Location: PHPKode > projects > Exero CMS > upload/admin/items.php
<?
/*========================================*\
| Exero CMS                                |
|==========================================|
|          http://ecms.getox.net           |
|https://sourceforge.net/projects/exerocms/|
|==========================================|
|     Exero CMS is released under the      |
|     GNU General Public License (GPL)     |
| opensource.org/licenses/gpl-license.php  |
\*========================================*/

require("global.php");
if(!checkadminsession()) {
	print_login();
	exit;
}

if(!adminpermissions("manageitems")) {
	print_no_permission();
	exit;
}

if($_REQUEST['do'] == "") {
	print_cp_header("Item Manager");
	
	print_topmenu(array("items.php?do=create" => "New Item"),"14","bold");
	print_table_header("Items","2",'',"1");
	print_multicol_row(array("Item[align:left]"=>"","Options[align:right]"=>"140"),"optiontitle");
	$getitems = $db->query("SELECT * FROM ".TABLE_PREFIX."items ORDER BY title ASC");
	while($iteminfo = $db->fetch_array($getitems)) {
		print_multicol_row(array($iteminfo['title']."[align:left]"=>"","<a href=\"items.php?do=edit&item=".$iteminfo['id']."\">Edit</a>, <a href=\"items.php?do=delete&item=".$iteminfo['id']."\">Delete</a>[align:right]"=>"140"));
	}
	print_table_footer();
			
	print_cp_footer();
} else if($_REQUEST['do'] == "create") {
	print_cp_header("New Item");
	
	print_table_header("Items");
	$getitems = $db->query("SELECT * FROM ".TABLE_PREFIX."admin_items ORDER BY title ASC");
	while($iteminfo = $db->fetch_array($getitems)) {
		print_table_row("<a href=\"items.php?do=new&type=".$iteminfo['id']."\"><strong>".$iteminfo['title']."</strong></a>");
	}
	print_table_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "new") {
	if($_POST['action'] == "submit") {
		//$db->query("INSERT INTO ".TABLE_PREFIX."items VALUES('','".$db->real_escape_string($_POST['name'])."','".$db->real_escape_string($_POST['info'])."','".$db->real_escape_string($_POST['extra'])."','')");
		$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."admin_items WHERE id='".$db->real_escape_string($_REQUEST['type'])."' LIMIT 1");
		include("items/".$iteminfo['file'].".php");
		$item = new $iteminfo['file'];
		$item->_create();
		print_redirect("items.php","Item Created","Item Created.");
	} else {
		$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."admin_items WHERE id='".$db->real_escape_string($_REQUEST['type'])."' LIMIT 1");
		include("items/".$iteminfo['file'].".php");
		$item = new $iteminfo['file'];
		
		print_cp_header("New ".$iteminfo['title']);
	
		print_form_header("items.php?do=new");
		print_form_hiddenfield("action","submit");
		print_form_hiddenfield("type",$iteminfo['id']);
		print_table_header("Item ".$iteminfo['title'],"2");
		print_form_textbox("Name","name");
		print_form_multiselect("Group Access","groupaccess"."[]",5,grouparray(),"");
		print_table_optiontitle("Item Options",'',"2");
		$item->_interface();
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();
	
		print_cp_footer();
	}
} else if($_REQUEST['do'] == "listitems") {
	$blockinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."blocks WHERE id='".$db->real_escape_string($_REQUEST['block'])."' LIMIT 1");
	print_cp_header("Items");
	
	print_table_header("Current items in ".$blockinfo['title'],"3","0","1");
	print_multicol_row(array("Item[align:left]"=>"","Position"=>"70","Options[align:right]"=>"140"),"optiontitle");
	if(!$blockinfo['items'] == "") {
		$items = explode(',',$blockinfo['items']);
		foreach($items as $item) {
			$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."items WHERE id='".$item."'");
			print_multicol_row(array($iteminfo['title']."[align:left]"=>"","<a href=\"items.php?do=order&block=".$blockinfo['id']."&item=".$iteminfo['id']."&where=up\">Up</a> | <a href=\"items.php?do=order&block=".$blockinfo['id']."&item=".$iteminfo['id']."&where=down\">Down</a>"=>"70","<a href=\"items.php?do=remove&block=".$blockinfo['id']."&item=".$iteminfo['id']."\">Remove</a>[align:right]"=>"140"));
		}
	}
	print_table_footer();
	
	print_table_header("Add Items","3","0","1");
	print_multicol_row(array("Item[align:left]"=>"","Options[align:right]"=>"140"),"optiontitle");
	$getitems = $db->query("SELECT * FROM ".TABLE_PREFIX."items ORDER BY title ASC");
	while($iteminfo = $db->fetch_array($getitems)) {
		if(!in_array($iteminfo['id'],explode(',',$blockinfo['items']))) {
			print_multicol_row(array($iteminfo['title']."[align:left]"=>"","<a href=\"items.php?do=add&block=".$blockinfo['id']."&item=".$iteminfo['id']."\">Add</a>[align:right]"=>"140"));
		}
	}
	print_table_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "add") {
	$blockinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."blocks WHERE id='".$db->real_escape_string($_REQUEST['block'])."' LIMIT 1");
	if(!$blockinfo['items'] == "") {
		$items = explode(',',$blockinfo['items']);
		array_push($items,$_REQUEST['item']);
		$items = implode(',',$items);
	} else {
		$items = $_REQUEST['item'];
	}
	$db->query("UPDATE ".TABLE_PREFIX."blocks SET items='".$items."' WHERE id='".$db->real_escape_string($_REQUEST['block'])."'");
	print_redirect("items.php?do=listitems&block=".$_REQUEST['block'],"Item Added","Item Added.");
} else if($_REQUEST['do'] == "remove") {
	$blockinfo = $db->query_first("SELECT * FROM blocks WHERE id='".$db->real_escape_string($_REQUEST['block'])."' LIMIT 1");
	if(!$blockinfo['items'] == "") {
		//$items = explode(',',$blockinfo['items']);
		$items = array_pull($blockinfo['items'],$_REQUEST['item']);
	} else {
		$items = "";
	}
	$db->query("UPDATE ".TABLE_PREFIX."blocks SET items='".$items."' WHERE id='".$db->real_escape_string($_REQUEST['block'])."'");
	print_redirect("items.php?do=listitems&block=".$_REQUEST['block'],"Item Removed","Item Removed.");
} else if($_REQUEST['do'] == "order") {
	$blockinfo = $db->query_first("SELECT id,items FROM blocks WHERE id='".$db->real_escape_string($_REQUEST['block'])."'");
	$neworder = changeorder($blockinfo['items'],$_REQUEST['item'],$_REQUEST['where']);
	$db->query("UPDATE ".TABLE_PREFIX."blocks SET items='".$neworder."' WHERE id='".$db->real_escape_string($_REQUEST['block'])."'");
	print_redirect("items.php?do=listitems&block=".$_REQUEST['block'],"Order Updated","Order Updated.");
} else if($_REQUEST['do'] == "edit") {
	if($_POST['action'] == "submit") {
		$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."items WHERE id='".$db->real_escape_string($_POST['itemid'])."' LIMIT 1");
		include("items/".$iteminfo['itemfile'].".php");
		$item = new $iteminfo['itemfile'];
		$item->_save();
		print_redirect("items.php","Item Saved","Item Saved.");
	} else {
		$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."items WHERE id='".$db->real_escape_string($_REQUEST['item'])."' LIMIT 1");
		print_cp_header("Edit Item");
		
		include("items/".$iteminfo['itemfile'].".php");
		$item = new $iteminfo['itemfile'];
		$item->_edit();
		print_form_header("items.php?do=edit");
		print_form_hiddenfield("action","submit");
		print_form_hiddenfield("itemid",$iteminfo['id']);
		print_table_header("Item ".$iteminfo['title'],"2");
		print_form_textbox("Name","name",$iteminfo['title']);
		print_form_multiselect("Group Access","groupaccess"."[]",5,grouparray(),$iteminfo['groupaccess']);
		print_table_optiontitle("Item Options",'',"2");
		$item->_interface();
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();
		print_cp_footer();
	}
} else if($_REQUEST['do'] == "delete") {
	$iteminfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."items WHERE id='".$db->real_escape_string($_REQUEST['item'])."'");
	include("items/".$iteminfo['itemfile'].".php");
	$item = new $iteminfo['itemfile'];
	$item->_delete();
	$getblocks = $db->query("SELECT * FROM ".TABLE_PREFIX."blocks");
	while($blockinfo = $db->fetch_array($getblocks)) {
		if(!$blockinfo['items'] == "") {
			$items = explode(',',$blockinfo['items']);
			//$items = $blockinfo['items'];
			if(in_array($_REQUEST['item'],$items)) {
				$items = array_pull($blockinfo['items'],$_REQUEST['item']);
			}
		} else {
			if($items == $_REQUEST['item']) {
				$items = "";
			}
		}
		if(is_array($items)) {
			$items = implode(',',$items);
		}
		$db->query("UPDATE ".TABLE_PREFIX."blocks SET items='".$items."' WHERE id='".$blockinfo['id']."'");
	}
	$db->query("DELETE FROM ".TABLE_PREFIX."items WHERE id='".$db->real_escape_string($_REQUEST['item'])."'");
	print_redirect("items.php","Item Deleted","Item Deleted.");
}
?>
Return current item: Exero CMS