<?
//
// FPCode v0.9, Date 2002-01-11
//
// Copyright (c) 2002 Wen-Yu Chang and FrostyPlace.com. All rights reserved.
//
// The contents of this file constitute Original Code as defined in and
// are subject to the GNU Library General Public License (the
// "License"). You may not use this file except in compliance with the
// License. Please obtain a copy of the License at
// http://www.gnu.org/licenses/gpl.html and read it before using this file.
//
// This Original Code and all software distributed under the License are
// distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
// EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
// INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
// FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT. Please see the
// License for the specific language governing rights and limitations
// under the License.
//
//
require_once("../includes/config.inc.php"); // Load config params
require_once("{$fpconfig['root_path']}/includes/dbconnect.inc.php"); //All the db stuff
function print_type_menu(){
$my_query = "SELECT type_id, type_code ".
"FROM story_types " .
"ORDER BY type_id ASC ";
$result = mysql_query($my_query);
echo "<select name=\"item_type\" class=\"form_elements\">\n";
while ($row = mysql_fetch_array($result)){
echo "<option value=\"{$row['type_id']}\">{$row['type_code']}</option>\n";
}
echo "</select>\n";
if($result) mysql_free_result($result);
}
function get_submitted_story($id){
global $submitted_id, $author_name, $author_id, $author_email, $story_title, $site_url, $pic_url,
$story_text, $story_more, $story_comment, $show_delete;
if($id > 0){
$where_stmt = "WHERE story_id=$id";
} else {
$where_stmt = "LIMIT 0, 1";
}
$my_query = "SELECT story_id, story_title, story_text, story_comment, author_email, author_name, ".
"anonymous, pic_link, site_link ".
"FROM reader_submits " .
$where_stmt;
$result = mysql_query($my_query);
if($result == false){
if($result) mysql_free_result($result);
$show_delete = false;
return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªºÅªªÌ§ë½ZÀɮסC";
}
if(mysql_num_rows($result) != 1){
if($result) mysql_free_result($result);
$show_delete = false;
if($id > 0) return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªºÅªªÌ§ë½ZÀɮסC";
else return "¨S¦³¨ä¥LªºÅªªÌ´£¨Ñ½Z¥ó¡C<br>½Ðª½±µ¿é¤J¤º®e¡A©Î¬O«ö<a href=\"story_manager.php\">³o¸Ì</a>¦^¨ì·s»D»P³ø¾ÉºÞ²z¥D¶¡C";
}
if ($row = mysql_fetch_array($result)){
$submitted_id = $row["story_id"];
$author_name = htmlspecialchars($row["author_name"]);
$author_email = htmlspecialchars($row["author_email"]);
$story_title = htmlspecialchars($row["story_title"]);
$site_url = htmlspecialchars($row["site_link"]);
$pic_url = htmlspecialchars($row["pic_link"]);
$story_text = htmlspecialchars($row["story_text"]);
$story_comment = htmlspecialchars($row["story_comment"]);
if($row["anonymous"] == 1) {
$author_name = "(°Î¦W) $author_name";
$author_id = $fpconfig["anon_author_id"];
}
if($result) mysql_free_result($result);
} else {
if($result) mysql_free_result($result);
$show_delete = false;
return "¨t²Î¿ù»~¡G¸ê®Æ®wŪ¨úµo¥Í°ÝÃD¡A½Ð¾¨§Ö³qª¾¨t²ÎºÞ²zû¡C";
}
$show_delete = true;
return ;
}
function insert_new_row($post_vars){
$err_msg = "";
if(isset($post_vars["delete_item"])){
$my_query = "DELETE FROM reader_submits WHERE story_id = " . $post_vars["submitted_id"];
mysql_query($my_query);
$err_msg="ŪªÌ§ë½Z¤w¶¶§Q§R°£¡C<br>\n";
$err_msg .= get_submitted_story(-1);
return $err_msg;
}
if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0 && !isset($post_vars["author_id"])){
$err_msg="<br>¸ê®Æ¿ù»~¡G§@ªÌ©m¦W¡B½s¸¹»P¹q¶lÄ椣±o¥þ¬°ªÅ¥Õ¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
$err_msg .= get_submitted_story($post_vars["submitted_id"]);
return $err_msg;
}
if(!get_magic_quotes_gpc()){
$email = addslashes($post_vars["author_email"]);
$author_name = addslashes($post_vars["author_name"]);
$site_url = addslashes($post_vars["site_url"]);
$pic_url = addslashes($post_vars["pic_url"]);
$story_title = addslashes($post_vars["story_title"]);
$story_text = addslashes($post_vars["story_text"]);
$story_more = addslashes($post_vars["story_more"]);
$story_comment = addslashes($post_vars["story_comment"]);
$ubb_param = addslashes($post_vars["ubb_param"]);
} else {
$email = $post_vars["author_email"];
$author_name = $post_vars["author_name"];
$site_url = $post_vars["site_url"];
$pic_url = $post_vars["pic_url"];
$story_title = $post_vars["story_title"];
$story_text = $post_vars["story_text"];
$story_more = $post_vars["story_more"];
$story_comment = $post_vars["story_comment"];
$ubb_param = $post_vars["ubb_param"];
}
$author_id = $post_vars["author_id"];
if($author_id == "") $author_id = -1; // so we know we need to generate a new id or look for a possible one
$type_id = $post_vars["item_type"];
($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
($post_vars["Key_item"] == 1) ? $Key_item = 1 : $Key_item = 0;
// Got everything we need, now let's do some checkings!
// A very basic email address check, need to make it beefier later.
if(strlen($email) && strstr($email, "@") == false){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg="¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¦¡¦³»~¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
$err_msg .= get_submitted_story($my_story_id);
return $err_msg;
}
// Title length check: we need to have at least something to post to the database.
if(strlen($story_title) < 2 || strlen($story_text) < 2){
($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e¶×¥¿«á¦A¤W¶Ç¡C<br>\n";
$err_msg .= get_submitted_story($my_story_id);
return $err_msg;
}
// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
if($author_id != $fpconfig["anon_author_id"]){
if($author_id > 0){
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id FROM authors WHERE author_id = $author_id $where_str";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
}
if($result) mysql_free_result($result);
} else {
$where_str = "";
if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
$result = mysql_query($my_query);
if(mysql_num_rows($result) < 1){
$dummy_passwd = md5($fpconfig["dummy_passwd"]);
$my_query = "INSERT INTO authors ".
"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
mysql_query($my_query);
$author_id = mysql_insert_id(); // The new id
$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id .
"¡CY¦³¥²n¥i¨Ï¥Î§@ªÌ¦W¥U×¥¿¸ê®Æ¡C<br>\n";
} else {
$row = mysql_fetch_array($result);
$author_id = $row["author_id"];
}
if($result) mysql_free_result($result);
}
}
// 2.type ID check, if out of bound, assign it to the largest valid value
$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
$result = mysql_query($my_query);
$row = mysql_fetch_array($result);
if($type_id < $row["min"] || $type_id > $row["max"]) {
$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
$type_id = $row["max"];
}
if($result) mysql_free_result($result);
$my_query = "INSERT INTO stories (story_id, active, story_title, story_text, story_more, post_time, ".
"type_id, author_id, pic_link, story_link, ubb_link, is_key_item, is_report, updated) ".
"VALUES( NULL, -1, '$story_title', '$story_text', '$story_more',".
" now(), $type_id, $author_id, '$pic_url','$site_url','$ubb_param',$Key_item , $is_report, 0)";
$result = mysql_query($my_query);
if($result == false) {
$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk´¡¤J·sªº¸ê®Æ¡C<br>\n";
$err_msg .= get_submitted_story($post_vars["submitted_id"]);
return $err_msg;
} else {
$err_msg .= "¸ê®Æ¤w¶¶§Q¿é¤J¡C<br>\n";
}
// Now remove the story in the submitted table, if this is not a storey update
$my_query = "DELETE FROM reader_submits WHERE story_id = " . $post_vars["submitted_id"];
mysql_query($my_query);
$err_msg .= get_submitted_story(-1);
return $err_msg;
}
function print_total_rec(){
$my_query = "SELECT count(*) as count FROM reader_submits ";
$result = mysql_query($my_query);
$row = mysql_fetch_array($result);
$rec_count = $row['count'];
if($rec_count > 1) echo "<b>©|¦³ $rec_count ¥÷½Z¥óµ¥«Ý¼f®Ö</b>";
else if ($rec_count == 1) echo "<b>³o¬O³Ì«á¤@¥÷µ¥«Ý¼f®Ö¤§½Z¥ó</b>";
else echo "<b>¥Ø«e¨S¦³¨ä¥¦½Z¥óµ¥«Ý¼f®Ö</b>";
if($result) mysql_free_result($result);
}
function print_footer(){
?>
<div class="footer_txt">Copyright © 1996 - 2002 FrostyPlace.com</div>
<?
}
?>