<?php
// ----------------------------------------------------------------------
// Copyright (c) 2007 by Tammy Keefer
// Based on eFiction 1.1
// Copyright (C) 2003 by Rebecca Smallwood.
// http://efiction.sourceforge.net/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// page template setup
$current = "stories";
if($_GET['action'] != "newchapter") $displayform = 1;
if($_GET['action'] == "newstory" || $_GET['action'] == "editstory") $current = "addstory";
include ("header.php");
$tpl = new TemplatePower( file_exists("$skindir/default.tpl") ? "$skindir/default.tpl" : "default_tpls/default.tpl");
$tpl->assignInclude( "header", "./$skindir/header.tpl" );
$tpl->assignInclude( "footer", "./$skindir/footer.tpl" );
include("includes/pagesetup.php");
include("includes/storyform.php");
// before doing anything else check if the visitor is logged in. If they are, check if they're an admin. If not, check that they're
// trying to edit/delete/etc. their own stuff then get the penname
if(!isMEMBER || ($submissionsoff && !isADMIN) || (!isADMIN && isset($uid))) accessDenied( );
if(!isADMIN || uLEVEL > 3) {
if(isset($chapid)) {
$result = dbquery("SELECT sid, uid FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid='$chapid' LIMIT 1");
if($result) list($sid, $author) = dbrow($result);
}
if(isset($sid)) {
$coauthors = array( );
$authorquery = dbquery("SELECT uid, rr, coauthors FROM ".TABLEPREFIX."fanfiction_stories WHERE sid='$sid' LIMIT 1");
$story = dbassoc($authorquery);
if($story['coauthors']) {
$cQuery = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '$sid'");
while($c = dbassoc($cQuery)) {
$coauthors[] = $c['uid'];
}
}
if($story['uid'] != USERUID && (is_array($coauthors) && !in_array(USERUID, $coauthors)) && !$story['rr']) accessDenied( );
}
}
else if(isADMIN && uLEVEL < 4 && isset($_GET['admin'])) {
$admin = 1;
$uid = isset($_GET['uid']) && isNumber($_GET['uid']) ? $_GET['uid'] : USERUID;
}
else {
$admin = 0;
$uid = USERUID;
}
function preview_story($stories) {
global $current, $new, $extendcats, $skindir, $catlist, $charlist, $classlist, $featured, $retired, $rr, $reviewsallowed, $star, $halfstar, $classtypelist, $dateformat, $ratingslist, $recentdays;
$count = 0;
if(file_exists("$skindir/listings.tpl")) $tpl = new TemplatePower( "$skindir/listings.tpl" );
else $tpl = new TemplatePower("default_tpls/listings.tpl");
if(count($stories['coauthors']) > 0) $stories['coauthors'] = 1;
$tpl->prepare( );
$tpl->newBlock("listings");
$tpl->newBlock("storyblock");
$tpl->assignGlobal("skindir", $skindir);
include("includes/storyblock.php");
$text = $tpl->getOutputContent( );
$count = 0;
if(!empty($stories['storytext'])) {
$text .= "<br /><br />";
if(isset($_GET['textsize'])) $textsize = $_GET['textsize'];
else $textsize = 0;
if(file_exists("./$skindir/viewstory.tpl")) $tpl = new TemplatePower("./$skindir/viewstory.tpl");
else $tpl = new TemplatePower(_BASEDIR."default_tpls/viewstory.tpl");
$tpl->prepare( );
include("includes/storyblock.php");
$tpl->assign("adminlinks", $adminlinks);
if($stories['inorder'] == 1 && !empty($stories['storynotes'])) {
$tpl->gotoBlock("_ROOT");
$tpl->newBlock("storynotes");
$tpl->assign( "storynotes", stripslashes($stories['storynotes']));
$tpl->gotoBlock("_ROOT");
}
if(!empty($stories['notes'])) {
$tpl->newBlock("notes");
$tpl->assign( "notes", $stories['notes']);
$tpl->gotoBlock("_ROOT");
}
if(!empty($stories['endnotes'])) {
$tpl->newBlock("endnotes");
$tpl->assign( "endnotes", $stories['endnotes']);
$tpl->gotoBlock("_ROOT");
}
$tpl->gotoBlock("_ROOT");
$tpl->assign("chaptertitle", $stories['chaptertitle']);
$tpl->assign("chapternumber", $stories['inorder']);
$tpl->assign( "story", "<span style=\"font-size: ".(100 + ($textsize * 20))."%;\">".format_story($stories['storytext'])."</span>" );
$text .= $tpl->getOutputContent( );
}
return $text;
}
// function to add new story to archives.
function newstory( ) {
global $autovalidate, $sid, $action, $sid, $store, $tpl, $admin, $sitename, $siteemail, $allowed_tags, $admincats, $alertson, $dateformat, $url, $minwords, $maxwords, $charlist, $catlist, $classtypelist;
$newchapter = $action == "newchapter";
$output = "<div id=\"pagetitle\">".($newchapter ? _ADDNEWCHAPTER : _ADDNEWSTORY)."</div>";
// to avoid problems with register globals and hackers declare variables and do some clean up.
if(isset($admin) && isset($_POST['uid']) && isNumber($_POST['uid'])) {
$uid = $_POST['uid'];
$author = dbquery("SELECT "._PENNAMEFIELD." FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
list($penname) = dbrow($author);
}
else {
$uid = USERUID;
$penname = USERPENNAME;
}
$title = isset($_POST['title']) ? descript(strip_tags($_POST['title'], $allowed_tags)) : "";
$summary = isset($_POST['summary']) ? replace_naughty(descript(strip_tags($_POST['summary'], $allowed_tags))) : "";
$storynotes = isset($_POST['storynotes']) ? descript(strip_tags($_POST['storynotes'], $allowed_tags)) : "";
$catid = isset($_POST['catid']) ? array_filter(explode(",", $_POST['catid']), "isNumber") : array( );
$charid = isset($_POST['charid']) ? array_filter($_POST['charid'], "isNumber") : array( );
$coauthors = isset($_POST['coauthors']) ? array_filter(explode(",", $_POST['coauthors']), "isNumber") : array( );
$classes = array( );
$classquery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_classtypes");
while($type = dbassoc($classquery)) {
if(isset($_POST["class_".$type['classtype_id']])) {
$opts = is_array($_POST["class_".$type['classtype_id']]) ? array_filter($_POST["class_".$type['classtype_id']], "isNumber") : "";
$classes = array_merge($opts, $classes);
}
}
$rid = isset($_POST['rid']) ? descript($_POST['rid']) : "";
$rr = isset($_POST['rr']) && isNumber($_POST['rr']) ? $_POST['rr'] : 0;
$feat = isset($_POST['feature']) && isNumber($_POST['feature']) ? $_POST['feature'] : 0;
$complete = isset($_POST['complete']) && isNumber($_POST['complete']) ? $_POST['complete'] : 0;
$validated = isset($_POST['validated']) && isNumber($_POST['validated']) ? $_POST['validated'] : 0;
$chaptertitle = isset($_POST['chaptertitle']) ? descript(strip_tags($_POST['chaptertitle'], $allowed_tags)) : "";
$notes = isset($_POST['notes']) ? strip_tags(descript($_POST['notes']), $allowed_tags) : "";
$endnotes = isset($_POST['endnotes']) ? strip_tags(descript($_POST['endnotes']), $allowed_tags) : "";
$story = "";
if(isset($_FILES['storyfile']['name']) && $_FILES['storyfile']['name']) {
if ($_FILES['storyfile']['type'] != 'text/html' && $_FILES['storyfile']['type'] != 'text/plain') {
$failed = _INVALIDUPLOAD;
$submit = _PREVIEW;
}
else {
$texts = file($_FILES['storyfile']['tmp_name']);
foreach ($texts as $text) {
if($_FILES['storyfile']['type'] == 'text/html') $story .= rtrim($text, "\n\r\t")." ";
else $story .= $text;
}
}
}
else if(isset($_POST['storytext'])) $story = $_POST['storytext'];
$storytext = descript(strip_tags($story, $allowed_tags));
$words_to_count = strip_tags($storytext);
$pattern = "/[^(\w|\d|\'|\"|\.|\!|\?|;|,|\\|\/|\-\-|:|\&|@)]+/";
$words_to_count = preg_replace ($pattern, " ", $words_to_count);
$words_to_count = trim($words_to_count);
$wordcount = count(explode(" ",$words_to_count));
$au[] = $uid;
if(count($coauthors)) {
$au = array_merge($au, $coauthors);
$coauthors = 1;
}
else $coauthors = 0;
// end variable declarations
if(isset($_POST['submit']) && $_POST['submit'] == _ADDSTORY && ((!$newchapter && (!$rid || !$title || !$summary || !$catid) || $storytext == "")))
$submit = _PREVIEW;
if (isset($_POST['submit'])) {
if(empty($failed)) $failed = "";
if(!$storytext) $failed .= "<br />"._NOSTORYTEXT;
if(!$newchapter && ($rid == "" || $title == "" || $summary == "" || !$catid)) $failed .= "<br />". _MISSINGFIELDS;
if(find_naughty($title)) $failed .= "<br />"._NAUGHTYWORDS;
if(($minwords && $wordcount < $minwords) || ($maxwords && $wordcount > $maxwords)) $failed .= "<br />"._WORDCOUNTFAILED;
$storyvalid = 0;
if($newchapter) {
$story = dbquery("SELECT sid, catid, title, summary, validated FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid'");
if(!dbnumrows($story)) $failed .= "<br />"._ERROR;
else {
list($sid, $categories, $storytitle, $summary, $storyvalid) = dbrow($story);
$catid = explode(",", $categories);
}
}
if(!empty($failed)) {
$output .= write_error($failed);
$submit = _PREVIEW;
}
}
if(isset($_POST['submit']) && $_POST['submit'] == _ADDSTORY && !isset($submit))
{
$result = dbquery("SELECT "._UIDFIELD." as uid, "._PENNAMEFIELD." as penname, "._EMAILFIELD." as email, validated FROM "._AUTHORTABLE.", ".TABLEPREFIX."fanfiction_authorprefs as ap WHERE "._UIDFIELD." = '$uid' AND ap.uid = "._UIDFIELD." LIMIT 1");
$user = dbassoc($result);
$authorpenname = $user['penname'];
if(!$validated && (($autovalidate && !isADMIN) || $user['validated'] || $storyvalid == 2)) $validated = 1;
else if(!$validated) $validated = 0;
if($admin && USERUID != $uid) {
if($admincats && !sizeof(array_intersect( $catid, explode(",", $admincats)))) {
$output .= write_error(_NOTAUTHORIZEDADMIN." "._TRYAGAIN);
return $output;
}
}
if($store == "mysql")
{
if(!$newchapter) {
$insert = dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_stories (title, summary, storynotes, catid, classes, charid, rid, date, updated, uid, validated, rr, completed, wordcount, featured, coauthors) VALUES ('".addslashes($title)."', '".addslashes(format_story($summary))."', '".addslashes(format_story($storynotes))."', '".($catid ? implode(",", $catid) : "")."', '".($classes? implode(",", $classes) : "")."', '".($charid ? implode(",", $charid) : "")."', '$rid', now(), now(), '$uid', '$validated', '$rr', '$complete', '$wordcount', '$feat', '$coauthors')");
$sid = dbinsertid( );
$inorder = 1;
}
else {
$inorder = $_GET['inorder'] + 1;
}
$query2 = dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_chapters (title, inorder, notes, endnotes, validated, wordcount, sid, uid, storytext) VALUES('".addslashes(($chaptertitle != "" ? $chaptertitle : $title))."', '$inorder', '".addslashes(format_story($notes))."', '".addslashes(format_story($endnotes))."', '$validated', '$wordcount', '$sid', '$uid', '".addslashes($storytext)."')");
if(!$admin) $output = write_message(_STORYADDED).viewstories( );
else $output .= write_message(_ACTIONSUCCESSFUL).editstory( $sid );
}
else if ($store == "files")
{
if(!$newchapter) {
$insertstory = dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_stories (title, summary, storynotes, catid, classes, charid, rid, date, updated, uid, validated, rr, completed, wordcount, featured, coauthors) VALUES ('".addslashes($title)."', '".addslashes(format_story($summary))."', '".addslashes(format_story($storynotes))."', '".($catid ? implode(",", $catid) : "")."', '".($classes ? implode(",", $classes) : "")."', '".($charid ? implode(",", $charid) : "")."', '$rid', now(), now(), '$uid', '$validated', '$rr', '$complete', '$wordcount', '$feat', '$coauthors')");
$sid = dbinsertid( );
$inorder = 1;
}
else {
$inorder = $_GET['inorder'] + 1;
}
$insertchapter = dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_chapters (title, inorder, notes, endnotes, validated, wordcount, sid, uid) VALUES('".addslashes(($chaptertitle != "" ? $chaptertitle : $title))."', '$inorder', '".addslashes(format_story($notes))."', '".addslashes(format_story($endnotes))."', '".($validated ? 1 : 0)."', '$wordcount', '$sid', '$uid')");
$chapid = dbinsertid( );
if( !file_exists("".STORIESPATH."/$uid/" ) )
{
mkdir("".STORIESPATH."/$uid/", 0755);
chmod("".STORIESPATH."/$uid/", 0777);
}
$handle = fopen("".STORIESPATH."/$uid/$chapid.txt", 'w');
if ($handle)
{
fwrite($handle, $storytext);
fclose($handle);
}
chmod("".STORIESPATH."/$uid/$chapid.txt", 0644);
if(($newchapter && $insertchapter != false) || $insertstory != false) {
if($newchapter) {
unset($_POST['submit']);
$output = write_message(_ACTIONSUCCESSFUL).editstory( $sid );
}
else {
unset($_POST['submit']);
if(!$admin) $output = write_message(_STORYADDED).viewstories( );
else $output .= write_message(_ACTIONSUCCESSFUL).editstory( $sid );
}
}
else $output .= write_error(_FATALERROR." "._TRYAGAIN);
}
if(!$newchapter) {
if(count($coauthors)) {
foreach($au AS $c) {
if($c == $uid) continue;
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_coauthors(`sid`, `uid`) VALUES('$sid', '$c')");
}
}
$codequery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_codeblocks WHERE code_type = 'addstory'");
while($code = dbassoc($codequery)) {
eval($code['code_text']);
}
}
$codequery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_codeblocks WHERE code_type = 'addchapter'");
while($code = dbassoc($codequery)) {
eval($code['code_text']);
}
// validate fic, send story alerts, and mail admins
if($validated) {
include("includes/emailer.php");
if(!isset($storytitle)) $storytitle = $title;
if(!$newchapter) {
foreach($catid as $cat) { categoryitems($cat, 1); }
if($alertson) {
$pennames[] = $penname;
$coQuery = dbquery("SELECT "._PENNAMEFIELD." AS penname FROM ".TABLEPREFIX."fanfiction_coauthors AS c LEFT JOIN "._AUTHORTABLE." ON "._UIDFIELD." = c.uid WHERE sid = '$sid'");
while($c = dbassoc($coQuery)) {
$pennames[] = $c['penname'];
}
$subject = _NEWSTORYAT.$sitename;
$mailtext = sprintf(_AUTHORALERTNOTE, $title, implode(", ", $pennames), $summary, $sid);
$favorites = dbquery("SELECT "._UIDFIELD." as uid, "._EMAILFIELD." as email, "._PENNAMEFIELD." as penname, alertson FROM ".TABLEPREFIX."fanfiction_favorites as fav, ".TABLEPREFIX."fanfiction_authorprefs as ap, "._AUTHORTABLE." WHERE FIND_IN_SET(fav.item,'".implode(",", $au)."') > 0 AND fav.type = 'AU' AND fav.uid = "._UIDFIELD." AND ap.uid = "._UIDFIELD." AND ap.alertson = '1'");
while($favuser = dbassoc($favorites)) {
sendemail($favuser['penname'], $favuser['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
}
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats SET stories = stories + 1");
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories + 1 WHERE FIND_IN_SET(uid, '".implode(",", $au)."') > 0");
}
else if($alertson && $newchapter) {
$pennames[] = $penname;
$coQuery = dbquery("SELECT "._PENNAMEFIELD." AS penname FROM ".TABLEPREFIX."fanfiction_coauthors AS c LEFT JOIN "._AUTHORTABLE." ON "._UIDFIELD." = c.uid WHERE sid = '$sid'");
while($c = dbassoc($coQuery)) {
$pennames[] = $c['penname'];
}
$titlequery = dbquery("SELECT title FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
list($title) = dbrow($titlequery);
$subject = _STORYALERT;
$mailtext = sprintf(_STORYALERTNOTE, $title, implode(", ", $pennames), $sid, $inorder);
$favorites = dbquery("SELECT "._UIDFIELD." as uid, "._EMAILFIELD." as email, "._PENNAMEFIELD." as penname, alertson FROM ".TABLEPREFIX."fanfiction_favorites as fav, ".TABLEPREFIX."fanfiction_authorprefs as ap, "._AUTHORTABLE." WHERE fav.item = '$sid' AND fav.type = 'ST' AND fav.uid = "._UIDFIELD." AND ap.uid = "._UIDFIELD." AND ap.alertson = '1'");
while($favuser = dbassoc($favorites)) {
sendemail($favuser['penname'], $favuser['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
}
$update = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET updated = NOW( ) WHERE sid = '$sid'");
list($chapters, $words) = dbrow(dbquery("SELECT COUNT(chapid), SUM(wordcount) FROM ".TABLEPREFIX."fanfiction_chapters WHERE validated > 0"));
list($authors) = dbrow(dbquery("SELECT COUNT(uid) FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE stories > 0"));
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats set wordcount = '$words', chapters = '$chapters', authors = '$authors'");
$count = dbquery("SELECT SUM(wordcount) as totalcount FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' AND validated = '1'");
list($totalcount) = dbrow($count);
if($totalcount) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET wordcount = '$totalcount' WHERE sid = '$sid'");
}
}
else {
$adminquery = dbquery("SELECT "._EMAILFIELD." as email, "._PENNAMEFIELD." as penname, contact,categories FROM ".TABLEPREFIX."fanfiction_authorprefs as ap, "._AUTHORTABLE." WHERE "._UIDFIELD." = ap.uid AND level > 0 AND level < 4");
if(empty($storytitle)) $storytitle = $title;
include("includes/emailer.php");
while($admins = dbassoc($adminquery)) {
global $sitename, $siteemail;
if($admins['contact'] == 1) {
if(!$admins['categories']) {
$subject = _NEWSTORYAT.$sitename;
$mailtext = sprintf(_NEWSTORYAT2, $storytitle, $authorpenname, $summary)."\n <a href='$url/admin.php?action=submitted'>$url/admin.php?action=submitted</a>";
$mailresult = sendemail($admins['penname'], $admins['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
else {
if(count(array_intersect($catid, explode(",", $admins['categories'])))) {
$subject = _NEWSTORYAT.$sitename;
$mailtext = sprintf(_NEWSTORYAT2, $storytitle, $authorpenname, $summary)."\n <a href='$url/admin.php?action=submitted'>$url/admin.php?action=submitted</a>";
sendemail($admins['penname'], $admins['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
}
}
}
}
return $output;
}
if($newchapter) {
$storyinfo = dbquery("SELECT s.*, UNIX_TIMESTAMP(s.updated) as updated, UNIX_TIMESTAMP(s.date) as date, "._PENNAMEFIELD." as penname FROM ".TABLEPREFIX."fanfiction_stories as s, "._AUTHORTABLE." WHERE "._UIDFIELD." = s.uid AND sid = '$sid' LIMIT 1");
$stories = dbassoc($storyinfo);
$uid = $stories['uid'];
$chapterquery = dbquery("SELECT COUNT(sid) FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid'");
list($inorder) = dbrow($chapterquery);
}
else {
$inorder = 0;
$stories['title'] = stripslashes($title);
$stories['summary'] = stripslashes($summary);
$stories['storynotes'] = stripslashes($storynotes);
$stories['catid'] = isset($catid) ? is_array($catid) ? implode(",", $catid) : $catid : "";
$stories['classes'] = isset($classes) && is_array($classes) ? implode(",", $classes) : $classes;
$stories['charid'] = isset($charid) ? is_array($charid) ? implode(",", $charid) : $charid : "";
$stories['coauthors'] = $au;
$stories['featured'] = $feat;
$stories['completed'] = $complete;
$stories['rid'] = $rid;
$stories['rr'] = $rr;
$stories['uid'] = $uid;
$stories['penname'] = $penname;
$stories['date'] = time( );
$stories['updated'] = time( );
$stories['sid'] = false;
$stories['rating'] = 0;
$stories['count'] = 0;
$stories['wordcount'] = $wordcount;
$stories['reviews'] = 0;
$stories['validated'] = 0;
}
if(!isADMIN || uLEVEL == 4) {
$rquery = dbquery("SELECT message_title, message_text FROM ".TABLEPREFIX."fanfiction_messages WHERE message_name = 'rules' LIMIT 1");
list($ruletitle, $ruletext) = dbrow($rquery);
$output .= "<div class=\"sectionheader\">$ruletitle</div>$ruletext";
}
if($storytext){
$stories['storytext'] = $storytext;
$stories['chaptertitle'] = $chaptertitle;
$stories['inorder'] = $inorder;
$stories['notes'] = $notes;
$stories['endnotes'] = $endnotes;
/*
$output .= "<div><span class=\"label\">"._CHAPTERTITLE.": </span> $chaptertitle</div>
<div><span class=\"label\">"._AUTHORSNOTES.":</span> ".format_story($notes)."</div>
<div><span class=\"label\">"._STORY.":</span><br />".format_story($storytext)."</div>
<div><span class=\"label\">"._ENDNOTES.":</span> ".format_story( $endnotes)."</div>";
*/
}
if(isset($_POST['submit']) || $newchapter) $output .= preview_story($stories);
$submit = isset($_POST['submit']) ? $_POST['submit'] : false;
if(!$submit) $submit = _PREVIEW;
$output .= "<div class=\"tblborder\" style=\"width: 500px; padding: 10px; margin: 1em auto;\">
<form METHOD=\"POST\" name=\"form\" enctype=\"multipart/form-data\" action='stories.php?action=$action".($newchapter ? "&sid=$sid&inorder=$inorder" : "").($admin == 1 ? "&admin=1&uid=$uid" : "")."'>";
if(!$newchapter) $output .= storyform($stories, $submit);
$output .= chapterform($inorder, $notes, $endnotes, $storytext, $chaptertitle, $uid);
$output .= "<div style=\"text-align: center;\"><input type=\"submit\" class=\"button\" value=\""._PREVIEW."\" name=\"submit\"> <input type=\"submit\" class=\"button\"
value=\""._ADDSTORY."\" name=\"submit\"></div></form></div>";
return $output;
}
// end newstory function
function viewstories( ) {
global $storiespath, $ratings, $autovalidate, $reviewsallowed, $sid, $chapid, $up, $down;
$output = "<div id=\"pagetitle\">"._MANAGESTORIES."</div>";
$go = isset($_GET['go']) ? $_GET['go'] : false;
$com = isset($_GET['com']) ? $_GET['com'] : false;
$hidechapters = isset($_GET["chapters"]) ? $_GET["chapters"] : false;
if(($go || $com) && $sid) {
$inorder = isset($_GET['inorder']) && isNumber($_GET['inorder']) ? $_GET['inorder'] : false;
if($inorder && $chapid) {
if($go == "up") $oneabove = $inorder - 1;
else $oneabove = $inorder + 1;
dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET inorder = '$inorder' WHERE sid = '$sid' and inorder = '$oneabove'");
dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET inorder = '$oneabove' WHERE chapid = '$chapid'");
}
if($com) dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET completed = ".($com == "yes" ? "1" : "0")." WHERE sid = '$sid'");
}
$output .= "<p style=\"text-align: right; margin: 1em;\"><a href=\"stories.php?action=viewstories&chapters=".($hidechapters != "view" ? "view\">"._VIEWCHAPTERS : "hide\">"._HIDECHAPTERS)."</a></p>
<div style=\"width: 90%; margin: 0 auto;\"><table cellpadding=\"3\" cellspacing=\"0\" width=\"100%\" class=\"tblborder\"><tr><th class=\"tblborder\">"._STORIES."</th><th colspan=\"3\" class=\"tblborder\">"._OPTIONS."</th>".($reviewsallowed ? "<th class=\"tblborder\">"._REVIEWS."</th>" : "").($autovalidate ? "" : "<th class=\"tblborder\">"._VALIDATED."</th>")."<th class=\"tblborder\">"._READS."</th></tr>";
$sresult = dbquery("SELECT stories.sid, title, reviews, rating, completed, validated, featured, count FROM ".TABLEPREFIX."fanfiction_stories AS stories LEFT JOIN ".TABLEPREFIX."fanfiction_coauthors AS coauth ON stories.sid = coauth.sid WHERE stories.uid = '".USERUID."' OR coauth.uid = '".USERUID."' ORDER BY title");
$stories = dbnumrows($sresult);
while($story = dbassoc($sresult)) {
$query2 = dbquery("SELECT chapid, title, inorder, rating, reviews, validated, count FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '".$story['sid']."' ORDER BY inorder");
$chapters = dbnumrows($query2);
$output .= "<tr><td class=\"tblborder\"><a href=\"viewstory.php?sid=".$story['sid']."\">".stripslashes($story['title'])."</a> ".ratingpics($story['rating'])." <strong>"._COMPLETE.":</strong> <a href=\"stories.php?action=viewstories&sid=".$story['sid']."&com=".$story['completed']."\"><a href=\"stories.php?action=viewstories&sid=".$story['sid']."&com=".($story['completed'] == 1 ? "no\">"._YES : "yes\">"._NO)."</a></td>
<td class=\"tblborder\" colspan=\"3\"><a href=\"stories.php?action=editstory&sid=".$story['sid']."\">"._EDIT."</a> - <a href=\"stories.php?action=delete&sid=".$story['sid']."\">"._DELETE."</a> - <a href=\"stories.php?action=newchapter&sid=".$story['sid']."&inorder=$chapters\">"._ADDNEWCHAPTER."</a></td>
";
if($reviewsallowed) $output .= "<td class=\"tblborder\" align=\"center\">".($story['reviews'] ? "<a href=\"reviews.php?type=ST&item=".$story['sid']."\">".$story['reviews']."</a>" : "0")."</td>";
if(!$autovalidate) $output .= "<td class=\"tblborder\" align=\"center\">".($story['validated'] > 0 ? _YES : _NO)."</td>";
$output .= "<td class=\"tblborder\" align=\"center\">".($story['count'] ? $story['count'] : "0")."</td></tr>";
if($hidechapters && $hidechapters != "hide") {
while($chapter = dbassoc($query2)) {
$output .="<tr><td class=\"tblborder\"> <a href=\"viewstory.php?sid=".$story['sid']."&chapter=".$chapter['inorder']."\">$chapter[title]</a></td>";
if($chapters > 1) $output .= "<td class=\"tblborder\" align=\"center\"><a href=\"stories.php?action=viewstories&go=up&sid=".$story['sid']."&chapid=".$chapter['chapid']."&inorder=".$chapter['inorder']."&chapters=view\">$up</a></td>
<td class=\"tblborder\" align=\"center\"><a href=\"stories.php?action=viewstories&go=down&sid=".$story['sid']."&chapid=".$chapter['chapid']."&inorder=".$chapter['inorder']."&chapters=view\">$down</a></td>";
$output .= "<td class=\"tblborder\"".($chapters > 1 ? "" : "colspan=\"3\"")."><a href=\"stories.php?action=editchapter&chapid=".$chapter['chapid']."\">"._EDIT."</a>";
if($chapters > 1) $output .= " - <a href=\"stories.php?action=delete&chapid=".$chapter['chapid']."&sid=".$story['sid']."\">"._DELETE."</a>";
$output .= "</td><td class=\"tblborder\" align=\"center\">";
if($reviewsallowed) $output .= ($chapter['reviews'] ? "<a href=\"reviews.php?type=ST&item=".$story['sid']."&chapid=".$chapter['chapid']."\">".$chapter['reviews']."</a>" : "0");
if(!$autovalidate) $output .= "</td><td class=\"tblborder\" align=\"center\">".($chapter['validated'] > 0 ? _YES : _NO);
$output .= "<td class=\"tblborder\" align=\"center\">".$chapter['count']."</td></tr>";
}
}
}
$output .= "</table></div>";
if($stories < 1) $output .= write_message(_NORESULTS);
$output .= write_message("<a href='stories.php?action=newstory'>"._ADDNEWSTORY."</a>");
return $output;
}
// end viewstories function
function editchapter( $chapid ) {
global $tpl, $chapid, $store, $alertson, $storiespath, $admin, $tinyMCE, $allowed_tags, $sid, $logging;
$output = "<div id=\"pagetitle\">"._EDITCHAPTER."</div>";
// get variables from $_POST
if(isset($_POST['submit'])) {
$chaptertitle = strip_tags(descript($_POST["chaptertitle"]), $allowed_tags);
$notes = strip_tags(descript($_POST["notes"]), $allowed_tags);
$endnotes = strip_tags(descript($_POST["endnotes"]), $allowed_tags);
if(!empty($_FILES['storyfile']['name'])) {
if ($_FILES['storyfile']['type'] != 'text/html' && $_FILES['storyfile']['type'] != 'text/plain') {
$failed = _INVALIDUPLOAD;
$submit = _PREVIEW;
}
else {
$texts = file($_FILES['storyfile']['tmp_name']);
foreach ($texts as $text) {
if($_FILES['storyfile']['type'] == 'text/html') $story .= rtrim($text, "\n\r\t")." ";
else $story .= $text;
}
}
}
else if(isset($_POST['storytext'])) $story = $_POST['storytext'];
$storytext = strip_tags(descript($story), $allowed_tags);
$inorder = $_POST["inorder"];
$words_to_count = strip_tags($storytext);
$pattern = "/[^(\w|\d|\'|\"|\.|\!|\?|;|,|\\|\/|\-\-|:|\&|@)]+/";
$words_to_count = preg_replace ($pattern, " ", $words_to_count);
$words_to_count = trim($words_to_count);
$wordcount = count(explode(" ",$words_to_count));
}
else {
}
if(isset($_POST['submit']) && $_POST['submit'] == _ADDSTORY) {
if(!$chaptertitle || !$storytext ) $submit == _PREVIEW;
else {
if($admin && empty($_POST["uid"])) {
$result2 = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
$user = dbassoc($result2);
$uid = $user['uid'];
}
else if(isset($_POST['uid']) && isNumber($_POST['uid'])) {
$uid = $_POST['uid'];
}
else $uid= USERUID;
if($store == "mysql") {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET uid = '$uid', title = '".addslashes($chaptertitle)."', notes = '".addslashes($notes)."', endnotes = '".addslashes($endnotes)."', wordcount = '$wordcount', storytext = '".addslashes($storytext)."' WHERE chapid = '$chapid' LIMIT 1");
}
else if($store == "files"){
$updatequery = dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET uid = '$uid', title = '".addslashes($chaptertitle)."', notes = '".addslashes($notes)."', endnotes = '".addslashes($endnotes)."', wordcount = '$wordcount' WHERE chapid = '$chapid' LIMIT 1");
if( !file_exists( STORIESPATH."/$uid/" ) )
{
mkdir(STORIESPATH."/$uid", 0755);
chmod(STORIESPATH."/$uid", 0777);
}
$handle = fopen(STORIESPATH."/$uid/$chapid.txt", 'w+');
if ($handle)
{
fwrite($handle, descript($storytext));
fclose($handle);
$storytext = "";
}
}
// Check that the chapter has been validated before updating the word count of the story.
$validquery = dbquery("SELECT validated, sid FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
list($valid, $sid) = dbrow($validquery);
if($valid) {
$count = dbquery("SELECT SUM(wordcount) as totalcount FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid'");
list($totalcount) = dbrow($count);
if($totalcount) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET wordcount = '$totalcount' WHERE sid = '$sid'");
}
}
$codequery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_codeblocks WHERE code_type = 'editchapter'");
while($code = dbassoc($codequery)) {
eval($code['code_text']);
}
if($admin && $logging && USERUID != $uid) {
$storyinfo = dbquery("SELECT story.title, story.sid, chapter.uid, chapter.inorder, "._PENNAMEFIELD." as penname FROM ".TABLEPREFIX."fanfiction_stories as story, ".TABLEPREFIX."fanfiction_chapters as chapter, "._AUTHORTABLE." WHERE "._UIDFIELD." = chapter.uid AND story.sid = chapter.sid AND chapter.chapid = $chapid");
list($title, $sid, $chapuid, $inorder, $chappenname) = dbrow($storyinfo);
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_LOG_ADMIN_EDIT_CHAPTER, USERPENNAME, USERUID, $title, $sid, $chappenname, $chapuid, $inorder))."', '".USERUID."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'ED')");
}
unset($_POST['submit']);
$output = write_message(_STORYUPDATED).editstory($sid);
$tpl->assign( "output", $output );
$tpl->printToScreen( );
dbclose( );
exit( );
}
}
$output .= "<div class=\"tblborder\" style=\"width: 550px; margin: 0 auto; padding: 5px;\">
<form METHOD=\"POST\" enctype=\"multipart/form-data\" name=\"form\" action=\"stories.php?action=editchapter&chapid=$chapid".($admin ? "&admin=1" : "")."\">";
if(!isset($_POST['submit']) || $_POST['submit'] != _PREVIEW) {
$storyquery = dbquery("SELECT title, inorder, notes, endnotes, uid, storytext, sid FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
$story = dbassoc($storyquery);
$chaptertitle = stripslashes($story["title"]);
$storytext = $story["storytext"];
$inorder = $story["inorder"];
$notes = stripslashes($story["notes"]);
$endnotes = stripslashes($story["endnotes"]);
$sid = $story["sid"];
if($store == "mysql") $storytext = $story['storytext'];
else {
if($out = fopen (STORIESPATH."/".$story['uid']."/$chapid.txt", "r"))
while (!feof($out)) {
$storytext .= fgets($out, 10000);
}
}
$submit = _PREVIEW;
$output .= chapterform($inorder, $notes, $endnotes, stripslashes($storytext), $chaptertitle, $story['uid']);
}
else {
if(isset($failed)) $output .= write_message($failed);
$output .= "<span class='label'>"._TITLE.":</span> $chaptertitle<br />
<span class='label'>"._AUTHORSNOTES.":</span> $notes<br />
<hr><br />".format_story($storytext)."<hr>
<span class='label'>"._ENDNOTES.":</span> $endnotes<br />";
$output .= chapterform($inorder, $notes, $endnotes, $storytext, $chaptertitle, (isset($_POST['uid']) ? $_POST['uid'] : false));
$submit = $_POST['submit'];
}
$output .= "<p><input type=\"hidden\" name=\"sid\" value=\"$sid\"><input type=\"hidden\" name=\"inorder\" value=\"$inorder\"><input type=\"submit\" class=\"button\" value=\"$submit\" name=\"submit\"> <input type=\"submit\" class=\"button\" value=\""._ADDSTORY."\" name=\"submit\"></p></form></div>";
return $output;
}
// end editchapter function
function editstory($sid) {
global $tpl, $storiespath, $store, $allowed_tags, $uid, $admin, $tinyMCE, $up, $down, $dateformat, $classtypelist, $logging, $alertson;
$output = "<div id=\"pagetitle\">"._EDITSTORY."</div>";
if(isset($admin) && isset($uid)) {
$author = dbquery("SELECT "._PENNAMEFIELD." FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
$authorvalid = 1; // It's an admin edit so it's valid.
list($penname) = dbrow($author);
}
else {
$valid = dbquery("SELECT validated FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE uid = '".USERUID."' LIMIT 1");
list($authorvalid) = dbrow($valid);
$uid = USERUID;
$penname = USERPENNAME;
}
if(isset($_POST['submit'])) {
$title = isset($_POST['title']) ? strip_tags(descript($_POST['title']), $allowed_tags) : "";
$summary = isset($_POST['summary']) ? strip_tags(descript($_POST['summary']), $allowed_tags) : "";
$storynotes = strip_tags(descript($_POST['storynotes']), $allowed_tags);
$rr = isset($_POST['rr']) && isNumber($_POST['rr']) ? $_POST['rr'] : 0;
$feat = isset($_POST['feature']) && isNumber($_POST['feature']) ? $_POST['feature'] : 0;
$complete = isset($_POST['complete']) && isNumber($_POST['complete']) ? $_POST['complete'] : 0;
$validated = isset($_POST['validated']) && isNumber($_POST['validated']) ? $_POST['validated'] : 0;
$chaptertitle = isset($_POST['chaptertitle']) ? descript(strip_tags($_POST['chaptertitle'], $allowed_tags)) : "";
$notes = isset($_POST['notes']) ? strip_tags(descript($_POST['notes']), $allowed_tags) : "";
$endnotes = isset($_POST['endnotes']) ? strip_tags(descript($_POST['endnotes']), $allowed_tags) : "";
$rid = isset($_POST['rid']) && isNumber($_POST['rid']) ? $_POST['rid'] : 0;
$catid = isset($_POST['catid']) ? array_filter(explode(",", $_POST['catid']), "isNumber") : array( );
$charid = isset($_POST['charid']) ? array_filter($_POST['charid'], "isNumber") : array( );
$coauthors = isset($_POST['coauthors']) ? array_filter(explode(",", $_POST['coauthors']), "isNumber") : array( );
if(isset($_POST['uid']) && isNumber($_POST['uid'])) $uid = $_POST['uid'];
else $uid = USERUID;
$classes = array( );
$classquery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_classtypes");
while($type = dbassoc($classquery)) {
if(isset($_POST["class_".$type['classtype_id']])) {
$opts = is_array($_POST["class_".$type['classtype_id']]) ? array_filter($_POST["class_".$type['classtype_id']], "isNumber") : "";
$classes = array_merge($opts, $classes);
}
}
if(!$admin && $authorvalid && !$validated) $validated = 2;
$au[] = $uid;
if(count($coauthors)) {
$au = array_merge($au, $coauthors);
$coauthors = 1;
}
else $coauthors = 0;
}
if(isset($_POST['submit']) && $_POST['submit'] == _ADDSTORY) {
$oldcats = isset($_POST['oldcats']) ? array_filter(explode(",", $_POST['oldcats']), "isNumber") : array( );
if (!$rid || !$title || !$summary || !$catid) {
$output .= write_error(_MISSINGFIELDS);
$submit = _PREVIEW;
}
else {
// Change author of story.
if($admin) {
$authquery = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '".$sid."'");
list($olduid) = dbrow($authquery);
if($olduid != $uid) {
if($store == "files") {
$chapters = dbquery("SELECT chapid FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' AND uid = '$olduid'");
while($chap = dbassoc($chapters)) {
$chapid = $chap['chapid'];
$storytext = "";
if($out = fopen (STORIESPATH."/$olduid/$chapid.txt", "r"))
while (!feof($out)) {
$storytext .= fgets($out, 10000);
}
fclose($out);
unlink(STORIESPATH."/$olduid/$chapid.txt");
if($storytext) {
if( !file_exists( STORIESPATH."/$uid/" ) ) {
mkdir(STORIESPATH."/$uid", 0755);
chmod(STORIESPATH."/$uid", 0777);
}
$handle = fopen(STORIESPATH."/$uid/$chapid.txt", 'w');
if ($handle) {
fwrite($handle, $storytext);
fclose($handle);
}
chmod(STORIESPATH."/$uid/$chapid.txt", 0644);
}
dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET uid = '$uid' WHERE chapid = '$chapid' LIMIT 1");
}
}
else $chapupdate = dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET uid = '$uid' WHERE sid = '$sid' AND uid = '$olduid'");
$switch = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET uid = '$uid' WHERE sid = '$sid' LIMIT 1");
if($logging) {
$authorquery = dbquery("SELECT "._PENNAMEFIELD." as penname FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$olduid' LIMIT 1");
list($oldpenname) = dbrow($authorquery);
$author2query = dbquery("SELECT "._PENNAMEFIELD." as penname FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
list($newpenname) = dbrow($author2query);
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_LOG_ADMIN_EDIT_AUTHOR, USERPENNAME, USERUID, $title, $sid, $newpenname, $uid, $oldpenname, $olduid))."', '".USERUID."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'ED')");
}
}
}
// End change author of story
$oldinfo = dbquery("SELECT title, validated, featured, catid FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
list($storytitle, $oldvalid, $oldfeat, $oldcats ) = dbrow($oldinfo);
$oldcats = explode(",", $oldcats);
if($validated) {
if(!$oldvalid) {
include("includes/emailer.php");
list($newchapter) = dbrow(dbquery("SELECT validated FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' AND inorder = '1'"));
if(!$newchapter) {
if($alertson) {
$pennames[] = $penname;
$coQuery = dbquery("SELECT "._PENNAMEFIELD." AS penname FROM ".TABLEPREFIX."fanfiction_coauthors AS c LEFT JOIN "._AUTHORTABLE." ON "._UIDFIELD." = c.uid WHERE sid = '$sid' ");
while($c = dbassoc($coQuery)) {
$pennames[] = $c['penname'];
}
$subject = _NEWSTORYAT;
$mailtext = sprintf(_AUTHORALERTNOTE, $title, implode(", ", $pennames), $summary, $sid);
$favorites = dbquery("SELECT "._UIDFIELD." as uid, "._EMAILFIELD." as email, "._PENNAMEFIELD." as penname, alertson FROM ".TABLEPREFIX."fanfiction_favorites as fav, ".TABLEPREFIX."fanfiction_authorprefs as ap, "._AUTHORTABLE." WHERE fav.item = $uid AND fav.type = 'AU' AND fav.uid = "._UIDFIELD." AND ap.uid = "._UIDFIELD." AND ap.alertson = '1'");
while($favuser = dbassoc($favorites)) {
sendemail($favuser['penname'], $favuser['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
}
}
else if($alertson && $newchapter) {
$pennames[] = $penname;
$coQuery = dbquery("SELECT "._PENNAMEFIELD." AS penname FROM ".TABLEPREFIX."fanfiction_coauthors AS c LEFT JOIN "._AUTHORTABLE." ON "._UIDFIELD." = c.uid WHERE sid = '$sid'");
while($c = dbassoc($coQuery)) {
$pennames[] = $c['penname'];
}
$titlequery = dbquery("SELECT title FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
list($title) = dbrow($titlequery);
list($inorder) = dbrow(dbquery("SELECT inorder FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' ORDER BY inorder DESC LIMIT 1"));
$subject = _STORYALERT;
$mailtext = sprintf(_STORYALERTNOTE, $storytitle, implode(", ", $pennames), $sid, $inorder);
$favorites = dbquery("SELECT "._UIDFIELD." as uid, "._EMAILFIELD." as email, "._PENNAMEFIELD." as penname, alertson FROM ".TABLEPREFIX."fanfiction_favorites as fav, ".TABLEPREFIX."fanfiction_authorprefs as ap, "._AUTHORTABLE." WHERE fav.item = '$sid' AND fav.type = 'ST' AND fav.uid = "._UIDFIELD." AND ap.uid = "._UIDFIELD." AND ap.alertson = '1'");
while($favuser = dbassoc($favorites)) {
sendemail($favuser['penname'], $favuser['email'], $sitename, $siteemail, $subject, $mailtext, "html");
}
}
$update = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET validated = '$validated', updated = NOW( ) WHERE sid = '$sid'");
$update2 = dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET validated = 1 WHERE sid = '$sid'");
$coauths = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '$sid'");
while($c = dbassoc($coauths)) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories + 1 WHERE uid = '".$c['uid']."'");
}
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories + 1 WHERE uid = '$uid'");
$count = dbquery("SELECT SUM(wordcount) as totalcount FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' AND validated = '1'");
list($totalcount) = dbrow($count);
if($totalcount) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET wordcount = '$totalcount' WHERE sid = '$sid'");
}
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats SET stories = stories + 1");
}
else if($validated == 2) {
$update = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET validated = '$validated' WHERE sid = '$sid'");
$update2 = dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET validated = 1 WHERE sid = '$sid'");
$count = dbquery("SELECT SUM(wordcount) as totalcount FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' AND validated = '1'");
list($totalcount) = dbrow($count);
if($totalcount) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET wordcount = '$totalcount' WHERE sid = '$sid'");
}
}
$newcats = array_diff($catid, $oldcats);
foreach($newcats as $cat) { categoryitems($cat, 1); }
$delcats = array_diff($oldcats, $catid);
foreach($delcats as $cat) { categoryitems($cat, -1); }
}
else if($admin && !$validated && $oldvalid > 0) {
foreach($oldcats as $cat) { categoryitems($cat, -1); }
$update = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET validated = '0' WHERE sid = '$sid'");
$update2 = dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET validated = 0 WHERE sid = '$sid'");
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats SET stories = stories - 1");
$coauths = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '$sid'");
while($c = dbassoc($coauths)) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories - 1 WHERE uid = '".$c['uid']."'");
}
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories - 1 WHERE uid = '$uid'");
list($chapters, $words) = dbrow(dbquery("SELECT COUNT(chapid), SUM(wordcount) FROM ".TABLEPREFIX."fanfiction_chapters WHERE validated > 0"));
list($authors) = dbrow(dbquery("SELECT COUNT(uid) FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE stories > 0"));
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats set wordcount = '$words', chapters = '$chapters', authors = '$authors'");
}
else if(!$admin) $validated = $oldvalid;
if(!$admin && $oldfeat != $feat) $feat = $oldfeat;
// Update the site stats
list($chapters, $words) = dbrow(dbquery("SELECT COUNT(chapid), SUM(wordcount) FROM ".TABLEPREFIX."fanfiction_chapters WHERE validated > 0"));
list($authors) = dbrow(dbquery("SELECT COUNT(uid) FROM ".TABLEPREFIX."fanfiction_authorprefs WHERE stories > 0"));
dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats set wordcount = '$words', chapters = '$chapters', authors = '$authors'");
$updatequery = dbquery("UPDATE ".TABLEPREFIX."fanfiction_stories SET title = '".addslashes($title)."', summary = '".addslashes(format_story($summary))."', storynotes = '".addslashes(format_story($storynotes))."', rr = '".($rr ? 1 : 0)."', completed = '".($complete ? 1 : 0)."', validated = '$validated', rid = '$rid', classes = '".(is_array($classes) ? implode(",", $classes) : $classes)."', charid = '".(is_array($charid) ? implode(",", $charid) : $charid)."', catid = '".(is_array($catid) ? implode(",", $catid) : $catid)."', coauthors = '".(is_array($coauthors) ? implode(",", $coauthors) : $coauthors)."', featured = '$feat' WHERE sid = '$sid'");
$clist = array( );
$coauths = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '$sid'");
while($c = dbassoc($coauths)) {
$clist[] = $c['uid'];
}
foreach($au AS $a) {
if($a == $uid) continue;
if(!in_array($a, $clist)) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories + 1 WHERE uid = '$a'");
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_coauthors(`sid`, `uid`) VALUES('$sid', '$a')");
}
}
foreach($clist AS $c) {
if(!in_array($c, $au)) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_authorprefs SET stories = stories - 1 WHERE uid = '$c'");
dbquery("DELETE FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '$sid' AND uid = '$c'");
}
}
$codequery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_codeblocks WHERE code_type = 'editstory'");
while($code = dbassoc($codequery)) {
eval($code['code_text']);
}
if($logging && $admin) {
if(USERUID != $uid) { // If you're editing your own story, don't log it.
$authorquery = dbquery("SELECT "._PENNAMEFIELD." as penname FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
list($penname) = dbrow($authorquery);
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_LOG_ADMIN_EDIT, USERPENNAME, USERUID, $title, $sid, $penname, $uid))."', '".USERUID."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'ED')");
}
}
$output .= write_message(_STORYUPDATED." ".($admin ? _BACK2ADMIN : _BACK2ACCT));
$tpl->assign( "output", $output );
$tpl->printToScreen( );
dbclose( );
exit( );
}
}
$query = dbquery("SELECT DATE_FORMAT(date, '$dateformat') as date, wordcount, uid FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
list($published, $wordcount, $storyuid) = dbrow($query);
$formbegin = "<div class=\"tblborder\" style=\"margin: 10px auto; width: 550px; padding: 10px;\">
<form METHOD=\"POST\" name=\"form\" action=\"stories.php?action=editstory".($admin ? "&admin=1" : "")."&sid=$sid\">";
if(isset($_POST['submit']) && $_POST['submit'] != _PREVIEW) {
$submit = _PREVIEW;
$storyquery = dbquery("SELECT title, summary, storynotes, rr, completed, rid, classes, charid, catid, featured, uid, coauthors, UNIX_TIMESTAMP(date) as date FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
$story = dbassoc($storyquery);
$output .= $formbegin.storyform($story, $preview);
$output .= "<input type=\"hidden\" name=\"oldcats\" value =\"".$story['catid']."\">";
}
else {
$submit = _PREVIEW;
$storyinfo = dbquery("SELECT s.*, UNIX_TIMESTAMP(s.date) as date, UNIX_TIMESTAMP(s.updated) as updated, "._PENNAMEFIELD." as penname FROM ".TABLEPREFIX."fanfiction_stories as s, "._AUTHORTABLE." WHERE "._UIDFIELD." = s.uid AND sid = '$sid' LIMIT 1");
$stories = dbassoc($storyinfo);
if($stories['coauthors'] && !isset($_POST['submit'])) {
$au = array();
$coauths = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_coauthors WHERE sid = '".$stories['sid']."'");
while($c = dbassoc($coauths)) {
$au[] = $c['uid'];
}
$stories['coauthors'] = $au;
}
if(isset($_POST['submit'])) {
$stories['title'] = stripslashes($title);
$stories['summary'] = stripslashes($summary);
$stories['storynotes'] = stripslashes($storynotes);
$stories['catid'] = isset($catid) ? is_array($catid) ? implode(",", $catid) : $catid : "";
$stories['classes'] = isset($classes) && is_array($classes) ? implode(",", $classes) : $classes;
$stories['charid'] = isset($charid) ? is_array($charid) ? implode(",", $charid) : $charid : "";
$stories['coauthors'] = $au;
$stories['featured'] = $feat;
$stories['completed'] = $complete;
$stories['rid'] = $rid;
$stories['rr'] = $rr;
$stories['uid'] = $uid;
$stories['wordcount'] = $wordcount;
}
$output .= preview_story($stories);
$output .= $formbegin.storyform($stories, _PREVIEW);
}
$chapquery = dbquery("SELECT chapid, title, inorder, rating, reviews, validated, uid FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid' ORDER BY inorder");
$chapters = dbnumrows($chapquery);
$output .= "<p><input type=\"submit\" class=\"button\" value=\"$submit\" name=\"submit\"> <input type=\"submit\" class=\"button\" value=\""._ADDSTORY."\" name=\"submit\"></p></form></div>";
$output .= "<br><table class=\"tblborder\" style=\"margin: 0 auto; width: 500px;\"><tr><th>"._CHAPTER."</th>".($chapters > 1 ? "<th>"._MOVE."</th>" : "")."<th>"._OPTIONS."</th></tr>";
while($chapter = dbassoc($chapquery)) {
$output .="<tr><td class=\"tblborder\"><a href=\"viewstory.php?sid=$sid&chapter=".$chapter['inorder']."\">".$chapter['title']."</a></td>";
if($chapters > 1) $output .= "<td align=\"center\" class=\"tblborder\">".($chapter['inorder'] == 1 ? "" : "<a href=\"stories.php?action=viewstories&go=up&sid=$sid&chapid=".$chapter['chapid']."&inorder=".$chapter['inorder']."\">$up</a>").
($chapter['inorder'] == $chapters ? "" : "<a href=\"stories.php?action=viewstories&go=down&sid=$sid&chapid=".$chapter['chapid']."&inorder=".$chapter['inorder']."\">$down</a>")."</td>";
$output .= "<td class=\"tblborder\" align=\"center\"><a href=\"stories.php?action=editchapter&chapid=".$chapter['chapid'].($admin ? "&admin=1&uid=".$chapter['uid'] : "")."\">"._EDIT."</a>";
if($chapters > 1) $output .= " - <a href=\"stories.php?action=delete&chapid=".$chapter['chapid']."&sid=$sid".($admin ? "&admin=1&uid=".$chapter['uid'] : "")."\">"._DELETE."</a>";
$output .= "</td></tr>";
}
$output .= "<tr><td class=\"tblborder\" colspan=\"3\" align=\"center\"><a href=\"stories.php?action=newchapter&sid=$sid&inorder=$chapters".($admin ? "&admin=1&uid=".$storyuid : "")."\">"._ADDNEWCHAPTER."</a></td></tr></table>";
return $output;
}
// end editstory
function delete( ) {
global $tpl, $store, $storiespath, $admin, $sid, $chapid, $logging;
$confirmed = isset($_GET['confirmed']) ? $_GET['confirmed'] : false;
if(!$sid && !$chapid) return write_error(_ERROR);
$output = "<div id=\"pagetitle\">".($chapid ? _DELETECHAPTERTITLE : _DELETESTORYTITLE)."</div>";
if($admin) {
if($chapid) $authorquery = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
else $authorquery = dbquery("SELECT uid FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
list($uid) = dbrow($authorquery);
}
else $uid = USERUID;
if($confirmed == "no") {
$output .= "<center>"._ACTIONCANCELLED." ".($admin ? _BACK2ADMIN : _BACK2ACCT)."</center>";
}
else if($confirmed == "yes") {
$storyquery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_stories WHERE sid = '$sid' LIMIT 1");
$story = dbassoc($storyquery);
if($chapid) {
$chapterquery = dbquery("SELECT inorder, chapid, uid FROM ".TABLEPREFIX."fanfiction_chapters WHERE sid = '$sid'");
$orderquery = dbquery("SELECT inorder FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
list($inorder) = dbrow($orderquery);
if(empty($inorder)) { // Shouldn't be possible and yet someone managed to do it.
errorExit();
}
$chapters = dbnumrows($chapterquery);
}
if(isset($chapters) && $chapters > 1) {
list($valid) = dbrow(dbquery("SELECT validated FROM ".TABLEPREFIX."fanfiction_chapters where chapid = '$chapid' LIMIT 1"));
dbquery("DELETE FROM ".TABLEPREFIX."fanfiction_chapters WHERE chapid = '$chapid' LIMIT 1");
if($valid) dbquery("UPDATE ".TABLEPREFIX."fanfiction_stats SET chapters = chapters - 1");
if($store == "files") unlink(STORIESPATH."/$uid/".$chapid.".txt");
if($inorder < $chapters)
dbquery("UPDATE ".TABLEPREFIX."fanfiction_chapters SET inorder = (inorder - 1) WHERE sid = '$sid' AND inorder > $inorder");
$codequery = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_codeblocks WHERE code_type = 'delchapter'");
while($code = dbassoc($codequery)) {
eval($code['code_text']);
}
if($logging && $admin) {
$authorquery = dbquery("SELECT "._PENNAMEFIELD." as penname FROM "._AUTHORTABLE." WHERE "._UIDFIELD." = '$uid' LIMIT 1");
list($penname) = dbrow($authorquery);
dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_log (`log_action`, `log_uid`, `log_ip`, `log_type`) VALUES('".escapestring(sprintf(_LOG_ADMIN_DEL_CHAPTER, USERPENNAME, USERUID, $story['title'], $sid, $penname, $uid, $inorder))."', '".USERUID."', INET_ATON('".$_SERVER['REMOTE_ADDR']."'), 'DL')");
}
return "<center>"._ACTIONSUCCESSFUL."</center>".editstory( $sid );
}
else {
include("includes/deletefunctions.php");
deleteStory($story);
}
$output = write_message(_ACTIONSUCCESSFUL." ".($admin ? _BACK2ADMIN : viewstories( )));
}
else {
if($chapid) {
$output .= write_message(_CONFIRMDELETE."<BR><BR>
[ <a href=\"stories.php?action=delete&confirmed=yes&chapid=$chapid&sid=$sid".(!empty($admin) ? "&admin=1&uid=".$uid : "")."\">"._YES."</a> |
<a href=\"stories.php?action=delete&confirmed=no\">"._NO."</a> ]");
}
else {
$output .= write_message(_DELETESTORY."<BR><BR>
[ <a href=\"stories.php?action=delete&confirmed=yes&sid=$sid".(!empty($admin) ? "&admin=1&uid=".$uid : "")."\">"._YES."</a> |
<a href=\"stories.php?action=delete&confirmed=no\">"._NO."</a> ]");
}
}
return $output;
}
// end delete
switch($action) {
case "newstory":
$output .= newstory( );
break;
case "newchapter":
$output .= newstory( );
break;
case "editchapter":
$output .= editchapter($chapid);
break;
case "editstory":
$output .= editstory($sid);
break;
case "delete":
$output .= delete( );
break;
default:
$output .= viewstories( );
break;
}
$tpl->assign( "output", $output );
$tpl->printToScreen();
dbclose( );
?>