Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/articles.php
<?php
// -----------------------------------------------------------------------------
// $Id: articles.php 682 2013-03-28 14:17:41Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_ARTICLES']);

// Advanced moderator or administrator?
if ($users['user_level'] > 2)
{
    // Add (or preview)?
    if (isset($_POST['add_article']) || isset($_POST['preview_article']))
    {
        $error = '';
        // Categories not created yet?
        if (empty($_POST['category_id']))
        {
            $error .= $lang['ERROR_NO_CATEGORY'];
        }
        if (!trim($_POST['article_subject']))
        {
            $error .= $lang['ERROR_NO_SUBJECT'];
        }
        if (!trim($_POST['article_text']))
        {
            $error .= $lang['ERROR_NO_TEXT'];
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            $article_subject = utf8_entities($_POST['article_subject']);
            if ($settings['allow_html'])
            {
                $article_text2 = do_html($_POST['article_text']);
            }
            else
            {
                $article_text2 = utf8_entities($_POST['article_text']);
            }
            $article_text = $article_text2;
            $article_text2 = make_clickable($article_text2);
            $article_text2 = do_bbcodes($article_text2);
            if ($settings['allow_emoticons'])
            {
                $article_text2 = do_emoticons($article_text2);
            }
            // Preview form
            if (isset($_POST['preview_article']))
            {
                // remove_form_data();
                $article_text2 = undo_escape_sequences($article_text2);
                if ($settings['allow_html'])
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                $category_id_options = '';
                $sql->query('SELECT category_id, category_image, category_name
                             FROM ' . TABLE_CATEGORIES . '
                             WHERE category_level IN (\'1\', \'4\')
                             ORDER BY category_name');
                while ($table_categories = $sql->fetch())
                {
                    if ($table_categories['category_id'] == $_POST['category_id'])
                    {
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '" selected="selected">' . $table_categories['category_name'] . '</option>';
                        $category_image = $table_categories['category_image'];
                        $category_name = $table_categories['category_name'];
                    }
                    else
                    {
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '">' . $table_categories['category_name'] . '</option>';
                    }
                }
                $template->set_file('admin', 'admin/articles/preview.htpl');
                $template->set_var(array('ARTICLE_POSTED' => sprintf($lang['POSTED_BY'], $_SESSION['user_id'], $users['user_name'], format_date(time())),
                                         'ARTICLE_SUBJECT' => $article_subject,
                                         'ARTICLE_TEXT' => $article_text,
                                         'ARTICLE_TEXT2' => $article_text2,
                                         'CATEGORY_ID' => $_POST['category_id'],
                                         'CATEGORY_ID_OPTIONS' => $category_id_options,
                                         'CATEGORY_IMAGE' => $category_image,
                                         'CATEGORY_NAME' => $category_name,
                                         'EMOTICONS_LIST' => get_emoticons_list(0),
                                         'HTML_SUPPORT' => $html_support));
                $template->parse('admin');
            }
            // From add form
            else
            {
                $sql->query('INSERT INTO ' . TABLE_ARTICLES . ' (category_id, user_id, article_subject, article_text, article_creation)
                             VALUES (\'' . $_POST['category_id'] . '\', \'' . $_SESSION['user_id'] . '\', \'' . $article_subject . '\', \'' . $article_text2 . '\', \'' . time() . '\')');
                $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                             SET category_articles = category_articles + 1
                             WHERE category_id = \'' . $_POST['category_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_articles = user_articles + 1
                             WHERE user_id = \'' . $_SESSION['user_id'] . '\'');
                make_articles_feed();
                $GLOBALS['cache']->clean(TABLE_ARTICLES);
                // For the time being category_articles is not displayed
                // $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                $GLOBALS['cache']->clean(TABLE_USERS);
                success_template($lang['ARTICLE_ADDED'], './../admin/articles.php?action=view_articles');
            }
        }
    }
    // Articles list
    elseif (isset($_GET['action']) && $_GET['action'] == 'view_articles')
    {
        // Query string - ?action=view_articles&sort=&order=&page=&list=
        if (!empty($_GET['sort']) && preg_match('`^(article_id|article_subject)$`', $_GET['sort']))
        {
            $query = 'sort=' . $_GET['sort'];
        }
        if (!empty($_GET['order']) && preg_match('`^(ASC|DESC)$`', $_GET['order']))
        {
            if (!empty($_GET['sort']) && preg_match('`^(article_id|article_subject)$`', $_GET['sort']))
            {
                $query .= '&amp;order=' . $_GET['order'];
            }
        }
        if ((empty($_GET['sort']) || !preg_match('`^(article_id|article_subject)$`', $_GET['sort'])) || (empty($_GET['order']) || !preg_match('`^(ASC|DESC)$`', $_GET['order'])))
        {
            $clause = '';
            $query = '';
        }
        else
        {
            $clause = 'ORDER BY ' . $_GET['sort'] . ' ' . $_GET['order'];
            $query .= '&amp;';
        }

        // Create pages list
        if (empty($_GET['page']) || !string_is_int($_GET['page']))
        {
            $_GET['page'] = 1;
        }
        $articles_offset = ($_GET['page'] - 1) * $settings['articles_per_page'];
        $sql->query('SELECT article_id
                     FROM ' . TABLE_ARTICLES);
        $num_articles = $sql->num_rows();
        $num_pages = ceil($num_articles / $settings['articles_per_page']);
        $pages_list = get_pages_list('./../admin/articles.php?action=view_articles&amp;' . $query, $num_pages);

        $template->set_file('admin', 'admin/articles/view.htpl');
        $template->set_block('admin', 'ARTICLES_BLOCK', 'articles');
        $sql->query('SELECT t1.article_id, t1.article_subject, t2.category_name, t3.user_name
                     FROM ' . TABLE_ARTICLES . ' AS t1
                     INNER JOIN ' . TABLE_CATEGORIES . ' AS t2
                                 ON (t2.category_id = t1.category_id)
                     INNER JOIN ' . TABLE_USERS . ' AS t3
                                 ON (t3.user_id = t1.user_id)
                     ' . $clause . '
                     LIMIT ' . $settings['articles_per_page'] . ' OFFSET ' . $articles_offset);
        while ($table_articles = $sql->fetch())
        {
            $template->set_var(array('ARTICLE_ID' => $table_articles['article_id'],
                                     'ARTICLE_SUBJECT' => $table_articles['article_subject'],
                                     'CATEGORY_NAME' => $table_articles['category_name'],
                                     'USER_NAME' => $table_articles['user_name']));
            $template->parse('ARTICLES_BLOCK', 'articles', true);
        }
        $template->set_var('PAGES', sprintf($lang['PAGES'], $pages_list));
        $template->parse('admin');
    }
    // Edit form
    elseif (isset($_GET['action']) && $_GET['action'] == 'edit_article')
    {
        if (!empty($_GET['article_id']) && string_is_int($_GET['article_id']))
        {
            $sql->query('SELECT t1.category_id, t1.user_id, t1.article_subject, t1.article_text, t1.article_creation, t2.user_name
                         FROM ' . TABLE_ARTICLES . ' AS t1
                         INNER JOIN ' . TABLE_USERS . ' AS t2
                                     ON (t2.user_id = t1.user_id)
                         WHERE t1.article_id = \'' . $_GET['article_id'] . '\'');
            $table_articles = $sql->fetch();
            // Check article
            if (!$table_articles['article_creation'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $category_id_options = '';
                $sql->query('SELECT category_id, category_name
                             FROM ' . TABLE_CATEGORIES . '
                             WHERE category_level IN (\'1\', \'4\')
                             ORDER BY category_name');
                while ($table_categories = $sql->fetch())
                {
                    if ($table_categories['category_id'] == $table_articles['category_id'])
                    {
                        $category_id_old = $table_categories['category_id'];
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '" selected="selected">' . $table_categories['category_name'] . '</option>';
                    }
                    else
                    {
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '">' . $table_categories['category_name'] . '</option>';
                    }
                }
                if ($settings['allow_html'])
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                $article_text = undo_emoticons($table_articles['article_text']);
                $article_text = undo_bbcodes($article_text);
                $template->set_file('admin', 'admin/articles/edit.htpl');
                $template->set_var(array('ARTICLE_CREATION' => $table_articles['article_creation'],
                                         'ARTICLE_ID' => $_GET['article_id'],
                                         'ARTICLE_SUBJECT' => $table_articles['article_subject'],
                                         'ARTICLE_TEXT' => $article_text,
                                         'CATEGORY_ID_OLD' => $category_id_old,
                                         'CATEGORY_ID_OPTIONS' => $category_id_options,
                                         'EMOTICONS_LIST' => get_emoticons_list(0),
                                         'HTML_SUPPORT' => $html_support,
                                         'USER_ID' => $table_articles['user_id'],
                                         'USER_NAME' => $table_articles['user_name']));
                $template->parse('admin');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Edit (or preview)?
    elseif (isset($_POST['edit_article']) || isset($_POST['preview_edited_article']))
    {
        $error = '';
        if (!trim($_POST['article_subject']))
        {
            $error .= $lang['ERROR_NO_SUBJECT'];
        }
        if (!trim($_POST['article_text']))
        {
            $error .= $lang['ERROR_NO_TEXT'];
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            $article_subject = utf8_entities($_POST['article_subject']);
            if ($settings['allow_html'])
            {
                $article_text2 = do_html($_POST['article_text']);
            }
            else
            {
                $article_text2 = utf8_entities($_POST['article_text']);
            }
            $article_text = $article_text2;
            $article_text2 = make_clickable($article_text2);
            $article_text2 = do_bbcodes($article_text2);
            if ($settings['allow_emoticons'])
            {
                $article_text2 = do_emoticons($article_text2);
            }
            // Preview form
            if (isset($_POST['preview_edited_article']))
            {
                // remove_form_data();
                $article_text2 = undo_escape_sequences($article_text2);
                if ($settings['allow_html'])
                {
                    $html_support = $lang['HTML_ENABLED'];
                }
                else
                {
                    $html_support = $lang['HTML_DISABLED'];
                }
                $category_id_options = '';
                $sql->query('SELECT category_id, category_image, category_name
                             FROM ' . TABLE_CATEGORIES . '
                             WHERE category_level IN (\'1\', \'4\')
                             ORDER BY category_name');
                while ($table_categories = $sql->fetch())
                {
                    if ($table_categories['category_id'] == $_POST['category_id'])
                    {
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '" selected="selected">' . $table_categories['category_name'] . '</option>';
                        $category_image = $table_categories['category_image'];
                        $category_name = $table_categories['category_name'];
                    }
                    else
                    {
                        $category_id_options .= '<option value="' . $table_categories['category_id'] . '">' . $table_categories['category_name'] . '</option>';
                    }
                }
                $template->set_file('admin', 'admin/articles/preview_edited.htpl');
                $template->set_var(array('ARTICLE_CREATION' => $_POST['article_creation'],
                                         'ARTICLE_EDITED' => sprintf($lang['EDITED_BY'], $_SESSION['user_id'], $users['user_name'], format_date(time())),
                                         'ARTICLE_ID' => $_POST['article_id'],
                                         'ARTICLE_POSTED' => sprintf($lang['POSTED_BY'], $_POST['user_id'], $_POST['user_name'], format_date($_POST['article_creation'])),
                                         'ARTICLE_SUBJECT' => $article_subject,
                                         'ARTICLE_TEXT' => $article_text,
                                         'ARTICLE_TEXT2' => $article_text2,
                                         'CATEGORY_ID' => $_POST['category_id'],
                                         'CATEGORY_ID_OLD' => $_POST['category_id_old'],
                                         'CATEGORY_ID_OPTIONS' => $category_id_options,
                                         'CATEGORY_IMAGE' => $category_image,
                                         'CATEGORY_NAME' => $category_name,
                                         'EMOTICONS_LIST' => get_emoticons_list(0),
                                         'HTML_SUPPORT' => $html_support,
                                         'USER_ID' => $_POST['user_id'],
                                         'USER_NAME' => $_POST['user_name']));
                $template->parse('admin');
            }
            // From edit form
            else
            {
                $sql->query('UPDATE ' . TABLE_ARTICLES . '
                             SET category_id = \'' . $_POST['category_id'] . '\', article_subject = \'' . $article_subject . '\', article_text = \'' . $article_text2 . '\', article_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                             WHERE article_id = \'' . $_POST['article_id'] . '\'');
                if ($_POST['category_id'] != $_POST['category_id_old'])
                {
                    $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                                 SET category_articles = category_articles + 1
                                 WHERE category_id = \'' . $_POST['category_id'] . '\'');
                    $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                                 SET category_articles = category_articles - 1
                                 WHERE category_id = \'' . $_POST['category_id_old'] . '\'');
                    // For the time being category_articles is not displayed
                    // $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                }
                make_articles_feed();
                $GLOBALS['cache']->clean(TABLE_ARTICLES);
                success_template($lang['ARTICLE_EDITED'], './../admin/articles.php?action=view_articles');
            }
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_article')
    {
        if (!empty($_GET['article_id']) && string_is_int($_GET['article_id']))
        {
            $sql->query('SELECT category_id, user_id
                         FROM ' . TABLE_ARTICLES . '
                         WHERE article_id = \'' . $_GET['article_id'] . '\'');
            $table_articles = $sql->fetch();
            // Check article
            if (!$table_articles['category_id'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $sql->query('DELETE FROM ' . TABLE_ARTICLES . '
                             WHERE article_id = \'' . $_GET['article_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                             SET category_articles = category_articles - 1
                             WHERE category_id = \'' . $table_articles['category_id'] . '\'');
                $sql->query('UPDATE ' . TABLE_USERS . '
                             SET user_articles = user_articles - 1
                             WHERE user_id = \'' . $table_articles['user_id'] . '\'');
                make_articles_feed();
                $GLOBALS['cache']->clean(TABLE_ARTICLES);
                // For the time being category_articles is not displayed
                // $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                $GLOBALS['cache']->clean(TABLE_USERS);
                success_template($lang['ARTICLE_DELETED'], './../admin/articles.php?action=view_articles');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Add form
    else
    {
        $category_id_options = '';
        $sql->query('SELECT category_id, category_name
                     FROM ' . TABLE_CATEGORIES . '
                     WHERE category_level IN (\'1\', \'4\')
                     ORDER BY category_name');
        while ($table_categories = $sql->fetch())
        {
            $category_id_options .= '<option value="' . $table_categories['category_id'] . '">' . $table_categories['category_name'] . '</option>';
        }
        if ($settings['allow_html'])
        {
            $html_support = $lang['HTML_ENABLED'];
        }
        else
        {
            $html_support = $lang['HTML_DISABLED'];
        }
        $template->set_file('admin', 'admin/articles/add.htpl');
        $template->set_var(array('CATEGORY_ID_OPTIONS' => $category_id_options,
                                 'EMOTICONS_LIST' => get_emoticons_list(0),
                                 'HTML_SUPPORT' => $html_support));
        $template->parse('admin');
    }
}
// Other
else
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}

page_footer();

?>
Return current item: Gnew