示例#1
0
function module_polladmin()
{
    // adminpage, stop here if not logged in/right access-level
    if (!isValidAdmin()) {
        echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
        return;
    }
    echo '<a href="http://localhost/avisCMS/index.php?m_c=module_polladmin&page_title=Polladmin">Tilbake til oversikt</a>';
    $pollaction = $_REQUEST['pollaction'];
    if ($pollaction == 'addpoll') {
        if (strlen($_REQUEST['polltitle']) < 1) {
            echo "Husk tittel.";
            return;
        }
        echo '<div class="default_header">Avstemning opprettet.</div>';
        $query = "INSERT INTO poll SET title='" . $_REQUEST['polltitle'] . "';";
        $result = DB_insert($query);
        if ($result) {
            echo '<a href="index.php?m_c=module_polladmin&amp;pollaction=editpoll&amp;pollid=' . mysql_insert_id() . '">Rediger den nye pollen</a>';
        } else {
            echo "Feilmelding: " . mysql_error();
        }
    } else {
        if ($pollaction == 'delpoll') {
            $confirm = $_REQUEST['dc'];
            $pollid = $_REQUEST['pollid'];
            if ($confirm == "yes") {
                $query = "DELETE FROM poll WHERE pollid = " . $pollid . ";";
                $result = DB_update($query);
                $num_results += DB_rows_affected($query);
                $query = "DELETE FROM pollquestion WHERE pollid = " . $pollid . ";";
                $result = DB_update($query);
                $num_results += DB_rows_affected($query);
                $query = "DELETE FROM vote WHERE pollid = " . $pollid . ";";
                $result = DB_update($query);
                $num_results += DB_rows_affected($query);
                if ($num_results < 1) {
                    echo "<br/>Ingenting slettet - feilmelding: " . mysql_error();
                } else {
                    echo "<br/>Avstemningen med tilhørende stemmer og det hele aldeles pulverisert.";
                }
            } else {
                echo "<br/><br/>Sikker på at du vil slette avstemning med id " . $pollid . "? Dette medfører også sletting av alle tilknyttede spørsmål og avlagte stemmer!!<br/>";
                echo '<a href="index.php?m_c=module_polladmin&amp;pollaction=delpoll&amp;dc=yes&amp;pollid=' . $pollid . '">Ja!</a>';
            }
        } else {
            if ($pollaction == 'editpoll') {
                $pollaction2 = $_REQUEST['pollaction2'];
                $pollid = $_REQUEST['pollid'];
                $question = $_REQUEST['question'];
                $description = $_REQUEST['description'];
                if ($pollaction2 == "changetime") {
                    $query = "UPDATE poll SET description = '" . $description . "', time_opened='" . $_REQUEST['time_opened'] . "', time_closed='" . $_REQUEST['time_closed'] . "' WHERE pollid=" . $pollid . ";";
                    DB_update($query);
                    if (!result) {
                        echo 'mysql_error()';
                    }
                }
                if ($pollaction2 == "delquestion") {
                    $altid = $_REQUEST['altid'];
                    $query = "DELETE FROM pollquestion WHERE questionid=" . $altid . " AND pollid=" . $pollid . ";";
                    $result = DB_update($query);
                    //echo $query;
                    if (!$result) {
                        echo mysql_error();
                    }
                }
                if ($pollaction2 == 'addquestion') {
                    $querymax = "SELECT MAX(questionid) as maxid FROM pollquestion;";
                    $row = DB_search($querymax);
                    $newid = $row['maxid'] + 1;
                    $query = "INSERT INTO pollquestion SET pollid=" . $pollid . ", questionid='" . $newid . "', question='" . $question . "';";
                    //echo $query;
                    $result = DB_insert($query);
                    if (!result) {
                        echo mysql_error();
                    }
                }
                $pollid = $_REQUEST['pollid'];
                $query = "SELECT * FROM poll WHERE pollid=" . $pollid . ";";
                $row = DB_search($query);
                $query_questions = "SELECT * FROM pollquestion WHERE pollid=" . $pollid . ";";
                $result = DB_get_table($query_questions);
                $pollid = $row['pollid'];
                echo '<table class="default_table">';
                echo '<tr><td colspan=2><div class="default_header">Rediger spørreundersøkelse</div></td></tr>';
                echo "<tr><td>Tittel</td><td>" . $row['title'] . "</td></tr>";
                form_start_post();
                form_hidden("pollid", $pollid);
                form_hidden("m_c", "module_polladmin");
                form_hidden("pollaction", "editpoll");
                form_hidden("pollaction2", "changetime");
                echo "<tr><td>Beskrivelse (300 tegn)</td><td>" . $row['description'] . "</td><td>";
                form_textarea("description", $row['description'], 10, 10);
                echo "</td></tr>";
                echo "<tr><td>Dato start</td><td>" . $row['time_opened'] . "</td><td>";
                form_textfield("time_opened", $row['time_opened']);
                echo "</td></tr>";
                echo "<tr><td>Date slutt</td><td>" . $row['time_closed'] . "</td><td>";
                form_textfield("time_closed", $row['time_closed']);
                echo "</td></tr>";
                echo "<tr><td colspan=2>Datoformat: 2005-01-31 23:10<br/>Utelat tidspunkt og det settes til 00:00.</td><td>";
                form_submit("submit", "Lagre endringer");
                form_end();
                echo "</tr>";
                while ($row = DB_next_row($result)) {
                    echo '<tr>';
                    echo '<td>' . $row['questionid'] . '</td>';
                    echo '<td>' . $row['question'] . '</td>';
                    echo '<td>';
                    form_start_post();
                    form_submit("submit", "Slett");
                    form_hidden("m_c", "module_polladmin");
                    form_hidden("pollaction2", "delquestion");
                    form_hidden("altid", $row['questionid']);
                    form_hidden("pollaction", "editpoll");
                    form_hidden("pollid", $pollid);
                    form_end();
                    echo '</td>';
                    echo '</tr>';
                }
                echo '</table><br/><br/>';
                echo '<table class="default_table">';
                echo '<tr><td colspan=2>Legg til et alternativ</td></tr>';
                form_start_post();
                echo '<tr><td>Alternativnavn</td><td>';
                form_textfield("question", $_SESSION['question']);
                echo '</td></tr>';
                echo '<tr><td colspan=2>';
                form_submit("submit", "Legg til");
                echo '</td></tr>';
                form_hidden("pollaction", "editpoll");
                form_hidden("pollaction2", "addquestion");
                form_hidden("pollid", $pollid);
                form_hidden("m_c", "module_polladmin");
                form_end();
                echo '</table>';
            } else {
                echo '<table class="default_table">';
                echo '<tr><td colspan=4><div class="default_header">Polladmin</div></td></tr>';
                echo "<tr><td colspan=4>Lag en ny</td></tr>";
                form_start_post();
                echo "<tr><td colspan=2>Tittel</td><td colspan=2>";
                form_textfield("polltitle", $_SESSION['polltitle']);
                echo '</td></tr>';
                echo '<tr><td colspan=4>';
                form_submit("submit", "Opprett(rediger den for å fullføre)");
                echo '</td></tr>';
                form_hidden("pollaction", "addpoll");
                form_hidden("m_c", "module_polladmin");
                form_end();
                echo '<tr><td colspan=2></td></tr>';
                echo '<tr><td colspan=4><div class="default_header">Eksisterende polls</div></td></tr>';
                $query = "SELECT * FROM poll";
                $result = DB_get_table($query);
                echo '<tr><td>Tittel</td><td>Start</td><td>Slutt</td><td>Rediger</td></tr>';
                while ($row = DB_next_row($result)) {
                    echo '<tr><td>' . $row['title'] . '</td><td>' . $row['time_opened'] . '</td>';
                    echo '<td>' . $row['time_closed'] . '</td>';
                    echo '<td><a href="index.php?m_c=module_polladmin&amp;pollaction=editpoll&pollid=' . $row['pollid'] . '">Rediger</a>';
                    echo '<br/><a href="index.php?m_c=module_polladmin&amp;pollaction=delpoll&pollid=' . $row['pollid'] . '">Slett</a></td>';
                    echo '</tr>';
                }
                echo '</table>';
            }
        }
    }
}
示例#2
0
function module_login()
{
    if (isset($_COOKIE['kengu10'])) {
        $returning_user = $_COOKIE['kengu10'];
    }
    if (isset($_REQUEST['username'])) {
        $username = $_REQUEST['username'];
    }
    if (isset($_REQUEST['password'])) {
        $password = $_REQUEST['password'];
    }
    if (isset($_REQUEST['logmeout'])) {
        $logout = $_REQUEST['logmeout'];
    }
    if (isset($_REQUEST['registration'])) {
        $registration = $_REQUEST['registration'];
    }
    if (isset($_REQUEST['remember'])) {
        $remember = $_REQUEST['remember'];
    } else {
        $remember = "";
    }
    global $loginfeedback;
    if (isset($username) && !isset($registration) && isset($password)) {
        $username = strip_tags($username);
        $password = strip_tags($password);
        if (login($username, $password)) {
            $_SESSION['valid_user'] = $username;
            $row = DB_search("SELECT * FROM user WHERE username=\"" . $username . "\";");
            if ($row['admin'] == 1) {
                $_SESSION['valid_admin'] = $username;
                $loginfeedback = "adminloggedin";
            }
            if ($row['may_post'] == 1) {
                $_SESSION['user_may_post'] = 1;
            }
            if ($remember == "on") {
                setcookie("kengu10", $username, time() + 60 * 60 * 24 * 100);
                setcookie("kengu100", $row['password'], time() + 60 * 60 * 24 * 100);
            }
            $_SESSION['user_firstname'] = $row['firstname'];
            $loginfeedback = "loggedin";
        } else {
            $loginfeedback = "failed";
        }
    } else {
        if (isset($logout)) {
            setcookie("kengu10", "", time() - 3600);
            setcookie("kengu100", "", time() - 3600);
            $_SESSION = array();
            session_destroy();
            $loginfeedback = "loggedout";
        } else {
            if (isset($returning_user) && !isset($_SESSION['valid_user'])) {
                if (isset($_COOKIE['kengu10']) && isset($_COOKIE['kengu100'])) {
                    if (login($_COOKIE['kengu10'], $_COOKIE['kengu100'])) {
                        // Login with cookie info successful
                        $username = $_COOKIE['kengu10'];
                        $_SESSION['valid_user'] = $username;
                        $loginfeedback = "loggedin";
                        $row = DB_search("SELECT * FROM user WHERE username=\"" . $username . "\";");
                        if ($row['admin'] == 1) {
                            $_SESSION['valid_admin'] = $username;
                            $loginfeedback = "adminloggedin";
                        }
                        if ($row['may_post'] == 1) {
                            $_SESSION['user_may_post'] = 1;
                        }
                        $_SESSION['user_firstname'] = $row['firstname'];
                    } else {
                        // Login failed
                        setcookie("kengu10", $username, time() - 60 * 60 * 24 * 100);
                        setcookie("kengu100", $row['password'], time() - 60 * 60 * 24 * 100);
                    }
                }
            } else {
                $loginfeedback = "nothinghappening";
            }
        }
    }
}
示例#3
0
function module_user_admin()
{
    // adminpage, stop here if not logged in/right access-level
    if (!isValidAdmin()) {
        echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
        return;
    }
    echo "<!-- start user admin -->";
    $all_ok = true;
    global $menu_files;
    if (isset($_REQUEST['edituser'])) {
        if (isset($_REQUEST['savechanges'])) {
            if (!($password1 == $password2)) {
                $all_ok = false;
                $error_msg .= " Passwords don't match!";
            }
            if ($all_ok) {
                $result = saveuser($_POST['username'], $_POST['password1'], $_POST['email'], $_POST['firstname'], $_POST['lastname'], $_POST['webpage'], $_POST['birthdate'], $_POST['description'], $_POST['admin'], $_POST['may_post']);
            } else {
                echo $error_msg;
            }
            if ($result) {
                echo "Changes saved. Jolly good.";
                global $logtype;
                write_log_entry($_POST['username'], $logtype['user'], "admin_useredit,");
            } else {
                echo "No changes were made.";
            }
        } else {
            $query = "SELECT * FROM user WHERE username=\"" . $_POST['edituser'] . "\";";
            $row = DB_search($query);
            form_start_post();
            echo '<table class="default_table">';
            echo '<tr><td>Brukernavn</td><td>';
            echo $row['username'];
            echo '</td></tr>';
            echo '<tr><td>E-post</td><td>';
            form_textfield("email", stripslashes($row['email']));
            echo ' (må ligne på en ordentlig adresse)</td></tr>';
            echo '<tr><td>Fornavn</td><td>';
            form_textfield("firstname", $row['firstname']);
            echo ' (det dine venner kaller deg)</td></tr>';
            echo '<tr><td>Etternavn</td><td>';
            form_textfield("lastname", stripslashes($row['lastname']));
            echo ' (det du het i militæret)</td></tr>';
            echo '<tr><td>Passord</td><td>';
            form_password("password1", "");
            echo ' (minst 6 tegn)</td></tr>';
            echo '<tr><td>Gjenta passord</td><td>';
            form_password("password2", "");
            echo ' (helst likt det i feltet over)</td></tr>';
            echo '<tr><td>Fødselsdato</td><td>';
            form_select_number("birthday", 0, 0, $birthday);
            form_select_number("birthmonth", 0, 0, $birthmonth);
            form_select_number("birthyear", 0, 0, $birthyear);
            echo '</td></tr>';
            echo '<tr><td>Webside</td><td>';
            form_textfield("webpage", stripslashes($row['webpage']));
            echo ' (gjerne en som fins)</td></tr>';
            echo '<tr><td>Er administrator</td><td>';
            form_textfield("admin", stripslashes($row['admin']));
            echo ' (er brukeren admin?)</td></tr>';
            echo '<tr><td>Kan skrive artikler</td><td>';
            form_textfield("may_post", stripslashes($row['may_post']));
            echo ' 0=nei, 1=ja</td></tr>';
            echo '<tr><td>Eventuelt tilknyttet bildes fil-id:</td><td>';
            echo $row['picture'];
            echo ' (fjernes via filadmin: ' . $menu_files . ')</td></tr>';
            echo '<tr><td colspan=2>Ymse visvas<br/>';
            form_textarea("description", stripslashes($row['description']), 30, 10);
            echo '<br/>(hvis det er noe mer vi bør vite om deg)<br/><br/></td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("Button", "Lagre profilendringer");
            echo '</td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("canceledit", "Avbryt profilendring");
            echo '</td></tr>';
            form_hidden("username", $row['username']);
            form_hidden("savechanges", "savechanges");
            form_hidden("edituser", "savechanges");
            form_hidden("m_c", "module_user_admin");
            echo '</table>';
            form_end();
        }
    } else {
        if ($_POST['deleteuser']) {
            if ($_POST['reallysure']) {
                $query = "DELETE FROM user WHERE username =\"" . $_POST['deleteuser'] . "\";";
                $result = DB_update($query);
                if ($result == 1) {
                    global $logtype;
                    write_log_entry($_POST['username'], $logtype['user'], "admin_deleteduser,");
                    echo "Bruker " . $_POST['deleteuser'] . " er slettet.";
                } else {
                    if ($result == 0) {
                        echo "Kunne ikke slette brukeren - fins fyren?";
                    } else {
                        if ($result > 1) {
                            echo "Du har prestert &aring slette flere eksemplarer av denne brukeren :p";
                        }
                    }
                }
            } else {
                echo "<div>Sikker på at du vil slette " . $_POST['deleteuser'] . "? <a href=\"index.php\">No, go back!</a></div>";
                form_start_post();
                form_hidden("m_c", "module_user_admin");
                form_hidden("reallysure", "yes");
                form_hidden("deleteuser", $_POST['deleteuser']);
                form_submit("submit", "Ja, slett!");
                form_end();
            }
        } else {
            $query = "SELECT * FROM user";
            $result = DB_get_table($query);
            $num_users = DB_rows_affected($result);
            echo '<table class="default_table">';
            for ($i = 0; $i < $num_users; $i++) {
                $row = DB_next_row($result);
                echo '<tr><td><b>Bruker</b></td><td><b>';
                echo $row['username'];
                echo '</b></td></tr><tr><td>Fornavn</td><td>';
                echo $row['firstname'];
                //echo '</td></tr><tr><td>Etternavn</td><td>';
                //echo $row['lastname'];
                echo '</td></tr><tr><td>E-post</td><td>';
                echo $row['email'];
                echo '</td></tr><tr><td>Fødselsdato</td><td>';
                echo date_nor_sql($row['birthdate']);
                echo '</td></tr><tr><td>Admin?</td><td>';
                if ($row['admin'] != "" && $row['admin'] != 0) {
                    echo 'Ja (' . $row['admin'] . ')';
                } else {
                    echo 'Nei (' . $row['admin'] . ')';
                }
                echo '</td></tr><tr><td>Kan poste?</td><td>';
                if ($row['may_post'] != "" && $row['may_post'] != 0) {
                    echo 'Ja (' . $row['may_post'] . ')';
                } else {
                    echo 'Nei (' . $row['may_post'] . ')';
                }
                echo '</td></tr><tr><td>Tilknyttet bilde, fil-id</td><td>';
                echo $row['picture'];
                echo '</td></tr><tr><td colspan=2>';
                ?>
			  	<form action="index.php" method="post">
			  	<input type="hidden" value="module_user_admin" name="m_c" />
				 <input type="submit" name="edit" value="Edit user" />
			     <input type="hidden" name="edituser" value=<?php 
                echo $row['username'];
                ?>
 />
				 </form>
			  	<form action="index.php" method="post">
			  	<input type="hidden" value="module_user_admin" name="m_c" />
				 <input type="submit" name="delete" value="Delete user" />
			     <input type="hidden" name="deleteuser" value=<?php 
                echo $row['username'];
                ?>
 />
				 </form>

			 	<?php 
                echo '</td></tr><tr><td colspan=2><hr/></td></tr>';
            }
            echo '</table>';
        }
    }
}
示例#4
0
function searchDB($query)
{
    return DB_search($query);
}
示例#5
0
function form_article()
{
    $edit = $_REQUEST['edit'];
    // Set if edit requested on an article
    $re_edit = $_SESSION['editarticle'];
    // Set if user got an error on first attempt to edit
    if (isset($re_edit)) {
        echo '<table class="default_table">';
        form_start_post();
        echo '<tr><td>Forfatter</td><td>';
        form_textfield("author", stripslashes($_SESSION['author']));
        echo '</td></tr>';
        echo '<tr><td>Tittel</td><td class="form_article_title">';
        form_textfield("title", stripslashes(fix_quotes($_SESSION['title'])));
        echo '</td></tr>';
        echo '<tr><td>Dato</td><td>';
        form_datewidget($_SESSION['date_posted']);
        echo '</td></tr>';
        echo '<tr><td>Tidspunkt</td><td>';
        form_timewidget($_SESSION['time_posted']);
        echo '</td></tr>';
        if ($_SESSION['is_draft'] == "ON") {
            echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
            form_checkbox("is_draft", "ON", "1");
            echo '</td></tr>';
        } else {
            echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
            form_checkbox("is_draft", "ON", "0");
            echo '</td></tr>';
        }
        echo '<tr><td colspan=2 class="form_article_text">';
        form_textarea("body", stripslashes($_SESSION['body']), 30, 10);
        echo '</td></tr>';
        echo '<tr><td colspan=2>';
        form_submit("Button", "Lagre artikkelen");
        echo '</td></tr>';
        echo '<tr><td colspan=2>';
        form_submit("preview", "Forhåndsvis artikkel");
        echo '</td></tr>';
        form_hidden("m_c", "module_add_article");
        form_hidden("articleid", $_SESSION['articleid']);
        if (isset($edit)) {
            form_hidden("editarticle", "editarticle");
        }
        echo '</table>';
        form_end();
    } else {
        if (isset($edit)) {
            $articleid = $_REQUEST['articleid'];
            $query = "SELECT * FROM articles WHERE articleid = " . $_REQUEST['articleid'] . ";";
            $row = DB_search($query);
            form_start_post();
            echo '<tr><td>Forfatter</td><td>';
            form_textfield("author", $row['author']);
            echo '</td></tr>';
            echo '<tr><td>Tittel</td><td class="form_article_title">';
            form_textfield("title", stripslashes(fix_quotes($row['title'])));
            echo '</td></tr>';
            echo '<tr><td>Dato</td><td>';
            form_datewidget($row['date_posted']);
            echo '</td></tr>';
            echo '<tr><td>Tidspunkt</td><td>';
            form_timewidget($row['time_posted']);
            echo '</td></tr>';
            if (isset($row['is_draft']) && $row['is_draft'] == 1) {
                echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
                form_checkbox("is_draft", "ON", "1");
                echo '</td></tr>';
            } else {
                echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
                form_checkbox("is_draft", "ON", "0");
                echo '</td></tr>';
            }
            echo '<tr><td colspan=2 class="form_article_text">';
            form_textarea("body", stripslashes($row['body']), 30, 10);
            echo '</td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("Button", "Lagre endringene");
            echo '</td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("preview", "Forhåndsvis artikkel");
            echo '</td></tr>';
            form_hidden("editarticle", "true");
            form_hidden("m_c", "module_add_article");
            form_hidden("articleid", $row['articleid']);
            echo '</table>';
            form_end();
        } else {
            form_start_post();
            echo '<tr><td>Forfatter</td><td>';
            form_textfield("author", $_SESSION['user_firstname']);
            echo '</td></tr>';
            echo '<tr><td>Tittel</td><td class="form_article_title">';
            form_textfield("title", "");
            echo '</td></tr>';
            echo '<tr><td>Dato</td><td>';
            form_datewidget(date("Y-m-d"));
            echo '</td></tr>';
            echo '<tr><td>Tidspunkt</td><td>';
            form_timewidget(date("H:i"));
            echo '</td></tr>';
            echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
            form_checkbox("is_draft", "ON", "0");
            echo '</td></tr>';
            echo '<tr><td colspan=2 class="form_article_text">';
            form_textarea("body", "", 30, 10);
            echo '</td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("Button", "Lagre artikkelen");
            echo '</td></tr>';
            echo '<tr><td colspan=2>';
            form_submit("preview", "Forhåndsvis artikkel");
            echo '</td></tr>';
            form_hidden("m_c", "module_add_article");
            echo '</table>';
            form_end();
        }
    }
}