if ($sql) { show_admin_message("Award Scheme updated", "{$pagename}"); } } elseif ($action == "newbadge" && pageauth("advancements", "add")) { $name = safesql($_POST['name'], "text"); $desc = safesql($_POST['desc'], "text"); $sql = $data->insert_query("badges", "'', {$name}, {$desc}, {$sid}"); if ($sql) { show_admin_message("Badge added", "{$pagename}&action=viewsch&id={$sid}"); } } elseif ($action == "editbadge" && pageauth("advancements", "edit")) { $name = safesql($_POST['name'], "text"); $desc = safesql($_POST['desc'], "text"); $sql = $data->update_query("badges", "name={$name}, description={$desc}", "id={$id}"); if ($sql) { show_admin_message("Badge updated", "{$pagename}&action=viewsch&id={$sid}"); } } } if ($action == "viewadd") { $result = $data->select_query("advancements", "WHERE id = '{$id}'"); $row = $data->fetch_array($result); $advan = $row['advancement']; $result = $data->select_query("requirements", "WHERE advancement = '{$id}' ORDER BY position ASC"); $req = array(); $numreqs = $data->num_rows($result); while ($req[] = $data->fetch_array($result)) { } $tpl->assign("advan", $advan); $tpl->assign("req", $req); $tpl->assign("numreqs", $numreqs);
along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA **************************************************************************/ if (!empty($getmodules)) { $module['Member Management']['Scouting Language'] = "language"; $moduledetails[$modulenumbers]['name'] = "Scouting Language"; $moduledetails[$modulenumbers]['details'] = "Manages scouting language of CMScout"; $moduledetails[$modulenumbers]['access'] = "Allowed to access the language page"; $moduledetails[$modulenumbers]['add'] = "notused"; $moduledetails[$modulenumbers]['edit'] = "Allowed to change language"; $moduledetails[$modulenumbers]['delete'] = "notused"; $moduledetails[$modulenumbers]['publish'] = "notused"; $moduledetails[$modulenumbers]['limit'] = "notused"; $moduledetails[$modulenumbers]['id'] = "language"; return; } else { $allowed_array = array('patrol' => true, 'troop' => true, 'advancement_badges' => true, 'award_scheme' => true, 'member' => true, 'members' => true, 'badges' => true); $submit = $_POST['Submit']; $new = array(); if ($submit == "Update") { $result = $data->select_query("scoutlanguage"); $iserror = false; while ($row = $data->fetch_array($result)) { $config_name = $row['name']; $newvalue = safesql($_POST[$config_name], "text", false); $sql = $data->update_query("scoutlanguage", "value = {$newvalue}", "name = '{$config_name}'"); } show_admin_message("Scout Language Updated", "admin.php?page=language"); } $filetouse = 'admin_language.tpl'; }
if ($allowed_array[$config_name] && isset($_POST[$config_name])) { if ($config_name == "siteaddress" && $config['siteaddress'] != $newvalue) { $new = urlencode($_POST[$config_name]); $old = urlencode($config['siteaddress']); @file("http://www.cmscout.co.za/newaddress.php?address={$old}&new={$new}"); } $newvalue = safesql($_POST[$config_name], "text", false); echo $newvalue . '<br>'; $sql = $data->update_query("config", "value = {$newvalue}", "name = '{$config_name}'", "", "", false); } } $config_name = 'exclusion'; $_POST[$config_name] = serialize(is_array($_POST[$config_name]) ? $_POST[$config_name] : ''); $newvalue = safesql($_POST[$config_name], "text", false); $sql = $data->update_query("config", "value = {$newvalue}", "name = '{$config_name}'", "", "", false); show_admin_message("Configuration Updated", "admin.php?page=config"); } $theme_q = $data->select_query("themes", "ORDER BY name ASC"); $theme = array(); $numthemes = $data->num_rows($theme_q); while ($theme[] = $data->fetch_array($theme_q)) { } $sql = $data->select_query("timezones", "ORDER BY offset ASC"); $zone = array(); $numzones = $data->num_rows($sql); while ($zone[] = $data->fetch_array($sql)) { } $sql = $data->select_query("groups", "ORDER BY teamname ASC", "id, teamname"); $group = array(); $numgroups = $data->num_rows($sql); while ($group[] = $data->fetch_array($sql)) {
$module['Configuration']['Logfile viewer'] = "logfile"; $moduledetails[$modulenumbers]['name'] = "Logfile viewer"; $moduledetails[$modulenumbers]['details'] = "Easy viewing of the logfile"; $moduledetails[$modulenumbers]['access'] = "Allowed to view the logfile"; $moduledetails[$modulenumbers]['add'] = "notused"; $moduledetails[$modulenumbers]['edit'] = "Allowed to clear the logfile"; $moduledetails[$modulenumbers]['delete'] = "notused"; $moduledetails[$modulenumbers]['publish'] = "notused"; $moduledetails[$modulenumbers]['limit'] = "notused"; $moduledetails[$modulenumbers]['id'] = "logfile"; return; } else { if ($_GET['action'] == "clear") { $file = fopen("logfile.txt", "w"); fclose($file); show_admin_message("Logfile cleared", $pagename); } $lines = file("logfile.txt"); $logfileDump = array(); $date = true; $temp = ''; foreach ($lines as $line) { $line = trim($line); if ($line != "---------------------" && $line != "") { if ($date) { $temp['date'] = $line; $date = false; } else { $temp['error'] = $line; $date = true; }
email_user($user['id'], "account_deactiv"); } } $insertSQL = sprintf("uname=%s, status=%s, timezone=%s, firstname=%s, lastname=%s, email=%s, custom=%s", safesql($username, "text"), safesql($status, "text"), safesql($_POST['zone'], "text"), safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text")); if ($password) { $insertSQL .= ", passwd=" . safesql(md5($password), "text"); } $Result1 = $data->update_query("users", $insertSQL, "id={$id}"); if ($Result1) { show_admin_message("User details updated", "admin.php?page=users"); } } else { $insertSQL = sprintf("firstname=%s, lastname=%s, email=%s, custom=%", safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text")); $Result1 = $data->update_query("users", $insertSQL, "id={$id}"); if ($Result1) { show_admin_message("User details updated", "admin.php?page=users"); } } } if ($action == "Edit") { $user_query = $data->select_query("users", "WHERE id={$safe_id}"); $users = $data->fetch_array($user_query); $action = 'Edit'; } $sql = $data->select_query("timezones", "ORDER BY offset ASC"); $zone = array(); $numzones = $data->num_rows($sql); while ($zone[] = $data->fetch_array($sql)) { } $sql = $data->select_query("profilefields", "WHERE place=0 ORDER BY pos ASC"); $fields = array();
} $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}"); $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}"); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=customprofile"); } elseif ($action == "movedown" && pageauth("customprofile", "edit") == 1) { $sql = $data->select_query("profilefields", "WHERE id={$safe_id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 + 1; $sql = $data->select_query("profilefields", "WHERE pos='{$temppos}' AND place=0"); $row2 = $data->fetch_array($sql); $pos2 = $row2['position']; $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}"); $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}"); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=customprofile"); } elseif ($action == "edit" && pageauth("customprofile", "edit") == 1) { $item = $data->select_fetch_one_row("profilefields", "WHERE id={$safe_id}"); $item['options'] = unserialize($item['options']); $tpl->assign("item", $item); } elseif ($action == "delete" && pageauth("customprofile", "delete") == 1) { $delete = $data->delete_query("profilefields", "id={$safe_id}"); if ($delete) { show_admin_message("Field deleted", "{$pagename}"); } $action = ""; } $tpl->assign("action", $action); $filetouse = "admin_customprofile.tpl"; }
} elseif ($action == "moveup") { $uid = safesql($_GET['uid'], "int"); $userGroups = $data->select_fetch_one_row("usergroups", "WHERE userid={$uid} AND groupid={$gid}"); $userGroups['utype'] = $userGroups['utype'] + 1; if ($userGroups['type'] <= 2) { $data->update_query("usergroups", "utype={$userGroups['utype']}", "userid = {$uid} AND groupid={$gid}"); } show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}"); } elseif ($action == "movedown") { $uid = safesql($_GET['uid'], "int"); $userGroups = $data->select_fetch_one_row("usergroups", "WHERE userid={$uid} AND groupid={$gid}"); $userGroups['utype'] = $userGroups['utype'] - 1; if ($userGroups['type'] >= 0) { $data->update_query("usergroups", "utype={$userGroups['utype']}", "userid = {$uid} AND groupid={$gid}"); } show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}"); } $sql = $data->select_query("users", "WHERE id={$uid}"); $userinfo = $data->fetch_array($sql); $sql = $data->select_query("usergroups", "WHERE userid={$uid}"); $usergroups = array(); $numusergroups = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $sql2 = $data->select_query("groups", "WHERE id={$temp['groupid']}", "id, teamname"); $temp2 = $data->fetch_array($sql2); $temp2['type'] = $temp['utype']; $usergroups[] = $temp2; } $sql = $data->select_query("groups"); $numgroups = 0; $groups = array();
case "stat": $type = 1; break; case "art": $type = 4; break; case "group": $type = 3; break; } } $item = $type == 5 ? $url : safesql($item[0], "text"); $itemsql = $data->select_fetch_one_row("submenu", "WHERE id={$id}", "pos"); $update = $data->update_query("submenu", "name = {$name}, item = {$item}, type={$type}", "id={$id}"); if ($update) { show_admin_message("Item updated", "admin.php?page=subsite&subpage=submenu&sid={$siteid}"); } } } if ($action == "" || $action == "view") { $sql = $data->select_query("submenu", "WHERE site={$safe_siteid} ORDER BY pos ASC"); $numside = $data->num_rows($sql); $menuitems = array(); while ($temp = $data->fetch_array($sql)) { switch ($temp['type']) { case 1: //Static $itemDetails = $data->select_fetch_one_row("static_content", "WHERE id='{$temp['item']}' AND type=2 AND pid={$safe_siteid}", "name, friendly"); if (isset($itemDetails)) { $temp['action'] = "Static Page: " . (isset($itemDetails['friendly']) ? $itemDetails['friendly'] : $itemDetails['name']); } else {
if ($data->num_rows($temp) != 0) { $pos++; } } while ($data->num_rows($temp) != 0); $sql = $data->insert_query("frontpage", "NULL, {$itemid}, {$type}, '{$pos}'"); if ($sql) { show_admin_message("Item added", "{$pagename}"); } $action = ""; } elseif ($action == "edit" && pageauth("frontpage", "edit") == 1) { $temp = explode(".", $_POST['itemid']); $itemid = safesql($temp[0], "int"); $type = safesql($temp[1] == "dynamic" ? 1 : 0, "int"); $sql = $data->update_query("frontpage", "item = {$itemid}, type = {$type}", "id={$id}"); if ($sql) { show_admin_message("Item updated", "{$pagename}"); } $action = ""; } } if ($action == "" || $action == "view") { $sql = $data->select_query("frontpage", "ORDER BY pos ASC"); $numfront = $data->num_rows($sql); $frontpages = array(); while ($temp = $data->fetch_array($sql)) { if ($temp['type'] == 0) { $temp2 = $data->select_fetch_one_row("static_content", "WHERE id={$temp['item']}"); $temp['name'] = "<b>Static Page: </b>" . ($temp2['friendly'] == '' ? $temp2['name'] : $temp2['friendly']); } else { $temp2 = $data->select_fetch_one_row("functions", "WHERE id={$temp['item']}"); $temp['name'] = "<b>Dynamic Page: </b>" . $temp2['name'];
$sql = $data->select_query("groups", "WHERE id = {$groupid}", "teamname"); $stuff = $data->fetch_array($sql); $cond = safesql($stuff['teamname'], "text"); $sort = "uname"; $order = "ASC"; if ($field != 'none') { $where = " team = {$cond} "; } } if ($action == "delete") { $id = safesql($_GET['id'], "int"); $temp = $data->select_fetch_one_row("users", "WHERE id = {$id}"); $username = $temp['uname']; $sql2 = $data->delete_query("users", "id='{$id}'"); $data->delete_query("usergroups", "userid='{$id}'", "", "", false); show_admin_message("{$username} deleted", "{$pagename}"); $action = ""; } $row = array(); if (pageauth("users", "limit") == 1) { $usergroups = user_groups_id_array($check['id']); $userquery = ''; $first2 = true; for ($i = 0; $i < count($usergroups); $i++) { if ($first2 == false) { $userquery .= " OR "; } else { $first2 = false; } $group_ids = group_users_id_array($usergroups[$i]); $first = true;
unlink($config['downloadpath'] . "/" . $temp['file']); $sqlq = $data->delete_query("downloads", "id={$id}"); break; case "news": $sqlq = $data->delete_query("newscontent", "id={$id}"); break; case "poll": $sqlq = $data->delete_query("polls", "id={$id}"); break; case "content": $sqlq = $data->delete_query("static_content", "id={$id}"); $sqlq = $data->delete_query("frontpage", "item={$id} AND type=0"); $sqlq = $data->delete_query("menu_items", "item={$id} AND type=1"); break; } show_admin_message("Item permentaly deleted", "{$pagename}&activetab={$type}"); } $result = $data->select_query("album_track", "WHERE trash=1"); $album = array(); $numalbums = $data->num_rows($result); while ($album[] = $data->fetch_array($result)) { } $tpl->assign("album", $album); $tpl->assign("numalbums", $numalbums); $result = $data->select_query("patrol_articles", "WHERE trash=1"); $article = array(); $numarticles = $data->num_rows($result); while ($article[] = $data->fetch_array($result)) { } $tpl->assign("article", $article); $tpl->assign("numarticles", $numarticles);
$ass['edit'][$moduleid] = $_POST["ass_" . $moduleid . "_edit"] == 1 ? 1 : 0; $ass['delete'][$moduleid] = $_POST["ass_" . $moduleid . "_delete"] == 1 ? 1 : 0; $ass['publish'][$moduleid] = $_POST["ass_" . $moduleid . "_pub"] == 1 ? 1 : 0; $ass['limit'][$moduleid] = $_POST["ass_" . $moduleid . "_limit"] == 1 ? 1 : 0; $gpl['access'][$moduleid] = $_POST["gpl_" . $moduleid . "_access"] == 1 ? 1 : 0; $gpl['add'][$moduleid] = $_POST["gpl_" . $moduleid . "_add"] == 1 ? 1 : 0; $gpl['edit'][$moduleid] = $_POST["gpl_" . $moduleid . "_edit"] == 1 ? 1 : 0; $gpl['delete'][$moduleid] = $_POST["gpl_" . $moduleid . "_delete"] == 1 ? 1 : 0; $gpl['publish'][$moduleid] = $_POST["gpl_" . $moduleid . "_pub"] == 1 ? 1 : 0; $gpl['limit'][$moduleid] = $_POST["gpl_" . $moduleid . "_limit"] == 1 ? 1 : 0; } $user = safesql(serialize($user), "text"); $ass = safesql(serialize($ass), "text"); $gpl = safesql(serialize($gpl), "text"); $data->update_query("groups", "normaladmin = {$user}, agladmin = {$ass}, gladmin = {$gpl}", "id={$id}"); show_admin_message("Group administration panel access updated", "{$pagename}"); } else { $tpl->assign("nummodules", $modulenumbers); $tpl->assign("modules", $moduledetails); $sql = $data->select_query("groups", "WHERE id={$id}"); $group = $data->fetch_array($sql); $user = unserialize($group['normaladmin']); $ass = unserialize($group['agladmin']); $gpl = unserialize($group['gladmin']); $tpl->assign("group", $group); $tpl->assign("user", $user); $tpl->assign("ass", $ass); $tpl->assign("gpl", $gpl); } } $message = "";
$moveto = $_POST['place']; if ($moveto == '0') { $pid = 0; $type = 0; } else { $moveto = explode("_", $moveto); if ($moveto[0] == "group") { $pid = safesql($moveto[1], "int"); $type = 1; } elseif ($moveto[0] == "site") { $pid = safesql($moveto[1], "int"); $type = 2; } } $data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}"); show_admin_message("Content moved", "{$pagename}"); } } else { $result = $data->select_query("static_content", "WHERE type=0 AND trash=0 ORDER BY friendly ASC"); $content = array(); $numcontent = $data->num_rows($result); while ($content[] = $data->fetch_array($result)) { } } $tpl->assign('Showcontent', $Showcontent); $tpl->assign('name', $name); $tpl->assign('action', $action); $tpl->assign('numcontent', $numcontent); $tpl->assign('content', $content); $tpl->assign('editFormAction', $editFormAction); $filetouse = "admin_content.tpl";
$static = $_POST['static']; $subsites = $_POST['subsites']; $dynamic = safesql(serialize($dynamic), "text"); $permissions = safesql(serialize($permissions), "text"); $static = safesql(serialize($static), "text"); $subsites = safesql(serialize($subsites), "text"); $name = explode(".", $_POST['name']); if ($name[1] == "user") { $type = 1; } else { $type = 2; } $name = safesql($name[0], "text"); $sql = $data->update_query("auth", "authname = {$name}, dynamic = {$dynamic}, permission = {$permissions}, static = {$static}, subsites = {$subsites}, type={$type}", "id={$safe_id}"); if ($sql) { show_admin_message("Authorization item updated", $pagename); } } } if ($action == "new" && pageauth("auth", "add") == 1 || $action == "edit" && pageauth("auth", "edit") == 1) { $safe_id = safesql($id, "int"); $sql = $data->select_query("functions", "WHERE type=2 ORDER BY name ASC", "id, name, code"); $numdynamic = $data->num_rows($sql); $dynamic = array(); while ($dynamic[] = $data->fetch_array($sql)) { } $sql = $data->select_query("functions", "WHERE type=3 ORDER BY name ASC", "id, name, code"); $numperms = $data->num_rows($sql); $permissions = array(); while ($permissions[] = $data->fetch_array($sql)) { }
if ($data->num_rows($recordsql) > 0) { $record = safesql(serialize($_POST['requirement']), "text"); $comments = safesql(serialize($_POST['comment']), "text"); $data->update_query("scoutrecord", "requirements={$record}, comment={$comments}", "userid={$safe_memberid} AND scheme= {$safe_scheme}"); } else { $record = safesql(serialize($_POST['requirement']), "text"); $comments = safesql(serialize($_POST['comment']), "text"); $data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}"); } show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements"); } elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) { $badgeid = safesql($_POST['bid'], "int"); $comment = safesql($_POST['comment'], "text"); $date = safesql(time(), "int"); $data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}"); show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges"); } } $schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC"); $tpl->assign("schemes", $schemes); $tpl->assign("numschemes", $numschemes); if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) { $advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC"); $numadva = $data->num_rows($advansql); $advancements = array(); $numitems = 0; $recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}"); $scoutRecord['requirement'] = unserialize($recordsql['requirements']); $scoutRecord['comment'] = unserialize($recordsql['comment']); while ($temp = $data->fetch_array($advansql)) { $getrequirements = $data->select_query("requirements", "WHERE advancement = '{$temp["ID"]}' ORDER BY position ASC");
if ($action == "newfield") { $data->insert_query("profilefields", "'', {$name}, {$query}, {$options}, {$hint}, {$type}, {$required}, {$register}, 0, {$pos}, 2, {$eventid}"); show_admin_message("Field Added", "{$pagename}&action=signups&id={$eventid}&activetab=ical"); } elseif ($action == "editfield") { $data->update_query("profilefields", "query={$query}, options={$options}, hint={$hint}, type={$type}, required={$required}, register={$register}", "id={$id}"); show_admin_message("Field Updated", "{$pagename}&action=signups&id={$eventid}&activetab=ical"); } } } elseif ($action == "deletefield") { $eventid = safesql($_GET['event'], "int"); $data->delete_query("profilefields", "id={$id}"); show_admin_message("Field Deleted", "{$pagename}&action=signups&id={$eventid}&activetab=ical"); } elseif ($action == "deletedownload") { $eventid = safesql($_GET['event'], "int"); $data->delete_query("calendar_downloads", "id={$id}"); show_admin_message("Download Removed", "{$pagename}&action=signups&id={$eventid}&activetab=ical"); } elseif ($action == "newattend") { $sql = $data->select_query("users"); $users = array(); while ($temp = $data->fetch_array($sql)) { $sql2 = $data->select_query("auth", "WHERE authname='{$temp['id']}' AND type=1 AND id != {$safe_id}"); if ($data->num_rows($sql2) == 0) { $users[] = $temp; } } } if (!$action) { $calsql = $data->select_query("calendar_items", "WHERE trash=0 ORDER BY startdate ASC"); $numitems = $data->num_rows($calsql); $items = array(); while ($items[] = $data->fetch_array($calsql)) {
$sql = $data->select_query("forummods", "WHERE fid={$fid}"); $nummods = $data->num_rows($sql); $mods = array(); while ($temp = $data->fetch_array($sql)) { if ($temp['type'] == 0) { $sql2 = $data->select_query("users", "WHERE id={$temp['mid']}", "uname"); $temp2 = $data->fetch_array($sql2); $temp['name'] = "User: "******"groups", "WHERE id={$temp['mid']}", "teamname"); $temp2 = $data->fetch_array($sql2); $temp['name'] = "Group: " . $temp2['teamname']; } $mods[] = $temp; } $tpl->assign("forum", $forum); $tpl->assign("groups", $groups); $tpl->assign("numgroups", $numgroups); $tpl->assign("users", $users); $tpl->assign("numusers", $numusers); $tpl->assign("mods", $mods); $tpl->assign("nummods", $nummods); } elseif ($action == "deletemod" && pageauth("forums", "delete") == 1) { $id = safesql($_GET['id'], "int"); $data->delete_query("forummods", "id={$id}"); show_admin_message("Moderator Deleted", "{$pagename}&action=moderator&fid={$fid}&cid={$cid}"); } $tpl->assign('editFormAction', $editFormAction); $tpl->assign('action', $action); $filetouse = "admin_forums.tpl"; }
$sql = $data->update_query("links", "name={$name}, url={$url}, `desc`={$desc}, cat={$cat}", "id={$did}"); if ($sql) { show_admin_message("Link updated", "{$pagename}&action=view&id={$id}"); } } elseif ($action == "add" && pageauth("links", "add") == 1) { $catname = safesql($_POST['catname'], "text"); $pos = get_end_pos("links_cats"); $sql = $data->insert_query("links_cats", "NULL, {$catname}, {$pos}"); if ($sql) { show_admin_message("Category added", "{$pagename}"); } } elseif ($action == "edit" && pageauth("links", "edit") == 1) { $catname = safesql($_POST['catname'], "text"); $sql = $data->update_query("links_cats", "name = {$catname}", "id = {$id}"); if ($sql) { show_admin_message("Category updated", "{$pagename}"); } } } if ($action == "view") { $query = $data->select_query("links_cats", "WHERE id = {$id} ORDER BY position ASC"); $catinfo = $data->fetch_array($query); $down_query = $data->select_query("links", "WHERE cat='{$id}' ORDER BY position ASC"); $numlinks = $data->num_rows($down_query); $links = array(); while ($links[] = $data->fetch_array($down_query)) { } $tpl->assign("links", $links); $tpl->assign("numlinks", $numlinks); $tpl->assign("catinfo", $catinfo); $tpl->assign('id', $id);
return; } else { $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $Submit = $_POST['Submit']; $id = $_GET['id']; $action = $_GET['action']; // Edit content if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) { $id = safesql($id, "int"); $subject = safesql($_POST['subject'], "text"); $email = safesql($_POST['email'], "text"); if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) { show_admin_message("Email updated", $pagename); } } // Show specific content if ($id != "" && pageauth("emailedit", "edit") == 1) { // Show selected content $id = safesql($id, "int"); $email = $data->select_fetch_one_row("emails", "WHERE id={$id}"); $tpl->assign("email", $email); } // Show all news $emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC"); $tpl->assign('action', $action); $tpl->assign('numemails', $numemails); $tpl->assign('emails', $emails); $filetouse = "admin_emailedit.tpl";
show_admin_message("Poll added", "{$pagename}"); } $tpl->assign("item", $item); $tpl->assign("numoptions", $numoptions); } elseif ($action == "delete") { $id = safesql($_GET['id'], "int"); $sqlq = $data->update_query("polls", "trash=1", "id={$id}"); if ($sqlq) { show_admin_message("Poll deleted", "{$pagename}"); } } elseif ($action == 'publish' && pageauth("poll", "publish") == 1) { $id = safesql($_GET['id'], "int"); $sqlq = $data->update_query("polls", "allowed=1", "id={$id}"); if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='poll'"))) { $item = $data->select_fetch_one_row("polls", "WHERE id={$id}"); email('newitem', array("poll", $item)); $data->delete_query("review", "item_id={$id} AND type='poll'"); } show_admin_message("Poll published", "{$pagename}"); } elseif ($action == 'unpublish' && pageauth("poll", "publish") == 1) { $id = safesql($_GET['id'], "int"); $sqlq = $data->update_query("polls", "allowed=0", "id={$id}"); show_admin_message("Poll unpublished", "{$pagename}"); } else { $pollitems = $data->select_fetch_all_rows($numpolls, "polls", "WHERE trash=0 ORDER BY date_start ASC"); $tpl->assign("numpolls", $numpolls); $tpl->assign("pollitems", $pollitems); } $tpl->assign("action", $action); $filetouse = "admin_poll.tpl"; }
show_admin_message("Photo updated", "{$pagename}&action=view&id={$id}"); } } elseif ($action == "new") { if (pageauth("photo", "limit") == 1) { $groupsqllist = group_sql_list_id("id", "OR", true); $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1"); } else { $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1"); } $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); if ($_POST['submit'] == "Add Album") { $group = safesql($_POST['patrol'], "int"); $name = safesql($_POST['album_name'], "text"); $data->insert_query("album_track", "'', {$name}, {$group}, 1, 0"); show_admin_message("Album added", "{$pagename}"); } } elseif ($action == "") { if (pageauth("photo", "limit")) { $patrollist = group_sql_list_id("patrol", "OR"); $result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC"); } else { $result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC"); } $albums = array(); while ($temp = $data->fetch_array($result)) { if ($temp['patrol'] > 0) { $temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname"); $temp['patrol'] = $temp2['teamname']; } elseif ($temp['patrol'] == 0) { $temp['patrol'] = "None";
case "dyn": $type = 2; break; case "stat": $type = 1; break; case "art": $type = 4; break; } } $item = $type == 5 ? $url : safesql($item[0], "text"); $itemsql = $data->select_fetch_one_row("patrolmenu", "WHERE id={$id}", "pos"); $update = $data->update_query("patrolmenu", "name = {$name}, item = {$item}, type={$type}", "id={$id}"); if ($update) { show_admin_message("Item updated", "admin.php?page=patrol&subpage=patrolmenus&pid={$patrolid}"); } } } if ($action == "" || $action == "view") { $sql = $data->select_query("patrolmenu", "WHERE patrol={$safe_patrolid} ORDER BY pos ASC"); $numside = $data->num_rows($sql); $menuitems = array(); while ($temp = $data->fetch_array($sql)) { switch ($temp['type']) { case 1: //Static $itemDetails = $data->select_fetch_one_row("static_content", "WHERE id='{$temp['item']}' AND type=1 AND pid={$safe_patrolid}", "name, friendly"); if (isset($itemDetails)) { $temp['action'] = "Static Page: " . (isset($itemDetails['friendly']) ? $itemDetails['friendly'] : $itemDetails['name']); } else {
$action = ""; } elseif ($Submit == "Modify" && pageauth("news", "edit") == 1) { $news = safesql($_POST['editor'], "text"); $title = safesql($_POST['title'], "text"); $attachment = safesql($_POST['attachment'], "text"); $Update = $data->update_query("newscontent", "title={$title}, news={$news}, attachment={$attachment}", "id='{$id}'", 'News Admin', "Updated news item {$id}"); if ($Update) { show_admin_message("News updated", "{$pagename}"); } $action = ""; } // Delete News if ($action == "delete" && pageauth("news", "delete") == 1) { $Delete = $data->update_query("newscontent", "trash=1", "id='{$id}'"); if ($Delete) { show_admin_message("News trashed", "{$pagename}"); } } elseif ($action == 'publish' && pageauth("news", "publish") == 1) { $sqlq = $data->update_query("newscontent", "allowed = 1", "id={$id}"); if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='news'"))) { $item = $data->select_fetch_one_row("newscontent", "WHERE id={$id}"); email('newitem', array("news", $item)); $data->delete_query("review", "item_id={$id} AND type='news'"); } header("Location: {$pagename}"); } elseif ($action == 'unpublish' && pageauth("news", "publish") == 1) { $sqlq = $data->update_query("newscontent", "allowed = 0", "id={$id}"); header("Location: {$pagename}"); } // Show specific news if ($id != "") {
} elseif ($action == "Add") { $submit = $_POST['Submit']; if ($submit == 'Submit') { $teamname = safesql($_POST['name'], "text"); $sql3 = $data->insert_query("subsites", "'', {$teamname}"); if ($sql3) { show_admin_message("Sub site added", "{$pagename}"); } } } elseif ($action == "delete") { $id = $_GET['id']; $sql3 = $data->delete_query("subsites", "id={$id}"); $data->delete_query("static_content", "type=2 AND pid={$id}"); $data->delete_query("submenu", "site={$oldname}"); if ($sql3) { show_admin_message("Sub site deleted", "{$pagename}"); } } $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $tpl->assign('editFormAction', $editFormAction); $tpl->assign('sites', $sites); $tpl->assign('action', $action); $tpl->assign('numsites', $numsites); $filetouse = "admin_subsite.tpl"; } else { $allowed = array('subcontent' => true, 'submenu' => true); if (array_key_exists($subpage, $allowed)) { include "admin/admin_{$subpage}.php";
$moveto = $_POST['place']; if ($moveto == '0') { $pid = 0; $type = 0; } else { $moveto = explode("_", $moveto); if ($moveto[0] == "group") { $pid = safesql($moveto[1], "int"); $type = 1; } elseif ($moveto[0] == "site") { $pid = safesql($moveto[1], "int"); $type = 2; } } $data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}"); show_admin_message("Content moved", "admin.php?page=patrol&subpage=patrolcontent&pid={$patrolid}"); } } $result = $data->select_query("static_content", "WHERE type=1 AND pid={$safe_patrolid} ORDER BY friendly ASC"); $content = array(); $content[] = $data->fetch_array($result); $numcontent = $data->num_rows($result); while ($content[] = $data->fetch_array($result)) { } $tpl->assign("item", $item); $tpl->assign("patrolname", $patrolname); $tpl->assign("patrolid", $patrolid); $tpl->assign('name', $name); $tpl->assign('action', $action); $tpl->assign('numcontent', $numcontent); $tpl->assign('content', $content);
show_admin_message("Section added", $pagename); } } elseif ($action == "edit" && pageauth("sections", "edit")) { $name = safesql($_POST['name'], "text"); $sql = $data->update_query("sections", "name = {$name}", "id = {$id}"); if ($sql) { show_admin_message("Section updated", $pagename); } } } if ($action == "edit" && pageauth("sections", "edit")) { $result = $data->select_query("sections", "WHERE id = '{$id}'"); $section = $data->fetch_array($result); $tpl->assign("section", $section); } elseif ($action == "delete" && pageauth("sections", "delete")) { $sql = $data->delete_query("sections", "id = '{$id}'"); if ($sql) { show_admin_message("Section deleted", $pagename); } } else { $result = $data->select_query("sections", "ORDER BY name ASC"); $sections = array(); $numsections = $data->num_rows($result); while ($sections[] = $data->fetch_array($result)) { } $tpl->assign('sections', $sections); $tpl->assign('numsections', $numsections); } $tpl->assign('action', $action); $filetouse = "admin_sections.tpl"; }
} } $custom = safesql(serialize($custom), "text"); $insertSQL = "'', '', {$username}, {$password}, {$status}, {$timestamp}, 0, 0, 0, 0, {$zone}, 0, {$firstname}, {$lastname}, {$email}, '', '', 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, {$custom}"; if ($data->insert_query("users", $insertSQL)) { $uinfo = $data->select_fetch_one_row("users", "WHERE uname={$username}"); $data->insert_query("usergroups", "{$config['defaultgroup']}, {$uinfo['id']}, 0"); if ($_POST['member'] == 1) { $type = safesql($_POST['type'], "int"); $sex = safesql($_POST['sex'], "int"); $address = safesql('None', "text"); $tel = safesql('None', "text"); $cell = safesql('None', "text"); $data->insert_query("members", "'', {$firstname}, NULL, {$lastname}, '0', {$sex}, {$address}, {$cell}, {$tel}, NULL, {$email}, NULL, NULL, NULL, NULL, NULL, 0, 0, {$type}, {$uinfo['id']}, 0, 0, 0, 0, NULL"); } show_admin_message("User added", "admin.php?page=users"); } } $zone = $data->select_fetch_all_rows($numzones, "timezones", "ORDER BY offset ASC"); $sql = $data->select_query("profilefields", "WHERE place=0 ORDER BY pos ASC"); $fields = array(); $numfields = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $temp['options'] = unserialize($temp['options']); $fields[] = $temp; } $tpl->assign('fields', $fields); $tpl->assign('numfields', $numfields); $tpl->assign('zone', $zone); $tpl->assign('numzones', $numzones); $filetouse = "admin_add_user.tpl";
$moveto = $_POST['place']; if ($moveto == '0') { $pid = 0; $type = 0; } else { $moveto = explode("_", $moveto); if ($moveto[0] == "group") { $pid = safesql($moveto[1], "int"); $type = 1; } elseif ($moveto[0] == "site") { $pid = safesql($moveto[1], "int"); $type = 2; } } $data->update_query("static_content", "type={$type}, frontpage=0, pid={$pid}", "id={$safe_id}"); show_admin_message("Content moved", "admin.php?page=subsite&subpage=subcontent&sid={$siteid}"); } } // Show all news $result = $data->select_query("static_content", "WHERE type=2 AND pid={$safe_siteid} ORDER BY friendly ASC"); $content = array(); $content[] = $data->fetch_array($result); $numcontent = $data->num_rows($result); while ($content[] = $data->fetch_array($result)) { } $tpl->assign("item", $item); $tpl->assign("siteid", $siteid); $tpl->assign("sitename", $sitename); $tpl->assign('name', $name); $tpl->assign('action', $action); $tpl->assign('numcontent', $numcontent);
while ($teams[] = $data->fetch_array($team_query)) { } $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); $submit = $_POST["Submit"]; if ($submit == "Submit") { $title = safesql($_POST['title'], "text"); $sort = safesql($_POST['sort'], "text"); $order = safesql($_POST['order'], "text"); $display = safesql($_POST['display'], "int"); $groupallowed = safesql(serialize($_POST['groups']), "text"); $description = safesql($_POST['description'], "text"); $perpage = safesql($_POST['perpage'], "int"); $sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}"); if ($sql) { show_admin_message("Topic added", "{$pagename}&activetab=topics"); } } } else { $action = ""; } if ($action == "") { $row = array(); if (pageauth("patrolart", "limit")) { $patrol = group_sql_list_id("patrol", "OR", true); $result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC"); } else { $result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC"); } $numarticles = $data->num_rows($result); while ($temp = $data->fetch_array($result)) {
$moduledetails[$modulenumbers]['delete'] = "Allowed to uncensor words"; $moduledetails[$modulenumbers]['publish'] = "notused"; $moduledetails[$modulenumbers]['limit'] = "notused"; $moduledetails[$modulenumbers]['id'] = "censor"; return; } else { $Submit = $_POST['Submit']; $action = $_GET['action']; $id = $_GET['id']; if ($action == "add" && pageauth("censor", "add")) { $word = safesql($_GET['word'], "text"); $Add = $data->insert_query("censorwords", "NULL, {$word}"); if ($Add) { show_admin_message("Word added", "{$pagename}"); } $action = ""; } elseif ($action == "delete" && pageauth("censor", "delete")) { $Delete = $data->delete_query("censorwords", "id='{$id}'"); if ($Delete) { show_admin_message("Word removed", "{$pagename}"); } } $result = $data->select_query("censorwords", "ORDER BY id DESC"); $words = array(); $numwords = $data->num_rows($result); while ($words[] = $data->fetch_array($result)) { } $tpl->assign('numwords', $numwords); $tpl->assign('words', $words); $filetouse = "admin_censor.tpl"; }