$static = safesql(serialize($static), "text"); $subsites = safesql(serialize($subsites), "text"); $name = explode(".", $_POST['name']); if ($name[1] == "user") { $type = 1; } else { $type = 2; } $name = safesql($name[0], "text"); $sql = $data->update_query("auth", "authname = {$name}, dynamic = {$dynamic}, permission = {$permissions}, static = {$static}, subsites = {$subsites}, type={$type}", "id={$safe_id}"); if ($sql) { show_admin_message("Authorization item updated", $pagename); } } } if ($action == "new" && pageauth("auth", "add") == 1 || $action == "edit" && pageauth("auth", "edit") == 1) { $safe_id = safesql($id, "int"); $sql = $data->select_query("functions", "WHERE type=2 ORDER BY name ASC", "id, name, code"); $numdynamic = $data->num_rows($sql); $dynamic = array(); while ($dynamic[] = $data->fetch_array($sql)) { } $sql = $data->select_query("functions", "WHERE type=3 ORDER BY name ASC", "id, name, code"); $numperms = $data->num_rows($sql); $permissions = array(); while ($permissions[] = $data->fetch_array($sql)) { } $sql = $data->select_query("static_content", "WHERE type=0 ORDER BY friendly ASC", "id, name, friendly"); $numstatic = $data->num_rows($sql); $static = array(); while ($static[] = $data->fetch_array($sql)) {
$custom = array(); while ($temp = $data->fetch_array($sql)) { $temp['options'] = unserialize($temp['options']); if ($temp['type'] == 4) { $temp2 = array(); $temp2[] = 0; for ($i = 1; $i <= $temp['options'][0]; $i++) { $temp2[] = $_POST[$temp['name'] . $i] ? 1 : 0; } $custom[$temp['name']] = $temp2; } else { $custom[$temp['name']] = $_POST[$temp['name']]; } } $custom = serialize($custom); if (pageauth("users", "limit") == 0) { if ($status != $user['status']) { if ($status == 1) { email_user($user['id'], "account_actived"); } else { email_user($user['id'], "account_deactiv"); } } $insertSQL = sprintf("uname=%s, status=%s, timezone=%s, firstname=%s, lastname=%s, email=%s, custom=%s", safesql($username, "text"), safesql($status, "text"), safesql($_POST['zone'], "text"), safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text")); if ($password) { $insertSQL .= ", passwd=" . safesql(md5($password), "text"); } $Result1 = $data->update_query("users", $insertSQL, "id={$id}"); if ($Result1) { show_admin_message("User details updated", "admin.php?page=users"); }
the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA **************************************************************************/ if (!empty($getmodules)) { return; } else { if (pageauth("users", "add")) { if ($_POST['Submit'] == "Submit") { $firstname = safesql($_POST['firstname'], "text"); $lastname = safesql($_POST['lastname'], "text"); $email = safesql($_POST['email'], "text"); $username = safesql($_POST['usernames'], "text"); $password = safesql(md5($_POST['passwords']), "text"); $status = safesql($_POST['status'], "int"); $zone = safesql($_POST['zone'], "int"); if ($config['dubemail'] == 0) { $email = safesql($_POST['email'], "text"); $datas = $data->select_query("users", "WHERE email={$email}"); $numrows = $data->num_rows($datas); if ($numrows > 0) { show_admin_message("That email address has already been used, please use another email address.", "admin.php?page=users&subpage=add_user", true); }
if (pageauth("photo", "limit") == 1) { $groupsqllist = group_sql_list_id("id", "OR", true); $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1"); } else { $teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1"); } $tpl->assign('teams', $teams); $tpl->assign('numteams', $numteams); if ($_POST['submit'] == "Add Album") { $group = safesql($_POST['patrol'], "int"); $name = safesql($_POST['album_name'], "text"); $data->insert_query("album_track", "'', {$name}, {$group}, 1, 0"); show_admin_message("Album added", "{$pagename}"); } } elseif ($action == "") { if (pageauth("photo", "limit")) { $patrollist = group_sql_list_id("patrol", "OR"); $result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC"); } else { $result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC"); } $albums = array(); while ($temp = $data->fetch_array($result)) { if ($temp['patrol'] > 0) { $temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname"); $temp['patrol'] = $temp2['teamname']; } elseif ($temp['patrol'] == 0) { $temp['patrol'] = "None"; } $albums[] = $temp; }
} if ($messages['type'] == 1) { $tpl->assign("nohide", true); } } /********************************************End Content Generation*****************************************/ //Compile page if ($config['softdebug'] == 1) { $endtime = microtime(); $totaltime = $endtime - $starttime; $counter = $data->get_counter(); $debug .= "<br />This page took {$totaltime} seconds to render<br />CMScout performed {$counter} database queries"; } $tpl->assign('debug', $debug); $tpl->assign('config', $config); $tpl->assign("addallowed", pageauth($page, "add")); $tpl->assign("editallowed", pageauth($page, "edit")); $tpl->assign("deleteallowed", pageauth($page, "delete")); $tpl->assign("publishallowed", pageauth($page, "publish")); $tpl->assign("limitgroup", pageauth($page, "limit")); $tpl->assign("script", $script); $tpl->assign("onDomReady", $onDomReady); $tpl->assign("activetab", $_GET['activetab']); $templateinfo['invalid'] = "#ad0000"; $templateinfo['valid'] = "#06ad00"; $templateinfo['default'] = "#deffff"; $tpl->assign("templateinfo", $templateinfo); $tpl->display('admin/admin.tpl'); $error = false; $loggedout = false; }
} $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}"); $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}"); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=customprofile"); } elseif ($action == "movedown" && pageauth("customprofile", "edit") == 1) { $sql = $data->select_query("profilefields", "WHERE id={$safe_id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 + 1; $sql = $data->select_query("profilefields", "WHERE pos='{$temppos}' AND place=0"); $row2 = $data->fetch_array($sql); $pos2 = $row2['position']; $data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}"); $data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}"); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=customprofile"); } elseif ($action == "edit" && pageauth("customprofile", "edit") == 1) { $item = $data->select_fetch_one_row("profilefields", "WHERE id={$safe_id}"); $item['options'] = unserialize($item['options']); $tpl->assign("item", $item); } elseif ($action == "delete" && pageauth("customprofile", "delete") == 1) { $delete = $data->delete_query("profilefields", "id={$safe_id}"); if ($delete) { show_admin_message("Field deleted", "{$pagename}"); } $action = ""; } $tpl->assign("action", $action); $filetouse = "admin_customprofile.tpl"; }
} else { $editFormAction = $_SERVER['PHP_SELF']; if (isset($_SERVER['QUERY_STRING'])) { $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']); } $Submit = $_POST['Submit']; $id = $_GET['id']; $action = $_GET['action']; // Edit content if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) { $id = safesql($id, "int"); $subject = safesql($_POST['subject'], "text"); $email = safesql($_POST['email'], "text"); if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) { show_admin_message("Email updated", $pagename); } } // Show specific content if ($id != "" && pageauth("emailedit", "edit") == 1) { // Show selected content $id = safesql($id, "int"); $email = $data->select_fetch_one_row("emails", "WHERE id={$id}"); $tpl->assign("email", $email); } // Show all news $emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC"); $tpl->assign('action', $action); $tpl->assign('numemails', $numemails); $tpl->assign('emails', $emails); $filetouse = "admin_emailedit.tpl"; }
$temp['downloads'] = $downloadtemp; $downloads[] = $temp; } $tpl->assign("numcategories", $numcategories); $tpl->assign("downloads", $downloads); $sql = $data->select_query("calendar_downloads", "WHERE eid={$id}"); $event_downloads = array(); $numeventdownloads = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $temp1 = $data->select_fetch_one_row("downloads", "WHERE id={$temp['did']}", "name"); $temp['name'] = $temp1['name']; $event_downloads[] = $temp; } $tpl->assign("numeventdownloads", $numeventdownloads); $tpl->assign("event_downloads", $event_downloads); $tpl->assign("download_editallowed", pageauth("downloads", "edit")); if ($_POST['Submit'] == "Update") { $attendies = $_POST['attend']; $options = $_POST['options']; $data->delete_query("attendies", "eid={$id}"); foreach ($attendies as $uid => $attend) { if ($attend == 1) { $useroption = safesql(serialize($options[$uid]), "text"); if ($data->num_rows($data->select_query("attendies", "WHERE uid={$uid} AND eid = {$id}")) == 0) { $data->insert_query("attendies", "'', {$uid}, {$id}, {$useroption}"); } else { $data->update_query("attendies", "options = {$useroption}", "uid={$uid} AND eid={$id}"); } } } show_admin_message("Attendies Updated", "{$pagename}&action=signups&id={$id}&activetab=events");
} elseif ($action == "moveitemup" && pageauth("links", "edit") == 1) { $sql = $data->select_query("links", "WHERE id='{$did}'"); $row = $data->fetch_array($sql); $pos1 = $row['position']; $temppos = $pos1 - 1; $sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'"); $row2 = $data->fetch_array($sql); $pos2 = $row2['position']; if ($pos2 == 0 || $pos1 == 0) { header("Location: {$server}" . "?page=links&action=view&id={$id}"); } $data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false); $data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=links&action=view&id={$id}"); } elseif ($action == "moveitemdown" && pageauth("links", "edit") == 1) { $sql = $data->select_query("links", "WHERE id='{$did}'"); $row = $data->fetch_array($sql); $pos1 = $row['position']; $temppos = $pos1 + 1; $sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'"); $row2 = $data->fetch_array($sql); $pos2 = $row2['position']; $data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false); $data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=links&action=view&id={$id}"); } else { $cats = $data->select_query("links_cats", "ORDER BY position ASC"); $row_cats = array(); $num_cats = $data->num_rows($cats);
$data->update_query("submenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}"); } elseif ($action == "movedown" && pageauth("subsite", "edit")) { $sql = $data->select_query("submenu", "WHERE id={$id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 + 1; $sql = $data->select_query("submenu", "WHERE pos='{$temppos}' AND site={$safe_siteid}"); $row2 = $data->fetch_array($sql); $pos2 = $row2['pos']; $data->update_query("submenu", "pos={$pos2}", "id={$row['id']}", "", "", false); $data->update_query("submenu", "pos={$pos1}", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}"); } elseif ($action == "fixcat" && pageauth("subsite", "edit") == 1) { $sql = $data->select_query("submenu", "WHERE site={$safe_siteid} ORDER BY pos ASC"); if ($data->num_rows($sql) > 0) { $i = 1; while ($temp = $data->fetch_array($sql)) { $data->update_query("submenu", "pos={$i}", "id={$temp['id']}"); $i++; } } header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}"); } $tpl->assign("sitename", $sitename); $tpl->assign("siteid", $siteid); $tpl->assign('cid', $cid); $tpl->assign('id', $id); $tpl->assign('action', $action);
$tpl->assign('numfunc', $numfunc); $tpl->assign('page', $pages); $tpl->assign('numpages', $numpages); } elseif ($action == "moveup" && pageauth("frontpage", "edit") == 1) { $sql = $data->select_query("frontpage", "WHERE id={$id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 - 1; $sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'"); $row2 = $data->fetch_array($sql); $pos2 = $row2['pos']; $data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false); $data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=frontpage"); } elseif ($action == "movedown" && pageauth("frontpage", "edit") == 1) { $sql = $data->select_query("frontpage", "WHERE id={$id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 + 1; $sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'"); $row2 = $data->fetch_array($sql); $pos2 = $row2['pos']; $data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false); $data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=frontpage"); } $tpl->assign('id', $id); $tpl->assign('action', $action); $tpl->assign('editFormAction', $editFormAction);
$patrollist = group_sql_list_id("patrol", "OR"); $membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id"); } else { $membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id"); } $nummembers = $data->num_rows($membersql); $member = array(); while ($memberTemp = $data->fetch_array($membersql)) { $safe_memberid = safesql($memberTemp['id'], "int"); $recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}"); $memberTemp['require'] = unserialize($recordsql['requirements']); $memberTemp['comment'] = unserialize($recordsql['comment']); $member[] = $memberTemp; } } elseif ($action == "view_badges") { if (pageauth("troop_records", "limit")) { $patrollist = group_sql_list_id("patrol", "OR"); $membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id"); } else { $membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id"); } $nummembers = $data->num_rows($membersql); $memberBadges = array(); while ($memberTemp = $data->fetch_array($membersql)) { $safe_memberid = safesql($memberTemp['id'], "int"); $badgesql = $data->select_query("userbadges", "WHERE userid = {$safe_memberid}"); $numbadge = 0; while ($temp = $data->fetch_array($badgesql)) { $result = $data->select_fetch_one_row("badges", "WHERE id = {$temp['badgeid']} AND scheme={$safe_scheme}"); if ($result != '') { $temp['name'] = $result['name'];
} } } elseif ($action == "delete" && pageauth("group", "delete") == 1) { $sql3 = $data->delete_query("groups", "id={$id}"); if ($sql3) { $data->delete_query("static_content", "type=1 AND pid={$id}"); $data->delete_query("patrolmenu", "patrol={$id}"); $data->delete_query("auth", "authname={$id} AND type=2"); $data->delete_query("usergroups", "groupid={$id}"); $data->update_query("patrol_articles", "patrol=0", "patrol={$id}"); $data->update_query("album_track", "patrol=0", "patrol={$id}"); $data->delete_query("forummods", "mid={$id} AND type=1"); $data->delete_query("owners", "owner_id={$id} AND owner_type=1"); show_admin_message("Group Deleted", $pagename); } } elseif ($action == "auth" && pageauth("group", "publish") == 1) { if ($_POST['Submit'] == "Submit") { $user = array(); $ass = array(); $gpl = array(); for ($i = 0; $i < $modulenumbers; $i++) { $moduleid = $moduledetails[$i]['id']; $user['adminpanel'] = $_POST["user_adminpanel"] == 1 ? 1 : 0; $ass['adminpanel'] = $_POST["ass_adminpanel"] == 1 ? 1 : 0; $gpl['adminpanel'] = $_POST["gpl_adminpanel"] == 1 ? 1 : 0; $user['access'][$moduleid] = $_POST["user_" . $moduleid . "_access"] == 1 ? 1 : 0; $user['add'][$moduleid] = $_POST["user_" . $moduleid . "_add"] == 1 ? 1 : 0; $user['edit'][$moduleid] = $_POST["user_" . $moduleid . "_edit"] == 1 ? 1 : 0; $user['delete'][$moduleid] = $_POST["user_" . $moduleid . "_delete"] == 1 ? 1 : 0; $user['publish'][$moduleid] = $_POST["user_" . $moduleid . "_pub"] == 1 ? 1 : 0; $user['limit'][$moduleid] = $_POST["user_" . $moduleid . "_limit"] == 1 ? 1 : 0;
$Show = $data->select_query("static_content", "WHERE id='{$id}' AND trash=0"); $ShowRow = $data->fetch_array($Show); $Showcontent = $ShowRow["content"]; $name = $ShowRow['name']; $tpl->assign("contents", $ShowRow); $tpl->assign("editor", true); } if ($action == "delete" && pageauth("content", "delete") == 1) { $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}"); if ($delete) { show_admin_message("Content sent to trash", "{$pagename}"); } $action = ""; } elseif ($action == "new") { $tpl->assign("editor", true); } elseif ($action == "moveitem" && pageauth("content", "edit")) { $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC"); $patrols = array(); $numpatrols = $data->num_rows($sql); while ($patrols[] = $data->fetch_array($sql)) { } $sql = $data->select_query("subsites", "ORDER BY name ASC"); $subsites = array(); $numsubsites = $data->num_rows($sql); while ($subsites[] = $data->fetch_array($sql)) { } $tpl->assign("numpatrols", $numpatrols); $tpl->assign("patrols", $patrols); $tpl->assign("numsubsites", $numsubsites); $tpl->assign("subsites", $subsites); if ($Submit == "Move") {
$comments = safesql(serialize($_POST['comment']), "text"); $data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}"); } show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements"); } elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) { $badgeid = safesql($_POST['bid'], "int"); $comment = safesql($_POST['comment'], "text"); $date = safesql(time(), "int"); $data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}"); show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges"); } } $schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC"); $tpl->assign("schemes", $schemes); $tpl->assign("numschemes", $numschemes); if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) { $advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC"); $numadva = $data->num_rows($advansql); $advancements = array(); $numitems = 0; $recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}"); $scoutRecord['requirement'] = unserialize($recordsql['requirements']); $scoutRecord['comment'] = unserialize($recordsql['comment']); while ($temp = $data->fetch_array($advansql)) { $getrequirements = $data->select_query("requirements", "WHERE advancement = '{$temp["ID"]}' ORDER BY position ASC"); $temp['numitems'] = $data->num_rows($getrequirements); while ($temp['items'][] = $data->fetch_array($getrequirements)) { } $advancements[] = $temp; } $tpl->assign("scoutRecord", $scoutRecord);
$groupinfo['numusers'] = $data->num_rows($gusql); $groups[] = $groupinfo; } $sql = $data->select_query("members", "WHERE type=0 ORDER BY lastName, firstName ASC"); $nummembers = $data->num_rows($sql); $members = array(); while ($temp = $data->fetch_array($sql)) { if ($temp['type'] == 0) { $pa = $data->select_fetch_one_row("members", "WHERE id={$temp['fatherId']}"); $ma = $data->select_fetch_one_row("members", "WHERE id={$temp['motherId']}"); $temp['relations'] = "Father: <b>" . (isset($pa['firstName']) ? $pa['lastName'] . ', ' . $pa['firstName'] : "Not in System") . "</b><br />Mother: <b>" . (isset($ma['firstName']) ? $ma['lastName'] . ', ' . $ma['firstName'] : "Not in System") . "</b>"; } $members[] = $temp; } $mainpageauth['logfile'] = pageauth('logfile', "access"); $mainpageauth['menus'] = pageauth('menus', "access"); $mainpageauth['users'] = pageauth('users', "access"); $mainpageauth['group'] = pageauth('group', "access"); $mainpageauth['patrol'] = pageauth('patrol', "access"); $mainpageauth['subsite'] = pageauth('subsite', "access"); $mainpageauth['config'] = pageauth('config', "access"); $tpl->assign("mainpageauth", $mainpageauth); $tpl->assign("members", $members); $tpl->assign("nummembers", $nummembers); $tpl->assign("groups", $groups); $tpl->assign("numgroups", $numgroups); $tpl->assign("stats", $siteinfo); $tpl->assign("numusers", $numusers); $tpl->assign("onlineusers", $onlineusers); $filetouse = 'admin_main.tpl'; }
$sql = $data->select_query("forummods", "WHERE fid={$fid}"); $nummods = $data->num_rows($sql); $mods = array(); while ($temp = $data->fetch_array($sql)) { if ($temp['type'] == 0) { $sql2 = $data->select_query("users", "WHERE id={$temp['mid']}", "uname"); $temp2 = $data->fetch_array($sql2); $temp['name'] = "User: "******"groups", "WHERE id={$temp['mid']}", "teamname"); $temp2 = $data->fetch_array($sql2); $temp['name'] = "Group: " . $temp2['teamname']; } $mods[] = $temp; } $tpl->assign("forum", $forum); $tpl->assign("groups", $groups); $tpl->assign("numgroups", $numgroups); $tpl->assign("users", $users); $tpl->assign("numusers", $numusers); $tpl->assign("mods", $mods); $tpl->assign("nummods", $nummods); } elseif ($action == "deletemod" && pageauth("forums", "delete") == 1) { $id = safesql($_GET['id'], "int"); $data->delete_query("forummods", "id={$id}"); show_admin_message("Moderator Deleted", "{$pagename}&action=moderator&fid={$fid}&cid={$cid}"); } $tpl->assign('editFormAction', $editFormAction); $tpl->assign('action', $action); $filetouse = "admin_forums.tpl"; }
$group_ids = group_users_id_array($usergroups[$i]); $first = true; for ($j = 0; $j < count($group_ids); $j++) { if ($first == false) { $userquery .= " OR "; } else { $first = false; } $userquery .= "id=" . $group_ids[$j]; } } $sql = $data->select_query("users", "WHERE {$userquery} ORDER BY uname ASC"); } else { $sql = $data->select_query("users", "ORDER BY uname ASC"); } $numusers = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $temp['team'] = user_groups_list($temp['id']); $temp['custom'] = unserialize($temp['custom']); $row[] = $temp; } $filetouse = "admin_user_list.tpl"; $tpl->assign("action", $action); $tpl->assign('numusers', $numusers); $tpl->assign('editFormAction', $editFormAction); $tpl->assign('row', $row); $tpl->assign('fields', $fields); $tpl->assign('record', $record); $tpl->assign("uname", $check['uname']); $tpl->assign("ownerallowed", pageauth("owners", "edit")); }
You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA **************************************************************************/ if (!empty($getmodules)) { $module['Configuration']['Module Manager'] = "modules"; $moduledetails[$modulenumbers]['name'] = "Module Manager"; $moduledetails[$modulenumbers]['details'] = "Manage CMScout modules"; $moduledetails[$modulenumbers]['access'] = "Allowed to access the module manager"; $moduledetails[$modulenumbers]['add'] = "notused"; $moduledetails[$modulenumbers]['edit'] = "notused"; $moduledetails[$modulenumbers]['delete'] = "notused"; $moduledetails[$modulenumbers]['publish'] = "Allowed to deactivate and reactivate modules"; $moduledetails[$modulenumbers]['limit'] = "notused"; $moduledetails[$modulenumbers]['id'] = "modules"; return; } else { $id = safesql($_GET['id'], "int"); if ($_GET['action'] == 'activate' && pageauth("modules", "publish")) { $sqlq = $data->update_query("functions", "active = 1", "id={$id}"); header("Location: {$pagename}"); } elseif ($_GET['action'] == 'deactivate' && pageauth("modules", "publish")) { $sqlq = $data->update_query("functions", "active = 0", "id={$id}"); header("Location: {$pagename}"); } $modules = $data->select_fetch_all_rows($nummodule, "functions", "WHERE type != 3 ORDER BY name ASC", "id, name, type, active"); $tpl->assign("modules", $modules); $tpl->assign("nummodule", $nummodule); $filetouse = "admin_modules.tpl"; }
show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&gid={$gid}"); } $sql = $data->select_query("groups", "WHERE id={$gid}"); $groupinfo = $data->fetch_array($sql); $sql = $data->select_query("usergroups", "WHERE groupid={$gid}"); $groupusers = array(); $numgroupusers = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $sql2 = $data->select_query("users", "WHERE id={$temp['userid']}", "id, uname"); $temp2 = $data->fetch_array($sql2); $temp2['type'] = $temp['utype']; $groupusers[] = $temp2; } $sql = $data->select_query("users", "ORDER BY uname ASC"); $numusers = 0; $users = array(); while ($temp = $data->fetch_array($sql)) { if ($data->num_rows($data->select_query("usergroups", "WHERE groupid={$gid} and userid={$temp['id']}")) == 0) { $users[] = $temp; $numusers++; } } $tpl->assign("editallowed_page", pageauth("group", "edit")); $tpl->assign("numusers", $numusers); $tpl->assign("users", $users); $tpl->assign("uname", $check['uname']); $tpl->assign("numgroupusers", $numgroupusers); $tpl->assign("groupusers", $groupusers); $tpl->assign("groupinfo", $groupinfo); $filetouse = "admin_groupusers.tpl"; }
} show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}"); } $sql = $data->select_query("users", "WHERE id={$uid}"); $userinfo = $data->fetch_array($sql); $sql = $data->select_query("usergroups", "WHERE userid={$uid}"); $usergroups = array(); $numusergroups = $data->num_rows($sql); while ($temp = $data->fetch_array($sql)) { $sql2 = $data->select_query("groups", "WHERE id={$temp['groupid']}", "id, teamname"); $temp2 = $data->fetch_array($sql2); $temp2['type'] = $temp['utype']; $usergroups[] = $temp2; } $sql = $data->select_query("groups"); $numgroups = 0; $groups = array(); while ($temp = $data->fetch_array($sql)) { if ($data->num_rows($data->select_query("usergroups", "WHERE userid={$uid} and groupid={$temp['id']}")) == 0) { $groups[] = $temp; $numgroups++; } } $tpl->assign("editallowed_page", pageauth("users", "edit")); $tpl->assign("numgroups", $numgroups); $tpl->assign("groups", $groups); $tpl->assign("numusergroups", $numusergroups); $tpl->assign("usergroups", $usergroups); $tpl->assign("userinfo", $userinfo); $filetouse = "admin_usergroups.tpl"; }
$data->update_query("patrolmenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}"); } elseif ($action == "movedown" && pageauth("patrol", "edit")) { $sql = $data->select_query("patrolmenu", "WHERE id={$id}"); $row = $data->fetch_array($sql); $pos1 = $row['pos']; $temppos = $pos1 + 1; $sql = $data->select_query("patrolmenu", "WHERE pos='{$temppos}' AND patrol={$safe_patrolid}"); $row2 = $data->fetch_array($sql); $pos2 = $row2['pos']; $data->update_query("patrolmenu", "pos={$pos2}", "id={$row['id']}", "", "", false); $data->update_query("patrolmenu", "pos={$pos1}", "id={$row2['id']}", "", "", false); $server = $_SERVER['PHP_SELF']; header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}"); } elseif ($action == "fixcat" && pageauth("patrol", "edit") == 1) { $sql = $data->select_query("patrolmenu", "WHERE patrol={$safe_patrolid} ORDER BY pos ASC"); if ($data->num_rows($sql) > 0) { $i = 1; while ($temp = $data->fetch_array($sql)) { $data->update_query("patrolmenu", "pos={$i}", "id={$temp['id']}"); $i++; } } header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}"); } $tpl->assign("patrolid", $patrolid); $tpl->assign("patrolname", $patrolname); $tpl->assign('cid', $cid); $tpl->assign('id', $id); $tpl->assign('action', $action);
$articles = $ownedSql ? $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE {$ownedSql} ORDER BY title") : ''; $tpl->assign("articles", $articles); $tpl->assign("numarticles", $numarticles); $ownedSql = getSqlList('events', "id", $userid); $events = $ownedSql ? $data->select_fetch_all_rows($numevents, "calendar_items", "WHERE {$ownedSql} ORDER BY summary") : ''; $tpl->assign("events", $events); $tpl->assign("numevents", $numevents); $ownedSql = getSqlList('downloads', "id", $userid); $downloads = $ownedSql ? $data->select_fetch_all_rows($numdownloads, "downloads", "WHERE {$ownedSql} ORDER BY name") : ''; $tpl->assign("downloads", $downloads); $tpl->assign("numdownloads", $numdownloads); $ownedSql = getSqlList('newsitem', "id", $userid); $news = $ownedSql ? $data->select_fetch_all_rows($numnews, "newscontent", "WHERE {$ownedSql} ORDER BY title") : ''; $tpl->assign("news", $news); $tpl->assign("numnews", $numnews); $ownedSql = getSqlList('pollitems', "id", $userid); $polls = $ownedSql ? $data->select_fetch_all_rows($numpolls, "polls", "WHERE {$ownedSql} ORDER BY question") : ''; $tpl->assign("polls", $polls); $tpl->assign("numpolls", $numpolls); $permissions['album'] = pageauth("photo", "edit"); $permissions['patrolart'] = pageauth("patrolart", "edit"); $permissions['events'] = pageauth("events", "edit"); $permissions['downloads'] = pageauth("downloads", "edit"); $permissions['news'] = pageauth("news", "edit"); $permissions['polls'] = pageauth("poll", "edit"); $tpl->assign('permissions', $permissions); break; } $filetouse = "admin_owners.tpl"; $tpl->assign('action', $action); }
if ($sql) { show_admin_message("Section added", $pagename); } } elseif ($action == "edit" && pageauth("sections", "edit")) { $name = safesql($_POST['name'], "text"); $sql = $data->update_query("sections", "name = {$name}", "id = {$id}"); if ($sql) { show_admin_message("Section updated", $pagename); } } } if ($action == "edit" && pageauth("sections", "edit")) { $result = $data->select_query("sections", "WHERE id = '{$id}'"); $section = $data->fetch_array($result); $tpl->assign("section", $section); } elseif ($action == "delete" && pageauth("sections", "delete")) { $sql = $data->delete_query("sections", "id = '{$id}'"); if ($sql) { show_admin_message("Section deleted", $pagename); } } else { $result = $data->select_query("sections", "ORDER BY name ASC"); $sections = array(); $numsections = $data->num_rows($result); while ($sections[] = $data->fetch_array($result)) { } $tpl->assign('sections', $sections); $tpl->assign('numsections', $numsections); } $tpl->assign('action', $action); $filetouse = "admin_sections.tpl";
} // Delete News if ($action == "delete" && pageauth("news", "delete") == 1) { $Delete = $data->update_query("newscontent", "trash=1", "id='{$id}'"); if ($Delete) { show_admin_message("News trashed", "{$pagename}"); } } elseif ($action == 'publish' && pageauth("news", "publish") == 1) { $sqlq = $data->update_query("newscontent", "allowed = 1", "id={$id}"); if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='news'"))) { $item = $data->select_fetch_one_row("newscontent", "WHERE id={$id}"); email('newitem', array("news", $item)); $data->delete_query("review", "item_id={$id} AND type='news'"); } header("Location: {$pagename}"); } elseif ($action == 'unpublish' && pageauth("news", "publish") == 1) { $sqlq = $data->update_query("newscontent", "allowed = 0", "id={$id}"); header("Location: {$pagename}"); } // Show specific news if ($id != "") { // Show selected news $Show = $data->select_query("newscontent", "WHERE id='{$id}' AND trash=0"); $shownews = $data->fetch_array($Show); $tpl->assign('shownews', $shownews); $tpl->assign("editor", true); } if ($action == "new") { $tpl->assign("editor", true); } if ($action == "new" || $action == "edit") {
$module['Module Management']['Group Site Manager'] = "patrol"; $moduledetails[$modulenumbers]['name'] = "Group Site Manager"; $moduledetails[$modulenumbers]['details'] = "Manages group websites"; $moduledetails[$modulenumbers]['access'] = "Allowed to access group site manager"; $moduledetails[$modulenumbers]['add'] = "Allowed to add new pages and menu items"; $moduledetails[$modulenumbers]['edit'] = "Allowed to edit existing pages and menu items"; $moduledetails[$modulenumbers]['delete'] = "Allowed to delete pages and menu items"; $moduledetails[$modulenumbers]['publish'] = "notused"; $moduledetails[$modulenumbers]['limit'] = "Limit to groups the user is part of"; $moduledetails[$modulenumbers]['id'] = "patrol"; return; } else { $subpage = $_GET['subpage'] != '' ? $_GET['subpage'] : ''; if (!$subpage) { $action = $_GET['action']; if (pageauth("patrol", "limit")) { $patrollist = group_sql_list_normal("teamname", "OR"); $result = $data->select_query("groups", "WHERE ({$patrollist}) AND ispublic=1 ORDER BY teamname ASC"); } else { $result = $data->select_query("groups", "WHERE ispublic=1 ORDER BY teamname ASC"); } $patrol = array(); while ($patrol[] = $data->fetch_array($result)) { } $numpatrols = $data->num_rows($result); $tpl->assign('patrol', $patrol); $tpl->assign('patrolInfo', $patrolInfo); $tpl->assign('action', $action); $tpl->assign('numpatrol', $numpatrols); $filetouse = "admin_patrol.tpl"; } else {
if ($action == "edit") { $tpl->assign("cmtags_active", true); $tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}"); } elseif ($action == "new") { $tpl->assign("cmtags_active", true); $tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}"); } elseif ($action == "delete" && pageauth("patrol", "delete") == 1) { $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}"); if ($delete) { show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=patrol&subpage=patrolcontent&pid={$patrolid}"); } $action = ""; } elseif ($action == "putfront" && pageauth("patrol", "edit")) { $sql = $data->update_query("static_content", "frontpage=0", "type=1 AND pid={$safe_patrolid}"); $sql = $data->update_query("static_content", "frontpage=1", "type=1 AND id={$safe_id}"); } elseif ($action == "moveitem" && pageauth("patrol", "edit") && !pageauth("patrol", "limit")) { $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC"); $patrols = array(); $numpatrols = $data->num_rows($sql); while ($patrols[] = $data->fetch_array($sql)) { } $sql = $data->select_query("subsites", "ORDER BY name ASC"); $subsites = array(); $numsubsites = $data->num_rows($sql); while ($subsites[] = $data->fetch_array($sql)) { } $tpl->assign("numpatrols", $numpatrols); $tpl->assign("patrols", $patrols); $tpl->assign("numsubsites", $numsubsites); $tpl->assign("subsites", $subsites); if ($Submit == "Move") {
} // Show specific content if ($id != "") { // Show selected content $item = $data->select_fetch_one_row("static_content", "WHERE id={$safe_id} AND type=2 AND pid={$safe_siteid}"); } if ($action == "delete" && pageauth("subsite", "delete") == 1) { $delete = $data->update_query("static_content", "trash=1", "id={$safe_id}"); if ($delete) { show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=subsite&subpage=subcontent&sid={$siteid}"); } $action = ""; } elseif ($action == "putfront" && pageauth("subsite", "edit")) { $sql = $data->update_query("static_content", "frontpage=0", "type=2 AND pid={$safe_siteid}"); $sql = $data->update_query("static_content", "frontpage=1", "type=2 AND id={$safe_id}"); } elseif ($action == "moveitem" && pageauth("subsite", "edit")) { $sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC"); $patrols = array(); $numpatrols = $data->num_rows($sql); while ($patrols[] = $data->fetch_array($sql)) { } $sql = $data->select_query("subsites", "ORDER BY name ASC"); $subsites = array(); $numsubsites = $data->num_rows($sql); while ($subsites[] = $data->fetch_array($sql)) { } $tpl->assign("numpatrols", $numpatrols); $tpl->assign("patrols", $patrols); $tpl->assign("numsubsites", $numsubsites); $tpl->assign("subsites", $subsites); if ($Submit == "Move") {
$order = safesql($_POST['order'], "text"); $display = safesql($_POST['display'], "int"); $groupallowed = safesql(serialize($_POST['groups']), "text"); $description = safesql($_POST['description'], "text"); $perpage = safesql($_POST['perpage'], "int"); $sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}"); if ($sql) { show_admin_message("Topic added", "{$pagename}&activetab=topics"); } } } else { $action = ""; } if ($action == "") { $row = array(); if (pageauth("patrolart", "limit")) { $patrol = group_sql_list_id("patrol", "OR", true); $result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC"); } else { $result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC"); } $numarticles = $data->num_rows($result); while ($temp = $data->fetch_array($result)) { $sql = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname"); $temp['patrol'] = $sql['teamname']; $topics = unserialize($temp['topics']); $temp['topics'] = ''; $num = 1; if (is_array($topics)) { foreach ($topics as $topicid => $value) { $topicdetail = $data->select_fetch_one_row("articletopics", "WHERE id = {$topicid}", "title");
$row = $data->fetch_array($result); $advan = $row['name']; $tpl->assign("advan", $advan); $tpl->assign("id", $id); } elseif ($action == "editadd" && pageauth("advancements", "edit")) { $result = $data->select_query("advancements", "WHERE ID = '{$id}'"); $row = $data->fetch_array($result); $advan = $row['advancement']; $tpl->assign("sid", $sid); $tpl->assign("advan", $advan); $tpl->assign("id", $id); } elseif ($action == "newadd" && pageauth("advancements", "add")) { $tpl->assign("sid", $sid); } elseif ($action == "newbadge" && pageauth("advancements", "add")) { $tpl->assign("sid", $sid); } elseif ($action == "editbadge" && pageauth("advancements", "edit")) { $result = $data->select_query("badges", "WHERE id = '{$id}'"); $row = $data->fetch_array($result); $tpl->assign("sid", $sid); $tpl->assign("badge", $row); $tpl->assign("id", $id); } else { $result = $data->select_query("awardschemes"); $adv = array(); $numschemes = $data->num_rows($result); while ($row = $data->fetch_array($result)) { $sql = $data->select_query("advancements", "WHERE scheme ={$row['id']}"); $row['numitems'] = $data->num_rows($sql); $schemes[] = $row; } }