PageRenderTime 62ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 1ms

/php/pages/siteadmin.php

http://rate-my-boss.googlecode.com/
PHP | 395 lines | 314 code | 73 blank | 8 comment | 38 complexity | 521fa12ea6d45bec857cc0d84322bdd9 MD5 | raw file
  1. <!-- START OF MAIN -->
  2. <div class="main">
  3. <h1>Website Administration</h1>
  4. <p>This panel is accessible to the site's administrators. You may
  5. view pending organizations and supervisors, as well as other administrators
  6. which require your approval. You also have access to a list of comments
  7. which were flagged as inappropriate by users.</p>
  8. <br />
  9. <?php
  10. /* Unset the current organization id to reset menu */
  11. if(isset($orgId)) {
  12. unset($orgId);
  13. }
  14. /* Allow or deny options */
  15. include "../php/opendb.php";
  16. $query = "SELECT userId FROM user WHERE isPending";
  17. $result = mysql_query($query);
  18. while ($row = mysql_fetch_array($result)) {
  19. if (isset($_POST["confirm_user_$row[userId]"])) {
  20. $subquery = "UPDATE user SET isPending=0 WHERE userId=$row[userId]";
  21. mysql_query($subquery);
  22. /* Log user approval */
  23. $query = "INSERT INTO userActivity (userId, type) VALUE ($row[userId], 'approval')";
  24. $result = mysql_query($query);
  25. }
  26. else if (isset($_POST["deny_user_$row[userId]"])) {
  27. $subquery = "DELETE FROM user WHERE userId=$row[userId]";
  28. mysql_query($subquery);
  29. }
  30. }
  31. /* Pending admins */
  32. $query = "SELECT * FROM user WHERE isPending ORDER BY type";
  33. $result = mysql_query($query);
  34. echo " <h3>Pending Users</h3>
  35. <ul>
  36. ";
  37. while ($row = mysql_fetch_array($result)) {
  38. echo "<li>
  39. <form action='' method='post'>
  40. <p><strong>$row[name]</strong> - $row[type]</li>
  41. <input type='submit' name='confirm_user_$row[userId]' value='Confirm Access'/>
  42. <input type='submit' name='deny_user_$row[userId]' value='Deny'/></p>
  43. ";
  44. }
  45. echo " </ul>";
  46. $query = "SELECT orgId FROM organization WHERE isPending";
  47. $result = mysql_query($query);
  48. while ($row = mysql_fetch_array($result)) {
  49. if (isset($_POST["confirm_org_$row[orgId]"])) {
  50. $subquery = "UPDATE organization SET isPending=0 WHERE orgId=$row[orgId]";
  51. mysql_query($subquery);
  52. }
  53. else if (isset($_POST["deny_org_$row[orgId]"])) {
  54. $subquery = "DELETE FROM organization WHERE orgId=$row[orgId]";
  55. mysql_query($subquery);
  56. }
  57. }
  58. /* Active Users */
  59. $query = "SELECT * FROM user WHERE NOT isPending ORDER BY type";
  60. $result = mysql_query($query);
  61. echo " <h3>Active Users</h3>
  62. <p>Click on an active user to get the user's history and possible actions.
  63. Alternatively, you may see details for <a href='index.php?page=siteadmin&id=0'><strong>all users</strong></a>.</p>
  64. ";
  65. while ($row = mysql_fetch_array($result)) {
  66. echo "
  67. <p><a href='index.php?page=siteadmin&id=$row[userId]'>$row[name]</a> ($row[type])</p>
  68. ";
  69. }
  70. /* Pending organizations */
  71. $query = "SELECT * FROM organization WHERE isPending";
  72. $result = mysql_query($query);
  73. echo " <h3>Pending Organizations</h3>
  74. <ul>
  75. ";
  76. while ($row = mysql_fetch_array($result)) {
  77. echo "<li>
  78. <form action='' method='post'>
  79. <p><strong>$row[name]</strong> - $row[industryType]</p>
  80. <input type='submit' name='confirm_org_$row[orgId]' value='Allow Organization'/>
  81. <input type='submit' name='deny_org_$row[orgId]' value='Deny'/></li>
  82. ";
  83. }
  84. echo " </ul>";
  85. $query = "SELECT superId FROM supervisor WHERE isPending";
  86. $result = mysql_query($query);
  87. while ($row = mysql_fetch_array($result)) {
  88. if (isset($_POST["confirm_super_$row[superId]"])) {
  89. $subquery = "UPDATE supervisor SET isPending=0 WHERE superId=$row[superId]";
  90. mysql_query($subquery);
  91. }
  92. else if (isset($_POST["deny_super_$row[superId]"])) {
  93. $subquery = "DELETE FROM supervisor WHERE superId=$row[superId]";
  94. mysql_query($subquery);
  95. }
  96. }
  97. /* Pending Supervisors */
  98. $query = "SELECT * FROM supervisor WHERE isPending ORDER BY orgId";
  99. $result = mysql_query($query);
  100. echo " <h3>Pending Supervisors</h3>
  101. <ul>
  102. ";
  103. while ($row = mysql_fetch_array($result)) {
  104. $subquery = "SELECT name FROM organization WHERE orgId=$row[orgId]";
  105. $subresult = mysql_query($subquery);
  106. $subrow = mysql_fetch_array($subresult);
  107. echo "<li>
  108. <form action='' method='post'>
  109. <strong>$row[title]</strong> - $subrow[name]</li>
  110. <input type='submit' name='confirm_super_$row[superId]' value='Allow Supervisor'/>
  111. <input type='submit' name='deny_super_$row[superId]' value='Deny'/></p>
  112. ";
  113. }
  114. echo " </ul>";
  115. /* Select all reported orgEval */
  116. $query = "SELECT orgEvalId FROM orgEvaluation WHERE reported";
  117. $result = mysql_query($query);
  118. while ($row = mysql_fetch_array($result)) {
  119. if (isset($_POST["confirm_orgEval_$row[orgEvalId]"])) {
  120. $subquery = "UPDATE orgEvaluation SET reported=0 WHERE orgEvalId=$row[orgEvalId]";
  121. mysql_query($subquery);
  122. }
  123. else if (isset($_POST["deny_orgEval_$row[orgEvalId]"])) {
  124. $subquery = "DELETE FROM orgEvaluation WHERE orgEvalId=$row[orgEvalId]";
  125. mysql_query($subquery);
  126. }
  127. }
  128. $query = "SELECT * FROM orgEvaluation WHERE reported ORDER BY orgId";
  129. $result = mysql_query($query);
  130. echo " <h3>Reported Organization Evaluations</h3>
  131. <ul>
  132. ";
  133. while ($row = mysql_fetch_array($result)) {
  134. $subquery = "SELECT name FROM organization WHERE orgId=$row[orgId]";
  135. $subresult = mysql_query($subquery);
  136. $subrow = mysql_fetch_array($subresult);
  137. echo "<li>
  138. <form action='' method='post'>
  139. <strong>$row[title]</strong> - $subrow[name]</li>
  140. <p>$row[text]</p>
  141. <input type='submit' name='confirm_orgEval_$row[orgEvalId]' value='Unflag'/>
  142. <input type='submit' name='deny_orgEval_$row[orgEvalId]' value='Remove Evaluation'/>
  143. ";
  144. }
  145. echo " </ul>";
  146. /* Select all reported orgComment */
  147. $query = "SELECT orgCommentId FROM orgComment WHERE reported";
  148. $result = mysql_query($query);
  149. while ($row = mysql_fetch_array($result)) {
  150. if (isset($_POST["confirm_orgComment_$row[orgCommentId]"])) {
  151. $subquery = "UPDATE orgComment SET reported=0 WHERE orgCommentId=$row[orgCommentId]";
  152. mysql_query($subquery);
  153. }
  154. else if (isset($_POST["deny_orgComment_$row[orgCommentId]"])) {
  155. $subquery = "DELETE FROM orgComment WHERE orgCommentId=$row[orgCommentId]";
  156. mysql_query($subquery);
  157. }
  158. }
  159. $query = "SELECT orgId, title, c.text FROM orgComment c JOIN orgEvaluation e ON c.orgEvalId=e.orgEvalId WHERE c.reported ORDER BY orgId";
  160. $result = mysql_query($query);
  161. echo " <h3>Reported Organization Comment</h3>
  162. <ul>
  163. ";
  164. while ($row = mysql_fetch_array($result)) {
  165. $subquery = "SELECT name FROM organization WHERE orgId=$row[orgId]";
  166. $subresult = mysql_query($subquery);
  167. $subrow = mysql_fetch_array($subresult);
  168. echo "<li>
  169. <form action='' method='post'>
  170. <strong>$row[title]</strong> - $subrow[name]</li>
  171. <p>$row[text]</p>
  172. <input type='submit' name='confirm_orgComment_$row[orgCommentId]' value='Unflag'/>
  173. <input type='submit' name='deny_orgComment_$row[orgCommentId]' value='Remove Comment'/>
  174. ";
  175. }
  176. echo " </ul>";
  177. /* Select all reported superEval */
  178. $query = "SELECT superEvalId FROM superEvaluation WHERE reported";
  179. $result = mysql_query($query);
  180. while ($row = mysql_fetch_array($result)) {
  181. if (isset($_POST["confirm_superEval_$row[superEvalId]"])) {
  182. $subquery = "UPDATE superEvaluation SET reported=0 WHERE superEvalId=$row[superEvalId]";
  183. mysql_query($subquery);
  184. }
  185. else if (isset($_POST["deny_superEval_$row[superEvalId]"])) {
  186. $subquery = "DELETE FROM superEvaluation WHERE superEvalId=$row[superEvalId]";
  187. mysql_query($subquery);
  188. }
  189. }
  190. $query = "SELECT * FROM superEvaluation WHERE reported ORDER BY superId";
  191. $result = mysql_query($query);
  192. echo " <h3>Reported Supervisor Evaluations</h3>
  193. <ul>
  194. ";
  195. while ($row = mysql_fetch_array($result)) {
  196. $subquery = "SELECT title FROM supervisor WHERE superId=$row[superId]";
  197. $subresult = mysql_query($subquery);
  198. $subrow = mysql_fetch_array($subresult);
  199. echo "<li>
  200. <form action='' method='post'>
  201. <strong>$row[title]</strong> - $subrow[title]</li>
  202. <p>$row[text]</p>
  203. <input type='submit' name='confirm_superEval_$row[superEvalId]' value='Unflag'/>
  204. <input type='submit' name='deny_superEval_$row[superEvalId]' value='Remove Evaluation'/>
  205. ";
  206. }
  207. echo " </ul>";
  208. /* Select all reported superComment */
  209. $query = "SELECT superCommentId FROM superComment WHERE reported";
  210. $result = mysql_query($query);
  211. while ($row = mysql_fetch_array($result)) {
  212. if (isset($_POST["confirm_superComment_$row[superCommentId]"])) {
  213. $subquery = "UPDATE superComment SET reported=0 WHERE superCommentId=$row[superCommentId]";
  214. mysql_query($subquery);
  215. }
  216. else if (isset($_POST["deny_superComment_$row[superCommentId]"])) {
  217. $subquery = "DELETE FROM superComment WHERE superCommentId=$row[superCommentId]";
  218. mysql_query($subquery);
  219. }
  220. }
  221. $query = "SELECT superId, title, c.text FROM superComment c JOIN superEvaluation e ON c.superEvalId=e.superEvalId WHERE c.reported ORDER BY superId";
  222. $result = mysql_query($query);
  223. echo " <h3>Reported Supervisor Comment</h3>
  224. <ul>
  225. ";
  226. while ($row = mysql_fetch_array($result)) {
  227. $subquery = "SELECT title FROM supervisor WHERE superId=$row[superId]";
  228. $subresult = mysql_query($subquery);
  229. $subrow = mysql_fetch_array($subresult);
  230. echo "<li>
  231. <form action='' method='post'>
  232. <strong>$row[title]</strong> - $subrow[title]</li>
  233. <p>$row[text]</p>
  234. <input type='submit' name='confirm_superComment_$row[superCommentId]' value='Unflag'/>
  235. <input type='submit' name='deny_superComment_$row[superCommentId]' value='Remove Comment'/>
  236. ";
  237. }
  238. echo " </ul>";
  239. /* Select all reported docs */
  240. $query = "SELECT docId FROM document WHERE reported";
  241. $result = mysql_query($query);
  242. while ($row = mysql_fetch_array($result)) {
  243. if (isset($_POST["confirm_doc_$row[docId]"])) {
  244. $subquery = "UPDATE document SET reported=0 WHERE docId=$row[docId]";
  245. mysql_query($subquery);
  246. }
  247. else if (isset($_POST["deny_doc_$row[docId]"])) {
  248. $subquery = "DELETE FROM document WHERE docId=$row[docId]";
  249. mysql_query($subquery);
  250. }
  251. }
  252. $query = "SELECT * FROM document WHERE reported ORDER BY orgId";
  253. $result = mysql_query($query);
  254. echo " <h3>Reported Documents</h3>
  255. <ul>
  256. ";
  257. while ($row = mysql_fetch_array($result)) {
  258. $subquery = "SELECT name FROM organization WHERE orgId=$row[orgId]";
  259. $subresult = mysql_query($subquery);
  260. $subrow = mysql_fetch_array($subresult);
  261. echo "<li>
  262. <form action='' method='post'>
  263. <strong>$row[title]</strong> - $subrow[orgId]</li>
  264. <input type='submit' name='confirm_doc_$row[docId]' value='Unflag'/>
  265. <input type='submit' name='deny_doc_$row[docId]' value='Remove Document'/>
  266. ";
  267. }
  268. echo " </ul>";
  269. /* Select all reported docComment */
  270. $query = "SELECT docCommentId FROM docComment WHERE reported";
  271. $result = mysql_query($query);
  272. while ($row = mysql_fetch_array($result)) {
  273. if (isset($_POST["confirm_docComment_$row[docCommentId]"])) {
  274. $subquery = "UPDATE docComment SET reported=0 WHERE docCommentId=$row[docCommentId]";
  275. mysql_query($subquery);
  276. }
  277. else if (isset($_POST["deny_docComment_$row[docCommentId]"])) {
  278. $subquery = "DELETE FROM docComment WHERE docCommentId=$row[docCommentId]";
  279. mysql_query($subquery);
  280. }
  281. }
  282. $query = "SELECT orgId, title, text FROM docComment c JOIN document d ON c.docId=d.docId WHERE c.reported ORDER BY orgId";
  283. $result = mysql_query($query);
  284. echo " <h3>Reported Document Comment</h3>
  285. <ul>
  286. ";
  287. while ($row = mysql_fetch_array($result)) {
  288. $subquery = "SELECT name FROM organization WHERE orgId=$row[orgId]";
  289. $subresult = mysql_query($subquery);
  290. $subrow = mysql_fetch_array($subresult);
  291. echo "<li>
  292. <form action='' method='post'>
  293. <strong>$row[title]</strong> - $subrow[name]</li>
  294. <p>$row[text]</p>
  295. <input type='submit' name='confirm_docComment_$row[docCommentId]' value='Unflag'/>
  296. <input type='submit' name='deny_docComment_$row[docCommentId]' value='Remove Comment'/>
  297. ";
  298. }
  299. echo " </ul>";
  300. include "../php/closedb.php";
  301. ?>
  302. </div>
  303. <!-- END OF MAIN -->