if ($show_content) {
echo "<description>\n";
echo $content;
echo "</description>\n";
}
echo "</item>\n";
$result->MoveNext();
}
echo "</channel>\n";
echo "</rss>\n";
}
function search_downloads()
{
list($q, $active_downloads, $bool, $startnum, $total) = pnVarCleanFromInput('q', 'active_downloads', 'bool', 'startnum', 'total');
if (empty($active_downloads)) {
return;
}
if (!pnModAvailable('Downloads')) {
return;
}
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
$output =& new pnHTML();
if (!isset($startnum) || !is_numeric($startnum)) {
$startnum = 1;
}
if (isset($total) && !is_numeric($total)) {
unset($total);
}
$w = search_split_query($q);
$flag = false;
// fifers: have to explicitly name the columns so that if the underlying DB column names change, the code to access them doesn't. We use the column names in assoc array later...
$column =& $pntable['downloads_downloads_column'];
$query = "SELECT {$column['lid']} as lid, {$column['title']} as title, {$column['name']} as name, {$column['description']} as description, {$column['cid']} as cid FROM {$pntable['downloads_downloads']} WHERE \n";
foreach ($w as $word) {
if ($flag) {
switch ($bool) {
case 'AND':
$query .= ' AND ';
break;
case 'OR':
default:
$query .= ' OR ';
break;
}
}
$query .= '(';
// downloads
$query .= "{$column['description']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['title']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['submitter']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['name']} LIKE '" . pnVarPrepForStore($word) . "' OR \n";
$query .= "{$column['homepage']} LIKE '" . pnVarPrepForStore($word) . "' \n";
$query .= ')';
$flag = true;
}
$query .= " ORDER BY {$column['lid']}";
if (empty($total)) {
$total = 0;
$countres =& $dbconn->Execute($query);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
while (!$countres->EOF) {
$row = $countres->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$total++;
}
$countres->MoveNext();
}
}
$result = $dbconn->SelectLimit($query, 10, $startnum - 1);
// check for a db error
if ($dbconn->ErrorNo() != 0) {
return;
}
if (!$result->EOF) {
$output->Text(_DOWNLOADS . ': ' . $total . ' ' . _SEARCHRESULTS);
$output->SetInputMode(_PNH_VERBATIMINPUT);
// Rebuild the search string from previous information
$url = "index.php?name=Search&action=search&active_downloads=1&bool={$bool}&q={$q}";
$output->Text("<dl>");
while (!$result->EOF) {
$row = $result->GetRowAssoc(false);
// we have a download id so get its category
$column2 =& $pntable['downloads_categories_column'];
$result2 =& $dbconn->Execute("SELECT {$column2['title']} \n\t\t\t\t\t\t\t\t\tFROM {$pntable['downloads_categories']} \n\t\t\t\t\t\t\t\t\tWHERE {$column2['cid']}={$row['cid']}");
list($title) = $result2->fields;
if (pnSecAuthAction(0, 'Downloads::Item', "{$row['title']}::{$row['lid']}", ACCESS_READ) && pnSecAuthAction(0, 'Downloads::Category', "{$title}::{$row['cid']}", ACCESS_READ)) {
$row['description'] = strip_tags($row['description']);
if (strlen($row['description']) > 128) {
$row['description'] = substr($row['description'], 0, 125) . '...';
}
$output->Text("<dt><a href=\"index.php?name=Downloads&req=viewdownloaddetails&lid={$row['lid']}\">" . pnVarPrepForDisplay($row[title]) . "</a></dt>");
$output->Text("<dd>" . pnVarPrepForDisplay($row[description]) . "</dd>");
}
$result->MoveNext();
}
$output->Text("</dl>");
// Mung URL for template
$urltemplate = $url . "&startnum=%%&total={$total}";
$output->Pager($startnum, $total, $urltemplate, 10);
} else {
$output->SetInputMode(_PNH_VERBATIMINPUT);
$output->Text(_SEARCH_NO_DOWNLOADS);
$output->SetInputMode(_PNH_PARSEINPUT);
}
$output->Linebreak(3);
return $output->GetOutput();
}
function blocks_online_block($row)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnSecAuthAction(0, 'Onlineblock::', "{$row['title']}::", ACCESS_READ)) {
return;
}
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$activetime = time() - pnConfigGetVar('secinactivemins') * 60;
$query = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} >0\n\t\t GROUP BY {$sessioninfocolumn['uid']}\n\t\t ";
$result = $dbconn->Execute($query);
$numusers = $result->RecordCount();
$result->Close();
$query2 = "SELECT count( 1 )\n FROM {$sessioninfotable}\n WHERE {$sessioninfocolumn['lastused']} > {$activetime} AND {$sessioninfocolumn['uid']} = '0'\n\t\t\t GROUP BY {$sessioninfocolumn['ipaddr']}\n\t\t\t ";
$result2 = $dbconn->Execute($query2);
$numguests = $result2->RecordCount();
$result2->Close();
// Pluralise
if ($numguests == 1) {
$guests = _GUEST;
} else {
$guests = _GUESTS;
}
if ($numusers == 1) {
$users = _MEMBER;
} else {
$users = _MEMBERS;
}
$content = "<span class=\"pn-normal\">" . _CURRENTLY . " " . pnVarPrepForDisplay($numguests) . " " . pnVarPrepForDisplay($guests) . " " . _AND . " " . pnVarPrepForDisplay($numusers) . " " . pnVarPrepForDisplay($users) . " " . _ONLINE . "<br />\n";
if (pnUserLoggedIn()) {
$content .= '<br />' . _YOUARELOGGED . ' <b>' . pnUserGetVar('uname') . '</b>.<br />';
if (pnModAvailable('Messages')) {
// display private messages only when module is active
$column =& $pntable['priv_msgs_column'];
$result2 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid'));
list($numrow) = $result2->fields;
// get unread messages
$result3 = $dbconn->Execute("SELECT count(*) FROM {$pntable['priv_msgs']} WHERE {$column['to_userid']}=" . pnUserGetVar('uid') . " AND {$column['read_msg']}='0'");
list($unreadrow) = $result3->fields;
if ($numrow == 0) {
$content .= '<br /></span>';
} else {
$content .= "<br />" . _YOUHAVE . " (<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGS . "\">" . pnVarPrepForDisplay($numrow) . "</a>|<a class=\"pn-normal\" href=\"modules.php?op=modload&name=Messages&file=index\" title=\"" . _PRIVATEMSGNEW . "\">" . pnVarPrepForDisplay($unreadrow) . "</a>) ";
if ($numrow == 1) {
$content .= _PRIVATEMSG;
} elseif ($numrow > 1) {
$content .= _PRIVATEMSGS;
}
$content .= "</span><br />";
}
}
} else {
$content .= '<br />' . _YOUAREANON . '</span><br />';
}
if (empty($row['title'])) {
$row['title'] = _WHOSONLINE;
}
$row['content'] = $content;
return themesideblock($row);
}
echo '<li>$pndebug[\'pagerendertime\'] = 0;</li>' . "\n";
echo '</ul>' . "\n";
echo "<a href=\"upgrade.php?username={$username}&password={$password}&task=upgrade\">Upgrade all modules.</a>\n";
break;
case 'upgrade':
// get a list of modules needing upgrading
$newmods = pnModAPIFunc('Modules', 'admin', 'list', array('state' => _PNMODULE_STATE_UPGRADED));
// upgrade and activate each module
echo 'Starting upgrade.' . "\n";
echo '<ul>' . "\n";
foreach ($newmods as $newmod) {
pnModAPIFunc('Modules', 'admin', 'upgrade', array('mid' => $newmod['id']));
pnModAPIFunc('Modules', 'admin', 'setstate', array('mid' => $newmod['id'], 'state' => _PNMODULE_STATE_ACTIVE));
echo "<li>{$newmod['name']} upgraded.</li>";
}
echo '</ul>' . "\n";
// regenerate the modules list to pick up any final changes
pnModAPIFunc('Modules', 'admin', 'regenerate');
echo 'Finished upgrade - ' . "\n";
echo 'Go to <a href="index.php">' . pnVarPrepForDisplay(pnConfigGetVar('sitename')) . '</a>.' . "\n";
break;
default:
echo '<p>Please provide your admin account credentials</p>' . "\n";
echo '<form action="upgrade.php?task=regenerate" method="post" enctype="application/x-www-form-urlencoded"><div>' . "\n";
echo '<div><label for="username">Username</label> : <input id="username" type="text" name="username" size="50" maxlength="255" /></div>' . "\n";
echo '<div><label for="password">Password</label> : <input id="password" type="password" name="password" size="50" maxlength="255" /></div>' . "\n";
echo '<input name="submit" type="submit" value="Submit" />' . "\n";
echo '</div></form>' . "\n";
}
echo '</body>' . "\n";
echo '</html>';
