Location: PHPKode > projects > EBA-News > admin/categories.php
<?php

// -------------------------------------------------------------
//
// FILENAME		: categories.php
// COPYRIGHT	: © 2003, 2004, 2005, 2006 Espen Andersson
// WWW				: http://ebascripts.com/
//
// -------------------------------------------------------------

define('ADMIN_DIR', './');

include_once ADMIN_DIR . 'includes/page_start.php';
include_once ADMIN_DIR . 'includes/top.php';

if ($_SESSION['sess_user_level'] < 3) {
	$auth->not_authorized();
}

$id = isset($_GET['id']) ? number_input($_GET['id']) : 0;
$parent_id = isset($_POST['sub-category']) ? number_input($_POST['sub-category']) : 0;
$page = isset($_GET['page']) ? number_input($_GET['page'], 1) : 1;

$expectedVars->check_get(array('page', 'act', 'id', 'sort', 'do'));
$expectedVars->check_post(array('submit', 'category_title', 'current_password', 'category_description', 'delete', 'allbox', 'sub-category', 'category_password'));

$category_title = $category_description = '';

echo '<div class="top"><div id="img">' . GenImage(ADMIN_DIR . 'templates/images/lang_' . LANGUAGE . '/top_administrate_categories.gif', lang('a_header_admin_categories')) . '</div></div>';

/*
	New category
*/

if ( (isset($_GET['act'])) && ($_GET['act'] == 'add') ) {
	$category_title = !isset($_POST['category_title']) || empty($_POST['category_title']) ? 'NULL' : '\'' . sql_input($_POST['category_title']) . '\'';
	$category_description = !isset($_POST['category_description']) || empty($_POST['category_description']) ? 'NULL' : '\'' . sql_input($_POST['category_description']) . '\'';

	if (remove_whitespace($category_title) == '') {
		echo GenInfoBox('admininfo', lang('a_admin_cat_empty_fields'));
	} else {
		$numrows = $sql_db->result($sql_db->query('SELECT COUNT(`id`) 
		  AS `count`
		  FROM `' . CATEGORIES_TABLE . '`
		  WHERE `category` = ' . $category_title . '
		  AND `parent_id` = \'' . $parent_id . '\'', __FILE__, __LINE__));

		if ($numrows > 0) {
			echo GenInfoBox('admininfo', lang('a_admin_cat_dublicate'));
		} else {
			$salt = $password = 'NULL';

			if (strlen($_POST['category_password']) > 0) {
				$salt = '\'' . gen_salt() . '\'';
				$password = '\'' . sha1($salt . sha1($_POST['category_password'] . $salt)) . '\'';
			}

			$sql_db->query('INSERT INTO `' . CATEGORIES_TABLE . '`
			  (`parent_id`, `category`, `description`, `password`, `salt`)
			  VALUES(\'' . $parent_id . '\', ' . $category_title . ',
			  ' . $category_description . ', ' . $password . ', ' . $salt . ')', __FILE__, __LINE__);

			redirect('categories.php');
		}
	}
}

/*
	Delete categories
*/

if ( (isset($_GET['act'])) && ($_GET['act'] == 'delete') ) {
	if ( (isset($_POST['delete'])) && (is_array($_POST['delete'])) ) {
		if (sizeof($_POST['delete']) > 0) {
			$query = 'DELETE FROM `' . CATEGORIES_TABLE . '`
			  WHERE ';

			foreach ($_POST['delete'] as $id) {
				if ($id != 1) { // uncategorized, cannot be removed
					$query .= ' `id` = \'' . $id . '\' OR';
				}
			}

			$query = substr($query, 0, -3);
			$result = $sql_db->query($query, __FILE__, __LINE__);

			$hits = $sql_db->result($sql_db->query('SELECT COUNT(`id`) AS `hits`
			  FROM `' . CATEGORIES_TABLE . '`', __FILE__, __LINE__));

			// auto_increment = 0, this could replace the query above if $hits == 0
			if ($hits == 0) {
				$sql_db->truncate(CATEGORIES_TABLE);
			}

			// Clean-up; remove all traces in database
			$query = 'SELECT `article_id`
			  FROM `' . ARTICLE_CATEGORIES_TABLE . '`
			  WHERE ';

			foreach ($_POST['delete'] as $id) {
				if ($id != 1) { // uncategorized, cannot be removed
					$query .= ' `cat_id` = \'' . $id . '\' OR';
				}
			}

			$query = substr($query, 0, -3);
			$result = $sql_db->query($query, __FILE__, __LINE__);
			$numrows = $sql_db->num_rows($result);

			if ($numrows > 0) {
				while ($row = $sql_db->fetch_object($result)) {
					$sql_db->query('DELETE FROM `' . ARTICLES_TABLE . '`
					  WHERE `id` = \'' . $row->news_id . '\'', __FILE__, __LINE__);
				}
			}

			$query = 'DELETE FROM `' . ARTICLE_CATEGORIES_TABLE . '`
			  WHERE ';

			foreach ($_POST['delete'] as $id) {
				if ($id != 1) { // uncategorized, cannot be removed
					$query .= ' `cat_id` = \'' . $id . '\' OR';
				}
			}

			$query = substr($query, 0, -3);
			$result = $sql_db->query($query, __FILE__, __LINE__);

			redirect('categories.php');
		}
	} else {
		redirect('categories.php');
	}
}

// User updates a category, the ID is validated and deleting has been confirmed
elseif ( (isset($_GET['act'])) && ($_GET['act'] == 'update') && ($id != 0) && (isset($_GET['do'])) && ($_GET['do'] == 1) ) {
	/*
		Get current info
	*/

	$result = $sql_db->query('SELECT `password`, `salt`
	  FROM `' . CATEGORIES_TABLE . '`
	  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

	$row = $sql_db->fetch_object($result);

	$new_password = $row->password;
	$salt = $row->salt;

	$post_current_password = sha1($salt . sha1($_POST['current_password'] . $salt));
	$check = false;

	if ($new_password == $post_current_password) {
		$check = true;
	} else {
		if ( (strlen($_POST['current_password']) == 0) && (strlen($new_password) == 0) ) {
			$check = true;
		}
	}

	$new_password = '\'' . $row->password . '\'';
	$salt = '\'' . $row->salt . '\'';

	if ($check == true) {
		$new_password = $salt = 'NULL';

		if (strlen($_POST['category_password']) > 0) {
			$salt = '\'' . gen_salt() . '\'';
			$new_password = '\'' . sha1($salt . sha1($_POST['category_password'] . $salt)) . '\'';
		}
	}

	$category_title = !isset($_POST['category_title']) || empty($_POST['category_title']) ? 'NULL' : '\'' . sql_input($_POST['category_title']) . '\'';
	$category_description = !isset($_POST['category_description']) || empty($_POST['category_description']) ? 'NULL' : '\'' . sql_input($_POST['category_description']) . '\'';

	$result = $sql_db->query('UPDATE `' . CATEGORIES_TABLE . '`
	  SET `category` = ' . $category_title . ',
	  `description` = ' . $category_description . ',
	  `parent_id` = \'' . $parent_id . '\',
	  `password` = ' . $new_password . ',
	  `salt` = ' . $salt . '
	  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

	redirect('categories.php');
}

$numrows = $sql_db->result($sql_db->query('SELECT COUNT(`id`) AS `count`
  FROM `' . CATEGORIES_TABLE . '`', __FILE__, __LINE__));

$start = $page_number = 1;
$page_url = $title = '';
$order_by = 'id';

if ($numrows == 0) {
	echo GenInfoBox('admininfo', lang('empty_table'));
} else {
	$page_number = ceil($numrows / ROWS_PER_PAGE);
	$start = ($page * ROWS_PER_PAGE) - ROWS_PER_PAGE;

	$order_by = order_by(isset($_GET['sort']), array('id', 'category', 'description'));
	$page_url = isset($_GET['page']) ? '&amp;page=' . $page . '' : '';

	if ( (isset($_GET['act'])) && ($_GET['act'] == 'update') && ($id != 0) ) {
		$result = $sql_db->query('SELECT *
		  FROM `' . CATEGORIES_TABLE . '`
		  WHERE `id` = \'' . $id . '\'', __FILE__, __LINE__);

		$row = $sql_db->fetch_object($result);

		$category_title = print_input_field($row->category);
		$category_description = print_input_field($row->description);
	}

	// Loop page numbers
	echo '<div id="page-number">' . GenImage(ADMIN_DIR . 'templates/images/page.gif', lang('select_page')) .
	  ' <strong>' . lang('select_page') . ':</strong> ' . generate_pagination('categories.php', $numrows, ROWS_PER_PAGE, $start)  . '</div>';

	$template = new Page(ADMIN_DIR . 'templates/category_top.tpl');

	$template->replace_tags(array('PAGE' => $page_url));
	$template->output_page();

	echo display_categories('', 0, true);

	$template = new Page(ADMIN_DIR . 'templates/category_bottom.tpl');
	$template->output_page();
}

if ( (isset($_GET['act'])) && ($_GET['act'] == 'update') && ($id != 0) ) {
	$cat_submit = '<input type="submit" name="submit" value="' . lang('a_b_update') . '" class="normal" />
	  <input type="reset" name="reset" value="' . lang('a_b_reset') . '" class="normal" />';
	$form_action = "categories.php?act=update&amp;id=$id&amp;do=1";
} else {
	$cat_submit = '<input type="submit" name="submit" value="' . lang('a_b_create') . '" class="normal" />
	  <input type="reset" name="reset" value="' . lang('a_b_clear') . '" class="normal" />';
	$form_action = 'categories.php?act=add';
}

$category_dropdown = '<select name="sub-category" id="subcategory">';
$category_dropdown .= '<option></option>';
$category_dropdown .= display_categories('', 0, false, array(), false, true, array(), $id);
$category_dropdown .= '</select>';

$template = new Page(ADMIN_DIR . 'templates/category_new.tpl');

if ( (isset($_GET['act'])) && ($_GET['act'] == 'update') && ($id != 0) ) {
	$title = lang('a_admin_cat_th_update_cat');
} else {
	$title = lang('a_admin_cat_th_new_cat');
}

$template->replace_tags(array(
  'INPUT_CATEGORY_SUBMIT_FORM' => $cat_submit,
  'CATEGORY_DROPDOWN' => $category_dropdown,
  'CATEGORY_TITLE' => $category_title,
  'FORM_ACTION' => $form_action,
  'CATEGORY_DESCRIPTION' => $category_description,
  'TITLE' => $title
));

$template->output_page();

include_once ADMIN_DIR . 'includes/bottom.php';

?>
Return current item: EBA-News