forked from science-ation/science-ation
3deae5e029
Use committee members for authorization Add auth required checks in all admin/config sections
463 lines
10 KiB
PHP
463 lines
10 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
require_once("config.inc.php");
|
|
require_once("committee_auth.php");
|
|
mysql_connect($DBHOST,$DBUSER,$DBPASS);
|
|
mysql_select_db($DBNAME);
|
|
|
|
session_start();
|
|
|
|
//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on)
|
|
$q=mysql_query("SELECT * FROM config WHERE year='0'");
|
|
while($r=mysql_fetch_object($q))
|
|
{
|
|
$config[$r->var]=$r->val;
|
|
}
|
|
|
|
//now pull the rest of the configuration
|
|
$q=mysql_query("SELECT * FROM config WHERE year='".$config['FAIRYEAR']."'");
|
|
while($r=mysql_fetch_object($q))
|
|
{
|
|
$config[$r->var]=$r->val;
|
|
}
|
|
|
|
//detect the browser first, so we know what icons to use - we store this in the config array as well
|
|
//even though its not configurable by the fair
|
|
if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE"))
|
|
$config['icon_extension']="gif";
|
|
else
|
|
$config['icon_extension']="png";
|
|
|
|
|
|
|
|
//now get the languages, and make sure we have at least one active language
|
|
$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname");
|
|
if(mysql_num_rows($q)==0)
|
|
{
|
|
echo "No active languages defined, defaulting to English";
|
|
$config['languages']['en']="English";
|
|
}
|
|
else
|
|
{
|
|
while($r=mysql_fetch_object($q))
|
|
{
|
|
$config['languages'][$r->lang]=$r->langname;
|
|
}
|
|
}
|
|
//now if no language has been set yet, lets set it to the default language
|
|
if(!$_SESSION['lang'])
|
|
{
|
|
//first try the default language, if that doesnt work, use "en"
|
|
if($config['default_language'])
|
|
$_SESSION['lang']=$config['default_language'];
|
|
else
|
|
$_SESSION['lang']="en";
|
|
}
|
|
|
|
|
|
//if the user has switched languages, go ahead and switch the session variable
|
|
if($_GET['switchlanguage'])
|
|
{
|
|
//first, make sure its a valid language:
|
|
if($config['languages'][$_GET['switchlanguage']])
|
|
{
|
|
$_SESSION['lang']=$_GET['switchlanguage'];
|
|
|
|
}
|
|
else
|
|
{
|
|
//invalid language, dont do anything
|
|
}
|
|
}
|
|
|
|
|
|
function i18n($str,$args=array())
|
|
{
|
|
if(!$str)
|
|
return "";
|
|
|
|
if($_SESSION['lang'])
|
|
{
|
|
if($_SESSION['lang']=="en")
|
|
{
|
|
for($x=1;$x<=count($args);$x++)
|
|
{
|
|
$str=str_replace("%$x",$args[$x-1],$str);
|
|
}
|
|
return $str;
|
|
}
|
|
else
|
|
{
|
|
$q=mysql_query("SELECT * FROM translations WHERE lang='".$_SESSION['lang']."' AND strmd5='".md5($str)."'");
|
|
if($r=@mysql_fetch_object($q))
|
|
{
|
|
if($r->val)
|
|
{
|
|
$ret=$r->val;
|
|
|
|
for($x=1;$x<=count($args);$x++)
|
|
{
|
|
$ret=str_replace("%$x",$args[$x-1],$ret);
|
|
}
|
|
return $ret;
|
|
}
|
|
else
|
|
{
|
|
for($x=1;$x<=count($args);$x++)
|
|
{
|
|
$str=str_replace("%$x",$args[$x-1],$str);
|
|
}
|
|
return "<font color=red>$str</font>";
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
mysql_query("INSERT INTO translations (lang,strmd5,str) VALUES ('".$_SESSION['lang']."','".md5($str)."','".mysql_escape_string($str)."')");
|
|
for($x=1;$x<=count($args);$x++)
|
|
{
|
|
$str=str_replace("%$x",$args[$x-1],$str);
|
|
}
|
|
return "<font color=red>$str</font>";
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//no language set, assume english
|
|
return $str;
|
|
}
|
|
}
|
|
|
|
function error($str)
|
|
{
|
|
return "<div class=\"error\">$str</div><br />";
|
|
|
|
}
|
|
|
|
function notice($str)
|
|
{
|
|
return "<div class=\"notice\">$str</div><br />";
|
|
}
|
|
|
|
function happy($str)
|
|
{
|
|
return "<div class=\"happy\">$str</div><br />";
|
|
}
|
|
|
|
$HEADER_SENT=false;
|
|
function send_header($title="")
|
|
{
|
|
global $HEADER_SENT;
|
|
global $config;
|
|
|
|
//do this so we can use send_header() a little more loosly and not worry about it being sent more than once.
|
|
if($HEADER_SENT) return;
|
|
else $HEADER_SENT=true;
|
|
|
|
echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\" ?>\n";
|
|
?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
|
|
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
|
|
<head><title><?=i18n($title)?></title>
|
|
<link rel="stylesheet" href="<?=$config['SFIABDIRECTORY']?>/sfiab.css" type="text/css" />
|
|
</head>
|
|
<body>
|
|
<script language="javascript" type="text/javascript">
|
|
<!--
|
|
//useful function that we'll be using throughout
|
|
function confirmClick(msg)
|
|
{
|
|
var okay=confirm(msg);
|
|
if(okay)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
function el(str,domain,name)
|
|
{
|
|
document.write('<a href="ma'+'il'+'to:' + str + '@' + domain + '">' + name + '</a>');
|
|
}
|
|
|
|
function em(str,domain)
|
|
{
|
|
document.write('<a href="ma'+'il'+'to:' + str + '@' + domain + '">' + str + '@' + domain + '</a>');
|
|
}
|
|
-->
|
|
</script>
|
|
|
|
<div id="header">
|
|
<?
|
|
echo "<h1>".i18n($config['fairname'])."</h1>";
|
|
?>
|
|
<hr />
|
|
</div>
|
|
|
|
<div id="left">
|
|
<ul class="mainnav">
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/index.php"><?=i18n("Home Page")?></a></li>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/register_participants.php"><?=i18n("Participant Registration")?></a></li>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/register_judges.php"><?=i18n("Judges Registration")?></a></li>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/committees.php"><?=i18n("Committee")?></a></li>
|
|
</ul>
|
|
<br />
|
|
<ul class="mainnav">
|
|
<?
|
|
if(auth_has_access("admin") || auth_has_access("config") || auth_has_access("super"))
|
|
{
|
|
if(auth_has_access("admin")){ ?>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/admin/"><?=i18n("Fair Administration")?></a></li>
|
|
<? }
|
|
if(auth_has_access("config")){ ?>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/config/"><?=i18n("SFIAB Configuration")?></a></li>
|
|
<? }
|
|
|
|
?>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/committee_login.php?action=logout"><?=i18n("Committee Logout")?></a></li>
|
|
<?
|
|
|
|
}
|
|
else
|
|
{
|
|
?>
|
|
<li><a href="<?=$config['SFIABDIRECTORY']?>/committee_login.php"><?=i18n("Committee Login")?></a></li>
|
|
<?
|
|
}
|
|
?>
|
|
</ul>
|
|
|
|
<div class="aligncenter">
|
|
|
|
<?
|
|
|
|
if(count($config['languages'])>1)
|
|
{
|
|
echo "<br />";
|
|
echo "<form name=\"languageselect\" method=\"get\" action=\"".$_SERVER['PHP_SELF']."\">";
|
|
echo "<select name=\"switchlanguage\" onchange=\"document.forms.languageselect.submit()\">\n";
|
|
foreach($config['languages'] AS $key=>$val)
|
|
{
|
|
if($_SESSION['lang']==$key) $selected="selected=\"selected\""; else $selected="";
|
|
|
|
echo "<option $selected value=\"$key\">$val</option>";
|
|
}
|
|
echo "</select>";
|
|
echo "</form>";
|
|
}
|
|
|
|
|
|
?>
|
|
<a href="http://www.sfiab.ca/"><?=i18n("Return to SFIAB Development Page")?></a>
|
|
<br />
|
|
<br />
|
|
<? include "http://counter.lightbox.org/?user=sfiab&name=testsite&addr=".$_SERVER['REMOTE_ADDR']; ?>
|
|
</div>
|
|
|
|
</div>
|
|
|
|
|
|
<div id="main">
|
|
<?
|
|
if($title)
|
|
echo "<h2>".i18n($title)."</h2>";
|
|
}
|
|
|
|
function send_footer()
|
|
{
|
|
?>
|
|
</div>
|
|
<div id="footer">
|
|
<? print_r($_SESSION); ?>
|
|
</div>
|
|
|
|
</body>
|
|
</html>
|
|
|
|
<?
|
|
}
|
|
|
|
|
|
function emit_month_selector($name,$selected="")
|
|
{
|
|
echo "<select name=\"$name\">\n";
|
|
$months=array("","Jan","Feb","Mar","Apr","May","Jun","Jul","Aug","Sep","Oct","Nov","Dec");
|
|
echo "<option value=\"\">".i18n("Month")."</option>\n";
|
|
for($x=1;$x<=12;$x++)
|
|
{
|
|
if($x==$selected)
|
|
$s="selected=\"selected\"";
|
|
else
|
|
$s="";
|
|
echo "<option $s value=\"$x\">".$months[$x]."</option>\n";
|
|
}
|
|
|
|
echo "</select>\n";
|
|
|
|
}
|
|
|
|
|
|
function emit_day_selector($name,$selected="")
|
|
{
|
|
echo "<select name=\"$name\">\n";
|
|
echo "<option value=\"\">".i18n("Day")."</option>\n";
|
|
|
|
for($x=1;$x<=31;$x++)
|
|
echo "<option value=\"".($x<10?"0":"")."$x\" ".($selected==$x?"selected=\"selected\"":"").">$x</option>\n";
|
|
|
|
echo "</select>\n";
|
|
|
|
}
|
|
|
|
function emit_year_selector($name,$selected="",$min=0,$max=0)
|
|
{
|
|
$curyear=date("Y");
|
|
echo "<select name=\"$name\">\n";
|
|
echo "<option value=\"\">".i18n("Year")."</option>\n";
|
|
|
|
if($min&&$max)
|
|
{
|
|
for($x=$min;$x<=$max;$x++)
|
|
echo "<option value=\"$x\" ".($selected==$x?"selected=\"selected\"":"").">$x</option>\n";
|
|
|
|
}
|
|
else
|
|
{
|
|
//if we arent given a min and max, lets show current year + 5
|
|
for($x=$curyear;$x<$curyear+5;$x++)
|
|
echo "<option value=\"$x\" ".($selected==$x?"selected=\"selected\"":"").">$x</option>\n";
|
|
}
|
|
echo "</select>\n";
|
|
}
|
|
|
|
function emit_province_selector($name,$selected="")
|
|
{
|
|
$q=mysql_query("SELECT * FROM provinces ORDER BY province");
|
|
if(mysql_num_rows($q)==1)
|
|
{
|
|
$r=mysql_fetch_object($q);
|
|
echo "<input type=\"hidden\" name=\"$name\" value=\"$r-code\">";
|
|
echo i18n($r->province);
|
|
}
|
|
else
|
|
{
|
|
echo "<select name=\"$name\">\n";
|
|
echo "<option value=\"\">".i18n("Select a Province")."</option>\n";
|
|
while($r=mysql_fetch_object($q))
|
|
{
|
|
if($r->code == $selected) $sel="selected=\"selected\""; else $sel="";
|
|
|
|
echo "<option $sel value=\"$r->code\">".i18n($r->province)."</option>\n";
|
|
}
|
|
|
|
echo "</select>\n";
|
|
}
|
|
|
|
}
|
|
|
|
|
|
function outputStatus($status)
|
|
{
|
|
$ret="";
|
|
switch($status)
|
|
{
|
|
case 'incomplete':
|
|
$ret.="<div class=\"incomplete\">";
|
|
$ret.= i18n("Incomplete");
|
|
$ret.= "</div>";
|
|
break;
|
|
case 'complete':
|
|
$ret.= "<div class=\"complete\">";
|
|
$ret.= i18n("Complete");
|
|
$ret.= "</div>";
|
|
break;
|
|
case 'empty':
|
|
$ret.="<div class=\"incomplete\">";
|
|
$ret.= i18n("Empty");
|
|
$ret.= "</div>";
|
|
break;
|
|
|
|
default:
|
|
$ret.=i18n("Unknown");
|
|
break;
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
|
|
function email_send($val,$to,$sub_subject=array(),$sub_body=array())
|
|
{
|
|
$q=mysql_query("SELECT * FROM emails WHERE val='$val'");
|
|
if($r=mysql_fetch_object($q))
|
|
{
|
|
$subject=i18n($r->subject);
|
|
$body=i18n($r->body);
|
|
|
|
if(count($sub_subject))
|
|
{
|
|
foreach($sub_subject AS $sub_k=>$sub_v)
|
|
{
|
|
$subject=ereg_replace("\[$sub_k\]",$sub_v,$subject);
|
|
}
|
|
}
|
|
if(count($sub_body))
|
|
{
|
|
foreach($sub_body AS $sub_k=>$sub_v)
|
|
{
|
|
$body=ereg_replace("\[$sub_k\]",$sub_v,$body);
|
|
}
|
|
}
|
|
|
|
//now word-wrap the body to 79 chars
|
|
//hmm forget the wordwrap for now, its not really needed, but could be done later if need be.
|
|
//i'll leave in the start of the function, but its not nearly complete
|
|
/*
|
|
$MAXCHARS=79;
|
|
$c=0;
|
|
$lastspace=0;
|
|
for($x=0;$x<strlen($body);$x++)
|
|
{
|
|
if($body[$x]==" ")
|
|
$lastspace=$x;
|
|
$c++;
|
|
if($c>$MAXCHARS)
|
|
{
|
|
|
|
}
|
|
}
|
|
*/
|
|
|
|
|
|
mail($to,$subject,$body,"From: $r->from\r\nReply-To: $r->from");
|
|
}
|
|
else
|
|
{
|
|
echo error(i18n("CRITICAL ERROR: email '%1' not found",array($val)));
|
|
}
|
|
}
|
|
|
|
|
|
?>
|