$static = safesql(serialize($static), "text");
$subsites = safesql(serialize($subsites), "text");
$name = explode(".", $_POST['name']);
if ($name[1] == "user") {
$type = 1;
} else {
$type = 2;
}
$name = safesql($name[0], "text");
$sql = $data->update_query("auth", "authname = {$name}, dynamic = {$dynamic}, permission = {$permissions}, static = {$static}, subsites = {$subsites}, type={$type}", "id={$safe_id}");
if ($sql) {
show_admin_message("Authorization item updated", $pagename);
}
}
}
if ($action == "new" && pageauth("auth", "add") == 1 || $action == "edit" && pageauth("auth", "edit") == 1) {
$safe_id = safesql($id, "int");
$sql = $data->select_query("functions", "WHERE type=2 ORDER BY name ASC", "id, name, code");
$numdynamic = $data->num_rows($sql);
$dynamic = array();
while ($dynamic[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("functions", "WHERE type=3 ORDER BY name ASC", "id, name, code");
$numperms = $data->num_rows($sql);
$permissions = array();
while ($permissions[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("static_content", "WHERE type=0 ORDER BY friendly ASC", "id, name, friendly");
$numstatic = $data->num_rows($sql);
$static = array();
while ($static[] = $data->fetch_array($sql)) {
$custom = array();
while ($temp = $data->fetch_array($sql)) {
$temp['options'] = unserialize($temp['options']);
if ($temp['type'] == 4) {
$temp2 = array();
$temp2[] = 0;
for ($i = 1; $i <= $temp['options'][0]; $i++) {
$temp2[] = $_POST[$temp['name'] . $i] ? 1 : 0;
}
$custom[$temp['name']] = $temp2;
} else {
$custom[$temp['name']] = $_POST[$temp['name']];
}
}
$custom = serialize($custom);
if (pageauth("users", "limit") == 0) {
if ($status != $user['status']) {
if ($status == 1) {
email_user($user['id'], "account_actived");
} else {
email_user($user['id'], "account_deactiv");
}
}
$insertSQL = sprintf("uname=%s, status=%s, timezone=%s, firstname=%s, lastname=%s, email=%s, custom=%s", safesql($username, "text"), safesql($status, "text"), safesql($_POST['zone'], "text"), safesql($firstname, "text"), safesql($lastname, "text"), safesql($email, "text"), safesql($custom, "text"));
if ($password) {
$insertSQL .= ", passwd=" . safesql(md5($password), "text");
}
$Result1 = $data->update_query("users", $insertSQL, "id={$id}");
if ($Result1) {
show_admin_message("User details updated", "admin.php?page=users");
}
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!empty($getmodules)) {
return;
} else {
if (pageauth("users", "add")) {
if ($_POST['Submit'] == "Submit") {
$firstname = safesql($_POST['firstname'], "text");
$lastname = safesql($_POST['lastname'], "text");
$email = safesql($_POST['email'], "text");
$username = safesql($_POST['usernames'], "text");
$password = safesql(md5($_POST['passwords']), "text");
$status = safesql($_POST['status'], "int");
$zone = safesql($_POST['zone'], "int");
if ($config['dubemail'] == 0) {
$email = safesql($_POST['email'], "text");
$datas = $data->select_query("users", "WHERE email={$email}");
$numrows = $data->num_rows($datas);
if ($numrows > 0) {
show_admin_message("That email address has already been used, please use another email address.", "admin.php?page=users&subpage=add_user", true);
}
if (pageauth("photo", "limit") == 1) {
$groupsqllist = group_sql_list_id("id", "OR", true);
$teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ({$groupsqllist}) AND ispublic=1");
} else {
$teams = $data->select_fetch_all_rows($numteams, "groups", "WHERE ispublic=1");
}
$tpl->assign('teams', $teams);
$tpl->assign('numteams', $numteams);
if ($_POST['submit'] == "Add Album") {
$group = safesql($_POST['patrol'], "int");
$name = safesql($_POST['album_name'], "text");
$data->insert_query("album_track", "'', {$name}, {$group}, 1, 0");
show_admin_message("Album added", "{$pagename}");
}
} elseif ($action == "") {
if (pageauth("photo", "limit")) {
$patrollist = group_sql_list_id("patrol", "OR");
$result = $data->select_query("album_track", "WHERE ({$patrollist}) AND trash=0 ORDER BY album_name ASC");
} else {
$result = $data->select_query("album_track", "WHERE trash=0 ORDER BY album_name ASC");
}
$albums = array();
while ($temp = $data->fetch_array($result)) {
if ($temp['patrol'] > 0) {
$temp2 = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
$temp['patrol'] = $temp2['teamname'];
} elseif ($temp['patrol'] == 0) {
$temp['patrol'] = "None";
}
$albums[] = $temp;
}
}
if ($messages['type'] == 1) {
$tpl->assign("nohide", true);
}
}
/********************************************End Content Generation*****************************************/
//Compile page
if ($config['softdebug'] == 1) {
$endtime = microtime();
$totaltime = $endtime - $starttime;
$counter = $data->get_counter();
$debug .= "<br />This page took {$totaltime} seconds to render<br />CMScout performed {$counter} database queries";
}
$tpl->assign('debug', $debug);
$tpl->assign('config', $config);
$tpl->assign("addallowed", pageauth($page, "add"));
$tpl->assign("editallowed", pageauth($page, "edit"));
$tpl->assign("deleteallowed", pageauth($page, "delete"));
$tpl->assign("publishallowed", pageauth($page, "publish"));
$tpl->assign("limitgroup", pageauth($page, "limit"));
$tpl->assign("script", $script);
$tpl->assign("onDomReady", $onDomReady);
$tpl->assign("activetab", $_GET['activetab']);
$templateinfo['invalid'] = "#ad0000";
$templateinfo['valid'] = "#06ad00";
$templateinfo['default'] = "#deffff";
$tpl->assign("templateinfo", $templateinfo);
$tpl->display('admin/admin.tpl');
$error = false;
$loggedout = false;
}
}
$data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
$data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=customprofile");
} elseif ($action == "movedown" && pageauth("customprofile", "edit") == 1) {
$sql = $data->select_query("profilefields", "WHERE id={$safe_id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 + 1;
$sql = $data->select_query("profilefields", "WHERE pos='{$temppos}' AND place=0");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['position'];
$data->update_query("profilefields", "pos={$pos2}", "id={$row['id']}");
$data->update_query("profilefields", "pos={$pos1}", "id={$row2['id']}");
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=customprofile");
} elseif ($action == "edit" && pageauth("customprofile", "edit") == 1) {
$item = $data->select_fetch_one_row("profilefields", "WHERE id={$safe_id}");
$item['options'] = unserialize($item['options']);
$tpl->assign("item", $item);
} elseif ($action == "delete" && pageauth("customprofile", "delete") == 1) {
$delete = $data->delete_query("profilefields", "id={$safe_id}");
if ($delete) {
show_admin_message("Field deleted", "{$pagename}");
}
$action = "";
}
$tpl->assign("action", $action);
$filetouse = "admin_customprofile.tpl";
}
} else {
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$Submit = $_POST['Submit'];
$id = $_GET['id'];
$action = $_GET['action'];
// Edit content
if ($Submit == "Update" && pageauth("emailedit", "edit") == 1) {
$id = safesql($id, "int");
$subject = safesql($_POST['subject'], "text");
$email = safesql($_POST['email'], "text");
if ($data->update_query("emails", "subject={$subject}, email={$email}", "id={$id}")) {
show_admin_message("Email updated", $pagename);
}
}
// Show specific content
if ($id != "" && pageauth("emailedit", "edit") == 1) {
// Show selected content
$id = safesql($id, "int");
$email = $data->select_fetch_one_row("emails", "WHERE id={$id}");
$tpl->assign("email", $email);
}
// Show all news
$emails = $data->select_fetch_all_rows($numemails, "emails", "ORDER BY name ASC");
$tpl->assign('action', $action);
$tpl->assign('numemails', $numemails);
$tpl->assign('emails', $emails);
$filetouse = "admin_emailedit.tpl";
}
$temp['downloads'] = $downloadtemp;
$downloads[] = $temp;
}
$tpl->assign("numcategories", $numcategories);
$tpl->assign("downloads", $downloads);
$sql = $data->select_query("calendar_downloads", "WHERE eid={$id}");
$event_downloads = array();
$numeventdownloads = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$temp1 = $data->select_fetch_one_row("downloads", "WHERE id={$temp['did']}", "name");
$temp['name'] = $temp1['name'];
$event_downloads[] = $temp;
}
$tpl->assign("numeventdownloads", $numeventdownloads);
$tpl->assign("event_downloads", $event_downloads);
$tpl->assign("download_editallowed", pageauth("downloads", "edit"));
if ($_POST['Submit'] == "Update") {
$attendies = $_POST['attend'];
$options = $_POST['options'];
$data->delete_query("attendies", "eid={$id}");
foreach ($attendies as $uid => $attend) {
if ($attend == 1) {
$useroption = safesql(serialize($options[$uid]), "text");
if ($data->num_rows($data->select_query("attendies", "WHERE uid={$uid} AND eid = {$id}")) == 0) {
$data->insert_query("attendies", "'', {$uid}, {$id}, {$useroption}");
} else {
$data->update_query("attendies", "options = {$useroption}", "uid={$uid} AND eid={$id}");
}
}
}
show_admin_message("Attendies Updated", "{$pagename}&action=signups&id={$id}&activetab=events");
} elseif ($action == "moveitemup" && pageauth("links", "edit") == 1) {
$sql = $data->select_query("links", "WHERE id='{$did}'");
$row = $data->fetch_array($sql);
$pos1 = $row['position'];
$temppos = $pos1 - 1;
$sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['position'];
if ($pos2 == 0 || $pos1 == 0) {
header("Location: {$server}" . "?page=links&action=view&id={$id}");
}
$data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false);
$data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=links&action=view&id={$id}");
} elseif ($action == "moveitemdown" && pageauth("links", "edit") == 1) {
$sql = $data->select_query("links", "WHERE id='{$did}'");
$row = $data->fetch_array($sql);
$pos1 = $row['position'];
$temppos = $pos1 + 1;
$sql = $data->select_query("links", "WHERE cat='{$id}' AND position='{$temppos}'");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['position'];
$data->update_query("links", "position='{$pos2}'", "id={$row['id']}", "", "", false);
$data->update_query("links", "position='{$pos1}'", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=links&action=view&id={$id}");
} else {
$cats = $data->select_query("links_cats", "ORDER BY position ASC");
$row_cats = array();
$num_cats = $data->num_rows($cats);
$data->update_query("submenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
} elseif ($action == "movedown" && pageauth("subsite", "edit")) {
$sql = $data->select_query("submenu", "WHERE id={$id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 + 1;
$sql = $data->select_query("submenu", "WHERE pos='{$temppos}' AND site={$safe_siteid}");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['pos'];
$data->update_query("submenu", "pos={$pos2}", "id={$row['id']}", "", "", false);
$data->update_query("submenu", "pos={$pos1}", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
} elseif ($action == "fixcat" && pageauth("subsite", "edit") == 1) {
$sql = $data->select_query("submenu", "WHERE site={$safe_siteid} ORDER BY pos ASC");
if ($data->num_rows($sql) > 0) {
$i = 1;
while ($temp = $data->fetch_array($sql)) {
$data->update_query("submenu", "pos={$i}", "id={$temp['id']}");
$i++;
}
}
header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
}
$tpl->assign("sitename", $sitename);
$tpl->assign("siteid", $siteid);
$tpl->assign('cid', $cid);
$tpl->assign('id', $id);
$tpl->assign('action', $action);
$tpl->assign('numfunc', $numfunc);
$tpl->assign('page', $pages);
$tpl->assign('numpages', $numpages);
} elseif ($action == "moveup" && pageauth("frontpage", "edit") == 1) {
$sql = $data->select_query("frontpage", "WHERE id={$id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 - 1;
$sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['pos'];
$data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false);
$data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=frontpage");
} elseif ($action == "movedown" && pageauth("frontpage", "edit") == 1) {
$sql = $data->select_query("frontpage", "WHERE id={$id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 + 1;
$sql = $data->select_query("frontpage", "WHERE pos='{$temppos}'");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['pos'];
$data->update_query("frontpage", "pos={$pos2}", "id={$row['id']}", "", "", false);
$data->update_query("frontpage", "pos={$pos1}", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=frontpage");
}
$tpl->assign('id', $id);
$tpl->assign('action', $action);
$tpl->assign('editFormAction', $editFormAction);
$patrollist = group_sql_list_id("patrol", "OR");
$membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
} else {
$membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
}
$nummembers = $data->num_rows($membersql);
$member = array();
while ($memberTemp = $data->fetch_array($membersql)) {
$safe_memberid = safesql($memberTemp['id'], "int");
$recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
$memberTemp['require'] = unserialize($recordsql['requirements']);
$memberTemp['comment'] = unserialize($recordsql['comment']);
$member[] = $memberTemp;
}
} elseif ($action == "view_badges") {
if (pageauth("troop_records", "limit")) {
$patrollist = group_sql_list_id("patrol", "OR");
$membersql = $data->select_query("members", "WHERE ({$patrollist}) AND type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
} else {
$membersql = $data->select_query("members", "WHERE type=0 AND awardScheme = {$safe_scheme} ORDER BY lastName, firstName ASC", "firstName, lastName, id");
}
$nummembers = $data->num_rows($membersql);
$memberBadges = array();
while ($memberTemp = $data->fetch_array($membersql)) {
$safe_memberid = safesql($memberTemp['id'], "int");
$badgesql = $data->select_query("userbadges", "WHERE userid = {$safe_memberid}");
$numbadge = 0;
while ($temp = $data->fetch_array($badgesql)) {
$result = $data->select_fetch_one_row("badges", "WHERE id = {$temp['badgeid']} AND scheme={$safe_scheme}");
if ($result != '') {
$temp['name'] = $result['name'];
}
}
} elseif ($action == "delete" && pageauth("group", "delete") == 1) {
$sql3 = $data->delete_query("groups", "id={$id}");
if ($sql3) {
$data->delete_query("static_content", "type=1 AND pid={$id}");
$data->delete_query("patrolmenu", "patrol={$id}");
$data->delete_query("auth", "authname={$id} AND type=2");
$data->delete_query("usergroups", "groupid={$id}");
$data->update_query("patrol_articles", "patrol=0", "patrol={$id}");
$data->update_query("album_track", "patrol=0", "patrol={$id}");
$data->delete_query("forummods", "mid={$id} AND type=1");
$data->delete_query("owners", "owner_id={$id} AND owner_type=1");
show_admin_message("Group Deleted", $pagename);
}
} elseif ($action == "auth" && pageauth("group", "publish") == 1) {
if ($_POST['Submit'] == "Submit") {
$user = array();
$ass = array();
$gpl = array();
for ($i = 0; $i < $modulenumbers; $i++) {
$moduleid = $moduledetails[$i]['id'];
$user['adminpanel'] = $_POST["user_adminpanel"] == 1 ? 1 : 0;
$ass['adminpanel'] = $_POST["ass_adminpanel"] == 1 ? 1 : 0;
$gpl['adminpanel'] = $_POST["gpl_adminpanel"] == 1 ? 1 : 0;
$user['access'][$moduleid] = $_POST["user_" . $moduleid . "_access"] == 1 ? 1 : 0;
$user['add'][$moduleid] = $_POST["user_" . $moduleid . "_add"] == 1 ? 1 : 0;
$user['edit'][$moduleid] = $_POST["user_" . $moduleid . "_edit"] == 1 ? 1 : 0;
$user['delete'][$moduleid] = $_POST["user_" . $moduleid . "_delete"] == 1 ? 1 : 0;
$user['publish'][$moduleid] = $_POST["user_" . $moduleid . "_pub"] == 1 ? 1 : 0;
$user['limit'][$moduleid] = $_POST["user_" . $moduleid . "_limit"] == 1 ? 1 : 0;
$Show = $data->select_query("static_content", "WHERE id='{$id}' AND trash=0");
$ShowRow = $data->fetch_array($Show);
$Showcontent = $ShowRow["content"];
$name = $ShowRow['name'];
$tpl->assign("contents", $ShowRow);
$tpl->assign("editor", true);
}
if ($action == "delete" && pageauth("content", "delete") == 1) {
$delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
if ($delete) {
show_admin_message("Content sent to trash", "{$pagename}");
}
$action = "";
} elseif ($action == "new") {
$tpl->assign("editor", true);
} elseif ($action == "moveitem" && pageauth("content", "edit")) {
$sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
$patrols = array();
$numpatrols = $data->num_rows($sql);
while ($patrols[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("subsites", "ORDER BY name ASC");
$subsites = array();
$numsubsites = $data->num_rows($sql);
while ($subsites[] = $data->fetch_array($sql)) {
}
$tpl->assign("numpatrols", $numpatrols);
$tpl->assign("patrols", $patrols);
$tpl->assign("numsubsites", $numsubsites);
$tpl->assign("subsites", $subsites);
if ($Submit == "Move") {
$comments = safesql(serialize($_POST['comment']), "text");
$data->insert_query("scoutrecord", "'', {$safe_memberid}, {$record}, {$comments}, {$safe_scheme}");
}
show_admin_message("Record Updated", "admin.php?page={$page}&subpage=records&id={$id}&action=view_advancements");
} elseif ($action == "addbadge" && pageauth("troop", "edit") == 1) {
$badgeid = safesql($_POST['bid'], "int");
$comment = safesql($_POST['comment'], "text");
$date = safesql(time(), "int");
$data->insert_query("userbadges", "'', {$safe_memberid}, {$badgeid}, {$comment}, {$date}");
show_admin_message("Badge Added", "admin.php?page={$page}&subpage=records&id={$id}&action=view_badges");
}
}
$schemes = $data->select_fetch_all_rows($numschemes, "awardschemes", "ORDER BY name ASC");
$tpl->assign("schemes", $schemes);
$tpl->assign("numschemes", $numschemes);
if ($action == "view_advancements" || $action == "" || $action == "edit_advancements" && pageauth("troop", "edit") == 1) {
$advansql = $data->select_query("advancements", "WHERE scheme = {$safe_scheme} ORDER BY position ASC");
$numadva = $data->num_rows($advansql);
$advancements = array();
$numitems = 0;
$recordsql = $data->select_fetch_one_row("scoutrecord", "WHERE userid={$safe_memberid} AND scheme = {$safe_scheme}");
$scoutRecord['requirement'] = unserialize($recordsql['requirements']);
$scoutRecord['comment'] = unserialize($recordsql['comment']);
while ($temp = $data->fetch_array($advansql)) {
$getrequirements = $data->select_query("requirements", "WHERE advancement = '{$temp["ID"]}' ORDER BY position ASC");
$temp['numitems'] = $data->num_rows($getrequirements);
while ($temp['items'][] = $data->fetch_array($getrequirements)) {
}
$advancements[] = $temp;
}
$tpl->assign("scoutRecord", $scoutRecord);
$groupinfo['numusers'] = $data->num_rows($gusql);
$groups[] = $groupinfo;
}
$sql = $data->select_query("members", "WHERE type=0 ORDER BY lastName, firstName ASC");
$nummembers = $data->num_rows($sql);
$members = array();
while ($temp = $data->fetch_array($sql)) {
if ($temp['type'] == 0) {
$pa = $data->select_fetch_one_row("members", "WHERE id={$temp['fatherId']}");
$ma = $data->select_fetch_one_row("members", "WHERE id={$temp['motherId']}");
$temp['relations'] = "Father: <b>" . (isset($pa['firstName']) ? $pa['lastName'] . ', ' . $pa['firstName'] : "Not in System") . "</b><br />Mother: <b>" . (isset($ma['firstName']) ? $ma['lastName'] . ', ' . $ma['firstName'] : "Not in System") . "</b>";
}
$members[] = $temp;
}
$mainpageauth['logfile'] = pageauth('logfile', "access");
$mainpageauth['menus'] = pageauth('menus', "access");
$mainpageauth['users'] = pageauth('users', "access");
$mainpageauth['group'] = pageauth('group', "access");
$mainpageauth['patrol'] = pageauth('patrol', "access");
$mainpageauth['subsite'] = pageauth('subsite', "access");
$mainpageauth['config'] = pageauth('config', "access");
$tpl->assign("mainpageauth", $mainpageauth);
$tpl->assign("members", $members);
$tpl->assign("nummembers", $nummembers);
$tpl->assign("groups", $groups);
$tpl->assign("numgroups", $numgroups);
$tpl->assign("stats", $siteinfo);
$tpl->assign("numusers", $numusers);
$tpl->assign("onlineusers", $onlineusers);
$filetouse = 'admin_main.tpl';
}
$sql = $data->select_query("forummods", "WHERE fid={$fid}");
$nummods = $data->num_rows($sql);
$mods = array();
while ($temp = $data->fetch_array($sql)) {
if ($temp['type'] == 0) {
$sql2 = $data->select_query("users", "WHERE id={$temp['mid']}", "uname");
$temp2 = $data->fetch_array($sql2);
$temp['name'] = "User: "******"groups", "WHERE id={$temp['mid']}", "teamname");
$temp2 = $data->fetch_array($sql2);
$temp['name'] = "Group: " . $temp2['teamname'];
}
$mods[] = $temp;
}
$tpl->assign("forum", $forum);
$tpl->assign("groups", $groups);
$tpl->assign("numgroups", $numgroups);
$tpl->assign("users", $users);
$tpl->assign("numusers", $numusers);
$tpl->assign("mods", $mods);
$tpl->assign("nummods", $nummods);
} elseif ($action == "deletemod" && pageauth("forums", "delete") == 1) {
$id = safesql($_GET['id'], "int");
$data->delete_query("forummods", "id={$id}");
show_admin_message("Moderator Deleted", "{$pagename}&action=moderator&fid={$fid}&cid={$cid}");
}
$tpl->assign('editFormAction', $editFormAction);
$tpl->assign('action', $action);
$filetouse = "admin_forums.tpl";
}
$group_ids = group_users_id_array($usergroups[$i]);
$first = true;
for ($j = 0; $j < count($group_ids); $j++) {
if ($first == false) {
$userquery .= " OR ";
} else {
$first = false;
}
$userquery .= "id=" . $group_ids[$j];
}
}
$sql = $data->select_query("users", "WHERE {$userquery} ORDER BY uname ASC");
} else {
$sql = $data->select_query("users", "ORDER BY uname ASC");
}
$numusers = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$temp['team'] = user_groups_list($temp['id']);
$temp['custom'] = unserialize($temp['custom']);
$row[] = $temp;
}
$filetouse = "admin_user_list.tpl";
$tpl->assign("action", $action);
$tpl->assign('numusers', $numusers);
$tpl->assign('editFormAction', $editFormAction);
$tpl->assign('row', $row);
$tpl->assign('fields', $fields);
$tpl->assign('record', $record);
$tpl->assign("uname", $check['uname']);
$tpl->assign("ownerallowed", pageauth("owners", "edit"));
}
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
**************************************************************************/
if (!empty($getmodules)) {
$module['Configuration']['Module Manager'] = "modules";
$moduledetails[$modulenumbers]['name'] = "Module Manager";
$moduledetails[$modulenumbers]['details'] = "Manage CMScout modules";
$moduledetails[$modulenumbers]['access'] = "Allowed to access the module manager";
$moduledetails[$modulenumbers]['add'] = "notused";
$moduledetails[$modulenumbers]['edit'] = "notused";
$moduledetails[$modulenumbers]['delete'] = "notused";
$moduledetails[$modulenumbers]['publish'] = "Allowed to deactivate and reactivate modules";
$moduledetails[$modulenumbers]['limit'] = "notused";
$moduledetails[$modulenumbers]['id'] = "modules";
return;
} else {
$id = safesql($_GET['id'], "int");
if ($_GET['action'] == 'activate' && pageauth("modules", "publish")) {
$sqlq = $data->update_query("functions", "active = 1", "id={$id}");
header("Location: {$pagename}");
} elseif ($_GET['action'] == 'deactivate' && pageauth("modules", "publish")) {
$sqlq = $data->update_query("functions", "active = 0", "id={$id}");
header("Location: {$pagename}");
}
$modules = $data->select_fetch_all_rows($nummodule, "functions", "WHERE type != 3 ORDER BY name ASC", "id, name, type, active");
$tpl->assign("modules", $modules);
$tpl->assign("nummodule", $nummodule);
$filetouse = "admin_modules.tpl";
}
show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&gid={$gid}");
}
$sql = $data->select_query("groups", "WHERE id={$gid}");
$groupinfo = $data->fetch_array($sql);
$sql = $data->select_query("usergroups", "WHERE groupid={$gid}");
$groupusers = array();
$numgroupusers = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$sql2 = $data->select_query("users", "WHERE id={$temp['userid']}", "id, uname");
$temp2 = $data->fetch_array($sql2);
$temp2['type'] = $temp['utype'];
$groupusers[] = $temp2;
}
$sql = $data->select_query("users", "ORDER BY uname ASC");
$numusers = 0;
$users = array();
while ($temp = $data->fetch_array($sql)) {
if ($data->num_rows($data->select_query("usergroups", "WHERE groupid={$gid} and userid={$temp['id']}")) == 0) {
$users[] = $temp;
$numusers++;
}
}
$tpl->assign("editallowed_page", pageauth("group", "edit"));
$tpl->assign("numusers", $numusers);
$tpl->assign("users", $users);
$tpl->assign("uname", $check['uname']);
$tpl->assign("numgroupusers", $numgroupusers);
$tpl->assign("groupusers", $groupusers);
$tpl->assign("groupinfo", $groupinfo);
$filetouse = "admin_groupusers.tpl";
}
}
show_admin_message("User type changed", str_replace('&', '&', $pagename) . "&uid={$uid}");
}
$sql = $data->select_query("users", "WHERE id={$uid}");
$userinfo = $data->fetch_array($sql);
$sql = $data->select_query("usergroups", "WHERE userid={$uid}");
$usergroups = array();
$numusergroups = $data->num_rows($sql);
while ($temp = $data->fetch_array($sql)) {
$sql2 = $data->select_query("groups", "WHERE id={$temp['groupid']}", "id, teamname");
$temp2 = $data->fetch_array($sql2);
$temp2['type'] = $temp['utype'];
$usergroups[] = $temp2;
}
$sql = $data->select_query("groups");
$numgroups = 0;
$groups = array();
while ($temp = $data->fetch_array($sql)) {
if ($data->num_rows($data->select_query("usergroups", "WHERE userid={$uid} and groupid={$temp['id']}")) == 0) {
$groups[] = $temp;
$numgroups++;
}
}
$tpl->assign("editallowed_page", pageauth("users", "edit"));
$tpl->assign("numgroups", $numgroups);
$tpl->assign("groups", $groups);
$tpl->assign("numusergroups", $numusergroups);
$tpl->assign("usergroups", $usergroups);
$tpl->assign("userinfo", $userinfo);
$filetouse = "admin_usergroups.tpl";
}
$data->update_query("patrolmenu", "pos={$pos1}", "id='{$row2['id']}'", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}");
} elseif ($action == "movedown" && pageauth("patrol", "edit")) {
$sql = $data->select_query("patrolmenu", "WHERE id={$id}");
$row = $data->fetch_array($sql);
$pos1 = $row['pos'];
$temppos = $pos1 + 1;
$sql = $data->select_query("patrolmenu", "WHERE pos='{$temppos}' AND patrol={$safe_patrolid}");
$row2 = $data->fetch_array($sql);
$pos2 = $row2['pos'];
$data->update_query("patrolmenu", "pos={$pos2}", "id={$row['id']}", "", "", false);
$data->update_query("patrolmenu", "pos={$pos1}", "id={$row2['id']}", "", "", false);
$server = $_SERVER['PHP_SELF'];
header("Location: {$server}" . "?page=patrol&subpage=patrolmenus&pid={$patrolid}");
} elseif ($action == "fixcat" && pageauth("patrol", "edit") == 1) {
$sql = $data->select_query("patrolmenu", "WHERE patrol={$safe_patrolid} ORDER BY pos ASC");
if ($data->num_rows($sql) > 0) {
$i = 1;
while ($temp = $data->fetch_array($sql)) {
$data->update_query("patrolmenu", "pos={$i}", "id={$temp['id']}");
$i++;
}
}
header("Location: {$server}" . "?page=subsite&subpage=submenu&sid={$siteid}");
}
$tpl->assign("patrolid", $patrolid);
$tpl->assign("patrolname", $patrolname);
$tpl->assign('cid', $cid);
$tpl->assign('id', $id);
$tpl->assign('action', $action);
$articles = $ownedSql ? $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE {$ownedSql} ORDER BY title") : '';
$tpl->assign("articles", $articles);
$tpl->assign("numarticles", $numarticles);
$ownedSql = getSqlList('events', "id", $userid);
$events = $ownedSql ? $data->select_fetch_all_rows($numevents, "calendar_items", "WHERE {$ownedSql} ORDER BY summary") : '';
$tpl->assign("events", $events);
$tpl->assign("numevents", $numevents);
$ownedSql = getSqlList('downloads', "id", $userid);
$downloads = $ownedSql ? $data->select_fetch_all_rows($numdownloads, "downloads", "WHERE {$ownedSql} ORDER BY name") : '';
$tpl->assign("downloads", $downloads);
$tpl->assign("numdownloads", $numdownloads);
$ownedSql = getSqlList('newsitem', "id", $userid);
$news = $ownedSql ? $data->select_fetch_all_rows($numnews, "newscontent", "WHERE {$ownedSql} ORDER BY title") : '';
$tpl->assign("news", $news);
$tpl->assign("numnews", $numnews);
$ownedSql = getSqlList('pollitems', "id", $userid);
$polls = $ownedSql ? $data->select_fetch_all_rows($numpolls, "polls", "WHERE {$ownedSql} ORDER BY question") : '';
$tpl->assign("polls", $polls);
$tpl->assign("numpolls", $numpolls);
$permissions['album'] = pageauth("photo", "edit");
$permissions['patrolart'] = pageauth("patrolart", "edit");
$permissions['events'] = pageauth("events", "edit");
$permissions['downloads'] = pageauth("downloads", "edit");
$permissions['news'] = pageauth("news", "edit");
$permissions['polls'] = pageauth("poll", "edit");
$tpl->assign('permissions', $permissions);
break;
}
$filetouse = "admin_owners.tpl";
$tpl->assign('action', $action);
}
if ($sql) {
show_admin_message("Section added", $pagename);
}
} elseif ($action == "edit" && pageauth("sections", "edit")) {
$name = safesql($_POST['name'], "text");
$sql = $data->update_query("sections", "name = {$name}", "id = {$id}");
if ($sql) {
show_admin_message("Section updated", $pagename);
}
}
}
if ($action == "edit" && pageauth("sections", "edit")) {
$result = $data->select_query("sections", "WHERE id = '{$id}'");
$section = $data->fetch_array($result);
$tpl->assign("section", $section);
} elseif ($action == "delete" && pageauth("sections", "delete")) {
$sql = $data->delete_query("sections", "id = '{$id}'");
if ($sql) {
show_admin_message("Section deleted", $pagename);
}
} else {
$result = $data->select_query("sections", "ORDER BY name ASC");
$sections = array();
$numsections = $data->num_rows($result);
while ($sections[] = $data->fetch_array($result)) {
}
$tpl->assign('sections', $sections);
$tpl->assign('numsections', $numsections);
}
$tpl->assign('action', $action);
$filetouse = "admin_sections.tpl";
}
// Delete News
if ($action == "delete" && pageauth("news", "delete") == 1) {
$Delete = $data->update_query("newscontent", "trash=1", "id='{$id}'");
if ($Delete) {
show_admin_message("News trashed", "{$pagename}");
}
} elseif ($action == 'publish' && pageauth("news", "publish") == 1) {
$sqlq = $data->update_query("newscontent", "allowed = 1", "id={$id}");
if ($data->num_rows($data->select_query("review", "WHERE item_id={$id} AND type='news'"))) {
$item = $data->select_fetch_one_row("newscontent", "WHERE id={$id}");
email('newitem', array("news", $item));
$data->delete_query("review", "item_id={$id} AND type='news'");
}
header("Location: {$pagename}");
} elseif ($action == 'unpublish' && pageauth("news", "publish") == 1) {
$sqlq = $data->update_query("newscontent", "allowed = 0", "id={$id}");
header("Location: {$pagename}");
}
// Show specific news
if ($id != "") {
// Show selected news
$Show = $data->select_query("newscontent", "WHERE id='{$id}' AND trash=0");
$shownews = $data->fetch_array($Show);
$tpl->assign('shownews', $shownews);
$tpl->assign("editor", true);
}
if ($action == "new") {
$tpl->assign("editor", true);
}
if ($action == "new" || $action == "edit") {
$module['Module Management']['Group Site Manager'] = "patrol";
$moduledetails[$modulenumbers]['name'] = "Group Site Manager";
$moduledetails[$modulenumbers]['details'] = "Manages group websites";
$moduledetails[$modulenumbers]['access'] = "Allowed to access group site manager";
$moduledetails[$modulenumbers]['add'] = "Allowed to add new pages and menu items";
$moduledetails[$modulenumbers]['edit'] = "Allowed to edit existing pages and menu items";
$moduledetails[$modulenumbers]['delete'] = "Allowed to delete pages and menu items";
$moduledetails[$modulenumbers]['publish'] = "notused";
$moduledetails[$modulenumbers]['limit'] = "Limit to groups the user is part of";
$moduledetails[$modulenumbers]['id'] = "patrol";
return;
} else {
$subpage = $_GET['subpage'] != '' ? $_GET['subpage'] : '';
if (!$subpage) {
$action = $_GET['action'];
if (pageauth("patrol", "limit")) {
$patrollist = group_sql_list_normal("teamname", "OR");
$result = $data->select_query("groups", "WHERE ({$patrollist}) AND ispublic=1 ORDER BY teamname ASC");
} else {
$result = $data->select_query("groups", "WHERE ispublic=1 ORDER BY teamname ASC");
}
$patrol = array();
while ($patrol[] = $data->fetch_array($result)) {
}
$numpatrols = $data->num_rows($result);
$tpl->assign('patrol', $patrol);
$tpl->assign('patrolInfo', $patrolInfo);
$tpl->assign('action', $action);
$tpl->assign('numpatrol', $numpatrols);
$filetouse = "admin_patrol.tpl";
} else {
if ($action == "edit") {
$tpl->assign("cmtags_active", true);
$tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}");
} elseif ($action == "new") {
$tpl->assign("cmtags_active", true);
$tpl->assign("cmtag_list", "Number of articles=\\{\$groupstats.articles};Number of photo albums=\\{\$groupstats.albums};Number of users=\\{\$groupstats.users};Number of log book entries=\\{\$groupstats.logbook}");
} elseif ($action == "delete" && pageauth("patrol", "delete") == 1) {
$delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
if ($delete) {
show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=patrol&subpage=patrolcontent&pid={$patrolid}");
}
$action = "";
} elseif ($action == "putfront" && pageauth("patrol", "edit")) {
$sql = $data->update_query("static_content", "frontpage=0", "type=1 AND pid={$safe_patrolid}");
$sql = $data->update_query("static_content", "frontpage=1", "type=1 AND id={$safe_id}");
} elseif ($action == "moveitem" && pageauth("patrol", "edit") && !pageauth("patrol", "limit")) {
$sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
$patrols = array();
$numpatrols = $data->num_rows($sql);
while ($patrols[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("subsites", "ORDER BY name ASC");
$subsites = array();
$numsubsites = $data->num_rows($sql);
while ($subsites[] = $data->fetch_array($sql)) {
}
$tpl->assign("numpatrols", $numpatrols);
$tpl->assign("patrols", $patrols);
$tpl->assign("numsubsites", $numsubsites);
$tpl->assign("subsites", $subsites);
if ($Submit == "Move") {
}
// Show specific content
if ($id != "") {
// Show selected content
$item = $data->select_fetch_one_row("static_content", "WHERE id={$safe_id} AND type=2 AND pid={$safe_siteid}");
}
if ($action == "delete" && pageauth("subsite", "delete") == 1) {
$delete = $data->update_query("static_content", "trash=1", "id={$safe_id}");
if ($delete) {
show_admin_message("Content sent to trash, Contact the Administrator if you wish to recover it.", "admin.php?page=subsite&subpage=subcontent&sid={$siteid}");
}
$action = "";
} elseif ($action == "putfront" && pageauth("subsite", "edit")) {
$sql = $data->update_query("static_content", "frontpage=0", "type=2 AND pid={$safe_siteid}");
$sql = $data->update_query("static_content", "frontpage=1", "type=2 AND id={$safe_id}");
} elseif ($action == "moveitem" && pageauth("subsite", "edit")) {
$sql = $data->select_query("groups", "WHERE ispublic = 1 ORDER BY teamname ASC");
$patrols = array();
$numpatrols = $data->num_rows($sql);
while ($patrols[] = $data->fetch_array($sql)) {
}
$sql = $data->select_query("subsites", "ORDER BY name ASC");
$subsites = array();
$numsubsites = $data->num_rows($sql);
while ($subsites[] = $data->fetch_array($sql)) {
}
$tpl->assign("numpatrols", $numpatrols);
$tpl->assign("patrols", $patrols);
$tpl->assign("numsubsites", $numsubsites);
$tpl->assign("subsites", $subsites);
if ($Submit == "Move") {
$order = safesql($_POST['order'], "text");
$display = safesql($_POST['display'], "int");
$groupallowed = safesql(serialize($_POST['groups']), "text");
$description = safesql($_POST['description'], "text");
$perpage = safesql($_POST['perpage'], "int");
$sql = $data->insert_query("articletopics", "'', {$title}, {$description}, {$sort}, {$order}, {$groupallowed}, {$display}, {$perpage}");
if ($sql) {
show_admin_message("Topic added", "{$pagename}&activetab=topics");
}
}
} else {
$action = "";
}
if ($action == "") {
$row = array();
if (pageauth("patrolart", "limit")) {
$patrol = group_sql_list_id("patrol", "OR", true);
$result = $data->select_query("patrol_articles", "WHERE ({$patrol}) AND trash=0 ORDER BY date_post DESC");
} else {
$result = $data->select_query("patrol_articles", "WHERE trash=0 ORDER BY date_post DESC");
}
$numarticles = $data->num_rows($result);
while ($temp = $data->fetch_array($result)) {
$sql = $data->select_fetch_one_row("groups", "WHERE id={$temp['patrol']}", "teamname");
$temp['patrol'] = $sql['teamname'];
$topics = unserialize($temp['topics']);
$temp['topics'] = '';
$num = 1;
if (is_array($topics)) {
foreach ($topics as $topicid => $value) {
$topicdetail = $data->select_fetch_one_row("articletopics", "WHERE id = {$topicid}", "title");
$row = $data->fetch_array($result);
$advan = $row['name'];
$tpl->assign("advan", $advan);
$tpl->assign("id", $id);
} elseif ($action == "editadd" && pageauth("advancements", "edit")) {
$result = $data->select_query("advancements", "WHERE ID = '{$id}'");
$row = $data->fetch_array($result);
$advan = $row['advancement'];
$tpl->assign("sid", $sid);
$tpl->assign("advan", $advan);
$tpl->assign("id", $id);
} elseif ($action == "newadd" && pageauth("advancements", "add")) {
$tpl->assign("sid", $sid);
} elseif ($action == "newbadge" && pageauth("advancements", "add")) {
$tpl->assign("sid", $sid);
} elseif ($action == "editbadge" && pageauth("advancements", "edit")) {
$result = $data->select_query("badges", "WHERE id = '{$id}'");
$row = $data->fetch_array($result);
$tpl->assign("sid", $sid);
$tpl->assign("badge", $row);
$tpl->assign("id", $id);
} else {
$result = $data->select_query("awardschemes");
$adv = array();
$numschemes = $data->num_rows($result);
while ($row = $data->fetch_array($result)) {
$sql = $data->select_query("advancements", "WHERE scheme ={$row['id']}");
$row['numitems'] = $data->num_rows($sql);
$schemes[] = $row;
}
}