function drawStaffList($where, $searchterms = false) { global $isAdmin, $_josh; $return = drawJumpToStaff() . '<table class="left" cellspacing="1">'; if ($isAdmin) { $colspan = 5; $return .= drawHeaderRow(false, $colspan, "new", "add_edit.php"); } else { $colspan = 4; $return .= drawHeaderRow(false, $colspan); } $return .= '<tr> <th class="image"></th> <th>Name / Office</th> <th>Title / Department</th> <th class="r">Phone</th>'; if ($isAdmin) { $return .= '<th></th>'; } $return .= '</tr>'; $result = db_query("SELECT \n\t\t\tu.userID, \n\t\t\tu.lastname,\n\t\t\tISNULL(u.nickname, u.firstname) firstname, \n\t\t\tu.bio, \n\t\t\tu.phone,\n\t\t\tc.description corporationName,\n\t\t\tu.corporationID,\n\t\t\to.name office, \n\t\t\tu.title, \n\t\t\td.departmentName\n\t\tFROM intranet_users u\n\t\tLEFT JOIN intranet_departments d\tON d.departmentID = u.departmentID \n\t\tLEFT JOIN organizations c\t\t\tON u.corporationID = c.id\n\t\tLEFT JOIN intranet_offices o\t\tON o.id = u.officeID\n\t\tWHERE " . $where . "\n\t\tORDER BY u.lastname, ISNULL(u.nickname, u.firstname)"); $count = db_found($result); if ($count) { if ($count == 1 && $searchterms) { $r = db_fetch($result); $_josh["slow"] = true; url_change("view.php?id=" . $r["userID"]); } else { while ($r = db_fetch($result)) { $return .= drawStaffRow($r, $searchterms); } } } else { $return .= drawEmptyResult("No staff match those criteria.", $colspan); } return $return . '</table>'; }
if ($ct == 'news') { ?> current<?php } ?> ">News<span class="fright">(<?php echo $news_counter; ?> )</span></a><?php } ?> <?php if ($article_counter > 0) { ?> <a href="<?php echo url_change('article', 'content-type'); ?> #list" class="<?php if ($ct == 'article') { ?> current<?php } ?> ">Analysis<span class="fright">(<?php echo $article_counter; ?> )</span></a><?php } ?> </div> </div>
<?php include "../../include.php"; if ($posting) { $theuser_id = $page['is_admin'] ? $_POST["created_user"] : $_SESSION["user_id"]; db_query("UPDATE press_releases SET\n\t\t\theadline = '{$_POST["headline"]}',\t\n\t\t\tdetail = '{$_POST["detail"]}',\t\n\t\t\tlocation = '{$_POST["location"]}',\t\n\t\t\ttext = '" . format_html($_POST["text"]) . "',\t\n\t\t\tcorporationID = {$_POST["corporationID"]},\n\t\t\tupdated_date = GETDATE(),\n\t\t\tupdated_user = {$theuser_id}\n\t\t\tWHERE id = " . $_GET["id"]); url_change("../?id=" . $_GET["id"]); } echo drawTop(); $r = db_grab("SELECT id, headline, detail, location, releaseDate, corporationID, text FROM press_releases WHERE id = " . $_GET["id"]); $form = new intranet_form(); if ($page['is_admin']) { $form->addUser("created_user", "Posted By", $_SESSION["user_id"], false, "EEDDCC"); } $form->addRow("itext", "Headline", "headline", $r["headline"], "", true, 255); $form->addRow("itext", "Detail", "detail", $r["detail"], "", false, 255); $form->addRow("itext", "Location", "location", $r["location"], "", true, 255); $form->addRow("select", "Organization", "corporationID", "SELECT id, title from organizations ORDER BY title", $r["corporationID"]); $form->addRow("date", "Date", "releaseDate", $r["releaseDate"]); $form->addRow("textarea", "Text", "text", $r["text"], "", true); $form->addRow("submit", "update press release"); $form->draw("Update Release"); echo drawBottom();
<?php include "include.php"; if ($posting) { $user_id = $page['is_admin'] ? $_POST["user_id"] : $_SESSION["user_id"]; format_post_nulls("type_id"); $id = db_query("INSERT INTO helpdesk_tickets (\r\n \tcreated_user,\r\n \ttype_id,\r\n\t\tpriorityID,\r\n\t\tdepartmentID,\r\n\t\tdescription,\r\n\t\tstatusID,\r\n\t\tipAddress,\r\n\t\tcreated_date,\r\n\t\tupdated_date,\r\n\t\ttitle\r\n\t) VALUES (\r\n\t\t" . $user_id . ",\r\n\t\t" . $_POST["type_id"] . ",\r\n\t\t'" . $_POST["priorityID"] . "',\r\n\t\t'" . $_POST["departmentID"] . "',\r\n\t\t'" . $_POST["description"] . "',\r\n\t\t1,\r\n\t\t'{$_SERVER["REMOTE_ADDR"]}',\r\n\t\tGETDATE(),\r\n\t\tGETDATE(),\r\n\t\t'" . $_POST["title"] . "'\r\n );"); //$r = db_grab("SELECT MAX(id) id FROM helpdesk_tickets"); //todo - email mohammed for critical emailITTicket($id, 'new'); //special for carla url_change('ticket.php?id=' . $id); } echo drawTop(); echo drawMessage($helpdeskStatus, "center"); ?> <script language="javascript"> <!-- function updateTypes(departmentID) { var types = new Array(3, 8); <?php $types = db_query("SELECT id, departmentID, description FROM helpdesk_tickets_types ORDER BY departmentID, description"); $options = array(); while ($t = db_fetch($types)) { $options[$t["departmentID"]][] = '"' . $t["id"] . '|' . $t["description"] . '"'; } while (list($key, $value) = each($options)) { ?> types[<?php echo $key;
<?php include "../../include.php"; if (url_id('module_id')) { $result = db_table('SELECT p.id, p.title, p.url, p.is_hidden FROM pages p WHERE module_id = ' . $_GET['module_id'] . ' ORDER BY p.precedence'); } elseif (url_id('modulette_id')) { $result = db_table('SELECT p.id, p.title, p.url, p.is_hidden FROM pages p WHERE modulette_id = ' . $_GET['modulette_id'] . ' ORDER BY p.precedence'); } else { url_change('./'); } echo drawTop(); //pages list $t = new table('pages', drawHeader()); $t->set_column('is_hidden', 'd', ' '); $t->set_column('draggy', 'd', ' '); $t->set_column('title', 'l', getString('title')); $t->set_column('url'); $t->set_draggable('draggy'); foreach ($result as &$r) { $r['is_hidden'] = draw_form_checkbox('foo', !$r['is_hidden'], false, 'ajax_set(\'pages\', \'is_hidden\', ' . $r['id'] . ', ' . abs($r['is_hidden'] - 1) . ');'); $r['draggy'] = draw_img('/images/icons/move.png'); $r['title'] = draw_link('page.php?id=' . $r['id'], $r['title']); if (empty($r['url'])) { $r['url'] = 'index.php'; } } echo $t->draw($result, 'No pages'); echo drawBottom();
$laptopIsWireless = isset($_POST["laptopIsWireless"]) ? 1 : 0; if (isset($_GET["id"])) { db_query("UPDATE it_laptops SET\r\n\t\t\tlaptopName = '" . $_POST["laptopName"] . "',\r\n\t\t\tlaptopModel = '" . $_POST["laptopModel"] . "',\r\n\t\t\tlaptopHomeID = " . $_POST["laptopHomeID"] . ",\r\n\t\t\tlaptopSerial = '" . $_POST["laptopSerial"] . "',\r\n\t\t\tlaptopExpressServiceCode = '" . $_POST["laptopExpressServiceCode"] . "',\r\n\t\t\tlaptopServiceTag = '" . $_POST["laptopServiceTag"] . "',\r\n\t\t\tlaptopOS = '" . $_POST["laptopOS"] . "',\r\n\t\t\tlaptopOffice = '" . $_POST["laptopOffice"] . "',\r\n\t\t\tlaptopIsWireless = {$laptopIsWireless},\r\n\t\t\tlaptopMACAddress = '" . $_POST["laptopMACAddress"] . "',\r\n\t\t\tlaptopPurpose = '" . $_POST["laptopPurpose"] . "'\r\n\t\t\tWHERE laptopID = " . $_GET["id"]); db_query("DELETE FROM it_laptops_2_accessories WHERE laptopID = " . $_GET["id"]); } else { $_GET["id"] = db_query("INSERT INTO it_laptops (\r\n\t\t\tlaptopName,\r\n\t\t\tlaptopModel,\r\n\t\t\tlaptopHomeID,\r\n\t\t\tlaptopSerial,\r\n\t\t\tlaptopExpressServiceCode,\r\n\t\t\tlaptopstatusID,\r\n\t\t\tlaptopServiceTag,\r\n\t\t\tlaptopOS,\r\n\t\t\tlaptopOffice,\r\n\t\t\tlaptopIsWireless,\r\n\t\t\tlaptopMACAddress,\r\n\t\t\tlaptopPurpose\r\n\t\t) VALUES (\r\n\t\t\t'" . $_POST["laptopName"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopModel"] . "',\t\t\t\r\n\t\t\t" . $_POST["laptopHomeID"] . ",\t\t\t\r\n\t\t\t'" . $_POST["laptopSerial"] . "',\r\n\t\t\t'" . $_POST["laptopExpressServiceCode"] . "',\r\n\t\t\t2,\r\n\t\t\t'" . $_POST["laptopServiceTag"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopOS"] . "',\t\t\t\r\n\t\t\t'" . $_POST["laptopOffice"] . "',\t\t\t\r\n\t\t\t{$laptopIsWireless},\t\t\t\r\n\t\t\t'" . $_POST["laptopMACAddress"] . "',\r\n\t\t\t'" . $_POST["laptopPurpose"] . "'\r\n\t\t)"); } //accessories reset($_POST); while (list($key, $value) = each($_POST)) { @(list($control, $accessoryID) = explode("_", $key)); if ($control == "chkacc") { db_query("INSERT INTO it_laptops_2_accessories (\r\n\t\t\t\tlaptopID,\r\n\t\t\t\taccessoryID\r\n\t\t\t) VALUES (\r\n\t\t\t\t" . $_GET["id"] . ",\r\n\t\t\t\t" . $accessoryID . "\r\n\t\t\t);"); } } url_change("laptop.php?id=" . $_GET["id"]); } echo drawTop(); if (isset($_GET["id"])) { $r = db_grab("SELECT \r\n\t\t\t\t\t\tl.laptopName,\r\n\t\t\t\t\t\tl.laptopPurpose,\r\n\t\t\t\t\t\tl.laptopModel,\r\n\t\t\t\t\t\tl.laptopHomeID,\r\n\t\t\t\t\t\tl.laptopSerial,\r\n\t\t\t\t\t\tl.laptopExpressServiceCode,\r\n\t\t\t\t\t\tl.laptopServiceTag,\r\n\t\t\t\t\t\tl.laptopOS,\r\n\t\t\t\t\t\tl.laptopOffice,\r\n\t\t\t\t\t\tl.laptopIsWireless,\r\n\t\t\t\t\t\tl.laptopMACAddress\r\n\t\t\t\t\tFROM it_laptops l\r\n\t\t\t\t\tWHERE laptopID = " . $_GET["id"]); $openEnded = empty($r["laptopEnd"]) ? true : false; } ?> <a name="closedtickets"></a> <table class="left" cellspacing="1"> <?php echo drawHeaderRow("Add Laptop", 2); ?> <form method="post" action="<?php echo $request["path_query"];
<?php include "../../include.php"; if ($posting) { $id = db_save("queries"); url_change("./"); } echo drawTop(); if (isset($_GET["id"])) { $r = db_grab("SELECT \n\t\t\tq.databaseID,\n\t\t\td.dbname,\n\t\t\tq.name,\n\t\t\tq.description,\n\t\t\tq.query,\n\t\t\tq.is_active\n\t\tFROM queries q \n\t\tJOIN queries_databases d ON d.id = q.databaseID\n\t\tWHERE q.id = " . $_GET["id"]); /*db_switch($r["dbname"]); db_query($r["query"], false, true); db_switch($_josh["db"]["database"]);*/ } else { $r["is_active"] = 1; } $form = new intranet_form(); $form->addRow("hidden", "", "is_active", $r["is_active"]); $form->addRow("select", "Database", "databaseID", "SELECT id, dbname from queries_databases order by dbname", @$r["databaseID"], true); $form->addRow("itext", "Name", "name", @$r["name"], "", false, 50); $form->addRow("textarea", "Description", "description", @$r["description"]); $form->addRow("textarea-plain", "Query", "query", @$r["query"]); $form->addRow("submit", "Save Changes"); if (isset($_GET["id"])) { $form->draw("<a href='/queries/'>Database Queries</a> > Edit Query"); } else { $form->draw("Add New Query"); } echo drawBottom();
function url_query_require($target = "./", $index = "id") { //requires a _GET variable to be defined or eject page if (!url_id($index)) { url_change($target); } }
<?php include "../../include.php"; if (url_action("delete")) { db_delete("openings"); url_drop(); } elseif ($posting) { //debug(); if ($id = db_save("openings")) { url_change("position.php?id=" . $id); } } echo drawTop(); ?> <table class="left" cellspacing="1"> <?php if ($page['is_admin']) { $colspan = 4; echo drawHeaderRow("Open Positions", $colspan, "new", "#bottom"); } else { $colspan = 3; echo drawHeaderRow("Open Positions", $colspan); } ?> <tr> <th width="50%">Title</th> <th width="30%">Location</th> <th class="r" width="20%"><nobr>Last Update</nobr></th> <?php if ($page['is_admin']) { ?>
} if (!empty($_POST)) { $isActionItem = isset($_POST["chkActionItem"]) ? 1 : 0; $isReport = isset($_POST["chkReport"]) ? 1 : 0; $isInternal = $_POST["isInternal"] == "true" ? 1 : 0; db_query('UPDATE funders_activity SET activityTitle = "' . $_POST["activityTitle"] . '", activityDate = ' . format_date_sql($_POST["activityDateMonth"], $_POST["activityDateDay"], $_POST["activityDateYear"]) . ', activityAssignedTo = ' . $_POST["activityAssignedTo"] . ', isComplete = "' . $_POST["isComplete"] . '", isActionItem = ' . $isActionItem . ', isReport = ' . $isReport . ', isInternalDeadline = ' . $isInternal . ', activityText = "' . $_POST["activityText"] . '" WHERE activityID = ' . $_GET["id"]); url_change('activity_view.php?id=' . $_GET['id']); } echo drawTop(); $r = db_grab("SELECT \n\t\t\t\ta.activityID, \n\t\t\t\ta.funderID, \n\t\t\t\tf.name,\n\t\t\t\tw.awardTitle,\n\t\t\t\ta.awardID, \n\t\t\t\ta.activityTitle, \n\t\t\t\ta.activityText, \n\t\t\t\ta.activityDate, \n\t\t\t\ta.activityAssignedTo, \n\t\t\t\ta.isActionItem, \n\t\t\t\ta.isComplete, \n\t\t\t\ta.isReport, \n\t\t\t\ta.isInternalDeadline, \n\t\t\t\ta.activityPostedOn\n\t\t\tFROM funders_activity a\n\t\t\tINNER JOIN funders_awards w ON a.awardID = w.awardID\n\t\t\tINNER JOIN funders f ON w.funderID = f.funderID\n\t\t\tWHERE activityID = " . $_GET["id"]); ?> <script language="javascript"> <!-- function checkInternal() { if (document.frmActivity.chkActionItem.checked) { document.all["internal"].style.visibility = "visible"; } else { document.all["report"].style.visibility = "hidden"; document.all["internal"].style.visibility = "hidden"; document.frmActivity.isInternal[0].checked = true; document.frmActivity.isInternal[1].checked = false;
<?php include "../include.php"; if ($posting) { format_post_bits("isInstancePage, isSecure, isAdmin"); db_query("UPDATE pages SET \n\t\tname = '{$_POST["title"]}',\n\t\tisAdmin = {$_POST["isAdmin"]},\n\t\tprecedence = {$_POST["precedence"]},\n\t\tisInstancePage = {$_POST["isInstancePage"]},\n\t\tisSecure = {$_POST["isSecure"]},\n\t\tmoduleID = '{$_POST["moduleID"]}',\n\t\thelpText = '{$_POST["helpText"]}'\n\t\tWHERE id = " . $_GET["id"]); url_change($_POST["returnTo"]); } drawTop(); $r = db_grab("SELECT\n\tp.id,\n\tp.name title,\n\tp.helpText,\n\tm.id moduleID,\n\tm.name module,\n\tp.isAdmin,\n\tp.isSecure,\n\tp.precedence,\n\tp.isInstancePage,\n\tp2.url\n\tFROM pages p\n\tJOIN modules m ON p.moduleID = m.id\n\tJOIN pages p2 ON m.homePageID = p2.id\n\tWHERE p.id = " . $_GET["id"]); $form = new intranet_form(); $form->addRow("hidden", "", "returnTo", $_GET["returnTo"]); $form->addRow("itext", "Title", "title", $r["title"], "", true, 50); $form->addRow("itext", "Precedence", "precedence", $r["precedence"], "", true, 50); $form->addRow("checkbox", "Is Admin", "isAdmin", $r["isAdmin"], "", true, 50); $form->addRow("checkbox", "Is Instance Page", "isInstancePage", $r["isInstancePage"], "", true, 50); $form->addRow("checkbox", "Is Secure", "isSecure", $r["isSecure"], "", true, 50); $form->addRow("select", "Module", "moduleID", "SELECT id, name FROM modules WHERE isActive = 1 ORDER BY name", $r["moduleID"], $r["moduleID"]); //$form->addRow("text", "Module", "", "<span class='" . str_replace("/", "", $r["url"]) . " block'>" . $r["module"] . "</span>"); $form->addRow("textarea", "Help Text", "helpText", $r["helpText"]); $form->addRow("submit", "Save Changes"); $form->draw("Edit Page Info"); drawBottom();
<?php include "include.php"; //delete type if (isset($_GET["deleteType"])) { db_query("DELETE FROM helpdesk_tickets_types WHERE id = " . $_GET["id"]); url_change("types.php"); } echo drawTop(); $where1 = isset($_GET["id"]) ? "= " . $_GET["id"] : "IS NULL"; $tickets = db_query("select\r\n\t\t\tt.title,\r\n\t\t\tt.statusID,\r\n\t\t\tt.type_id,\r\n\t\t\t(SELECT COUNT(*) FROM helpdesk_tickets_followups f WHERE f.ticketID = t.id) as ticketfollowups,\r\n\t\t\tt.created_user,\r\n\t\t\tt.updated_date,\r\n\t\t\tt.id,\r\n\t\t\tt.ownerID,\r\n\t\t\tt.priorityID,\r\n\t\t\tt.created_date,\r\n\t\t\tISNULL(u.nickname, u.firstname) first,\r\n\t\t\tu.lastname last,\r\n\t\t\t(SELECT COUNT(*) FROM users_to_modules a WHERE a.module_id = 3 AND a.user_id = t.created_user) is_adminIT\r\n\t\tFROM helpdesk_tickets t\r\n\t\tINNER JOIN users u ON u.id = t.created_user\r\n\t\tWHERE t.type_id {$where1} {$where}\r\n\t\tORDER BY t.created_date DESC"); echo drawTicketFilter(); ?> <table class="left" cellspacing="1"> <?php if (isset($_GET["id"])) { $type = db_grab("SELECT description name FROM helpdesk_tickets_types WHERE id = " . $_GET["id"]); if (db_found($tickets)) { echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5, "edit name", "type_add_edit.php?id=" . $_GET["id"]); echo drawTicketHeader(); while ($r = db_fetch($tickets)) { echo drawTicketRow($r, "type"); } } else { if ($filtered) { echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5); echo drawEmptyResult("No tickets have this type / month / year.", 5); } else { echo drawHeaderRow("<a class='white' href='types.php'>Types</a> > " . $type . " (" . db_found($tickets) . ")", 5, "edit name", "type_add_edit.php?id=" . $_GET["id"], "delete", $request["path_query"] . "&deleteType=true"); echo drawEmptyResult("No tickets are tagged as this type. You can delete the type above.", 5);
<?php include "../include.php"; if ($_POST) { db_query("UPDATE intranet_users SET password = PWDENCRYPT('{$_POST["password1"]}') WHERE userID = " . $user["id"]); $r = db_grab("SELECT p.url homepage FROM intranet_users u JOIN pages p ON u.homePageID = p.id WHERE u.userID = " . $user["id"]); url_change($r); } ?> <html> <head> <title>Update Your Password</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> <script language="javascript" src="/javascript.js"></script> </head> <body> <br> <table width="600" align="center"> <tr> <td> <?php $form = new intranet_form(); $form->addRow("password", "Password", "password1", "", "", true); $form->addRow("password", "Confirm", "password2", "", "", true); $form->addRow("submit", "Save"); $form->addJavascript("(form.password1.value != form.password2.value)", "Passwords don't match!"); $form->draw("Update Your Password"); ?>
$message .= '<td>' . $r . '</td></tr>'; } elseif ($key == "officeID") { $r = db_grab("SELECT name FROM intranet_offices WHERE id = " . $value); $message .= '<td>' . $r . '</td></tr>'; } elseif ($key == "corporationID") { $message .= '<td>' . db_grab("SELECT description FROM organizations WHERE id = " . $value) . '</td></tr>'; } elseif ($key == "Additional Info") { $message .= '<td>' . nl2br($value) . '</td></tr>'; } else { $message .= '<td>' . $value . '</td></tr>'; } } $message .= '<tr><td colspan="2" class="bottom"><a href="http://' . $request["host"] . '/staff/add_edit.php?requestID=' . $id . '">click here</a></td></tr>'; email_user($_josh["email_admin"], "New User Request", $message, 2); } url_change("account_confirm.php"); } ?> <html> <head> <title>Request an Account</title> <link rel="stylesheet" type="text/css" href="<?php echo $locale; ?> style.css" /> <script language="javascript" type="text/javascript" src="/javascript.js"></script> <script language="javascript" type="text/javascript" src="<?php echo $locale; ?> tinymce/jscripts/tiny_mce/tiny_mce.js"></script> <script language="javascript">
//included $_josh["request"]["path_query"] = "/news/edit.php"; } else { //page loaded on its own include "../../include.php"; if ($posting) { if (isset($_FILES["content"]["name"]) && !empty($_FILES["content"]["name"])) { list($_POST["content"], $_POST["fileTypeID"]) = file_get_uploaded("content", "docs_types"); } if (isset($_FILES["image"]["name"]) && !empty($_FILES["image"]["name"])) { list($_POST["image"], $_POST["imageTypeID"]) = file_get_uploaded("image", "docs_types"); //die($_POST["image"]); } $id = db_save("news_stories"); db_checkboxes("corporationID", "news_stories_to_organizations", "newsID", "organizationID", $id); url_change("./?id=" . $id); } echo drawTop(); $r = db_grab("SELECT \n\t\tn.headline,\n\t\tn.outlet,\n\t\tn.pubdate,\n\t\tn.url,\n\t\tn.description\n\t\tFROM news_stories n\n\t\tWHERE id = " . $_GET["id"]); } $form = new intranet_form(); $form->addCheckboxes("corporationID", "Organization", "organizations", "news_stories_to_organizations", "newsID", "organizationID", @$_GET["id"]); $form->addRow("itext", "Headline", "headline", @$r["headline"], "", true, 255); $form->addRow("itext", "News Outlet", "outlet", @$r["outlet"], "", true, 255); $form->addRow("date", "Date", "pubdate", @$r["pubdate"], "", true); $form->addRow("file", "Image<br>(optional)", "image", "", "", false); $form->addRow("file", "File<br>(optional)", "content", "", "", true); $form->addRow("itext", "URL<br>(optional)", "url", @$r["url"], "", false, 255); $form->addRow("textarea-plain", "Description<br>(optional)", "description", @$r["description"]); $form->addRow("submit", "Save Changes"); if (url_id()) {
<?php include "../include.php"; db_query("UPDATE users SET password = PWDENCRYPT('') WHERE user_id = " . $_GET["id"]); url_change("view.php?id=" . $_GET["id"]);
<?php include "../../include.php"; url_query_require(); if ($posting) { $id = db_save("wiki_topics"); db_checkboxes("tags", "wiki_topics_to_tags", "topicID", "tagID", $id); url_change("topic.php?id=" . $id); } echo drawTop(); $r = db_grab("SELECT id, title, description, type_id FROM wiki_topics WHERE id = " . $_GET["id"]); $form = new intranet_form(); if ($page['is_admin']) { $form->addUser("created_user", "Posted By", $_SESSION["user_id"], false, true); } $form->addRow("itext", "Title", "title", $r["title"], "", true, 255); $form->addRow("select", "Type", "type_id", "SELECT id, description FROM wiki_topics_types", $r["type_id"], true); $form->addCheckboxes("tags", "Tags", "wiki_tags", "wiki_topics_to_tags", "topicID", "tagID", $_GET["id"]); $form->addRow("textarea", "Description", "description", $r["description"], "", true); $form->addRow("submit", "post wiki topic"); $form->draw("Add a Wiki Topic"); echo drawBottom();
//format variables $awardStartDate = date("Y-m-d H:i:00", mktime(1, 1, 1, $_POST["cboStartMonth"], 1, $_POST["cboStartYear"])); $awardEndDate = date("Y-m-d H:i:00", mktime(1, 1, 1, $_POST["cboEndMonth"], 1, $_POST["cboEndYear"])); $_POST["cboProgram2"] = isset($_POST["noCrossList"]) ? "NULL" : $_POST["cboProgram2"]; if (isset($_GET["funderID"])) { //adding //insert award db_query("INSERT into funders_awards (\n\t\t\tfunderID,\n\t\t\tawardAmount,\n\t\t\tawardTypeID,\n\t\t\tawardStatusID,\n\t\t\tawardStartDate,\n\t\t\tawardEndDate,\n\t\t\tawardTitle,\n\t\t\tawardFilingNumber,\n\t\t\tawardNotes,\n\t\t\tawardPostedOn,\n\t\t\tawardPostedBy,\n\t\t\tawardProgramID,\n\t\t\tawardProgramID2,\n\t\t\tstaffID\n\t\t) VALUES (\n\t\t\t" . $_GET["funderID"] . ",\n\t\t\t" . $_POST["txtAmount"] . ",\n\t\t\t" . $_POST["cboAwardType"] . ",\n\t\t\t" . $_POST["cboAwardStatus"] . ",\n\t\t\t'{$awardStartDate}',\n\t\t\t'{$awardEndDate}',\n\t\t\t'" . $_POST["txtAwardTitle"] . "',\n\t\t\t'" . $_POST["txtAwardFilingNumber"] . "',\n\t\t\t'" . $_POST["tarDescription"] . "',\n\t\t\tGETDATE(),\n\t\t\t" . $_SESSION["user_id"] . ",\n\t\t\t" . $_POST["cboProgram"] . ",\n\t\t\t" . $_POST["cboProgram2"] . ",\n\t\t\t" . $_POST["cboStaff"] . "\n\t\t);"); //determine awardID for redirecting $_GET["id"] = db_grab("SELECT max(awardID) FROM funders_awards"); } else { //editing db_query("UPDATE funders_awards SET\n\t\t\tfunderID = " . $_POST["cboFunder"] . ",\n\t\t\tawardAmount = " . $_POST["txtAmount"] . ",\n\t\t\tawardTypeID = " . $_POST["cboAwardType"] . ",\n\t\t\tawardStatusID = " . $_POST["cboAwardStatus"] . ",\n\t\t\tawardStartDate = '{$awardStartDate}',\n\t\t\tawardEndDate = '{$awardEndDate}',\n\t\t\tawardTitle = '" . $_POST["txtAwardTitle"] . "',\n\t\t\tawardFilingNumber = '" . $_POST["txtAwardFilingNumber"] . "',\n\t\t\tawardNotes = '" . $_POST["tarDescription"] . "',\n\t\t\tawardPostedOn = GETDATE(),\n\t\t\tawardPostedBy = " . $_SESSION["user_id"] . ",\n\t\t\tawardProgramID = " . $_POST["cboProgram"] . ",\n\t\t\tawardProgramID2 = " . $_POST["cboProgram2"] . ",\n\t\t\tstaffID = " . $_POST["cboStaff"] . "\n\t\tWHERE awardID = " . $_GET["id"]); } //redirect to view award url_change("award_view.php?id=" . $_GET["id"]); } echo drawTop(); if (isset($_GET["funderID"])) { //adding $adding = true; $r = db_grab("SELECT \n\t\t\tf.name,\n\t\t\tf.staffID \n\t\tFROM funders f \n\t\tWHERE f.funderID = " . $_GET["funderID"]); $startMonth = $month; $endMonth = $month; $startYear = $year; $endYear = $year + 1; $button = "add award"; } else { //editing $adding = false; $r = db_grab("SELECT \n\t\t\t\t\tf.funderID,\n\t\t\t\t\tf.name,\n\t\t\t\t\ta.awardTitle,\n\t\t\t\t\ta.awardFilingNumber,\n\t\t\t\t\ta.awardStartDate,\n\t\t\t\t\ta.awardEndDate,\n\t\t\t\t\ta.awardTypeID,\n\t\t\t\t\ta.awardStatusID,\n\t\t\t\t\ta.awardProgramID,\n\t\t\t\t\ta.awardProgramID2,\n\t\t\t\t\ta.awardAmount,\n\t\t\t\t\ta.awardNotes,\n\t\t\t\t\ta.staffID\n\t\t\t\tFROM funders_awards a\n\t\t\t\tINNER JOIN funders f on a.funderID = f.funderID\n\t\t\t\tWHERE a.awardID = " . $_GET["id"]);
<?php include "../include.php"; //kick out user if not administrator ~ should be done with page info if (!$page['is_admin'] && $page["is_admin"]) { url_change("/helpdesk/"); } //department may become settable if (url_id("dept")) { $departmentID = $_GET["dept"]; } else { $departmentID = $_SESSION["isHelpdesk"] ? $_SESSION["departmentID"] : 8; } //handle ticket delete if (url_action("delete")) { db_query("DELETE FROM helpdesk_tickets_attachments WHERE ticketID = " . $_GET["ticketID"]); db_query("DELETE FROM helpdesk_tickets_followups WHERE ticketID = " . $_GET["ticketID"]); db_query("DELETE FROM helpdesk_tickets WHERE id = " . $_GET["ticketID"]); url_query_drop("action, ticketID"); } //filter data $filtered = false; if (isset($_GET["month"]) && isset($_GET["year"])) { $filtered = true; $default = $_GET["month"] . "/" . $_GET["year"]; $where = " AND MONTH(t.created_date) = " . $_GET["month"] . " AND YEAR(t.created_date) = " . $_GET["year"] . " AND t.departmentID = " . $departmentID; $total = db_grab("SELECT \n\t\t(SELECT SUM(t.timeSpent) minutes FROM helpdesk_tickets t WHERE MONTH(t.created_date) = " . $_GET["month"] . " AND YEAR(t.created_date) = " . $_GET["year"] . " AND departmentID = " . $departmentID . ") minutes, \n\t\tMONTH(MIN(created_date)) month,\n\t\tYEAR(MIN(created_date)) year\n\t\tFROM helpdesk_tickets WHERE departmentID = " . $departmentID); } else { $where = " AND t.departmentID = " . $departmentID; $default = ""; $total = db_grab("SELECT \n\t\tSUM(timeSpent) minutes, \n\t\tMONTH(MIN(created_date)) month,\n\t\tYEAR(MIN(created_date)) year\n\t\tFROM helpdesk_tickets WHERE departmentID = " . $departmentID);
$areas[$r["name"]] = $r["id"]; } if ($r["name"] == "Admin" && $r["isAdmin"]) { $user["isAdmin"] = true; } } ksort($areas); //generic variable to indicate admin privileges for the current module $isAdmin = isset($modules[$page["moduleID"]]) ? $modules[$page["moduleID"]]["isAdmin"] : false; //check to see if user needs update if (($user["update_days"] > 90 || empty($user["updatedOn"])) && $page["isSecure"] && $_josh["request"]["path"] != "/staff/add_edit.php") { error_debug("user needs address update"); url_change("/staff/add_edit.php?id=" . $user["id"]); } elseif ($user["password"] && $page["isSecure"]) { error_debug("user needs password update"); url_change("/login/password_update.php"); } } //special pages that don't belong to a module still need info if (!isset($page["moduleID"])) { $page["moduleID"] = 0; } if (!isset($modules[$page["moduleID"]])) { error_debug("unspecified module"); $modules[$page["moduleID"]]["pallet"] = false; $modules[$page["moduleID"]]["isPublic"] = false; $modules[$page["moduleID"]]["pallet"] = false; $modules[$page["moduleID"]]["name"] = "Intranet"; $modules[$page["moduleID"]]["isAdmin"] = false; } //handle switch updates
1 )"); $_GET["id"] = db_grab("SELECT MAX(id) id FROM contacts"); db_query("UPDATE contacts_instances SET objectID = {$_GET["id"]} WHERE id = " . $instance); } //populate search indexes $text = $_POST["varchar_01"] . " " . $_POST["varchar_02"] . " " . $_POST["varchar_03"] . " " . $_POST["varchar_04"] . " " . $_POST["varchar_05"] . " " . $_POST["varchar_06"] . " " . $_POST["varchar_07"] . " " . $_POST["varchar_08"] . " " . $_POST["varchar_09"] . " " . $_POST["varchar_10"] . " " . $_POST["varchar_11"] . " " . $_POST["numeric_01"] . " " . $_POST["text_01"]; updateInstanceWords($instance, $text); //redirect url_change("contact.php?id=" . $_GET["id"]); }*/ echo drawTop(); if (isset($_GET["id"])) { url_change('contact.php?id=' . $_GET['id']); //read only $i = db_grab("SELECT\r\n\t\t\ti.id,\r\n\t\t\t(SELECT t1.id FROM contacts_tags t1 INNER JOIN contacts_instances_to_tags i2t1 ON t1.id = i2t1.tagID WHERE t1.is_active = 1 AND t1.type_id = 10 AND i2t1.instanceID = i.id) salutation,\r\n\t\t\ti.varchar_01 first,\r\n\t\t\ti.varchar_02 last,\r\n\t\t\t(SELECT t2.id FROM contacts_tags t2 INNER JOIN contacts_instances_to_tags i2t2 ON t2.id = i2t2.tagID WHERE t2.is_active = 1 AND t2.type_id = 11 AND i2t2.instanceID = i.id) suffix,\r\n\t\t\ti.varchar_03 nickname,\r\n\t\t\ti.varchar_04 org,\r\n\t\t\ti.varchar_05 title,\r\n\t\t\ti.varchar_06 address1,\r\n\t\t\ti.varchar_07 address2,\r\n\t\t\ti.numeric_01 zip,\r\n\t\t\ti.varchar_08 phone,\r\n\t\t\ti.varchar_09 fax,\r\n\t\t\ti.varchar_10 cell,\r\n\t\t\ti.varchar_11 email,\r\n\t\t\tz.city,\r\n\t\t\tz.state,\r\n\t\t\ti.text_01 notes\r\n\t\tFROM contacts o\r\n\t\tINNER JOIN contacts_instances i ON i.id = o.instanceCurrentID\r\n\t\tLEFT JOIN zip_codes z ON i.numeric_01 = z.zip\r\n\t\tWHERE o.id = " . $_GET["id"]); } ?> <script language="javascript"> <!-- function validate(form) { var errors = new Array(); if (!form.tag_single_10.value) errors[errors.length] = "the Courtesy Title dropdown must be set"; if (!form.varchar_01.value.length) errors[errors.length] = "First Name is empty"; if (!form.varchar_02.value.length) errors[errors.length] = "Last Name is empty"; if (!form.varchar_06.value.length) errors[errors.length] = "Address 1 is empty"; if (!form.numeric_01.value.length) errors[errors.length] = "Postal Code is empty"; <?php $values = db_query("SELECT id FROM contacts_tags WHERE type_id = 15 AND is_active = 1");
<?php //this one is not public include '../include.php'; if ($posting) { db_query('UPDATE users SET password = PWDENCRYPT("' . $_POST['password1'] . '") WHERE id = ' . $_SESSION['user_id']); $_SESSION['password'] = false; url_change($_SESSION['homepage']); } echo drawSimpleTop(getString('password_update')); $f = new form('password_update', false, getString('password_reset')); $f->set_field(array('type' => 'password', 'name' => 'password1', 'label' => getString('password'))); $f->set_field(array('type' => 'password', 'name' => 'password2', 'label' => getString('confirm'))); echo $f->draw(); echo drawSimpleBottom();
$target = "/staff/changes.php"; } elseif (stristr($req, "/departments/administration")) { $target = str_replace("/departments/administration", "/openings", $req); } elseif (stristr($req, "/departments/earnfair")) { $target = str_replace("/departments/earnfair", "/queries", $req); } elseif (stristr($req, "/departments/resource_development")) { $target = str_replace("/departments/resource_development", "/funders", $req); } elseif (stristr($req, "/docs")) { $target = str_replace("/docs", "/docs", $req); } elseif (stristr($req, "/btw")) { //back to work application ~ used to have the intranet domain $target = "http://btw.seedco.org" . $req; } elseif (stristr($req, "msoffice/cltreq.asp")) { //m$ft internet explorer discussion bar, no redirect } elseif (stristr($req, "favicon.ico")) { //site favorite icon, no redirect } elseif (stristr($req, "_vti_")) { //looking for m$ft front page extensions, no redirect } elseif ($_SESSION["user_id"] != 1) { //user is admin, send email $msg = $_SESSION["full_name"] . " couldn't find " . url_base() . $req; if ($referrer) { $msg .= "<br><br>Referred by " . $referrer; } } if ($target) { url_change($target, true); } echo drawTop(); echo drawMessage("<b>Error: Page Not Found</b><br>\nSorry, the page you're looking for isn't here! If you feel you reached this page in error, please contact \n<a href='mailto:josh@joshreisner.com'>Josh Reisner</a> so it can be fixed."); echo drawBottom();
<?php include "../../include.php"; if ($posting) { $id = db_save("wiki_topics"); db_checkboxes("tags", "wiki_topics_to_tags", "topicID", "tagID", $id); url_change(); } echo drawTop(); ?> <table class="left" cellspacing="1"> <?php echo drawHeaderRow("Main Page", 4); $topics = db_query("SELECT \n\t\tw.id,\n\t\tw.title,\n\t\tw.description,\n\t\tISNULL(u.nickname, u.firstname) first,\n\t\tu.lastname last,\n\t\tw.created_date\n\tFROM wiki_topics w\n\tJOIN wiki_topics_types t ON w.type_id = t.id\n\tJOIN users u ON w.created_user = u.id\n\tWHERE w.is_active = 1\n\tORDER BY w.created_date DESC"); if (db_found($topics)) { ?> <tr> <th width="16"></th> <th align="left">Title</th> <th align="left" width="100">Created By</th> <th align="right" width="80">Created On</th> </tr> <?php while ($t = db_fetch($topics)) { ?> <tr height="36"> <td></td> <td><a href="topic.php?id=<?php echo $t["id"]; ?> "><?php
$page['helptext'] = $m['description']; } else { $page['title'] = 'Untitled Page'; } } //check to see if user needs update ~ todo make this a site preference error_debug('checking if user needs update', __FILE__, __LINE__); if ($_SESSION['password']) { error_debug('user needs password update', __FILE__, __LINE__); if ($_josh['request']['path'] != '/login/password_update.php') { url_change('/login/password_update.php'); } } elseif ($_SESSION['update_days'] > 90 || empty($_SESSION['updated_date'])) { error_debug('user needs address update', __FILE__, __LINE__); if ($_josh['request']['path'] != '/staff/add_edit.php') { url_change('/staff/add_edit.php?id=' . $_SESSION['user_id']); } } //handle side menu pref updates error_debug('handle side menu pref updates', __FILE__, __LINE__); if (isset($_GET['module'])) { //todo ajax if (db_grab('SELECT COUNT(*) FROM users_to_modules_closed WHERE module_id = ' . $_GET['module'] . ' AND user_id = ' . $_SESSION['user_id'])) { db_query('DELETE FROM users_to_modules_closed WHERE module_id = ' . $_GET['module'] . ' AND user_id = ' . $_SESSION['user_id']); } else { db_query('INSERT INTO users_to_modules_closed ( module_id, user_id ) VALUES ( ' . $_GET['module'] . ', ' . $_SESSION['user_id'] . ' )'); } url_query_drop('module'); } elseif (isset($_GET['channel_id'])) { $_SESSION['channel_id'] = empty($_GET['channel_id']) ? false : $_GET['channel_id']; url_drop('channel_id');
//1: you can set the option manually error_reporting(E_ALL); } elseif (format_text_starts("dev-", $_SERVER["HTTP_HOST"]) || format_text_starts("beta.", $_SERVER["HTTP_HOST"]) || format_text_ends(".site", $_SERVER["HTTP_HOST"])) { //2: urls start with dev- or end with .site are automatically considered dev sites $_josh["mode"] = "dev"; error_reporting(E_ALL); } else { $_josh["mode"] = "live"; error_reporting(0); } //handle https if (isset($_josh["request"]["protocol"])) { if ($_josh["is_secure"] && $_josh["request"]["protocol"] != "https") { url_change("https://" . $_josh["request"]["host"] . $_josh["request"]["path_query"]); } elseif (!$_josh["is_secure"] && $_josh["request"]["protocol"] != "http") { url_change("http://" . $_josh["request"]["host"] . $_josh["request"]["path_query"]); } } //escape quotes if necessary $_josh["getting"] = !empty($_GET); if ($_josh["getting"]) { foreach ($_GET as $key => $value) { $_GET[$key] = format_quotes($value); } } $_josh["posting"] = !empty($_POST); if ($_josh["posting"]) { foreach ($_POST as $key => $value) { if (is_string($_POST[$key])) { $_POST[$key] = format_quotes($value); }
WHERE f.id = ' . $id); $channels_text = db_array('SELECT c.title' . langExt($lang) . ' FROM bb_topics_to_channels t2c JOIN channels c ON t2c.channel_id = c.id WHERE t2c.topic_id = ' . $_POST['topic_id']); $channels_text = implode(', ', $channels_text); $message = '<p style="font-weight:bold;">' . $reply['firstname'] . ' ' . $reply['lastname'] . ' ' . getString('bb_followup', $lang) . '</p> <p>' . getString('title', $lang) . ': ' . draw_link(url_base() . '/bb/topic.php?id=' . $id, $topic['title']) . '</p> <p>' . getString('channels_label', $lang) . ': ' . $channels_text . '</p>'; if ($topic['type']) { $message .= '<p>' . getString('category', $lang) . ': ' . $topic['type'] . '</p>'; } $message .= '<div style="color:#555; border-top:1px dotted #555; padding-top:5px; margin-top:5px;">' . $reply['description'] . '</div>'; emailUser($emails, 'RE: ' . $topic['title'], $message); } } bbDrawRss(); url_change(); } elseif (isset($_GET['delete'])) { db_delete('bb_topics'); bbDrawRss(); url_change('/bb/'); } elseif (isset($_GET['deleteFollowupID'])) { db_delete('bb_followups', $_GET['deleteFollowupID']); bbDrawRss(); url_query_drop('deleteFollowupID'); } //get topic data if (!($r = bbDrawTopic($_GET['id']))) { url_change('/bb/'); } echo drawTop(); echo $r; echo drawBottom();
<?php include '../include.php'; if ($posting) { error_debug('user is posting', __FILE__, __LINE__); if ($uploading) { list($_POST['content'], $_POST['type_id']) = file_get_uploaded('content', 'docs_types'); } langTranslatePost('title,description'); $id = db_save('docs'); //debug(); db_checkboxes('categories', 'docs_to_categories', 'documentID', 'categoryID', $id); if (getOption('channels')) { db_checkboxes('channels', 'docs_to_channels', 'doc_id', 'channel_id', $id); } url_change('info.php?id=' . $id); } if (url_id()) { $d = db_grab('SELECT title, description FROM docs WHERE id = ' . $_GET['id']); $pageAction = getString('edit'); } else { $pageAction = getString('add_new'); } echo drawTop(); //load code for JS $extensions = array(); $doctypes = array(); $types = db_query('SELECT description, extension FROM docs_types ORDER BY description'); while ($t = db_fetch($types)) { $extensions[] = '(extension != "' . $t['extension'] . '")'; $doctypes[] = ' - ' . $t['description'] . ' (.' . $t['extension'] . ')';
<?php include '../include.php'; url_query_require(); if (url_action('delete')) { db_delete('press_clips', $_GET['delete_id']); url_change('/press-clips/'); } echo drawTop(); echo drawTableStart(); echo drawHeaderRow($page['breadcrumbs'] . $page['title'], 2, getString('edit'), 'edit/?id=' . $_GET['id'], getString('delete'), drawDeleteLink()); $r = db_grab('SELECT c.title' . langExt() . ' title, c.url, c.pub_date, c.publication' . langExtT() . ' publication, c.type_id, c.description' . langExt() . ' description, t.title' . langExt() . ' type FROM press_clips c JOIN press_clips_types t ON c.type_id = t.id WHERE c.id = ' . $_GET['id']); ?> <tr> <td class="left"><?php echo getString('title'); ?> </td> <td class='title'><?php echo $r['title']; ?> </td> </tr> <tr> <td class="left"><?php echo getString('category'); ?> </td> <td><?php echo draw_link('categories.php?id=' . $r['type_id'], $r['type']); ?>
<?php include "../include.php"; if ($posting) { format_post_bits("isAdmin,temporary"); $_POST["description"] = format_html($_POST["description"]); db_enter("bulletin_board_topics", "title description isAdmin temporary"); //db_query("UPDATE bulletin_board_topics SET threadDate = GETDATE() WHERE id = " . $_GET["id"]); don't do this syndicateBulletinBoard(); url_change("topic.php?id=" . $_GET["id"]); } drawTop(); $t = db_grab("SELECT title, description, isAdmin, temporary, createdBy FROM bulletin_board_topics WHERE id = " . $_GET["id"]); $form = new intranet_form(); if ($isAdmin) { $form->addUser("createdBy", "Posted By", $t["createdBy"], false, true); $form->addCheckbox("isAdmin", "Admin Post?", $t["isAdmin"], "(check if yes)", true); } $form->addCheckbox("temporary", "Lifespan", $t['temporary'], "Check Box to Delete Post After 30 Days"); $form->addRow("itext", "Subject", "title", $t["title"], "", true); $form->addRow("textarea", "Message", "description", $t["description"], "", true); $form->addRow("submit", "edit topic"); $form->draw("Edit Bulletin Board Topic"); drawBottom();