.pagecell {background-color: #CCCC99; border: 1px solid #000000;'); print ('text-decoration: none;}'); print ('
'); } function printBottom(){ print ('
'); } //login function, check userid and password against db and set useid cookie if valid, else goto unauthorizedPage function login($userid, $password){ //check the passed variables against the users table and set cookie if they pass ///link handle $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT userhandle, password, firstname FROM ilmusers"; $result = pg_query($query); $matchFlag = 0; while ($row = pg_fetch_array($result)){ if (($row[userhandle] == $userid) and ($row[password] == $password)){ print (""); adminPage($userid); pg_close($link); $matchFlag=1; break; }//end if }//end while if ($matchFlag==0){ unauthorizedPage(); } }//end function //go to the admin page for the user, requires only th userid cookie function adminPage($userid){ printTop(); //variable for admin $adminid = "kapitalm"; //if the admin logged in then display all features, otherwise restict it to... //link handle $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT firstname FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $userFirstName = $row[firstname]; pg_close($link); if($userid == $adminid){ print ('
'); print (''); print (''); print (''); print ('
Greetings '); print ("$userFirstName"); print ('
'); print ('Add An Event'); print (''); print ('Delete An EventModify An Event'); print ('Modify User Info'); print ('Modify Orgs'); print ('
View CalendarUpload A FileDelete A File 
'); }//end if else{//not the admin print ('
'); print (''); print (''); print ('
Greetings '); print ("$userFirstName"); print ('
'); print ('Add An Event'); print (''); print ('Delete An EventModify An Event'); print ('Modify User InfoView Calendar'); print ('
Upload A File'); print ('Delete A File  
'); }//end else printBottom(); }///end function view admin //go to the admin page for the user, requires only th userid cookie function viewDeleteFile(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); $pY = date("Y"); $pM = date("m"); $pD = date("d"); //date("Y-m-d"); //date to expire deletion of events $newtime = mktime(0,0,0, $pM, $pD-400, $pY); $expireDate = date("Y-m-d", $newtime); //print ("30 days from today is $dayThirty"); printTop(); print ('Delete Files

'); print (' 

'); //if the admin logged in then display all features, otherwise .... if($userid == $adminid){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM ilmorgfiles WHERE date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print (''); print (''); print ('
'); print ('ID
Date
Title/Filename
'); print ('
'); print ('Organization
"); print (''); print ("$row[date]"); print (''); print ("$row[title]   $row[filename]"); print (''); print ("$row[ilmorg]"); print ('
'); print ('
'); //print ("$row[id]"); print ('
'); print ('
'); }//end while pg_close($link); }//end if else{//not the admin, cycle thru all orgs for signed in user for($n=0; $n<$orgCount; $n++){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM ilmorgfiles WHERE ilmorg='$orgList[$n]' AND date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print (''); print (''); print (''); print ('
'); print ('ID
Date
Title/Filename
'); print ('Organization
"); print (''); print ("$row[date]"); print (''); print ("$row[title]   $row[filename]"); print (''); print ("$row[ilmorg]"); print ('
'); print ('
'); //print ("$row[id]"); print ('
'); print ('
'); }//end while }//end for pg_close($link); }//end else not admin user printBottom(); }//end function viewDeleteEvent //go to the admin page for the user, requires only th userid cookie function viewDeleteEvent(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); $pY = date("Y"); $pM = date("m"); $pD = date("d"); //date("Y-m-d"); //date to expire deletion of events $newtime = mktime(0,0,0, $pM, $pD-100, $pY); $expireDate = date("Y-m-d", $newtime); //print ("30 days from today is $dayThirty"); printTop(); print ('Delete Events

'); print (' 

'); //if the admin logged in then display all features, otherwise .... if($userid == $adminid){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM calendarevents WHERE date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print (''); print (''); print ('
'); print ('ID
Date
Title
'); print ('Organization
"); print (''); print ("$row[date]"); print (''); print ("$row[title]"); print (''); print ("$row[organization]"); print ('
'); print ('
'); //print ("$row[id]"); print ('
'); print ('
Content
'); print ('
'); }//end while pg_close($link); }//end if else{//not the admin, cycle thru all orgs for signed in user for($n=0; $n<$orgCount; $n++){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM calendarevents WHERE organization='$orgList[$n]' AND date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print (''); print (''); print (''); print ('
'); print ('
ID
Date
Title
'); print ('Organization
"); print (''); print ("$row[date]"); print (''); print ("$row[title]"); print (''); print ("$row[organization]"); print ('
'); print ('
'); print ('
'); print ('
Content
'); print ('
'); }//end while }//end for pg_close($link); }//end else not admin user printBottom(); }//end function viewDeleteEvent //////////delete event function deleteEvent(){ //check for correct event id param if ($_REQUEST['eventId']){ //function variables $userid = checkCookie();//userid as set from browser $adminid = "kapitalm";//admin only id for matching $eventId = $_REQUEST[eventId];//passed event id for deletion //verify that the event being passed does exist $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT id, organization FROM calendarevents WHERE id = '$eventId'"; $result = pg_query($query); $row = pg_fetch_array($result); $eventOrg = $row[organization]; pg_close($link); //if valid event org if ($eventOrg){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList= explode(",",$orgs); $orgCount = count($orgList); $matchFlag = 1;; for($n=0; $n<$orgCount; $n++){ if($orgList[$n] == $eventOrg){ $matchFlag = 0;//set flag to match is the user has an org to match the event org being deleted } } //if users org matches the event to be deleted org, or the user is the admin, it is ok to delete if (($userid == $adminid) or ($matchFlag == 0)){ //if all tests pass, delete record $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "DELETE FROM calendarevents WHERE id='$eventId'"; pg_query($query); pg_close($link); print ('
'); print ('
'); print ('
'); print (" Event ID No.$eventId Deleted from Event Calendar Database
"); viewDeleteEvent(); }//end if match else{ unauthorizedPage(); } }///end if else{ unauthorizedPage(); }//end else }//end 1st if else{ unauthorizedPage(); }//end check param }//end function function deleteFile(){ //check for correct event id param if ($_REQUEST['fileId']){ //function variables $userid = checkCookie();//userid as set from browser $adminid = "kapitalm";//admin only id for matching $fileId = $_REQUEST[fileId];//passed event id for deletion //verify that the event being passed does exist $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT id, ilmorg FROM ilmorgfiles WHERE id = '$fileId'"; $result = pg_query($query); $row = pg_fetch_array($result); $fileOrg = $row[ilmorg]; pg_close($link); //if valid file org if ($fileOrg){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList= explode(",",$orgs); $orgCount = count($orgList); $matchFlag = 1;; for($n=0; $n<$orgCount; $n++){ if($orgList[$n] == $fileOrg){ $matchFlag = 0;//set flag to match is the user has an org to match the file org being deleted } } //if users org matches the file to be deleted org, or the user is the admin, it is ok to delete if (($userid == $adminid) or ($matchFlag == 0)){ //now delete file from folder // delete record in db $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT filename FROM ilmorgfiles WHERE id='$fileId'"; $result = pg_query($query); $row = pg_fetch_array($result); $filename ="files/".$row[filename]; //print ("$filename"); pg_close($link); //delet the file from the upload directory unlink($filename); // delete record in db $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "DELETE FROM ilmorgfiles WHERE id='$fileId'"; pg_query($query); pg_close($link); print ('
'); print ('
'); print ('
'); print ("File $filename Deleted
"); viewDeleteFile(); }//end if match else{ unauthorizedPage(); } }///end if else{ unauthorizedPage(); }//end else }//end 1st if else{ unauthorizedPage(); }//end check param }//end function ///function to view add event form function viewAddEvent(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); printTop(); print ('Add New Event

'); print (' 

'); if($userid == $adminid){ //open form to add event //fill the organization array for the drop down $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT organizationabbreviated FROM ilmorganizations"; $result = pg_query($query); $orgList = array(); while ($row = pg_fetch_array($result)){ $orgList[] = $row[organizationabbreviated]; }//end while pg_close($link); $orgCount = count($orgList); print ('
'); print (''); print (''); print (''); print ('
'); print ('
Date
Title
'); print ('Organization
'); print (''); print (''); print (''); print (''); print (''); print ('
'); print ('
Content
'); }//end if else{//not admin, reg user //print $orgs; $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); //open form to add event print ('
'); print (''); print (''); print (''); print ('
'); print ('
Date
Title
'); print ('Organization
'); print (''); print (''); print (''); print ('
'); print ('
Content
'); }//end else printBottom(); }//end function ///function to view add event form function viewUploadFile(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); $today = date("Y-m-d"); printTop(); print ('Upload New File

'); print (' 

'); $target = "files/"; print("$target"); $target = $target . basename( $_FILES['uploaded']['name']); print("
$target"); $filename = basename( $_FILES['uploaded']['name']); print("
$filename"); $ok=1; //This is our size condition if ($uploaded_size > 15000000){ echo "Your file is too large.
"; $ok=0; } //This is our limit file type condition if ($uploaded_type =="text/php"){ echo "No PHP files
"; $ok=0; } //Here we check that $ok was not set to 0 by an error if ($ok==0){ Echo "Sorry your file was not uploaded"; } //If everything is ok we try to upload it else{ print("
if move_uploaded"); if(move_uploaded_file($_FILES['uploaded']['tmp_name'], $target)){ print("$filename has been uploaded..."); //now add to db $date = $_REQUEST['date']; $title = $_REQUEST['title']; $ilmorg= $_REQUEST['ilmorg']; $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="INSERT INTO ilmorgfiles(date, title, filename, ilmorg, userid) VALUES ('$date', '$title', '$filename', '$ilmorg', '$userid')"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print (" File Uploaded to Database
"); } else{ print ('
'); print ('
'); print ('
'); print ("Error, unable to add file
"); } pg_close($link); } } if($userid == $adminid){ //open form to add event //fill the organization array for the drop down $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT organizationabbreviated FROM ilmorganizations"; $result = pg_query($query); $orgList = array(); while ($row = pg_fetch_array($result)){ $orgList[] = $row[organizationabbreviated]; }//end while pg_close($link); $orgCount = count($orgList); print ('
'); print (''); print (''); print (''); print ('
'); print ('
Date
Title
'); print ('Organization
'); print (''); print ("$today"); print (''); print (''); print (''); print ('
'); print ('
File
'); print ('Select file:

'); print (''); print ('
'); print ('
'); }//end if else{//not admin, reg user //print $orgs; $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); print ('
'); print (''); print (''); print (''); print ('
'); print ('
Date
Title
'); print ('Organization
'); print (''); print ("$today"); print (''); print (''); print (''); print ('
'); print ('
File
'); print ('Select file:

'); print (''); print ('
'); print ('
'); }//end else printBottom(); }//end function function addEvent(){ //check for correct event id param if (($_REQUEST['eventdate']) and ($_REQUEST['eventtitle']) and ($_REQUEST['eventorg']) and ($_REQUEST['content'])){ //function variables $userid = checkCookie();//userid as set from browser $adminid = "kapitalm";//admin only id for matching $eventDate = $_REQUEST['eventdate'];//passed event date $eventTitle = $_REQUEST['eventtitle']; $eventTitle = str_replace("'", "''", $eventTitle); $eventTitle = str_replace(";","",$eventTitle); $eventOrg = $_REQUEST['eventorg']; $contentunmod= $_REQUEST['content']; $content = str_replace("'", "''", $contentunmod); $content = str_replace(";","", $content); $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT firstname, email FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $userEmail = $row[email]; $userFirstName = $row[firstname]; pg_close($link); $pYear = date("Y"); $pMonth = date("m"); $pDay = date("d"); $postedString = "
Posted by $userEmail on $pYear-$pMonth-$pDay
"; //append content to show who posted and when $content = $content . " " . $postedString; //verify that the event being passed is owned by the user $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); $matchFlag = 1;; for($n=0; $n<$orgCount; $n++){ if($orgList[$n] == $eventOrg){ $matchFlag = 0;//set flag to match is the user has an org to match the event org being deleted } } //if users org matches the event org, or the user is the admin, it is ok... if (($userid == $adminid) or ($matchFlag==0)){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="INSERT INTO calendarevents(date, title, organization, content) VALUES ('$eventDate', '$eventTitle', '$eventOrg', '$content')"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print (" Event Added to Event Calendar Database
"); viewAddEvent(); } else{ print ('
'); print ('
'); print ('
'); print ("Database Error, unable to add event
"); viewAddEvent(); } pg_close($link); }//end if match else{ unauthorizedPage(); } }//end if params else{ unauthorizedPage(); }//end else param }//end function function viewModifyEvent(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); //fill the organization array for the drop down with all orgs for admin if($userid == $adminid){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT organizationabbreviated FROM ilmorganizations"; $result = pg_query($query); $orgList = array(); while ($row = pg_fetch_array($result)){ $orgList[] = $row[organizationabbreviated]; }//end while pg_close($link); $orgCount = count($orgList); } else{//get list of just users orgs $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); } printTop(); print ('Modify Events

'); print (' 

'); $pY = date("Y"); $pM = date("m"); $pD = date("d"); //date("Y-m-d"); //date to expire deletion of events $newtime = mktime(0,0,0, $pM, $pD-100, $pY); $expireDate = date("Y-m-d", $newtime); //print ("30 days from today is $dayThirty"); //if the admin logged in then display all features, otherwise restict it to modify/add/delete event per org if($userid == $adminid){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM calendarevents WHERE date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print ('
'); print (' Enable/Disable Form'); print ('
'); print (''); print (''); print ('
'); print ('
ID
Date
Title
'); print ('Organization
"); print (''); print ('
'); print ('
'); print ('
'); print ('
Content
'); print ('
'); }//end while pg_close($link); }//end if else{// not the admin, select events by org for($n=0; $n<$orgCount; $n++){ //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM calendarevents WHERE organization='$orgList[$n]' AND date>='$expireDate' ORDER BY date DESC"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print ('
'); print (' Enable/Disable Form'); print ('
'); print (''); print (''); print ('
'); print ('
ID
Date
Title
'); print ('Organization
"); print (''); print ('
'); print ('
'); print ('
'); print ('
Content
'); print ('
'); }//end while pg_close($link); }//end for loop }//end else printBottom(); }//end function function modifyEvent(){ //check for correct event id param if (($_REQUEST['eventdate']) and ($_REQUEST['eventID'])and ($_REQUEST['eventtitle']) and ($_REQUEST['eventorg']) and ($_REQUEST['content'])){ //function variables $userid = checkCookie();//userid as set from browser $adminid = "kapitalm";//admin only id for matching $eventID = $_REQUEST['eventID']; $eventDate = $_REQUEST['eventdate'];//passed event date $eventTitle= $_REQUEST['eventtitle']; $eventTitle = str_replace("'", "''", $eventTitle); $eventTitle = str_replace(";","",$eventTitle); $eventOrg = $_REQUEST['eventorg']; $contentunmod= $_REQUEST['content']; $content = str_replace("'", "''", $contentunmod); $content = str_replace(";","", $content); $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT firstname, email FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $userEmail = $row[email]; $userFirstName = $row[firstname]; pg_close($link); $pY = date("Y"); $pM = date("m"); $pD = date("d"); $postedString = "
Modified by $userEmail on $pY-$pM-$pD
"; //append content to show who posted and when $content = $content . " " . $postedString; //verify that the event being passed is owned by the user $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = str_replace('"', '',$orgs); $orgs = str_replace("{","",$orgs); $orgs = str_replace("}","",$orgs); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); $matchFlag = 1;; for($n=0; $n<$orgCount; $n++){ if($orgList[$n] == $eventOrg){ $matchFlag = 0;//set flag to match is the user has an org to match the event org being deleted } } //if users org matches the event org, or the user is the admin, it is ok... if (($userid == $adminid) or ($matchFlag==0)){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="UPDATE calendarevents SET date='$eventDate', title='$eventTitle', organization='$eventOrg', content='$content' WHERE id=$eventID"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print ("Event $eventID Modified
"); viewModifyEvent(); } else{ print ('
'); print ('
'); print ('
'); print ("Database Error, unable to modify Event No. $eventID
"); viewModifyEvent(); } pg_close($link); }//end if match else{ unauthorizedPage(); } }//end if params else{ unauthorizedPage(); }//end else param }//end function //viewuser function viewUser(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); //fill the organization array for available orgs if($userid == $adminid){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT organizationabbreviated FROM ilmorganizations"; $result = pg_query($query); $orgList = array(); while ($row = pg_fetch_array($result)){ $orgList[] = $row[organizationabbreviated]; }//end while pg_close($link); $orgCount = count($orgList); } else{//get list of just users orgs $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT ilmorganization FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $orgList = array(); $row = pg_fetch_array($result); $orgs = $row[ilmorganization]; pg_close($link); $orgs = trim($orgs); $orgList = explode(",",$orgs); $orgCount = count($orgList); } printTop(); print ('Modify User

'); print (' 

'); //if the admin logged in then display all features, otherwise restict it to modify/add/delete event per org if($userid == $adminid){ print ('
'); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print ('
HandleFirst NameLast NameEmail
Organizations
'); for ($n=0; $n<$orgCount; $n++){ print (''); print ("$orgList[$n] "); }//end outter for print ('
Password
'); print (''); print ('
'); print (''); print ('
'); print ('
'); //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM ilmusers order by userid asc"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print ('
'); print (''); print (''); print (''); print (''); print (''); print (''); print (""); print (""); print (""); print (""); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print ('
IDHandleFirst NameLast NameEmail
$row[userid]$row[userhandle]$row[firstname]$row[lastname]
Organizations
'); $uorgs = $row[ilmorganization]; $uorgs = str_replace('"', '',$uorgs); $uorgs = str_replace("{","",$uorgs); $uorgs = str_replace("}","",$uorgs); $uorgs = trim($uorgs); $uorgList = array(); $uorgList = explode(",",$uorgs); $uorgCount = count($uorgList); for ($n=0; $n<$orgCount; $n++){ print (''); print ("$orgList[$n] "); }//end outter for print ('
Password
'); print (' '); print('
'); print (''); print ('
'); print ('
'); }//end while pg_close($link); }//end if admin else{// not the admin $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); print ('
'); print (''); print (''); print (''); print (''); print (''); print (''); print (""); print (''); print (""); print (""); print (''); print (''); print (''); print (''); print ('
IDHandleFirst NameLast NameEmail
$row[userid]'); print ('$row[firstname]$row[lastname]
PasswordOrganizations
'); print ("$row[ilmorganization]"); print ('
'); print ('
'); print (''); print ('
'); pg_close($link); }//end else printBottom(); }//end function viewUser function deleteUser(){ $userid = checkCookie();//userid as set from browser $adminid = "kapitalm"; //admin only id for matching//check for correct event id param if (($_REQUEST['userId']) and ($userid == $adminid)){ $userId = $_REQUEST['userId'];//passed event id for deletion $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "DELETE FROM ilmusers WHERE userid='$userId'"; pg_query($query); pg_close($link); print ('
'); print ('
'); print ('
'); print (" User ID No.$userId Deleted from Database
"); viewUser(); }//end if else{ unauthorizedPage(); } }//end function function addUser(){ $userid = checkCookie();//userid as set from browser $adminid = "kapitalm"; //admin only id for matching//check for correctparams if (($_REQUEST['userhandle']) and($_REQUEST['firstname']) and($_REQUEST['lastname']) and($_REQUEST['email']) and($_REQUEST['password']) and($_REQUEST['ilmorganization']) and ($userid == $adminid)){ $userhandle = $_REQUEST['userhandle']; $firstname = $_REQUEST['firstname']; $lastname = $_REQUEST['lastname']; $email = $_REQUEST['email']; $password = $_REQUEST['password']; $ilmorganization= $_REQUEST['ilmorganization']; $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="INSERT INTO ilmusers(userhandle, firstname, lastname, email, password, ilmorganization) VALUES ('$userhandle', '$firstname', '$lastname', '$email', '$password', '$ilmorganization')"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print ("User $userhandle Added To Database
"); viewUser(); } else{ print ('
'); print ('
'); print ('
'); print ("Database Error, unable to add user
"); viewUser(); } pg_close($link); }//end if admin and variable/params else{ unauthorizedPage(); }//end else }//end function function modifyUser(){ //check for correct event id param if (($_REQUEST['userID']) and ($_REQUEST['userhandle']) and ($_REQUEST['email']) and ($_REQUEST['password']) and ($_REQUEST['ilmorganization'])){ //function variables $userid = checkCookie();//userid as set from browser $adminid = "kapitalm";//admin only id for matching $id = $_REQUEST['userID']; $userhandle = $_REQUEST['userhandle'];//passed event date $email = $_REQUEST['email']; $password = $_REQUEST['password']; $ilmorganization= $_REQUEST['ilmorganization']; $tableUserId = ""; //verify that the info being passed is owned by the user if ($userid != $adminid){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT userid FROM ilmusers WHERE userhandle='$userid'"; $result = pg_query($query); $row = pg_fetch_array($result); $tableUserId= $row[userid]; pg_close($link); } $matchFlag = 1; if($id == $tableUserId){ $matchFlag = 0;//set flag to match is the user } if (($userid == $adminid) or ($matchFlag==0)){ $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="UPDATE ilmusers SET password='$password', email='$email', ilmorganization='$ilmorganization', userhandle='$userhandle' WHERE userid='$id'"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print (" User $userhandle Modified
"); if($matchFlag==0){ print ("

Please Log Back In After Modifying Your Info



"); unauthorizedPage(); } else{ viewUser(); } } else{ print ('
'); print ('
'); print ('
'); print ("Database Error, unable to modify user $id

"); viewUser(); } pg_close($link); }//end if match else{ unauthorizedPage(); } }//end if params else{ unauthorizedPage(); }//end else }//end function function viewOrgs(){ //variable for admin $adminid = "kapitalm"; $userid = checkCookie(); if($userid == $adminid){ printTop(); print ('Add/Delete Organizations

'); print (' 

'); print ('
'); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (''); print ('
Organization NameAs Shown On CalendarTable/Record Name
'); print ('
'); print ('
'); //scroll thru all event db records and create forms for each event $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "SELECT * FROM ilmorganizations"; $result = pg_query($query); while ($row = pg_fetch_array($result)){ print (''); print (''); print (''); print (''); print (''); print (''); print (''); print (""); print (""); print (""); print (""); print (''); print ('
IDOrganization NameAs Shown On CalendarRecord Name
$row[id]$row[organizationname]$row[organizationabbreviated]$row[tablename]
'); print ('
'); }//end while pg_close($link); printBottom(); }//end if admnin else{// not the admin, select events by org unauthorizedPage(); }//end else }//end function function addOrg(){ $userid = checkCookie();//userid as set from browser $adminid = "kapitalm"; //admin only id for matching//check for correctparams if (($_REQUEST['organizationname']) and($_REQUEST['organizationabbreviated']) and($_REQUEST['tablename']) and ($userid == $adminid)){ $organizationname = $_REQUEST['organizationname']; $organizationabbreviated = $_REQUEST['organizationabbreviated']; $tablename = $_REQUEST['tablename']; $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query="INSERT INTO ilmorganizations(organizationname, organizationabbreviated, tablename) VALUES ('$organizationname', '$organizationabbreviated', '$tablename')"; if (pg_query($query)){///if query was succesfull print ('
'); print ('
'); print ('
'); print ("Organization $organizationabbreviated Added To Database

"); viewOrgs(); } else{ print ('
'); print ('
'); print ('
'); print ("Database Error, unable to add Organization

"); viewOrgs(); } pg_close($link); }//end if admin and variable/params else{ unauthorizedPage(); }//end else } function deleteOrg(){ $userid = checkCookie();//userid as set from browser $adminid = "kapitalm"; //admin only id for matching//check for correct event id param if (($_REQUEST['Id']) and ($userid == $adminid)){ $Id = $_REQUEST['Id'];//passed event id for deletion $link = pg_connect('dbname=kapitalm user=kapitalm password=sheibooc'); $query = "DELETE FROM ilmorganizations WHERE id='$Id'"; pg_query($query); pg_close($link); print ('
'); print ('
'); print ('
'); print (" Organization ID No.$Id Deleted from Database

"); viewOrgs(); }//end if else{ unauthorizedPage(); } } //if there is incoorect missing info, or if the user is unauthorized function unauthorizedPage(){ //delete cookie via javascript, php not enabled //$expireDate = time()-60; print (""); print ("Please Log In
"); print ('
'); print (''); print (''); print ('
user id
password
'); break; } //log off function, eliminates cookie and sends user to calendar function logoff(){ if ($_COOKIE['userid']){ //$expireDate = time()-100000000; $userid=""; print (""); //send user to calendar print (""); } else{ print (""); } } function checkCookie(){ if ($_COOKIE['userid']){ $userid = $_COOKIE['userid']; return $userid; } else{ unauthorizedPage(); } }//end function ?>


contact us:email