<?
//
// FPCode v0.9, Date 2002-01-11
//
// Copyright (c) 2002 Wen-Yu Chang and FrostyPlace.com. All rights reserved.
//
// The contents of this file constitute Original Code as defined in and
// are subject to the GNU Library General Public License (the
// "License"). You may not use this file except in compliance with the
// License. Please obtain a copy of the License at
// http://www.gnu.org/licenses/gpl.html and read it before using this file.
//
// This Original Code and all software distributed under the License are
// distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
// EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
// INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
// License for the specific language governing rights and limitations
// under the License.
//
//
require_once("../includes/config.inc.php"); // Load config params
require_once("{$fpconfig['root_path']}/includes/dbconnect.inc.php"); //All the db stuff
function print_type_menu($type_id){
$my_query = "SELECT type_id, type_code ".
"FROM story_types " .
"ORDER BY type_id ASC ";
$result = mysql_query($my_query);
echo "<select name=\"item_type\" class=\"form_elements\">\n";
while ($row = mysql_fetch_array($result)){
if($type_id == $row['type_id']) $sel = "selected";
else $sel ="";
echo "<option value=\"{$row['type_id']}\" $sel>{$row['type_code']}</option>\n";
}
echo "</select>\n";
if($result) mysql_free_result($result);
}
function get_story($id){
global $author_name, $author_id, $author_email, $story_title, $site_url, $pic_url, $type_id,
$story_text, $story_more, $key_item, $ubb_link, $is_report, $active;
if($id < 1){
return "°Ñ¼Æ¿ù»~¡G¤£¦X²zªº½Z¥ó½s¸¹¡C<br>";
}
$my_query = "SELECT active, story_title, story_text, story_more, type_id, ".
"author_name, author_email, s.author_id, pic_link, story_link, ubb_link, is_key_item, is_report ".
"FROM stories s, authors a ".
"WHERE story_id=$id AND s.author_id = a.author_id LIMIT 0, 1";
$result = mysql_query($my_query);
if($result == false){
if($result) mysql_free_result($result);
return "¸ê®Æ®w¿ù»~¡C<br>";
}
if(mysql_num_rows($result) != 1){
if($result) mysql_free_result($result);
return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªº½Z¥ó¡C(¤]³\§@ªÌ½s¸¹¤£¦s¦b¡H)<br>";
}
if ($row = mysql_fetch_array($result)){
$author_name = htmlspecialchars($row["author_name"]);
$author_email = htmlspecialchars($row["author_email"]);
$story_title = htmlspecialchars($row["story_title"]);
$site_url = htmlspecialchars($row["story_link"]);
$pic_url = htmlspecialchars($row["pic_link"]);
$story_text = htmlspecialchars($row["story_text"]);
$story_more = htmlspecialchars($row["story_more"]);
$ubb_link = htmlspecialchars($row["ubb_link"]);
if($row["author_id"] == $fpconfig["anon_author_id"]) {
$author_name = $fpconfig["anon_author_name"];
}
$author_id = $row["author_id"];
$type_id = $row["type_id"];
($row["is_key_item"] == 1) ? $key_item = "checked" : $key_item = "";
($row["is_report"] == 1) ? $is_report = true : $is_report = false;
$active = $row["active"];
if($result) mysql_free_result($result);
} else {
if($result) mysql_free_result($result);
return "¨t²Î¿ù»~¡G¸ê®Æ®wŪ¨úµo¥Í°ÝÃD¡A½Ð¾¨§Ö³qª¾¨t²ÎºÞ²zû¡C";
}
return ; // no error.
}
function update_item($post_vars){
$err_msg = "";
if(isset($post_vars["delete_item"])){
if($post_vars["story_id"] > 0){
$my_query = "DELETE FROM stories WHERE story_id = " . $post_vars["story_id"];
mysql_query($my_query);
header("Location: story_manager.php");
return;
} else {
return "¸ê®Æ¿ù»~¡G¿ù»~ªºÀÉ®×½s¸¹¡C<br>\n";
}
}
if($post_vars["story_id"] < 1){
return "¸ê®Æ¿ù»~¡G¿ù»~ªºÀÉ®×½s¸¹¡C<br>\n";
}
$story_id = $post_vars["story_id"];
if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0){
$err_msg = "¸ê®Æ¿ù»~¡G§@ªÌ©m¦W»P¹q¶lÄ椣±o¬Ò¬°ªÅ¥Õ¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
if(!get_magic_quotes_gpc()){
$email = addslashes($post_vars["author_email"]);
$author_name = addslashes($post_vars["author_name"]);
$site_url = addslashes($post_vars["site_url"]);
$pic_url = addslashes($post_vars["pic_url"]);
$story_title = addslashes($post_vars["story_title"]);
$story_text = addslashes($post_vars["story_text"]);
$story_more = addslashes($post_vars["story_more"]);
$ubb_param = addslashes($post_vars["ubb_param"]);
} else {
$email = $post_vars["author_email"];
$author_name = $post_vars["author_name"];
$site_url = $post_vars["site_url"];
$pic_url = $post_vars["pic_url"];
$story_title = $post_vars["story_title"];
$story_text = $post_vars["story_text"];
$story_more = $post_vars["story_more"];
$ubb_param = $post_vars["ubb_param"];
}
$author_id = $post_vars["author_id"];
if($author_id == "") $author_id = -1; // so we know we need to generate a new id or look for a possible one
$type_id = $post_vars["item_type"];
($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
($post_vars["key_item"] == 1) ? $key_item = 1 : $key_item = 0;
($post_vars["retain_date"] == 1) ? $post_str = "" : $post_str = ", post_time=now()";
$updated_str = "";
// if the story has not gone online already, don't change the state to 'updated'
switch($post_vars["active"]){
case -1:
$updated_str = "0";
break;
default:
$updated_str = "1";
break;
}
// Got everything we need, now let's do some checkings!
// A very basic email address check, need to make it beefier later.
if(strlen($email) && strstr($email, "@") == false){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg="¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¥Ü¦³»~¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
// Title length check: we need to have at least something to post to the database.
if(strlen($story_title) < 2 || strlen($story_text) < 2){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
if($author_id != $fpconfig["anon_author_id"]){
if($author_id > 0){
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id,author_name FROM authors WHERE author_id = $author_id $where_str";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
}
if($result) mysql_free_result($result);
} else {
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
} else {
$row = mysql_fetch_array($result);
$author_id = $row["author_id"];
}
if($result) mysql_free_result($result);
}
}
// 2.type ID check, if out of bound, assign it to the largest valid value
$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
$result = mysql_query($my_query);
$row = mysql_fetch_array($result);
if($type_id < $row["min"] || $type_id > $row["max"]) {
$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
$type_id = $row["max"];
}
if($result) mysql_free_result($result);
$my_query = "UPDATE stories " .
"SET story_title = '$story_title', story_text='$story_text', " .
"story_more = '$story_more' $post_str , type_id = $type_id, author_id = $author_id, " .
"pic_link = '$pic_url', story_link = '$site_url', ubb_link = '$ubb_param', is_key_item = $key_item, ".
"is_report=$is_report, updated = $updated_str " .
"WHERE story_id = $story_id";
$result = mysql_query($my_query);
if($result == false) {
$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk§ó·s¸ê®Æ¡C<br>\n";
return $err_msg;
} else {
header("Location: story_manager.php?first_row=$story_id");
return;
}
return $err_msg;
}
function new_item($post_vars){
$err_msg = "";
if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0 && !isset($post_vars["author_id"])){
$err_msg="<br>¸ê®Æ¿ù»~¡G§@ªÌ©m¦W¡B½s¸¹»P¹q¶lÄ椣±o¥þ¬°ªÅ¥Õ¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
if(!get_magic_quotes_gpc()){
$email = addslashes($post_vars["author_email"]);
$author_name = addslashes($post_vars["author_name"]);
$site_url = addslashes($post_vars["site_url"]);
$pic_url = addslashes($post_vars["pic_url"]);
$story_title = addslashes($post_vars["story_title"]);
$story_text = addslashes($post_vars["story_text"]);
$story_more = addslashes($post_vars["story_more"]);
$ubb_param = addslashes($post_vars["ubb_param"]);
} else {
$email = $post_vars["author_email"];
$author_name = $post_vars["author_name"];
$site_url = $post_vars["site_url"];
$pic_url = $post_vars["pic_url"];
$story_title = $post_vars["story_title"];
$story_text = $post_vars["story_text"];
$story_more = $post_vars["story_more"];
$ubb_param = $post_vars["ubb_param"];
}
// if post_time is present - need to set the post time to proper value
if($post_vars["post_time"]){
$post_str = "'" . $post_vars["post_time"] . "123000'";
} else {
$post_str = "now()";
}
$author_id = $post_vars["author_id"];
if($author_id == "") $author_id = -1; // so we know we need to generate a new id or look for a possible one
$type_id = $post_vars["item_type"];
($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
($post_vars["key_item"] == 1) ? $key_item = 1 : $key_item = 0;
// Got everything we need, now let's do some checkings!
// A very basic email address check, need to make it beefier later.
if(strlen($email) && strstr($email, "@") == false){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg="<br>¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¦¡¦³»~¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
// Title length check: we need to have at least something to post to the database.
if(strlen($story_title) < 2 || strlen($story_text) < 2){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
return $err_msg;
}
// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
if($author_id != $fpconfig["anon_author_id"]){
if($author_id > 0){
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id FROM authors WHERE author_id = $author_id $where_str";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
}
if($result) mysql_free_result($result);
} else {
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
} else {
$row = mysql_fetch_array($result);
$author_id = $row["author_id"];
}
if($result) mysql_free_result($result);
}
}
// 2.type ID check, if out of bound, assign it to the largest valid value
$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
$result = mysql_query($my_query);
$row = mysql_fetch_array($result);
if($type_id < $row["min"] || $type_id > $row["max"]) {
$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
$type_id = $row["max"];
}
if($result) mysql_free_result($result);
$my_query = "INSERT INTO stories (story_id, active, story_title, story_text, story_more, post_time, ".
"type_id, author_id, pic_link, story_link, ubb_link, is_key_item, is_report, updated) ".
"VALUES( NULL, -1, '$story_title', '$story_text', '$story_more',".
" $post_str, $type_id, $author_id, '$pic_url','$site_url','$ubb_param',$key_item , $is_report, 0)";
$result = mysql_query($my_query);
if($result == false) {
$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk´¡¤J·sªº¸ê®Æ¡C<br>\n";
return $err_msg;
} else {
$err_msg .= "¸ê®Æ¤w¶¶§Q¿é¤J¡C<br>\n";
}
return $err_msg;
}
function print_footer(){
?>
<div class="footer_txt">Copyright © 1996 - 2002 FrostyPlace.com</div>
<?
}
?>