Location: PHPKode > projects > Open Chamber of Commerce > ococ/admin/index.php
<?php
/*
Part of Open Chamber Of Commerce
Web application for organizations

(C) 2005 Richard H. Nilsson
   Waters Gulch Digital
http://watersgulchdigital.com

Released under the GNU General Public License
*/ 

ob_start();
$page_title = "Admin Login";
$depth = "../";
include '../inc/ccfunctions.inc'; // prepares and starts the session
include '../inc/langs/'.LANG.'/common.php';
include 'langs/'.LANG.'/index.php';

// If logging in, set the session user and password

if (isset($_POST['submit']) and isset($_POST['login']))
{
  $userArray = explode(".", trim(stripslashes($_POST['login'])));
  $passwd = trim(stripslashes($_POST['passwd']));
  $firstn = ucfirst($userArray[0]);
  $lastn = ucfirst($userArray[1]);
  $who = "";
  
  // check for staff author login
  $result = mysql_query("
  SELECT * FROM $author 
  WHERE Fname='$firstn' 
  AND Lname='$lastn' 
  AND Passwd='$passwd'
  ",$db);
  if ($myrow = mysql_fetch_array($result))
  {
    $who = "staff";
    // show that the author is logged in
    $aid = $myrow["Author_Num"];
    $sql = "UPDATE $author SET Li='1' WHERE Author_Num='$aid'";
    if (!$result = mysql_query($sql,$db))
      showError();
  }
  
  // check for member login
  $result2 = mysql_query("
  SELECT * FROM $members 
  WHERE First='$firstn' 
  AND Last='$lastn' 
  AND Pass='$passwd'
  ",$db);
  if ($who == "" and $myrow2 = mysql_fetch_array($result2))
  {
    $who = "member";
  }
  
  if ($who == "")
  {
    session_destroy();
    // Restart if unauthorized user login
    header("Location: $PHP_SELF");
  } else {
    $_SESSION['WHO'] = $who;
    $_SESSION['AUTHORNUM'] = $myrow['Author_Num'];
    $_SESSION['FNAME'] = $userArray[0];
    $_SESSION['LNAME'] = $userArray[1];
    $_SESSION['USERPASS'] = trim(stripslashes($_POST['passwd']));
    if (isset($myrow["Rights"]))
    {
      $_SESSION['RIGHTS'] = $myrow["Rights"];  // used as editorial rights flags
    }
  }
}

if (isset($_SESSION['WHO']))
{
  $page_title = "Admin Main";
}
// this dir is one level down
$depth = "../";

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
  <title><?php echo $page_title; ?></title>

<link rel="stylesheet" href="<?php echo $depth;?>c/admain.css" type="text/css" />

<script type="text/javascript">
<!--
function verify(form)
{
  // don't test if canceling or deleteing
  if(form['delete'] || form['cancel'])
    return true;
    
  var msg = "";
  var err = 0;
  
  // verify event entry
  if(document.forms.editevent || document.forms.newevent)
  {
    if (form["name"].value == '')
    {
      msg += "<?php echo ADM_ENAME_MISSING;?>";
      err++;
    }
    if (form["descr"].value == '')
    {
      msg += "<?php echo ADM_EDESCRIPTION_EMPTY;?>";
      err++;
    }
    if (form["date"].value == '')
    {
      msg += "<?php echo ADM_EDATE_MISSING;?>";
      err++;
    }
  }  // end verifying event entry or edit
  
  // verify member entry
  if(document.forms.newmem || document.forms.editmem)
  {
    var bj = new RegExp();
    var bk = new RegExp();
    var cj = new RegExp();
    var ck = new RegExp();
    if (form["first"].value == '')
    {
      msg += "<?php echo ADM_CFNAME_MISSING;?>";
      err++;
    }
    if (form["last"].value == '')
    {
      msg += "<?php echo ADM_CLNAME_MISSING;?>";
      err++;
    }
    if (form["pass"].value != form["pass2"].value)
    {
      msg += "<?php echo ADM_CPASS_NOMATCH;?>";
      err++;
    }
    if (form["caddress1"].value == '')
    {
      msg += "<?php echo ADM_CADR1_MISSING;?>";
      err++;
    }
    if (form["ccity"].value == '')
    {
      msg += "<?php echo ADM_CCITY_MISSING;?>";
      err++;
    }
    if (form["cstate"].value == '')
    {
      msg += "<?php echo ADM_CSTATE_MISSING;?>";
      err++;
    }
    if (form["cphone"].value != '')
    {
      ck.compile(/^[0-9]{3}\-[0-9]{3}\-[0-9]{4}$/);
      if (!ck.test(form["cphone"].value))
      {
        msg += "<?php echo ADM_CPHONE_FORMAT;?>";
        err++;
      }
    }
    // email is not required, but check it if entered
    if(form["cemail"].value != '')
    {
      // allow Euro-style and subdomain addresses
      cj.compile(/^[A-Za-z0-9._-]+@[A-Za-z0-9._-]+\.[A-Za-z0-9]{2,3}$/);
      if (!cj.test(form["cemail"].value))
      {
        msg += "<?php echo ADM_CEMAIL_INVALID;?>";
        err++;
      }
    } // end email check
  }  // end verifying member entry or edit
  
  if (err > 0)
  {
    msg = "--------------------------------\n" + msg;
    msg = "<?php echo ADM_PLEASE_CORRECT;?>" + msg;
    alert(msg);
    return false;
  }
  return true;
} // end verify routines

var id = "<?php echo $_GET['id'];?>";
var tbl = "<?php echo $_GET['tbl'];?>";
onUl = function()
{
  if(id!="" && tbl!="")
  { 
    alert("<?php echo ADM_EMERG_UNLOCKG;?>"+id+" in "+tbl+"<?php echo ADM_NEXTTIME_CANCEL;?>");
    var url = "unlock.php?id="+id+"&tbl="+tbl;
    window.location = url;
  }
}
window.onbeforeunload = onUl;
//-->
</script>

<script type="text/javascript"><!--
// instant check that two entries are equal
checkPass = function()
{
  if (document.forms[0].pass)
  {
    conf = document.getElementById("confirm");
    if (document.forms[0].pass.value != "" && document.forms[0].pass.value == document.forms[0].pass2.value)
    {
      conf.style.visibility = "visible";
    } else {
      conf.style.visibility = "hidden";
    }
  }
}
document.onkeyup = checkPass;

// update endtime selection on starttime selection change
function forward(form,from,to)
{
  for(i=0; i<form[from].length; i++)
  {
    if(form[from].options[i].selected)
    {
      for(j=0; j<form[to].length; j++)
      {
        if(form[to].options[j].selected)
          form[to].options[j].selected = "";
      }
      form[to].options[i].selected = "selected";
    }
  }
}

// put focus on first text or textarea on the page
// also correct rel=external links
var setFocus = function()
{
  if(document.auth)
  {
    document.auth.login.focus();
    return;
  }
  if(document.forms[0])
  {
    var el = document.forms[0].elements;
    for(i=0; i<el.length; i++)
    {
      if(el[i].type == "text" || el[i].type == "textarea")
      {
        el[i].focus();
        return;
      }
    }
  } // end focussing
  
  // correct external links
 if(!document.getElementsByTagName) return;
 var anchors = document.getElementsByTagName("a");
 for (var i=0; i<anchors.length; i++) {
   var anchor = anchors[i];
   if (anchor.getAttribute("href") &&
       anchor.getAttribute("rel") == "external")
     anchor.target = "_blank";
 }
}
window.onload=setFocus;

// enable/disable radio
function toggle(trig,target)
{
  if(trig.checked == true)
  {
    target.disabled = false;
  } else {
    target.disabled = true;
  }
}
//-->
</script>

</head>

<body>

<!-- M A S T H E A D ======================================== -->
<div id="masthead2"><div id="logo2" class="raised"> <?php if(defined('ORG_NAME_BREV')) echo ORG_NAME_BREV;?> <?php echo ADMINISTRATION;?></div>
</div>
<!--end masthead-->
<?php

// L O G G E D  I N  A S :  //////////////////////////////////////
// If she's logged in, show who she is
if(isset($_SESSION['USERPASS']))
{
?>
  <div id="ssearch">
    <h3><?php echo COM_LOGGED_IN_AS;?></h3>
    <p><span style="float:right;"><em><a href="logout.php"><?php echo COM_LOGOUT;?> </a></em></span><?php echo ucfirst($_SESSION['FNAME'])." ". ucfirst($_SESSION['LNAME'])." (". ucfirst($_SESSION['WHO']).")";?>
    </p>
  </div><!--end ssearch-->
<?php
} // end show if logged in
?>

<div id="body">
<!-- T I T L E  & S U B N A V  Section ======================= -->
<?php
if ($_SESSION['WHO'] != "")
{
?>
<div id="titlesubs">
<h1 class="title"><?php echo ADM_TASKS;?></h1>
<!-- S U B N A V S -->
<?php
if ($_SESSION['WHO'] == "staff")
{
?>
 <div id="subnavs">
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=neweventform';?>"><?php echo ADM_TSK_NEW_EVENT;?></a>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=selevent';?>"><?php echo ADM_TSK_EDIT_EVENT;?></a>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=newmem';?>"><?php echo ADM_TSK_NEW_MEMBER;?></a>
<?php
}
if ($_SESSION['WHO'] == "member" or "staff")
{
?>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=select';?>"><?php echo ADM_TSK_EDIT_MEMBER;?></a>
<?php
}

if ($_SESSION['WHO'] == "staff")
{
?>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=newcat';?>"><?php echo ADM_TSK_NEW_CATEGORY;?></a>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=selcat';?>"><?php echo ADM_TSK_EDIT_CATEGORY;?></a>
  <a href="<?php echo 'langs/'.LANG.'/help_admin.php';?>" rel="external" ><?php echo ADM_TSK_HELP;?></a>
  <br />
  <a href="../banadmin/"><?php echo ADM_TSK_BANNER_ADMIN;?></a>
  <a href="<?php echo $_SERVER['PHP_SELF'].'?what=content';?>"><?php echo ADM_TSK_CONTENT_MGR;?></a>
<?php
}
?>
</div><!-- end subnavs -->
</div><!--end titlesubs-->
<?php
}
?>
<div id="dirq">
<?php
//////////////////////////////////////////////////////////////
// S T A R T  O F  A L L  T H E  F O R M  A C T I O N S

// A U T H E N T I C A T E ///////////////////////////////////
// Has she logged in and been granted a session?
//
if (!isset($_SESSION['USERPASS']))
{
  // not logged in -- put up login form
?>
  <script type="text/javascript">
  // If JavaScript is not enabled, the login form will not appear
  //
  document.write('<h2><?php echo COM_LOGIN_HEAD;?></'+'h2>');
  document.write('<form name="auth" method="post" action="index.php">');
  document.write('<table>');
  document.write('  <tr>');
  document.write('    <td><?php echo COM_USER_NAME;?>: </'+'td>');
  document.write('    <td><input name="login" type="text" value="" /> <kbd><?php echo COM_LOGIN_EG;?></'+'kbd> </'+'td>');
  document.write('  </'+'tr>');
  document.write('  <tr>');
  document.write('    <td><?php echo COM_PASS_WORD;?>: </'+'td>');
  document.write('    <td><input name="passwd" type="password" value="" />');
  document.write('        <input name="submit" type="submit" value="Log in" /></'+'td>');
  document.write('  </'+'tr>');
  document.write('</'+'table>');
  </script>
  <noscript>
  <p>&nbsp;</p>
  <p style="color:#f00;"><strong><?php echo COM_ENABLEJS;?></strong></p>
  </noscript>
<?php

} // end if not logged in


// G O  T O  C O N T E N T  M A N A G E M E N T //////////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "content")
{
  header("Location: ../cms/");
}


// B R O W S E  R E Q U E S T ////////////////////////////////////////
//
if(isset($_SESSION['USERPASS']) and isset($_GET["browse"]) and isset($_GET["offset"]) and isset($_GET["key"]))
{
  extract($_GET);
  if($browse == "cat" or $browse == "lcat")
  {
    $query = "SELECT * FROM $categories 
              WHERE Category LIKE '%$key%' 
              ORDER BY Category ASC";
    define(ROWS, 20);
  }
  if($browse == "mem" or $browse == "fullmem")
  {
    $query = "SELECT * FROM $members 
              WHERE Biz LIKE '%$key%' 
              ORDER BY Biz ASC";
    define(ROWS, 10);
  }
  if($browse == "event" or $browse == "levent")
  {
    $query = "SELECT * FROM $events 
              WHERE Name LIKE '%key%' 
              OR Descr LIKE '%$key%' 
              ORDER BY Date ASC";
    define(ROWS, 10);
  }
  if (empty($offset))
    $offset = 0;
  echo "<p>(Event types: normal <span style=\"color:#900;\">recurring master</span> <span style=\"color:#090;\">recurring clone</span>)</p><br />\n";
  
  browse($db, $query, $offset, $browse, $key);
}


// I N S E R T  N E W  M E M B E R  R E C O R D ////////////////////////
//
if(isset($_SESSION['USERPASS']) and isset($_POST["submit"]) and $_POST["why"] == "newmem")
{
  // process form
  $quote_style = ENT_QUOTES;
  $biz = htmlentities($biz, $quote_style);
  $descr = htmlentities($descr, $quote_style);
  // get posted form info
  extract($_POST);
  //echo $biz." - ".$descr."<br>\n";  // DEBUG
  $sql = "INSERT INTO $members (Locked, Posted, Updated, Biz, Descr, Status, Age, Cat1, Cat2, Cat3, Address1, Address2, City, State, Zip, Phone, Fax, Email, ContPref, InfoPref, Url, Logo_Url, Img_Url, Img_Capt, First, Last, Pass, Code, CAddress1, CAddress2, CCity, CState, CZip, CPhone, CCell, CFax, CEmail) VALUES ('0', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '$biz', '$descr', '$status', '$age', '$cat1', '$cat2', '$cat3', '$address1', '$address2', '$city', '$state', '$zip', '$phone', '$fax', '$email', '$contpref', '$infopref', '$url', '$logo_url', '$img_url', '$img_capt', '$first', '$last', '$pass', '$code', '$caddress1', '$caddress2', '$ccity', '$cstate', '$czip', '$cphone', '$ccell', '$cfax', '$cemail')";
if (!($result = mysql_query($sql)))
  showError();
echo "<p>".THANK_YOU.". ".ucfirst(MEMBER)." ID ".mysql_insert_id()." ".COM_WAS_ADDED.".</p>\n";

// provide 'return' button
echo "<br><br>\n<center><form action='javascript:history.go(-2)'><input type='submit' class='button1' value='".COM_OK."'></form></center><br>\n";
} // end if newmem submitted


// U P D A T E  M E M B E R  R E C O R D ///////////////////////////////
//
if(isset($_SESSION['USERPASS']) and (isset($_POST["submit"]) or isset($_POST["cancel"])) and $_POST["why"] == "memupdate")
{
  extract($_POST);
  // handle Cancel button request
  if($cancel != "")
  {
    // unlock and abort.
    if(!unlock(MEMBERS,$id))
    {
      echo "<p>".ADM_COULDNOT_UNLOCK." ".$id.
      "<br />".COM_CONTACT_SYSADMIN."</p>\n";
    } else {
      echo "<p>".ADM_EDITING_OF." ".RECORD." ".$id." ".WAS_CANCELED.".</p>\n";
    }

  } else {

  // process form
  $quote_style = ENT_QUOTES;
  $biz = htmlentities($biz, $quote_style);
  $descr = htmlentities($descr, $quote_style);
  $sql = "UPDATE $members SET Locked='0', Updated=CURRENT_TIMESTAMP, Biz='$biz', Descr='$descr', Status='$status', Age='$age', Cat1='$cat1', Cat2='$cat2', Cat3='$cat3', Address1='$address1', Address2='$address2', City='$city', State='$state', Zip='$zip', Phone='$phone', Fax='$fax', Email='$email', ContPref='$contpref', InfoPref='$infopref', Url='$url', Logo_Url='$logo_url', Img_Url='$img_url', Img_Capt='$img_capt', First='$first', Last='$last', Pass='$pass', Code='$code', CAddress1='$caddress1', CAddress2='$caddress2', CCity='$ccity', CState='$cstate', CZip='$czip', CPhone='$cphone', CFax='$cfax', CEmail='$cemail' WHERE Id='$id'";
  if (!($result = mysql_query($sql)))
  {
    showError(); 
  } else {
    echo "<p>".ucfirst(COM_MEMBER)." ".RECORD." ".COM_WAS_UPDATED.".</p>\n";
  }
  }// end not cancel
}


// D E L E T E  M E M B E R  R E C O R D //////////////////////////////
// handle "delete" request
//
if (isset($_SESSION['USERPASS']) and isset($_POST["id"]) and isset($_POST["delete"]) and $_POST["dmconf"] == "dmconf")
{
  extract($_POST);
	// delete a record
	//echo "<p>Deleting content # $id</p>\n";  // DEBUG
  $sql = "DELETE FROM $members WHERE Id='$id'";	
  if (!($result = @ mysql_query($sql, $db)))
    showError();
      
  $delete = "";
  echo "<p>".ucfirst(COM_MEMBER)." ".$id." ".COM_WAS_DELETED.".</p>\n";
  echo "<p>".ADM_PLS_SELECT_TASK."</p>";
  exit;
}


// A D D  N E W  C A T E G O R Y //////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["why"] == "newcat" and !isset($_POST["cancel"]))
{
	// add a new category
	extract($_POST);
  $sql = "INSERT INTO $categories (Locked,Category) VALUES ('0','$category')";	
  if (!($result = @ mysql_query($sql, $db)))
    showError();
      
  echo "<p>".ucfirst(COM_CATEGORY)." \"$category\" ".COM_WAS_ADDED." ".OK.".</p>\n";
}


// U P D A T E  C A T E G O R Y //////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and !isset($_POST["delcat"]) and isset($_POST["id"]) and $_POST["why"] == "editcat")
{
  extract($_POST);
  // handle Cancel button request
  if($cancel != "")
  {
    // unlock and abort.
    if(!unlock("$categories",$id))
    {
      echo "<p>".ADM_COULDNOT_UNLOCK." ".COM_RECORD." ".$id.
      "<br />".CONTACT_SYSADMIN."</p>\n";
    } else {
      echo "<p>".ADM_EDITING_OF." ".$id." ".COM_WAS_CANCELED.".</p>\n";
    }
      ?>
      <form name="getout" action="#">
        <input name="back" class="button1" type="button" value=" OK " onclick="if(window.history.length>2){window.location='index.php';} else {window.close();}" />
      </form>
      <?php
    exit;
  }
  
	// update category
  $sql = "UPDATE $categories SET Locked='0',Category='$category' WHERE Id='$id'";	
  if (!($result = @ mysql_query($sql, $db)))
    showError();
      
  echo "<p>".ucfirst(COM_CATEGORY)." \"$category\" ".COM_WAS_UPDATED." ".COM_OK.".</p>\n";
  echo "<p>".ADM_PLS_SELECT_TASK."</p>\n";
  exit;
}

// D E L E T E  C A T E G O R Y ///////////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["id"] != "" and isset($_POST["delcat"]) and $_POST["dcconf"] == "dcconf")
{
  extract($_POST);
	// delete a category
  $sql = "DELETE FROM $categories WHERE Id='$id'";	
  if (!($result = @ mysql_query($sql, $db)))
    showError();
  echo "<p>".COM_CATEGORY." # $id ".COM_WAS_DELETED.".</p>\n";
  
  $delete = "";
  exit;
}



// D E L E T E  E V E N T ///////////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["id"] != "" and isset($_POST["delete"]) and $_POST["deconf"] == "deconf")
{
  extract($_POST);
	// delete an event
  $sql = "DELETE FROM $events WHERE Id='$id'";	
  if (!($result = @ mysql_query($sql, $db)))
    showError();
  echo "<p>".COM_EVENT." # $id ".COM_WAS_DELETED.".</p>\n";
  
  if($all == "yes" or $recurr == "1")
  {
    $sql = "DELETE FROM $events WHERE Recurr='$id'";
    if (!($result = @ mysql_query($sql, $db)))
      showError();
    $num = @ mysql_affected_rows();
    echo "<p>".$num." ".ADM_RECURRING_COPIES_ALSO." ".ADM_DELETED.".</p>\n";
  }
  $delete = "";
  exit;
}

// S E L E C T  E V E N T  T O  E D I T  ////////////////////////////
//
if(isset($_SESSION['USERPASS']) and $_GET["what"] == "selevent")
{
?>
  <h2><?php echo ADM_CHOOSE_EVENT_TOEDIT;?></h2>
  <p>(<?php echo ADM_BLANK_TO_LISTALL;?>)</p>
  <form name="selevent" id="selevent" method="post" action="index.php?what=selev2">
  <table>
    <tr>
      <td></td>
      <td>
        <input name="name" type="text" value="" />
        <input type="hidden" name="what" value="browse" />
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
      </td>
    </tr>
  </table>
  </form>
<?php
} // end if what==selevent


// F I N D  E V E N T  T O  E D I T ///////////////////////
//
if(isset($_SESSION['USERPASS']) and $_POST["what"] == "browse" and isset($_POST["name"]) and $_GET["what"] == "selev2" and !isset($_POST['id']))
{
  extract($_POST);
  echo "<h2>".ADM_CHOOSE_EVENT_TOEDIT."</h2>";
  $query = "SELECT * FROM $events 
            WHERE Name LIKE '%$name%' 
            or Descr LIKE '%$name%'
            ORDER BY Date";
  define(ROWS, 10);
  if (empty($offset))
    $offset = 0;
  browse($db, $query, $offset, "levent", $name);
}


// A D D  N E W  E V E N T  /////////////////////////////////////////
//add event
if(isset($_SESSION['USERPASS']) and $_POST["why"] == "newevent")
{
  if(isset($_POST['cancel']))
  {
    header("Location: index.php");
  }
  // posted, get all the vars
  extract($_POST);
  
  //echo "Adding $name<br />\n"; // DEBUG
  $descr = preg_replace("/\.\.\/i/","i",$descr);
  $quote_style = ENT_QUOTES;
  $name = htmlentities($name, $quote_style);
  $descr = htmlentities($descr, $quote_style);
  $location = htmlentities($location, $quote_style);
  $contact = htmlentities($contact, $quote_style);
  $year = substr($date,0,4);
  $month = substr($date,5,2);
  $day = substr($date,8,2);
  if (strlen($hour)<2)
    $hour = "0".$hour;
  if (strlen($min)<2)
    $min = "0".$min;
  if (strlen($ehour)<2)
    $ehour = "0".$ehour;
  if (strlen($emin)<2)
    $emin = "0".$emin;
  $starttime = $hour.":".$min;
  $endtime = $ehour.":".$emin;

  if($recurr == "")
    $recurr = "0";
  if($recurr == "1")
  {
    // Recurring event --
    // Recalculate DOW and WOM from entered date:
    // Get day of week of entered date
    $datearray = getdate(strtotime($date));
    $recurdow = $datearray["wday"]; // dow of entered date
    
    // Get starting dow of event's month (sun=0,mon=1,tues=2, etc)
    $tstamp = mktime(0,0,0,$datearray["mon"],1,$datearray["year"]);
    $d = getdate($tstamp);
    $monstart = $d['wday']; // dow that 1st is on...
    // calculate current week number of month in which event occurs
    // first week is "0"
    //$recurwom = (integer)(($datearray["mday"] - $datearray["wday"] + $monstart)/7);
    $recurwom = (int)floor($datearray['mday']/7);
    if($recurwom > 3)
      $recurwom = 3;
    
    //echo "WOM= ".$recurwom." DOW=".$recurdow."<br>\n"; // DEBUG
    
  } else {
  
    // not recurring event
    $recurwom = "0";
    $recurdow = "0";
  } // end if recurr
    
  if ($dayevent == "") 
    $dayevent = "0";
  $venue = $_POST["venue"];
  $author = $_POST["author"];

  // here we'll enter the form data
  $sql = "INSERT INTO $events (Locked, Name, Location, Cost, Contact, Date, StartTime, EndTime, Descr, Recurr, RecurWOM, RecurDOW, DayEvent, Venue, Author) VALUES ('0', '$name', '$location', '$cost', '$contact', '$date', '$starttime', '$endtime', '$descr', '$recurr', '$recurwom', '$recurdow', '$dayevent', '$venue', '$author')";
// echo $sql."<br>";  // DEBUG ONLY
  if (!($result = mysql_query($sql)))
    showError();
  $id = mysql_insert_id();
  echo "<p>".ucfirst(COM_EVENT)." ".$id." ".COM_WAS_ADDED.".</p>\n";
  
  // extend recurring event
  if($recurr > "0" and $extent != "")
  {
    echo "<p>".ADM_EXTENDING_RECUR_EVENT." ".$id." ".ADM_FOR." ".$extent." ".COM_MONTHS."... ";
    if(!extend($id, $extent))
    { 
      echo " ".COM_FAILED.".<br />".COM_CONTACT_SYSADMIN."</p>\n";
      exit;
    } else {
      echo " ".COM_FINISHED.".</p>\n";
    }
  }
  echo "<p>".ADM_PLS_SELECT_TASK."</p>\n";
  exit;
}


// U P D A T E  E V E N T  /////////////////////////////////////////
//update event
if($_SESSION['WHO'] == "staff" and isset($_POST["id"]) and !isset($_POST["edelete"]) and $_POST["why"] == "editevent")
{
  extract($_POST);
  if($cancel != "")
  {
    // unlock and abort.
    if(!unlock($events,$id))
    {
      echo "<p>".ADM_COULDNOT_UNLOCK.".$id <br />".COM_CONTACT_SYSADMIN."</p>\n";
    } else {
      echo "<p>".ADM_EDITING_OF." ".$id." ".COM_WAS_CANCELED.".</p>\n";
    }
  } else {
  
  $descr = preg_replace("/\.\.\/i/","i",$descr);
  $quote_style = ENT_QUOTES;
  $name = htmlentities($name, $quote_style);
  $descr = htmlentities($descr, $quote_style);
  $location = htmlentities($location, $quote_style);
  $contact = htmlentities($contact, $quote_style);
//echo $descr; //DEBUG
  $year = substr($date,0,4);
  $month = substr($date,5,2);
  $day = substr($date,8,2);
  if (strlen($hour)<2)
    $hour = "0".$hour;
  if (strlen($min)<2)
    $min = "0".$min;
  if (strlen($ehour)<2)
    $ehour = "0".$ehour;
  if (strlen($emin)<2)
    $emin = "0".$emin;
  $starttime = $hour.":".$min;
  $endtime = $ehour.":".$emin;
  
  if($recurr == "")
    $recurr = "0";
  /* OK to leave Recurr alone, so it deletes if master deleted
  // see if date has changed -- if so, event reverts to non-recurring
  $query = "SELECT Id,Date FROM ccEvents WHERE Id=$id";
  $result = mysql_query($sql);
  $myrow = mysql_fetch_array($result);
  if($myrow["Date"] != $date)
    $recurr = "0";
  */
  if($recurr > "0")
  {
    // Recurring event --
    // Recalculate DOW and WOM from entered date:
    // Get day of week of entered date
    $datearray = getdate(strtotime($date));
    $recurdow = $datearray["wday"]; // dow of entered date
    
    // Get starting dow of event's month (sun=0,mon=1,tues=2, etc)
    $tstamp = mktime(0,0,0,$datearray["mon"],1,$datearray["year"]);
    $d = getdate($tstamp);
    $monstart = $d['wday']; // dow that 1st is on
    // calculate current "week" number of month in which the event occurs
    // (actually just the calendar row) first week is "0"
    //$recurwom = (integer)(($datearray["mday"] - $datearray["wday"] + $monstart)/7);
    $recurwom = (int)floor($datearray['mday']/7);
    if($recurwom > 3)
      $recurwom = 3;
    
  } else {
    // not recurring event
    $recurwom = "0";
    $recurdow = "0";
  } // end if recurr
  
    
  if ($dayevent == "") 
    $dayevent = "0";
    
  // don't change date if disabled
  $datestr = "Date='$date', ";
  if($date == "") $datestr = "";
  
  // here we'll enter the form data
  $events = EVENTS;
  $sql = "UPDATE $events SET Locked='0', Name='$name', Location='$location', Cost='$cost', Contact='$contact', ".$datestr."StartTime='$starttime', EndTime='$endtime', Descr='$descr', Recurr='$recurr', RecurWOM='$recurwom', RecurDOW='$recurdow', DayEvent='$dayevent', Venue='$venue', Author='$authornum' WHERE Id='$id'";
  // echo $sql."<br>";  // DEBUG ONLY
  if (!($result = mysql_query($sql)))
    showError();
  echo "<p>Event ID ".$id." updated.</p>\n";
    
  // extend recurring event
  if($recurr == "1" and $extent != "")
  {
    echo "<p>".ADM_EXTENDING_RECUR_EVENT." ".$id." ".ADM_FOR." ".$extent." ".MONTHS."...";
    if(!extend($id, $extent))
    { 
      echo " ".FAILED.".<br />".CONTACT_SYSADMIN."</p>\n";
      exit;
    } else {
      echo " ".FINISHED.".</p>\n";
    }
  }

  if($_POST["all"] == "yes")
  {
    // note: date is not updated on recurring copies
    $sql = "UPDATE $events SET Locked='0', Name='$name', Location='$location', Cost='$cost', Contact='$contact', StartTime='$starttime', EndTime='$endtime', Descr='$descr', RecurWOM='$recurwom', RecurDOW='$recurdow', DayEvent='$dayevent', Venue='$venue', Author='$authornum' WHERE Recurr='$id'";
    if (!($result = mysql_query($sql)))
      showError();
    $num = @ mysql_num_rows($result);
    echo "<p>".$num." ".ADM_RECURRING_COPIES_ALSO." ".ADM_UPDATED.".</p>\n";
  }
  }// end else not cancel
}


// E D I T  E V E N T  //////////////////////////////////////////////
//edit event
if($_SESSION['WHO'] == "staff" and isset($_GET["id"]) and $_GET["what"] == "editev")
{
  extract($_GET);
  $sql = "SELECT * FROM $events WHERE Id=$id";
  $result = mysql_query($sql);
  $myrow = mysql_fetch_array($result);
  
  // lock this record while we work on it
  if (!lock($events,$id,$myrow))
  {
    exit;
  }
  
  $quote_style = ENT_QUOTES;
  $tbl = $events;
  $name = html_entity_decode($myrow["Name"], $quote_style);
  $date = $myrow["Date"];
  $location = html_entity_decode($myrow["Location"], $quote_style);
  $contact = html_entity_decode($myrow["Contact"], $quote_style);
  $cost = $myrow["Cost"];
  $startary = split(":",$myrow["StartTime"]);
  $min = $startary[1];
  $hour = $startary[0];
  $endary = split(":",$myrow["EndTime"]);
  $emin = $endary[1];
  $ehour = $endary[0];
  $descr = html_entity_decode($myrow["Descr"], $quote_style);
  // temp change editor-placed img urls so they appear in editor
  $descr = preg_replace("/src=\"i/","src=\"../i",$descr);
  $descr = preg_replace("/border=\"0\"/","",$descr);
  $recurr = $myrow["Recurr"];
  $recurwom = $myrow["RecurWOM"];
  $recurdow = $myrow["RecurDOW"];
  $dayevent = $myrow["DayEvent"];
  $venue = $myrow["Venue"];
  /* note: author is reset below to current person editing */
?>
  <h2>Edit Event:</h2>
  <h3>Id=<?php echo $id;?></h3>
  <form name="editevent" id="editevent" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td><?php echo ADM_EVENT_NAME;?></td>
      <td><input name="name" type="text" size="40" maxlength="60" value="<?php echo $name;?>" /></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_VENUE;?></td>
      <td><select name="venue">
          <option value="p" <?php if($venue=="p"){echo "selected";}?>>Public</option>
          <option value="c" <?php if($venue=="c"){echo "selected";}?>><?php if(defined('ORG_TYPE')) echo ORG_TYPE;?></option>
          </select>
      </td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_LOCATION;?></td>
      <td><textarea name="location" rows="2" cols="45" maxlength="128"><?php echo $location;?></textarea></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_COST." ".ADM_CURRENCY_SYMBOL;?></td>
      <td><input name="cost" type="text" size="40" maxlength="60" value="<?php echo $cost;?>" /></td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_CONTACT;?></td>
      <td><textarea name="contact" rows="2" cols="45" maxlength="128"><?php echo $contact;?></textarea></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_DATE;?></td>
      <td>
      <input <?php if($recurr=='1') {echo "disabled";}?> type="text" name="date" size="12" maxlength="10" value="<?php echo $date;?>"  />
      <?php if($recurr != '1'){ ?>
      <?php echo "<a onClick='window.open(\"date_picker.php?tgt=editevent.date&id=".$id."&tbl=".$events."&fld=Date\",\"\",\"width=250, height=200, navbar=no, location=no, scrollbars=no, resizable=yes\");return false;' href=\"javascript:void(0);\"> <img src=\"../cms/images/cal.gif\" align=\"abs-middle\" alt=\"\" /></a>";?> (yyyy-mm-dd)
      <?php }?>
      </td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_START;?></td>
      <td><select name="hour" onchange="forward(this.form,'hour','ehour');">
      <?php
      for ($i=0; $i<24; $i++)
      {
        $sel = "";
        if ($i == $hour) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select>: 
      <select name="min">
      <?php
      for ($i=0; $i<60; $i+=15)
      {
        $sel = "";
        if ($i == $min) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select> (24hr)
      </td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_END;?></td>
      <td><select name="ehour">
      <?php
      for ($i=0; $i<24; $i++)
      {
        $sel = "";
        if ($i == $ehour) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select>: 
      <select name="emin">
      <?php
      for ($i=0; $i<60; $i+=15)
      {
        $sel = "";
        if ($i == $emin) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select> (24hr)
      </td>
    </tr>
    <?php
    if($recurr == '1')
    {
    ?>
    <tr>
      <td><input name="recurr" type="hidden" value="1" /></td>
      <td><span  style="color: #090;"><?php echo ADM_THIS_IS_MASTER;?></span><br />
        <?php echo ADM_CHANGE_ALL;?><br />
        <input name="all" type="radio" value="no" checked />no
        <input name="all" type="radio" value="yes" />yes
      </td>
    </tr>
    <?php
    } else {
    ?>
    <tr>
      <td align="right"><?php echo ADM_RECURRS;?></td>
      <td><input <?php if($recurr!='0') {echo "disabled";}?> name="recurr" type="checkbox" value="<?php echo $recurr; ?>" <?php if($recurr != "0"){echo 'checked=\"checked\"';}?> onchange="toggle(this,document.editevent.extent);" /> <?php echo ADM_MONTHLY_THIS_DAY;?></td>
    </tr>
    <tr>
      <td valign="top"></td>
      <td>
         Extend for
         <input name="extent" type="text" disabled="true" size="2" maxlength="2" value="6" />months
      </td>
    </tr>
    <?php
    }
    ?>
    <tr>
      <td valign="top"><?php echo ADM_DESCRIPTION;?></td>
      <td><textarea name="descr" rows="15" cols="45" maxlength="512"><?php echo $descr;?></textarea></td>
    </tr>
    <tr>
      <td></td>
      <td align="right">
        <input type="button" onClick='window.open("../cms/upload_image.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="Upload Image" class="button1">
      </td>
    </tr>
    <tr>
      <td><?php echo ADM_AUTHOR;?></td>
      <td>
<?php
   $pass = $_SESSION['USERPASS'];
   $auth = "";
   $result = mysql_query("SELECT * FROM $author WHERE Passwd='$pass' ORDER BY Lname ASC",$db);
    if ($myrow = mysql_fetch_array($result)) 
    {
      // only display author who's editing
      do {
           if ($myrow["Passwd"] == $pass) {
             $auth = $myrow["Author_Num"];
             printf("      <span style=\"color:#aaa;\">(%s %s)</span>\n", $myrow["Fname"], $myrow["Lname"]);
           }
         } 
       while ($myrow = mysql_fetch_array($result));
    } else {
      // no records to display
      echo ADM_NOAUTHORS;	
    } //end if
      printf("    <input name=\"author\" value=\"%s\" type=\"hidden\">\n", $auth);
      echo "    </td>\n";
    ?>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="editevent" />
        <input type="hidden" name="id" value="<?php echo $id; ?>" />
        <hr noshade />
        <div style="float:right;"><?php echo COM_CONFIRM;?><input name="deconf" type="checkbox" value="deconf" /> <input name="delete" class="button1" type="submit" value="<?php echo ADM_DELEVENT;?>" onclick="javascript:tbl='';" /></div>
        <input name="submit" class="button1" type="submit" value=" <?php echo COM_SUBMIT_BUTTON;?> " onclick="javascript:tbl='';"  />
        <input name="cancel" class="button1" type="submit" value=" <?php echo COM_CANCEL_BUTTON;?> " onclick="javascript:tbl='';" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>
  <?php
  if($recurr != '0')
  {
    echo "<p>".ADM_NOTEDEL_RECUR_EVENT."</p>";
  }
?>
<?php
} // end event edit form


// N E W  E V E N T  E N T R Y //////////////////////////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "neweventform" and $_POST["why"] != "newevent")
{
  $_GET["what"] = "";
?>
  <h2><?php echo ADM_ADDEVENT;?></h2>
  <form name="newevent" id="newevent" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td valign="top"><?php echo ADM_EVENT_NAME;?></td>
      <td><input name="name" type="text" size="40" maxlength="60" value="<?php echo $name;?>" /></td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_VENUE;?></td>
      <td><select name="venue">
          <option value="p"><?php echo ADM_PUBLIC;?></option>
          <option value="c"><?php if(defined('ORG_TYPE')) echo ORG_TYPE;?></option>
          </select>
      </td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_LOCATION;?></td>
      <td><textarea name="location" rows="2" cols="45" maxlength="512"><?php echo $location;?></textarea></td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_COST." ".ADM_CURRENCY_SYMBOL;?></td>
      <td><input name="cost" type="text" size="6" maxlength="6" value="<?php echo $cost;?>" /></td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_CONTACT;?></td>
      <td><textarea name="contact" rows="2" cols="45" maxlength="512"><?php echo $contact;?></textarea></td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_DATE;?> </td>
      <td>
      <input type="text" name="date" size="12" maxlength="10" value="<?php echo $date;?>" onChange="setVar(newevent.date);" />
      <a onClick='window.open("date_picker.php?tgt=newevent.date","","width=250, height=200, navbar=no, location=no, scrollbars=no, resizable=yes");return false;' href="javascript:void(0);"> <img src="../cms/images/cal.gif" align="abs-middle" alt="" /></a> (yyyy-mm-dd)
      </td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_START;?></td><td><select name="hour" onchange="forward(this.form,'hour','ehour');">
      <?php
      for ($i=0; $i<24; $i++)
      {
        $sel = "";
        if ($i == $hour) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select>: 
      <select name="min">
      <?php
      for ($i=0; $i<60; $i+=15)
      {
        $sel = "";
        if ($i == $min) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select> (24hr)
      </td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_END;?></td>
      <td><select name="ehour">
      <?php
      for ($i=0; $i<24; $i++)
      {
        $sel = "";
        if ($i == $ehour) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select>: 
      <select name="emin">
      <?php
      for ($i=0; $i<60; $i+=15)
      {
        $sel = "";
        if ($i == $emin) { $sel = "selected";}
        echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
      }
      ?>
      </select> (24hr)
      </td>
    </tr>
    <tr>
      <td valign="top" align="right"><?php echo ADM_RECURRS;?></td>
      <td><input name="recurr" type="checkbox" value="1" onchange="toggle(this,document.newevent.extent);" /> <?php echo ADM_MONTHLY_THIS_DAY;?></td>
    </tr>
    <tr>
      <td valign="top" align="right"></td>
      <td>
         <?php echo ADM_EXTEND_FOR;?>
         <input name="extent" type="text" disabled="true" size="2" maxlength="2" value="6" /><?php echo COM_MONTHS;?>
      </td>
    </tr>
    <tr>
      <td valign="top"><?php echo ADM_DESCRIPTION;?></td>
      <td><textarea name="descr" rows="15" cols="45" maxlength="512"><?php echo $descr;?></textarea></td>
    </tr>
    <tr>
      <td></td>
      <td align="right">
        <input type="button" onClick='window.open("../cms/upload_image.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="Upload Image" class="button1">
      </td>
    </tr>
    <tr>
      <td valign="top"><?php echo ADM_AUTHOR;?></td>
      <td>
<?php
   $pass = $_SESSION['USERPASS'];
   $auth = "";
   $result = mysql_query("SELECT * FROM $author WHERE Passwd='$pass' ORDER BY Lname ASC",$db);
    if ($myrow = mysql_fetch_array($result)) 
    {
      // only display author who's editing
      do {
           if ($myrow["Passwd"] == $pass) {
             $auth = $myrow["Author_Num"];
             printf("      <span style=\"color:#aaa;\">(%s %s)</span>\n", $myrow["Fname"], $myrow["Lname"]);
           }
         } 
       while ($myrow = mysql_fetch_array($result));
    } else {
      // no records to display
      echo ADM_NOAUTHORS;	
    } //end if
      printf("    <input name=\"authornum\" value=\"%s\" type=\"hidden\">\n", $auth);
      echo "    </td>\n";
    ?>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="newevent" />
        <hr noshade />
        <input name="submit" class="button1" type="submit" value=" <?php echo COM_SUBMIT_BUTTON;?> " />
        <input name="cancel" class="button1" type="button" value=" <?php echo COM_CANCEL_BUTTON;?> " onclick="javascript:document.location='index.php';" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>
<?php
}


// S E L E C T  M E M B E R  T O  E D I T  ///////////////////
//
if(isset($_SESSION['USERPASS']) and $_GET["what"] == "select" or ($_GET["what"] == "select2" and !isset($_POST["type"])))
{
?>
  <h2><?php echo ADM_EDITMEMBER;?></h2>
  <form name="select" id="select" method="post" action="index.php?what=select2">
  <table>
    <tr>
      <td></td>
      <td>
      <?php echo ADM_TYPE;?> <?php echo ADM_LISTED;?><input type="radio" name="type" value="biz" checked /> 
            <?php echo ADM_ASSOCIATE;?><input type="radio" name="type" value="ass" /> 
      </td>
    </tr>
    <tr>
      <td></td>
      <td>
        <input name="bizname" type="text" value="" />
        <input type="hidden" name="what" value="browse" />
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
      </td>
    </tr>
  </table>
  </form>
<?php
} // end if what==select


// F I N D  M E M B E R  T O  E D I T ///////////////////////
//
if(isset($_SESSION['USERPASS']) and $_POST["what"] == "browse" and $_GET["what"] == "select2" and isset($_POST["type"]))
{
  $type = $_POST["type"];
  $bizname = $_POST["bizname"];
  $pass = $_SESSION['USERPASS'];
  echo "<h2>Choose a member to edit:</h2>";
  if ($_SESSION['WHO'] == "staff" and $type == "biz")
    $query = "SELECT Id,Biz,Address1,City FROM $members WHERE Biz LIKE '%$bizname%'";
  if ($_SESSION['WHO'] == "staff" and $type == "ass")
    $query = "SELECT Id,First,Last,cAddress1 FROM $members WHERE Biz='' AND (First LIKE '%$bizname%' or Last LIKE '%$bizname%')";
  if ($_SESSION['WHO'] == "member" and $type == "biz")
    $query = "SELECT Id,Biz,Address1,City FROM ccMembers WHERE Biz LIKE '%$bizname%' AND Pass='$pass'";
  if ($_SESSION['WHO'] == "member" and $type == "ass")
    $query = "SELECT Id,First,Last,cAddress1 FROM $members WHERE Biz='' AND (First LIKE '%$bizname%' or Last LIKE '%$bizname%') AND Pass='$pass'";
  define(ROWS, 10);
  if (empty($offset))
    $offset = 0;
  browse($db, $query, $offset, "mem", $bizname);
}

// E D I T  M E M B E R /////////////////////////////////////
if(isset($_SESSION['USERPASS']) and isset($_GET['what']) and $_GET['what'] == "editmem")
{
  extract($_GET);
  $pass = $_SESSION['USERPASS'];
  $sql = "SELECT * FROM $members WHERE Id='$id'";
  if ($_SESSION['WHO'] == "member")
    $sql .= " AND Pass='$pass'";
  $result = mysql_query($sql);
  $myrow = mysql_fetch_array($result);
  
  // lock this record while we work on it
  if (!lock("ccMembers",$id,$myrow))
  {
    exit;
  }
  
  $quote_style = ENT_QUOTES;
  $tbl = $members;
  $posted = $myrow["Posted"];
  $updated = $myrow["Updated"];
  if($updated == "")
    $updated = $posted;
  $biz = html_entity_decode($myrow["Biz"], $quote_style);
  $descr = html_entity_decode($myrow["Descr"], $quote_style);
  $status = $myrow["Status"];
  $age = $myrow["Age"];
  $cat1 = $myrow["Cat1"];
  $cat2 = $myrow["Cat2"];
  $cat3 = $myrow["Cat3"];
  $address1 = $myrow["Address1"];
  $address2 = $myrow["Address2"];
  $city = $myrow["City"];
  $state = $myrow["State"];
  $zip = $myrow["Zip"];
  $phone = $myrow["Phone"];
  $fax = $myrow["Fax"];
  $email = $myrow["Email"];
  $url = $myrow["Url"];
  $logo_url = $myrow["Logo_Url"];
  $img_url = $myrow["Img_Url"];
  $img_capt = $myrow["Img_Capt"];
  $dues = $myrow["Dues"];
  $first = $myrow["First"];
  $last = $myrow["Last"];
  $pass = $myrow["Pass"];
  $code = $myrow["Code"];
  $first = $myrow["First"];
  $first = $myrow["First"];
  $caddress1 = $myrow["CAddress1"];
  $caddress2 = $myrow["CAddress2"];
  $ccity = $myrow["CCity"];
  $cstate = $myrow["CState"];
  $czip = $myrow["CZip"];
  $cphone = $myrow["CPhone"];
  $cfax = $myrow["CFax"];
  $cemail = $myrow["CEmail"];
?>
<!-- show the editor form -->
  <h2><?php echo ADM_EDIT_MEMBER_DATA;?></h2>
  <form name="editmem" id="editmem" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td colspan="2"><h3><?php echo ADM_BIZINFO;?></h3>
      </td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BIZNAME;?> </td>
      <td><input type="text" name="biz" size="50" maxlength="80" value="<?php echo $biz;?>" /></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_DESCRIPTION;?> </td>
      <td><textarea name="descr" cols="50" rows="5" maxlength="65536"><?php echo $descr;?></textarea></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_BIZAGE;?> </td>
      <td><input type="text" name="age" size="3" maxlength="3" value="<?php echo $age;?>" /></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_STATUS;?> </td>
      <td>
        <select name="status">
        <?php
        for($i=1; $i<=3; $i++)
        {
          if($i == 1)
            $statopt = "basic";
          if($i == 2)
            $statopt = "higher";
          if($i == 3)
            $statopt = "preferred";
          if($status == $statopt)
          {
            $checked = "selected";
          } else {
            $checked = "";
          }
          printf("<option value=\"%s\" %s>%s</option>\n", $statopt, $checked, ucfirst($statopt));
        }
        ?>
        </select>
      </td>
    </tr>
    <tr><td colspan="2"><?php echo ADM_CHOOSE3CATEGORIES;?>
    <tr>
      <td align="right"><?php echo ADM_CATEGORIES;?> </td>
      <td>
      <select name="cat1">
<?php
      // show select list of available categories
      print "<option value=\"0\"></option>\n";
      $result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of categories
        do {
          if ($cat1 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
          printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
        } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      <select name="cat2">
<?php
      // show select list of available categories
      print "<option value=\"0\"></option>\n";
      $result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of categories
        do {
          if ($cat2 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
          printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
           } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      <select name="cat3">
<?php
      // show select list of available categories
      print "<option value=\"0\"></option>\n";
      $result = mysql_query("SELECT * FROM $categories ORDER BY  Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of contacts
        do {
          if ($cat3 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
          printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
           } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      </td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BADDR1;?></td>
      <td><input type="text" name="address1" size="36" maxlength="36" value="<?php echo $address1;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
      <td><input type="text" name="address2" size="36" maxlength="36" value="<?php echo $address2;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BCITY;?> </td>
      <td><input type="text" name="city" size="30" maxlength="36" value="<?php echo $city;?>" /> <?php echo ADM_BSTATE;?> <input type="text" name="state" size="2" maxlength="2" value="<?php echo $state;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
      <td><input type="text" name="zip" size="7" maxlength="7" value="<?php echo $zip;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
      <td><input type="text" name="phone" size="12" maxlength="12" value="<?php echo $phone;?>"/>(<?php echo ADM_BPHONE_FMT;?>) &nbsp;&nbsp;<?php echo ADM_BFAX;?> <input type="text" name="fax" size="12" maxlength="12" value="<?php echo $fax;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
      <td><input type="text" name="email" size="36" maxlength="36" value="<?php echo $email;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BCONTPREF;?> </td>
      <td><input type="text" name="contpref" size="1" maxlength="1" value="<?php echo $contpref;?>" /> (p,e,m - phone,email,mail)</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BINFOPREF;?> </td>
      <td><input type="text" name="infopref" size="1" maxlength="1" value="<?php echo $infopref;?>" /> (<?php echo ADM_BINFOPREFS;?>)</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BURL;?> </td>
      <td><input type="text" name="url" size="30" maxlength="80" value="<?php echo $url;?>" />(ex. "http://www.domain.com")</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BLOGOURL;?> </td>
      <td><input type="text" name="logo_url" size="30" maxlength="80" value="<?php echo $logo_url;?>" />
        <input type="button" onClick='window.open("../cms/upload_logo.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="<?php echo ADM_BUPLOAD_LOGO;?>" class="button1"></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo COM_IMAGEURL;?> </td>
      <td><input type="text" name="img_url" size="30" maxlength="80" value="<?php echo $img_url;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo COM_IMAGECAPTION;?> </td>
      <td><input type="text" name="img_capt" size="30" maxlength="80" value="<?php echo $img_capt;?>" /> (80 <?php ADM_CHARS_MAX;?>)</td>
    </tr>
    <tr>
      <td colspan="2"><h3><?php echo ADM_CONTACT_INFO_HD;?></h3></td>
    </tr>
    <tr>
      <td align="right"><?php echo COM_NAME;?>- <?php echo COM_FIRST;?>: </td><td><input type="text" name="first" size="20" maxlength="20" value="<?php echo $first;?>" /> <?php echo COM_LAST;?>: <input type="text" name="last" size="20" maxlength="20" value="<?php echo $last;?>" />
      </td>
    </tr>
    <tr>
      <td align="right"><?php echo COM_PASS_WORD;?>:</td><td><input type="password" name="pass" size="12" maxlength="12" value="<?php echo $pass;?>" /> <?php echo COM_CONFIRM;?>: <input type="password" name="pass2" size="12" maxlength="12" value="<?php echo $pass;?>" /> <div id="confirm" style="display:inline; color:green; visibility:hidden;"><?php echo COM_STARCONFIRMEDSTAR;?></div>
      </td>
    </tr>
    <tr>
      <td nowrap align="right">Address1: </td>
      <td><input type="text" name="caddress1" size="36" maxlength="36" value="<?php echo $caddress1;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right">Address2: </td>
      <td><input type="text" name="caddress2" size="36" maxlength="36" value="<?php echo $caddress2;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right">City: </td>
      <td><input type="text" name="ccity" size="30" maxlength="36" value="<?php echo $ccity;?>" /> State: <input type="text" name="cstate" size="2" maxlength="2" value="<?php echo $cstate;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right">Postal code: </td>
      <td><input type="text" name="czip" size="7" maxlength="7" value="<?php echo $czip;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right">Phone: </td>
      <td><input type="text" name="cphone" size="12" maxlength="12" value="<?php echo $cphone;?>" />(aaa-ppp-nnnn) &nbsp;&nbsp;Fax: <input type="text" name="fax" size="12" maxlength="12" value="<?php echo $cfax;?>" /></td>
    </tr>
    <tr>
      <td nowrap align="right">Email: </td>
      <td><input type="text" name="cemail" size="36" maxlength="36" value="<?php echo $cemail;?>" /></td>
    </tr>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="memupdate" />
        <input type="hidden" name="id" value="<?php echo $id; ?>" />
        <hr noshade />
        <div style="float:right;">Confirm:<input name="dmconf" type="checkbox" value="dmconf" /> <input name="delete" class="button1" type="submit" onclick="javascript:tbl='';" value="* Delete Member *" /></div>
        <input name="submit" class="button1" type="submit" value="Submit" onclick="javascript:tbl='';"  />
        <input name="cancel" class="button1" type="submit" value="Cancel" onclick="javascript:tbl='';" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>

<?php
} // end if editing and id is given


// A D D  N E W  M E M B E R ? //////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "newmem")
{
?>
  <h2><?php echo ADM_ADDNEWMEMBER;?></h2>
  <p><?php echo ADM_ADDMEMBERINTRO;?></p>
  <p class="required">(<?php echo COM_REQUIRED_ENTRIES;?>)</p>
  <form name="newmem" id="newmem" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td colspan="2"><h3><?php echo ADM_BIZINFO;?></h3>
      </td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BIZNAME;?> </td>
      <td><input type="text" name="biz" size="50" maxlength="80" value="" /></td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_DESCRIPTION;?> </td>
      <td><textarea name="descr" cols="50" rows="5" maxlength="65536"></textarea></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BIZSTATUS;?> </td>
      <td>
        <select name="status">
          <option value="basic" selected="selected"><?php echo ADM_BIZBASIC;?></option>
          <option value="higher"><?php echo ADM_BIZHIGHER;?>r</option>
          <option value="preferred"><?php echo ADM_BIZPREFERRED;?></option>
      </td>
    </tr>
    <tr>
      <td align="right"><?php echo ADM_BIZAGE;?> </td>
      <td><input type="text" name="age" size="3" maxlength="3" value="" /></td>
    </tr>
    <tr><td colspan="2"><?php echo ADM_CHOOSE3CATEGORIES;?>
    <tr>
      <td align="right"><?php echo ADM_CATEGORIES;?> </td>
      <td>
      <select name="cat1">
<?php
      // show select list of available categories
      $result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of categories
        do {
         printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
           } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      <select name="cat2">
<?php
      // show select list of available categories
      $result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of categories
        do {
         printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
           } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      <select name="cat3">
<?php
      // show select list of available categories
      $result = mysql_query("SELECT * FROM $categories ORDER BY  Category ASC",$db);

      if ($myrow = mysql_fetch_array($result)) 
      {
        // display list of shasta contacts
        do {
         printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
           } 
        while ($myrow = mysql_fetch_array($result));
      } else {
        // no records to display
        echo ADM_NOCATEGORIES;	
      } //end if
?>
      </select>
      </td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BADDR1;?> </td>
      <td><input type="text" name="address1" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
      <td><input type="text" name="address2" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BCITY;?> </td>
      <td><input type="text" name="city" size="30" maxlength="36" /> <?php echo ADM_BSTATE;?> <input type="text" name="state" size="2" maxlength="2" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
      <td><input type="text" name="zip" size="7" maxlength="7" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
      <td><input type="text" name="phone" size="12" maxlength="12" />(<?php echo ADM_BPHONE_FMT;?>) &nbsp;&nbsp;<?php echo ADM_BFAX;?> <input type="text" name="fax" size="12" maxlength="12" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
      <td><input type="text" name="email" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BCONTPREF;?> </td>
      <td><input type="text" name="contpref" size="1" maxlength="1" value="p" /> (<?php echo ADM_BINFOPREFS;?>)</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BINFOPREF;?> </td>
      <td><input type="text" name="infopref" size="1" maxlength="1" value="e" /> (<?php echo ADM_BINFOPREFS;?>)</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BURL;?> </td>
      <td><input type="text" name="url" size="30" maxlength="80" />(ex. "http://www.domain.com")</td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BLOGOURL;?> </td>
      <td><input type="text" name="logo_url" size="30" maxlength="80" />
      <input type="button" onClick='window.open("../cms/upload_logo.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="<?php echo ADM_BUPLOAD_LOGO;?>" class="button1">
      </td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo COM_IMAGEURL;?> </td>
      <td><input type="text" name="img_url" size="30" maxlength="80" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo COM_IMAGECAPTION;?> </td>
      <td><input type="text" name="img_capt" size="30" maxlength="80" /> (80 <?php echo ADM_CHARS_MAX;?>)</td>
    </tr>
    <tr>
      <td colspan="2"><h3><?php echo ADM_CONTACT_INFO_HD;?>:</h3></td>
    </tr>
    <tr>
      <td align="right" class="required"><?php echo COM_NAME;?>- <?php echo COM_FIRST;?>: </td><td class="required"><input type="text" name="first" size="20" maxlength="20" /> <?php echo COM_LAST;?> <input type="text" name="last" size="20" maxlength="20" />
      </td>
    </tr>
    <tr>
      <td align="right" class="required"><?php echo COM_PASS_WORD;?></td><td><input type="password" name="pass" size="12" maxlength="12" /> <?php echo COM_CONFIRM;?>: <input type="password" name="pass2" size="12" maxlength="12" /> <div id="confirm" style="display:inline; color:green; visibility:hidden;"><?php echo COM_STARCONFIRMEDSTAR;?></div>
      </td>
    </tr>
    <tr>
      <td nowrap align="right" class="required"><?php echo ADM_BADDR1;?> </td>
      <td><input type="text" name="caddress1" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
      <td><input type="text" name="caddress2" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td nowrap align="right" class="required"><?php echo ADM_BCITY;?> </td>
      <td><input type="text" name="ccity" size="30" maxlength="36" /> <?php echo ADM_BSTATE;?> <input type="text" name="cstate" size="2" maxlength="2" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
      <td><input type="text" name="czip" size="7" maxlength="7" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
      <td><input type="text" name="cphone" size="12" maxlength="12" />(<?php echo ADM_BPHONE_FMT;?>) &nbsp;&nbsp;<?php echo ADM_BFAX;?>: <input type="text" name="fax" size="12" maxlength="12" /></td>
    </tr>
    <tr>
      <td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
      <td><input type="text" name="cemail" size="36" maxlength="36" /></td>
    </tr>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="newmem" />
        <hr noshade />
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" />
        <input name="cancel" class="button1" type="button" value="<?php echo COM_CANCEL_BUTTON;?>" 
        onclick="if(window.history.length>1){window.location='index.php';} else {window.close();}" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>
  
<?php
} // end if what==newmem


// A D D  N E W  C A T E G O R Y ? //////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "newcat")
{
?>
  <h2><?php echo ADM_NEW_CAT_HD;?></h2>
  <form name="newcat" id="newcat" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td><?php echo ADM_NEWCATEGORY;?></td>
      <td><input type="text" name="category" size="55" maxlength="55" /></td>
    </tr>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="newcat" />
        <hr noshade />
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" />
        <input name="cancel" class="button1" type="submit" value="<?php echo COM_CANCEL_BUTTON;?>" onclick="javascript:tbl='';" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>
<?php
} // end if what==newcat


// S E L E C T  C A T E G O R Y  T O  E D I T  ///////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "selcat")
{
?>
  <h2><?php echo ADM_CHOOSECAT;?></h2>
  <form name="select" id="select" method="post" action="index.php">
  <table>
    <tr>
      <td></td>
      <td>
        <input name="scategory" type="text" value="" />
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
        <input type="hidden" name="what" value="selcat2" />
      </td>
    </tr>
  </table>
  </form>
<?php
} // end if what==select


// F I N D  C A T E G O R Y  T O  E D I T ///////////////////////
//
if($_SESSION['WHO'] == "staff" and $_POST["what"] == "selcat2" and isset($_POST["scategory"]))
{
  extract($_POST);
  echo "<h2>Choose one:</h2>";
  $query = "SELECT Id,Category FROM $categories WHERE Category LIKE '%$scategory%'";
  define(ROWS, 20);
  if (empty($offset))
    $offset = 0;
  browse($db, $query, $offset, "lcat", $scategory);
}


// E D I T  C A T E G O R Y ////////////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "editcat")
{
  extract($_GET);
  $sql = "SELECT * FROM $categories WHERE Id=$id";
  $result = mysql_query($sql);
  $myrow = mysql_fetch_array($result);
  
  // lock this record while we work on it
  if (!lock($categories,$id,$myrow))
  {
    exit;
  }
  
  $tbl = $categories;
  $category = $myrow["Category"];

?>
  <h2><?php echo ADM_EDIT_BIZCAT;?></h2>
  <form name="editcat" id="editcat" method="post" action="index.php" onSubmit="return verify(this);">
  <table>
    <tr>
      <td><?php echo ucfirst(ADM_CATEGORY);?> <?php echo $id; ?>:</td>
      <td><input type="text" name="category" size="55" maxlength="55" value="<?php echo $category; ?>" /></td>
    </tr>
    <tr>
      <td colspan="2">
        <input type="hidden" name="why" value="editcat" />
        <input type="hidden" name="id" value="<?php echo $id; ?>" />
        <hr noshade />
        <div style="float:right;"><?php echo COM_CONFIRM;?><input name="dcconf" type="checkbox" value="dcconf" /> <input name="delcat" class="button1" type="submit" onclick="javascript:tbl='';" value="<?php echo ADM_STARDELCATSTAR;?>" /></div>
        <input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" onclick="javascript:tbl='';"  />
        <input name="cancel" class="button1" type="submit" value="<?php echo COM_CANCEL_BUTTON;?>" onclick="javascript:tbl='';" />
        <p>&nbsp;</p>
      </td>
    </tr>
  </table>
  </form>
<?php
} // end if what==editcat


if(!isset($_POST["what"]) && !isset($_GET["browse"]) && !isset($_GET["what"]) && isset($_SESSION['USERPASS']))  
  // default fall-through: tell her what to do now...
  echo "<p>".ADM_PLS_SELECT_TASK."</p>";
?>

</div>
</div><!--body div-->

<?php
// R I G H T S ///////////////////////////////////
//
// Verifies the rights to perform various edits
// on database content. The "$any" flag
// in the database table Config will override.
// Definitions of rights are arbitrary, and are
// distributed as needed in page body code.
//
function rights($testval)
{
  global $_SESSION;
  global $db;
  // fetch configuration flags from db
	if (!($conf = mysql_query("SELECT * FROM $config",$db)))
	  showError();
  $cflag = mysql_fetch_array($conf);
  $rights = $_SESSION['RIGHTS'];
  while (strlen($rights) > strlen($testval)) { $testval = "0".$testval; }
  while (strlen($rights) < strlen($testval)) { $rights = "0".$rights; }
  if (($_SESSION['FNAME'] == "site" and $_SESSION['LNAME'] == "admin") 
       or $cflag['any'] == "1"
       or (($rights & $testval) > 0)
     )
  { return true; }
  return false;
}
ob_end_flush();
?>

</body>

</html>
Return current item: Open Chamber of Commerce