Location: PHPKode > projects > FPCode > fpcode091/fpcode/includes/edit_news_content.inc.php
<?
//
//	FPCode v0.9, Date 2002-01-11
//
//	Copyright (c) 2002 Wen-Yu Chang and FrostyPlace.com. All rights reserved.
//
//	The contents of this file constitute Original Code as defined in and
//	are subject to the GNU Library General Public License (the
//	"License").  You may not use this file except in compliance with the
//	License.  Please obtain a copy of the License at
//	http://www.gnu.org/licenses/gpl.html and read it before using this file.
//	
//	This Original Code and all software distributed under the License are
//	distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
//	EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
//	INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
//	FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
//	License for the specific language governing rights and limitations
//	under the License.
//
//

	require_once("../includes/config.inc.php");			// Load config params
	require_once("{$fpconfig['root_path']}/includes/dbconnect.inc.php");		//All the db stuff

	function print_type_menu($type_id){

		$my_query = "SELECT type_id, type_code ".
					"FROM story_types " .
					"ORDER BY type_id ASC ";
			
		$result = mysql_query($my_query);
		
		echo "<select name=\"item_type\" class=\"form_elements\">\n";
	
		while ($row = mysql_fetch_array($result)){
			if($type_id == $row['type_id']) $sel = "selected";
			else $sel ="";
			
			echo "<option value=\"{$row['type_id']}\" $sel>{$row['type_code']}</option>\n";
		}
		
		echo "</select>\n";
		if($result) mysql_free_result($result);
		
	}
	

	function get_story($id){
		global 	$author_name, $author_id, $author_email, $story_title, $site_url, $pic_url, $type_id,
				$story_text, $story_more, $key_item, $ubb_link, $is_report, $active;
		
		if($id < 1){
			return "°Ñ¼Æ¿ù»~¡G¤£¦X²zªº½Z¥ó½s¸¹¡C<br>";
		}
		
		$my_query = "SELECT active, story_title, story_text, story_more, type_id, ".
					"author_name, author_email, s.author_id, pic_link, story_link, ubb_link, is_key_item, is_report ".
					"FROM stories s, authors a ".
					"WHERE story_id=$id AND s.author_id = a.author_id LIMIT 0, 1";

		$result = mysql_query($my_query);
		
		if($result == false){
			if($result) mysql_free_result($result);
			return "¸ê®Æ®w¿ù»~¡C<br>";
		}
		
		if(mysql_num_rows($result) != 1){
			if($result) mysql_free_result($result);
			return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªº½Z¥ó¡C(¤]³\§@ªÌ½s¸¹¤£¦s¦b¡H)<br>";
		}
		
		if ($row = mysql_fetch_array($result)){
			$author_name 	= htmlspecialchars($row["author_name"]);
			$author_email	= htmlspecialchars($row["author_email"]);
			$story_title	= htmlspecialchars($row["story_title"]);
			$site_url		= htmlspecialchars($row["story_link"]);
			$pic_url		= htmlspecialchars($row["pic_link"]);
			$story_text		= htmlspecialchars($row["story_text"]);
			$story_more		= htmlspecialchars($row["story_more"]);
			$ubb_link		= htmlspecialchars($row["ubb_link"]);

			if($row["author_id"] == $fpconfig["anon_author_id"]) {
				$author_name = $fpconfig["anon_author_name"];
			}
		
			$author_id = $row["author_id"];
			$type_id = $row["type_id"];
			
			($row["is_key_item"] == 1) ? $key_item = "checked" : $key_item = "";
			($row["is_report"] == 1) ? $is_report = true : $is_report = false;
			$active = $row["active"];
			
			if($result) mysql_free_result($result);
		} else {
			if($result) mysql_free_result($result);
			return "¨t²Î¿ù»~¡G¸ê®Æ®wŪ¨úµo¥Í°ÝÃD¡A½Ð¾¨§Ö³qª¾¨t²ÎºÞ²z­û¡C";
		}
				
		return ;	// no error.
	}


	function update_item($post_vars){
		
		$err_msg = "";
				
		if(isset($post_vars["delete_item"])){
			if($post_vars["story_id"] > 0){
				$my_query = "DELETE FROM stories WHERE story_id = " . $post_vars["story_id"];
				mysql_query($my_query);
				header("Location: story_manager.php"); 
				return;
			} else {
				return "¸ê®Æ¿ù»~¡G¿ù»~ªºÀÉ®×½s¸¹¡C<br>\n";
			}
		}
		
		if($post_vars["story_id"] < 1){
			return "¸ê®Æ¿ù»~¡G¿ù»~ªºÀÉ®×½s¸¹¡C<br>\n";
		}
		
		$story_id = $post_vars["story_id"];
		
		if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0){
			$err_msg = "¸ê®Æ¿ù»~¡G§@ªÌ©m¦W»P¹q¶lÄ椣±o¬Ò¬°ªÅ¥Õ¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}

		if(!get_magic_quotes_gpc()){
			$email = addslashes($post_vars["author_email"]);
			$author_name = addslashes($post_vars["author_name"]);
			$site_url = addslashes($post_vars["site_url"]);
			$pic_url = addslashes($post_vars["pic_url"]);
			$story_title = addslashes($post_vars["story_title"]);
			$story_text = addslashes($post_vars["story_text"]);
			$story_more = addslashes($post_vars["story_more"]);
			$ubb_param = addslashes($post_vars["ubb_param"]);
		} else {
			$email = $post_vars["author_email"];
			$author_name = $post_vars["author_name"];
			$site_url = $post_vars["site_url"];
			$pic_url = $post_vars["pic_url"];
			$story_title = $post_vars["story_title"];
			$story_text = $post_vars["story_text"];
			$story_more = $post_vars["story_more"];
			$ubb_param = $post_vars["ubb_param"];
		}
				
		$author_id = $post_vars["author_id"];
		if($author_id == "") $author_id = -1;	// so we know we need to generate a new id or look for a possible one
		
		$type_id = $post_vars["item_type"];
		
		($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
		
		($post_vars["key_item"] == 1) ? $key_item = 1 : $key_item = 0;
		
		($post_vars["retain_date"] == 1) ? $post_str = "" : $post_str = ", post_time=now()";
		
		$updated_str = "";
		
		
		// if the story has not gone online already, don't change the state to 'updated'
		switch($post_vars["active"]){
			case -1:
				$updated_str = "0";
			break;
		
			default:
				$updated_str = "1";
			break;
		}
				
		// Got everything we need, now let's do some checkings!

		// A very basic email address check, need to make it beefier later.
		
		if(strlen($email) && strstr($email, "@") == false){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg="¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¥Ü¦³»~¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}
		
		// Title length check: we need to have at least something to post to the database.
		
		if(strlen($story_title) < 2 || strlen($story_text) < 2){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}
		
		
		// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
		
		if($author_id != $fpconfig["anon_author_id"]){
			if($author_id > 0){
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
				
				$my_query = "SELECT author_id,author_name FROM authors WHERE author_id = $author_id $where_str";
				$result = mysql_query($my_query);
	
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
	
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				}							
				if($result) mysql_free_result($result);
				
			} else {
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";

				$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
				$result = mysql_query($my_query);
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				} else {
					$row = mysql_fetch_array($result);
					$author_id = $row["author_id"];
				}
				if($result) mysql_free_result($result);	
			}
		} 

		// 2.type ID check, if out of bound, assign it to the largest valid value
		
		$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
		$result = mysql_query($my_query);
		$row = mysql_fetch_array($result);
		
		if($type_id < $row["min"] || $type_id > $row["max"]) {
			$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
			$type_id = $row["max"];
		}
		
		if($result) mysql_free_result($result);
		
		$my_query = "UPDATE stories " .
					"SET story_title = '$story_title', story_text='$story_text', " .
					"story_more = '$story_more' $post_str , type_id = $type_id, author_id = $author_id, " .
					"pic_link = '$pic_url', story_link = '$site_url', ubb_link = '$ubb_param', is_key_item = $key_item, ".
					"is_report=$is_report, updated = $updated_str " .
					"WHERE story_id = $story_id";
		
		$result = mysql_query($my_query);
				
		if($result == false) {
			$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk§ó·s¸ê®Æ¡C<br>\n";
			return $err_msg;
		} else {
			header("Location: story_manager.php?first_row=$story_id"); 
			return;
		}
				
		return $err_msg;
	}	


	function new_item($post_vars){
		
		$err_msg = "";
		
		
		if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0 && !isset($post_vars["author_id"])){
			$err_msg="<br>¸ê®Æ¿ù»~¡G§@ªÌ©m¦W¡B½s¸¹»P¹q¶lÄ椣±o¥þ¬°ªÅ¥Õ¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}
		
		if(!get_magic_quotes_gpc()){
			$email = addslashes($post_vars["author_email"]);
			$author_name = addslashes($post_vars["author_name"]);
			$site_url = addslashes($post_vars["site_url"]);
			$pic_url = addslashes($post_vars["pic_url"]);
			$story_title = addslashes($post_vars["story_title"]);
			$story_text = addslashes($post_vars["story_text"]);
			$story_more = addslashes($post_vars["story_more"]);
			$ubb_param = addslashes($post_vars["ubb_param"]);
		} else {
			$email = $post_vars["author_email"];
			$author_name = $post_vars["author_name"];
			$site_url = $post_vars["site_url"];
			$pic_url = $post_vars["pic_url"];
			$story_title = $post_vars["story_title"];
			$story_text = $post_vars["story_text"];
			$story_more = $post_vars["story_more"];
			$ubb_param = $post_vars["ubb_param"];
		}
		
		// if post_time is present - need to set the post time to proper value
		
		if($post_vars["post_time"]){
			$post_str = "'" . $post_vars["post_time"] . "123000'";
		} else {
			$post_str = "now()";
		}
		
		$author_id = $post_vars["author_id"];
		if($author_id == "") $author_id = -1;	// so we know we need to generate a new id or look for a possible one
		
		$type_id = $post_vars["item_type"];
		
		($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
				
		($post_vars["key_item"] == 1) ? $key_item = 1 : $key_item = 0;
				
		// Got everything we need, now let's do some checkings!

		// A very basic email address check, need to make it beefier later.
		
		if(strlen($email) && strstr($email, "@") == false){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg="<br>¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¦¡¦³»~¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}
		
		// Title length check: we need to have at least something to post to the database.
		
		if(strlen($story_title) < 2 || strlen($story_text) < 2){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			return $err_msg;
		}
				
		// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
		
		if($author_id != $fpconfig["anon_author_id"]){
			if($author_id > 0){
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
				
				$my_query = "SELECT author_id FROM authors WHERE author_id = $author_id $where_str";
				$result = mysql_query($my_query);
	
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
	
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				}
			
				if($result) mysql_free_result($result);
			} else {
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";

				$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
				$result = mysql_query($my_query);
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				} else {
					$row = mysql_fetch_array($result);
					$author_id = $row["author_id"];
				}
				if($result) mysql_free_result($result);	
			}
		} 

		// 2.type ID check, if out of bound, assign it to the largest valid value
		
		$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
		$result = mysql_query($my_query);
		$row = mysql_fetch_array($result);
		
		if($type_id < $row["min"] || $type_id > $row["max"]) {
			$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
			$type_id = $row["max"];
		}
		
		if($result) mysql_free_result($result);
		
		$my_query = "INSERT INTO stories (story_id, active, story_title, story_text, story_more, post_time, ".
					"type_id, author_id, pic_link, story_link, ubb_link, is_key_item, is_report, updated) ".
					"VALUES( NULL, -1, '$story_title', '$story_text', '$story_more',".
					" $post_str, $type_id, $author_id, '$pic_url','$site_url','$ubb_param',$key_item , $is_report, 0)";
								
		$result = mysql_query($my_query);

		if($result == false) {
			$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk´¡¤J·sªº¸ê®Æ¡C<br>\n";
			return $err_msg;
		} else {
			$err_msg .= "¸ê®Æ¤w¶¶§Q¿é¤J¡C<br>\n";
		}
				
		return $err_msg;
	}

	
	function print_footer(){
?>	
	<div class="footer_txt">Copyright &#169; 1996 - 2002 FrostyPlace.com</div>
<?
	}	
?>
Return current item: FPCode