<? include "library.php";?>
<html>
<head>
<title><? echo $PHP_SELF; ?></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="javascript">
function deletefile(redirectionURL){
var res = confirm("Are you sure that you wish to delete this entry?");
if(res){
location.href=redirectionURL;
}
}
</script>
<style type="text/css">
<!--
td { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-style: normal}
b { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-weight: bold}
a { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-style: normal; color: #000000; text-decoration: none}
a:hover { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; font-style: normal; color: #333333; text-decoration: underline}
input { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 10px; line-height: normal; background-color: #CCCCCC; border-style: solid; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px}
-->
</style>
</head>
<body bgcolor="#FFFFFF" text="#000000">
<table width="950" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="400"><b><font size="5">Glorified GuestBooK</font></b><br />another one from dataman - please login or register to view or add to the guestbook</td>
<td width="2"> </td>
<form method="post" name="searchform" action="<? echo $PHP_SELF; ?>">
<input type="hidden" name="q" value="kw">
<td align="right" valign="middle"><b>SEARCH</b>: <input type="text" name="keyword" size="20" maxlength="60"> <input type="submit" value="GO FETCH"><br>enter a keyword (must be > 3 characters)</td>
</form>
</tr>
<tr>
<td valign="top">
<table width="100%" border="0" cellspacing="1" cellpadding="2" bgcolor="#000000">
<?
ftheader();
if ($cku) ftlistcategories();
?>
</table>
</td>
<td> </td>
<td valign="top">
<table width="550" border="0" cellspacing="1" cellpadding="2" bgcolor="#000000">
<?
switch($q)
{
case "nt":
ftaddtopic($c);
break;
case "nr":
ftaddreply($c,$t);
break;
case "rt":
$message = "Someone has reported a post - Log on to the site and click on the link below to take you to the topic. \n\n".$siteurl."index.php?c=$c&t=$t\n";
$to = $adminemail;
#echo "$message | $to";
mail($to,"Post Report from DM Guestbook",$message);
break;
case "kw":
echo "<tr bgcolor=\"#666666\"><td colspan=4 height=25>";
echo "<b>SEARCH RESULT FOR:</b> $keyword";
echo "</td></tr>";
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
if(strlen(trim($keyword)) > 0) {
if(strlen($keyword) > "0") {
$searchquery .="select distinct(topicID) from ksearch where ";
$search = split(" ", $keyword);
$cs = count($search);
for($id0 = 0; $id0 < $cs; $id0++) {
if($id0 > "0") { $searchquery .= " or";}
$search[$id0] = " $search[$id0]";
if(substr("$search[$id0]", 0, 2) == " -") {
$search[$id0] = eregi_replace(" -", "", $search[$id0]);
$searchquery .= " $dbfield not like '%$search[$id0]%'";
} else {
$search[$id0] = eregi_replace(" ", "", $search[$id0]);
$searchquery .= " title like '%$search[$id0]%'";
$searchquery .= " or content like '%$search[$id0]%'";
}
}
}
}
#echo $searchquery;
if ($keyword && strlen($keyword) > 3) {
$result = mysql_query($searchquery);
$counter = 1;
if (mysql_num_rows($result) < 1) { echo "Nothing found"; }
while ($row = mysql_fetch_array($result)) {
echo "$counter ". ftwhoistopic($row[topicID]). "<br />";
$counter++;
}
} else {
echo "The your keyword has to be longer than 3 characters";
}
echo "</td></tr>";
break;
default:
}
switch($m)
{
case "mt":
$doinsert = "
insert into topic (userID,datecreated,title,content,categoryID)
values
('$cku','$date','$title','$content','$c')
";
$catupdate = "update category set lastupdate = '$date' where categoryID = '$c'";
if ($c && $title && $cku && $content) {
mysql_query("$doinsert");
$t = mysql_insert_id();
mysql_query("$catupdate");
echo "
<tr bgcolor=\"#98a2b1\"><td colspan=4>
New topic added.<br>
</td></tr>
";
$message = "There is a new topic copy below: \n\n\"".$title."\n".stripslashes($content)."\"\n\n";
$to = $adminemail;
#echo "$message | $to";
mail($to,"A new topic ",$message);
ftwritekeyword($t,$title,$content,$c,"");
} else {
echo "
<tr bgcolor=\"#98a2b1\"><td colspan=4>
Oops! something went wrong - use your browser's back button to return to the previous page
</td></tr>
";
}
break;
case "mr":
$doinsert = "
insert into reply (userID,topicID,datecreated,content)
values
('$cku','$t','$date','$content')
";
$catupdate = "update category set lastupdate = '$date' where categoryID = '$c'";
if ($c && $content && $cku) {
mysql_query("$doinsert");
$r = mysql_insert_id();
mysql_query("$catupdate");
echo "
<tr bgcolor=\"#98a2b1\"><td colspan=4>
New reply added.<br>
</td></tr>
";
$message = "There is a new reply copy below: \n\n\"".stripslashes($content)."\"\n\n";
$to = $adminemail;
#echo "$message | $to";
mail($to,"A new reply",$message);
ftwritekeyword($t,"",$content,"",$r);
} else {
echo "
<tr bgcolor=\"#98a2b1\"><td colspan=4>
Oops! something went wrong - use your browser's back button to return to the previous page
</td></tr>
";
}
break;
case "rg":
echo "
<form name=\"addmember\" method=\"post\" action=\"$PHP_SELF\">
<input type=\"hidden\" name=\"m\" value=\"am\">
<tr bgcolor=\"#666666\"><td colspan=4 height=25>
<b>NEW MEMBER</b>
</td></tr>
<tr bgcolor=\"#98a2b1\"><td colspan=4> <br />";
echo "<b>NOTE</b><br />All fields required (*)<p />";
echo "
User Name*<br />
<input type=\"text\" name=\"username\" size=\"45\" maxlength=\"50\"><br />
Password*<br />
<input type=\"text\" name=\"passwd\" size=\"45\" maxlength=\"50\"><br />
Email Address*<br />
<input type=\"text\" name=\"emailaddress\" size=\"45\" maxlength=\"50\"><br />
<br />
<input type=\"submit\" value=\" SAVE \"><br />
</td></tr>
</form>
";
break;
case "am":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqlselect ="select userID from member where username = '$username' or emailaddress = '$emailaddress'";
$ipaddress = getenv(REMOTE_ADDR);
$sqlinsert = "insert into member (username,passwd,emailaddress,ipaddress) values ('$username','$passwd','$emailaddress','$ipaddress')";
if ($username && $passwd && $emailaddress) {
$check = mysql_query($sqlselect);
$checkcount = mysql_num_rows($check);
if ($checkcount <= 0) {
mysql_query($sqlinsert);
echo "Thank you for registering - you may now use the system - <a href=\"$PHP_SELF?m=lg\">login here</a>";
} else {
echo "the email address or username is already in use";
}
} else {
echo "all fields mark * are required - try again";
}
echo "</td></tr>";
break;
case "lg":
echo "
<form name=\"login\" method=\"post\" action=\"$PHP_SELF\">
<input type=\"hidden\" name=\"m\" value=\"lm\">
<tr bgcolor=\"#666666\"><td colspan=4 height=25>
<b>LOGIN STATION</b>
</td></tr>
<tr bgcolor=\"#98a2b1\"><td colspan=4> <br />";
echo "<b>NOTE</b><br />All fields required (*)<p />";
echo "
User Name*<br />
<input type=\"text\" name=\"username\" size=\"45\" maxlength=\"50\"><br />
Password*<br />
<input type=\"password\" name=\"passwd\" size=\"45\" maxlength=\"50\"><br />
<br />
<input type=\"submit\" value=\" LET ME IN :) \"><br />
</td></tr>
</form>
";
break;
case "lm":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqlselect ="select userID,role from member where username = '$username' and passwd = '$passwd' and active = '1'";
if ($username && $passwd) {
$result = mysql_query($sqlselect);
$checkcount = mysql_num_rows($result);
if ($checkcount <= 0) {
echo "Oops - Username and or password is wrong or your username has been deactivated (which one? umm, I aint telling - <a href=\"$PHP_SELF?m=lg\">try again click here</a>";
} else {
while ($row = mysql_fetch_array($result)) {
setcookie ("cku", $row[userID],time()+7200);
setcookie ("ckr", $row[role],time()+7200);
echo "Login Successful - Welcome $row[username] - <a href=\"$PHP_SELF\">click here to continue</a>";
}
}
} else {
echo "all fields mark * are required - try again";
}
echo "</td></tr>";
break;
case "lo":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
setcookie ("cku", "", time() - 3600);
setcookie ("ckr", "", time() - 3600);
echo "Logout Successful <a href=\"$PHP_SELF\">click here to continue</a>";
echo "</td></tr>";
break;
case "adr":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqldelete = "delete from reply where replyID = $r";
$sqldeletekword = "delete from keyword where replyID = $r";
mysql_query($sqldelete);
mysql_query($sqldeletekword);
echo "reply deleted";
echo "</td></tr>";
break;
case "adt":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqldelete = "delete from reply where topicID = $t";
$sqldeletekword = "delete from keyword where topicID = $t";
$sqldeletetopic = "delete from topic where topicID = $t";
mysql_query($sqldelete);
mysql_query($sqldeletekword);
mysql_query($sqldeletetopic);
echo "topic deleted";
echo "</td></tr>";
break;
case "adc":
fteditcategory($c);
break;
case "ade":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqlupdate = "update category set title = '$title', description = '$description', sortorder = '$sortorder' where categoryID = '$c'";
if ($title && $c) {
mysql_query($sqlupdate);
echo "Category updated";
} else {
echo "Oops - Error try again - note: the title required";
}
echo "</td></tr>";
break;
case "adn":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqlinsert = "insert into category (title,description,sortorder) values ('$title','$description','$sortorder');";
if ($title) {
mysql_query($sqlinsert);
echo "Category added";
} else {
echo "Oops - Error try again - note: the title required";
}
echo "</td></tr>";
break;
case "xxx":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$result = mysql_query("select topicID from topic where categoryID = '$c'");
while ($row = mysql_fetch_array($result)) {
mysql_query("delete from reply where topicID = '$row[topicID]'");
mysql_query("delete from keyword where topicID = '$row[topicID]'");
}
mysql_query("delete from topic where categoryID = '$c'");
mysql_query("delete from category where categoryID = '$c'");
echo "category deleted";
echo "</td></tr>";
break;
case "adm":
ftlistmembers();
break;
case "mmm":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
$sqlupdate = "update member set
username = '$username',
passwd = '$passwd',
emailaddress = '$emailaddress',
active = '$active',
role = '$role'
where userID = '$uid'
";
$sqlcheck = "select userID from member where (username = '$username' or emailaddress = '$emailaddress') and userID <> '$uid'";
if ($uid && $emailaddress && $passwd && $username) {
$result = mysql_query($sqlcheck);
if (mysql_num_rows($result) <= 0) {
mysql_query($sqlupdate);
#echo "$sqlupdate <p />";
echo "User information updated<br />";
} else {
echo "The username or email address is already in use";
}
}
echo "</td></tr>";
break;
case "nnn":
echo "<tr bgcolor=\"#98a2b1\"><td colspan=4>";
mysql_query("update member set active = '0' where userID = '$uid'");
#mysql_query("delete from member where userID = '$uid'");
echo "Best not to delete, just make him/he inactive - :)";
echo "</td></tr>";
break;
default:
}
if ($cku && !$q) ftlisttopics($c);
?>
</table>
</td>
</tr>
<tr>
<td> </td>
<td> </td>
<td> </td>
</tr>
</table>
<div align="center"><a href="http://www.phpdevshed.com/">another one from the dataman series ©2001 (http://www.phpdevshed.com/)</a></div>
</body>
</html>
<? mysql_close(); ?>