Location: PHPKode > projects > FPCode > fpcode091/fpcode/includes/edit_reader_submits.inc.php
<?
//
//	FPCode v0.9, Date 2002-01-11
//
//	Copyright (c) 2002 Wen-Yu Chang and FrostyPlace.com. All rights reserved.
//
//	The contents of this file constitute Original Code as defined in and
//	are subject to the GNU Library General Public License (the
//	"License").  You may not use this file except in compliance with the
//	License.  Please obtain a copy of the License at
//	http://www.gnu.org/licenses/gpl.html and read it before using this file.
//	
//	This Original Code and all software distributed under the License are
//	distributed on an "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, EITHER
//	EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
//	INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
//	FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT.  Please see the
//	License for the specific language governing rights and limitations
//	under the License.
//
//

	require_once("../includes/config.inc.php");			// Load config params
	require_once("{$fpconfig['root_path']}/includes/dbconnect.inc.php");		//All the db stuff

	function print_type_menu(){

		$my_query = "SELECT type_id, type_code ".
					"FROM story_types " .
					"ORDER BY type_id ASC ";
			
		$result = mysql_query($my_query);
		
		echo "<select name=\"item_type\" class=\"form_elements\">\n";
	
		while ($row = mysql_fetch_array($result)){
			echo "<option value=\"{$row['type_id']}\">{$row['type_code']}</option>\n";
		}
		
		echo "</select>\n";
		if($result) mysql_free_result($result);
		
	}
	

	function get_submitted_story($id){
		global 	$submitted_id, $author_name, $author_id, $author_email, $story_title, $site_url, $pic_url, 
				$story_text, $story_more, $story_comment, $show_delete;
		
		if($id > 0){
			$where_stmt = "WHERE story_id=$id";
		} else {
			$where_stmt = "LIMIT 0, 1";
		}
		
		$my_query = "SELECT story_id, story_title, story_text, story_comment, author_email, author_name, ".
					"anonymous, pic_link, site_link ".
					"FROM reader_submits " .
					$where_stmt;
			
		$result = mysql_query($my_query);
		
		if($result == false){
			if($result) mysql_free_result($result);
			$show_delete = false;
			return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªºÅªªÌ§ë½ZÀɮסC";
		}
		
		if(mysql_num_rows($result) != 1){
			if($result) mysql_free_result($result);
			$show_delete = false;
			if($id > 0) return "°Ñ¼Æ¿ù»~¡G§ä¤£¨ì«ü©wªºÅªªÌ§ë½ZÀɮסC";
			else return "¨S¦³¨ä¥LªºÅªªÌ´£¨Ñ½Z¥ó¡C<br>½Ðª½±µ¿é¤J¤º®e¡A©Î¬O«ö<a href=\"story_manager.php\">³o¸Ì</a>¦^¨ì·s»D»P³ø¾ÉºÞ²z¥D­¶¡C";
		}
		
		if ($row = mysql_fetch_array($result)){
			$submitted_id	= $row["story_id"];
			$author_name 	= htmlspecialchars($row["author_name"]);
			$author_email	= htmlspecialchars($row["author_email"]);
			$story_title	= htmlspecialchars($row["story_title"]);
			$site_url		= htmlspecialchars($row["site_link"]);
			$pic_url		= htmlspecialchars($row["pic_link"]);
			$story_text		= htmlspecialchars($row["story_text"]);
			$story_comment	= htmlspecialchars($row["story_comment"]);

			if($row["anonymous"] == 1) {
				$author_name = "(°Î¦W) $author_name";
				$author_id = $fpconfig["anon_author_id"];
			}
			
			if($result) mysql_free_result($result);
		} else {
			if($result) mysql_free_result($result);
			$show_delete = false;
			return "¨t²Î¿ù»~¡G¸ê®Æ®wŪ¨úµo¥Í°ÝÃD¡A½Ð¾¨§Ö³qª¾¨t²ÎºÞ²z­û¡C";
		}
		
		$show_delete = true;
		
		return ;
	}


	function insert_new_row($post_vars){
		
		$err_msg = "";
		
		if(isset($post_vars["delete_item"])){
			$my_query = "DELETE FROM reader_submits WHERE story_id = " . $post_vars["submitted_id"];
			mysql_query($my_query);
			$err_msg="ŪªÌ§ë½Z¤w¶¶§Q§R°£¡C<br>\n";
			$err_msg .= get_submitted_story(-1);
			return $err_msg;
		}
		
		if(strlen($post_vars["author_name"]) == 0 && strlen($post_vars["author_email"]) == 0 && !isset($post_vars["author_id"])){
			$err_msg="<br>¸ê®Æ¿ù»~¡G§@ªÌ©m¦W¡B½s¸¹»P¹q¶lÄ椣±o¥þ¬°ªÅ¥Õ¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			$err_msg .= get_submitted_story($post_vars["submitted_id"]);
			return $err_msg;
		}
		
		if(!get_magic_quotes_gpc()){
			$email = addslashes($post_vars["author_email"]);
			$author_name = addslashes($post_vars["author_name"]);
			$site_url = addslashes($post_vars["site_url"]);
			$pic_url = addslashes($post_vars["pic_url"]);
			$story_title = addslashes($post_vars["story_title"]);
			$story_text = addslashes($post_vars["story_text"]);
			$story_more = addslashes($post_vars["story_more"]);
			$story_comment = addslashes($post_vars["story_comment"]);
			$ubb_param = addslashes($post_vars["ubb_param"]);
		} else {
			$email = $post_vars["author_email"];
			$author_name = $post_vars["author_name"];
			$site_url = $post_vars["site_url"];
			$pic_url = $post_vars["pic_url"];
			$story_title = $post_vars["story_title"];
			$story_text = $post_vars["story_text"];
			$story_more = $post_vars["story_more"];
			$story_comment = $post_vars["story_comment"];
			$ubb_param = $post_vars["ubb_param"];
		}
				
		$author_id = $post_vars["author_id"];
		if($author_id == "") $author_id = -1;	// so we know we need to generate a new id or look for a possible one
		
		$type_id = $post_vars["item_type"];
		
		($post_vars["is_report"] == 1) ? $is_report = 1 : $is_report = 0;
				
		($post_vars["Key_item"] == 1) ? $Key_item = 1 : $Key_item = 0;
				
		// Got everything we need, now let's do some checkings!

		// A very basic email address check, need to make it beefier later.
		
		if(strlen($email) && strstr($email, "@") == false){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg="¸ê®Æ¿ù»~¡G¹q¶l¦a§}®æ¦¡¦³»~¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			$err_msg .= get_submitted_story($my_story_id);
			return $err_msg;
		}
		
		// Title length check: we need to have at least something to post to the database.
		
		if(strlen($story_title) < 2 || strlen($story_text) < 2){
			($post_vars["submitted_id"] > 0) ? $my_story_id = $post_vars["submitted_id"] : $my_story_id = -1;
			$err_msg= "¤W¶Ç¸ê®Æ¿ù»~¡G¤å½Zªº¼ÐÃD©Î¬O¤º¤å¤Óµu¡A½Ð¦^«e­¶­×¥¿«á¦A¤W¶Ç¡C<br>\n";
			$err_msg .= get_submitted_story($my_story_id);
			return $err_msg;
		}
		
		
		// 1.Author ID check - if not found, create a new account for it, and respond with warning message.
		
		if($author_id != $fpconfig["anon_author_id"]){
			if($author_id > 0){
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";
				
				$my_query = "SELECT author_id FROM authors WHERE author_id = $author_id $where_str";
				$result = mysql_query($my_query);
	
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
	
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg="±z«ü©w¤§§@ªÌ½s¸¹¦³»~¡A¨t²Î¤w¦Û°Ê¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				}
			
				if($result) mysql_free_result($result);
			} else {
				$where_str = "";
				if(strlen($email)> 2) $where_str = " OR author_email = '$email'";

				$my_query = "SELECT author_id FROM authors WHERE author_account = '$author_name' OR author_name = '$author_name' $where_str LIMIT 0, 1";
				$result = mysql_query($my_query);
				if(mysql_num_rows($result) < 1){
					$dummy_passwd = md5($fpconfig["dummy_passwd"]);
					$my_query = "INSERT INTO authors ".
					"(author_id, author_account, author_name, author_email, author_pic, author_password) ".
					"VALUES( NULL, '$author_name', '$author_name', '$email', NULL, '$dummy_passwd')";
					mysql_query($my_query);
					$author_id = mysql_insert_id();	// The new id
					$err_msg .="¦Û°Ê·j´M¥\¯àµLªk®Ú¾Ú§@ªÌ¸ê®Æ§ä¨ì¬Û¹ï°O¿ý¡A¤w¬°§@ªÌ¡u$author_name ¡v²£¥Í¤F·sªº½s¸¹: " . $author_id . 
							 "¡C­Y¦³¥²­n¥i¨Ï¥Î§@ªÌ¦W¥U­×¥¿¸ê®Æ¡C<br>\n";
				} else {
					$row = mysql_fetch_array($result);
					$author_id = $row["author_id"];
				}
				if($result) mysql_free_result($result);	
			}
		} 

		// 2.type ID check, if out of bound, assign it to the largest valid value
		
		$my_query = "SELECT min(type_id) as min, max(type_id) as max FROM story_types";
		$result = mysql_query($my_query);
		$row = mysql_fetch_array($result);
		
		if($type_id < $row["min"] || $type_id > $row["max"]) {
			$err_msg .= "±z«ü©w¤§·s»Dõè§O¶W¥X®e³\½d³ò¡A¨t²Î¤w¦Û°Ê±N¤§³]¬°¡u¨ä¥L¡võè§O¡C<br>\n";
			$type_id = $row["max"];
		}
		
		if($result) mysql_free_result($result);
		
		$my_query = "INSERT INTO stories (story_id, active, story_title, story_text, story_more, post_time, ".
					"type_id, author_id, pic_link, story_link, ubb_link, is_key_item, is_report, updated) ".
					"VALUES( NULL, -1, '$story_title', '$story_text', '$story_more',".
					" now(), $type_id, $author_id, '$pic_url','$site_url','$ubb_param',$Key_item , $is_report, 0)";
		
		$result = mysql_query($my_query);

		if($result == false) {
			$err_msg .= "¸ê®Æ®w¿ù»~¡GµLªk´¡¤J·sªº¸ê®Æ¡C<br>\n";
			$err_msg .= get_submitted_story($post_vars["submitted_id"]);
			return $err_msg;
		} else {
			$err_msg .= "¸ê®Æ¤w¶¶§Q¿é¤J¡C<br>\n";
		}
		
		// Now remove the story in the submitted table, if this is not a storey update
		$my_query = "DELETE FROM reader_submits WHERE story_id = " . $post_vars["submitted_id"];
		
		mysql_query($my_query);

		$err_msg .= get_submitted_story(-1);
		
		return $err_msg;
	}


	function print_total_rec(){
		$my_query = "SELECT count(*) as count FROM reader_submits ";
			
		$result = mysql_query($my_query);
		
		$row = mysql_fetch_array($result);
		
		$rec_count = $row['count'];
		
		if($rec_count > 1) echo "<b>©|¦³ $rec_count ¥÷½Z¥óµ¥«Ý¼f®Ö</b>";
		else if ($rec_count == 1) echo "<b>³o¬O³Ì«á¤@¥÷µ¥«Ý¼f®Ö¤§½Z¥ó</b>";
		else echo "<b>¥Ø«e¨S¦³¨ä¥¦½Z¥óµ¥«Ý¼f®Ö</b>";
		
		if($result) mysql_free_result($result);
	}

	
	function print_footer(){
?>	
	<div class="footer_txt">Copyright &#169; 1996 - 2002 FrostyPlace.com</div>
<?
	}	
?>
Return current item: FPCode