<?php
/*
Part of Open Chamber Of Commerce
Web application for organizations
(C) 2005 Richard H. Nilsson
Waters Gulch Digital
http://watersgulchdigital.com
Released under the GNU General Public License
*/
ob_start();
$page_title = "Admin Login";
$depth = "../";
include '../inc/ccfunctions.inc'; // prepares and starts the session
include '../inc/langs/'.LANG.'/common.php';
include 'langs/'.LANG.'/index.php';
// If logging in, set the session user and password
if (isset($_POST['submit']) and isset($_POST['login']))
{
$userArray = explode(".", trim(stripslashes($_POST['login'])));
$passwd = trim(stripslashes($_POST['passwd']));
$firstn = ucfirst($userArray[0]);
$lastn = ucfirst($userArray[1]);
$who = "";
// check for staff author login
$result = mysql_query("
SELECT * FROM $author
WHERE Fname='$firstn'
AND Lname='$lastn'
AND Passwd='$passwd'
",$db);
if ($myrow = mysql_fetch_array($result))
{
$who = "staff";
// show that the author is logged in
$aid = $myrow["Author_Num"];
$sql = "UPDATE $author SET Li='1' WHERE Author_Num='$aid'";
if (!$result = mysql_query($sql,$db))
showError();
}
// check for member login
$result2 = mysql_query("
SELECT * FROM $members
WHERE First='$firstn'
AND Last='$lastn'
AND Pass='$passwd'
",$db);
if ($who == "" and $myrow2 = mysql_fetch_array($result2))
{
$who = "member";
}
if ($who == "")
{
session_destroy();
// Restart if unauthorized user login
header("Location: $PHP_SELF");
} else {
$_SESSION['WHO'] = $who;
$_SESSION['AUTHORNUM'] = $myrow['Author_Num'];
$_SESSION['FNAME'] = $userArray[0];
$_SESSION['LNAME'] = $userArray[1];
$_SESSION['USERPASS'] = trim(stripslashes($_POST['passwd']));
if (isset($myrow["Rights"]))
{
$_SESSION['RIGHTS'] = $myrow["Rights"]; // used as editorial rights flags
}
}
}
if (isset($_SESSION['WHO']))
{
$page_title = "Admin Main";
}
// this dir is one level down
$depth = "../";
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title><?php echo $page_title; ?></title>
<link rel="stylesheet" href="<?php echo $depth;?>c/admain.css" type="text/css" />
<script type="text/javascript">
<!--
function verify(form)
{
// don't test if canceling or deleteing
if(form['delete'] || form['cancel'])
return true;
var msg = "";
var err = 0;
// verify event entry
if(document.forms.editevent || document.forms.newevent)
{
if (form["name"].value == '')
{
msg += "<?php echo ADM_ENAME_MISSING;?>";
err++;
}
if (form["descr"].value == '')
{
msg += "<?php echo ADM_EDESCRIPTION_EMPTY;?>";
err++;
}
if (form["date"].value == '')
{
msg += "<?php echo ADM_EDATE_MISSING;?>";
err++;
}
} // end verifying event entry or edit
// verify member entry
if(document.forms.newmem || document.forms.editmem)
{
var bj = new RegExp();
var bk = new RegExp();
var cj = new RegExp();
var ck = new RegExp();
if (form["first"].value == '')
{
msg += "<?php echo ADM_CFNAME_MISSING;?>";
err++;
}
if (form["last"].value == '')
{
msg += "<?php echo ADM_CLNAME_MISSING;?>";
err++;
}
if (form["pass"].value != form["pass2"].value)
{
msg += "<?php echo ADM_CPASS_NOMATCH;?>";
err++;
}
if (form["caddress1"].value == '')
{
msg += "<?php echo ADM_CADR1_MISSING;?>";
err++;
}
if (form["ccity"].value == '')
{
msg += "<?php echo ADM_CCITY_MISSING;?>";
err++;
}
if (form["cstate"].value == '')
{
msg += "<?php echo ADM_CSTATE_MISSING;?>";
err++;
}
if (form["cphone"].value != '')
{
ck.compile(/^[0-9]{3}\-[0-9]{3}\-[0-9]{4}$/);
if (!ck.test(form["cphone"].value))
{
msg += "<?php echo ADM_CPHONE_FORMAT;?>";
err++;
}
}
// email is not required, but check it if entered
if(form["cemail"].value != '')
{
// allow Euro-style and subdomain addresses
cj.compile(/^[A-Za-z0-9._-]+@[A-Za-z0-9._-]+\.[A-Za-z0-9]{2,3}$/);
if (!cj.test(form["cemail"].value))
{
msg += "<?php echo ADM_CEMAIL_INVALID;?>";
err++;
}
} // end email check
} // end verifying member entry or edit
if (err > 0)
{
msg = "--------------------------------\n" + msg;
msg = "<?php echo ADM_PLEASE_CORRECT;?>" + msg;
alert(msg);
return false;
}
return true;
} // end verify routines
var id = "<?php echo $_GET['id'];?>";
var tbl = "<?php echo $_GET['tbl'];?>";
onUl = function()
{
if(id!="" && tbl!="")
{
alert("<?php echo ADM_EMERG_UNLOCKG;?>"+id+" in "+tbl+"<?php echo ADM_NEXTTIME_CANCEL;?>");
var url = "unlock.php?id="+id+"&tbl="+tbl;
window.location = url;
}
}
window.onbeforeunload = onUl;
//-->
</script>
<script type="text/javascript"><!--
// instant check that two entries are equal
checkPass = function()
{
if (document.forms[0].pass)
{
conf = document.getElementById("confirm");
if (document.forms[0].pass.value != "" && document.forms[0].pass.value == document.forms[0].pass2.value)
{
conf.style.visibility = "visible";
} else {
conf.style.visibility = "hidden";
}
}
}
document.onkeyup = checkPass;
// update endtime selection on starttime selection change
function forward(form,from,to)
{
for(i=0; i<form[from].length; i++)
{
if(form[from].options[i].selected)
{
for(j=0; j<form[to].length; j++)
{
if(form[to].options[j].selected)
form[to].options[j].selected = "";
}
form[to].options[i].selected = "selected";
}
}
}
// put focus on first text or textarea on the page
// also correct rel=external links
var setFocus = function()
{
if(document.auth)
{
document.auth.login.focus();
return;
}
if(document.forms[0])
{
var el = document.forms[0].elements;
for(i=0; i<el.length; i++)
{
if(el[i].type == "text" || el[i].type == "textarea")
{
el[i].focus();
return;
}
}
} // end focussing
// correct external links
if(!document.getElementsByTagName) return;
var anchors = document.getElementsByTagName("a");
for (var i=0; i<anchors.length; i++) {
var anchor = anchors[i];
if (anchor.getAttribute("href") &&
anchor.getAttribute("rel") == "external")
anchor.target = "_blank";
}
}
window.onload=setFocus;
// enable/disable radio
function toggle(trig,target)
{
if(trig.checked == true)
{
target.disabled = false;
} else {
target.disabled = true;
}
}
//-->
</script>
</head>
<body>
<!-- M A S T H E A D ======================================== -->
<div id="masthead2"><div id="logo2" class="raised"> <?php if(defined('ORG_NAME_BREV')) echo ORG_NAME_BREV;?> <?php echo ADMINISTRATION;?></div>
</div>
<!--end masthead-->
<?php
// L O G G E D I N A S : //////////////////////////////////////
// If she's logged in, show who she is
if(isset($_SESSION['USERPASS']))
{
?>
<div id="ssearch">
<h3><?php echo COM_LOGGED_IN_AS;?></h3>
<p><span style="float:right;"><em><a href="logout.php"><?php echo COM_LOGOUT;?> </a></em></span><?php echo ucfirst($_SESSION['FNAME'])." ". ucfirst($_SESSION['LNAME'])." (". ucfirst($_SESSION['WHO']).")";?>
</p>
</div><!--end ssearch-->
<?php
} // end show if logged in
?>
<div id="body">
<!-- T I T L E & S U B N A V Section ======================= -->
<?php
if ($_SESSION['WHO'] != "")
{
?>
<div id="titlesubs">
<h1 class="title"><?php echo ADM_TASKS;?></h1>
<!-- S U B N A V S -->
<?php
if ($_SESSION['WHO'] == "staff")
{
?>
<div id="subnavs">
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=neweventform';?>"><?php echo ADM_TSK_NEW_EVENT;?></a>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=selevent';?>"><?php echo ADM_TSK_EDIT_EVENT;?></a>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=newmem';?>"><?php echo ADM_TSK_NEW_MEMBER;?></a>
<?php
}
if ($_SESSION['WHO'] == "member" or "staff")
{
?>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=select';?>"><?php echo ADM_TSK_EDIT_MEMBER;?></a>
<?php
}
if ($_SESSION['WHO'] == "staff")
{
?>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=newcat';?>"><?php echo ADM_TSK_NEW_CATEGORY;?></a>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=selcat';?>"><?php echo ADM_TSK_EDIT_CATEGORY;?></a>
<a href="<?php echo 'langs/'.LANG.'/help_admin.php';?>" rel="external" ><?php echo ADM_TSK_HELP;?></a>
<br />
<a href="../banadmin/"><?php echo ADM_TSK_BANNER_ADMIN;?></a>
<a href="<?php echo $_SERVER['PHP_SELF'].'?what=content';?>"><?php echo ADM_TSK_CONTENT_MGR;?></a>
<?php
}
?>
</div><!-- end subnavs -->
</div><!--end titlesubs-->
<?php
}
?>
<div id="dirq">
<?php
//////////////////////////////////////////////////////////////
// S T A R T O F A L L T H E F O R M A C T I O N S
// A U T H E N T I C A T E ///////////////////////////////////
// Has she logged in and been granted a session?
//
if (!isset($_SESSION['USERPASS']))
{
// not logged in -- put up login form
?>
<script type="text/javascript">
// If JavaScript is not enabled, the login form will not appear
//
document.write('<h2><?php echo COM_LOGIN_HEAD;?></'+'h2>');
document.write('<form name="auth" method="post" action="index.php">');
document.write('<table>');
document.write(' <tr>');
document.write(' <td><?php echo COM_USER_NAME;?>: </'+'td>');
document.write(' <td><input name="login" type="text" value="" /> <kbd><?php echo COM_LOGIN_EG;?></'+'kbd> </'+'td>');
document.write(' </'+'tr>');
document.write(' <tr>');
document.write(' <td><?php echo COM_PASS_WORD;?>: </'+'td>');
document.write(' <td><input name="passwd" type="password" value="" />');
document.write(' <input name="submit" type="submit" value="Log in" /></'+'td>');
document.write(' </'+'tr>');
document.write('</'+'table>');
</script>
<noscript>
<p> </p>
<p style="color:#f00;"><strong><?php echo COM_ENABLEJS;?></strong></p>
</noscript>
<?php
} // end if not logged in
// G O T O C O N T E N T M A N A G E M E N T //////////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "content")
{
header("Location: ../cms/");
}
// B R O W S E R E Q U E S T ////////////////////////////////////////
//
if(isset($_SESSION['USERPASS']) and isset($_GET["browse"]) and isset($_GET["offset"]) and isset($_GET["key"]))
{
extract($_GET);
if($browse == "cat" or $browse == "lcat")
{
$query = "SELECT * FROM $categories
WHERE Category LIKE '%$key%'
ORDER BY Category ASC";
define(ROWS, 20);
}
if($browse == "mem" or $browse == "fullmem")
{
$query = "SELECT * FROM $members
WHERE Biz LIKE '%$key%'
ORDER BY Biz ASC";
define(ROWS, 10);
}
if($browse == "event" or $browse == "levent")
{
$query = "SELECT * FROM $events
WHERE Name LIKE '%key%'
OR Descr LIKE '%$key%'
ORDER BY Date ASC";
define(ROWS, 10);
}
if (empty($offset))
$offset = 0;
echo "<p>(Event types: normal <span style=\"color:#900;\">recurring master</span> <span style=\"color:#090;\">recurring clone</span>)</p><br />\n";
browse($db, $query, $offset, $browse, $key);
}
// I N S E R T N E W M E M B E R R E C O R D ////////////////////////
//
if(isset($_SESSION['USERPASS']) and isset($_POST["submit"]) and $_POST["why"] == "newmem")
{
// process form
$quote_style = ENT_QUOTES;
$biz = htmlentities($biz, $quote_style);
$descr = htmlentities($descr, $quote_style);
// get posted form info
extract($_POST);
//echo $biz." - ".$descr."<br>\n"; // DEBUG
$sql = "INSERT INTO $members (Locked, Posted, Updated, Biz, Descr, Status, Age, Cat1, Cat2, Cat3, Address1, Address2, City, State, Zip, Phone, Fax, Email, ContPref, InfoPref, Url, Logo_Url, Img_Url, Img_Capt, First, Last, Pass, Code, CAddress1, CAddress2, CCity, CState, CZip, CPhone, CCell, CFax, CEmail) VALUES ('0', CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, '$biz', '$descr', '$status', '$age', '$cat1', '$cat2', '$cat3', '$address1', '$address2', '$city', '$state', '$zip', '$phone', '$fax', '$email', '$contpref', '$infopref', '$url', '$logo_url', '$img_url', '$img_capt', '$first', '$last', '$pass', '$code', '$caddress1', '$caddress2', '$ccity', '$cstate', '$czip', '$cphone', '$ccell', '$cfax', '$cemail')";
if (!($result = mysql_query($sql)))
showError();
echo "<p>".THANK_YOU.". ".ucfirst(MEMBER)." ID ".mysql_insert_id()." ".COM_WAS_ADDED.".</p>\n";
// provide 'return' button
echo "<br><br>\n<center><form action='javascript:history.go(-2)'><input type='submit' class='button1' value='".COM_OK."'></form></center><br>\n";
} // end if newmem submitted
// U P D A T E M E M B E R R E C O R D ///////////////////////////////
//
if(isset($_SESSION['USERPASS']) and (isset($_POST["submit"]) or isset($_POST["cancel"])) and $_POST["why"] == "memupdate")
{
extract($_POST);
// handle Cancel button request
if($cancel != "")
{
// unlock and abort.
if(!unlock(MEMBERS,$id))
{
echo "<p>".ADM_COULDNOT_UNLOCK." ".$id.
"<br />".COM_CONTACT_SYSADMIN."</p>\n";
} else {
echo "<p>".ADM_EDITING_OF." ".RECORD." ".$id." ".WAS_CANCELED.".</p>\n";
}
} else {
// process form
$quote_style = ENT_QUOTES;
$biz = htmlentities($biz, $quote_style);
$descr = htmlentities($descr, $quote_style);
$sql = "UPDATE $members SET Locked='0', Updated=CURRENT_TIMESTAMP, Biz='$biz', Descr='$descr', Status='$status', Age='$age', Cat1='$cat1', Cat2='$cat2', Cat3='$cat3', Address1='$address1', Address2='$address2', City='$city', State='$state', Zip='$zip', Phone='$phone', Fax='$fax', Email='$email', ContPref='$contpref', InfoPref='$infopref', Url='$url', Logo_Url='$logo_url', Img_Url='$img_url', Img_Capt='$img_capt', First='$first', Last='$last', Pass='$pass', Code='$code', CAddress1='$caddress1', CAddress2='$caddress2', CCity='$ccity', CState='$cstate', CZip='$czip', CPhone='$cphone', CFax='$cfax', CEmail='$cemail' WHERE Id='$id'";
if (!($result = mysql_query($sql)))
{
showError();
} else {
echo "<p>".ucfirst(COM_MEMBER)." ".RECORD." ".COM_WAS_UPDATED.".</p>\n";
}
}// end not cancel
}
// D E L E T E M E M B E R R E C O R D //////////////////////////////
// handle "delete" request
//
if (isset($_SESSION['USERPASS']) and isset($_POST["id"]) and isset($_POST["delete"]) and $_POST["dmconf"] == "dmconf")
{
extract($_POST);
// delete a record
//echo "<p>Deleting content # $id</p>\n"; // DEBUG
$sql = "DELETE FROM $members WHERE Id='$id'";
if (!($result = @ mysql_query($sql, $db)))
showError();
$delete = "";
echo "<p>".ucfirst(COM_MEMBER)." ".$id." ".COM_WAS_DELETED.".</p>\n";
echo "<p>".ADM_PLS_SELECT_TASK."</p>";
exit;
}
// A D D N E W C A T E G O R Y //////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["why"] == "newcat" and !isset($_POST["cancel"]))
{
// add a new category
extract($_POST);
$sql = "INSERT INTO $categories (Locked,Category) VALUES ('0','$category')";
if (!($result = @ mysql_query($sql, $db)))
showError();
echo "<p>".ucfirst(COM_CATEGORY)." \"$category\" ".COM_WAS_ADDED." ".OK.".</p>\n";
}
// U P D A T E C A T E G O R Y //////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and !isset($_POST["delcat"]) and isset($_POST["id"]) and $_POST["why"] == "editcat")
{
extract($_POST);
// handle Cancel button request
if($cancel != "")
{
// unlock and abort.
if(!unlock("$categories",$id))
{
echo "<p>".ADM_COULDNOT_UNLOCK." ".COM_RECORD." ".$id.
"<br />".CONTACT_SYSADMIN."</p>\n";
} else {
echo "<p>".ADM_EDITING_OF." ".$id." ".COM_WAS_CANCELED.".</p>\n";
}
?>
<form name="getout" action="#">
<input name="back" class="button1" type="button" value=" OK " onclick="if(window.history.length>2){window.location='index.php';} else {window.close();}" />
</form>
<?php
exit;
}
// update category
$sql = "UPDATE $categories SET Locked='0',Category='$category' WHERE Id='$id'";
if (!($result = @ mysql_query($sql, $db)))
showError();
echo "<p>".ucfirst(COM_CATEGORY)." \"$category\" ".COM_WAS_UPDATED." ".COM_OK.".</p>\n";
echo "<p>".ADM_PLS_SELECT_TASK."</p>\n";
exit;
}
// D E L E T E C A T E G O R Y ///////////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["id"] != "" and isset($_POST["delcat"]) and $_POST["dcconf"] == "dcconf")
{
extract($_POST);
// delete a category
$sql = "DELETE FROM $categories WHERE Id='$id'";
if (!($result = @ mysql_query($sql, $db)))
showError();
echo "<p>".COM_CATEGORY." # $id ".COM_WAS_DELETED.".</p>\n";
$delete = "";
exit;
}
// D E L E T E E V E N T ///////////////////////////////////////////
//
if (isset($_SESSION['USERPASS']) and $_POST["id"] != "" and isset($_POST["delete"]) and $_POST["deconf"] == "deconf")
{
extract($_POST);
// delete an event
$sql = "DELETE FROM $events WHERE Id='$id'";
if (!($result = @ mysql_query($sql, $db)))
showError();
echo "<p>".COM_EVENT." # $id ".COM_WAS_DELETED.".</p>\n";
if($all == "yes" or $recurr == "1")
{
$sql = "DELETE FROM $events WHERE Recurr='$id'";
if (!($result = @ mysql_query($sql, $db)))
showError();
$num = @ mysql_affected_rows();
echo "<p>".$num." ".ADM_RECURRING_COPIES_ALSO." ".ADM_DELETED.".</p>\n";
}
$delete = "";
exit;
}
// S E L E C T E V E N T T O E D I T ////////////////////////////
//
if(isset($_SESSION['USERPASS']) and $_GET["what"] == "selevent")
{
?>
<h2><?php echo ADM_CHOOSE_EVENT_TOEDIT;?></h2>
<p>(<?php echo ADM_BLANK_TO_LISTALL;?>)</p>
<form name="selevent" id="selevent" method="post" action="index.php?what=selev2">
<table>
<tr>
<td></td>
<td>
<input name="name" type="text" value="" />
<input type="hidden" name="what" value="browse" />
<input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
</td>
</tr>
</table>
</form>
<?php
} // end if what==selevent
// F I N D E V E N T T O E D I T ///////////////////////
//
if(isset($_SESSION['USERPASS']) and $_POST["what"] == "browse" and isset($_POST["name"]) and $_GET["what"] == "selev2" and !isset($_POST['id']))
{
extract($_POST);
echo "<h2>".ADM_CHOOSE_EVENT_TOEDIT."</h2>";
$query = "SELECT * FROM $events
WHERE Name LIKE '%$name%'
or Descr LIKE '%$name%'
ORDER BY Date";
define(ROWS, 10);
if (empty($offset))
$offset = 0;
browse($db, $query, $offset, "levent", $name);
}
// A D D N E W E V E N T /////////////////////////////////////////
//add event
if(isset($_SESSION['USERPASS']) and $_POST["why"] == "newevent")
{
if(isset($_POST['cancel']))
{
header("Location: index.php");
}
// posted, get all the vars
extract($_POST);
//echo "Adding $name<br />\n"; // DEBUG
$descr = preg_replace("/\.\.\/i/","i",$descr);
$quote_style = ENT_QUOTES;
$name = htmlentities($name, $quote_style);
$descr = htmlentities($descr, $quote_style);
$location = htmlentities($location, $quote_style);
$contact = htmlentities($contact, $quote_style);
$year = substr($date,0,4);
$month = substr($date,5,2);
$day = substr($date,8,2);
if (strlen($hour)<2)
$hour = "0".$hour;
if (strlen($min)<2)
$min = "0".$min;
if (strlen($ehour)<2)
$ehour = "0".$ehour;
if (strlen($emin)<2)
$emin = "0".$emin;
$starttime = $hour.":".$min;
$endtime = $ehour.":".$emin;
if($recurr == "")
$recurr = "0";
if($recurr == "1")
{
// Recurring event --
// Recalculate DOW and WOM from entered date:
// Get day of week of entered date
$datearray = getdate(strtotime($date));
$recurdow = $datearray["wday"]; // dow of entered date
// Get starting dow of event's month (sun=0,mon=1,tues=2, etc)
$tstamp = mktime(0,0,0,$datearray["mon"],1,$datearray["year"]);
$d = getdate($tstamp);
$monstart = $d['wday']; // dow that 1st is on...
// calculate current week number of month in which event occurs
// first week is "0"
//$recurwom = (integer)(($datearray["mday"] - $datearray["wday"] + $monstart)/7);
$recurwom = (int)floor($datearray['mday']/7);
if($recurwom > 3)
$recurwom = 3;
//echo "WOM= ".$recurwom." DOW=".$recurdow."<br>\n"; // DEBUG
} else {
// not recurring event
$recurwom = "0";
$recurdow = "0";
} // end if recurr
if ($dayevent == "")
$dayevent = "0";
$venue = $_POST["venue"];
$author = $_POST["author"];
// here we'll enter the form data
$sql = "INSERT INTO $events (Locked, Name, Location, Cost, Contact, Date, StartTime, EndTime, Descr, Recurr, RecurWOM, RecurDOW, DayEvent, Venue, Author) VALUES ('0', '$name', '$location', '$cost', '$contact', '$date', '$starttime', '$endtime', '$descr', '$recurr', '$recurwom', '$recurdow', '$dayevent', '$venue', '$author')";
// echo $sql."<br>"; // DEBUG ONLY
if (!($result = mysql_query($sql)))
showError();
$id = mysql_insert_id();
echo "<p>".ucfirst(COM_EVENT)." ".$id." ".COM_WAS_ADDED.".</p>\n";
// extend recurring event
if($recurr > "0" and $extent != "")
{
echo "<p>".ADM_EXTENDING_RECUR_EVENT." ".$id." ".ADM_FOR." ".$extent." ".COM_MONTHS."... ";
if(!extend($id, $extent))
{
echo " ".COM_FAILED.".<br />".COM_CONTACT_SYSADMIN."</p>\n";
exit;
} else {
echo " ".COM_FINISHED.".</p>\n";
}
}
echo "<p>".ADM_PLS_SELECT_TASK."</p>\n";
exit;
}
// U P D A T E E V E N T /////////////////////////////////////////
//update event
if($_SESSION['WHO'] == "staff" and isset($_POST["id"]) and !isset($_POST["edelete"]) and $_POST["why"] == "editevent")
{
extract($_POST);
if($cancel != "")
{
// unlock and abort.
if(!unlock($events,$id))
{
echo "<p>".ADM_COULDNOT_UNLOCK.".$id <br />".COM_CONTACT_SYSADMIN."</p>\n";
} else {
echo "<p>".ADM_EDITING_OF." ".$id." ".COM_WAS_CANCELED.".</p>\n";
}
} else {
$descr = preg_replace("/\.\.\/i/","i",$descr);
$quote_style = ENT_QUOTES;
$name = htmlentities($name, $quote_style);
$descr = htmlentities($descr, $quote_style);
$location = htmlentities($location, $quote_style);
$contact = htmlentities($contact, $quote_style);
//echo $descr; //DEBUG
$year = substr($date,0,4);
$month = substr($date,5,2);
$day = substr($date,8,2);
if (strlen($hour)<2)
$hour = "0".$hour;
if (strlen($min)<2)
$min = "0".$min;
if (strlen($ehour)<2)
$ehour = "0".$ehour;
if (strlen($emin)<2)
$emin = "0".$emin;
$starttime = $hour.":".$min;
$endtime = $ehour.":".$emin;
if($recurr == "")
$recurr = "0";
/* OK to leave Recurr alone, so it deletes if master deleted
// see if date has changed -- if so, event reverts to non-recurring
$query = "SELECT Id,Date FROM ccEvents WHERE Id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
if($myrow["Date"] != $date)
$recurr = "0";
*/
if($recurr > "0")
{
// Recurring event --
// Recalculate DOW and WOM from entered date:
// Get day of week of entered date
$datearray = getdate(strtotime($date));
$recurdow = $datearray["wday"]; // dow of entered date
// Get starting dow of event's month (sun=0,mon=1,tues=2, etc)
$tstamp = mktime(0,0,0,$datearray["mon"],1,$datearray["year"]);
$d = getdate($tstamp);
$monstart = $d['wday']; // dow that 1st is on
// calculate current "week" number of month in which the event occurs
// (actually just the calendar row) first week is "0"
//$recurwom = (integer)(($datearray["mday"] - $datearray["wday"] + $monstart)/7);
$recurwom = (int)floor($datearray['mday']/7);
if($recurwom > 3)
$recurwom = 3;
} else {
// not recurring event
$recurwom = "0";
$recurdow = "0";
} // end if recurr
if ($dayevent == "")
$dayevent = "0";
// don't change date if disabled
$datestr = "Date='$date', ";
if($date == "") $datestr = "";
// here we'll enter the form data
$events = EVENTS;
$sql = "UPDATE $events SET Locked='0', Name='$name', Location='$location', Cost='$cost', Contact='$contact', ".$datestr."StartTime='$starttime', EndTime='$endtime', Descr='$descr', Recurr='$recurr', RecurWOM='$recurwom', RecurDOW='$recurdow', DayEvent='$dayevent', Venue='$venue', Author='$authornum' WHERE Id='$id'";
// echo $sql."<br>"; // DEBUG ONLY
if (!($result = mysql_query($sql)))
showError();
echo "<p>Event ID ".$id." updated.</p>\n";
// extend recurring event
if($recurr == "1" and $extent != "")
{
echo "<p>".ADM_EXTENDING_RECUR_EVENT." ".$id." ".ADM_FOR." ".$extent." ".MONTHS."...";
if(!extend($id, $extent))
{
echo " ".FAILED.".<br />".CONTACT_SYSADMIN."</p>\n";
exit;
} else {
echo " ".FINISHED.".</p>\n";
}
}
if($_POST["all"] == "yes")
{
// note: date is not updated on recurring copies
$sql = "UPDATE $events SET Locked='0', Name='$name', Location='$location', Cost='$cost', Contact='$contact', StartTime='$starttime', EndTime='$endtime', Descr='$descr', RecurWOM='$recurwom', RecurDOW='$recurdow', DayEvent='$dayevent', Venue='$venue', Author='$authornum' WHERE Recurr='$id'";
if (!($result = mysql_query($sql)))
showError();
$num = @ mysql_num_rows($result);
echo "<p>".$num." ".ADM_RECURRING_COPIES_ALSO." ".ADM_UPDATED.".</p>\n";
}
}// end else not cancel
}
// E D I T E V E N T //////////////////////////////////////////////
//edit event
if($_SESSION['WHO'] == "staff" and isset($_GET["id"]) and $_GET["what"] == "editev")
{
extract($_GET);
$sql = "SELECT * FROM $events WHERE Id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
// lock this record while we work on it
if (!lock($events,$id,$myrow))
{
exit;
}
$quote_style = ENT_QUOTES;
$tbl = $events;
$name = html_entity_decode($myrow["Name"], $quote_style);
$date = $myrow["Date"];
$location = html_entity_decode($myrow["Location"], $quote_style);
$contact = html_entity_decode($myrow["Contact"], $quote_style);
$cost = $myrow["Cost"];
$startary = split(":",$myrow["StartTime"]);
$min = $startary[1];
$hour = $startary[0];
$endary = split(":",$myrow["EndTime"]);
$emin = $endary[1];
$ehour = $endary[0];
$descr = html_entity_decode($myrow["Descr"], $quote_style);
// temp change editor-placed img urls so they appear in editor
$descr = preg_replace("/src=\"i/","src=\"../i",$descr);
$descr = preg_replace("/border=\"0\"/","",$descr);
$recurr = $myrow["Recurr"];
$recurwom = $myrow["RecurWOM"];
$recurdow = $myrow["RecurDOW"];
$dayevent = $myrow["DayEvent"];
$venue = $myrow["Venue"];
/* note: author is reset below to current person editing */
?>
<h2>Edit Event:</h2>
<h3>Id=<?php echo $id;?></h3>
<form name="editevent" id="editevent" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td><?php echo ADM_EVENT_NAME;?></td>
<td><input name="name" type="text" size="40" maxlength="60" value="<?php echo $name;?>" /></td>
</tr>
<tr>
<td align="right"><?php echo ADM_VENUE;?></td>
<td><select name="venue">
<option value="p" <?php if($venue=="p"){echo "selected";}?>>Public</option>
<option value="c" <?php if($venue=="c"){echo "selected";}?>><?php if(defined('ORG_TYPE')) echo ORG_TYPE;?></option>
</select>
</td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_LOCATION;?></td>
<td><textarea name="location" rows="2" cols="45" maxlength="128"><?php echo $location;?></textarea></td>
</tr>
<tr>
<td align="right"><?php echo ADM_COST." ".ADM_CURRENCY_SYMBOL;?></td>
<td><input name="cost" type="text" size="40" maxlength="60" value="<?php echo $cost;?>" /></td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_CONTACT;?></td>
<td><textarea name="contact" rows="2" cols="45" maxlength="128"><?php echo $contact;?></textarea></td>
</tr>
<tr>
<td align="right"><?php echo ADM_DATE;?></td>
<td>
<input <?php if($recurr=='1') {echo "disabled";}?> type="text" name="date" size="12" maxlength="10" value="<?php echo $date;?>" />
<?php if($recurr != '1'){ ?>
<?php echo "<a onClick='window.open(\"date_picker.php?tgt=editevent.date&id=".$id."&tbl=".$events."&fld=Date\",\"\",\"width=250, height=200, navbar=no, location=no, scrollbars=no, resizable=yes\");return false;' href=\"javascript:void(0);\"> <img src=\"../cms/images/cal.gif\" align=\"abs-middle\" alt=\"\" /></a>";?> (yyyy-mm-dd)
<?php }?>
</td>
</tr>
<tr>
<td align="right"><?php echo ADM_START;?></td>
<td><select name="hour" onchange="forward(this.form,'hour','ehour');">
<?php
for ($i=0; $i<24; $i++)
{
$sel = "";
if ($i == $hour) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select>:
<select name="min">
<?php
for ($i=0; $i<60; $i+=15)
{
$sel = "";
if ($i == $min) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select> (24hr)
</td>
</tr>
<tr>
<td align="right"><?php echo ADM_END;?></td>
<td><select name="ehour">
<?php
for ($i=0; $i<24; $i++)
{
$sel = "";
if ($i == $ehour) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select>:
<select name="emin">
<?php
for ($i=0; $i<60; $i+=15)
{
$sel = "";
if ($i == $emin) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select> (24hr)
</td>
</tr>
<?php
if($recurr == '1')
{
?>
<tr>
<td><input name="recurr" type="hidden" value="1" /></td>
<td><span style="color: #090;"><?php echo ADM_THIS_IS_MASTER;?></span><br />
<?php echo ADM_CHANGE_ALL;?><br />
<input name="all" type="radio" value="no" checked />no
<input name="all" type="radio" value="yes" />yes
</td>
</tr>
<?php
} else {
?>
<tr>
<td align="right"><?php echo ADM_RECURRS;?></td>
<td><input <?php if($recurr!='0') {echo "disabled";}?> name="recurr" type="checkbox" value="<?php echo $recurr; ?>" <?php if($recurr != "0"){echo 'checked=\"checked\"';}?> onchange="toggle(this,document.editevent.extent);" /> <?php echo ADM_MONTHLY_THIS_DAY;?></td>
</tr>
<tr>
<td valign="top"></td>
<td>
Extend for
<input name="extent" type="text" disabled="true" size="2" maxlength="2" value="6" />months
</td>
</tr>
<?php
}
?>
<tr>
<td valign="top"><?php echo ADM_DESCRIPTION;?></td>
<td><textarea name="descr" rows="15" cols="45" maxlength="512"><?php echo $descr;?></textarea></td>
</tr>
<tr>
<td></td>
<td align="right">
<input type="button" onClick='window.open("../cms/upload_image.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="Upload Image" class="button1">
</td>
</tr>
<tr>
<td><?php echo ADM_AUTHOR;?></td>
<td>
<?php
$pass = $_SESSION['USERPASS'];
$auth = "";
$result = mysql_query("SELECT * FROM $author WHERE Passwd='$pass' ORDER BY Lname ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// only display author who's editing
do {
if ($myrow["Passwd"] == $pass) {
$auth = $myrow["Author_Num"];
printf(" <span style=\"color:#aaa;\">(%s %s)</span>\n", $myrow["Fname"], $myrow["Lname"]);
}
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOAUTHORS;
} //end if
printf(" <input name=\"author\" value=\"%s\" type=\"hidden\">\n", $auth);
echo " </td>\n";
?>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="editevent" />
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<hr noshade />
<div style="float:right;"><?php echo COM_CONFIRM;?><input name="deconf" type="checkbox" value="deconf" /> <input name="delete" class="button1" type="submit" value="<?php echo ADM_DELEVENT;?>" onclick="javascript:tbl='';" /></div>
<input name="submit" class="button1" type="submit" value=" <?php echo COM_SUBMIT_BUTTON;?> " onclick="javascript:tbl='';" />
<input name="cancel" class="button1" type="submit" value=" <?php echo COM_CANCEL_BUTTON;?> " onclick="javascript:tbl='';" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
if($recurr != '0')
{
echo "<p>".ADM_NOTEDEL_RECUR_EVENT."</p>";
}
?>
<?php
} // end event edit form
// N E W E V E N T E N T R Y //////////////////////////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "neweventform" and $_POST["why"] != "newevent")
{
$_GET["what"] = "";
?>
<h2><?php echo ADM_ADDEVENT;?></h2>
<form name="newevent" id="newevent" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td valign="top"><?php echo ADM_EVENT_NAME;?></td>
<td><input name="name" type="text" size="40" maxlength="60" value="<?php echo $name;?>" /></td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_VENUE;?></td>
<td><select name="venue">
<option value="p"><?php echo ADM_PUBLIC;?></option>
<option value="c"><?php if(defined('ORG_TYPE')) echo ORG_TYPE;?></option>
</select>
</td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_LOCATION;?></td>
<td><textarea name="location" rows="2" cols="45" maxlength="512"><?php echo $location;?></textarea></td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_COST." ".ADM_CURRENCY_SYMBOL;?></td>
<td><input name="cost" type="text" size="6" maxlength="6" value="<?php echo $cost;?>" /></td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_CONTACT;?></td>
<td><textarea name="contact" rows="2" cols="45" maxlength="512"><?php echo $contact;?></textarea></td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_DATE;?> </td>
<td>
<input type="text" name="date" size="12" maxlength="10" value="<?php echo $date;?>" onChange="setVar(newevent.date);" />
<a onClick='window.open("date_picker.php?tgt=newevent.date","","width=250, height=200, navbar=no, location=no, scrollbars=no, resizable=yes");return false;' href="javascript:void(0);"> <img src="../cms/images/cal.gif" align="abs-middle" alt="" /></a> (yyyy-mm-dd)
</td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_START;?></td><td><select name="hour" onchange="forward(this.form,'hour','ehour');">
<?php
for ($i=0; $i<24; $i++)
{
$sel = "";
if ($i == $hour) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select>:
<select name="min">
<?php
for ($i=0; $i<60; $i+=15)
{
$sel = "";
if ($i == $min) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select> (24hr)
</td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_END;?></td>
<td><select name="ehour">
<?php
for ($i=0; $i<24; $i++)
{
$sel = "";
if ($i == $ehour) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select>:
<select name="emin">
<?php
for ($i=0; $i<60; $i+=15)
{
$sel = "";
if ($i == $emin) { $sel = "selected";}
echo "<option value=\"$i\" ".$sel.">".$i."</option>\n";
}
?>
</select> (24hr)
</td>
</tr>
<tr>
<td valign="top" align="right"><?php echo ADM_RECURRS;?></td>
<td><input name="recurr" type="checkbox" value="1" onchange="toggle(this,document.newevent.extent);" /> <?php echo ADM_MONTHLY_THIS_DAY;?></td>
</tr>
<tr>
<td valign="top" align="right"></td>
<td>
<?php echo ADM_EXTEND_FOR;?>
<input name="extent" type="text" disabled="true" size="2" maxlength="2" value="6" /><?php echo COM_MONTHS;?>
</td>
</tr>
<tr>
<td valign="top"><?php echo ADM_DESCRIPTION;?></td>
<td><textarea name="descr" rows="15" cols="45" maxlength="512"><?php echo $descr;?></textarea></td>
</tr>
<tr>
<td></td>
<td align="right">
<input type="button" onClick='window.open("../cms/upload_image.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="Upload Image" class="button1">
</td>
</tr>
<tr>
<td valign="top"><?php echo ADM_AUTHOR;?></td>
<td>
<?php
$pass = $_SESSION['USERPASS'];
$auth = "";
$result = mysql_query("SELECT * FROM $author WHERE Passwd='$pass' ORDER BY Lname ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// only display author who's editing
do {
if ($myrow["Passwd"] == $pass) {
$auth = $myrow["Author_Num"];
printf(" <span style=\"color:#aaa;\">(%s %s)</span>\n", $myrow["Fname"], $myrow["Lname"]);
}
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOAUTHORS;
} //end if
printf(" <input name=\"authornum\" value=\"%s\" type=\"hidden\">\n", $auth);
echo " </td>\n";
?>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="newevent" />
<hr noshade />
<input name="submit" class="button1" type="submit" value=" <?php echo COM_SUBMIT_BUTTON;?> " />
<input name="cancel" class="button1" type="button" value=" <?php echo COM_CANCEL_BUTTON;?> " onclick="javascript:document.location='index.php';" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
}
// S E L E C T M E M B E R T O E D I T ///////////////////
//
if(isset($_SESSION['USERPASS']) and $_GET["what"] == "select" or ($_GET["what"] == "select2" and !isset($_POST["type"])))
{
?>
<h2><?php echo ADM_EDITMEMBER;?></h2>
<form name="select" id="select" method="post" action="index.php?what=select2">
<table>
<tr>
<td></td>
<td>
<?php echo ADM_TYPE;?> <?php echo ADM_LISTED;?><input type="radio" name="type" value="biz" checked />
<?php echo ADM_ASSOCIATE;?><input type="radio" name="type" value="ass" />
</td>
</tr>
<tr>
<td></td>
<td>
<input name="bizname" type="text" value="" />
<input type="hidden" name="what" value="browse" />
<input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
</td>
</tr>
</table>
</form>
<?php
} // end if what==select
// F I N D M E M B E R T O E D I T ///////////////////////
//
if(isset($_SESSION['USERPASS']) and $_POST["what"] == "browse" and $_GET["what"] == "select2" and isset($_POST["type"]))
{
$type = $_POST["type"];
$bizname = $_POST["bizname"];
$pass = $_SESSION['USERPASS'];
echo "<h2>Choose a member to edit:</h2>";
if ($_SESSION['WHO'] == "staff" and $type == "biz")
$query = "SELECT Id,Biz,Address1,City FROM $members WHERE Biz LIKE '%$bizname%'";
if ($_SESSION['WHO'] == "staff" and $type == "ass")
$query = "SELECT Id,First,Last,cAddress1 FROM $members WHERE Biz='' AND (First LIKE '%$bizname%' or Last LIKE '%$bizname%')";
if ($_SESSION['WHO'] == "member" and $type == "biz")
$query = "SELECT Id,Biz,Address1,City FROM ccMembers WHERE Biz LIKE '%$bizname%' AND Pass='$pass'";
if ($_SESSION['WHO'] == "member" and $type == "ass")
$query = "SELECT Id,First,Last,cAddress1 FROM $members WHERE Biz='' AND (First LIKE '%$bizname%' or Last LIKE '%$bizname%') AND Pass='$pass'";
define(ROWS, 10);
if (empty($offset))
$offset = 0;
browse($db, $query, $offset, "mem", $bizname);
}
// E D I T M E M B E R /////////////////////////////////////
if(isset($_SESSION['USERPASS']) and isset($_GET['what']) and $_GET['what'] == "editmem")
{
extract($_GET);
$pass = $_SESSION['USERPASS'];
$sql = "SELECT * FROM $members WHERE Id='$id'";
if ($_SESSION['WHO'] == "member")
$sql .= " AND Pass='$pass'";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
// lock this record while we work on it
if (!lock("ccMembers",$id,$myrow))
{
exit;
}
$quote_style = ENT_QUOTES;
$tbl = $members;
$posted = $myrow["Posted"];
$updated = $myrow["Updated"];
if($updated == "")
$updated = $posted;
$biz = html_entity_decode($myrow["Biz"], $quote_style);
$descr = html_entity_decode($myrow["Descr"], $quote_style);
$status = $myrow["Status"];
$age = $myrow["Age"];
$cat1 = $myrow["Cat1"];
$cat2 = $myrow["Cat2"];
$cat3 = $myrow["Cat3"];
$address1 = $myrow["Address1"];
$address2 = $myrow["Address2"];
$city = $myrow["City"];
$state = $myrow["State"];
$zip = $myrow["Zip"];
$phone = $myrow["Phone"];
$fax = $myrow["Fax"];
$email = $myrow["Email"];
$url = $myrow["Url"];
$logo_url = $myrow["Logo_Url"];
$img_url = $myrow["Img_Url"];
$img_capt = $myrow["Img_Capt"];
$dues = $myrow["Dues"];
$first = $myrow["First"];
$last = $myrow["Last"];
$pass = $myrow["Pass"];
$code = $myrow["Code"];
$first = $myrow["First"];
$first = $myrow["First"];
$caddress1 = $myrow["CAddress1"];
$caddress2 = $myrow["CAddress2"];
$ccity = $myrow["CCity"];
$cstate = $myrow["CState"];
$czip = $myrow["CZip"];
$cphone = $myrow["CPhone"];
$cfax = $myrow["CFax"];
$cemail = $myrow["CEmail"];
?>
<!-- show the editor form -->
<h2><?php echo ADM_EDIT_MEMBER_DATA;?></h2>
<form name="editmem" id="editmem" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td colspan="2"><h3><?php echo ADM_BIZINFO;?></h3>
</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BIZNAME;?> </td>
<td><input type="text" name="biz" size="50" maxlength="80" value="<?php echo $biz;?>" /></td>
</tr>
<tr>
<td align="right"><?php echo ADM_DESCRIPTION;?> </td>
<td><textarea name="descr" cols="50" rows="5" maxlength="65536"><?php echo $descr;?></textarea></td>
</tr>
<tr>
<td align="right"><?php echo ADM_BIZAGE;?> </td>
<td><input type="text" name="age" size="3" maxlength="3" value="<?php echo $age;?>" /></td>
</tr>
<tr>
<td align="right"><?php echo ADM_STATUS;?> </td>
<td>
<select name="status">
<?php
for($i=1; $i<=3; $i++)
{
if($i == 1)
$statopt = "basic";
if($i == 2)
$statopt = "higher";
if($i == 3)
$statopt = "preferred";
if($status == $statopt)
{
$checked = "selected";
} else {
$checked = "";
}
printf("<option value=\"%s\" %s>%s</option>\n", $statopt, $checked, ucfirst($statopt));
}
?>
</select>
</td>
</tr>
<tr><td colspan="2"><?php echo ADM_CHOOSE3CATEGORIES;?>
<tr>
<td align="right"><?php echo ADM_CATEGORIES;?> </td>
<td>
<select name="cat1">
<?php
// show select list of available categories
print "<option value=\"0\"></option>\n";
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of categories
do {
if ($cat1 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
<select name="cat2">
<?php
// show select list of available categories
print "<option value=\"0\"></option>\n";
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of categories
do {
if ($cat2 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
<select name="cat3">
<?php
// show select list of available categories
print "<option value=\"0\"></option>\n";
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of contacts
do {
if ($cat3 == $myrow["Id"]) { $checked = "selected"; } else { $checked = ""; }
printf("<option value=\"%s\" %s>%s</option>\n", $myrow["Id"], $checked, $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BADDR1;?></td>
<td><input type="text" name="address1" size="36" maxlength="36" value="<?php echo $address1;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
<td><input type="text" name="address2" size="36" maxlength="36" value="<?php echo $address2;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BCITY;?> </td>
<td><input type="text" name="city" size="30" maxlength="36" value="<?php echo $city;?>" /> <?php echo ADM_BSTATE;?> <input type="text" name="state" size="2" maxlength="2" value="<?php echo $state;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
<td><input type="text" name="zip" size="7" maxlength="7" value="<?php echo $zip;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
<td><input type="text" name="phone" size="12" maxlength="12" value="<?php echo $phone;?>"/>(<?php echo ADM_BPHONE_FMT;?>) <?php echo ADM_BFAX;?> <input type="text" name="fax" size="12" maxlength="12" value="<?php echo $fax;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
<td><input type="text" name="email" size="36" maxlength="36" value="<?php echo $email;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BCONTPREF;?> </td>
<td><input type="text" name="contpref" size="1" maxlength="1" value="<?php echo $contpref;?>" /> (p,e,m - phone,email,mail)</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BINFOPREF;?> </td>
<td><input type="text" name="infopref" size="1" maxlength="1" value="<?php echo $infopref;?>" /> (<?php echo ADM_BINFOPREFS;?>)</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BURL;?> </td>
<td><input type="text" name="url" size="30" maxlength="80" value="<?php echo $url;?>" />(ex. "http://www.domain.com")</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BLOGOURL;?> </td>
<td><input type="text" name="logo_url" size="30" maxlength="80" value="<?php echo $logo_url;?>" />
<input type="button" onClick='window.open("../cms/upload_logo.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="<?php echo ADM_BUPLOAD_LOGO;?>" class="button1"></td>
</tr>
<tr>
<td nowrap align="right"><?php echo COM_IMAGEURL;?> </td>
<td><input type="text" name="img_url" size="30" maxlength="80" value="<?php echo $img_url;?>" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo COM_IMAGECAPTION;?> </td>
<td><input type="text" name="img_capt" size="30" maxlength="80" value="<?php echo $img_capt;?>" /> (80 <?php ADM_CHARS_MAX;?>)</td>
</tr>
<tr>
<td colspan="2"><h3><?php echo ADM_CONTACT_INFO_HD;?></h3></td>
</tr>
<tr>
<td align="right"><?php echo COM_NAME;?>- <?php echo COM_FIRST;?>: </td><td><input type="text" name="first" size="20" maxlength="20" value="<?php echo $first;?>" /> <?php echo COM_LAST;?>: <input type="text" name="last" size="20" maxlength="20" value="<?php echo $last;?>" />
</td>
</tr>
<tr>
<td align="right"><?php echo COM_PASS_WORD;?>:</td><td><input type="password" name="pass" size="12" maxlength="12" value="<?php echo $pass;?>" /> <?php echo COM_CONFIRM;?>: <input type="password" name="pass2" size="12" maxlength="12" value="<?php echo $pass;?>" /> <div id="confirm" style="display:inline; color:green; visibility:hidden;"><?php echo COM_STARCONFIRMEDSTAR;?></div>
</td>
</tr>
<tr>
<td nowrap align="right">Address1: </td>
<td><input type="text" name="caddress1" size="36" maxlength="36" value="<?php echo $caddress1;?>" /></td>
</tr>
<tr>
<td nowrap align="right">Address2: </td>
<td><input type="text" name="caddress2" size="36" maxlength="36" value="<?php echo $caddress2;?>" /></td>
</tr>
<tr>
<td nowrap align="right">City: </td>
<td><input type="text" name="ccity" size="30" maxlength="36" value="<?php echo $ccity;?>" /> State: <input type="text" name="cstate" size="2" maxlength="2" value="<?php echo $cstate;?>" /></td>
</tr>
<tr>
<td nowrap align="right">Postal code: </td>
<td><input type="text" name="czip" size="7" maxlength="7" value="<?php echo $czip;?>" /></td>
</tr>
<tr>
<td nowrap align="right">Phone: </td>
<td><input type="text" name="cphone" size="12" maxlength="12" value="<?php echo $cphone;?>" />(aaa-ppp-nnnn) Fax: <input type="text" name="fax" size="12" maxlength="12" value="<?php echo $cfax;?>" /></td>
</tr>
<tr>
<td nowrap align="right">Email: </td>
<td><input type="text" name="cemail" size="36" maxlength="36" value="<?php echo $cemail;?>" /></td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="memupdate" />
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<hr noshade />
<div style="float:right;">Confirm:<input name="dmconf" type="checkbox" value="dmconf" /> <input name="delete" class="button1" type="submit" onclick="javascript:tbl='';" value="* Delete Member *" /></div>
<input name="submit" class="button1" type="submit" value="Submit" onclick="javascript:tbl='';" />
<input name="cancel" class="button1" type="submit" value="Cancel" onclick="javascript:tbl='';" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
} // end if editing and id is given
// A D D N E W M E M B E R ? //////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "newmem")
{
?>
<h2><?php echo ADM_ADDNEWMEMBER;?></h2>
<p><?php echo ADM_ADDMEMBERINTRO;?></p>
<p class="required">(<?php echo COM_REQUIRED_ENTRIES;?>)</p>
<form name="newmem" id="newmem" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td colspan="2"><h3><?php echo ADM_BIZINFO;?></h3>
</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BIZNAME;?> </td>
<td><input type="text" name="biz" size="50" maxlength="80" value="" /></td>
</tr>
<tr>
<td align="right"><?php echo ADM_DESCRIPTION;?> </td>
<td><textarea name="descr" cols="50" rows="5" maxlength="65536"></textarea></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BIZSTATUS;?> </td>
<td>
<select name="status">
<option value="basic" selected="selected"><?php echo ADM_BIZBASIC;?></option>
<option value="higher"><?php echo ADM_BIZHIGHER;?>r</option>
<option value="preferred"><?php echo ADM_BIZPREFERRED;?></option>
</td>
</tr>
<tr>
<td align="right"><?php echo ADM_BIZAGE;?> </td>
<td><input type="text" name="age" size="3" maxlength="3" value="" /></td>
</tr>
<tr><td colspan="2"><?php echo ADM_CHOOSE3CATEGORIES;?>
<tr>
<td align="right"><?php echo ADM_CATEGORIES;?> </td>
<td>
<select name="cat1">
<?php
// show select list of available categories
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of categories
do {
printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
<select name="cat2">
<?php
// show select list of available categories
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of categories
do {
printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
<select name="cat3">
<?php
// show select list of available categories
$result = mysql_query("SELECT * FROM $categories ORDER BY Category ASC",$db);
if ($myrow = mysql_fetch_array($result))
{
// display list of shasta contacts
do {
printf("<option value=\"%s\">%s</option>\n", $myrow["Id"], $myrow["Category"]);
}
while ($myrow = mysql_fetch_array($result));
} else {
// no records to display
echo ADM_NOCATEGORIES;
} //end if
?>
</select>
</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BADDR1;?> </td>
<td><input type="text" name="address1" size="36" maxlength="36" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
<td><input type="text" name="address2" size="36" maxlength="36" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BCITY;?> </td>
<td><input type="text" name="city" size="30" maxlength="36" /> <?php echo ADM_BSTATE;?> <input type="text" name="state" size="2" maxlength="2" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
<td><input type="text" name="zip" size="7" maxlength="7" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
<td><input type="text" name="phone" size="12" maxlength="12" />(<?php echo ADM_BPHONE_FMT;?>) <?php echo ADM_BFAX;?> <input type="text" name="fax" size="12" maxlength="12" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
<td><input type="text" name="email" size="36" maxlength="36" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BCONTPREF;?> </td>
<td><input type="text" name="contpref" size="1" maxlength="1" value="p" /> (<?php echo ADM_BINFOPREFS;?>)</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BINFOPREF;?> </td>
<td><input type="text" name="infopref" size="1" maxlength="1" value="e" /> (<?php echo ADM_BINFOPREFS;?>)</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BURL;?> </td>
<td><input type="text" name="url" size="30" maxlength="80" />(ex. "http://www.domain.com")</td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BLOGOURL;?> </td>
<td><input type="text" name="logo_url" size="30" maxlength="80" />
<input type="button" onClick='window.open("../cms/upload_logo.php","","width=450, height=375, navbar=no, location=no, scrollbars=auto, resizable=yes");' value="<?php echo ADM_BUPLOAD_LOGO;?>" class="button1">
</td>
</tr>
<tr>
<td nowrap align="right"><?php echo COM_IMAGEURL;?> </td>
<td><input type="text" name="img_url" size="30" maxlength="80" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo COM_IMAGECAPTION;?> </td>
<td><input type="text" name="img_capt" size="30" maxlength="80" /> (80 <?php echo ADM_CHARS_MAX;?>)</td>
</tr>
<tr>
<td colspan="2"><h3><?php echo ADM_CONTACT_INFO_HD;?>:</h3></td>
</tr>
<tr>
<td align="right" class="required"><?php echo COM_NAME;?>- <?php echo COM_FIRST;?>: </td><td class="required"><input type="text" name="first" size="20" maxlength="20" /> <?php echo COM_LAST;?> <input type="text" name="last" size="20" maxlength="20" />
</td>
</tr>
<tr>
<td align="right" class="required"><?php echo COM_PASS_WORD;?></td><td><input type="password" name="pass" size="12" maxlength="12" /> <?php echo COM_CONFIRM;?>: <input type="password" name="pass2" size="12" maxlength="12" /> <div id="confirm" style="display:inline; color:green; visibility:hidden;"><?php echo COM_STARCONFIRMEDSTAR;?></div>
</td>
</tr>
<tr>
<td nowrap align="right" class="required"><?php echo ADM_BADDR1;?> </td>
<td><input type="text" name="caddress1" size="36" maxlength="36" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BADDR2;?> </td>
<td><input type="text" name="caddress2" size="36" maxlength="36" /></td>
</tr>
<tr>
<td nowrap align="right" class="required"><?php echo ADM_BCITY;?> </td>
<td><input type="text" name="ccity" size="30" maxlength="36" /> <?php echo ADM_BSTATE;?> <input type="text" name="cstate" size="2" maxlength="2" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPOSTCODE;?> </td>
<td><input type="text" name="czip" size="7" maxlength="7" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BPHONE;?> </td>
<td><input type="text" name="cphone" size="12" maxlength="12" />(<?php echo ADM_BPHONE_FMT;?>) <?php echo ADM_BFAX;?>: <input type="text" name="fax" size="12" maxlength="12" /></td>
</tr>
<tr>
<td nowrap align="right"><?php echo ADM_BEMAIL;?> </td>
<td><input type="text" name="cemail" size="36" maxlength="36" /></td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="newmem" />
<hr noshade />
<input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" />
<input name="cancel" class="button1" type="button" value="<?php echo COM_CANCEL_BUTTON;?>"
onclick="if(window.history.length>1){window.location='index.php';} else {window.close();}" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
} // end if what==newmem
// A D D N E W C A T E G O R Y ? //////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "newcat")
{
?>
<h2><?php echo ADM_NEW_CAT_HD;?></h2>
<form name="newcat" id="newcat" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td><?php echo ADM_NEWCATEGORY;?></td>
<td><input type="text" name="category" size="55" maxlength="55" /></td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="newcat" />
<hr noshade />
<input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" />
<input name="cancel" class="button1" type="submit" value="<?php echo COM_CANCEL_BUTTON;?>" onclick="javascript:tbl='';" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
} // end if what==newcat
// S E L E C T C A T E G O R Y T O E D I T ///////////////////
//
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "selcat")
{
?>
<h2><?php echo ADM_CHOOSECAT;?></h2>
<form name="select" id="select" method="post" action="index.php">
<table>
<tr>
<td></td>
<td>
<input name="scategory" type="text" value="" />
<input name="submit" class="button1" type="submit" value="<?php echo COM_SEARCH_BUTTON;?>" />
<input type="hidden" name="what" value="selcat2" />
</td>
</tr>
</table>
</form>
<?php
} // end if what==select
// F I N D C A T E G O R Y T O E D I T ///////////////////////
//
if($_SESSION['WHO'] == "staff" and $_POST["what"] == "selcat2" and isset($_POST["scategory"]))
{
extract($_POST);
echo "<h2>Choose one:</h2>";
$query = "SELECT Id,Category FROM $categories WHERE Category LIKE '%$scategory%'";
define(ROWS, 20);
if (empty($offset))
$offset = 0;
browse($db, $query, $offset, "lcat", $scategory);
}
// E D I T C A T E G O R Y ////////////////////////////////////
if($_SESSION['WHO'] == "staff" and $_GET["what"] == "editcat")
{
extract($_GET);
$sql = "SELECT * FROM $categories WHERE Id=$id";
$result = mysql_query($sql);
$myrow = mysql_fetch_array($result);
// lock this record while we work on it
if (!lock($categories,$id,$myrow))
{
exit;
}
$tbl = $categories;
$category = $myrow["Category"];
?>
<h2><?php echo ADM_EDIT_BIZCAT;?></h2>
<form name="editcat" id="editcat" method="post" action="index.php" onSubmit="return verify(this);">
<table>
<tr>
<td><?php echo ucfirst(ADM_CATEGORY);?> <?php echo $id; ?>:</td>
<td><input type="text" name="category" size="55" maxlength="55" value="<?php echo $category; ?>" /></td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="why" value="editcat" />
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<hr noshade />
<div style="float:right;"><?php echo COM_CONFIRM;?><input name="dcconf" type="checkbox" value="dcconf" /> <input name="delcat" class="button1" type="submit" onclick="javascript:tbl='';" value="<?php echo ADM_STARDELCATSTAR;?>" /></div>
<input name="submit" class="button1" type="submit" value="<?php echo COM_SUBMIT_BUTTON;?>" onclick="javascript:tbl='';" />
<input name="cancel" class="button1" type="submit" value="<?php echo COM_CANCEL_BUTTON;?>" onclick="javascript:tbl='';" />
<p> </p>
</td>
</tr>
</table>
</form>
<?php
} // end if what==editcat
if(!isset($_POST["what"]) && !isset($_GET["browse"]) && !isset($_GET["what"]) && isset($_SESSION['USERPASS']))
// default fall-through: tell her what to do now...
echo "<p>".ADM_PLS_SELECT_TASK."</p>";
?>
</div>
</div><!--body div-->
<?php
// R I G H T S ///////////////////////////////////
//
// Verifies the rights to perform various edits
// on database content. The "$any" flag
// in the database table Config will override.
// Definitions of rights are arbitrary, and are
// distributed as needed in page body code.
//
function rights($testval)
{
global $_SESSION;
global $db;
// fetch configuration flags from db
if (!($conf = mysql_query("SELECT * FROM $config",$db)))
showError();
$cflag = mysql_fetch_array($conf);
$rights = $_SESSION['RIGHTS'];
while (strlen($rights) > strlen($testval)) { $testval = "0".$testval; }
while (strlen($rights) < strlen($testval)) { $rights = "0".$rights; }
if (($_SESSION['FNAME'] == "site" and $_SESSION['LNAME'] == "admin")
or $cflag['any'] == "1"
or (($rights & $testval) > 0)
)
{ return true; }
return false;
}
ob_end_flush();
?>
</body>
</html>