function deleteDucks()
{
//echo "delete the ducks!";
startSession();
unset($_SESSION['ducks']);
feedback('Ducks deleted!');
}
function updateExecute()
{
global $config;
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
myRedirect($config->adminReset);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
myRedirect(THIS_PAGE);
}
$myConn = conn('', FALSE);
$redirect = $config->adminReset;
# global var used for following formReq redirection on failure
$AdminID = formReq('AdminID');
# calls dbIn internally, to check form data
$AdminPW = formReq('PWord1');
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
get_header();
echo '
<div align="center"><h3>Reset Administrator Password</h3></div>
<div align="center"><a href="' . $config->adminReset . '">Reset More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
exit;
}
include HCLANG . '/admin/admin.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_admin['Feed03']);
break;
case "2":
feedback(3, $hc_lang_admin['Feed04']);
break;
case "3":
feedback(1, $hc_lang_admin['Feed05']);
break;
case "4":
feedback(1, $hc_lang_admin['Feed06']);
break;
}
}
appInstructions(0, "Editing_Admin_Users", $hc_lang_admin['TitleBrowseA'], $hc_lang_admin['InstructBrowseA']);
$result = doQuery("SELECT PkID, FirstName, LastName, Email, LastLogin FROM " . HC_TblPrefix . "admin WHERE IsActive = 1 AND SuperAdmin = 0 ORDER BY LastName, FirstName");
if (hasRows($result)) {
echo '
<ul class="data">
<li class="row header uline">
<div style="width:30%;">' . $hc_lang_admin['Name'] . '</div>
<div style="width:40%;">' . $hc_lang_admin['EmailLabel'] . '</div>
<div style="width:20%;">' . $hc_lang_admin['Login'] . '</div>
<div style="width:10%;"> </div>
</li>';
$cnt = 0;
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_settings['Feed04']);
break;
case "2":
feedback(1, $hc_lang_settings['Feed06']);
break;
case "3":
feedback(3, $hc_lang_settings['Feed07']);
break;
case "4":
feedback(1, $hc_lang_settings['Feed08']);
break;
case "5":
feedback(3, $hc_lang_settings['Feed09']);
break;
}
}
appInstructions(0, "APIs", $hc_lang_settings['TitleAPI'], $hc_lang_settings['InstructAPI']);
$result = doQuery("SELECT SettingValue FROM " . HC_TblPrefix . "settings \r\n\t\t\t\t\tWHERE PkID IN (5,6,25,27,41,42,43,45,46,47,50,52,55,56,57,58,59,61,62,63,69,94,95,96,\r\n\t\t\t\t\t\t\t\t100,101,102,103,104,105,111,112,113,114,115,117,118,119,120,121,122,123,124,125)\r\n\t\t\t\t\tORDER BY PkID");
$eventbriteKeyA = cOut(mysql_result($result, 0, 0));
$eventbriteKeyU = cOut(mysql_result($result, 1, 0));
$disqusName = cOut(mysql_result($result, 2, 0));
$emapZoom = cOut(mysql_result($result, 3, 0));
$lmapZoom = cOut(mysql_result($result, 4, 0));
$locBrowse = cOut(mysql_result($result, 7, 0));
$twtrAToken = cOut(mysql_result($result, 8, 0));
$twtrASecret = cOut(mysql_result($result, 9, 0));
$quickLinks = explode(",", cOut(mysql_result($result, 10, 0)));
$googMapURL = cOut(mysql_result($result, 11, 0));
$dropbox_file_data[] = $receivers_celldata;
$last_upload_date = api_get_local_time($dropbox_file->last_upload_date);
$dropbox_file_data[] = date_to_str_ago($last_upload_date) . '<br /><span class="dropbox_date">' . api_format_date($last_upload_date) . '</span>';
//$dropbox_file_data[] = $dropbox_file->author;
$receivers_celldata = '';
$action_icons = check_number_feedback($dropbox_file->id, $number_feedback) . ' ' . get_lang('Feedback') . '
<a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=viewfeedback&id=' . $dropbox_file->id . '&' . $sort_params . '">' . Display::return_icon('discuss.png', get_lang('Comment'), '', ICON_SIZE_SMALL) . '</a>
<a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=movesent&move_id=' . $dropbox_file->id . '&' . $sort_params . '">' . Display::return_icon('move.png', get_lang('Move'), '', ICON_SIZE_SMALL) . '</a>
<a href="' . api_get_self() . '?' . api_get_cidreq() . '&view_received_category=' . $viewReceivedCategory . '&view_sent_category=' . $viewSentCategory . '&view=' . $view . '&action=deletesentfile&id=' . $dropbox_file->id . '&' . $sort_params . '" onclick="javascript: return confirmation(\'' . $dropbox_file->title . '\');">' . Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL) . '</a>';
// This is a hack to have an additional row in a sortable table
if ($action == 'viewfeedback' && isset($_GET['id']) && is_numeric($_GET['id']) && $dropbox_file->id == $_GET['id']) {
$action_icons .= "</td></tr>\n";
// ending the normal row of the sortable table
$action_icons .= "<tr><td colspan=\"2\">";
$action_icons .= "<a href=\"index.php?" . api_get_cidreq() . "&view_received_category=" . $viewReceivedCategory . "&view_sent_category=" . $viewSentCategory . "&view=" . $view . '&' . $sort_params . "\">" . get_lang('CloseFeedback') . "</a>";
$action_icons .= "</td><td colspan=\"7\">" . feedback($dropbox_file->feedback2) . "</td></tr>";
}
$dropbox_file_data[] = $action_icons;
$dropbox_file_data[] = $last_upload_date;
$dropbox_file_data[] = $file_size;
$action_icons = '';
$dropbox_data_sent[] = $dropbox_file_data;
}
}
// The content of the sortable table = the categories (if we are not in the root)
if ($view_dropbox_category_sent == 0) {
foreach ($dropbox_categories as $category) {
$dropbox_category_data = array();
if ($category['sent'] == '1') {
$dropbox_category_data[] = $category['cat_id'];
// This is where the checkbox icon for the files appear.
++$bg;
$marty->assign('darkBG', $bg % 2);
switch ($val) {
case 'N':
$nam = new PName($key);
$nam->display('pers_ldat.tpl');
unset($nam);
break;
case 'P':
$pers = new Person($key);
$pers->display('pers_ldat.tpl');
unset($pers);
}
}
} else {
feedback(102, 'hinw');
// kein Ergebnis
}
}
break;
// Ende --search--
// Ende --search--
case "Pick":
$bg = 1;
foreach (PName::listNames($_GET['C']) as $wert) {
++$bg;
$marty->assign('darkBG', $bg % 2);
$pers = new PName($wert);
$pers->display('pers_ldat.tpl');
unset($pers);
}
function insertExecute()
{
//$FirstName = strip_tags($_POST['FirstName']);
//$LastName = strip_tags($_POST['LastName']);
//$Email = strip_tags($_POST['Email']);
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$Email = $_POST['Email'];
$db = pdo();
# pdo() creates and returns a PDO object
//dumpDie($FirstName);
//PDO Quote has some great stuff re: injection:
//http://www.php.net/manual/en/pdo.quote.php
//next check for specific issues with data
/*
if(!ctype_graph($_POST['FirstName'])|| !ctype_graph($_POST['LastName']))
{//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation");
myRedirect(THIS_PAGE);
}
if(!onlyEmail($_POST['Email']))
{//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid");
myRedirect(THIS_PAGE);
}
*/
//build string for SQL insert with replacement vars, ?
$sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES (?,?,?)";
$stmt = $db->prepare($sql);
//INTEGER EXAMPLE $stmt->bindValue(1, $id, PDO::PARAM_INT);
$stmt->bindValue(1, $FirstName, PDO::PARAM_STR);
$stmt->bindValue(2, $LastName, PDO::PARAM_STR);
$stmt->bindValue(3, $Email, PDO::PARAM_STR);
try {
$stmt->execute();
} catch (PDOException $ex) {
trigger_error($ex->getMessage(), E_USER_ERROR);
}
#feedback success or failure of update
if ($stmt->rowCount() > 0) {
//success! provide feedback, chance to change another!
feedback("Customer Added Successfully!", "success");
} else {
//Problem! Provide feedback!
feedback("Customer NOT added!", "warning");
}
}
return true;
}
}
//-->
</script>';
} else {
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_news['Feed10']);
break;
case "2":
feedback(1, $hc_lang_news['Feed11']);
break;
case "3":
feedback(1, $hc_lang_news['Feed12']);
break;
}
}
appInstructions(0, "Subscriber_Groups", $hc_lang_news['TitleGroup'], $hc_lang_news['InstructGroup']);
echo '
<a href="' . AdminRoot . '/index.php?com=subgrps&gID=0" class="add"><img src="' . AdminRoot . '/img/icons/add.png" width="16" height="16" alt="" />' . $hc_lang_news['NewGroup'] . '</a>';
$result = doQuery("SELECT PkID, Name, IsPublic,\r\n\t\t\t\t\t\t\t(SELECT COUNT(sg.UserID)\r\n\t\t\t\t\t\t\tFROM " . HC_TblPrefix . "subscribersgroups sg\r\n\t\t\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "subscribers s ON (sg.UserID = s.PkID)\r\n\t\t\t\t\t\t\tWHERE sg.GroupID = mg.PkID AND s.IsConfirm = 1) as GrpCnt,\r\n\t\t\t\t\t\t\t(SELECT COUNT(s.PkID)FROM " . HC_TblPrefix . "subscribers s WHERE s.IsConfirm = 1) as AllCnt\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "mailgroups mg\r\n\t\t\t\t\t\tWHERE IsActive = 1 ORDER BY IsPublic, Name");
if (hasRows($result)) {
echo '
<ul class="data">
<li class="row header uline">
<div style="width:50%;">' . $hc_lang_news['GroupNameLabel'] . '</div>
<div style="width:20%;">' . $hc_lang_news['GroupStatusLabel'] . '</div>
<div class="number" style="width:20%;">' . $hc_lang_news['GroupCountLabel'] . '</div>
<div class="tools" style="width:10%;"> </div>
if (isset($_GET['s']) && $_GET['s'] != '') {
$term = cIn(cleanQuotes(strip_tags($_GET['s'])));
$save = '&s=' . $term;
$queryS = " AND Name LIKE('%" . $term . "%')";
}
$hc_Side[] = array(CalRoot . '/index.php?com=location', 'map.png', $hc_lang_locations['LinkMap'], 1);
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "3":
feedback(1, $hc_lang_locations['Feed03']);
break;
case "4":
feedback(2, $hc_lang_locations['Feed04']);
break;
case "5":
feedback(1, $hc_lang_locations['Feed05']);
break;
}
}
appInstructions(0, "Editing_Locations", $hc_lang_locations['TitleBrowse'], $hc_lang_locations['InstructBrowse']);
$resultC = doQuery("SELECT COUNT(*) FROM " . HC_TblPrefix . "locations WHERE IsActive = 1 {$queryS}");
$pages = ceil(mysql_result($resultC, 0, 0) / $resLimit);
if ($pages <= $resOffset && $pages > 0) {
$resOffset = $pages - 1;
}
echo '
<fieldset style="border:0px;">
<label><b>' . $hc_lang_locations['ResPer'] . '</b></label>
<span class="output">';
for ($x = 25; $x <= 100; $x = $x + 25) {
echo $x > 25 ? ' | ' : '';
<?php
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/settings.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_settings['Feed03']);
break;
}
}
appInstructions(0, "Themes_Settings", $hc_lang_settings['TitleTheme'], $hc_lang_settings['InstructTheme']);
$result = doQuery("SELECT SettingValue FROM " . HC_TblPrefix . "settings WHERE PkID IN (83,84,86) ORDER BY PkID");
$fullsite = cOut(mysql_result($result, 0, 0));
$mobile = cOut(mysql_result($result, 1, 0));
$agents = cOut(mysql_result($result, 2, 0));
$fullsiteOpts = $mobileOpts = '';
$themes = array();
if (file_exists(HCPATH . '/themes')) {
$dir = dir(HCPATH . '/themes');
while (($file = $dir->read()) != false) {
if (is_dir($dir->path . '/' . $file) && $file != "." && $file != "..") {
$themes[] = $file;
}
function sr_forms_news_signup()
{
global $hc_cfg, $hc_lang_config, $hc_lang_news, $hc_captchas, $hc_lang_core;
if (isset($_GET['d'])) {
$g = cIn(strip_tags($_GET['d']));
$result = doQuery("SELECT PkID FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $g . "' AND GUID != '' AND IsConfirm = 1");
if (!hasRows($result)) {
return 0;
}
echo '
<p>' . $hc_lang_news['DeleteNotice'] . '</p>
<form name="frmEventNewsletter" id="frmEventNewsletter" method="post" action="' . CalRoot . '/news-edit.php">
<input name="dID" id="dID" type="hidden" value="' . $g . '" />
<div class="newsTools"><input type="submit" name="submit" id="submit" value="' . $hc_lang_news['CancelReg'] . '" /></div>
</form>';
return 0;
}
$t = isset($_GET['t']) && is_numeric($_GET['t']) ? cIn(strip_tags($_GET['t'])) : 0;
if (isset($hc_lang_news['ThankYou' . $t])) {
echo $hc_lang_news['ThankYou' . $t];
return 0;
}
$submit = $hc_lang_news['SubmitReg'];
$uID = $occupation = 0;
$format = 2;
$firstname = $lastname = $email = $zipcode = $birthyear = $gender = $refer = $yrOpts = '';
$query = NULL;
$g = isset($_GET['u']) && $_GET['u'] != '' ? cIn(strip_tags($_GET['u'])) : '';
$result = doQuery("SELECT * FROM " . HC_TblPrefix . "subscribers WHERE GUID = '" . $g . "' AND GUID != '' AND IsConfirm = 1");
$notice = $hc_lang_news['SubInstruct'];
if (hasRows($result)) {
$notice = $hc_lang_news['SubInstruct2'];
$submit = $hc_lang_news['UpdateReg'];
$uID = mysql_result($result, 0, 0);
$firstname = mysql_result($result, 0, 1);
$lastname = mysql_result($result, 0, 2);
$email = mysql_result($result, 0, 3);
$occupation = mysql_result($result, 0, 4);
$zipcode = mysql_result($result, 0, 5);
$addedby = mysql_result($result, 0, 8);
$birthyear = mysql_result($result, 0, 11);
$gender = mysql_result($result, 0, 12);
$refer = mysql_result($result, 0, 13);
$format = mysql_result($result, 0, 14);
$query = "SELECT c.PkID, c.CategoryName, c.ParentID, c.CategoryName as Sort, uc.UserID as Selected\r\n FROM " . HC_TblPrefix . "categories c\r\n LEFT JOIN " . HC_TblPrefix . "categories c2 ON (c.PkID = c2.PkID)\r\n LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (c.PkID = ec.CategoryID)\r\n LEFT JOIN " . HC_TblPrefix . "subscriberscategories uc ON (uc.CategoryID = c.PkID AND uc.UserID = '" . $uID . "')\r\n WHERE c.ParentID = 0 AND c.IsActive = 1\r\n GROUP BY c.PkID, c.CategoryName, c.ParentID, uc.UserID\r\n UNION\r\n SELECT c.PkID, c.CategoryName, c.ParentID, c2.CategoryName as Sort, uc.UserID as Selected\r\n FROM " . HC_TblPrefix . "categories c\r\n LEFT JOIN " . HC_TblPrefix . "categories c2 ON (c.ParentID = c2.PkID)\r\n LEFT JOIN " . HC_TblPrefix . "eventcategories ec ON (c.PkID = ec.CategoryID)\r\n LEFT JOIN " . HC_TblPrefix . "subscriberscategories uc ON (uc.CategoryID = c.PkID AND uc.UserID = '" . cIn($uID) . "')\r\n WHERE c.ParentID > 0 AND c.IsActive = 1\r\n GROUP BY c.PkID, c.CategoryName, c.ParentID, c2.CategoryName, uc.UserID\r\n ORDER BY Sort, ParentID, CategoryName";
}
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(2, $hc_lang_news['Feed04']);
break;
}
}
$yearSU = date("Y") - 14;
for ($x = 0; $x <= 80; $x++) {
$yrOpts .= '<option' . ($yearSU == $birthyear ? ' selected="selected"' : '') . ' value="' . $yearSU . '">' . $yearSU . '</option>';
--$yearSU;
}
echo '
' . $notice . '
<form name="frmEventNewsletter" id="frmEventNewsletter" method="post" action="' . CalRoot . '/news-signup.php" onsubmit="return validate();">
<input name="uID" id="uID" type="hidden" value="' . $uID . '" />
<input name="gID" id="gID" type="hidden" value="' . $g . '" />';
if ($hc_cfg[65] > 0 && in_array(4, $hc_captchas)) {
echo '
<fieldset>
<legend>' . $hc_lang_core['CapLegend'] . '</legend>';
buildCaptcha();
echo '
</fieldset>';
}
echo '
<fieldset>
<legend>' . $hc_lang_news['Subscriber'] . '</legend>
<label for="hc_f1">' . $hc_lang_news['FName'] . '</label>
<input name="hc_f1" id="hc_f1" type="text" size="20" maxlength="50" placeholder="' . $hc_lang_news['PlaceFName'] . '" value="' . $firstname . '" required="required" />
<label for="hc_f2">' . $hc_lang_news['LName'] . '</label>
<input name="hc_f2" id="hc_f2" type="text" size="30" maxlength="50" placeholder="' . $hc_lang_news['PlaceLName'] . '" value="' . $lastname . '" required="required" />
<label for="hc_f3">' . $hc_lang_news['Email'] . '</label>' . ($email == '' ? '<input name="hc_f3" id="hc_f3" type="email" size="45" maxlength="75" placeholder="' . $hc_lang_news['PlaceEmail'] . '" value="' . $email . '" required="required" />' : '
<span class="output">' . $email . '</span>
<input type="hidden" name="hc_f3" id="hc_f3" value="' . $email . '" />') . '
<label for="hc_fa">' . $hc_lang_news['Birth'] . '</label>
<select name="hc_fa" id="hc_fa">
<option value="0">' . $hc_lang_news['Birth0'] . '</option>
' . $yrOpts . '
</select>
<label for="occupation">' . $hc_lang_news['Occupation'] . '</label>
';
include HCLANG . '/' . $hc_lang_config['OccupationFile'];
echo '
<label for="hc_fb">' . $hc_lang_news['Gender'] . '</label>
<select name="hc_fb" id="hc_fb">
<option value="0">' . $hc_lang_news['Gender0'] . '</option>
<option' . ($gender == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['GenderF'] . '</option>
<option' . ($gender == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['GenderM'] . '</option>
</select>
<label for="hc_fc">' . $hc_lang_news['Referral'] . '</label>
<select name="hc_fc" id="hc_fc">
<option value="0">' . $hc_lang_news['Referral0'] . '</option>
<option' . ($refer == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['Referral1'] . '</option>
<option' . ($refer == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['Referral2'] . '</option>
<option' . ($refer == 3 ? ' selected="selected"' : '') . ' value="3">' . $hc_lang_news['Referral3'] . '</option>
<option' . ($refer == 4 ? ' selected="selected"' : '') . ' value="4">' . $hc_lang_news['Referral4'] . '</option>
<option' . ($refer == 5 ? ' selected="selected"' : '') . ' value="5">' . $hc_lang_news['Referral5'] . '</option>
<option' . ($refer == 6 ? ' selected="selected"' : '') . ' value="6">' . $hc_lang_news['Referral6'] . '</option>
<option' . ($refer == 7 ? ' selected="selected"' : '') . ' value="7">' . $hc_lang_news['Referral7'] . '</option>
</select>
<label for="hc_f4">' . $hc_lang_news['Postal'] . '</label>
<input name="hc_f4" id="hc_f4" type="text" size="12" maxlength="10" placeholder="' . $hc_lang_news['PlacePostal'] . '" value="' . $zipcode . '" />
</fieldset>
<fieldset>
<legend>' . $hc_lang_news['Subscription'] . '</legend>
<label class="blank"> </label>
<span class="output">' . $hc_lang_news['CategoriesLabel'] . '</span>
<label>' . $hc_lang_news['Categories'] . '</label>';
sr_shared_getCategories('frmEventNewsletter', $hc_cfg['CatCols'], $query);
echo '
<label for="format">' . $hc_lang_news['LinkFormat'] . '</label>
<select name="format" id="format">
<option' . ($format == 0 ? ' selected="selected"' : '') . ' value="0">' . $hc_lang_news['LinkFormat0'] . '</option>
<option' . ($format == 1 ? ' selected="selected"' : '') . ' value="1">' . $hc_lang_news['LinkFormat1'] . '</option>
<option' . ($format == 2 ? ' selected="selected"' : '') . ' value="2">' . $hc_lang_news['LinkFormat2'] . '</option>
</select>
</fieldset>';
$result = doQuery("SELECT mg.PkID, mg.Name, mg.Description, sg.UserID\r\n FROM " . HC_TblPrefix . "mailgroups mg\r\n LEFT JOIN " . HC_TblPrefix . "subscribersgroups sg ON (mg.PkID = sg.GroupID AND sg.UserID = '" . $uID . "')\r\n WHERE mg.IsActive = 1 AND mg.PkID > 1 AND mg.IsPublic = 1\r\n ORDER BY Name");
if (hasRows($result)) {
echo '
<fieldset class="frm_grp">
<legend>' . $hc_lang_news['GroupLabel'] . '</legend>
<label for="grpID_1"><input disabled="disabled" checked="checked" name="grpID[]" id="grpID_1" type="checkbox" value="1" /><b>' . $hc_lang_news['GenericNews'] . '</b><p>' . $hc_lang_news['GenericNewsDesc'] . '</p></label>';
$cnt = 0;
while ($row = mysql_fetch_row($result)) {
$hl = $cnt % 2 == 0 ? ' class="hl"' : '';
echo '
<label for="grpID_' . $row[0] . '"' . $hl . '><input name="grpID[]" id="grpID_' . $row[0] . '" type="checkbox" value="' . $row[0] . '"' . ($row[3] == $uID && $uID > 0 ? ' checked="checked"' : '') . '/>' . cOut('<b>' . $row[1] . '</b><p>' . $row[2]) . '</p></label>';
++$cnt;
}
echo '
</fieldset>';
}
echo '
<div class="newsTools"><input type="submit" class="btn btn-primary" name="submit" id="submit" value="' . $submit . '" /></div>
</form>';
}
/**
* Output user account settings form.
* @since 2.1.0
* @version 2.1.0
* @return void
*/
function user_manage_account()
{
global $hc_cfg, $hc_lang_user;
if (!user_check_status()) {
return -1;
}
$uID = cIn($_SESSION['UserPkID']);
$result = doQuery("SELECT NetworkType, NetworkName, NetworkID, Email, FirstSignIn, Level, Location, Birthdate, APIKey, APIAccess\r\n\t\t\t\t\t\tFROM " . HC_TblPrefix . "users WHERE PkID = '" . $uID . "'");
if (!hasRows($result) or !user_check_status()) {
return -1;
}
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_user['Feed01']);
break;
}
}
$network = cOut(mysql_result($result, 0, 0));
$network_name = cOut(mysql_result($result, 0, 1));
$network_id = cOut(mysql_result($result, 0, 2));
$email = isset($_SESSION['new_user_email']) && $_SESSION['new_user_email'] != '' ? cIn(strip_tags($_SESSION['new_user_email'])) : cOut(mysql_result($result, 0, 3));
$signin_first = cOut(mysql_result($result, 0, 4));
$level = cOut(mysql_result($result, 0, 5));
$location = cOut(mysql_result($result, 0, 6));
$api_key = cOut(mysql_result($result, 0, 8));
$api_access = cOut(mysql_result($result, 0, 9));
$birthdate = isset($_SESSION['new_user_birthdate']) && $_SESSION['new_user_birthdate'] != '' ? cIn(strip_tags($_SESSION['new_user_birthdate'])) : stampToDate(mysql_result($result, 0, 7), $hc_cfg[24]);
echo '
<form name="user_edit" id="user_edit" method="post" action="' . CalRoot . '/user-edit.php" onsubmit="return validate();">
<fieldset class="user">
<legend>' . $hc_lang_user['UserEditLabel'] . '</legend>
<label>' . $hc_lang_user['Network'] . '</label>
<span class="output">' . $hc_lang_user['Network' . $network] . '</span>
<label>' . $hc_lang_user['Level'] . '</label>
<span class="output">' . $hc_lang_user['Level' . $level] . '</span>
<label>' . $hc_lang_user['Name'] . '</label>
<span class="output">' . $network_name . '</span>
<label for="email"><b>' . $hc_lang_user['Email'] . '</b></label>
<input name="email" id="email" type="email" maxlength="75" size="35" value="' . $email . '" required="required" />
<label for="birthdate"><b>' . $hc_lang_user['Birthdate'] . '</b></label>
<input name="birthdate" id="birthdate" type="text" size="12" maxlength="10" value="' . $birthdate . '" required="required" />
<a href="javascript:;" onclick="calx.select(document.getElementById(\'birthdate\'),\'cal1\',\'' . $hc_cfg[51] . '\');return false;" id="cal1" class="ds calendar" tabindex="-1"></a>
<label for="user_loc">' . $hc_lang_user['Location'] . '</label>
<input name="user_loc" id="user_loc" type="text" maxlength="250" size="50" value="' . $location . '" />
</fieldset>';
if ($hc_cfg[127] == 1) {
echo '
<fieldset>
<legend>' . $hc_lang_user['API'] . '</legend>';
echo $api_access == 1 && $email != '' && $birthdate != '' ? '
<label> </label>
<span class="output">' . $hc_lang_user['APIHelp'] . '</span>
<label>' . $hc_lang_user['APIEndpoint'] . '</label>
<input size="50" maxlength="200" type="text" readonly="readonly" value="' . CalRoot . '/api/" onfocus="this.select();" />
<label>' . $hc_lang_user['Username'] . '</label>
<input size="20" maxlength="200" type="text" readonly="readonly" value="' . $network_name . '" onfocus="this.select();" />
<label>' . $hc_lang_user['Key'] . '</label>
<input size="45" maxlength="100" type="text" readonly="readonly" value="' . $api_key . '" onfocus="this.select();" />
<label> </label>
<span class="frm_ctrls">
<label for="regen_apik"><input name="regen_apik" id="regen_apik" type="checkbox" onclick="" />' . $hc_lang_user['RegenKey'] . '</label>
</span>' : '
<label> </label>
<span class="output">' . $hc_lang_user['APIUnavailable'] . ($api_access == 1 ? ' ' . $hc_lang_user['ActivateAPI'] : '') . '</span>';
echo '
</fieldset>';
}
echo '
<input type="submit" name="submit" id="submit" value="' . $hc_lang_user['Save'] . '" />
<input type="reset" name="reset" id="reset" value="' . $hc_lang_user['Reset'] . '" />
<input type="hidden" name="uID" id="uID" value="' . $uID . '" />
</form>
<div id="dsCal" class="datePicker"></div>
<script src="' . CalRoot . '/inc/javascript/validation.js"></script>
<script src="' . CalRoot . '/inc/lang/' . $_SESSION['LangSet'] . '/popCal.js"></script>
<script src="' . CalRoot . '/inc/javascript/DateSelect.js"></script>
<script>
//<!--
var calx = new CalendarPopup("dsCal");
calx.showYearNavigation();
calx.showYearNavigationInput();
calx.setCssPrefix("hc_");
calx.offsetX = 30;
calx.offsetY = -5;
function validate(){
var err = "";
err += reqField(document.getElementById("email"),"' . $hc_lang_user['Valid14'] . '\\n");
if(document.getElementById("email").value != "")
err +=validEmail(document.getElementById("email"),"' . $hc_lang_user['Valid10'] . '\\n");
err += reqField(document.getElementById("birthdate"),"' . $hc_lang_user['Valid13'] . '\\n");
if(document.getElementById("birthdate").value != ""){
err += validDate(document.getElementById("birthdate"),"' . $hc_cfg[51] . '","' . $hc_lang_user['Valid11'] . ' ' . strtoupper($hc_cfg[51]) . '\\n");
err += validDateBefore(document.getElementById("birthdate").value,"' . strftime($hc_cfg[24], strtotime("-13 years")) . '","' . $hc_cfg[51] . '","' . $hc_lang_user['Valid12'] . '");
}
if(err != ""){
alert(err);
return false;
} else {
return true;
}
}
//-->
</script>';
}
header('Location:' . ADMIN_PATH . 'admin_login.php');
} else {
if (!isset($access) || $access == "") {
$access = "admin";
}
//empty becomes admin
$access = strtolower($access);
//in case of typo
switch ($access) {
case "admin":
break;
case "superadmin":
# not developer/superadmin, back to admin page
if ($_SESSION['Privilege'] != "developer" && $_SESSION['Privilege'] != "superadmin") {
feedback("Your admin privileges do not allow access to the previous page.");
header('Location:' . ADMIN_PATH . 'admin_dashboard.php');
die;
}
break;
case "developer":
//highest level. all access!
# not developer to admin page
if ($_SESSION['Privilege'] != "developer") {
feedback("Your admin privileges do not allow access to the previous page.");
header('Location:' . ADMIN_PATH . 'admin_dashboard.php');
die;
}
break;
break;
}
}
\t\t\t<input type="submit" class="btn btn-primary" value="Confirm & Send →" name="post" />
\t\t\t</form>
\t\t</div>
\t\t<br>
\t</div>
</div>
feedback;
echo "<div class='span3'>";
go_home();
sidepanel();
echo "</div></div>";
display_footer();
echo "\n</body>\n</html>";
}
}
feedback("Attendance Portal - Feedback");
if (isset($_POST['post'])) {
include 'config/db.php';
include 'config/settings.php';
$dbname = $branchyear . '_Logs';
$table = $branchyear . '_Feedback';
$ftype = $_POST['ftype'];
$Sentby = $_SESSION['UserId'];
$sub = trim(htmlentities(addslashes($_POST['sub'])));
//$feedback = trim(htmlentities(addslashes($_POST['fb'])));
//$feedback = trim(htmlentities(addslashes(str_replace("\n","<br>",$_POST['fb']))));
$feedback = trim(str_replace("\n", "<br>", $_POST['fb']));
if (strlen($sub) < 6) {
echo "<script>show_error('Subject Length Must Be Lessthan or equals to 6');</script>";
exit;
}
function insertExecute()
{
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Customer Added Successfully!", "notice");
} else {
//Problem! Provide feedback!
feedback("Customer NOT added!");
}
myRedirect(THIS_PAGE);
}
<label>
<input checked="checked" data-val="true" data-val-required="The AlertOptIn field is required." id="AlertOptIn" name="AlertOptIn" type="checkbox" value="true"><input name="AlertOptIn" type="hidden" value="false">
Я хочу получать на почту похожие объявления
</label>
</div>
</div> -->
<div class="clearfix"></div>
<div class="text-center">
<button class="df_btn_spinner btn btn-lg btn-primary" id="submit-request-button" title="Отправить"> <span class="df_spinnerText">
Отправить
</span>
<i class="fa fa-lg fa-spinner fa-pulse df_spinner"></i></button>
<div class="clearfix"></div>
<!-- <p>Отправляя это сообщение, вы принимаете условия <a href="/polzovatelskoe-soglashenie" class = "sertext" target="_blank">Пользовательского соглашения</a></p> -->
<?php
feedback();
?>
</div>
</form>
</div>
</div>
</div>
<?php
get_related_posts_thumbnails();
?>
<?php
comments_template();
<?php
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/pages.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_pages['Feed01']);
break;
}
}
appInstructions(0, "Digest", $hc_lang_pages['TitleDigest'], $hc_lang_pages['InstructDigest']);
$aID = isset($_GET['aID']) && is_numeric($_GET['aID']) ? cIn($_GET['aID']) : 0;
$result = doQuery("SELECT * FROM " . HC_TblPrefix . "settings WHERE PkID IN (97,98,99)");
$status = 0;
$newFor = 1;
$welcomeMsg = '';
if (hasRows($result)) {
$status = cOut(mysql_result($result, 0, 1));
$welcomeMsg = cOut(mysql_result($result, 1, 1));
$newFor = cOut(mysql_result($result, 2, 1));
}
echo '
<form name="frmDigest" id="frmDigest" method="post" action="' . AdminRoot . '/components/DigestAction.php" onsubmit="return validate();">';
/**
* handles POST data and formulates email response.
*
* @param string $skipFields comma separated string of POST elements to be skipped
* @param boolean $sendEmail indicates whether developer wants email sent or not
* @param string $fromAddress fallback 'noreply' address for domain hosting page
* @param string $toAddress address to receive email
* @param string $website name of website where form was filled out
* @param string $fromDomain name of website where form was filled out
* @return none
* @uses show_POST()
* @todo none
*/
function handle_POST($skipFields, $sendEmail, $toName, $fromAddress, $toAddress, $website, $fromDomain)
{
$aSkip = explode(",", $skipFields);
#split form elements to skip into array
$postData = show_POST($aSkip);
#loops through and creates select POST data for display/email
$fromAddress = "";
//default
if (is_email($_POST['Email'])) {
#Only use Email for return address if valid
$fromAddress = $_POST['Email'];
# extra email injector paranoia courtesy of DH: http://wiki.dreamhost.com/PHP_mail()#Mail_Header_Injection
$fromAddress = preg_replace("([\r\n])", "", $fromAddress);
}
if ($sendEmail) {
#create email
if (isset($_POST['Name'])) {
$Name = $_POST['Name'];
} else {
$Name = "";
}
#Name, if used part of subject
foreach ($_POST as $value) {
#Content-Type: is too similar to email injection to allow
$spaceless = str_replace(" ", "", $value);
#in case hacker is clever enough to remove spaces
if (stripos($spaceless, 'Content-Type:') !== FALSE) {
feedback("Incorrect form data. Email NOT sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
}
$Name = safe($Name);
#Name is part of Subject/header - filter code further for email injection
if ($Name != "") {
$SubjectName = " from: " . $Name . ",";
} else {
$SubjectName = "";
}
#Name, if used part of subject
$postData = str_replace("<br />", PHP_EOL . PHP_EOL, $postData);
#replace <br /> tags with double c/r
$Subject = $website . " message" . $SubjectName . " " . date('F j, Y g:i a');
$txt = $Subject . PHP_EOL . PHP_EOL . $postData;
email_handler($toAddress, $toName, $Subject, $txt, $fromAddress, $Name, $website, $fromDomain);
} else {
//print data only
print "Data printed only. Email <b>not</b> sent!<br />";
echo $postData;
#Shows select POST data
echo '<a href="' . THIS_PAGE . '">Reset Form</a><br />';
}
}
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/tools.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_tools['Feed02']);
break;
case "2":
feedback(2, $hc_lang_tools['Feed01']);
break;
}
}
appInstructions(0, "Event_Import", $hc_lang_tools['TitleImport'], $hc_lang_tools['InstructImport']);
$token = set_form_token(1);
$hc_Side[] = array(AdminRoot . '/components/ToolImportAction.php?samp=1&tkn=' . $token, 'download_csv.png', $hc_lang_tools['LinkTemplate'], 0);
echo '
<form name="frmEventImport" id="frmEventImport" method="post" action="' . AdminRoot . '/components/ToolImportAction.php" onsubmit="return validate();">
<input type="hidden" name="token" id="token" value="' . $token . '" />
<fieldset>
<legend>' . $hc_lang_tools['ImportLabel'] . '</legend>
<label for="impType">' . $hc_lang_tools['Import'] . '</label>
<select name="impType" id="impType" onchange="toggleMe(document.getElementById(\'csv\'));">
<option value="0">' . $hc_lang_tools['Import0'] . '</option>
<option value="1">' . $hc_lang_tools['Import1'] . '</option>
<?php
/**
* admin_logout.php destroys session so administrators can logout
*
* Clears session data, forwards user to admin login page upon successful logout
*
* @package nmCommon
* @author Blake Schwartz
* @version 2.09x 2015
* @link http://www.newmanix.com/
* @license http://opensource.org/licenses/osl-3.0.php Open Software License ("OSL") v. 3.0
* @see admin_login.php
* @todo none
*/
require '../inc_0700/config_inc.php';
#provides configuration, pathing, error handling, db credentials
startSession();
//wrapper for session_start()
$_SESSION = array();
# Setting a session to an empty array safely clears all data
//session_destroy();# can't destroy session as will disable feedback - instead do it on login form!
feedback("Logout Successful!", "notice");
$_SESSION['red'] = THIS_PAGE;
myRedirect($config->adminLogin);
# redirect for successful logout
function updateExecute()
{
global $config;
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$redirect = $config->adminEdit;
# global var used for following formReq redirection on failure
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
$AdminID = formReq('AdminID');
#check for duplicate email
$sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
$result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# someone already has email!
feedback("Email already exists - please choose a different email.");
myRedirect($config->adminEdit);
# duplicate email
}
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID);
mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
$msg = "Admin Updated!";
feedback("Successfully Updated!", "notice");
if ($_SESSION["AdminID"] == $AdminID) {
#this is me! update current session info:
$_SESSION["Privilege"] = $Privilege;
$_SESSION["FirstName"] = $FirstName;
}
} else {
feedback("Data NOT Updated! (or not changed from original values)");
}
get_header();
echo '
<div align="center"><h3>Edit Administrator</h3></div>
<div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
<?php
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/reports.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_reports['Feed02']);
break;
}
}
appInstructions(0, "Reports", $hc_lang_reports['TitleFail'], $hc_lang_reports['InstructFail']);
$result = doQuery("SELECT a.PkID, a.FirstName, a.LastName, a.Email, alh.IP, alh.`Client`, alh.LoginTime, alh.PkID\r\n\t\t\t\t\tFROM " . HC_TblPrefix . "adminloginhistory alh\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "admin a ON (a.PkID = alh.AdminID)\r\n\t\t\t\t\tWHERE alh.IsFail = 1 AND a.SuperAdmin = 0\r\n\t\t\t\t\tORDER BY LoginTime DESC LIMIT 200");
if (hasRows($result)) {
echo '
<ul class="data">
<li class="row header uline">
<div class="txt" style="width:25%;"> </div>
<div style="width:15%;">' . $hc_lang_reports['IP'] . '</div>
<div style="width:20%;">' . $hc_lang_reports['Date'] . '</div>
<div class="txt" style="width:30%">' . $hc_lang_reports['User'] . '</div>
<div class="tools" style="width:10%;"> </div>
</li>
</ul>
function updateExecute()
{
if (!is_numeric($_POST['CustomerID'])) {
//data must be alphanumeric only
feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$CustomerID = iformReq('CustomerID', $iConn);
//calls mysqli_real_escape() internally, to check form data
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation", "warning");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid", "warning");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Data Updated Successfully!", "success");
} else {
//Problem! Provide feedback!
feedback("Data NOT changed!", "warning");
}
myRedirect(THIS_PAGE);
}
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/register.php';
$rID = isset($_GET['rID']) && is_numeric($_GET['rID']) ? cIn(strip_tags($_GET['rID'])) : 0;
$eID = isset($_GET['eID']) && is_numeric($_GET['eID']) ? cIn(strip_tags($_GET['eID'])) : 0;
$instTitle = $hc_lang_register['TitleRegisterA'];
$instText = $hc_lang_register['InstructRegisterA'];
$name = $email = $phone = $address = $address2 = $city = $postal = '';
$state = $hc_cfg[21];
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(2, $hc_lang_register['Feed01']);
break;
}
}
$result = doQuery("SELECT * FROM " . HC_TblPrefix . "registrants WHERE PkID = '" . $rID . "'");
if (hasRows($result)) {
$instTitle = $hc_lang_register['TitleRegisterE'];
$instText = $hc_lang_register['InstructRegisterE'];
$name = mysql_result($result, 0, 1);
$email = mysql_result($result, 0, 2);
$phone = mysql_result($result, 0, 3);
$address = mysql_result($result, 0, 4);
$address2 = mysql_result($result, 0, 5);
$city = mysql_result($result, 0, 6);
$state = mysql_result($result, 0, 7);
$postal = mysql_result($result, 0, 8);
<?php
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/manage.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(1, $hc_lang_manage['Feed01']);
break;
}
}
appInstructions(0, "Billboard_Events", $hc_lang_manage['TitleBillboard'], $hc_lang_manage['InstructBillboard']);
$result = doQuery("SELECT PkID, Title, StartDate, Views FROM " . HC_TblPrefix . "events WHERE IsActive = 1 AND IsApproved = 1 AND IsBillboard = 1 AND StartDate >= '" . cIn(SYSDATE) . "' ORDER BY StartDate, Views DESC");
if (hasRows($result)) {
echo '
<ul class="data">
<li class="row header uline">
<div style="width:68%;">' . $hc_lang_manage['Title'] . '</div>
<div style="width:10%;">' . $hc_lang_manage['Date'] . '</div>
<div class="number" style="width:10%;">' . $hc_lang_manage['Views'] . '</div>
<div style="width:10%;"> </div>
</li>
</ul>
<ul class="data">
/**
* @package Helios Calendar
* @license GNU General Public License version 2 or later; see LICENSE
*/
if (!defined('hcAdmin')) {
header("HTTP/1.1 403 No Direct Access");
exit;
}
include HCLANG . '/admin/admin.php';
if (isset($_GET['msg'])) {
switch ($_GET['msg']) {
case "1":
feedback(2, $hc_lang_admin['Feed01']);
break;
case "2":
feedback(3, $hc_lang_admin['Feed02']);
break;
}
}
$aID = isset($_GET['aID']) && is_numeric($_GET['aID']) ? cIn($_GET['aID']) : 0;
$result = doQuery("SELECT a.PkID, a.FirstName, a.LastName, a.Email, a.LoginCnt, a.LastLogin, a.PAge,\r\n\t\t\t\t\tap.EventEdit, ap.EventPending, ap.EventCategory, ap.UserEdit, ap.AdminEdit, ap.Newsletter, ap.Settings, ap.Tools, ap.Reports, ap.Locations, ap.Pages,\r\n\t\t\t\t\t(SELECT GROUP_CONCAT(TypeID) FROM " . HC_TblPrefix . "adminnotices an WHERE an.AdminID = '" . $aID . "') as Notices,\r\n\t\t\t\t\t(SELECT COUNT(*) FROM " . HC_TblPrefix . "adminloginhistory WHERE AdminID = '" . $aID . "' AND LoginTime > subdate(NOW(), INTERVAL 24 HOUR) AND IsFail = 1) as Fails\r\n\t\t\t\t\tFROM " . HC_TblPrefix . "admin a\r\n\t\t\t\t\t\tLEFT JOIN " . HC_TblPrefix . "adminpermissions ap ON (a.PkID = ap.AdminID)\r\n\t\t\t\t\tWHERE a.PkID = '" . $aID . "' AND a.IsActive = 1 AND ap.IsActive = 1 AND a.SuperAdmin = 0\r\n\t\t\t\t\tORDER BY LastName, FirstName");
$oldEmail = $firstname = $lastname = $email = $login_history = $active = '';
$editEvent = $eventPending = $eventCategory = $userEdit = $adminEdit = $newsletter = $settings = $tools = $reports = $locEdit = $pages = 0;
$notices = array();
if (hasRows($result)) {
appInstructions(0, "Editing_Admin_Users", $hc_lang_admin['TitleEditA'], $hc_lang_admin['InstructEditA']);
$firstname = cOut(mysql_result($result, 0, 1));
$lastname = cOut(mysql_result($result, 0, 2));
$email = cOut(mysql_result($result, 0, 3));
$oldEmail = cOut(mysql_result($result, 0, 3));
$logins = mysql_result($result, 0, 4);
function showName()
{
#form submits here we show entered name
get_header();
#defaults to footer_inc.php
if (!isset($_POST['YourName']) || $_POST['YourName'] == '') {
//data must be sent
feedback("No form data submitted");
#will feedback to submitting page via session variable
myRedirect(THIS_PAGE);
}
if (!ctype_alnum($_POST['YourName'])) {
//data must be alphanumeric only
feedback("Only letters and numbers are allowed. Please re-enter your name.");
#will feedback to submitting page via session variable
myRedirect(THIS_PAGE);
}
$myName = strip_tags($_POST['YourName']);
# here's where we can strip out unwanted data
echo '<h3 align="center">' . smartTitle() . '</h3>';
echo '<p align="center">Your name is <b>' . $myName . '</b>!</p>';
echo '<p align="center"><a href="' . THIS_PAGE . '">RESET</a></p>';
get_footer();
#defaults to footer_inc.php
}
$stmt = $db->prepare($sql);
$stmt->bindValue(1, $NumLogins, PDO::PARAM_INT);
$stmt->bindValue(2, $AdminID, PDO::PARAM_INT);
try {
$stmt->execute();
} catch (PDOException $ex) {
trigger_error($ex->getMessage(), E_USER_ERROR);
}
feedback("Login Successful!", "notice");
if (isset($_SESSION['red']) && $_SESSION['red'] != "") {
#check to see if we'll be redirecting to a requesting page
$red = $_SESSION['red'];
#redirect back to original page
$_SESSION['red'] == '';
#clear session var
myRedirect($red);
} else {
myRedirect($config->adminDashboard);
# successful login! Redirect to admin page
}
} else {
# failed login, redirect
feedback("Login and/or Password are incorrect.", "warning");
myRedirect($config->adminLogin);
}
unset($result, $db);
//clear resources
} else {
feedback("Required data not sent. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
if ($from['id'] == administrator_id) {
global $questionlist;
$questions = file_get_contents('quiz');
$questions .= "\n" . file_get_contents('quiz2');
$questionlist = explode("\n", trim($questions));
}
break;
default:
if (mb_stripos($text, '/ban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) {
ban(mb_substr($text, 5, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
if (mb_stripos($text, '/unban', 0, 'UTF-8') !== FALSE && $from['id'] == administrator_id) {
unban(mb_substr($text, 7, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
if (mb_stripos($text, '/feedback', 0, 'UTF-8') !== FALSE) {
feedback($from['id'], mb_substr($text, 10, mb_strlen($text, 'UTF-8'), 'UTF-8'));
} else {
message($from['id'], $text);
}
}
}
break;
}
}
}
}
process();
flushlog();
usleep(500000);
}
function feedback($userid, $text)
/**
* mysqli version of formReq()
*
* Requires data submitted as isset() and passes data to
* idbIn() which processes per MySQL standards, adding slashes and
* attempting to prevent SQL injection.
*
* Upon failure, user is forcibly redirected to global variable,
* $redirect, which is applied just before checking a series of form values.
*
* mysqli version requires explicit connection, $myConn
*
*<code>
* $iConn = conn("admin",TRUE); //mysqli connection
* $myVar = iformReq($_POST['myVar'],$iConn);
* $otherVar = iformReq($_POST['otherVar'],$iConn);
*</code>
*
* @uses idbIn()
* @see formReq()
* @param string $var data as entered by user
* @param object $myConn active mysqli DB connection, passed by reference.
* @return string returns data filtered by MySQL, adding slashes, etc.
* @todo none
*/
function iformReq($var, &$iConn)
{
/**
* $redirect stores page to redirect user to upon failure
* These variables are declared in the page, just before the form fields are tested.
*
* @global string $redirect
*/
global $redirect;
if (!isset($_POST[$var])) {
feedback("Required Form Data Not Passed", "error");
if (!isset($redirect) || $redirect == "") {
//if no redirect indicated, use the current page!
myRedirect(THIS_PAGE);
} else {
myRedirect($redirect);
}
} else {
return idbIn($_POST[$var], $iConn);
}
}
