PageRenderTime 47ms CodeModel.GetById 23ms RepoModel.GetById 0ms app.codeStats 0ms

/admin/post/addjp.php

https://github.com/anodyne/sms
PHP | 347 lines | 256 code | 63 blank | 28 comment | 34 complexity | 907249217a210b86664f7917d675ad7f MD5 | raw file
Possible License(s): LGPL-2.1 
    

  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4. This is a necessary system file. Do not modify this page unless you are highly
    5. 

  5. knowledgeable as to the structure of the system. Modification of this file may
    6. 

  6. cause SMS to no longer function.
    7. 

    8. 

  8. Author: David VanScott [ davidv@anodyne-productions.com ]
    9. 

  9. File: admin/post/addjp.php
    10. 

  10. Purpose: Page to add a joint post
    11. 

    12. 

  12. System Version: 2.6.10
    13. 

  13. Last Modified: 2009-09-08 0843 EST
    14. 

  14. **/
    15. 

  15. 

  16. /* access check */
    17. 

  17. if( in_array( "p_addjp", $sessionAccess ) ) {
    18. 

  18. 	
    19. 

  19. 	/* set the page class and vars */
    20. 

  20. 	$pageClass = "admin";
    21. 

  21. 	$subMenuClass = "post";
    22. 

  22. 	$result = FALSE;
    23. 

  23. 	$query = FALSE;
    24. 

  24. 	
    25. 

  25. 	if(isset($_GET['id']))
    26. 

  26. 	{
    27. 

  27. 		if(is_numeric($_GET['id'])) {
    28. 

  28. 			$id = $_GET['id'];
    29. 

  29. 		} else {
    30. 

  30. 			errorMessageIllegal( "add JP page" );
    31. 

  31. 			exit();
    32. 

  32. 		}
    33. 

  33. 	}
    34. 

  34. 	
    35. 

  35. 	if(isset($_GET['number']))
    36. 

  36. 	{
    37. 

  37. 		if(is_numeric($_GET['number'])) {
    38. 

  38. 			$number = $_GET['number'];
    39. 

  39. 		} else {
    40. 

  40. 			errorMessageIllegal( "add JP page" );
    41. 

  41. 			exit();
    42. 

  42. 		}
    43. 

  43. 	}
    44. 

  44. 	
    45. 

  45. 	if(isset($_GET['delete']))
    46. 

  46. 	{
    47. 

  47. 		if(is_numeric($_GET['delete'])) {
    48. 

  48. 			$delete = $_GET['delete'];
    49. 

  49. 		} else {
    50. 

  50. 			errorMessageIllegal( "add JP page" );
    51. 

  51. 			exit();
    52. 

  52. 		}
    53. 

  53. 	}
    54. 

  54. 	
    55. 

  55. 	if(isset($_GET['add']))
    56. 

  56. 	{
    57. 

  57. 		if(is_numeric($_GET['add'])) {
    58. 

  58. 			$add = $_GET['add'];
    59. 

  59. 		} else {
    60. 

  60. 			errorMessageIllegal( "add JP page" );
    61. 

  61. 			exit();
    62. 

  62. 		}
    63. 

  63. 	}
    64. 

  64. 	
    65. 

  65. 	if(!isset($number)) {
    66. 

  66. 		$number = 2;
    67. 

  67. 	} elseif( $number > JP_AUTHORS ) {
    68. 

  68. 		$number = JP_AUTHORS;
    69. 

  69. 	}
    70. 

  70. 	
    71. 

  71. 	if(isset($_POST['action_x']))
    72. 

  72. 	{
    73. 

  73. 		$jpnumber = $_POST['jpNumber'];
    74. 

  74. 		
    75. 

  75. 		for ($n=1; $n<=$jpnumber; $n++)
    76. 

  76. 		{
    77. 

  77. 			$authors[] = $_POST['author' . $n];
    78. 

  78. 		}
    79. 

  79. 		
    80. 

  80. 		/* make a string of the authors */
    81. 

  81. 		$postAuthors = implode(',', $authors);
    82. 

  82. 		
    83. 

  83. 		$insert = "INSERT INTO sms_posts (postAuthor, postTitle, postLocation, postTimeline, postContent, postPosted, postMission, ";
    84. 

  84. 		$insert.= "postStatus, postTag) VALUES (%s, %s, %s, %s, %s, UNIX_TIMESTAMP(), %d, %s, %s)";
    85. 

  85. 		
    86. 

  86. 		$query = sprintf(
    87. 

  87. 			$insert,
    88. 

  88. 			escape_string($postAuthors),
    89. 

  89. 			escape_string($_POST['postTitle']),
    90. 

  90. 			escape_string($_POST['postLocation']),
    91. 

  91. 			escape_string($_POST['postTimeline']),
    92. 

  92. 			escape_string($_POST['postContent']),
    93. 

  93. 			escape_string($_POST['postMission']),
    94. 

  94. 			escape_string('activated'),
    95. 

  95. 			escape_string($_POST['postTag'])
    96. 

  96. 		);
    97. 

  97. 	
    98. 

  98. 		$result = mysql_query($query);
    99. 

  99. 	
    100. 

  100. 		for($i=1; $i<=$number; $i++)
    101. 

  101. 		{
    102. 

  102. 			/* set the author var */
    103. 

  103. 			$author = $_POST['author' . $i];
    104. 

  104. 			
    105. 

  105. 			if(!is_numeric($author)) {
    106. 

  106. 				$author = NULL;
    107. 

  107. 			}
    108. 

  108. 	
    109. 

  109. 			/* update the player's last post timestamp */
    110. 

  110. 			$updateTimestamp = "UPDATE sms_crew SET lastPost = UNIX_TIMESTAMP() WHERE crewid = $author LIMIT 1";
    111. 

  111. 			$updateTimestampResult = mysql_query( $updateTimestamp );
    112. 

  112. 		}
    113. 

  113. 	
    114. 

  114. 		/* optimize the crew table */
    115. 

  115. 		optimizeSQLTable( "sms_crew" );
    116. 

  116. 		optimizeSQLTable( "sms_posts" );
    117. 

  117. 		
    118. 

  118. 		/* if the user wants to send the email out, do it */
    119. 

  119. 		if(isset($_POST['sendEmail']))
    120. 

  120. 		{
    121. 

  121. 			foreach($_POST as $key => $value)
    122. 

  122. 			{
    123. 

  123. 				$$key = $value;
    124. 

  124. 			}
    125. 

  125. 			
    126. 

  126. 			if(is_numeric($_POST['author1'])) {
    127. 

  127. 				$emailAuthor = $_POST['author1'];
    128. 

  128. 			}
    129. 

  129. 			
    130. 

  130. 			/* set the email author */
    131. 

  131. 			$userFetch = "SELECT crew.crewid, crew.firstName, crew.lastName, crew.email, rank.rankShortName ";
    132. 

  132. 			$userFetch.= "FROM sms_crew AS crew, sms_ranks AS rank ";
    133. 

  133. 			$userFetch.= "WHERE crew.crewid = $emailAuthor AND crew.rankid = rank.rankid LIMIT 1";
    134. 

  134. 			$userFetchResult = mysql_query( $userFetch );
    135. 

  135. 			
    136. 

  136. 			while( $userFetchArray = mysql_fetch_array( $userFetchResult ) ) {
    137. 

  137. 				extract( $userFetchArray, EXTR_OVERWRITE );
    138. 

  138. 			}
    139. 

  139. 			
    140. 

  140. 			$firstName = str_replace( "'", "", $firstName );
    141. 

  141. 			$lastName = str_replace( "'", "", $lastName );
    142. 

  142. 			
    143. 

  143. 			$from = $rankShortName . " " . $firstName . " " . $lastName . " < " . $email . " >";
    144. 

  144. 			
    145. 

  145. 			/* define the variables */
    146. 

  146. 			$to = getCrewEmails("emailPosts");
    147. 

  147. 			$subject = $emailSubject . " " . printMissionTitle( $postMission ) . " - " . $postTitle;
    148. 

  148. 			$message = "A Post By " . displayEmailAuthors($postAuthors, 'noLink') . "\r\n";
    149. 

  149. 			$message.= "Location: " . stripslashes($postLocation) . "\r\n";
    150. 

  150. 			$message.= "Timeline: " . stripslashes($postTimeline) . "\r\n";
    151. 

  151. 			$message.= "Tag: " . stripslashes($postTag) . "\r\n\r\n";
    152. 

  152. 			$message.= stripslashes($postContent);
    153. 

  153. 				
    154. 

  154. 			/* send the email */
    155. 

  155. 			mail( $to, $subject, $message, "From: " . $from . "\nX-Mailer: PHP/" . phpversion() );
    156. 

  156. 		}
    157. 

  157. 	}
    158. 

  158. 	
    159. 

  159. 	?>
    160. 

  160. 	
    161. 

  161. 	<script type="text/javascript">
    162. 

  162. 		$(document).ready(function() {
    163. 

  163. 			$('#participants').change(function(){
    164. 

  164. 				var number = $(this).val();
    165. 

  165. 				
    166. 

  166. 				window.location = "<?php echo $webLocation;?>admin.php?page=post&sub=addjp&number=" + number;
    167. 

  167. 			});
    168. 

  168. 		});
    169. 

  169. 	</script>
    170. 

  170. 	
    171. 

  171. 	<div class="body">
    172. 

  172. 		<?php
    173. 

  173. 		
    174. 

  174. 		$check = new QueryCheck;
    175. 

  175. 		$check->checkQuery( $result, $query );
    176. 

  176. 				
    177. 

  177. 		if( !empty( $check->query ) ) {
    178. 

  178. 			$check->message( "joint post", "add" );
    179. 

  179. 			$check->display();
    180. 

  180. 		}
    181. 

  181. 		
    182. 

  182. 		?>
    183. 

  183. 	
    184. 

  184. 		<span class="fontTitle">Add Joint Mission Entry</span><br /><br />
    185. 

  185. 	
    186. 

  186. 		This page should be used in the event that a member of the crew has accidentally posted incorrectly.  For instance, if a player has replied to one of the emails sent out to the system instead of logging in and posting, you can copy and paste the contents of their email into this form and put the entry into the system. For all other joint posts, please use the <a href="<?=$webLocation;?>admin.php?page=post&sub=jp"> Write Joint Post</a> page.<br /><br />
    187. 

  187. 	
    188. 

  188. 		<span class="fontNormal">
    189. 

  189. 			<b>Select the number of participants:</b> &nbsp;
    190. 

  190. 			
    191. 

  191. 			<select id="participants">
    192. 

  192. 				<option value="">Please Choose One</option>
    193. 

  193. 				
    194. 

  194. 				<?php for ($k=2; $k<=JP_AUTHORS; $k++): ?>
    195. 

  195. 					<option value="<?php echo $k;?>"><?php echo $k;?> People</option>
    196. 

  196. 				<?php endfor;?>
    197. 

  197. 			</select>
    198. 

  198. 		</span><br /><br />
    199. 

  199. 		
    200. 

  200. 		<form method="post" action="<?=$webLocation;?>admin.php?page=post&sub=addjp">
    201. 

  201. 		<table>
    202. 

  202. 			<?
    203. 

  203. 			
    204. 

  204. 			$authorNum = 1;
    205. 

  205. 			
    206. 

  206. 			for( $i=1; $i<=$number; $i++ ) {
    207. 

  207. 			
    208. 

  208. 			?>
    209. 

  209. 			
    210. 

  210. 			<tr>
    211. 

  211. 				<td class="narrowLabel tableCellLabel">
    212. 

  212. 					<b>Author #<?=$i;?></b>
    213. 

  213. 				</td>
    214. 

  214. 				<td>&nbsp;</td>
    215. 

  215. 				<td>
    216. 

  216. 					<select name="author<?=$authorNum;?>">
    217. 

  217. 					<?
    218. 

  218. 					
    219. 

  219. 					/* query the users database */
    220. 

  220. 					$sql = "SELECT crew.crewid, crew.firstName, crew.lastName, rank.rankName ";
    221. 

  221. 					$sql.= "FROM sms_crew AS crew, sms_ranks AS rank ";
    222. 

  222. 					$sql.= "WHERE crew.crewType = 'active' AND crew.rankid = rank.rankid ";
    223. 

  223. 					$sql.= "ORDER BY crew.rankid ASC";
    224. 

  224. 					$result = mysql_query( $sql );
    225. 

  225. 					
    226. 

  226. 					/*
    227. 

  227. 						start looping through what the query returns
    228. 

  228. 						until it runs out of records
    229. 

  229. 					*/
    230. 

  230. 					while( $myrow = mysql_fetch_array( $result ) ) {
    231. 

  231. 						extract( $myrow, EXTR_OVERWRITE );
    232. 

  232. 						
    233. 

  233. 						/* $authorNumber = $author . $authorNum; */
    234. 

  234. 						$authorNumber = $rankName . " " . $firstName . " " . $lastName;
    235. 

  235. 						
    236. 

  236. 						echo "<option value='" . $myrow['crewid'] . "'>" . $authorNumber . "</option>";
    237. 

  237. 						
    238. 

  238. 					}
    239. 

  239. 					?>
    240. 

  240. 					</select>
    241. 

  241. 				</td>
    242. 

  242. 			</tr>
    243. 

  243. 			<? $authorNum = $authorNum + 1; } ?>
    244. 

  244. 			
    245. 

  245. 			<? if(!isset($number)) { ?>
    246. 

  246. 			<input type="hidden" name="jpNumber" value="2" />
    247. 

  247. 			<? } else { ?>
    248. 

  248. 			<input type="hidden" name="jpNumber" value="<?=$number;?>" />
    249. 

  249. 			<? } ?>
    250. 

  250. 			
    251. 

  251. 			<tr>
    252. 

  252. 				<td class="narrowLabel tableCellLabel">Mission</td>
    253. 

  253. 				<td>&nbsp;</td>
    254. 

  254. 				<td class="fontNormal">
    255. 

  255. 					<?
    256. 

  256. 					
    257. 

  257. 					$missionTitle = "SELECT missionid, missionTitle FROM sms_missions WHERE missionStatus = 'current' LIMIT 1";
    258. 

  258. 					$missionTitleResult = mysql_query( $missionTitle );
    259. 

  259. 					$missionCount = mysql_num_rows( $missionTitleResult );
    260. 

  260. 					
    261. 

  261. 					while( $titleArray = mysql_fetch_array( $missionTitleResult ) ) {
    262. 

  262. 						extract( $titleArray, EXTR_OVERWRITE );
    263. 

  263. 					}
    264. 

  264. 					
    265. 

  265. 					if( $missionCount == 0 ) {
    266. 

  266. 						echo "<b>Please create a mission before posting!</b>";
    267. 

  267. 					} else {
    268. 

  268. 					
    269. 

  269. 						$missions = "SELECT missionid, missionTitle, missionStatus FROM sms_missions WHERE ";
    270. 

  270. 						$missions.= "missionStatus != 'upcoming'";
    271. 

  271. 						$missionsResult = mysql_query( $missions );
    272. 

  272. 						
    273. 

  273. 						echo "<select name='postMission'>";
    274. 

  274. 						
    275. 

  275. 						while( $missionArray = mysql_fetch_array( $missionsResult ) ) {
    276. 

  276. 							extract( $missionArray, EXTR_OVERWRITE );
    277. 

  277. 							
    278. 

  278. 							echo "<option value='" . $missionid . "'";
    279. 

  279. 							if( $missionStatus == "current" ) { 
    280. 

  280. 								echo " selected ";
    281. 

  281. 							}
    282. 

  282. 							echo ">";
    283. 

  283. 							printText( $missionTitle );
    284. 

  284. 							echo "</option>";
    285. 

  285. 							
    286. 

  286. 						}
    287. 

  287. 						
    288. 

  288. 						echo "</select>";
    289. 

  289. 					
    290. 

  290. 					}
    291. 

  291. 					
    292. 

  292. 					?>
    293. 

  293. 				</td>
    294. 

  294. 			</tr>
    295. 

  295. 			<tr>
    296. 

  296. 				<td colspan="3" height="10"></td>
    297. 

  297. 			</tr>
    298. 

  298. 			<tr>
    299. 

  299. 				<td class="narrowLabel tableCellLabel">Title</td>
    300. 

  300. 				<td>&nbsp;</td>
    301. 

  301. 				<td><input type="text" class="name" name="postTitle" style="font-weight:bold;" length="100" /></td>
    302. 

  302. 			</tr>
    303. 

  303. 			<tr>
    304. 

  304. 				<td class="narrowLabel tableCellLabel">Location</td>
    305. 

  305. 				<td>&nbsp;</td>
    306. 

  306. 				<td><input type="text" class="name" name="postLocation" style="font-weight:bold;" length="100" /></td>
    307. 

  307. 			</tr>
    308. 

  308. 			<tr>
    309. 

  309. 				<td class="narrowLabel tableCellLabel">Timeline</td>
    310. 

  310. 				<td>&nbsp;</td>
    311. 

  311. 				<td><input type="text" class="name" name="postTimeline" style="font-weight:bold;" length="100" /></td>
    312. 

  312. 			</tr>
    313. 

  313. 			<tr>
    314. 

  314. 				<td class="narrowLabel tableCellLabel">Tag</td>
    315. 

  315. 				<td>&nbsp;</td>
    316. 

  316. 				<td><input type="text" class="name" name="postTag" style="font-weight:bold;" length="100" /></td>
    317. 

  317. 			</tr>
    318. 

  318. 			<tr>
    319. 

  319. 				<td class="narrowLabel tableCellLabel">Send Email?</td>
    320. 

  320. 				<td>&nbsp;</td>
    321. 

  321. 				<td><input type="checkbox" name="sendEmail" value="y" checked="checked" /></td>
    322. 

  322. 			</tr>
    323. 

  323. 			<tr>
    324. 

  324. 				<td colspan="3" height="10"></td>
    325. 

  325. 			</tr>
    326. 

  326. 			<tr>
    327. 

  327. 				<td class="narrowLabel tableCellLabel">Content</td>
    328. 

  328. 				<td>&nbsp;</td>
    329. 

  329. 				<td><textarea name="postContent" class="desc" rows="15"></textarea></td>
    330. 

  330. 			</tr>
    331. 

  331. 			<tr>
    332. 

  332. 				<td colspan="3" height="20"></td>
    333. 

  333. 			</tr>
    334. 

  334. 			
    335. 

  335. 			<? if( $missionCount > "0" ) { ?>
    336. 

  336. 			<tr>
    337. 

  337. 				<td colspan="2">&nbsp;</td>
    338. 

  338. 				<td>
    339. 

  339. 					<input type="image" src="<?=path_userskin;?>buttons/add.png" name="action" class="button" value="Add" />
    340. 

  340. 				</td>
    341. 

  341. 			</tr>
    342. 

  342. 			<? } ?>
    343. 

  343. 		</table>
    344. 

  344. 		</form>
    345. 

  345. 	</div>
    346. 

  346. 	
    347. 

  347. <? } else { errorMessage( "add joint post" ); } ?>
    348.