Location: PHPKode > projects > Absolut Engine > absolut-engine-33870/admin/modify.php
<?
@include("coreclass.php");
$ae=new CEngine();
$ae->EngineInitialize();
$ae->RequestVariables(1);
$ae->UserVerifySession();
if ($ae->command==10 AND $ae->action==2)
{
if ($ae->imagesetID[0])
   {
   header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session."&command=edit&imagesetID=".$ae->imagesetID[0]);
   exit;
   }
else
   {
   header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session);
   exit;
   }
}
if ($ae->command==6 AND $ae->action==2)
{
if ($ae->filesetID[0])
   {
   header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session."&command=edit&filesetID=".$ae->filesetID[0]);
   exit;
   }
else
   {
   header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session);
   exit;
   }
}
$ae->DateConversion($ae->adate);
$ae->text=$ae->WYSIWYGtoXHTML($ae->text);



/*---------------------------------------------------
- EDITOR-LEVEL COMMANDS - starting from 1           -
---------------------------------------------------*/
if ($ae->command==1) // deletes the article
   {
   $ae->DeletePhysicalFile($ae->articleID);
   $ae->DBQuery("DELETE FROM ".$ae->table[3]." WHERE ID='".$ae->articleID."'");
   $ae->DBQuery("DELETE FROM ".$ae->table[4]." WHERE articleID='".$ae->articleID."'"); // deletes stats for the article
   $ae->DBQuery("DELETE FROM ".$ae->table[4]." WHERE articleID='".$ae->articleID."'"); // deletes the article discussion
   }
if ($ae->command==2) // adds new article
   {
   if (!$ae->title AND $ae->cleanurls) $ae->DisplayError(8);
   if ($ae->sectionID==$ae->textbasic[24]) $ae->DisplayError(17);
   if ($ae->action==2) $ae->status=0;
   $ae->DBQuery("INSERT INTO ".$ae->table[3]." VALUES (NULL,'".$ae->title."','".$ae->beginning."','".$ae->text."','".$ae->authorID."','".$ae->adate."','".$ae->atime."','".$ae->sectionID."','".$ae->imagesetID."','".$ae->filesetID."','".$ae->priority."','".$ae->status."','".$ae->filename."')");
   $articleID=$ae->insertID;
   if ($ae->cleanurls)
      {
      $ae->GeneratePhysicalFile($ae->articleID);
      $ae->DBQuery("UPDATE ".$ae->table[3]." SET filename='".$ae->filename."' WHERE ID='".$articleID."'");
      }
   $ae->DBQuery("INSERT INTO ".$ae->table[4]." VALUES (NULL,'".$ae->insertID."',0)"); // creates stats for the article
   }
if ($ae->command==3) // updates the article
   {
   if (!$ae->title AND $ae->cleanurls) $ae->DisplayError(8);
   if ($ae->cleanurls)
      {
      $ae->DeletePhysicalFile($ae->articleID);
      $ae->GeneratePhysicalFile($ae->articleID);
      }
   $ae->DBQuery("UPDATE ".$ae->table[3]." SET title='".$ae->title."',beginning='".$ae->beginning."',text='".$ae->text."',authorID='".$ae->authorID."',adate='".$ae->adate."',atime='".$ae->atime."',sectionID='".$ae->sectionID."',imagesetID='".$ae->imagesetID."',filesetID='".$ae->filesetID."',priority='".$ae->priority."',status='".$ae->status."',filename='".$ae->filename."' WHERE ID='".$ae->articleID."'");
   $articleID=$ae->articleID;
   }
if ($ae->command==4) // updates user's own profile
   {
   if (!$ae->password) $ae->DisplayError(5);
   if ($ae->password<>$ae->password2) $ae->DisplayError(6);
   $ae->password=md5($ae->password);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET password='".$ae->password."',fullname='".$ae->fullname."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
   if ($ae->file["name"])
   {
   $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["photo"];
   if ($delfile) $ae->DeleteImage($delfile);
   $photo=$ae->SubmitImage($ae->file["tmp_name"],$ae->file["type"],0);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->userID."'");
   }
   if ($ae->delete)
   {
   $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["photo"];
   $ae->DeleteImage($delfile);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='' WHERE ID='".$ae->userID."'");
   }
   }

// command=5 NOT USED

if ($ae->command==6) // deletes the file set
   {
   for ($temp=0;$temp<count($ae->filesetID);$temp++)
       {
       $tempID=$ae->filesetID[$temp];
       $ae->DBQuery("SELECT * FROM ".$ae->table[2]." WHERE ID='".$tempID."'");
       $ae->DBGetRow();
       $ae->filename[0]=$ae->access["file1"];
       $ae->filename[1]=$ae->access["file2"];
       $ae->filename[2]=$ae->access["file3"];
       $ae->filename[3]=$ae->access["file4"];
       $ae->filename[4]=$ae->access["file5"];
       for ($i=0;$i<=4;$i++)
           {
           if ($ae->filename[$i]) $ae->DeleteFile($ae->filename[$i]);
           }
       $ae->DBQuery("DELETE FROM ".$ae->table[2]." WHERE ID='$tempID'");
       }
   }
if ($ae->command==7) // submits the file set
   {
   if (!$ae->description) $ae->DisplayError(21);
   if (!$ae->file["name"][0]) $ae->DisplayError(23,"#1"," ".$ae->sizemaxfiles);
   for ($i=0;$i<=4;$i++)
       {
       if ($ae->file["name"][$i])
          {
          $filename[$i]=$ae->SubmitFile($ae->file["name"][$i],$ae->file["tmp_name"][$i],$i);
          }
       }
   $ae->DBQuery("INSERT INTO ".$ae->table[2]." VALUES (NULL,'".$ae->description."','".$filename[0]."','".$filename[1]."','".$filename[2]."','".$filename[3]."','".$filename[4]."','".$ae->currentuserID."')");
   }
if ($ae->command==8) // deletes the section
   {
   $ae->DBQuery("DELETE FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
   }
if ($ae->command==9) // adds new section
   {
   $ae->DBQuery("SELECT section FROM ".$ae->table[0]." WHERE section='".$ae->section."'");
   $ae->DBGetRow();
   if ($ae->section==$ae->access["section"]) $ae->DisplayError(19,$ae->section);
   $ae->DBQuery("INSERT INTO ".$ae->table[0]." VALUES(NULL,'".$ae->section."')");
   }
if ($ae->command==10) // deletes the image set
   {
   for ($temp=0;$temp<count($ae->imagesetID);$temp++)
   {
   $tempID=$ae->imagesetID[$temp];
   $ae->DBQuery("SELECT * FROM ".$ae->table[1]." WHERE ID='".$tempID."'");
   $ae->DBGetRow();
   for ($i=0;$i<=9;$i++)
   {
   $ae->filename[$i]=$ae->access["file".($i+1)];
   if ($ae->filename[$i]) $ae->DeleteImage($ae->filename[$i]);
   }
   $ae->DBQuery("DELETE FROM ".$ae->table[1]." WHERE ID='".$tempID."'");
   }
   }
if ($ae->command==11) // submits the image set
   {
   if (!$ae->description) $ae->DisplayError(21);
   if (!$ae->file["name"][0]) $ae->DisplayError(20,"#1"," ".$ae->sizemaximages);
   for ($i=0;$i<=9;$i++)
   {
   if ($ae->file["name"][$i]) $filename[$i]=$ae->SubmitImage($ae->file["tmp_name"][$i],$ae->file["type"][$i],$i);
   }
   $ae->DBQuery("INSERT INTO ".$ae->table[1]." VALUES (NULL,'".$ae->description."','".$filename[0]."','".$filename[1]."','".$filename[2]."','".$filename[3]."','".$filename[4]."','".$filename[5]."','".$filename[6]."','".$filename[7]."','".$filename[8]."','".$filename[9]."','".$ae->filedescription[0]."','".$ae->filedescription[1]."','".$ae->filedescription[2]."','".$ae->filedescription[3]."','".$ae->filedescription[4]."','".$ae->filedescription[5]."','".$ae->filedescription[6]."','".$ae->filedescription[7]."','".$ae->filedescription[8]."','".$ae->filedescription[9]."','".$ae->currentuserID."')");
   }
if ($ae->command==12) // edits the image set
   {
   if (!$ae->description) $ae->DisplayError(21);
   $ae->DBQuery("UPDATE ".$ae->table[1]." SET description='".$ae->description."' WHERE ID='".$ae->imagesetID."'");
   for ($i=0;$i<=9;$i++)
   {
   $ae->DBQuery("UPDATE ".$ae->table[1]." SET filedescription".($i+1)."='".$ae->filedescription[$i]."' WHERE ID='".$ae->imagesetID."'");
   if ($ae->file["name"][$i])
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[1]." WHERE ID='".$ae->imagesetID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["file".($i+1)];
   if ($delfile) $ae->DeleteImage($delfile);
   $filename[$i]=$ae->SubmitImage($ae->file["tmp_name"][$i],$ae->file["type"][$i],$i);
   $ae->DBQuery("UPDATE ".$ae->table[1]." SET file".($i+1)."='".$filename[$i]."' WHERE ID='".$ae->imagesetID."'");
   }
   if (!$ae->file["name"][$i] AND $ae->delete[$i])
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[1]." WHERE ID='".$ae->imagesetID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["file".($i+1)];
   $ae->DeleteImage($delfile);
   $ae->DBQuery("UPDATE ".$ae->table[1]." SET file".($i+1)."='' WHERE ID='".$ae->imagesetID."'");
   }
   }
   for ($i=0;$i<=9;$i++)
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[1]." WHERE ID='".$ae->imagesetID."'");
   $ae->DBGetRow();
   $delimageset=$ae->access["file".($i+1)];
   if (!$delimageset) $filecount++;
   }
   if ($filecount==10) $ae->DBQuery("DELETE FROM ".$ae->table[1]." WHERE ID='".$ae->imagesetID."'");
   }
if ($ae->command==13) // edits the file set
   {
   if (!$ae->description) $ae->DisplayError(21);
   for ($i=0;$i<=2;$i++)
   {
   if ($ae->file["name"][$i])
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[2]." WHERE ID='".$ae->filesetID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["file".($i+1)];
   if ($delfile) $ae->DeleteFile($delfile);
   $filename[$i]=$ae->SubmitFile($ae->file["name"][$i],$ae->file["tmp_name"][$i],$i);
   $ae->DBQuery("UPDATE ".$ae->table[2]." SET file".($i+1)."='".$filename[$i]."' WHERE ID='".$ae->filesetID."'");
   }
   if (!$ae->file["name"][$i] AND $ae->delete[$i])
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[2]." WHERE ID='".$ae->filesetID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["file".($i+1)];
   $ae->DeleteFile($delfile);
   $ae->DBQuery("UPDATE ".$ae->table[2]." SET file".($i+1)."='' WHERE ID='".$ae->filesetID."'");
   }
   }
   for ($i=0;$i<=2;$i++)
   {
   $ae->DBQuery("SELECT file".($i+1)." FROM ".$ae->table[2]." WHERE ID='".$ae->filesetID."'");
   $ae->DBGetRow();
   $delfileset=$ae->access["file".($i+1)];
   if (!$delfileset) $filecount++;
   }
   if ($filecount==3) $ae->DBQuery("DELETE FROM ".$ae->table[2]." WHERE ID='".$ae->filesetID."'");
   }
if ($ae->command==14) // deletes related articles
   {
   for ($temp=0;$temp<count($ae->relatedID);$temp++)
   {
   $tempID=$ae->relatedID[$temp];
   $ae->DBQuery("DELETE FROM ".$ae->table[7]." WHERE articleID='".$ae->articleID."' AND relatedID='".$tempID."'");
   }
   }
if ($ae->command==15) // adds related articles
   {
   if (!$ae->articleID) $ae->DisplayError(0);
   for ($temp=0;$temp<count($ae->relatedID);$temp++)
   {
   $tempID=$ae->relatedID[$temp];
   $ae->DBQuery("SELECT * FROM ".$ae->table[7]." WHERE articleID='".$ae->articleID."' AND relatedID='".$tempID."'");
   if (!$ae->DBGetRow() AND $ae->articleID<>$tempID) $ae->DBQuery("INSERT INTO ".$ae->table[7]." VALUES (NULL,'".$ae->articleID."','".$tempID."')");
   }
   }

/*---------------------------------------------------
- EDITOR-IN-CHIEF-LEVEL COMMANDS - starting from 30 -
---------------------------------------------------*/
if ($ae->command==35) // prioritize article
   {
   $ae->UserVerifyLevel(2);
   $ae->DBQuery("UPDATE ".$ae->table[3]." SET priority=1 WHERE ID='".$ae->articleID."'");
   }
if ($ae->command==36) // deprioritize article
   {
   $ae->UserVerifyLevel(2);
   $ae->DBQuery("UPDATE ".$ae->table[3]." SET priority=0 WHERE ID='".$ae->articleID."'");
   }
if ($ae->command==37) // publish article
   {
   $ae->UserVerifyLevel(2);
   $ae->DBQuery("UPDATE ".$ae->table[3]." SET status=1 WHERE ID='".$ae->articleID."'");
   }
if ($ae->command==38) // put article on hold
   {
   $ae->UserVerifyLevel(2);
   $ae->DBQuery("UPDATE ".$ae->table[3]." SET status=0 WHERE ID='".$ae->articleID."'");
   }

/*---------------------------------------------------
- ADMIN-LEVEL COMMANDS - starting from 50           -
---------------------------------------------------*/
if ($ae->command==50) // deletes a user
   {
   $ae->UserVerifyLevel();
   if ($ae->userID<>1)  // security feature - user admin cannot be deleted
   {
   $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["photo"];
   if ($delfile) $ae->DeleteImage($delfile);
   $ae->DBQuery("DELETE FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   }
   }
if ($ae->command==51) // adds a new user
   {
   $ae->UserVerifyLevel();
   $ae->DBQuery("SELECT user FROM ".$ae->table[5]);
   while ($ae->DBGetRow()) // checks if the same username exists
   {
   if ($ae->user==$ae->access["user"]) $ae->DisplayError(4,$ae->user);
   }
   if (!$ae->user) $ae->DisplayError(18);
   if (!$ae->password) $ae->DisplayError(5);
   if ($ae->password<>$ae->password2) $ae->DisplayError(6);
   if ($ae->position==$ae->textbasic[15]) $ae->DisplayError(7);
   $ae->password=md5($ae->password);
   $ae->DBQuery("INSERT INTO ".$ae->table[5]." VALUES (NULL,'".$ae->user."','".$ae->password."','".$ae->fullname."','".$ae->position."','".$ae->email."','".$ae->language."','','".$ae->otherinfo."')");
   if ($ae->file["name"])
   {
   $photo=$ae->SubmitImage($ae->file["tmp_name"],$ae->file["type"],0);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->insertID."'");
   }
   }
if ($ae->command==52) // updates user's profile including a position
   {
   $ae->UserVerifyLevel();
   if (!$ae->password AND !$ae->password2) // leaves password unchanged
   {
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET fullname='".$ae->fullname."',position='".$ae->position."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
   }
   else // changes everything including password
   {
   if (!$ae->password) $ae->DisplayError(5);
   if ($ae->password<>$ae->password2) $ae->DisplayError(6);
   $ae->password=md5($ae->password);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET password='".$ae->password."',fullname='".$ae->fullname."',position='".$ae->position."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
   }
   if ($ae->file["name"])
   {
   $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["photo"];
   if ($delfile) $ae->DeleteImage($delfile);
   $photo=$ae->SubmitImage($ae->file["tmp_name"],$ae->file["type"],0);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->userID."'");
   }
   if ($ae->delete)
   {
   $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
   $ae->DBGetRow();
   $delfile=$ae->access["photo"];
   $ae->DeleteImage($delfile);
   $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='' WHERE ID='".$ae->userID."'");
   }
   }
if ($ae->command==53) // uninstalls module
   {
   $ae->UserVerifyLevel();
   $ae->DBQuery("DELETE FROM ".$ae->table[8]." WHERE ID='".$ae->moduleID."'");
   }
if ($ae->command==54) // installs module
   {
   $ae->UserVerifyLevel();
   $ae->RetrieveModules();
   }

/*---------------------------------------------------
- REDIRECTION PART                                  -
---------------------------------------------------*/
header("location: http://".$ae->server."/".$ae->path."admin/admin.php?username=".$ae->username."&session=".$ae->session);
if (($ae->command==2 OR $ae->command==3) AND $ae->action==2) header("location: http://".$ae->server."/".$ae->path."admin/editarticle.php?username=".$ae->username."&session=".$ae->session."&articleID=".$articleID."&action=preview");
if ($ae->command==6 OR $ae->command==7 OR $ae->command==13) header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session);
if ($ae->command==8 OR $ae->command==9) header("location: http://".$ae->server."/".$ae->path."admin/managersection.php?username=".$ae->username."&session=".$ae->session);
if ($ae->command>=10 AND $ae->command<=12) header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session);
if ($ae->command==14 OR $ae->command==15) header("location: http://".$ae->server."/".$ae->path."admin/managerrelated.php?username=".$ae->username."&session=".$ae->session."&articleID=".$ae->articleID);
if ($ae->command==53 OR $ae->command==54) header("location: http://".$ae->server."/".$ae->path."admin/managermodule.php?username=".$ae->username."&session=".$ae->session);
?>
Return current item: Absolut Engine