Connect($db_host, $db_user, $db_password, $db_name); # Include FLAKE classes include(FLAKE_DIR . "include_classes.php"); function get_file_contents($filename) { $handle = fopen($filename, "r"); $contents = fread($handle, filesize($filename)); fclose($handle); return $contents; } function authorize($user, $password) { global $conn; $query = "select user_id from users where user_username='" . $user . "' and user_password='" . $password . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { return $result->fields("user_id"); } else { return 0; } } else { return 0; } } function is_admin($user, $password) { global $conn; $query = "select user_admin from users where user_username='" . $user . "' and user_password='" . $password . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { return $result->fields("user_admin"); } else { return 0; } } else { return 0; } } function get_user_id($user) { global $conn; $query = "select user_id from users where user_username='" . $user . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { return $result->fields("user_id"); } else { return 0; } } } function get_user_name($id) { global $conn; $query = "select user_username from users where user_id='" . $id . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { return $result->fields("user_username"); } else { return ""; } } } $message = ""; $form = new form(); $form->localize_form_data(); if (!$current_panel) { $current_panel = "home"; } if ($function == "change_panel") { $current_panel = $new_panel; $function = ""; } if ($function == "log_out") { $user = ""; $password = ""; $current_panel = "login"; $function = ""; $message = "You are now logged out."; } if ($function == "log_in") { if (authorize($login_user, $login_password)) { $user = $login_user; $password = $login_password; $message .= "You are now logged in."; $current_panel = "search"; } else { $message .= "Incorrect username or password."; } } $output = ""; $menubar = new menubar(); $menubar->image_path = "images/menubar/"; $menubar->separator_graphic = "separator.gif"; $menubar->keep_active_item_on = 1; $menubar->add_button("home"); $menubar->add_url_arg("home", "function", "change_panel"); $menubar->add_url_arg("home", "new_panel", "home"); $menubar->set("home", "on_graphic", "home-on.gif"); $menubar->set("home", "off_graphic", "home-off.gif"); $menubar->add_button("search"); $menubar->add_url_arg("search", "function", "change_panel"); $menubar->add_url_arg("search", "new_panel", "search"); $menubar->set("search", "on_graphic", "search-on.gif"); $menubar->set("search", "off_graphic", "search-off.gif"); if ($user) { if (is_admin($user, $password)) { $menubar->add_button("approve"); $menubar->add_url_arg("approve", "function", "change_panel"); $menubar->add_url_arg("approve", "new_panel", "approve"); $menubar->set("approve", "on_graphic", "approve-on.gif"); $menubar->set("approve", "off_graphic", "approve-off.gif"); } $menubar->add_button("add"); $menubar->add_url_arg("add", "function", "change_panel"); $menubar->add_url_arg("add", "new_panel", "add"); $menubar->set("add", "on_graphic", "add-on.gif"); $menubar->set("add", "off_graphic", "add-off.gif"); $menubar->add_button("prefs"); $menubar->add_url_arg("prefs", "function", "change_panel"); $menubar->add_url_arg("prefs", "new_panel", "prefs"); $menubar->set("prefs", "on_graphic", "prefs-on.gif"); $menubar->set("prefs", "off_graphic", "prefs-off.gif"); } if (!$user) { $menubar->add_button("login"); $menubar->add_url_arg("login", "function", "change_panel"); $menubar->add_url_arg("login", "new_panel", "login"); $menubar->set("login", "on_graphic", "log-in-on.gif"); $menubar->set("login", "off_graphic", "log-in-off.gif"); } else { $menubar->add_button("logout"); $menubar->add_url_arg("logout", "function", "log_out"); $menubar->set("logout", "on_graphic", "log-out-on.gif"); $menubar->set("logout", "off_graphic", "log-out-off.gif"); } $menubar_output = $menubar->render($conn); if ($function == "show_profile") { $query = "select * from users where user_id='" . $user_id . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { $output .= "User Profile

"; if ($result->fields("user_name_public")) { $output .= "Name: " . $result->fields("user_first_name") . " " . $result->fields("user_last_name") . "
"; } if ($result->fields("user_email_public")) { $output .= "Email: fields("user_email") . "\">" . $result->fields("user_email") . "
"; } if ($result->fields("user_phone_public")) { $output .= "Phone: " . $result->fields("user_phone") . "
"; } $output .= "

"; if ($result->fields("user_info")) { $output .= "Profile/Commentary:
" . $result->fields("user_info") . ""; } } } } if ($function == "delete_incident") { if (is_admin($user, $password)) { if ($id) { $query = "delete from incidents where incident_id='" . $id . "'"; $result = &$conn->Execute($query); $message = "Incident deleted. "; $function = ""; } } } if ($function == "delete_incident_prompt") { $message = "Are you sure you want to delete this incident? (yes / no)"; $function = "view_incident"; } if ($current_panel == "home") { $output .= get_file_contents("templates/home.html"); } if ($function == "view_incident") { $form = new form(); $form->table_name = "incidents"; $form->primary_key = "incident_id"; $form->key_value = $id; $form->mode = "view"; $form->label_class = "subheader"; $form->data_class = "bodytext"; include("includes/forms/incident-form.inc.php"); $output .= $form->render($conn); } if ($current_panel == "search") { if ($function == "set_incident_search") { $search_terms["description"] = $search_description; $function = ""; } if (!$function) { $form = new form(); $form->label_class = "subheader"; $form->add_element("function"); $form->set("function", "type", "hidden"); $form->set("function", "value", "set_incident_search"); $form->add_element("search_description"); $form->set("search_description", "label", "Description"); $form->set("search_description", "value", $search_terms["description"]); $form->set("search_description", "bgcolor", $default_bgcolor_1); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "value", "Search"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); $output .= "Search
"; $output .= $form->render($conn); $output .= "

"; $hitlist = new hitlist(); $hitlist->name = "approved"; $hitlist->table_name = "incidents"; $hitlist->primary_key = "incident_id"; $query = "select * from incidents where "; if ($search_terms["description"]) { $query .= "incident_description like '%" . $search_terms["description"] . "%' and "; } $query .= "incident_approved = 1"; $hitlist->query = $query; $hitlist->view_action = "view_incident"; if (is_admin($user, $password)) { $hitlist->delete_action = "delete_incident_prompt"; } $hitlist->label_class = "subheader"; $hitlist->data_class = "bodytext"; $hitlist->bgcolor = $default_bgcolor_1; $hitlist->bgcolor2 = $default_bgcolor_2; $hitlist->next_button = "images/look/next-button.gif"; $hitlist->previous_button = "images/look/previous-button.gif"; include("includes/hitlists/incident-hitlist.inc.php"); $hitlist->paging_handler($conn); $output .= $hitlist->render($conn); $output .= $hitlist->render_paging_options($conn); } } if ($current_panel == "approve") { if ($function == "approve_incident") { $query = "update incidents set incident_approved=1 where incident_id='" . $id . "'"; $result=&$conn->Execute($query); if ($result) { $message = "Incident approved. "; } else { $message = "Error. "; } $function = ""; } if (!$function) { $hitlist = new hitlist(); $hitlist->name = "unapproved"; $hitlist->table_name = "incidents"; $hitlist->primary_key = "incident_id"; $query = "select * from incidents where incident_approved != 1"; $hitlist->query = $query; $hitlist->view_action = "view_incident"; $hitlist->edit_action = "approve_incident"; $hitlist->delete_action = "delete_incident_prompt"; $hitlist->label_class = "subheader"; $hitlist->data_class = "bodytext"; $hitlist->bgcolor = $default_bgcolor_1; $hitlist->bgcolor2 = $default_bgcolor_2; $hitlist->next_button = "images/look/next-button.gif"; $hitlist->previous_button = "images/look/previous-button.gif"; include("includes/hitlists/incident-hitlist.inc.php"); $hitlist->paging_handler($conn); $output .= $hitlist->render($conn); $output .= $hitlist->render_paging_options($conn); } } if ($current_panel == "add") { # Define form $form = new form(); $form->table_name = "incidents"; $form->primary_key = "incident_id"; $form->label_class = "subheader"; include("includes/forms/incident-form.inc.php"); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "value", "Submit"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); # Handle submitted data, if any $form->data_handler($conn); # Provide user feedback if ($form->key_value) { if ($form->mode == "add") { $message .= "Record added. You may update it if it is incorrect. "; } else { $message .= "Record updated. "; } $message .= "Thanks.

"; } else { $message .= "Please enter the name and description of the incident.

"; } # Output form HTML $output .= $form->render($conn); } if ($current_panel == "prefs") { $user_id = authorize($user, $password); $form = new form(); $form->table_name = "users"; $form->primary_key = "user_id"; $form->key_value = $user_id; $form->label_class = "subheader"; $form->add_column("user_first_name"); $form->set("user_first_name", "label", "First Name (recommended)"); $form->set("user_first_name", "bgcolor", $default_bgcolor_1); $form->add_column("user_last_name"); $form->set("user_last_name", "label", "Last Name (recommended)"); $form->set("user_last_name", "bgcolor", $default_bgcolor_1); $form->add_column("user_name_public"); $form->set("user_name_public", "label", "Show Name Publicly?"); $form->set("user_name_public", "type", "checkbox"); $form->set("user_name_public", "value", "1"); $form->set("user_name_public", "bgcolor", $default_bgcolor_1); $form->add_column("user_info"); $form->set("user_info", "label", "Profile/Commentary"); $form->set("user_info", "type", "textarea"); $form->set("user_info", "rows", "5"); $form->set("user_info", "cols", "30"); $form->set("user_info", "bgcolor", $default_bgcolor_1); $form->add_column("user_email"); $form->set("user_email", "label", "Email Address (recommended)"); $form->set("user_email", "bgcolor", $default_bgcolor_1); $form->add_column("user_email_public"); $form->set("user_email_public", "label", "Show Email Publicly?"); $form->set("user_email_public", "type", "checkbox"); $form->set("user_email_public", "value", "1"); $form->set("user_email_public", "bgcolor", $default_bgcolor_1); $form->add_column("user_phone"); $form->set("user_phone", "label", "Phone Number (optional)"); $form->set("user_phone", "bgcolor", $default_bgcolor_1); $form->add_column("user_phone_public"); $form->set("user_phone_public", "label", "Show Phone Number Publicly?"); $form->set("user_phone_public", "type", "checkbox"); $form->set("user_phone_public", "value", "1"); $form->set("user_phone_public", "bgcolor", $default_bgcolor_1); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); $form->set("submit", "value", "Update"); $form->data_handler($conn); $output .= "Edit Your Preferences

"; $output .= "Notes:
"; $output .= "

"; $output .= ""; $output .= "
"; $output .= $form->render($conn); $output .= "
"; } if ($current_panel == "login") { if ($function == "register") { # check for duplicate username $query = "select * from users where user_username='" . $register_username . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { $message = "That username is already taken. Please try another one. "; $function = "register_form"; } else { $query = "insert into users (user_username, user_password) values ('" . $register_username . "', '" . $register_password . "')"; $result = &$conn->Execute($query); if ($result) { $message = "Registered. You can now click the Prefs navigation button to edit your personal information. "; } else { $message = "Error! "; } } } else { print "

dd

"; } } if ($function == "register_form") { # show registration form $form = new form(); $form->label_class = "subheader"; $form->add_element("function"); $form->set("function", "type", "hidden"); $form->set("function", "value", "register"); $form->add_element("register_username"); $form->set("register_username", "label", "Username"); $form->set("register_username", "bgcolor", $default_bgcolor_1); $form->add_element("register_password"); $form->set("register_password", "label", "Password"); $form->set("register_password", "bgcolor", $default_bgcolor_1); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "value", "Submit"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); $output .= "Enter Your Desired Username and Password:
"; $output .= $form->render($conn); } if ($function == "password_emailer") { $query = "select user_email, user_password from users where user_username='" . $email_password_username . "'"; $result = &$conn->Execute($query); if ($result) { if (!$result->EOF) { mail($result->fields("user_email"), "Your COP DB password", "Your COP DB password is:\n" . $result->fields("user_password")); $message = "Your password has been emailed to your email address. "; $function = ""; } else { $message = "Username doesn't exist. Are you sure it's correct? "; $function = "password_emailer_form"; } } } if ($function == "password_emailer_form") { # show password emailer form $form = new form(); $form->label_class = "subheader"; $form->add_element("function"); $form->set("function", "type", "hidden"); $form->set("function", "value", "password_emailer"); $form->add_element("email_password_username"); $form->set("email_password_username", "label", "Username"); $form->set("email_password_username", "bgcolor", $default_bgcolor_1); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "value", "Submit"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); $output .= "Enter Your Username:
"; $output .= $form->render($conn); } if (!$function) { # show login form $form = new form(); $form->label_class = "subheader"; $form->add_element("function"); $form->set("function", "type", "hidden"); $form->set("function", "value", "log_in"); $form->add_element("login_user"); $form->set("login_user", "label", "Username"); $form->set("login_user", "bgcolor", $default_bgcolor_1); $form->add_element("login_password"); $form->set("login_password", "label", "Password"); $form->set("login_password", "type", "password"); $form->set("login_password", "bgcolor", $default_bgcolor_1); $form->add_element("submit"); $form->set("submit", "type", "submit"); $form->set("submit", "value", "Submit"); $form->set("submit", "align", "right"); $form->set("submit", "bgcolor", $bgcolor); $output .= "Enter Your Username and Password:
"; $output .= $form->render($conn); $output .= "

"; $output .= "Register"; $output .= "

"; $output .= "Forgot your password?"; } } $template_html = get_file_contents("templates/site_look.html"); $output = str_replace("{output}", $output, $template_html); if ($message) { $message = "" . $message . "

"; } if ($user) { $user_display = "Logged in as " . $user . ""; } else { $user_display = ""; } $output = str_replace("{user}", $user_display, $output); $output = str_replace("{message}", $message, $output); $output = str_replace("{menubar}", $menubar_output, $output); print $output; ?>