PageRenderTime 59ms CodeModel.GetById 25ms RepoModel.GetById 1ms app.codeStats 0ms

/mythings.php

https://github.com/cmscout/CMScout-2.x
PHP | 1385 lines | 1225 code | 125 blank | 35 comment | 282 complexity | f7ea926fa914625b02bb736093d4e974 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

  1. <?php
  2. /**************************************************************************
  3. FILENAME : mythings.php
  4. PURPOSE OF FILE : Displays items that a user owns. Allows user to edit those items (And add new items).
  5. LAST UPDATED : 24 September 2006
  6. COPYRIGHT : © 2005 CMScout Group
  7. WWW : www.cmscout.za.org
  8. LICENSE : GPL vs2.0
  9. This program is free software; you can redistribute it and/or modify
  10. it under the terms of the GNU General Public License as published by
  11. the Free Software Foundation; either version 2 of the License, or
  12. (at your option) any later version.
  13. This program is distributed in the hope that it will be useful,
  14. but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. GNU General Public License for more details.
  17. You should have received a copy of the GNU General Public License
  18. along with this program; if not, write to the Free Software
  19. Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
  20. **************************************************************************/
  21. ?>
  22. <?php
  23. if (!defined('SCOUT_NUKE'))
  24. die("You have accessed this page illegally, please go use the main menu");
  25. /********************************************Check if user is allowed*****************************************/
  26. $uname = $check["uname"];
  27. $pagenum = 1;
  28. if (isset($_GET['cat'])) $cat = $_GET['cat']; else $cat = "";
  29. if (isset($_GET['action'])) $action = $_GET['action'];
  30. if (isset($_GET['id'])) $id = $_GET['id'];
  31. $safe_id = safesql($id, "int");
  32. $groupsqllist = group_sql_list_id("id", "OR", true);
  33. $teams = array();
  34. $team_query = $data->select_query("groups", "WHERE ($groupsqllist) AND ispublic=1");
  35. $numteams = $data->num_rows($team_query);
  36. while ($teams[] = $data->fetch_array($team_query));
  37. $location = "User Control Panel >> Contributions";
  38. if ($cat != "" || $action != "")
  39. {
  40. switch($cat)
  41. {
  42. case "album" :
  43. $pagenum = 2;
  44. $scriptList['slimbox'] = 1;
  45. if ($_POST['Submit'] == "Update")
  46. {
  47. $group = safesql($_POST['group'], "int");
  48. $name = safesql($_POST['name'], "text");
  49. $data->update_query("album_track", "album_name=$name, patrol=$group", "ID = $safe_id");
  50. show_message("Album updated.", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}");
  51. }
  52. $album = $data->select_fetch_one_row("album_track", "WHERE ID = $safe_id");
  53. if (!user_group_id($check['id'], $album['patrol']) && $album['patrol'] != 0 && $album['patrol'] != -1)
  54. {
  55. $temp = $data->select_fetch_one_row("groups", "WHERE id={$album['patrol']}");
  56. $teams[] = $temp;
  57. $numteams++;
  58. }
  59. $sql = $data->select_query("photos", "WHERE album_id = $safe_id");
  60. $numphotos = $data->num_rows($sql);
  61. $photos = array();
  62. while ($photos[] = $data->fetch_array($sql));
  63. $location = "Edit " . censor($album['album_name']) . " photo album";
  64. $tpl->assign("album", $album);
  65. $tpl->assign("numphotos", $numphotos);
  66. $tpl->assign("photos", $photos);
  67. $tpl->assign("photopath", $config["photopath"] . "/");
  68. if($_POST['Submit'] == "Upload Photos")
  69. {
  70. $number_added = 0;
  71. for ($i = 1;$i<=$_POST['numoptions'];$i++)
  72. {
  73. if ($_FILES['filename']['name'][$i] == '' && ($_FILES['filename']['type'][$i] == 'image/gif') || ($_FILES['filename']['type'][$i] == 'image/jpeg') || ($_FILES['filename']['type'][$i] == 'image/png') || ($_FILES['filename']['type'][$i] == 'image/pjpeg'))
  74. {
  75. $fileinfo['name'] = $_FILES['filename']['name'][$i];
  76. $fileinfo['type'] = $_FILES['filename']['type'][$i];
  77. $fileinfo['tmp_name'] = $_FILES['filename']['tmp_name'][$i];
  78. $fileinfo['error'] = $_FILES['filename']['error'][$i];
  79. $fileinfo['size'] = $_FILES['filename']['size'][$i];
  80. $filestuff = uploadpic($fileinfo, $config['photox'], $config['photoy'], true);
  81. $filename = $filestuff['filename'];
  82. $desc = $_POST['caption'][$i];
  83. $insert = sprintf("NULL, %s, %s, %s, $timestamp",
  84. safesql($filename, "text"),
  85. safesql($desc, "text"),
  86. $safe_id);
  87. if(confirm('photo') == 1 && $album['allowed'] == 1)
  88. {
  89. $insert .= ", 0";
  90. }
  91. else
  92. {
  93. $insert .= ", 1";
  94. }
  95. if ($data->insert_query("photos", $insert, "", "", false))
  96. {
  97. $number_added++;
  98. }
  99. if(confirm('photo') == 1 && $album['allowed'] == 1)
  100. {
  101. $extrabit = "Your photos first need to be reviewed by an administrator before they will be visible on the website.";
  102. }
  103. }
  104. }
  105. if ($extrabit)
  106. {
  107. confirmMail("photo", $album);
  108. }
  109. if ($number_added > 0 )
  110. {
  111. $data->update_query("users", "numphotos = numphotos + $number_added", "id='{$check['id']}'");
  112. }
  113. show_message("$number_added photos added. $extrabit", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}");
  114. }
  115. elseif ($_POST['Submit'] == "Update Photo")
  116. {
  117. $photoid = safesql($_POST['photoid'],"int");
  118. if ($_FILES['editfilename']['name'] != '')
  119. {
  120. if (($_FILES['editfilename']['type'] == 'image/gif') || ($_FILES['editfilename']['type'] == 'image/jpeg') || ($_FILES['editfilename']['type'] == 'image/png') || ($_FILES['editfilename']['type'] == 'image/pjpeg'))
  121. {
  122. $filestuff = uploadpic($_FILES['editfilename'], $config['photox'], $config['photoy'], true);
  123. $filename = safesql($filestuff['filename'], "text");;
  124. $desc = safesql($_POST['editcaption'], "text");
  125. if(confirm('photo') && $album['allowed'] == 1)
  126. {
  127. $data->update_query("photos", "filename=$filename, date='$timestamp', caption = $desc, allowed = 0", "ID=$photoid");
  128. }
  129. else
  130. {
  131. $data->update_query("photos", "filename=$filename, date='$timestamp', caption = $desc", "ID=$photoid");
  132. }
  133. if(confirm('photo') == 1 && $album['allowed'] == 1)
  134. {
  135. $extrabit = "It first needs to be reviewed before it will be visible on the website.";
  136. confirmMail("photo", $album);
  137. }
  138. }
  139. else
  140. {
  141. show_message("Sorry, we only accept .gif, .jpg, .jpeg or .png images.", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}");
  142. }
  143. }
  144. else
  145. {
  146. $desc = safesql($_POST['editcaption'], "text");
  147. if ($desc != '')
  148. {
  149. $data->update_query("photos", "caption = $desc", "ID='$photoid'");
  150. }
  151. }
  152. show_message("Your photo has been updated. $extrabit", "index.php?page=mythings&cat=album&action=edit&id={$id}&menuid={$menuid}");
  153. $noshow = true;
  154. }
  155. if($action=="delphoto")
  156. {
  157. $pid = $_GET['pid'];
  158. if ($data->num_rows($data->select_query("album_track", "WHERE ID = $safe_id")))
  159. {
  160. $sql = $data->select_query("photos", "WHERE ID=$pid");
  161. $photo = $data->fetch_array($sql);
  162. unlink($config['photopath'] . '/' . $photo['filename']);
  163. $sqlq = $data->delete_query("photos", "ID=$pid AND album_id=$safe_id", "Albums", "Photo for album $aid deleted by {$uname}");
  164. $data->update_query("album_track", "numphotos = numphotos - 1", "ID=$safe_id", "", "", false);
  165. header("location: index.php?page=mythings&cat=album&id=$id&menuid=$menuid");
  166. }
  167. }
  168. elseif ($action == "delete")
  169. {
  170. $sqlq = $data->update_query("album_track", "trash=1", "ID=$safe_id");
  171. if ($sqlq)
  172. {
  173. show_message("Album deleted", "index.php?page=mythings&menuid=$menuid");
  174. }
  175. }
  176. break;
  177. case "articles":
  178. if ($action == "edit")
  179. {
  180. $pagenum=6;
  181. $query = $data->select_query("patrol_articles", "WHERE ID=$safe_id");
  182. $post = $data->fetch_array($query);
  183. if($post['pic'])
  184. {
  185. $photoid = safesql($post['pic'], "int");
  186. $photo = $data->select_fetch_one_row("photos", "WHERE ID=$photoid", "album_id");
  187. $selectedAlbumInfo['photos'] = $data->select_fetch_all_rows($selectedAlbumInfo['numphotos'], "photos", "WHERE album_id = {$photo['album_id']} AND allowed = 1");
  188. $tpl->assign("selectedAlbumInfo", $selectedAlbumInfo);
  189. $tpl->assign("selectedAlbum", $photo['album_id']);
  190. }
  191. $location = "Edit " . censor($post['title']) . " article";
  192. $quer = $data->select_query("album_track", "WHERE allowed=1 AND trash=0 ORDER BY album_name ASC");
  193. $numalbum = $data->num_rows($quer);
  194. $albums = array();
  195. while ($temp = $data->fetch_array($quer))
  196. {
  197. $temp['photos'] = $data->select_fetch_all_rows($temp['numphotos'], "photos", "WHERE album_id = {$temp['ID']} AND allowed = 1");
  198. $albums[] = $temp;
  199. }
  200. $event = $data->select_fetch_all_rows($numevents, "calendar_items", "WHERE allowed=1 AND trash=0 ORDER BY summary ASC");
  201. $groups = public_group_sql_list_id("id", "OR");
  202. if ($groups)
  203. {
  204. $teams = array();
  205. $team_query = $data->select_query("groups", "WHERE ($groups) AND ispublic=1");
  206. $numteams = $data->num_rows($team_query);
  207. while ($teams[] = $data->fetch_array($team_query));
  208. }
  209. else
  210. {
  211. $numteams = 0;
  212. }
  213. $post['topics'] = unserialize($post['topics']);
  214. $post['related'] = unserialize($post['related']);
  215. $tpl->assign('numevents', $numevents);
  216. $tpl->assign('event', $event);
  217. $tpl->assign('numalbum', $numalbum);
  218. $tpl->assign('albums', $albums);
  219. $tpl->assign("post", $post);
  220. $result = $data->select_query("articletopics", "ORDER BY title ASC", "id, title, groups");
  221. $numtopics = 0;
  222. $topics = array();
  223. while ($temp = $data->fetch_array($result))
  224. {
  225. $topicgroups = unserialize($temp['groups']);
  226. if (in_group($topicgroups))
  227. {
  228. $topics[] = $temp;
  229. $numtopics++;
  230. }
  231. }
  232. $article = $data->select_fetch_all_rows($numarticles, "patrol_articles", "WHERE allowed=1 AND trash=0 AND ID != $safe_id ORDER BY title ASC");
  233. $tpl->assign('numarticles', $numarticles);
  234. $tpl->assign('article', $article);
  235. $tpl->assign('numarticles', $numarticles);
  236. $tpl->assign('article', $article);
  237. $tpl->assign('numtopics', $numtopics);
  238. $tpl->assign('topics', $topics);
  239. $scriptList['tinyAdv'] = 1;
  240. $submit=$_POST["Submit"];
  241. if ($submit == "Submit")
  242. {
  243. if (validate($_POST['validation']))
  244. {
  245. $title = safesql($_POST['title'], "text");
  246. $photo = safesql($_POST['photo'], "int");
  247. $event = safesql($_POST['event'], "int");
  248. $story = safesql($_POST['story'], "text", false);
  249. $auth = safesql($_POST['auth'], "text");
  250. $patrol = safesql($_POST['patrol'], "int");
  251. $pic = safesql($_POST['articlephoto'], "int");
  252. $allow = confirm('article') ? 0 : 1;
  253. $topics = safesql(serialize($_POST['topics']), "text");
  254. $order = safesql($_POST['order'], "int");
  255. $summary = safesql($_POST['summary'], "text");
  256. $related = safesql(serialize($_POST['articles']), "text");
  257. $sql = $data->update_query("patrol_articles", "patrol=$patrol, pic=$pic, title=$title, detail=$story, date_post=$timestamp, album_id=$photo, event_id=$event, author=$auth, allowed = $allow, topics=$topics, `order`=$order, summary=$summary, related=$related","ID=$safe_id");
  258. if (confirm('article'))
  259. {
  260. $article = $data->select_fetch_one_row("patrol_articles", "WHERE ID=$safe_id");
  261. confirmMail("article", $article);
  262. $extra = "The administrator needs to republish your article now that you have edited it.";
  263. }
  264. else $extra = "";
  265. show_message("Your Article has been updated. $extra", "index.php?page=mythings&menuid=$menuid");
  266. }
  267. else
  268. {
  269. show_message("Some of your inputs might not be correct. Please check them again", "index.php?page=mythings&cat=articles&action=edit&id={$id}&menuid={$menuid}", true);
  270. }
  271. }
  272. elseif($_POST['preview'] == "Preview Article")
  273. {
  274. if (validate($_POST['validation']))
  275. {
  276. $post['patrol'] = $_POST['patrol'];
  277. $post['title'] = $_POST['title'];
  278. $post['detail'] = $_POST['story'];
  279. $post['album_id'] = $_POST['photo'];
  280. $post['event_id'] = $_POST['event'];
  281. $post['auth'] = $_POST['auth'];
  282. $post['datepost'] = $timestamp;
  283. $post['topics'] = $_POST['topics'];
  284. $post['order'] = $_POST['order'];
  285. $post['summary'] = $_POST['summary'];
  286. $post['related'] = $_POST['articles'];
  287. $post['pic'] = $_POST['articlephoto'];
  288. if ($post['album_id'] != 0)
  289. {
  290. $album_id = safesql($post['album_id'], "int");
  291. $photo = $data->select_fetch_all_rows($number_of_photos, "photos", "WHERE album_id={$album_id}");
  292. $tpl->assign("photo", $photo);
  293. $tpl->assign("number_of_photos", $number_of_photos);
  294. }
  295. if ($post['event_id'] != 0)
  296. {
  297. $eventid = safesql($post['event_id'], "int");
  298. $event = $data->select_fetch_one_row("calendar_items", "WHERE id = {$eventid}", "id, summary, startdate, enddate");
  299. $tpl->assign("event", $event);
  300. }
  301. $temp['related'] = '';
  302. $num = 1;
  303. while (list($articleid, $value) = each($post['related']))
  304. {
  305. $articleid = safesql($articleid, "int");
  306. $topicdetail = $data->select_fetch_one_row("patrol_articles", "WHERE ID = $articleid", "title");
  307. $temp['related'] .= $topicdetail['title'];
  308. if ($num++ < count($post['related'])) $temp['related'] .= ", ";
  309. }
  310. $post['relatedlist'] = $temp['related'];
  311. $tpl->assign('post', $post);
  312. $tpl->assign("preview", "true");
  313. }
  314. else
  315. {
  316. show_message("Some of your inputs might not be correct. Please check them again", "index.php?page=mythings&cat=articles&action=edit&id={$id}&menuid={$menuid}", true);
  317. }
  318. }
  319. }
  320. elseif ($action == "delete")
  321. {
  322. $sqlq = $data->update_query("patrol_articles", "trash=1", "ID=$safe_id", "Articles", "Deleted $id");
  323. if ($sqlq)
  324. {
  325. show_message("Your Article has been deleted.", "index.php?page=mythings&menuid=$menuid");
  326. }
  327. }
  328. break;
  329. case "events":
  330. if ($action == "edit")
  331. {
  332. $pagenum = 10;
  333. $calsql = $data->select_query("calendar_items", "WHERE id = $safe_id");
  334. $items = $data->fetch_array($calsql);
  335. $startdate = strftime("%Y/%m/%d", $items['startdate']);
  336. $enddate = strftime("%Y/%m/%d", $items['enddate']);
  337. $groups = group_sql_list_id("id", "OR");
  338. $teams = array();
  339. $team_query = $data->select_query("groups", "WHERE ($groups) ORDER BY teamname ASC", "id, teamname");
  340. $numteams = $data->num_rows($team_query);
  341. while ($teams[] = $data->fetch_array($team_query));
  342. $patrols = $data->select_fetch_all_rows($numpatrols, "groups", "WHERE ($groups) AND ispatrol = 1 ORDER BY teamname ASC", "id, teamname");
  343. $groups = group_sql_list_id("patrol", "OR");
  344. $members = $data->select_fetch_all_rows($nummembers, "members", "WHERE ($groups) ORDER BY lastName,firstName ASC", "id, lastName, firstName");
  345. $tpl->assign('teams',$teams);
  346. $tpl->assign('numteams', $numteams);
  347. $tpl->assign('patrols',$patrols);
  348. $tpl->assign('numpatrols', $numpatrols);
  349. $tpl->assign('members',$members);
  350. $tpl->assign('nummembers', $nummembers);
  351. $items['groups'] = unserialize($items['groups']);
  352. $items['patrols'] = unserialize($items['patrols']);
  353. $tpl->assign('item', $items);
  354. $location = "Edit " . censor($items['summary']) . " event";
  355. $colour = rgb2hex2rgb($items['colour']);
  356. $script .= "{literal}function makeTwoChars(inp) {
  357. return String(inp).length < 2 ? \"0\" + inp : inp;
  358. }
  359. function initialiseInputs() {
  360. // Clear any old values from the inputs (that might be cachedate by the browser after a page reload)
  361. document.getElementById(\"sdate\").value = \"$startdate\";
  362. document.getElementById(\"edate\").value = \"$enddate\";
  363. // Add the onchange event handler to the start date input
  364. document.getElementById(\"sdate\").onchange = setReservationDates;
  365. }
  366. function setReservationDates(e) {
  367. // Check the associatedate datePicker object is available (be safe)
  368. if(!(\"sdate\" in datePickerController.datePickers)) {
  369. return;
  370. }
  371. // Check the value of the input is a date of the correct format
  372. var dt = datePickerController.dateFormat(this.value, datePickerController.datePickers[\"sdate\"].format.charAt(0) == \"m\");
  373. // If the input's value cannot be parsedate as a valid date then return
  374. if(dt == 0) return;
  375. // Grab the value set within the endDate input and parse it using the dateFormat method
  376. // N.B: The second parameter to the dateFormat function, if TRUE, tells the function to favour the m-d-y date format
  377. var edatev = datePickerController.dateFormat(document.getElementById(\"edate\").value, datePickerController.datePickers[\"edate\"].format.charAt(0) == \"m\");
  378. // Grab the end date datePicker Objects
  379. var edate = datePickerController.datePickers[\"edate\"];
  380. edate.setRangeLow( dt );
  381. // If theres a value already present within the end date input and it's smaller than the start date
  382. // then clear the end date value
  383. if(edatev < dt) {
  384. document.getElementById(\"edate\").value = \"\";
  385. }
  386. }
  387. datePickerController.addEvent(window, 'load', initialiseInputs);{/literal}";
  388. $onDomReady .= "var r = new MooRainbow('colourSelector', {
  389. 'startColor': [{$colour['red']}, {$colour['green']}, {$colour['blue']}],
  390. 'onChange': function(color) {
  391. $('colour').value = color.hex;
  392. $('colour').style.backgroundColor = color.hex;
  393. }
  394. });";
  395. $scriptList['tinyAdv'] = 1;
  396. $scriptList['datepicker'] = 1;
  397. $scriptList['mooRainbow'] = 1;
  398. $submit = $_POST['Submit'];
  399. if ($submit == "Update Item")
  400. {
  401. if (validate($_POST['validation']))
  402. {
  403. $summary = safesql($_POST['summary'], "text");
  404. $startdate = safesql(strtotime($_POST['sdate']) + $_POST['stime']['Time_Hour']*60*60 + $_POST['stime']['Time_Minute']*60);
  405. $enddate = safesql(strtotime($_POST['edate']) + $_POST['etime']['Time_Hour']*60*60 + $_POST['etime']['Time_Minute']*60);
  406. $detail = safesql($_POST['story'], "text", false);
  407. $colour = safesql($_POST['colour'], "text");
  408. if (confirm('event'))
  409. {
  410. $message = "Your event has been updated, but first needs to be reviewed by an administrator.";
  411. $allow = 0;
  412. }
  413. else
  414. {
  415. $message = "Your event has been updated.";
  416. $allow = 1;
  417. }
  418. $groupallowed = safesql(serialize($_POST['groups']), "text");
  419. $signup = safesql($_POST['signup'], "int");
  420. $signupusers = safesql($_POST['signupusers'], "int");
  421. $patrols = $signupusers != 3 ? safesql(serialize($_POST['patrols']), "text") : safesql(serialize($_POST['invites']), "text");
  422. $sql = $data->update_query("calendar_items", "summary = $summary, startdate = $startdate, enddate = $enddate, detail = $detail, `groups` = $groupallowed, colour = $colour, signup=$signup, signupusers=$signupusers, patrols=$patrols, allowed=$allow", "id = $safe_id");
  423. if ($sql)
  424. {
  425. if (confirm('event'))
  426. {
  427. $event = $data->select_fetch_one_row("calendar_items", "WHERE id = $safe_id");
  428. confirmMail("event", $event);
  429. }
  430. show_message($message, "index.php?page=mythings&menuid=$menuid");
  431. }
  432. }
  433. else
  434. {
  435. show_message("Some of your inputs might not be correct. Please check them again", "index.php?page=mythings&cat=events&action=edit&id={$id}&menuid={$menuid}", true);
  436. }
  437. }
  438. }
  439. elseif ($action == "adddownload")
  440. {
  441. $download = safesql($_POST['download'], "int");
  442. $permissions = safesql($_POST['permissions'], "int");
  443. if ($download != 0)
  444. {
  445. $data->insert_query("calendar_downloads", "'', $safe_id, $download, $permissions");
  446. show_message("Download Added", "index.php?page=mythings&cat=events&action=signups&id=$id&activetab=events");
  447. }
  448. else
  449. {
  450. show_message("Please select a download", "index.php?page=mythings&cat=events&action=signups&id=$id&activetab=events");
  451. }
  452. }
  453. elseif ($action == "deletefield")
  454. {
  455. $eventid = safesql($_GET['event'], "int");
  456. $data->delete_query("profilefields", "id=$safe_id");
  457. show_message("Field Deleted", "index.php?page=mythings&cat=events&action=signups&id=$eventid&activetab=ical&menuid=$menuid");
  458. }
  459. elseif ($action == "deletedownload")
  460. {
  461. $eventid = safesql($_GET['event'], "int");
  462. $data->delete_query("calendar_downloads", "id=$safe_id");
  463. show_message("Download Removed", "index.php?page=mythings&cat=events&action=signups&id=$eventid&activetab=ical&menuid=$menuid");
  464. }
  465. elseif ($action == "newfield" || $action == "editfield")
  466. {
  467. $pagenum = 12;
  468. $tpl->assign("action", $action);
  469. $eventid = safesql($_GET['event'], "int");
  470. if ($action == "editfield")
  471. {
  472. $item = $data->select_fetch_one_row("profilefields", "WHERE id=$safe_id");
  473. $item['options'] = unserialize($item['options']);
  474. $tpl->assign("item", $item);
  475. }
  476. if ($_POST['Submit'] == "Submit")
  477. {
  478. $name = safesql(str_replace(" ", "", $_POST['name']), "text");
  479. if (check_duplicate("profilefields", "name", $name, $safe_id))
  480. {
  481. show_message("A field with that name already exists");
  482. }
  483. $query = safesql($_POST['query'], "text");
  484. $hint = safesql($_POST['hint'], "text");
  485. $required = safesql($_POST['required'], "int");
  486. $register = safesql($_POST['register'], "int");
  487. $type = safesql($_POST['type'], "int");
  488. switch ($_POST['type'])
  489. {
  490. case 1:
  491. $options = $_POST['options'];
  492. break;
  493. case 2:
  494. $options = $_POST['options'];
  495. break;
  496. case 3: case 4: case 5:
  497. $options = array();
  498. $options[0] = $_POST['numoptions'];
  499. for ($i=1;$i<=$_POST['numoptions'];$i++)
  500. {
  501. $temp = $_POST['option' . $i];
  502. if ($temp != '')
  503. {
  504. $options[] = urlencode(stripslashes($temp));
  505. }
  506. else
  507. {
  508. --$options[0];
  509. }
  510. }
  511. break;
  512. case 6:
  513. $options = "''";
  514. }
  515. $pos = 0;
  516. $options = safesql(serialize($options), "text");
  517. if ($action == "newfield")
  518. {
  519. $data->insert_query("profilefields", "'', $name, $query, $options, $hint, $type, $required, $register, 0, $pos, 2, $eventid");
  520. show_message("Field Added", "index.php?page=mythings&cat=events&action=signups&id=$eventid&activetab=events");
  521. }
  522. elseif ($action == "editfield")
  523. {
  524. $data->update_query("profilefields", "query=$query, options=$options, hint=$hint, type=$type, required=$required, register=$register", "id=$safe_id");
  525. show_message("Field Updated", "index.php?page=mythings&cat=events&action=signups&id=$eventid&activetab=events");
  526. }
  527. }
  528. }
  529. elseif ($action == "signups")
  530. {
  531. $pagenum = 11;
  532. $scriptList['mootabs'] = 1;
  533. $eventinfo = $data->select_fetch_one_row("calendar_items", "WHERE id=$safe_id");
  534. $groups = group_sql_list_id("patrol", "OR");
  535. if ($eventinfo['signupusers'] == 0 || $eventinfo['signupusers'] == 3)
  536. {
  537. $sql = $data->select_query("members", "WHERE ($groups) OR patrol = 0 ORDER BY lastName, firstName ASC");
  538. }
  539. elseif ($eventinfo['signupusers'] == 1)
  540. {
  541. $sql = $data->select_query("members", "WHERE ($groups) AND type = 0 ORDER BY lastName, firstName ASC");
  542. }
  543. elseif ($eventinfo['signupusers'] == 2)
  544. {
  545. $sql = $data->select_query("members", "WHERE type = 1 OR type = 2 ORDER BY lastName, firstName ASC");
  546. }
  547. $nummembers = $data->num_rows($sql);
  548. $members = array();
  549. while ($temp = $data->fetch_array($sql))
  550. {
  551. $attendie = $data->select_fetch_one_row("attendies", "WHERE uid={$temp['id']} AND eid = $safe_id");
  552. if ($attendie)
  553. {
  554. $temp['attend'] = 1;
  555. $temp['attendoptions'] = unserialize($attendie['options']);
  556. }
  557. $members[] = $temp;
  558. }
  559. $tpl->assign("members", $members);
  560. $tpl->assign("nummembers", $nummembers);
  561. $sql = $data->select_query("profilefields", "WHERE place=2 AND eventid=$safe_id ORDER BY query ASC");
  562. $numfields = $data->num_rows($sql);
  563. $fields = array();
  564. while ($temp = $data->fetch_array($sql))
  565. {
  566. $temp['options'] = unserialize($temp['options']);
  567. $fields[] = $temp;
  568. }
  569. $tpl->assign("numfields", $numfields);
  570. $tpl->assign("fields", $fields);
  571. $tpl->assign("eventid", $safe_id);
  572. $tpl->assign("eventinfo", $eventinfo);
  573. $sql = $data->select_query("download_cats", "", "id, name, downauth");
  574. $downloads = array();
  575. $numcategories = 0;
  576. while ($temp = $data->fetch_array($sql))
  577. {
  578. $auth = unserialize($temp['downauth']);
  579. $allowed = 0;
  580. $usergroups = user_groups_id_array($check['id']);
  581. for($i=0;$i<count($usergroups);$i++)
  582. {
  583. if($auth[$usergroups[$i]] == 1)
  584. {
  585. $allowed = 1;
  586. }
  587. }
  588. if ($allowed == 1)
  589. {
  590. $sql1 = $data->select_query("downloads", "WHERE cat={$temp['id']} AND trash = 0", "id, name");
  591. $downloadtemp = array();
  592. $tempnumber = 0;
  593. while ($temp2 = $data->fetch_array($sql1))
  594. {
  595. if ($data->num_rows($data->select_query("calendar_downloads", "WHERE eid=$safe_id AND did = {$temp2['id']}")) == 0)
  596. {
  597. $downloadtemp[] = $temp2;
  598. $tempnumber++;
  599. }
  600. }
  601. $temp['number'] = $tempnumber;
  602. $temp['downloads'] = $downloadtemp;
  603. $downloads[] = $temp;
  604. $numcategories++;
  605. }
  606. }
  607. $tpl->assign("numcategories", $numcategories);
  608. $tpl->assign("downloads", $downloads);
  609. $sql = $data->select_query("calendar_downloads", "WHERE eid=$safe_id");
  610. $event_downloads = array();
  611. $numeventdownloads = $data->num_rows($sql);
  612. while ($temp = $data->fetch_array($sql))
  613. {
  614. $temp1 = $data->select_fetch_one_row("downloads", "WHERE id={$temp['did']}", "name");
  615. $temp['name'] = $temp1['name'];
  616. $event_downloads[] = $temp;
  617. }
  618. $tpl->assign("numeventdownloads", $numeventdownloads);
  619. $tpl->assign("event_downloads", $event_downloads);
  620. if ($_POST['Submit'] == "Update")
  621. {
  622. $attendies = $_POST['attend'];
  623. $options = $_POST['options'];
  624. $data->delete_query("attendies", "eid=$safe_id");
  625. foreach($attendies as $uid => $attend)
  626. {
  627. if ($attend == 1)
  628. {
  629. $useroption = safesql(serialize($options[$uid]), "text");
  630. if ($data->num_rows($data->select_query("attendies", "WHERE uid=$uid AND eid = $safe_id")) == 0)
  631. {
  632. $data->insert_query("attendies", "'', $uid, $safe_id, $useroption");
  633. }
  634. else
  635. {
  636. $data->update_query("attendies", "options = $useroption", "uid=$uid AND eid=$safe_id");
  637. }
  638. }
  639. }
  640. show_message("Attendies Updated", "index.php?page=mythings&cat=events&action=signups&id=$id&activetab=events");
  641. }
  642. }
  643. elseif ($action == "delete")
  644. {
  645. $sqlq = $data->update_query("calendar_items", "trash=1", "id=$safe_id", "Calendar", "Deleted $id");
  646. if ($sqlq)
  647. {
  648. show_message("Event has been deleted.", "index.php?page=mythings&menuid=$menuid");
  649. }
  650. }
  651. break;
  652. case "downloads":
  653. if ($action == "edit")
  654. {
  655. $pagenum = 8;
  656. $sql = $data->select_query("downloads", "WHERE id=$safe_id ");
  657. $down = $data->fetch_array($sql);
  658. $location = "Edit " . censor($down['name']) . " download";
  659. $sql = $data->select_query("download_cats");
  660. $cats = array();
  661. $numcats = 0;
  662. while ($row = $data->fetch_array($sql))
  663. {
  664. $temp = unserialize($row['auth']);
  665. if($temp == "")
  666. {
  667. $cats[] = $row;
  668. $numcats++;
  669. }
  670. else
  671. {
  672. if($temp[$check['team']] == 1)
  673. {
  674. $cats[] = $row;
  675. $numcats++;
  676. }
  677. }
  678. }
  679. $quer = $data->select_query("album_track", "WHERE allowed=1 AND trash=0 ORDER BY album_name ASC");
  680. $numalbum = $data->num_rows($quer);
  681. $albums = array();
  682. while ($temp = $data->fetch_array($quer))
  683. {
  684. $temp['photos'] = $data->select_fetch_all_rows($temp['numphotos'], "photos", "WHERE album_id = {$temp['ID']} AND allowed = 1");
  685. $albums[] = $temp;
  686. }
  687. $tpl->assign('numalbum', $numalbum);
  688. $tpl->assign('albums', $albums);
  689. if($down['thumbnail'])
  690. {
  691. $photoid = safesql($down['thumbnail'], "int");
  692. $photo = $data->select_fetch_one_row("photos", "WHERE ID=$photoid", "album_id");
  693. $selectedAlbumInfo['photos'] = $data->select_fetch_all_rows($selectedAlbumInfo['numphotos'], "photos", "WHERE album_id = {$photo['album_id']} AND allowed = 1");
  694. $tpl->assign("selectedAlbumInfo", $selectedAlbumInfo);
  695. $tpl->assign("selectedAlbum", $photo['album_id']);
  696. }
  697. if($_POST['Submit'] == 'Submit')
  698. {
  699. $name = safesql($_POST['name'], "text");
  700. $desc = safesql($_POST['desc'], "text");
  701. $picture = safesql($_POST['downloadphoto'], "text");
  702. $cid = safesql($_POST['cat'], "text", false);
  703. $filename = "";
  704. if ($_FILES['file']['name'] != "")
  705. {
  706. $where = $config['downloadpath'] . "/";
  707. if ($down['saved_file'] != '')
  708. {
  709. unlink($where . $down['saved_file']);
  710. }
  711. $filename = $_FILES['file']['name'];
  712. $savefile = md5($_FILES['file']['name'] . (microtime() + mktime()));
  713. if (($_FILES['file']['size']/1024 <= $config['uploadlimit']))
  714. {
  715. move_uploaded_file($_FILES['file']['tmp_name'],$where . $savefile);
  716. }
  717. else
  718. {
  719. show_message("The file is larger than the maximum allowable file size (Upload Limit:{$config['uploadlimit']}Kb, File size: " . ceil($_FILES['file']['size']/1024) . "Kb ).", "index.php?page=mythings&menuid=$menuid");
  720. }
  721. if ($_FILES['file']['name'] != "" && (!file_exists($where . $savefile) || filesize($where . $savefile) == 0))
  722. {
  723. show_message("There was an error uploading the file. Try again, if the problem persists contact the administrator.", "index.php?page=mythings&menuid=$menuid");
  724. }
  725. $filename = safesql($filename, "text");
  726. $savefile = safesql($savefile, "text");
  727. }
  728. if (confirm('download'))
  729. {
  730. if ($_FILES['file']['name'] != "")
  731. {
  732. $sql = $data->update_query("downloads", "name = $name, thumbnail=$picture, descs = $desc, cat = $cid, file = $filename, saved_file= $savefile, numdownloads = 0, size = '".ceil($_FILES['file']['size'] / 1024)."', allowed = 0", "id=$safe_id");
  733. $download = $data->select_fetch_one_row("downloads", "WHERE id=$safe_id ");
  734. $extra = "It first needs to be reviewed before it will be available on the site.";
  735. confirmMail("download", $download);
  736. }
  737. else
  738. {
  739. $sql = $data->update_query("downloads", "name = $name, thumbnail=$picture, descs = $desc, cat = $cid", "id=$safe_id", "Downloads", "Updated Download $name");
  740. }
  741. }
  742. else
  743. {
  744. if ($_FILES['file']['name'] != "")
  745. {
  746. $sql = $data->update_query("downloads", "name = $name, thumbnail=$picture, descs = $desc, cat = $cid, file = $filename, saved_file= $savefile, numdownloads = 0, size = '".ceil($_FILES['file']['size'] / 1024)."'", "id=$safe_id", "Downloads", "Updated Download $name");
  747. }
  748. else
  749. {
  750. $sql = $data->update_query("downloads", "name = $name, thumbnail=$picture, descs = $desc, cat = $cid", "id=$safe_id", "Downloads", "Updated Download $name");
  751. }
  752. }
  753. if ($sql)
  754. {
  755. show_message("Your download has been updated. $extra", "index.php?page=mythings&menuid=$menuid");
  756. }
  757. }
  758. $tpl->assign("cat", $cats);
  759. $tpl->assign("numcats", $numcats);
  760. $tpl->assign("down", $down);
  761. $tpl->assign("action", "edit");
  762. }
  763. elseif ($action == "delete")
  764. {
  765. $sqlq = $data->update_query("downloads", "trash=1", "id=$safe_id", "Downloads", "Deleted $id");
  766. if ($sqlq)
  767. {
  768. show_message("Your download has been deleted.", "index.php?page=mythings&menuid=$menuid");
  769. }
  770. }
  771. break;
  772. case "newsitems":
  773. if ($action == "edit")
  774. {
  775. $pagenum = 9;
  776. $sql = $data->select_query("newscontent", "WHERE id=$safe_id");
  777. $shownews = $data->fetch_array($Show);
  778. $shownews['news'] = $shownews['news'];
  779. $tpl->assign("shownews", $shownews);
  780. $location = "Edit " . censor($shownews['title']) . " news item";
  781. $scriptList['tinyAdv'] = 1;
  782. $submit=$_POST["submit"];
  783. if ($submit == "Submit")
  784. {
  785. $news = safesql($_POST['story'], "text", false);
  786. $title = safesql($_POST['title'], "text");
  787. if (confirm('news')) $allow = 0;
  788. else $allow = 1;
  789. $sql = $data->update_query("newscontent", "title=$title, news=$news, allowed = $allow",
  790. "id=$safe_id", "News", "Edited News $id");
  791. if (confirm('news'))
  792. {
  793. $extra = "The administrator needs to republish your news item now that you have edited it.";
  794. $news = $data->select_fetch_one_row("newscontent", "WHERE id=$safe_id");
  795. confirmMail("news", $news);
  796. }
  797. else $extra = "";
  798. show_message("Your news item has been updated. $extra", "index.php?page=mythings&menuid=$menuid");
  799. }
  800. }
  801. elseif ($action == "delete")
  802. {
  803. $sqlq = $data->update_query("newscontent", "trash=1", "id=$safe_id", "News Items", "Deleted news");
  804. if ($sqlq)
  805. {
  806. show_message("Your news item has been deleted.", "index.php?page=mythings&menuid=$menuid");
  807. }
  808. }
  809. break;
  810. case "pollitems":
  811. if ($action == "delete")
  812. {
  813. $sqlq = $data->delete_query("polls", "trash=1", "id=$safe_id");
  814. if ($sqlq)
  815. {
  816. show_message("Your poll has been deleted.", "index.php?page=mythings&menuid=$menuid");
  817. }
  818. }
  819. break;
  820. }
  821. if ($action=="owner")
  822. {
  823. $pagenum=5;
  824. $cattype = safesql($cat, "text");
  825. $tpl->assign("itemid", $id);
  826. $tpl->assign("cat", $cat);
  827. $sql = $data->select_query("owners", "WHERE item_id=$safe_id AND item_type=$cattype");
  828. $itemowners = array();
  829. $numitemowners = $data->num_rows($sql);
  830. while ($temp = $data->fetch_array($sql))
  831. {
  832. if ($temp['owner_type'] == 0)
  833. {
  834. $sql2 = $data->select_query("users", "WHERE id={$temp['owner_id']}", "id, uname");
  835. $temp2 = $data->fetch_array($sql2);
  836. $temp2['name'] = $temp2['uname'];
  837. }
  838. else
  839. {
  840. $sql2 = $data->select_query("groups", "WHERE id={$temp['owner_id']}", "id, teamname");
  841. $temp2 = $data->fetch_array($sql2);
  842. $temp2['name'] = $temp2['teamname'];
  843. }
  844. $temp2['expired'] = ($temp['expire'] >= $timestamp || $temp['expire'] == 0) ? 0 : 1;
  845. $temp2['type'] = $temp['type_owner'];
  846. $temp2['expire'] = $temp['expire'];
  847. $temp2['id'] = $temp['id'];
  848. $itemowners[] = $temp2;
  849. }
  850. $tpl->assign("numitemowners", $numitemowners);
  851. $tpl->assign("itemowners", $itemowners);
  852. $sql = $data->select_query("users", "ORDER BY uname");
  853. $numpeople = 0;
  854. $people = array();
  855. while ($temp = $data->fetch_array($sql))
  856. {
  857. if ($data->num_rows($data->select_query("owners", "WHERE item_id=$safe_id AND item_type=$cattype AND owner_id={$temp['id']} AND owner_type=0")) == 0)
  858. {
  859. $people[] = $temp;
  860. $numpeople++;
  861. }
  862. }
  863. $tpl->assign("numpeople", $numpeople);
  864. $tpl->assign("people", $people);
  865. $sql = $data->select_query("groups", "ORDER BY teamname");
  866. $numteams = 0;
  867. $groups = array();
  868. while ($temp = $data->fetch_array($sql))
  869. {
  870. if ($data->num_rows($data->select_query("owners", "WHERE item_id=$safe_id AND item_type=$cattype AND owner_id={$temp['id']} AND owner_type=1")) == 0)
  871. {
  872. $groups[] = $temp;
  873. $numteams++;
  874. }
  875. }
  876. $tpl->assign("numteams", $numteams);
  877. $tpl->assign("groups", $groups);
  878. if($_POST['action'] == "Add")
  879. {
  880. $temp = $_POST['owner'];
  881. $temp = explode("_", $temp);
  882. $owner_type = ($temp[0] == "user") ? 0 : 1;
  883. $owner = safesql($temp[1], "text");
  884. $type_owner = safesql($_POST['type_owner'], "int");
  885. if ($_POST['expire'] != 0)
  886. {
  887. $time = safesql($timestamp + 3600*$_POST['expire'], "int");
  888. }
  889. else
  890. {
  891. $time = "0";
  892. }
  893. $sql = $data->insert_query("owners", "'', $safe_id, $cattype, $owner, $owner_type, $type_owner, $time");
  894. if ($sql)
  895. {
  896. show_message("Owner added", "index.php?page=mythings&cat=$cat&action=owner&id={$id}&menuid=$menuid");
  897. }
  898. }
  899. }
  900. elseif ($action=="adddown")
  901. {
  902. $pagenum = 8;
  903. $sql = $data->select_query("download_cats");
  904. $cats = array();
  905. $numcats = 0;
  906. while ($row = $data->fetch_array($sql))
  907. {
  908. $temp = unserialize($row['upauth']);
  909. $usergroups = user_groups_id_array($check['id']);
  910. $allowed = 0;
  911. …

Large files files are truncated, but you can click here to view the full file