Location: PHPKode > projects > chillyCMS > chillyCMS/admin/edit.include.php
<?php
//#################################################################################################
//	Edit content helper functions
//#################################################################################################
//	chillyCMS - Content Management System
//	Copyright (C) 2008
//	Stefanie Wiegand <hide@address.com> & Johannes Cox <hide@address.com>
//	
//	This program is licensed under the GPL 3.0 license. For more information see LICENSE.txt.
//#################################################################################################
//	editform($id)
//	mainmod_settingsform($modname,$modsettings,$content,$writeright)
//	save_all($id)
//	save_contentsettings($id)
//	save_content($id)
//#################################################################################################
defined('DOIT') or die('Restricted access');

//Content Settings Form////////////////////////////////////////////////////////////////////////////
function editform($id) {
	global $l_gen,$l_edit,$l_cont,$l_tools,$l_menu,$mysession,$is_admin,$settings,$page,$groups;
	$editform = "\t<div id='editform'>\n";
	//New item > insert standard values
	if ($id==0) {
		$editform .= "<h1 class='floatleft'>$l_edit[txt_newitem]</h1>\n";
		//standard values
		$db_name		= "NewItem";
		$db_treeid		= 1;
		$db_depth		= intval($_POST["depth"]);
		$db_parentid		= intval($_POST["parent"]);
		$db_order		= 0;
		$db_active		= 1;
		$db_startpage		= 0;
		$db_modid		= 1;
		$db_modname		= "content";
		$db_settings		= null;
		$db_access		= 0;
		$db_specialaccess	= null;
		$db_uid			= $mysession->user->id;
		$db_lasteditor		= $mysession->user->user;
		$db_datenew		= "";
		$db_dateedit		= "";
		$db_views		= 0;
		$db_content		= null;
		//some things that can be inherited from the parent
		$page->query("select treeid,access,specialaccess,active from site_content where id=$db_parentid limit 1");
		$result=$page->db->getdata();
		if (!empty($result)) {
			$db_treeid=$result["treeid"];
			$db_access=$result["access"];
			$db_specialaccess=$result["specialaccess"];
			$db_active=$result["active"];
		}
	//Existing item > read from db
	} else {
		$editform .= "<h1 class='floatleft'>$l_edit[txt_edititem]</h1>\n";
		$sql="select ifnull(c2.id,0) as prev, ifnull(c3.id,0) as next,u.user as uname,c1.*, m.name as modname ".
		"from site_content as c1 ".
		"left join site_content c2 on c2.order=c1.order-1 and c1.parentid=c2.parentid ".
		"left join system_users u on c1.uid=u.uid ".
		"left join system_modules m on m.modid=c1.modid ".
		"left join site_content c3 on c3.order=c1.order+1 and c1.parentid=c3.parentid ".
		"where c1.id=$id limit 1";
		$page->query($sql);
		$result = $page->db->getdata();

		//Daten zum Content abfragen
		$db_name		= $result["name"];
		$db_treeid		= $result["treeid"];
		$db_depth		= $result["depth"];
		$db_parentid		= $result["parentid"];
		$db_order		= $result["order"];
		$db_active		= $result["active"];
		$db_startpage		= $result["startpage"];
		$db_modid		= $result["modid"];
		$db_modname		= $result["modname"];
		$db_settings		= $result["settings"];
		$db_access		= $result["access"];
		$db_specialaccess	= $result["specialaccess"];
		$db_uid			= $result["uid"];
		$db_lasteditor		= $result["uname"];
		$db_datenew		= $result["date_new"];
		$db_dateedit		= $result["date_edit"];
		$db_views		= $result["views"];
		$db_content		= $result["content"];

	}
	//turn relative paths into absolute ones to be able to see the pictures
	$rel1 = './media';
	$rel2 = 'media';
	$abs = URL.'/media';
	$db_content = str_replace($rel1,$abs,$db_content);
	$db_content = str_replace($rel2,$abs,$db_content);
	
	$sa=explode(",",$db_specialaccess);
	$in_group=$is_mod=false;
	foreach ($sa as $s) {
		//Is the user in that group the item belongs to?
		if(in_array($s,$mysession->user->gids)) {
			if ($mysession->user->gids_assoc[$s]=="w") {
				$in_group="w";
			} else {
				if ($in_group!="w") { $in_group="r"; }
			}
		}
		//Is the user the moderator of that group?
		if (in_array($s,$mysession->user->modgids)) {
			if ($mysession->user->modgids_assoc[$s]=="w") {
				$is_mod="w";
			} else {
				if ($is_mod!="w") { $is_mod="r"; }
			}
		}
	}
	//a user may write IF he's an admin, he's inside a group with writing permissions or
	//the article is free for everybody or it is a new item he just created
	$writeright=($is_admin or $id==0 or $is_mod="w" or $in_group=="w");
	//Buttons
	//--cancel
	$editform .= "<form action='content.site.php'>\n".
	"<input type='submit' class='button floatright' value='$l_gen[lbl_cancel]' />\n".
	"</form>\n";
	if ($writeright) {
		//--reload
		if ($id>0) {
			$editform .= "<form method='post' action='edit.site.php'>\n".
			"<input type='hidden' name='id' value='$id' />\n".
			"<input type='submit' class='button floatright' value='$l_gen[lbl_reload]' />\n".
			"</form>\n";
		}
		//--save
		$editform .= "<form method='post' action='edit.site.php'>\n".
		"<input id='save' type='submit' class='button floatright' name='save' value='$l_gen[lbl_save]' />\n".
		"<br /><br /><br /><input type='hidden' name='save' value='true' />\n".
		"<input type='hidden' name='id' value='$id' />\n".
		"<input type='hidden' name='treeid' value='$db_treeid' />\n".
		"<input type='hidden' name='depth' value='$db_depth' />\n".
		"<input type='hidden' name='oldorder' value='$db_order' />\n".
		"<input type='hidden' name='oldparentid' value='$db_parentid' />\n";
		$namefield="<input type='text' class=\"textinput\" value='$db_name' name='name' size='15' />\n";
		
	} else {
		//read-only output
		$namefield = $db_name;
	}
	$editform .= "<div class='content_settings'>\n".
	"<table>\n".
	"<tr><td class='left' width='100px'>ID</td><td class='left'>$id</td></tr>\n".
	//name
	"<tr><td class='left'>$l_edit[lbl_name]</td><td class='left'>$namefield</td></tr>\n".
	//date
	"<tr><td class='left'>$l_edit[lbl_created]</td><td class='left'>$db_datenew</td></tr>\n".
	"<tr><td class='left'>$l_edit[lbl_edited]</td><td class='left'>$db_dateedit</td></tr>\n".
	//last editor
	"<tr><td class='left'>$l_edit[lbl_editor]</td><td class='left'>$db_lasteditor</td></tr>\n";
	//views
	if ($db_depth>0) {
		$editform .= "<tr><td class='left'>$l_tools[lbl_views]</td><td class='left'>$db_views</td></tr>\n";
	}
	//active?
	$editform .= "<tr><td class='left'>$l_edit[lbl_active]?</td>\n".
	"<td class='left'>\n";
	if ($writeright) {
		if ($db_active==1) {
			$editform .= "<input type='checkbox' class='middle' name='active' value='1' checked='checked' />\n".
			"</td></tr>";
		} else {
			$editform .= "<input type='checkbox' class='middle' name='active' value='1' />\n".
			"</td></tr>\n";
		}
	} else {
		if ($db_active==1) {
			$editform .= $l_gen["lbl_yes"];
		} else {
			$editform .= $l_gen["lbl_no"];
		}
		$editform .= "</td></tr>\n";
	}
	//startpage?
	if ($writeright && $db_depth>0) {
		$editform .= "<tr>\n".
		"<td class='left'>$l_cont[lbl_startpage]?</td>\n".
		"<td class='left'>\n";
		if ($db_startpage==1) {
			$editform .= "<input class='middle' type='checkbox' name='startpage' value='1' checked='checked' />\n".
			"</td>\n".
			"</tr>\n";
		} else {
			$editform .= "<input class='middle' type='checkbox' name='startpage' value='1' />\n".
			"</td>\n".
			"</tr>\n";
		}
	}
	//modid (not for menu)
	$editform .= "<tr>\n".
	"<td class='left'>$l_edit[lbl_modid]</td>\n".
	"<td class='left'>\n";
	$sql="select modid,name from system_modules where type=0 order by name";
	$page->query($sql);
	$result = $page->db->getdata_array();
	if ($db_depth>0 && $writeright) {
		$editform .= "<select size='1' name='modid'>\n";
		foreach ($result as $row) {
			if ($db_modid==$row["modid"]) {
				$editform .= "<option value='$row[modid]' selected='selected'>$row[name]</option>\n";
			} else {
				$editform .= "<option value='$row[modid]'>$row[name]</option>\n";
			}
		}
		$editform .= "</select>\n".
		"</td>\n".
		"</tr>\n";
	} else {
		foreach ($result as $row) {
			if ($db_modid==$row["modid"]) {
				$editform .= $row["name"];
			}
		}
		$editform .= "</td>\n".
		"</tr>\n";
	}
	//parent item (not for menu)
	if ($is_admin && $db_depth>0) {
	$editform .= "<tr>\n".
	"<td class='left'>$l_edit[lbl_parent]</td>\n".
	"<td class='left'>\n";
		$editform .= "<select class='parent' name='parentid' size='1'>\n";
			//get all trees
			$wholetree=array();
			$sql = "select * from site_content where id=treeid and parentid=0";
			$page->query($sql);
			$result = $page->db->getdata_array();
			foreach ($result as $row) {
				$newtree = get_tree($row["id"]);
				$wholetree = array_merge($wholetree,$newtree);
			}
			foreach ($wholetree as $item) {
				if ($item->depth<$settings["max_menudepth"]) {
					$printdepth=10*$item->depth;
					$editform .= " <option value='$item->id' style='padding-left:".$printdepth."px;";
					if ($db_depth==0) { echo "font-weight:bold;";}
					$editform .= "'";
					if ($db_parentid==$item->id) {
						$editform .= " selected='selected'";
					}
					$editform .= ">".$item->name."</option>\n";
				}
			}
			$editform .= "</select>\n".
			"</td>\n".
			"</tr>\n";
	} else {
		if ($writeright) {
			$editform .= "<input type='hidden' name='parentid' value='$db_parentid' />\n";
		}
	}
	//Access
	if ($writeright && ($is_admin or $is_mod=="w")) {
		$editform .= "<tr><td class='left'>$l_cont[lbl_genacc]</td><td class='left'>".
		"<select size='1' name='access'>";
		if ($db_access==0) {
			$editform .= "<option value='0' selected='selected'>$l_cont[lbl_everybody]</option>";
		} else {
			$editform .= "<option value='0'>$l_cont[lbl_everybody]</option>";
		}
		if ($db_access==1) {
			$editform .= "<option value='1' selected='selected'>$l_cont[lbl_users]</option>";
		} else {
			$editform .= "<option value='1'>$l_cont[lbl_users]</option>";
		}
		if ($db_access==2) {
			$editform .= "<option value='2' selected='selected'>$l_cont[lbl_admins]</option>";
		} else {
			$editform .= "<option value='2'>$l_cont[lbl_admins]</option>";
		}
		$editform .= "</select></td></tr>";
		//Special Access? (only if there are any special groups) and only for admin!
		$specialgroups = array();
		foreach ($groups as $g) {
			if ($g["gid"]>2) { $specialgroups[] = $g; }
		}
		
		if (!empty($specialgroups) && $is_admin) {
			//--checkbox
			if ($db_specialaccess!="") { $checked="checked='checked'"; } else { $checked = ""; }
			$editform .= "<tr><td class='left'>$l_cont[lbl_spacc]?</td><td class='left'>
			<input class='middle' type='checkbox' name='specialaccess' id='specialaccess' ".
			"onclick='getspecialrights()' $checked /></td></tr>";
			//--menu
			$editform .= "<tr><td></td><td class='left'><div id='specialaccessmenu'>";
			$spacc=explode(",",$db_specialaccess);
			foreach ($specialgroups as $sg) {
				if (in_array($sg["gid"],$spacc)) {
					$editform .= "<input type='checkbox' name='spacc[".intval($sg["gid"]).
					"]' class='middle' value='".intval($sg["gid"]).
					"' checked='checked' /><span class='middle'>$sg[name]</span><br />";
				} else {
					$editform .= "<input type='checkbox' name='spacc[".intval($sg["gid"]).
					"]' class='middle' value='".intval($sg["gid"]).
					"' /><span class='middle'>$sg[name]</span><br />";
				}
			}
			$editform .= "<script type='text/javascript' language='JavaScript'>getspecialrights();</script>".
			"</div></td></tr>";
		} else {
			$editform .= "<input type='hidden' name='specialaccess' value='$db_specialaccess' />";
		}
	} else {	//Content saved by user has always the (special-)access it had before
		if ($writeright) {
			$editform .= "<input type='hidden' name='access' value='$db_access' />".
			"<input type='hidden' name='specialaccess' value='$db_specialaccess' />";
		}
	}
	$editform .= "</table><div id='output'></div><br />";
	if ($db_modid==1 && $db_depth>0 && $writeright) {
		$csettings=explode(",",$db_settings);
		$csettings=array_map("intval",$csettings);
		
		//special content display options:
		$editform .= "<h3>$l_edit[lbl_cdisplay]</h3>".
		"<table cellspacing='0' width='100%'>".
		//show this article?
		"<tr><td class='left' width='60%'>$l_edit[lbl_showthis]</td><td class='left'>".
		//--yes
		"<input type='radio' class='middle' name='showthis' value='0' ";
		if ($csettings[0]===0 or $csettings[0]=="") { $editform .= "checked='checked' "; }
		$editform .= "/>$l_gen[lbl_yes]</td></tr>".
		//--preview
		"<tr><td></td><td class='left'><input type='radio' class='middle' name='showthis' value='1' ";
		if ($csettings[0]==1) { $editform .= "checked='checked' "; }
		$editform .= "/>$l_menu[lbl_preview]</td></tr>".
		//--no
		"<tr><td></td><td class='left'><input type='radio' class='middle' name='showthis' value='2' ";
		if ($csettings[0]==2) { $editform .= "checked='checked' "; }
		$editform .= "/>$l_gen[lbl_no]</td></tr>";
		$page->query("select * from site_content where parentid=$id limit 1");
		$children = $page->db->getdata();

		//show its children?
		$editform .= "<tr><td class='left'>$l_edit[lbl_showchildren]</td><td class='left'>".
		//--yes
		"<input type='radio' class='middle' name='showchildren' value='0' ";
		if (isset($csettings[1]) && $csettings[1]===0) { $editform .= "checked='checked' "; }
		$editform .= "/>$l_gen[lbl_yes]</td></tr>".
		//--preview
		"<tr><td></td><td class='left'><input type='radio' class='middle' name='showchildren' value='1' ";
		if (isset($csettings[1]) && $csettings[1]==1) { $editform .= "checked='checked' "; }
		$editform .= "/>$l_menu[lbl_preview]</td></tr>".
		//--no
		"<tr><td></td><td class='left'><input type='radio' class='middle' name='showchildren' value='2' ";
		if ((isset($csettings[1]) && $csettings[1]==2) or !isset($csettings[1])) { $editform .= "checked='checked' "; }
		$editform .= "/>$l_gen[lbl_no]</td></tr>".
		"</table><br /><br />".
		"<input type='hidden' name='modsettings' value='showthis,showchildren' />".
		
		//internal link
		"<a target='popup' onclick=\"window.open('','popup','width=250,height=500,".
		"scrollbars=yes,toolbar=no,status=no,resizable=no,menubar=no,location=no,".
		"directories=no,top=200,left=150')\" href='internallink.site.php' class='addlink'>".
		"$l_edit[lbl_intlink]</a><br />".
		// insert pictures
		"<a target='popup' onclick=\"window.open('','popup','width=500,height=500,".
		"scrollbars=yes,toolbar=no,status=no,resizable=no,menubar=no,location=no,".
		"directories=no,top=200,left=150')\" href='insertpictures.site.php' ".
		"class='addpicture'>$l_edit[lbl_pic]</a><br />".
		// insert files (download link)
		"<a target='popup' onclick=\"window.open('','popup','width=300,height=500,".
		"scrollbars=yes,toolbar=no,status=no,resizable=no,menubar=no,location=no,".
		"directories=no,top=200,left=150')\" href='insertfiles.site.php' ".
		"class='addfile'>$l_edit[lbl_file]</a><br />";
	}
	$editform .= "<div class='clr'></div></div>";
	//CKEditor
	if ($db_modid==1) {
		if ($db_depth>0) {
			if ($writeright) {
				$editform .= "<div class='ckeditor'>".
				"<textarea name='ckeditor' cols='80' rows='42' style='width:100%'>".
				$db_content.
				"</textarea>".
				//Links for switching ckeditor on/off
				"<a class='editorswitch' href=\"javascript:;\"".
				"onmousedown=\"CKEDITOR.replace('ckeditor');\">WYSIWYG</a>".
				
				"<a class='editorswitch' href=\"javascript:;\" onmousedown=\"CKEDITOR.instances.
				ckeditor.destroy();\">HTML</a>".
				"<div class='clr'></div>".
				"</div>".
				"<script type='text/javascript'>".
				"CKEDITOR.replace('ckeditor');".
				"</script>";
			} else {
				$editform .= "<div class='ckeditor'>$db_content</div>".
				"<input type='hidden' name='ckeditor' value='$db_content' />";
			}
		}		
	//Special Modsettings if they exist for this main module
	} elseif ($db_modid>1) {
		$editform .= "<div class='special_settings'>\n";
		$modsettings = mainmod_settingsform($db_modname,$db_settings,$db_content,$writeright,$editform);
		if ($writeright) {
			$editform .= "<input type='hidden' name='modsettings' value='$modsettings' />\n";
		}
		$editform .= "</div>\n";
	}
	if ($writeright) { $editform .= "</form>\n"; }
	$editform .= "<div class='clr'></div>\n".
	"\t</div>\n";
	
	return $editform;
}
//Modsettings form/////////////////////////////////////////////////////////////////////////////////
function mainmod_settingsform($modname,$modsettings,$content,$writeright,&$editform) {
	global $l_mods,$l_gen,$l_edit,$language;
	$editform.= "<h2>$l_mods[txt_spset]</h2>\n";
	$filename=PATH."/modules/$modname/backend.php";
	if (file_exists($filename)) {
		//look for matching language file of the module
		$langfile=PATH."/modules/$modname/languages/$language.php";
		$enfile=PATH."/modules/$modname/languages/en.php";
		if (file_exists($langfile)) { 
			include_once($langfile);
		} elseif (file_exists($enfile)) {
			include_once($enfile); 
		}
		//load module file
		include_once($filename);
		return $specialsettings;
	} else {
		$editform.= $l_mods["txt_nospset"];
		return false;
	}
}
//Save all/////////////////////////////////////////////////////////////////////////////////////////
function save_all($id) {
	global $l_edit,$page;
	$ok=0;
	if (save_contentsettings($id)) { $ok+=1; }
	if ($id==0) {
		$id = $page->db->next_autoincrement("site_content");
		$id -= 1;
	}
	if (save_content($id)) { $ok+=2; }
	if ($ok==3) { return array($l_edit["msg_save_ok"],"good"); }
	else { return array($l_edit["msg_save_err"],"bad"); }
}
//Save Settings////////////////////////////////////////////////////////////////////////////////////
function save_contentsettings($id) {
	global $mysession,$settings,$page;
	
	$error = false;
	//Data gathering///////////////////////////////////////////////////////////////////////////
	//current startpage
	$page->query("select `id` from site_content where `startpage`=1 limit 1");
	$result=$page->db->getdata();
	if (!empty($result)) { $oldstartpage=$result["id"]; } else { $oldstartpage=0; }
	
	//get array before escaping
	if (isset($_POST["spacc"])) {
		$specialaccessmenu=$_POST["spacc"];
	} else {
		$specialaccessmenu = false;
	}
	$post = escape($_POST);
	
	//get data from form
	$name=$post["name"];
	$treeid		= intval($post["treeid"]);
	$depth		= intval($post["depth"]);
	if ($depth>$settings["max_menudepth"]) { return false; }
	$parentid	= intval($post["parentid"]);
	$oldparentid	= intval($post["oldparentid"]);
	$oldorder	= intval($post["oldorder"]);
	if (isset($post["startpage"])) { $startpage = intval($post["startpage"]); } else { $startpage = 0; }
	$modid		= intval($post["modid"]);
	if ($modid == 0) { $modid = 1; }
	$modsettings	= $post["modsettings"];
	$access		= intval($post["access"]);
	if (isset($post["active"])) { $active = intval($post["active"]); } else { $active = 0; }
	//forbidden parentids:
	//--own id
	$forbidden=array();
	if ($id>0) {
		$forbidden[]=$id;
		$page->query("select id from site_content where `parentid`=$id");

		//--children's ids
		$result=$page->db->getdata_array();
		foreach ($result as $row) {
			$forbidden[]=$row["id"];
		}
	}
	if (in_array($parentid,$forbidden)) { return false; }
	//get specialaccess
	//--if the editor is an admin read from form
	if (isset($_POST["specialaccess"]) && $_POST["specialaccess"]=="on") {
		if (!empty($specialaccessmenu)) {
			$spacc=implode(",",$specialaccessmenu);
		}
	//--else read from database
	} else {
		$spacc="";
	}
	if ($spacc=="") { $spacc=null; }
	//get uid from session
	$uid=$mysession->user->uid;
	//special settings
	if ($modsettings && $modsettings!="") {
		$specialsave="";
		$modsettings=explode(",",$modsettings);
		//there are several options
		if (is_array($modsettings) && !empty($modsettings)) {
			//Go through each special settings option of the module
			foreach ($modsettings as $spset) {
				if (isset($_POST[$spset])) {
					$specialsave .= $_POST[$spset].",";
				} else {
					$specialsave .= ',';
				}
			}
			$specialsave=substr($specialsave,0,-1);
		//if there is only one option
		} else {
			$specialsave=$_POST[$modsettings];
		}
	} else {
		$specialsave=null;
	}

	//Find out treeid via parent if it has one or if it is a new item
	if ($parentid!=0 or $id==0) {
		//Get last item	with the same parent
		$sql="select `id`,`treeid`,`depth` from site_content where `parentid`=$parentid and `order`=".
		"(select max(`order`) from site_content where `parentid`=$parentid) limit 1";
		if (!$page->query($sql)) { $error=true; }
		$result=$page->db->getdata();
		
		//there is one
		if (is_array($result) && !empty($result)) {
			$treeid		= intval($result["treeid"]);
			$newdepth	= intval($result["depth"]);
			
		//the item to save will be an only child
		} else {
			if ($id>0) {
				$sql="select `treeid`,`depth` from site_content where `id`=$parentid limit 1";
				if (!$page->query($sql)) { $error=true; }
				$result=$page->db->getdata();
				$treeid		= intval($result["treeid"]);
				$newdepth	= intval($result["depth"])+1;
			} else {
				$newdepth	= $depth;
			}
		}
	} else {
		$newdepth = $depth;
	}
	
	//Begin transcation////////////////////////////////////////////////////////////////////////
	if (!$page->query("start transaction")) { $error=true; }

	//parent was changed
	if ($parentid!=$oldparentid or $id==0) {
		//find out new order
		$sql = "select max(`order`)+1 as neworder from site_content where `parentid`=$parentid limit 1";
		if (!$page->query($sql)) { $error=true; }
		$order = $page->db->getdata();
		$order = $order["neworder"];
		if ($order==0 or $order=="") { $order=1; }
		
		if ($id>0) {
			//update order of following elements in old position
			$sql = "update site_content set `order`=`order`-1 where `parentid`=$oldparentid and `order`>$oldorder";
			if (!$page->query($sql)) { $error=true; }

			//take children with item to new parent -> treeid,depth
			$sql="select distinct if(c2.id,1,0) as haschildren,c1.* from site_content as c1 ".
			"left join site_content c2 on (c2.parentid=c1.id or c2.treeid=c1.id) and c2.order=1";
			if (!$page->query($sql)) { $error=true; }

			$items = $page->db->getdata_array();
			$siblings=array();
			get_siblings_r($id,$items,$siblings,intval($newdepth+1));
			foreach ($siblings as $sid=>$sibling) {
				$sql="update site_content set `depth`=$sibling->depth,`treeid`=$treeid where `id`=$sid";
				if (!$page->query($sql)) { $error=true; break; }
			}
		}
	} else {
		$order=$oldorder;
	}
	//insert
	$insert=false;
	if ($id==0) {
		$sql="insert into site_content (`name`,`treeid`,`depth`,`parentid`,`order`,`active`,".
		"`startpage`,`modid`,`settings`,`access`,`specialaccess`,`uid`,`date_new`,".
		"`date_edit`,`views`) values ('$name',$treeid,$newdepth,$parentid,$order,$active,".
		"$startpage,$modid,'$specialsave',$access,'$spacc',$uid,now(),now(),0)";
		$insert=true;
	//update
	} else {
		$sql="update site_content set `name`='$name',`depth`=$newdepth,`parentid`=$parentid,`order`=$order,".
		"`treeid`=$treeid,`active`=$active,`startpage`=$startpage,`modid`=$modid,`settings`='$specialsave',".
		"`access`=$access,`specialaccess`='$spacc',`uid`=$uid,`date_edit`=now() where `id`=$id";
	}
	if ($page->query($sql)) {
		//site was set as startpage...
		if ($startpage==1) {
			//...and was not the startpage before
			if ($oldstartpage!=$id && $oldstartpage>0) {
				//unset old startpage
				$sql="update site_content set `startpage`=0 where `id`=$oldstartpage";
				if (!$page->query($sql)) { $error=true; }
			}
		}
		$return = true;
	} else {
		$error=true;
	}
	if (!$error) {
		$sql = 'commit';
	} else {
		$sql = 'rollback';
		$return=false;
	}
	while (1) {
		if ($page->query($sql)) { break; }
	}

	return $return;
}
//Save Content/////////////////////////////////////////////////////////////////////////////////////
function save_content($id) {	//content, date_edit
	global $controlchars,$page;
	
	$allowedTags="<a><b><i><u><p><hr><sub><sup><strong><em><strike><table><td><tr><th><cite>".
	"<h1><h2><h3><h4><h5><h6><img><li><ol><ul><span><div><br><blockquote><small><center>";
	$errors=0;
	if (isset($_POST["ckeditor"])) {
		$newtext = $_POST["ckeditor"];
		$newtext = strip_tags(stripslashes($newtext),$allowedTags);
		//replace absolute paths with relative paths to make the backups portable
		$absolute = URL.'/';
		$relative = '';
		//for downwards compatibility
		$relative_old1 = '../index.php';
		$relative_old2 = '../core/show.site.php';
		$relative_old3 = '../media';
		$relative_new1 = 'index.php';
		$relative_new2 = 'media';
		$newtext = str_replace($absolute, $relative, $newtext);
		$newtext = str_replace($relative_old1, $relative_new1, $newtext);
		$newtext = str_replace($relative_old2, $relative_new1, $newtext);
		$newtext = str_replace($relative_old3, $relative_new2, $newtext);
		if ($newtext=='') { $newtext=null; }
		$newdate = date('Y-m-d H:i:s',time());

		$newtext=escape($newtext);
		$sql = "update site_content set `content`='$newtext', `date_edit`='$newdate' where `id`=$id";
		if (!$page->query($sql)) { $errors=1; }
	}
	if ($errors==0) { return true; } else { return false; }
}
?>
Return current item: chillyCMS