/**
* Note to anyone feeling the need to edit this file...
* You MUST declare $db as global inside your functions in order access MySQL from here.
*/
function changePassword()
{
echo "<script type=\"text/javascript\" src=\"scripts/mocha.js\"></script>";
global $db;
if (isset($_POST['processed'])) {
$password = $_POST['password'];
$confirm = $_POST['confirm'];
if ($password != $confirm) {
ReportError("The passwords you entered did not match.");
PageRedirect(3, "?op=settings&change=password");
return;
} else {
if (strlen($password) < 6) {
ReportError("The password you entered is less than 6 characters.");
PageRedirect(3, "?op=settings&change=password");
return;
}
}
$newpassword = crypt(md5($password), 'iamnotadirtywhorebitch');
$username = $_SESSION['username'];
$db->Query("UPDATE `bayonet_users` SET `password` = '{$newpassword}' WHERE `username` = '{$username}' LIMIT 1");
echo "Your password has successfully been changed.";
PageRedirect(3, "?op=settings");
return;
}
?>
<div id="pwordCont">
<form method="POST" action="<?php
$_SERVER['PHP_SELF'];
?>
">
<h1>Change Your Password</h1>
<table>
<tr>
<td class="right">Password: </td>
<td><input type="password" id="inputPassword" name="password" style="width:200px;" /></td>
<td>
<table cellspacing="0">
<tr><td>Password Strength:</td><td id="complexity"></td></tr>
<tr><td colspan="2"><div class="outer"><div id="rating"></div></div></td></tr>
</table>
</td>
</tr>
<tr><td></td><td style="text-align:center; color:#626262;">Minimum of 6 Characters</td><td></td></tr>
<tr>
<td>Confirm Password: </td>
<td><input type="password" name="confirm" style="width:200px;" /></td>
</tr>
<tr><td colspan="2"><input type="submit" value="Change Password" name="processed" /></td>
</table>
</form>
</div>
<?php
}
/**
* Note to anyone feeling the need to edit this file...
* You MUST declare $db as global inside your functions in order access MySQL from here.
*/
function EditAnnouncements()
{
global $db;
if (isset($_POST['processed'])) {
//Secure our data to prevent injection attacks.
$title = addslashes($_POST['title']);
$text = addslashes($_POST['text']);
if (empty($title) || empty($text)) {
echo "You must fill everything out before proceeding.";
return;
}
//Update the database with the new data.
$db->Query("UPDATE bayonet_announcements SET title = '{$title}', text = '{$text}' WHERE announcement_id = 0");
echo "Announcement, '{$title}', has been edited.\n <br /><br /> Please wait while you are redirected. <br /><br /> \n\t\t\t<a href=\"?op=announcements\">Click here if you don't feel like waiting.</a>";
// 3 second redirect to go back to the edit page
PageRedirect(2, "?op=announcements");
//die, because we have completed what we wanted to do.
return;
}
//Grab the page from the database according to the $article_id passed to the function.
$result = $db->Query("SELECT title,text FROM bayonet_announcements WHERE announcement_id = 0");
$announcement = $db->FetchRow($result);
?>
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<table>
<tr><td>Announcement Title: <input type="text" name="title" value="<?php
echo $announcement['title'];
?>
" maxlength="50" size="30" /> </td></tr>
<tr><td> <textarea id="markItUp" rows="30" cols="80" name="text"><?php
echo $announcement['text'];
?>
</textarea> </td></tr>
<tr><td> <input type="submit" name="processed" value="Submit Changes" /> </td></tr>
</table>
</form>
<?php
}
function login()
{
global $db;
if (isset($_SESSION['username']) || isset($_SESSION['password'])) {
return true;
}
if (isset($_POST['processed'])) {
$username = addslashes($_POST['username']);
$password = addslashes($_POST['password']);
$password = crypt(md5($password), 'iamnotadirtywhorebitch');
$result = $db->Query("SELECT * FROM bayonet_users WHERE username = '******' AND password = '******' LIMIT 1");
$rows = $db->Rows($result);
$row = $db->FetchRow($result);
if ($rows > 0) {
$_SESSION['username'] = stripslashes($username);
$_SESSION['password'] = stripslashes($password);
$_SESSION['level'] = $row['level'];
return true;
} else {
ReportError("Login incorrect.");
//NOT CORRECT LOGIN, DEFAULT TO LOGIN PAGE
//echo "<meta http-equiv=\"Refresh\" content=\"1;url=index.php\">";
PageRedirect(1, "index.php");
return false;
}
} else {
echo "<form action=\"\" method=\"post\">\n";
//OpenTable();
echo "<table style=\"width:100%; height:600px;\">";
echo "<tr><td><table width=\"450px\" style=\"background-color:white;\" align=\"center\">\n\n <tr><td colspan=\"2\" style=\"text-align:center;\"><img src=\"images/bayonet_logo.jpg\" /></td></tr>\n\n <tr><th colspan=\"2\">Administrative Login</th></tr>\n\n <tr><th style=\"text-align:right;\">Username</th><td><input size=\"20\" type=\"text\" name=\"username\"></td></tr>\n\n <tr><th style=\"text-align:right;\">Password</th><td><input size=\"20\" type=\"password\" name=\"password\"></td></tr>\n\n <tr><th colspan=\"2\" align=\"center\"><input type=\"Submit\" name=\"processed\" value=\"Login\"></th></tr></td></tr>\n\n </table>\n";
//CloseTable();
echo "</table>";
echo "</form>\n";
return false;
}
}
<?php
$award = getAward($award_id);
$form = new BayonetForm("", "POST");
if ($form->verifySubmit('processed')) {
global $db;
$name = $form->request['name'];
$text = $form->request['text'];
$db->Query("UPDATE `rudi_awards` SET `name` = '{$name}', `description` = '{$text}' WHERE `award_id` = '{$award_id}' LIMIT 1");
PageRedirect(1, "?op=rudi&show=awards&award={$award_id}");
return;
}
echo LinkInternal("Cancel", "?op=rudi&show=awards&cid={$award['class_id']}");
OpenTable();
?>
<tr><th>Name:</th><td><?php
$form->textField('name', $award['name'], false, "50");
?>
</td><tr>
<tr><th>Image:</th><td><?php
?>
</td></tr>
<tr><th>Text:</th><td><?php
$form->textArea('text', 10, 30, $award['description']);
?>
</td></tr>
<tr><td><?php
$form->submitButton('processed', 'Update');
?>
</td></tr>
function ResetPassword($user_id)
{
global $db;
$result = $db->Query("SELECT `username`, `email` FROM `bayonet_users` WHERE `user_id` = '{$user_id}' LIMIT 1");
$admin = $db->FetchRow($result);
decho($admin);
if (isset($_POST['proceed'])) {
$password = GeneratePassword(8);
$cryptpassword = crypt(md5($password), 'iamnotadirtywhorebitch');
$status = EmailPassword($admin['username'], $password, $admin['email']);
if ($status) {
$db->Query("UPDATE `bayonet_users` SET `password` = '{$cryptpassword}' WHERE `user_id` = '{$user_id}' LIMIT 1");
echo "Password has been reset and emailed to '{$admin['username']}'";
PageRedirect(3, "?op=admins");
} else {
ReportError("An error has occured emailing the new password. It will not take effect.");
}
return;
}
if (isset($_POST['cancel'])) {
echo "The password <b>WILL NOT</b> be reset for '{$admin['username']}'";
PageRedirect(3, "?op=admins");
return;
}
?>
<center>
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<table>
<th>Are you SURE you want to reset this user's password: '******'username'];
?>
'?</th>
<tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr>
</table>
</form>
</center>
<?php
}
function EditBlock($block_id)
{
global $db;
if (isset($_POST['processed'])) {
//Secure our data to prevent injection attacks.
$weight = (int) addslashes($_POST['weight']);
$dir_name = addslashes($_POST['dir_name']);
$position = (int) addslashes($_POST['position']);
$active = addslashes($_POST['active']);
$title = addslashes($_POST['title']);
if (!is_int($weight) || empty($dir_name) || empty($title) || !is_int($position)) {
echo "You must fill everything out before proceeding.";
return;
}
//Update the database with the new data.
$db->Query("UPDATE bayonet_blocks SET title = '{$title}', weight = '{$weight}', dir_name = '{$dir_name}', position = '{$position}', active = '{$active}' WHERE block_id = '{$block_id}'");
//$isActive = $active ? "IS" : "IS NOT";
echo "Block, '{$dir_name}', at position '{$weight}'(order) has been edited.\n";
PageRedirect(3, "?op=blocks");
//die, because we have completed what we wanted to do.
return;
}
//Grab the page from the database according to the $page_id passed to the function.
$result = $db->Query("SELECT weight,dir_name,position,active,title FROM bayonet_blocks WHERE block_id = '{$block_id}'");
$block = $db->FetchRow($result);
?>
You are currently editing the '<?php
echo $block['title'];
?>
' block<br /><br />
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<table align="center">
<tr><th>Title</th><td><input type="text" name="title" value="<?php
echo $block['title'];
?>
" /></td></tr>
<tr><th>Weight</th><td><input type="text" name="weight" value="<?php
echo $block['weight'];
?>
" /></td></tr>
<tr><th>Position</th><td><?php
GetPosition($block['position']);
?>
</td></tr>
<tr><th>Directory Name</th><td><input type="text" name="dir_name" value="<?php
echo $block['dir_name'];
?>
" /></td>
<tr><th>Active</th><td>
<select name="active">
<?php
GetActive($block_id, $block['active']);
?>
</select>
</td>
<tr><th colspan="2"><input type="submit" name="processed" value="Submit" /><?php
echo LinkInternal('<input type="button" value="Cancel" />', "?op=blocks");
?>
</th></tr>
</table>
</form>
<?php
}
$xfire = addslashes($_POST['xfire']);
$email = addslashes($_POST['email']);
$bio = addslashes($_POST['bio']);
//$discharged = empty($discharged) ? NULL : "'{$discharged}'";
$query = "INSERT INTO `rudi_unit_members` SET" . " `rank_id` = '{$rank_id}'," . " `country_id` = '{$country_id}'," . " `role_id` = '{$role_id}', " . " `status_id` = '{$status_id}'," . " `cunit_id` = '{$unit_id}'," . " `weapon_id` = '{$weapon_id}'," . " `weapon2_id` = '{$weapon2_id}'," . " `a2_id` = '{$a2_id}'," . " `oa_id` = '{$oa_id}'," . " `username` = '{$username}'," . " `email` = '{$email}'," . " `xfire` = '{$xfire}'," . " `first_name` = '{$first_name}'," . " `last_name` = '{$last_name}'," . " `location_city` = '{$city}'," . " `location_province` = '{$province}'," . " `bio` = '{$bio}'," . " `date_enlisted` = '{$enlisted}'," . " `date_promotion` = '{$promoted}'," . " `primary_mos` = '{$primary_mos}',";
if (empty($discharged)) {
$query = $query . " `date_discharged` = null";
} else {
$query = $query . " `date_discharged` = '{$discharged}'";
}
decho($query);
$db->Query($query);
$member_id = $db->InsertID();
decho($member_id);
//$db->Query("INSERT INTO `rudi_roles_container` SET `role_id` = '$role_id', `member_id` = '$member_id'");
PageRedirect(1, "?op=rudi&show=members&profile={$member_id}");
return;
}
?>
<a href="?op=rudi&show=members">Cancel</a><br />
<form method="POST" action="">
<table width="100%" style="text-align:center;">
<tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php
echo $member['first_name'] . " " . $member['last_name'];
?>
</th></tr>
<tr><td class="right" width="50%">Rank:</td><td class="left">
<select name="rank">
<?php
$ranks = GetRanks();
foreach ($ranks as $rank) {
function DeletePage($page_id)
{
global $db;
$result = $db->Query("SELECT title FROM bayonet_pages WHERE page_id = '{$page_id}' LIMIT 1");
$page = $db->FetchRow($result);
if (isset($_POST['proceed'])) {
echo "Page '{$page['title']}', was deleted.";
$db->Query("DELETE FROM bayonet_pages WHERE page_id = '{$page_id}' LIMIT 1");
PageRedirect(2, "?op=pages&edit={$page_id}");
return;
}
if (isset($_POST['cancel'])) {
echo "User cancelled deletion of page: '{$page['title']}'";
PageRedirect(2, "?op=pages&edit={$page_id}");
return;
}
if ($page_id == 1) {
echo "You can not delete the home page.";
PageRedirect(2, "?op=pages&edit={$page_id}");
return;
}
?>
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<table>
<th>Are you <u>SURE</u> you want to delete the page titled: '<?php
echo $page['title'];
?>
'?<br />All articles attached to this page will be deleted as well.</th>
<tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr>
</table>
</form>
<?php
}
function EditStatus($member_id)
{
global $db;
$form = new BayonetForm("", "POST");
if ($form->VerifySubmit('processed')) {
echo "Please wait while your information is being processed...";
$status_id = $form->request['status'];
$db->query("UPDATE `rudi_unit_members` SET `status_id` = '{$status_id}' WHERE `member_id` = '{$member_id}' LIMIT 1");
PageRedirect(1, "?op=adjutant&edit=loas&member={$member_id}");
return;
}
$result = $db->Query("SELECT * FROM `rudi_unit_members` JOIN `rudi_ranks` ON rudi_unit_members.rank_id=rudi_ranks.rank_id WHERE `member_id` = '{$member_id}' LIMIT 1");
$row = $db->FetchRow($result);
?>
<center>
<table width="50%" style="text-align:center;">
<tr><th>Rank</th><th>Soldier</th><th>Status</th></tr>
<tr>
<td><?php
echo $row['shortname'];
?>
</td>
<td><?php
echo $row['first_name'] . " " . $row['last_name'];
?>
</td>
<td style="text-align:left;">
<?php
$form->radioButton('status', 1, $row['status_id'] == 1 ? true : false);
?>
Active<br />
<?php
$form->radioButton('status', 2, $row['status_id'] == 2 ? true : false);
?>
On Leave<br />
<?php
$form->radioButton('status', 3, $row['status_id'] == 3 ? true : false);
?>
On Extended Leave
</td>
</tr>
<tr><td colspan="3"><?php
$form->submitButton('processed');
?>
</td></tr>
</table>
</center>
<?php
$form->__destruct();
}
<?php
$class_id = $_GET['cid'];
$form = new BayonetForm("", "POST");
if ($form->verifySubmit('processed')) {
global $db;
$name = $form->request['name'];
$text = $form->request['text'];
decho("INSERT INTO `rudi_awards` SET `class_id` = '{$class_id}', `name` = '{$name}', `description` = '{$text}'");
$db->Query("INSERT INTO `rudi_awards` SET `class_id` = '{$class_id}', `name` = '{$name}', `image` = '', `description` = '{$text}'");
PageRedirect(1, "?op=rudi&show=awards&cid=" . $class_id);
return;
}
echo LinkInternal("Cancel", "?op=rudi&show=awards&cid=" . $class_id);
OpenTable();
?>
<tr><th>Name:</th><td><?php
$form->textField('name', "", false, "50");
?>
</td><tr>
<tr><th>Image:</th><td><?php
?>
</td></tr>
<tr><th>Text:</th><td><?php
$form->textArea('text', 10, 30);
?>
</td></tr>
<tr><td><?php
$form->submitButton('processed', 'Add');
?>
function NewEvent()
{
global $db;
if (isset($_POST['processed'])) {
//Secure our data to prevent injection attacks.
$title = addslashes($_POST['title']);
$text = addslashes($_POST['text']);
$year = addslashes($_POST['year']);
$month = addslashes($_POST['month']);
$day = addslashes($_POST['day']);
$time = addslashes($_POST['time']);
$color = addslashes($_POST['color']);
$date = date("Y-m-d", mktime(0, 0, 0, $month, $day, $year));
if (empty($title) || empty($text)) {
echo "You must fill everything out before proceeding.";
return;
}
$sent = false;
//Update the database with the new data.
if (!$sent) {
$sent = true;
$db->Query("INSERT INTO `bayonet_events` (`event_id` ,`date` ,`time` ,`title` ,`text` ,`color`)VALUES (NULL , '{$date}', '{$time}', '{$title}', '{$text}', '{$color}')");
//echo '<script>location.href="?op=calendar&list='.$date.'";</script>';
}
echo "New event, '{$title}', has been added.\n";
PageRedirect(2, "?op=calendar");
//die, because we have completed what we wanted to do.
return;
}
?>
<h3>Add New Event</h3>
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<table>
<tr><th>Title</th><td><input type="text" name="title" value="" /></td></tr>
<tr><th>Color</th><td><input type="text" name="color" value="" /></td></tr>
<tr><th>Date</th><td><?php
SelectDate($_GET['date']);
?>
</td></tr>
<tr><th>Time</th><td><input type="text" name="time" value="12:00" maxlength="5" size="5" /></td></tr>
<tr><th>Text</th><td><textarea id="markItUp" rows="30" cols="80" name="text"></textarea></td>
<tr><th colspan="2"><input type="submit" name="processed" value="Submit" /></th></tr>
</table>
</form>
<?php
}
$xfire = addslashes($_POST['xfire']);
$email = addslashes($_POST['email']);
$bio = addslashes($_POST['bio']);
//$discharged = empty($discharged) ? NULL : "'{$discharged}'";
$query = "UPDATE `rudi_unit_members` SET" . " `rank_id` = '{$rank_id}'," . " `country_id` = '{$country_id}'," . " `role_id` = '{$role_id}', " . " `status_id` = '{$status_id}'," . " `cunit_id` = '{$unit_id}'," . " `weapon_id` = '{$weapon_id}'," . " `weapon2_id` = '{$weapon2_id}'," . " `a2_id` = '{$a2_id}'," . " `oa_id` = '{$oa_id}'," . " `username` = '{$username}'," . " `email` = '{$email}'," . " `xfire` = '{$xfire}'," . " `first_name` = '{$first_name}'," . " `last_name` = '{$last_name}'," . " `location_city` = '{$city}'," . " `location_province` = '{$province}'," . " `bio` = '{$bio}'," . " `date_enlisted` = '{$enlisted}'," . " `date_promotion` = '{$promoted}'," . " `primary_mos` = '{$primary_mos}',";
if (empty($discharged)) {
$query = $query . " `date_discharged` = null";
} else {
$query = $query . " `date_discharged` = '{$discharged}'";
}
$query = $query . " WHERE `member_id` = '{$member_id}' LIMIT 1";
decho($query);
$db->Query($query);
//$db->Query("UPDATE `rudi_roles_container` SET `role_id` = '$role_id' WHERE `member_id` = '$member_id' LIMIT 1");
/* do the role query as well */
PageRedirect(1, "?op=rudi&show=members");
return;
}
$member = GetMember($member_id);
?>
<a href="?op=rudi&show=members">Cancel</a><br />
<form method="POST" action="">
<table width="100%" style="text-align:center;">
<tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php
echo $member['first_name'] . " " . $member['last_name'];
?>
</th></tr>
<tr><td class="right" width="50%">Rank:</td><td class="left">
<select name="rank">
<?php
$ranks = GetRanks();
<?php
global $db;
$result = $db->Query("SELECT `name`, `class_id` FROM `rudi_awards` WHERE `award_id` = '{$award_id}' LIMIT 1");
$award = $db->FetchRow($result);
$form = new BayonetForm("", "POST");
if (isset($_POST['proceed'])) {
echo "Award '{$award['name']}', was deleted.";
$db->Query("DELETE FROM `rudi_awards` WHERE `award_id` = '{$award_id}' LIMIT 1");
PageRedirect(2, "?op=rudi&show=awards&cid={$award['class_id']}");
return;
}
if (isset($_POST['cancel'])) {
echo "User cancelled deletion of award: '{$award['name']}'";
PageRedirect(2, "?op=rudi&show=awards&cid={$award['class_id']}");
return;
}
OpenTable();
?>
<th>Are you <u>SURE</u> you want to delete the award titled: '<?php
echo $award['name'];
?>
'?<br />All users who have recieved this award will lose it off their records (not yet at least).</th>
<tr><th><button name="proceed">Yes</button> <button name="cancel">No</button></th></tr>
<?php
CloseTable();
$form->__destruct();
function AddAwardRecord($member_id)
{
global $db;
$form = new BayonetForm("", "POST");
if ($form->verifySubmit('processed')) {
$date = $form->request['date'];
$details = $form->request['details'];
$award_id = $_POST['award'];
decho($form->request);
$db->Query("INSERT INTO `rudi_award_record` SET `member_id` = '{$member_id}', `award_id` = '{$award_id}', `date_added` = '{$date}', `record_note` = '{$details}', `added_by` = 1");
PageRedirect(1, "?op=rudi&show=members&award={$member_id}");
return;
}
$result = $db->Query("SELECT `date_added`, `record_note`, `member_id` FROM `rudi_service_record` WHERE `record_id` = '{$record_id}' LIMIT 1");
$row = $db->FetchRow($result);
echo "<a href=\"?op=rudi&show=members&award={$member_id}\">Cancel</a>";
OpenTable();
?>
<tr><td>Award:</td><td>
<select name="award">
<?php
$awards = GetAllAwards();
foreach ($awards as $award) {
echo "<option value=\"{$award['award_id']}\">{$award['name']}</option>";
}
?>
</select>
</td></tr>
<tr><td>Date:</td><td><?php
$form->textField('date');
?>
</td></tr>
<tr><td>Details:</td><td><?php
$form->textArea('details', 10, 30);
?>
</td></tr>
<tr><td colspan="2"><?php
$form->submitButton('processed', 'Add');
?>
</td></tr>
<?php
CloseTable();
$form->__destruct();
}
function DisableSlide($slide_id)
{
global $db;
$result = $db->Query("SELECT `weight` FROM `bayonet_newsreel` WHERE `slide_id` = '{$slide_id}' LIMIT 1");
$slide = $db->FetchRow($result);
$oldWeight = $slide['weight'];
if ($oldWeight < MAX_SLIDES) {
$total = getNumOfActive();
for ($i = $oldWeight + 1; $i <= $total; $i++) {
//echo "Change Weight:".$i." to ".($i-1)."<br />";
$new = $i - 1;
$db->Query("UPDATE `bayonet_newsreel` SET `weight` = '{$new}' WHERE `weight` = '{$i}' LIMIT 1");
}
}
$db->Query("UPDATE `bayonet_newsreel` SET `visible` = 0, `weight` = 0 WHERE `slide_id` = '{$slide_id}' LIMIT 1");
PageRedirect(0, "?op=newsreel");
}
function CreateNews()
{
global $db;
if (isset($_POST['processed'])) {
$title = $_POST['title'];
//$datetime = $_POST['year']."-".$_POST['month']."-".$_POST['day']." ".$_POST['time'];
date_default_timezone_set('America/New_York');
$datetime = date('Y-m-d H:i:s');
$text = $_POST['text'];
$author_id = ADMIN_ID;
$category_id = 1;
$text = addslashes($text);
$db->Query("INSERT INTO `bayonet_news` SET `title` = '{$title}', `message` = '{$text}', `author_id` = '{$author_id}', `date` = '{$datetime}', `category_id` = '{$category_id}'");
decho("INSERT INTO `bayonet_news` SET `title` = '{$title}', `message` = '{$text}', `author_id` = '{$author_id}', `date` = '{$datetime}', `category_id` = '{$category_id}'");
PageRedirect(1, "?op=news");
return;
}
?>
<style type="text/css">
input {
height: 35px;
width: 300px;
font-size: 18px;
}
</style>
<h3>Post News</h3>
<form action="" method="post">
<table>
<tr><td> <input type="text" name="title" value="" /></td></tr>
<tr><td><textarea id="markItUp" rows="30" cols="80" name="text"></textarea></td>
<tr><th colspan="2"><input type="submit" name="processed" value="Post" /></th></tr>
</table>
</form>
<?php
}
