public function actionEdit()
{
global $ICONS;
global $sourceFolder, $cmsFolder, $templateFolder, $moduleFolder, $urlRequestRoot;
$editTemplateForm = "";
if (isset($_POST['templateChange'])) {
$newTemplate = escape($_POST['template']);
$chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$newTemplate}'";
$chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery);
if (mysql_num_rows($chkTemplateExistsResult) > 0) {
$changeQuery = "Update `faculty_module` SET `templateId`={$newTemplate}";
$changeResult = mysql_query($changeQuery);
if (mysql_affected_rows() != 1) {
displayerror("Unable to update. Try again after some time.");
} else {
displayinfo("Successfully updated template");
}
} else {
displayerror("Selected template doesnot exit.");
}
$abc = "hi";
return $abc;
}
if (isset($_POST['templateEdit']) || isset($_GET['templateEdit'])) {
if (isset($_POST['templateEdit'])) {
$template = escape($_POST['template']);
}
if (isset($_GET['templateEdit'])) {
$template = escape($_GET['template']);
}
$chkTemplateExistsQuery = "SELECT `template_name` FROM `faculty_template` WHERE `template_id`='{$template}'";
$chkTemplateExistsResult = mysql_query($chkTemplateExistsQuery);
if (mysql_num_rows($chkTemplateExistsResult) > 0) {
$templateName = mysql_fetch_array($chkTemplateExistsResult);
require_once "{$sourceFolder}/{$moduleFolder}/faculty/template_edit.php";
$editTemplateForm = templateDesc($template, $templateName[0]);
} else {
displayerror("Selected template doesnot exit.");
}
}
// Get Selected Template for Page Start
$selectedTemplateQuery = "SELECT `templateId` FROM `faculty_module` WHERE `page_modulecomponentid`='{$this->moduleComponentId}'";
$selectedTemplateResult = mysql_query($selectedTemplateQuery) or displayerror("Error in getting Faculty Settings");
$selectedTemplate = mysql_fetch_row($selectedTemplateResult);
// Get Selected Template for Page Finish
$chkDataQuery = "SELECT * FROM `faculty_data` WHERE `faculty_sectionId` IN (SELECT `template_sectionId` FROM `faculty_template` WHERE `template_id`={$selectedTemplate['0']})";
$chkDataResult = mysql_query($chkDataQuery) or displayerror("Error in checking for data");
if (mysql_num_rows($chkDataResult) > 0) {
displaywarning("This page contains some data. If you change the template, all the data will be lost!!!");
}
// Get list of templates start
$options = "";
$templateQuery = "SELECT `template_id`,`template_name` FROM `faculty_template` GROUP BY `template_id`";
$templateResult = mysql_query($templateQuery) or displayerror("Error in selecting Templates");
if (mysql_num_rows($templateResult) > 0) {
while ($templateRow = mysql_fetch_array($templateResult)) {
if ($templateRow[0] == $selectedTemplate[0]) {
$selected = 'selected="selected"';
} else {
$selected = '';
}
$options .= "<option value='{$templateRow['0']}' {$selected} > {$templateRow['1']}</option>";
}
}
// Get list of templates start
$settingFormHtml = <<<PRE
\t\t<fieldset>
\t\t<legend>{$ICONS['Forum Settings']['small']}Faculty Settings</legend>
\t\t<form method="post" name="faculty_settings" action="./+edit">
\t\t\t<table>
\t\t\t\t<tr>
\t\t\t\t\t<td>
\t\t\t\t\t\tFaculty Templates
\t\t\t\t\t</td>
\t\t\t\t\t<td>
\t\t\t\t\t\t<select name="template" style="width:100px;">
\t\t\t\t\t\t\t{$options}
\t\t\t\t\t\t</select>
\t\t\t\t\t</td>
\t\t\t\t</tr>
\t\t\t\t<tr>
\t\t\t\t\t<td>
\t\t\t\t\t\t<input type="submit" name="templateChange" value="Change Template">
\t\t\t\t\t</td>
\t\t\t\t\t<td>
\t\t\t\t\t\t<input type="submit" name="templateEdit" value="Edit Template">
\t\t\t\t\t</td>
\t\t\t\t</tr>
\t\t\t</table>
\t\t</form>
\t\t</fieldset>
PRE;
return $settingFormHtml . $editTemplateForm;
}
/**
* function move*:
* moves section, question etc
*/
function moveItem($itemId, $itemRank, $tableName, $idFieldName, $rankFieldName, $conditions, $direction)
{
$function = $direction == 'up' ? 'DESC' : 'ASC';
$operator = $direction == 'up' ? '<' : '>';
$neighbourQuery = "SELECT `{$idFieldName}`, `{$rankFieldName}` FROM `{$tableName}` WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$rankFieldName}` {$operator} {$itemRank} ORDER BY `{$rankFieldName}` {$function} LIMIT 1";
$neighbourResult = mysql_query($neighbourQuery);
if (!$neighbourResult) {
displayerror('Database Error. Could not fetch information about the given item.');
return false;
}
if (mysql_num_rows($neighbourResult) == 0) {
displaywarning('The item that you tried to move ' . $direction . ' is already at the ' . ($direction == 'up' ? 'top' : 'bottom') . ' of the list.');
return true;
}
$neighbourRow = mysql_fetch_assoc($neighbourResult);
$itemId2 = $neighbourRow[$idFieldName];
$itemRank2 = $neighbourRow[$rankFieldName];
$updateQuery1 = "UPDATE `{$tableName}` SET `{$rankFieldName}` = {$itemRank2} WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$idFieldName}` = '{$itemId}'";
$updateQuery2 = "UPDATE `{$tableName}` SET `{$rankFieldName}` = {$itemRank} WHERE " . $conditions . ($conditions == '' ? '' : ' AND') . " `{$idFieldName}` = '{$itemId2}'";
if (!mysql_query($updateQuery1) || !mysql_query($updateQuery2)) {
displayerror('Database Error. Could not move the specified item.');
return false;
}
return true;
}
function getContent($pageId, $action, $userId, $permission, $recursed = 0)
{
if ($action == "login") {
if ($userId == 0) {
///Commented the requirement of login.lib.php because it is already included in /index.php
//require_once("login.lib.php");
$newUserId = login();
if (is_numeric($newUserId)) {
return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
} else {
return $newUserId;
}
///<The login page
} else {
displayinfo("You are logged in as " . getUserName($userId) . "! Click <a href=\"./+logout\">here</a> to logout.");
}
return getContent($pageId, "view", $userId, getPermissions($userId, $pageId, "view"), $recursed = 0);
}
if ($action == "profile") {
if ($userId != 0) {
require_once "profile.lib.php";
return profile($userId);
} else {
displayinfo("You need to <a href=\"./+login\">login</a> to view your profile.!");
}
}
if ($action == "logout") {
if ($userId != 0) {
$newUserId = resetAuth();
displayinfo("You have been logged out!");
global $openid_enabled;
if ($openid_enabled == 'true') {
displaywarning("If you logged in via Open ID, make sure you also log out from your Open ID service provider's website. Until then your session in this website will remain active !");
}
return getContent($pageId, "view", $newUserId, getPermissions($newUserId, $pageId, "view"), 0);
} else {
displayinfo("You need to <a href=\"./+login\">login</a> first to logout!");
}
}
if ($action == "search") {
require_once "search.lib.php";
$ret = getSearchBox();
if (isset($_POST['query'])) {
$ret .= getSearchResultString($_POST['query']);
} elseif (isset($_GET['query'])) {
$ret .= getSearchResultString($_GET['query']);
}
return $ret;
}
if (isset($_GET['subaction']) && $_GET['subaction'] == 'getchildren') {
if (isset($_GET['parentpath'])) {
global $urlRequestRoot;
require_once 'menu.lib.php';
$pidarr = array();
parseUrlReal(escape($_GET['parentpath']), $pidarr);
$pid = $pidarr[count($pidarr) - 1];
$children = getChildren($pid, $userId);
$response = array();
$response['path'] = escape($_GET['parentpath']);
$response['items'] = array();
foreach ($children as $child) {
$response['items'][] = array($urlRequestRoot . '/home' . escape($_GET['parentpath']) . $child[1], $child[2]);
}
//echo json_encode($response);
exit;
}
}
if ($permission != true) {
if ($userId == 0) {
$suggestion = "(Try <a href=\"./+login\">logging in?</a>)";
} else {
$suggestion = "";
}
displayerror("You do not have the permissions to view this page. {$suggestion}<br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return '';
}
if ($action == "admin") {
require_once "admin.lib.php";
return admin($pageId, $userId);
}
///default actions also to be defined here (and not outside)
/// Coz work to be done after these actions do involve the page
$pagetype_query = "SELECT page_module, page_modulecomponentid FROM " . MYSQL_DATABASE_PREFIX . "pages WHERE page_id='" . escape($pageId) . "'";
$pagetype_result = mysql_query($pagetype_query);
$pagetype_values = mysql_fetch_assoc($pagetype_result);
if (!$pagetype_values) {
displayerror("The requested page does not exist.");
return "";
}
$moduleType = $pagetype_values['page_module'];
$moduleComponentId = $pagetype_values['page_modulecomponentid'];
if ($action == "settings") {
///<done here because we needed to check if the page exists for sure.
require_once "pagesettings.lib.php";
return pagesettings($pageId, $userId);
}
if ($action == "widgets") {
return handleWidgetPageSettings($pageId);
}
if ($recursed == 0) {
$pagetypeupdate_query = "UPDATE " . MYSQL_DATABASE_PREFIX . "pages SET page_lastaccesstime=NOW() WHERE page_id='" . escape($pageId) . "'";
$pagetypeupdate_result = mysql_query($pagetypeupdate_query);
if (!$pagetypeupdate_result) {
return '<div class="cms-error">Error No. 563 - An error has occured. Contact the site administators.</div>';
}
}
if ($moduleType == "link") {
return getContent($moduleComponentId, $action, $userId, true, 1);
}
if ($action == "grant") {
return grantPermissions($userId, $pageId);
}
if ($moduleType == "menu") {
return getContent(getParentPage($pageId), $action, $userId, true, 1);
}
if ($moduleType == "external") {
$query = "SELECT `page_extlink` FROM `" . MYSQL_DATABASE_PREFIX . "external` WHERE `page_modulecomponentid` =\n\t\t\t\t\t(SELECT `page_modulecomponentid` FROM `" . MYSQL_DATABASE_PREFIX . "pages` WHERE `page_id`= '" . escape($pageId) . "')";
$result = mysql_query($query);
$values = mysql_fetch_array($result);
$link = $values[0];
header("Location: {$link}");
}
global $sourceFolder;
global $moduleFolder;
require_once $sourceFolder . "/" . $moduleFolder . "/" . $moduleType . ".lib.php";
$page = new $moduleType();
if (!$page instanceof module) {
displayerror("The module \"{$moduleType}\" does not implement the inteface module</div>");
return "";
}
$createperms_query = " SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action = 'create' AND page_module = '" . $moduleType . "'";
$createperms_result = mysql_query($createperms_query);
if (mysql_num_rows($createperms_result) < 1) {
displayerror("The action \"create\" does not exist in the module \"{$moduleType}\"</div>");
return "";
}
$availableperms_query = "SELECT * FROM " . MYSQL_DATABASE_PREFIX . "permissionlist where perm_action != 'create' AND page_module = '" . $moduleType . "'";
$availableperms_result = mysql_query($availableperms_query);
$permlist = array();
while ($value = mysql_fetch_assoc($availableperms_result)) {
array_push($permlist, $value['perm_action']);
}
array_push($permlist, "view");
$class_methods = get_class_methods($moduleType);
foreach ($permlist as $perm) {
if (!in_array("action" . ucfirst($perm), $class_methods)) {
displayerror("The action \"{$perm}\" does not exist in the module \"{$moduleType}\"</div>");
return "";
}
}
if ($action == "pdf") {
if (isset($_GET['depth'])) {
$depth = $_GET['depth'];
} else {
$depth = 0;
}
if (!is_numeric($depth)) {
$depth = 0;
}
global $TITLE;
global $sourceFolder;
require_once "{$sourceFolder}/modules/pdf/html2fpdf.php";
$pdf = new HTML2FPDF();
$pdf->setModuleComponentId($moduleComponentId);
$pdf->AddPage();
$pdf->WriteHTML($page->getHtml($userId, $moduleComponentId, "view"));
$cp = array();
$j = 0;
if ($depth == -1) {
$cp = child($pageId, $userId, $depth);
if ($cp[0][0]) {
for ($i = 0; $cp[$i][0] != NULL; $i++) {
require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
$page1 = new $cp[$i][2]();
$modCompId = $cp[$i][5];
$pdf->setModuleComponentId($modCompId);
$pdf->AddPage();
$pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
}
}
} else {
if ($depth > 0) {
$cp = child($pageId, $userId, $depth);
--$depth;
while ($depth > 0) {
$count = count($cp);
for ($j; $j < $count; $j++) {
$cp = array_merge((array) $cp, (array) child($cp[$j][0], $userId, $depth));
}
--$depth;
}
if ($cp[0][0]) {
for ($i = 0; isset($cp[$i]); $i++) {
require_once $sourceFolder . "/" . $moduleFolder . "/" . $cp[$i][2] . ".lib.php";
$page1 = new $cp[$i][2]();
$modCompId = $cp[$i][5];
$pdf->setModuleComponentId($modCompId);
$pdf->AddPage();
$pdf->WriteHTML($page1->getHtml($userId, $modCompId, "view"));
}
}
}
}
$filePath = $sourceFolder . "/uploads/temp/" . $TITLE . ".pdf";
while (file_exists($filePath)) {
$filePath = $sourceFolder . "/uploads/temp/" . $TITLE . "-" . rand() . ".pdf";
}
$pdf->Output($filePath);
header("Pragma: public");
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Cache-Control: private", false);
header("Content-Type: application/pdf");
header("Content-Disposition: attachment; filename=\"" . basename($filePath) . "\";");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . filesize($filePath));
@readfile("{$filePath}");
unlink($filePath);
}
return $page->getHtml($userId, $moduleComponentId, $action);
}
/** Undocumented Function.
* Basically performs the whole login routine
* @todo Document it
*/
function login()
{
$allow_login_query = "SELECT `value` FROM `" . MYSQL_DATABASE_PREFIX . "global` WHERE `attribute` = 'allow_login'";
$allow_login_result = mysql_query($allow_login_query);
$allow_login_result = mysql_fetch_array($allow_login_result);
if (isset($_GET['subaction'])) {
if ($_GET['subaction'] == "resetPasswd") {
return resetPasswd($allow_login_result[0]);
}
if ($allow_login_result[0]) {
if ($_GET['subaction'] == "register") {
require_once "registration.lib.php";
return register();
}
}
global $openid_enabled;
if ($openid_enabled == 'true' && $allow_login_result[0]) {
if ($_GET['subaction'] == "openid_login") {
if (isset($_POST['process'])) {
$openid_url = trim($_POST['openid_identifier']);
openid_endpoint($openid_url);
}
}
if ($_GET['subaction'] == "openid_verify") {
if ($_GET['openid_mode'] != "cancel") {
$openid_url = $_GET['openid_identity'];
// Get the user's OpenID Identity as returned to us from the OpenID Provider
$openid = new Dope_OpenID($openid_url);
//Create a new Dope_OpenID object.
$validate_result = $openid->validateWithServer();
//validate to see if everything was recieved properly
if ($validate_result === TRUE) {
$userinfo = $openid->filterUserInfo($_GET);
return openid_login($userinfo);
} else {
if ($openid->isError() === TRUE) {
// Else if you're here, there was some sort of error during processing.
$the_error = $openid->getError();
$error = "Error Code: {$the_error['code']}<br />";
$error .= "Error Description: {$the_error['description']}<br />";
} else {
//Else validation with the server failed for some reason.
$error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
}
}
} else {
displayerror("User cancelled the OpenID authorization");
}
}
if ($_GET['subaction'] == "openid_pass") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_password'])) {
displayerror("Empty Passwords not allowed");
return;
}
$user_passwd = $_POST['user_password'];
$info = getUserInfo($openid_email);
if (!$info) {
displayerror("No user with Email {$openid_email}");
} else {
$check = checkLogin($info['user_loginmethod'], $info['user_name'], $openid_email, $user_passwd);
if ($check) {
//Password was correct. Link the account
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $info['user_id'] . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=openid_pass while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully Linked. Log In one more time to continue.");
}
} else {
displayerror("The password you specified was incorrect");
}
}
}
}
if ($_GET['subaction'] == "quick_openid_reg") {
if (!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email'])) {
displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
return;
} else {
$openid_url = $_SESSION['openid_url'];
$openid_email = $_SESSION['openid_email'];
unset($_SESSION['openid_url']);
unset($_SESSION['openid_email']);
if (!isset($_POST['user_name']) || $_POST['user_name'] == "") {
displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
return;
}
$openid_fname = escape($_POST['user_name']);
//Now let's start making the dummy user
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) " . "VALUES ('" . $openid_email . "', '" . $openid_email . "','" . $openid_fname . "','0',1,'openid');";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to insert information of new account");
if ($result) {
$id = mysql_insert_id();
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "openid_users` (`openid_url`,`user_id`) VALUES ('{$openid_url}'," . $id . ")";
$result = mysql_query($query) or die(mysql_error() . " in login() subaction=quick_openid_reg while trying to Link OpenID account");
if ($result) {
displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
}
}
return "";
}
}
}
}
if (!isset($_POST['user_email'])) {
return loginForm($allow_login_result[0]);
} else {
/*if it is,
then userLDAPVerify($user_email,$user_passwd);
if the password is correct, update his password in DB
else $dontloginLDAP = true;
}
else {
if(userLDAPVerify($user_email,$user_passwd)) {
create his row in DB with loginmethod = ldap and user_activated = 1
(for this, use the createUser funciton in common.lib.php)
}
}*/
global $cookieSupported;
$login_status = false;
if ($cookieSupported == true) {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
return loginForm($allow_login_result[0]);
} else {
$user_email = escape($_POST['user_email']);
$user_passwd = escape($_POST['user_password']);
$login_method = '';
if (!check_email($user_email)) {
displayerror("Your E-Mail Provider has been blackilisted. Please contact the website administrator");
return loginForm($allow_login_result[0]);
}
if ($temp = getUserInfo($user_email)) {
// check if exists in DB
$login_status = checkLogin($temp['user_loginmethod'], $temp['user_name'], $user_email, $user_passwd);
// This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
if ($login_status) {
updateUserPassword($user_email, $user_passwd);
}
//update passwd in db
} else {
//if user is not in db
global $authmethods;
if (strpos($user_email, '@') > -1) {
$tmp = explode('@', $user_email);
$user_name = $tmp[0];
$user_domain = strtolower($tmp[1]);
} else {
$user_name = $user_email;
}
if (isset($user_domain) && $user_domain == $authmethods['imap']['user_domain']) {
if ($login_status = checkLogin('imap', $user_name, $user_email, $user_passwd)) {
$login_method = 'imap';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ads']['user_domain']) {
if ($login_status = checkLogin('ads', $user_name, $user_email, $user_passwd)) {
$login_method = 'ads';
}
} elseif (isset($user_domain) && $user_domain == $authmethods['ldap']['user_domain']) {
if ($login_status = checkLogin('ldap', $user_name, $user_email, $user_passwd)) {
$login_method = 'ldap';
}
}
if ($login_status) {
//create new user in db and activate the user (only if user's login is valid)
$user_fullname = strtoupper($user_name);
$user_md5passwd = md5($user_passwd);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " . "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
mysql_query($query) or die(mysql_error() . " creating new user !");
} else {
displaywarning("Incorrect username and/or password for <b>" . (isset($user_domain) ? $user_domain . "</b> domain!" : $user_name . "</b> user"));
}
}
if ($login_status) {
$temp = getUserInfo($user_email);
if (!$temp['user_activated']) {
displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
// if user exists in db and admin has set user_activated = false delibrately
// then it means that the user has been denied access !!!
} else {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` ='{$temp['user_id']}'";
mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
$_SESSION['last_to_last_login_datetime'] = $temp['user_lastlogin'];
setAuth($temp['user_id']);
//exit();
//displayinfo("Welcome " . $temp['user_name'] . "!");
return $temp['user_id'];
}
} else {
displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
return loginForm($allow_login_result[0]);
}
}
return 0;
} else {
showCookieWarning();
return 0;
}
}
}
function handleUserMgmt()
{
global $urlRequestRoot, $cmsFolder, $moduleFolder, $templateFolder, $sourceFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/viewregistrants.php";
if (isset($_GET['userid'])) {
$_GET['userid'] = escape($_GET['userid']);
}
if (isset($_POST['editusertype'])) {
$_POST['editusertype'] = escape($_POST['editusertype']);
}
if (isset($_POST['user_selected_activate'])) {
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='" . substr($key, 9) . "'")) {
$result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
if ($result) {
$row = mysql_fetch_assoc($result);
displayerror("Couldn't activate user, {$row['user_fullname']}");
}
}
}
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_selected_deactivate'])) {
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if ((int) substr($key, 9) == ADMIN_USERID) {
displayerror("You cannot deactivate administrator!");
continue;
}
if (!mysql_query("UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='" . substr($key, 9) . "'")) {
$result = mysql_query("SELECT `user_fullname` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='" . substr($key, 9) . "'");
if ($result) {
$row = mysql_fetch_assoc($result);
displayerror("Couldn't deactivate user, {$row['user_fullname']}");
}
}
}
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_selected_delete'])) {
$done = true;
foreach ($_POST as $key => $var) {
if (substr($key, 0, 9) == "selected_") {
if ((int) substr($key, 9) == ADMIN_USERID) {
displayerror("You cannot delete administrator!");
continue;
}
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . substr($key, 9) . "'";
if (mysql_query($query)) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '" . substr($key, 9) . "'";
if (!mysql_query($query)) {
$done = false;
}
} else {
$done = false;
}
}
}
if (!$done) {
displayerror("Some problem in deleting selected users");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
}
if (isset($_POST['user_activate'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1 WHERE user_id='{$_GET['userid']}'";
if (mysql_query($query)) {
displayInfo("User Successfully Activated!");
} else {
displayerror("User Not Activated!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['activate_all_users'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=1";
if (mysql_query($query)) {
displayInfo("All users activated successfully!");
} else {
displayerror("Users Not Deactivated!");
}
return;
} else {
if (isset($_POST['user_deactivate'])) {
if ($_GET['userid'] == ADMIN_USERID) {
displayError("You cannot deactivate administrator!");
return registeredUsersList($_POST['editusertype'], "edit", false);
}
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id='{$_GET['userid']}'";
if (mysql_query($query)) {
displayInfo("User Successfully Deactivated!");
} else {
displayerror("User Not Deactivated!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['deactivate_all_users'])) {
$query = "UPDATE " . MYSQL_DATABASE_PREFIX . "users SET user_activated=0 WHERE user_id != " . ADMIN_USERID;
if (mysql_query($query)) {
displayInfo("All users deactivated successfully except Administrator!");
} else {
displayerror("Users Not Deactivated!");
}
return;
} else {
if (isset($_POST['user_delete'])) {
$userId = $_GET['userid'];
if ($userId == ADMIN_USERID) {
displayError("You cannot delete administrator!");
return registeredUsersList($_POST['editusertype'], "edit", false);
}
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '{$userId}'";
if (mysql_query($query)) {
$query = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `user_id` = '{$userId}'";
if (mysql_query($query)) {
displayinfo("User Successfully Deleted!");
} else {
displayerror("User not deleted from OpenID database!");
}
} else {
displayerror("User Not Deleted!");
}
return registeredUsersList($_POST['editusertype'], "edit", false);
} else {
if (isset($_POST['user_info']) || isset($_POST['user_info_update'])) {
if (isset($_POST['user_info_update'])) {
$updates = array();
$userId = $_GET['userid'];
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$userId}'";
$row = mysql_fetch_assoc(mysql_query($query));
$errors = false;
if (isset($_POST['user_name']) && $row['user_name'] != $_POST['user_name']) {
$chkquery = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_name`='" . escape($_POST['user_name']) . "'";
$result = mysql_query($chkquery) or die("failed : {$chkquery}");
if (mysql_num_rows($result) > 0) {
displayerror("User Name already exists in database!");
$errors = true;
}
}
if (isset($_POST['user_name']) && $_POST['user_name'] != '' && $_POST['user_name'] != $row['user_name']) {
$updates[] = "`user_name` = '" . escape($_POST['user_name']) . "'";
}
if (isset($_POST['user_email']) && $_POST['user_email'] != '' && $_POST['user_email'] != $row['user_email']) {
$updates[] = "`user_email` = '" . escape($_POST['user_email']) . "'";
}
if (isset($_POST['user_fullname']) && $_POST['user_fullname'] != '' && $_POST['user_fullname'] != $row['user_fullname']) {
$updates[] = "`user_fullname` = '" . escape($_POST['user_fullname']) . "'";
}
if ($_POST['user_password'] != '') {
if ($_POST['user_password'] != $_POST['user_password2']) {
displayerror('Error! The New Password you entered does not match the password you typed in the Confirmation Box.');
$errors = true;
} else {
if (md5($_POST['user_password']) != $row['user_password']) {
$updates[] = "`user_password` = MD5('{$_POST['user_password']}')";
}
}
}
if (isset($_POST['user_regdate']) && $_POST['user_regdate'] != '' && $_POST['user_regdate'] != $row['user_regdate']) {
$updates[] = "`user_regdate` = '" . escape($_POST['user_regdate']) . "'";
}
if (isset($_POST['user_lastlogin']) && $_POST['user_lastlogin'] != '' && $_POST['user_lastlogin'] != $row['user_lastlogin']) {
$updates[] = "`user_lastlogin` = '" . escape($_POST['user_lastlogin']) . "'";
}
if ($_GET['userid'] != ADMIN_USERID && (isset($_POST['user_activated']) ? 1 : 0) != $row['user_activated']) {
$checked = isset($_POST['user_activated']) ? 1 : 0;
$updates[] = "`user_activated` = {$checked}";
}
if (isset($_POST['user_loginmethod']) && $_POST['user_loginmethod'] != '' && $_POST['user_loginmethod'] != $row['user_loginmethod']) {
$updates[] = "`user_loginmethod` = '" . escape($_POST['user_loginmethod']) . "'";
if ($_POST['user_loginmethod'] != 'db') {
displaywarning("Please make sure " . strtoupper(escape($_POST['user_loginmethod'])) . " is configured properly, otherwise the user will not be able to login to the website.");
}
}
if (!$errors) {
if (count($updates) > 0) {
$profileQuery = 'UPDATE `' . MYSQL_DATABASE_PREFIX . 'users` SET ' . join($updates, ', ') . " WHERE `user_id` = " . escape($_GET['userid']) . "'";
$profileResult = mysql_query($profileQuery);
if (!$profileResult) {
displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
$errors = true;
}
}
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
if (!$errors && !submitRegistrationForm(0, $userId, true, true)) {
displayerror('An error was encountered while attempting to process your request.' . $profileQuery);
$errors = true;
} else {
displayinfo('All fields updated successfully!');
}
}
}
$userid = $_GET['userid'];
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`={$userid}";
$columnList = getColumnList(0, false, false, false, false, false);
$xcolumnIds = array_keys($columnList);
$xcolumnNames = array_values($columnList);
$row = mysql_fetch_assoc(mysql_query($query));
$userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$userinfo = "<fieldset><legend>Edit User Information</legend><form name='user_info_edit' action='./+admin&subaction=useradmin&userid={$userid}' method='post'>";
$usertablefields = array_merge(getTableFieldsName('users'), $xcolumnNames);
for ($i = 0; $i < count($usertablefields); $i++) {
if (isset($_POST[$usertablefields[$i] . '_sel'])) {
$userinfo .= "<input type='hidden' name='{$usertablefields[$i]}_sel' value='checked'/>";
}
}
$userinfo .= "<input type='hidden' name='not_first_time' />";
$userinfo .= userProfileForm($userfieldprettynames, $row, false, true);
$userinfo .= "<input type='submit' value='Update' name='user_info_update' />\n\t\t<input type='reset' value='Reset' /></form></fieldset>";
return $userinfo;
} else {
if (isset($_POST['view_reg_users']) || isset($_POST['save_reg_users_excel'])) {
return registeredUsersList("all", "view", false);
} else {
if (isset($_POST['edit_reg_users'])) {
return registeredUsersList("all", "edit", false);
} else {
if (isset($_POST['view_activated_users']) || isset($_POST['save_activated_users_excel'])) {
return registeredUsersList("activated", "view", false);
} else {
if (isset($_POST['edit_activated_users'])) {
return registeredUsersList("activated", "edit", false);
} else {
if (isset($_POST['view_nonactivated_users']) || isset($_POST['save_nonactivated_users_excel'])) {
return registeredUsersList("nonactivated", "view", false);
} else {
if (isset($_POST['edit_nonactivated_users'])) {
return registeredUsersList("nonactivated", "edit", false);
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'search') {
$results = "";
$userfieldprettynames = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$usertablefields = getTableFieldsName('users');
$first = true;
$qstring = "";
foreach ($usertablefields as $field) {
if (isset($_POST[$field]) && $_POST[$field] != '') {
if ($first == false) {
$qstring .= $_POST['user_search_op'] == 'and' ? " AND " : " OR ";
}
$val = escape($_POST[$field]);
if ($field == 'user_activated') {
${$field . '_lastval'} = $val = isset($_POST[$field]) ? 1 : 0;
} else {
${$field . '_lastval'} = $val;
}
$qstring .= "`{$field}` LIKE CONVERT( _utf8 '%{$val}%'USING latin1 ) ";
$first = false;
}
}
if ($qstring != "") {
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE {$qstring} ";
$resultSearch = mysql_query($query);
if (mysql_num_rows($resultSearch) > 0) {
$num = mysql_num_rows($resultSearch);
$userInfo = array();
while ($row = mysql_fetch_assoc($resultSearch)) {
$userInfo['user_id'][] = $row['user_id'];
$userInfo['user_name'][] = $row['user_name'];
$userInfo['user_email'][] = $row['user_email'];
$userInfo['user_fullname'][] = $row['user_fullname'];
$userInfo['user_password'][] = $row['user_password'];
$userInfo['user_lastlogin'][] = $row['user_lastlogin'];
$userInfo['user_regdate'][] = $row['user_regdate'];
$userInfo['user_activated'][] = $row['user_activated'];
$userInfo['user_loginmethod'][] = $row['user_loginmethod'];
}
$results = registeredUsersList("all", "edit", false, $userInfo);
} else {
displayerror("No users matched your query!");
}
}
$searchForm = "<form name='user_search_form' action='./+admin&subaction=useradmin&subsubaction=search' method='POST'><h3>Search User</h3>";
$xcolumnNames = array_keys(getColumnList(0, false, false, false, false, false));
$usertablefields2 = array_merge($usertablefields, $xcolumnNames);
for ($i = 0; $i < count($usertablefields2); $i++) {
if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
$searchForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
}
}
$searchForm .= "<input type='hidden' name='not_first_time' />";
$infoarray = array();
foreach ($usertablefields as $field) {
if (isset(${$field . '_lastval'})) {
$infoarray[$field] = ${$field . '_lastval'};
} else {
$infoarray[$field] = "";
}
}
$searchForm .= userProfileForm($userfieldprettynames, $infoarray, true, false);
$searchForm .= "Operation : <input type='radio' name='user_search_op' value='and' />AND <input type='radio' name='user_search_op' value='or' checked='true' />OR<br/><br/><input type='submit' onclick name='user_search_submit' value='Search' /><input type='reset' value='Clear' /></form>";
return $results . $searchForm;
} else {
if (isset($_GET['subsubaction']) && $_GET['subsubaction'] == 'create') {
$userfieldprettynamesarray = array("User ID", "Username", "Email", "Full Name", "Password", "Registration", "Last Login", "Activated", "Login Method");
$usertablefields = getTableFieldsName('users');
if (isset($_POST['create_user_submit'])) {
$incomplete = false;
foreach ($usertablefields as $field) {
if ($field != 'user_regdate' && $field != 'user_lastlogin' && $field != 'user_activated' && (isset($_POST[$field]) && $_POST[$field] == "")) {
displayerror("New user could not be created. Some fields are missing!{$field}");
$incomplete = true;
break;
}
${$field} = escape($_POST[$field]);
}
if (!$incomplete) {
$user_id = $_GET['userid'];
$chkquery = "SELECT COUNT(user_id) FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id`='{$user_id}' OR `user_name`='{$user_name}' OR `user_email`='{$user_email}'";
$result = mysql_query($chkquery);
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
displayerror("Another user with the same name or email already exists!");
} else {
if ($user_password != $_POST['user_password2']) {
displayerror("Passwords mismatch!");
} else {
if (isset($_POST['user_activated'])) {
$user_activated = 1;
}
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` (`user_id` ,`user_name` ,`user_email` ,`user_fullname` ,`user_password` ,`user_regdate` ,`user_lastlogin` ,`user_activated`,`user_loginmethod`)VALUES ('{$user_id}' ,'{$user_name}' ,'{$user_email}' ,'{$user_fullname}' , MD5('{$user_password}') ,CURRENT_TIMESTAMP , '', '{$user_activated}','{$user_loginmethod}')";
$result = mysql_query($query) or die(mysql_error());
global $sourceFolder, $moduleFolder;
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
require_once "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
if (mysql_affected_rows() && submitRegistrationForm(0, $user_id, true, true)) {
displayinfo("User {$user_fullname} Successfully Created!");
} else {
displayerror("Failed to create user");
}
}
}
}
}
$nextUserId = getNextUserId();
$userForm = "<form name='user_create_form' action='./+admin&subaction=useradmin&subsubaction=create&userid={$nextUserId}' method='POST'><h3>Create New User</h3>";
$xcolumnNames = array_values(getColumnList(0, false, false, false, false, false));
$usertablefields2 = array_merge($usertablefields, $xcolumnNames);
$calpath = "{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}";
$userForm .= '<link rel="stylesheet" type="text/css" media="all" href="' . $calpath . '/form/calendar/calendar.css" title="Aqua" />' . '<script type="text/javascript" src="' . $calpath . '/form/calendar/calendar.js"></script>';
for ($i = 0; $i < count($usertablefields2); $i++) {
if (isset($_POST[$usertablefields2[$i] . '_sel'])) {
$userForm .= "<input type='hidden' name='{$usertablefields2[$i]}_sel' value='checked'/>";
}
}
$userForm .= "<input type='hidden' name='not_first_time' />";
$infoarray = array();
foreach ($usertablefields as $field) {
$infoarray[$field] = "";
}
$infoarray['user_id'] = $nextUserId;
$userForm .= userProfileForm($userfieldprettynamesarray, $infoarray, false, true);
$userForm .= "<input type='submit' onclick name='create_user_submit' value='Create' /><input type='reset' value='Clear' /></form>";
return $userForm;
}
}
}
}
}
}
}
}
}
}
}
}
}
}
}
function downloadAsZipFile($mcid, $evtId = 0)
{
global $sourceFolder, $uploadFolder;
$uploadDir = $sourceFolder . "/" . $uploadFolder;
if (!createFolder($uploadDir)) {
return false;
}
$uploadDir .= "/qaos1";
if (!createFolder($uploadDir)) {
return false;
}
$uploadDir .= "/tmp/";
if (!createFolder($uploadDir)) {
return false;
}
$date = date_create();
$timeStamp = date_timestamp_get($date);
$uploadDir .= "events_" . $timeStamp . ".zip";
$zip = new ZipArchive();
if ($zip->open($uploadDir, ZipArchive::OVERWRITE) !== TRUE) {
displaywarning("zip file not created");
return false;
}
$getFileData = "SELECT events.* , uploads.upload_fileid FROM `qaos1_bills` AS events , " . MYSQL_DATABASE_PREFIX . "uploads AS uploads ";
$getFileData .= " WHERE events.qaos1_imgname = uploads.upload_filename AND events.page_modulecomponentid = {$mcid} AND";
$getFileData .= " uploads.page_modulecomponentid = {$mcid} AND uploads.page_module = 'qaos1' ";
$getFileData .= $evtId != 0 ? "AND events.qaos1_eventid= {$evtId}" : "";
$getFileData .= " ORDER BY events.qaos1_eventid ";
// displayinfo($getFileData);
$getFileDataRes = mysql_query($getFileData) or displayerror(mysql_error());
if ($getFileDataRes == "") {
return false;
}
$billNo = array();
while ($result = mysql_fetch_assoc($getFileDataRes)) {
$upload_fileid = $result['upload_fileid'];
$fileName = $result['qaos1_imgname'];
$filename = str_repeat("0", 10 - strlen((string) $upload_fileid)) . $upload_fileid . "_" . $fileName;
$file = $sourceFolder . "/" . $uploadFolder . "/qaos1/" . $filename;
if (!file_exists($file)) {
displaywarning("Biil No - #" . $result['bill_no'] . "does not exist");
continue;
}
$evtName = getEventNameFromId($result['qaos1_eventid'], $mcid);
if (!isset($billNo[$evtName])) {
$billNo[$evtName] = 1;
}
$newFileName = "Pragyan13_" . $result['qaos1_cluster'] . "_" . $evtName . "_bill" . $billNo[$evtName]++;
//."_".$fileName;
// $newFileName=$evtName."_bill".$result['bill_no']."_".$fileName;
$tmpFolder = $evtName;
//getEventNameFromId($result['qaos1_eventid'],$mcid);
if (!$zip->addEmptyDir($tmpFolder)) {
displaywarning("Biil No - #" . $result['bill_no'] . "not copied");
}
$zip->addFile($file, $tmpFolder . "/" . $newFileName);
}
$zip->close();
header('Content-Type: application/zip');
header('Content-disposition: attachment; filename=events.zip');
header('Content-Length: ' . filesize($uploadDir));
readfile($uploadDir);
unlink($uploadDir);
exit(0);
}
function finalizeInstallation($uploadId, $type)
{
global $sourceFolder, $widgetFolder, $templateFolder;
$result = mysql_fetch_assoc(mysql_query("SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'"));
if ($result != NULL) {
$zipFile = $result['filePath'];
$temp = explode(";", $result['info']);
$extractedPath = $temp[0];
$moduleActualPath = $temp[1];
$moduleName = $temp[2];
}
// die("Zipfile: {$zipFile}<br />extratedPath: {$extractedPath}<br />moduleActualPath: {$moduleActualPath}<br />moduleName: {$moduleName}");
$issues = "";
$function = "checkFor{$type}Issues";
$ret = $function($moduleActualPath, $moduleName, $issues);
if ($ret[0] == 1) {
displayerror("Your {$type} is still not compatible with Pragyan CMS. Please fix the reported issues during installation.");
delDir($extractedPath);
unlink($zipFile);
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
return "";
}
if ($type == "Module") {
$colName = "module_name";
$tableName = "modules";
} else {
if ($type == "Widget") {
$colName = "widget_foldername";
$tableName = "widgetsinfo";
} else {
if ($type == "Template") {
$colName = "template_name";
$tableName = "templates";
}
}
}
if (mysql_fetch_array(mysql_query("SELECT `{$colName}` FROM `" . MYSQL_DATABASE_PREFIX . "{$tableName}` WHERE `{$colName}` = '{$moduleName}'"))) {
displayerror("{$type} Installation failed : {$type} already exist");
delDir($extractedPath);
unlink($zipFile);
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
return "";
}
if ($type == "Module") {
installModuleFiles($moduleActualPath, $sourceFolder . "/modules/", $moduleName);
} else {
if ($type == "Widget") {
$destination = "{$sourceFolder}/{$widgetFolder}/{$moduleName}/";
if (!file_exists($destination)) {
mkdir($destination);
}
rename($moduleActualPath, $destination);
} else {
if ($type == "Template") {
$destination = "{$sourceFolder}/{$templateFolder}/{$moduleName}/";
if (!file_exists($destination)) {
mkdir($destination);
}
rename($moduleActualPath, $destination);
}
}
}
$notice = "";
if ($type == "Module") {
$handle = @fopen($moduleActualPath . "/moduleQueries.sql", "r");
$query = "";
if ($handle) {
while (!feof($handle)) {
$buffer = fgets($handle, 4096);
if (strpos($buffer, "--") !== 0) {
$query .= $buffer;
}
}
fclose($handle);
}
$query = str_replace("pragyanV3_", MYSQL_DATABASE_PREFIX, $query);
$singlequeries = explode(";\n", $query);
foreach ($singlequeries as $singlequery) {
if (trim($singlequery) != "") {
$result1 = mysql_query($singlequery);
if (!$result1) {
displayerror("<h3>Error:</h3><pre>" . $singlequery . "</pre>\n<br/>Unable to execute query. " . mysql_error());
}
}
}
mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "modules`(`module_name`,`module_tables`) VALUES('{$moduleName}','" . escape(file_get_contents($moduleActualPath . "moduleTables.txt")) . "')") or displayerror(mysql_error());
$notice = "";
if (file_exists($moduleActualPath . "moduleNotice.txt")) {
$notice = ", New module samoduleTablesys:<br>" . file_get_contents($moduleActualPath . "moduleNotice.txt");
}
} else {
if ($type == "Widget") {
$content = explode("|", file_get_contents($destination . "widget.info"));
$widgetName = '';
$widgetClassName = '';
$widgetDescription = '';
$widgetVersion = '';
$widgetAuthor = '';
$widgetFolder = $moduleName;
if (count($content) == 5) {
$widgetName = escape($content[0]);
$widgetClassName = escape($content[1]);
$widgetDescription = escape($content[2]);
$widgetVersion = escape($content[3]);
$widgetAuthor = escape($content[4]);
} else {
displaywarning("Widget information could not be read properly");
}
mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "widgetsinfo`(`widget_name`,`widget_classname`,`widget_description`,`widget_version`,`widget_author`,`widget_foldername`) VALUES ('{$widgetName}','{$widgetClassName}','{$widgetDescription}','{$widgetVersion}','{$widgetAuthor}','{$widgetFolder}')");
if (!mysql_affected_rows()) {
displayerror("Installation error, try again later");
delDir($sourceFolder . "/widgets/" . $moduleName);
}
} else {
if ($type == "Template") {
mysql_query("INSERT INTO `" . MYSQL_DATABASE_PREFIX . "templates`(`template_name`) VALUES('{$moduleName}')");
if (!mysql_affected_rows()) {
displayerrro("Problem including uploaded template to database, try <a href='./+admin&subaction=reloadtemplates'>reload templates</a>");
}
}
}
}
delDir($extractedPath);
unlink($zipFile);
mysql_query("DELETE FROM `" . MYSQL_DATABASE_PREFIX . "tempuploads` WHERE `id` = '{$uploadId}'") or displayerror(mysql_error());
displayinfo("{$type} installation complete" . $notice);
return "";
}
function blockRoomNo($roomId, $mcid)
{
$roomId = escape($roomId);
$blockRoomQuery = "SELECT `hospi_blocked` FROM `prhospi_hostel` WHERE `hospi_blocked`=0 AND `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}";
$blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error());
if (!mysql_num_rows($blockRoomQueryRes)) {
displayerror("Room Does Not exist");
return;
}
$res = mysql_fetch_assoc($blockRoomQueryRes);
if ($res['hospi_blocked'] != 0) {
displaywarning("Room Blocked Already");
return;
}
$blockRoomQuery = "UPDATE `prhospi_hostel` SET `hospi_blocked`=1 WHERE `page_modulecomponentid`={$mcid} AND `hospi_room_id`={$roomId}";
$blockRoomQueryRes = mysql_query($blockRoomQuery) or displayerror(mysql_error());
if ($blockRoomQueryRes) {
displayinfo("Room Blocked ");
} else {
displayinfo("There is a Error.Please contact System Administrator for Details");
}
return;
}
/**
* Uploads the file
* @param $moduleComponentId page_modulecomponentid
* @param $moduleName The module which is calling this function
* @param $uploadFormName The name of the variable used in forms to upload the file
* @param $userId The user uploading the file
* @return $uploadedFiles An array of the names of the files uploaded. The file name is mysql_escaped and then uploaded
*
*
* TODO : when called by a module check if it exists in enum field in DB if not give error.
*/
function upload($moduleComponentId, $moduleName, $userId, $uploadFormName, $maxFileSizeInBytes = false, $uploadableFileTypesArray = false)
{
if ($maxFileSizeInBytes === false) {
$maxFileSizeInBytes = 2 * 1024 * 1024;
}
global $sourceFolder;
global $uploadFolder;
$uploadDir = $sourceFolder . "/" . $uploadFolder;
$defaultUploadableFileTypes = '/\\.(css|xlsx|gif|png|jpe?g|js|html|xml|pdf|doc|docx|ods|odt|oft|pps|ppt|pptx|avi|txt|std|stc|sti|stw|svgz?|sxc|sx.|tex|tiff|txt|chm|mp3|mp2|wave?|ogg|mpe?g|wmv|wma|wmf|rm|avi|gzip|gz|rar|bmp|psd|bz2|tar|zip|swf|fla|flv|eps|ico|xcf|m3u|lit|bcf|xls|mov|xlr|exe|7?z)$/i';
if ($uploadableFileTypesArray === false) {
$uploadFileTypesRegexp = $defaultUploadableFileTypes;
} else {
if (gettype($uploadableFileTypesArray) != "array" || count($uploadableFileTypesArray) == 0) {
displayerror("Error in the uploadable types given.");
return false;
}
$uploadFileTypesRegexp = '/\\.(' . join($uploadableFileTypesArray, "|") . ')$/i';
}
/// Checking if the upload folder exists and creating it if doesn't exist
if (!file_exists($uploadDir)) {
displaywarning("The folder {$uploadDir} does not exist. Trying to creating it.");
mkdir($uploadDir, 0755);
if (!file_exists($uploadDir)) {
displayerror("Creation of directory failed");
return false;
} else {
displayinfo("Created {$uploadDir}.");
}
}
/// Checking for existing directory named as the module and creating it if doesn't exist
if (!file_exists($uploadDir . '/' . $moduleName)) {
displaywarning("The folder " . $uploadDir . '/' . $moduleName . " does not exist. Trying to create it");
mkdir($uploadDir . '/' . $moduleName, 0755);
if (!file_exists($uploadDir . '/' . $moduleName)) {
displayerror("Creation of directory failed");
return false;
} else {
displayinfo("Created " . $uploadDir . '/' . $moduleName);
}
}
$uploadedFiles = array();
//displayinfo( "$uploadDir/$moduleName is " . (is_writable($uploadDir."/".$moduleName) ? "" : "not ") . " now writable<br>");
if (isset($_FILES[$uploadFormName])) {
if (is_array($_FILES[$uploadFormName]['error'])) {
foreach ($_FILES[$uploadFormName]['error'] as $key => $error) {
if ($error == UPLOAD_ERR_OK) {
$tmp_name = $_FILES[$uploadFormName]['tmp_name'][$key];
$upload_filename = $_FILES[$uploadFormName]['name'][$key];
$upload_filetype = $_FILES[$uploadFormName]['type'][$key];
if (preg_match($uploadFileTypesRegexp, $upload_filename, $matches) == 0) {
displayerror("Error while uploading file {$upload_filename}. Upload of files of this type not allowed.");
continue;
}
if ($_FILES[$uploadFormName]['size'][$key] > $maxFileSizeInBytes) {
displayerror("Error while uploading file {$upload_filename}. Max file size of {$maxFileSizeInBytes} bytes exceeded.");
continue;
}
$uploadedFilename = saveUploadedFile($moduleComponentId, $moduleName, $userId, $upload_filename, $tmp_name, $upload_filetype, $uploadDir);
if ($uploadedFilename) {
$uploadedFiles[] = $uploadedFilename;
}
} else {
if ($error == UPLOAD_ERR_NO_FILE) {
continue;
}
displayerror("Unable to upload file. " . getFileUploadError($error));
}
}
} else {
$uploadTrue = true;
$upload_filename = $_FILES[$uploadFormName]['name'];
/// Checking if the uploaded file is of the permssible file types.
if (preg_match($uploadFileTypesRegexp, $upload_filename, $matches) == 0) {
displayerror("Error while uploading file {$upload_filename}. Upload of files of this type not allowed.");
$uploadTrue = false;
}
/// Checking if the uploaded file is below the maximum upload size.
if ($uploadTrue && $_FILES[$uploadFormName]['size'] > $maxFileSizeInBytes) {
displayerror("Error while uploading file {$upload_filename}. Max file size of {$maxFileSizeInBytes} bytes exceeded.");
$uploadTrue = false;
}
if ($uploadTrue) {
$uploadedFilename = saveUploadedFile($moduleComponentId, $moduleName, $userId, $_FILES[$uploadFormName]['name'], $_FILES[$uploadFormName]['tmp_name'], $_FILES[$uploadFormName]['type'], $uploadDir);
}
if ($uploadedFilename) {
$uploadedFiles[] = $uploadedFilename;
}
}
} else {
echo "Sorry, there was a problem uploading your file. UPLOAD L:123 {$uploadFormName}";
}
return $uploadedFiles;
}
/** Unegister a user in form_regdata table and remove his data from elementdata table*/
function unregisterUser($moduleCompId, $userId, $silentOnSuccess = false)
{
if (verifyUserRegistered($moduleCompId, $userId)) {
$unregisteruser_query = "DELETE FROM `form_regdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}'";
$unregisteruser_result = mysql_query($unregisteruser_query);
/// Remove any files uploaded by the user
$fileFieldQuery = 'SELECT `form_elementdata` FROM `form_elementdata`, `form_elementdesc` WHERE ' . "`form_elementdata`.`page_modulecomponentid` = '{$moduleCompId}' AND `form_elementtype` = 'file' AND " . "`form_elementdata`.`user_id` = '{$userId}' AND `form_elementdesc`.`page_modulecomponentid` = `form_elementdata`.`page_modulecomponentid` AND " . "`form_elementdata`.`form_elementid` = `form_elementdesc`.`form_elementid`";
$fileFieldResult = mysql_query($fileFieldQuery);
global $sourceFolder;
require_once "{$sourceFolder}/upload.lib.php";
while ($fileFieldRow = mysql_fetch_row($fileFieldResult)) {
deleteFile($moduleCompId, 'form', $fileFieldRow[0]);
}
$deleteelementdata_query = "DELETE FROM `form_elementdata` WHERE `user_id` = '{$userId}' AND `page_modulecomponentid` = '{$moduleCompId}' ";
$deleteelementdata_result = mysql_query($deleteelementdata_query);
if ($deleteelementdata_result) {
global $sourceFolder;
require_once $sourceFolder . "/group.lib.php";
$groupId = getGroupIdFromFormId($moduleCompId);
if ($groupId != false) {
if (removeUserFromGroupId($groupId, $userId)) {
if (!$silentOnSuccess) {
displayinfo("User successfully unregistered");
}
return true;
} else {
displayerror("Unable to unregister user from group.");
return false;
}
} else {
if (!$silentOnSuccess) {
displayinfo("User successfully unregistered");
}
return true;
}
} else {
displayerror("Error in unregistering user.");
return false;
}
} else {
displaywarning("User not registered!");
return false;
}
}
function updateGlobalSettings()
{
$global = array();
$global['allow_pagespecific_header'] = isset($_POST['allow_page_header']) ? 1 : 0;
$global['allow_pagespecific_template'] = isset($_POST['allow_page_template']) ? 1 : 0;
$global['default_user_activate'] = isset($_POST['activate_useronreg']) ? 1 : 0;
$global['default_mail_verify'] = isset($_POST['send_mail_on_reg']) ? 1 : 0;
$global['breadcrumb_submenu'] = isset($_POST['breadcrumb_submenu']) ? 1 : 0;
$global['allow_login'] = isset($_POST['allow_login']) ? 1 : 0;
$global['deadline_notify'] = $_POST['deadline_notify'];
$global['cms_title'] = escape($_POST['cms_title']);
$global['default_template'] = escape($_POST['default_template']);
$global['cms_email'] = escape($_POST['cms_email']);
$global['upload_limit'] = escape($_POST['upload_limit']);
$global['reindex_frequency'] = escape($_POST['reindex_frequency']);
$global['cms_desc'] = escape($_POST['cms_desc']);
$global['cms_keywords'] = escape($_POST['cms_keywords']);
$global['cms_footer'] = escape($_POST['cms_footer']);
$global['blacklist_domain'] = escape($_POST['blacklist_domain']);
$global['blacklist_ip'] = escape($_POST['blacklist_ip']);
$global['censor_words'] = safe_html($_POST['censor_words']);
$blacklist_domain = safe_html($_POST['blacklist_domain']);
$blacklist_ip = safe_html($_POST['blacklist_ip']);
if (!($blacklist_domain == "" && $blacklist_ip == "")) {
setblacklist($blacklist_domain, $blacklist_ip);
}
if (isset($_POST['openid_enabled']) && escape($_POST['openid_enabled'] == 'true')) {
if (iscurlinstalled()) {
//check if curl is enabled
$global['openid_enabled'] = 'true';
} else {
global $curl_message;
displaywarning($curl_message);
//dispaly warnning that curl is not enabled
$global['openid_enabled'] = 'false';
//disable openid
}
} else {
//if user submitted false
$global['openid_enabled'] = 'false';
}
//disable openid
if (isset($_POST['recaptcha_enable'])) {
if ($_POST['public_key'] != NULL && $_POST['private_key'] != NULL) {
$global['recaptcha'] = '1';
// enable recaptcha
$global['recaptcha_public'] = escape($_POST['public_key']);
$global['recaptcha_private'] = escape($_POST['private_key']);
} else {
displaywarning("Public/Private Key is NULL. ReCAPTCHA could not be enabled");
//dispaly warning
$global['recaptcha'] = '0';
//disable recaptcha
}
} else {
$global['recaptcha'] = '0';
}
setGlobalSettings($global);
displayinfo("Global Settings successfully updated! Changes will come into effect on next page reload.");
}
function syncExcelFile($pmcId, $eventId, $fileLoc)
{
displaywarning($pmcId, $eventId);
$excelData = readExcelSheet($fileLoc);
displaywarning(print_r($excelData));
for ($i = 1; $i <= count($excelData); $i++) {
for ($j = 1; $j <= count($excelData[$i]); $j++) {
$userPid = $excelData[$i][$j];
if ($userPid[0] == 'F' || $userPid[0] == 'f') {
$userPid = getUserIdFromBookletId($userPid, $pmcId);
}
if (!empty($excelData[$i][$j])) {
$checkDuplicateQuery = "SELECT `user_pid` FROM `events_participants` WHERE `page_moduleComponentId`='{$pmcId}' AND `event_id`='{$eventId}' AND `user_pid`='{$userPid}'";
$checkDuplicateRes = mysql_query($checkDuplicateQuery) or displayerror(mysql_error());
if (mysql_num_rows($checkDuplicateRes) == 0) {
$getBookletIdQuery = "SELECT `booklet_id` FROM `prhospi_pr_status` WHERE `user_id`='{$userPid}' AND `page_moduleComponentId`='{$pmcId}'";
$getBookletIdRes = mysql_query($getBookletIdQuery) or displayerror(mysql_error());
if (mysql_num_rows($getBookletIdRes) > 0 || 1) {
displaywarning("Am here");
$bookletId = mysql_result($getBookletIdRes, 0);
$saveUserIdQuery = "INSERT INTO `events_participants`(`page_moduleComponentId`,`event_id`,`user_pid`,`user_team_id`) VALUES('{$pmcId}','{$eventId}','{$userPid}','{$i}')";
$saveUserIdRes = mysql_query($saveUserIdQuery) or displayerror(mysql_error());
$userInitRankQuery = "INSERT INTO `events_result`(`page_moduleComponentId`,`user_id`,`user_rank`,`event_id`) VALUES('{$pmcId}','{$userPid}','-1','{$eventId}')";
displaywarning($userInitQuery);
$userInitRankRes = mysql_query($userInitRankQuery) or displayerror(mysql_error());
}
}
}
}
}
}
function register()
{
///registration formmessenger
global $uploadFolder, $sourceFolder, $moduleFolder, $urlRequestRoot;
require "{$sourceFolder}/{$moduleFolder}/form/registrationformgenerate.php";
require "{$sourceFolder}/{$moduleFolder}/form/registrationformsubmit.php";
if (!isset($_GET['key']) && !isset($_GET['reSendKey']) && !isset($_POST['user_email'])) {
return getRegistrationForm();
} elseif (isset($_GET['reSendKey']) && !isset($_POST['resend_key_email']) && SEND_MAIL_ON_REGISTRATION) {
$reSendForm = <<<FORM
<form class="cms-registrationform" method="POST" name="user_resend_key" onsubmit="return checkForm(this)" action="./+login&subaction=register&reSendKey">
<fieldset>
<legend>Resend Activation Link</legend>
<table>
\t\t<tr>
\t\t\t<td><label for="resend_key_email" class="labelrequired">Email</label></td>
\t\t\t<td><input type="text" name="resend_key_email" id="resend_key_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
\t\t</tr>
\t\t<tr>
\t\t\t<td colspan="2"> </td>
\t\t</tr>
\t\t<tr>
\t\t\t<td><input type="submit" id="submitbutton" value="Submit"></td>
\t\t\t<td><a href="./+login&subaction=register">Sign Up</a> <a href="./+login">Login?</a></td>
\t\t</tr>
\t</table>
\t</fieldset>
</form>
FORM;
return $reSendForm;
} elseif (isset($_POST['resend_key_email'])) {
$email = escape($_POST['resend_key_email']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:131");
if (!mysql_num_rows($result)) {
displayinfo("This email-id has not yet been registered. Kindly <a href=\"./+login&subaction=register\">register</a>.");
} else {
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail {$email} has already been verified.<a href=\"./+login\"> Login</a> <a href=\"./+login&subaction=resetPasswd\">Forgot Password?</a>");
} else {
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Activation link resent. Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link resending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
} elseif (isset($_GET['key'])) {
$emailId = escape($_GET['verify']);
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$emailId}'";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:76");
$temp = mysql_fetch_assoc($result);
if ($temp['user_activated'] == 1) {
displayinfo("E-mail " . escape($_GET[verify]) . " has already been verified");
} else {
if ($_GET['key'] == getVerificationKey($_GET['verify'], $temp['user_password'], $temp['user_regdate'])) {
$query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_activated`=1 WHERE `user_email`='{$emailId}'";
mysql_query($query) or die(mysql_error());
if (mysql_affected_rows() > 0) {
displayinfo("Your e-mail " . escape($_GET[verify]) . " has been verified. Now you can fill your profile information by clicking <a href=\"./+profile\">here</a> or by clicking on the preferences link in the action bar any time you are logged in.");
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
} else {
displayerror("Verification error for " . escape($_GET[verify]) . ". Please contact administrator");
}
}
} else {
if ($_POST['user_email'] == "" || $_POST['user_password'] == "") {
displayerror("Blank e-mail/password NOT allowed");
return getRegistrationForm();
}
if ($_POST['user_name'] == "" || $_POST['user_fullname'] == "") {
displayerror("Please fill in your user name and Full name");
return getRegistrationForm();
}
if (!preg_match("/^[_a-z0-9-]+(\\.[_a-z0-9-]+)*@[a-z0-9-]+(\\.[a-z0-9-]+)*(\\.[a-z]{2,3})\$/i", $_POST['user_email'])) {
displayerror("Invalid Email Id");
return getRegistrationForm();
}
if ($_POST['user_password'] != $_POST['user_repassword']) {
displayerror("Passwords are not same");
return getRegistrationForm();
}
if (submitCaptcha() == false) {
return getRegistrationForm();
}
/*For new registrations*/
$umail = escape($_POST['user_email']);
$umail = trim($umail);
$isValid = check_email($umail);
if (!$isValid) {
displayerror("Your E-Mail Provoider has been blackilisted. Please Use another email id or contact the website administrator");
return getRegistrationForm();
}
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $umail . "'";
$result = mysql_query($query) or displayerror(mysql_error() . "in registration L:115");
if (mysql_num_rows($result)) {
displaywarning("Email already exists in database. Please use a different e-mail.");
return getRegistrationForm();
} else {
$passwd = md5($_POST['user_password']);
$query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " . "(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`) " . "VALUES ('" . escape($_POST['user_name']) . "', '" . escape($_POST['user_email']) . "', '" . escape($_POST['user_fullname']) . "', '{$passwd}', " . ACTIVATE_USER_ON_REG . ")";
$result = mysql_query($query);
$query1 = "SELECT `user_id` FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email` ='" . escape($_POST['user_email']) . "' LIMIT 1";
$result1 = mysql_query($query1);
$result1 = mysql_fetch_array($result1);
$form_result = submitRegistrationForm(0, $result1[0], true, true);
if (!$form_result) {
$query1 = "DELETE FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_id` = '" . $result1[0] . "'";
$result = mysql_query($query1);
return getRegistrationForm();
}
if ($result) {
if (ACTIVATE_USER_ON_REG) {
displayinfo("You have been successfully registered. You can now <a href=\"./+login\">log in</a>.");
} else {
displayinfo("Your registration was successful but your account is not activated yet. Kindly check your email, or wait for the website administrator to activate you.");
}
}
if (SEND_MAIL_ON_REGISTRATION) {
$email = $umail;
$query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='{$email}' ";
$result = mysql_query($query) or displayerror(mysql_error() . "registration L:211");
$temp = mysql_fetch_assoc($result);
$key = getVerificationKey($email, $temp['user_password'], $temp['user_regdate']);
// send mail code starts here - see common.lib.php for more
$from = "from: " . CMS_TITLE . " <" . CMS_EMAIL . ">";
$to = "{$email}";
$mailtype = "activation_mail";
$messenger = new messenger(false);
global $onlineSiteUrl;
$messenger->assign_vars(array('ACTIVATE_URL' => "{$onlineSiteUrl}/+login&subaction=register&verify={$to}&key={$key}", 'NAME' => "{$temp['user_fullname']}", 'WEBSITE' => CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
if ($messenger->mailer($to, $mailtype, $key, $from)) {
displayinfo("Kindly check your e-mail for activation link.");
} else {
displayerror("Activation link sending failure. Kindly contact administrator");
}
// send mail code ends here
}
}
}
}
public function actionPrview()
{
global $urlRequestRoot, $sourceFolder, $templateFolder, $cmsFolder, $moduleFolder;
$moduleComponentId = $this->moduleComponentId;
$scriptsFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/scripts";
$imagesFolder = "{$urlRequestRoot}/{$cmsFolder}/{$templateFolder}/common/images";
require_once "{$sourceFolder}/{$moduleFolder}/prhospi/prhospi_common.php";
require_once "{$sourceFolder}/{$moduleFolder}/prhospi/accommodation.php";
if (isset($_GET['subaction']) && $_GET['subaction'] == 'getsuggestions' && isset($_GET['forwhat'])) {
// echo getSuggestionsForIdOrEmail(escape($_GET['forwhat']));
exit(0);
}
if (isset($_POST['printthis']) && isset($_POST['printHiddenId'])) {
if ($_POST['printHiddenId'] != "") {
$pos = strpos($_POST['printHiddenId'], "printHostelAllotmentBill");
if ($pos == 0) {
return printDisclaimer($moduleComponentId, substr(escape($_POST['printHiddenId']), 24), "prhead");
}
}
}
if (isset($_POST['txtFormUserId1']) && $_POST['txtFormUserId1'] != '') {
// $detailsGiven=explode("- ",escape($_POST['txtFormUserId1']));
$detailsGiven = escape($_POST['txtFormUserId1']);
if (!isset($_POST['refundAmt'])) {
displaywarning("Refund Amount not declared");
} else {
// if(isset($detailsGiven[1])) checkOutPr($detailsGiven[1],escape($_POST['refundAmt']),$moduleComponentId);
if (isset($detailsGiven)) {
checkOutPr($detailsGiven, escape($_POST['refundAmt']), $moduleComponentId);
} else {
displaywarning("Invalid Pragyan Id");
}
}
}
$displayTags = <<<TAG
\t<table>
<tr>
<td><a href="./+prview&subaction=viewRegisteredUser"> <div>View Registrants</div></a></td>
<td><a href="./+prview"><div>Add User</div></a></td>
</tr>
</table>
TAG;
if (isset($_GET['subaction']) && $_GET['subaction'] == 'viewRegisteredUser') {
return $displayTags . displayUsersRegisteredToPr($moduleComponentId);
}
$inputUser = <<<USER
<h2> CHECK IN FORM </h2>
<form method="POST" id="prCheckInForm" action="./+Prview">
Enter UserId or Email:<input type="text" name="txtFormUserId" id="txtFormUserId" autofocus autocomplete="off" style="width: 256px" />
<div id="suggestionsBox" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div>
<input type="submit" Value="Find User"/>
<script type="text/javascript" src="{$urlRequestRoot}/{$cmsFolder}/{$moduleFolder}/prhospi/prregister.js"></script>
USER;
$userDetails = "";
$displayActions = "";
if (isset($_POST['txtFormUserId']) && $_POST['txtFormUserId'] != '') {
$detailsGiven = escape($_POST['txtFormUserId']);
if (isset($detailsGiven)) {
$userDetails .= submitDetailsForPr($detailsGiven, $moduleComponentId, $this->userId);
} else {
displaywarning("Invalid Pragyan Id");
}
}
$amtToCollect = getAmount("prhead", $moduleComponentId);
$checkOutFORM = <<<checkOut
<hr/>
<h2> CHECK OUT FORM </h2>
<form method="POST" action="./+prview">
<table border="1">
<tr>
<td>Enter UserId or Email:</td>
<td><input type="text" name="txtFormUserId1" id="txtFormUserId1" autocomplete="off" style="width: 256px" />
<div id="suggestionsBox1" style="background-color: white; width: 260px; border: 1px solid black; position: absolute; overflow-y: scroll; max-height: 180px; display: none"></div><br/>
</td>
</tr>
<tr>
<td>Refund Amount:</td>
<td><input type="text" disabled="disabled" name="refundAmt1" value="{$amtToCollect}"/>
<input type="hidden" name="refundAmt" value="{$amtToCollect}"/></td>
</tr>
<tr>
<td colspan="2"><input type="submit" Value="Find User"/></td>
</tr>
</table>
<!-- <script type="text/javascript" language="javascript" src="{$scriptsFolder}/ajaxsuggestionbox.js">
</script>
<script language="javascript">
var userBox = new SuggestionBox(document.getElementById('txtFormUserId1'), document.getElementById('suggestionsBox1'), "./+prview&subaction=getsuggestions&forwhat=%pattern%");
userBox.loadingImageUrl = '{$imagesFolder}/ajaxloading.gif';
</script>-->
</form>
checkOut;
return $displayTags . $inputUser . $userDetails . $checkOutFORM;
}
/**
* function actionCorrect:
* handles all actions in Correct
* Corrects user submission and displays userList with their Marks
*/
public function actionCorrect()
{
if (isset($_POST['btnSetMark'])) {
$quizid = escape($_POST['quizid']);
$sectionid = escape($_POST['sectionid']);
$questionid = escape($_POST['questionid']);
$userid = escape($_POST['userid']);
$mark = escape($_POST['mark']);
$condition = "`page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}' AND `user_id` = '{$userid}'";
$result = mysql_query("SELECT `quiz_submittedanswer` FROM `quiz_answersubmissions` WHERE {$condition}");
if ($row = mysql_fetch_array($result)) {
$result = mysql_fetch_array(mysql_query("SELECT `question_positivemarks`, `question_negativemarks` FROM `quiz_weightmarks` WHERE `page_modulecomponentid` = '{$quizid}' AND `question_weight` = (SELECT `quiz_questionweight` FROM `quiz_questions` WHERE `page_modulecomponentid` = '{$quizid}' AND `quiz_sectionid` = '{$sectionid}' AND `quiz_questionid` = '{$questionid}')"));
if ($_POST['mark'] > $result['question_positivemarks'] || $_POST['mark'] < -1 * $result['question_negativemarks']) {
displaywarning('Mark out of range for this question, so mark not set');
} else {
mysql_query("UPDATE `quiz_answersubmissions` SET `quiz_marksallotted` = {$mark} WHERE {$condition}");
updateSectionMarks($quizid);
displayinfo('Mark set');
}
} else {
displayerror('Unable to set value');
}
}
if (isset($_GET['useremail'])) {
$userId = getUserIdFromEmail($_GET['useremail']);
if ($userId) {
return getQuizCorrectForm($this->moduleComponentId, $userId);
} else {
displayerror('Error. Could not find user.');
}
} elseif (isset($_POST['btnDeleteUser']) && isset($_POST['hdnUserId']) && is_numeric($_POST['hdnUserId'])) {
$quizObject = $this->getNewQuizObject();
if ($quizObject !== false) {
$quizObject->deleteEntries(intval($_POST['hdnUserId']));
}
}
return getQuizUserListHtml($this->moduleComponentId);
}
function installTemplate($str)
{
global $sourceFolder;
$len = strlen($str);
$templateName = name($str, ".");
if (substr($str, $len - 4, 4) == ".zip") {
$zip = new ZipArchive();
if ($zip->open($str) === TRUE) {
$templatePath = $sourceFolder . "/uploads/templates/" . $templateName . "/";
while (file_exists($templatePath)) {
$templatePath = $sourceFolder . "/uploads/templates/" . rand() . "/";
}
$zip->extractTo($templatePath);
$zip->close();
} else {
return array("1", $str);
}
} else {
return array("2", $str);
}
$templateArray = "";
$templates = getAvailableTemplates();
foreach ($templates as $template) {
$templateArray .= "'" . $template . "', ";
}
$templateArray = rtrim($templateArray, ", ");
$templateActualPath = actualPath($templatePath);
if ($templateActualPath == NULL) {
return array("0", $str, $templatePath);
}
$call = "";
$issueExcess = "";
$ignoreall = "";
$issues = "";
$issuetypes = reportIssues($templateActualPath, $issues);
if ($issues != "") {
$issues = "\n\t <table name='issues_table'>\n\t <tr><th>S.No.</th><th>Issue Details</th><th>Issue Type</th><th>Ignore ?</th></tr>\n\t {$issues}\n\t </table>\n\t ";
}
if ($issuetypes[0] == 1) {
//$issuetypes[0] is fatal and [1] is ignorable
displayerror("Some fatal issues were found with the template. Please click on Cancel Installation button and fix the issues");
$call = "2";
}
if ($issuetypes[0] == 0 && $issuetypes[1] == 1) {
displaywarning("Some issues were found with the template. You may chose to ignore them.");
$ignoreall = "<input type=button value='Ignore All' onClick='igall();'>";
$issueExcess = <<<EXTRA
<script type="text/javascript">
function igall() {
\tvar id = 0;
\twhile(document.getElementById('issue_' + id))
\t\tignore(id++);
}
</script>
EXTRA;
}
global $ICONS;
$RET = <<<RET
<script type="text/javascript">
function ignore(id) {
\tif(document.getElementById('button_' + id)) {
\t\tdocument.getElementById('issue_' + id).className = 'ignored';
\t\tdocument.getElementById('button_' + id).value = 'Ignored !';
\t\tdocument.getElementById('button_' + id).disabled = 'disabled';
\t}
}
function validate() {
\tvar id = 0;
\twhile(document.getElementById('issue_' + id)) {
\t\tif(document.getElementById('issue_' + id).className == 'issue') {
\t\t\talert("There are one or more issue(s) unresolved. Fix them and Submit.");
\t\t\treturn false;
\t\t}
\t\tid++;
\t}
\tvar templates = new Array('common',{$templateArray});
\tfor(template in templates)
\t\tif(document.getElementById('templatename').value == templates[template]) {
\t\t\talert("Template with that name already exist in server. Choose some other name.");
\t\t\treturn false;
\t\t}
\treturn true;
}
function validate2() {
\talert("You have one or more required variable missing. So you can not submit the template. Hit cancel.");
\treturn false;
}
</script>
<fieldset>
<legend>{$ICONS['Templates Management']['small']}Finalize Template</legend>
{$issues}
{$ignoreall}
{$issueExcess}
<form method=POST action='./+admin&subaction=template&subsubaction=finalize' onSubmit='return validate{$call}()'>
Template Name: <input type=text id='templatename' name='template' value='{$templateName}'><input type=submit value="Install Template"><br/><br/>
The following template names are already used :<b> 'common', {$templateArray}</b><br/>
<input type=hidden name='path' value='{$templateActualPath}'>
<input type=hidden name='del' value='{$templatePath}'>
<input type=hidden name='file' value='{$str}'>
</form>
<form method=POST action='./+admin&subaction=template&subsubaction=cancel' onSubmit='myconfirm()'>
<input type=hidden name='path' value='{$templatePath}'>
<input type=hidden name='file' value='{$str}'>
<input type=submit value="Cancel Installation">
</form>
</fieldset>
RET;
return $RET;
}
/**
* function actionView:
* @returns HTML View of the Book according to the properties set
*/
public function actionView()
{
global $INFOSTRING, $WARNINGSTRING, $ERRORSTRING;
$childrenQuery = 'SELECT `page_title`, `page_id`, `page_module`, `page_modulecomponentid`, `page_name` FROM `' . MYSQL_DATABASE_PREFIX . 'pages` WHERE `page_parentid` = ' . $this->pageId . ' AND `page_id` IN (' . $this->bookProps['list'] . ') ORDER BY `page_menurank`';
$result = mysql_query($childrenQuery);
$ret = $this->tabScript();
$ret .= <<<RET
<h2>{$this->bookProps['page_title']}</h2>
<div class='tabEnvelope'>
RET;
$navigate = $this->bookProps['initial'];
if (isset($_GET['navigate']) && $this->isPresent($this->pageId, $_GET['navigate'])) {
$navigate = escape($_GET['navigate']);
}
$tabList = "<div id='tabList'>";
$contentList = "";
$backup_info = $INFOSTRING;
$backup_warning = $WARNINGSTRING;
$backup_error = $ERRORSTRING;
while ($row = mysql_fetch_assoc($result)) {
if (getPermissions($this->userId, $row['page_id'], "view")) {
$INFOSTRING = "";
$WARNINGSTRING = "";
$ERRORSTRING = "";
$moduleType = $row['page_module'];
$active = "";
if ($navigate == $row['page_id'] || getPageModule($row['page_id']) == 'book' && $this->isPresent($row['page_id'], $navigate)) {
$active = ' active';
}
$tabList .= "<div class='tabElement'><a id='Content{$this->pageId}_{$row['page_id']}' href='./+view&navigate={$row['page_id']}'><span class='tabItem' id='cms-tabItem'>{$row['page_title']}</span></a></div>";
$content = getContent($row['page_id'], "view", $this->userId, true);
$content = preg_replace('/<a(.*)href=[\'"](.\\/)+(.*)[\'"](.*)>(.*)<\\/a>/i', '<a$1href="./' . $row['page_name'] . '/$3"$4>$5</a>', $content);
$content = preg_replace('/<form(.*)action=[\'"](.\\/)+(.*)[\'"](.*)>/i', '<form$1action="./' . $row['page_name'] . '/$3"$4>', $content);
$content = preg_replace('/<img(.*)src=[\'"](.\\/)+(.*)[\'"](.*)>/i', '<img$1src="./' . $row['page_name'] . '/$3"$4>', $content);
$contentList .= "<div class='tabContent{$active}' id='tabContent{$this->pageId}_{$row['page_id']}'>" . $INFOSTRING . $WARNINGSTRING . $ERRORSTRING . $content . "</div>";
}
}
if ($tabList == "") {
displaywarning("No child pages are selected to display in this book.<br/> To change book settings click <a href='./+edit'>here</a> and to create child pages for this book, click <a href='./+settings#childpageform'>here</a>.");
}
$tabList .= "</div>";
$ret .= $tabList . $contentList . "</div>";
$INFOSTRING = $backup_info;
$WARNINGSTRING = $backup_warning;
$ERRORSTRING = $backup_error;
return $ret;
}
function isAvailable($mcId, $str)
{
$str = escape($str);
$query = "SELECT `value` FROM `oc_config` WHERE `page_moduleComponentId` = '{$mcId}' AND `key` = '{$str}'";
$queryResult = mysql_query($query) or displayerror(mysql_error());
if (!$queryResult) {
return false;
}
if (!mysql_num_rows($queryResult)) {
displaywarning("Invalid Key Given");
return false;
}
$value = mysql_fetch_assoc($queryResult);
if ($value['value'] == 'Yes') {
return true;
}
return false;
}