Location: PHPKode > projects > Gnew > Gnew-2013.1/admin/categories.php
<?php
// -----------------------------------------------------------------------------
// $Id: categories.php 644 2013-03-22 12:54:09Z raoul $
//
// Copyright (C) 2013 Raoul Proença
// License: GNU GPL version 3 (see copying.txt file)
// Website: http://www.gnew.fr/
// -----------------------------------------------------------------------------
// This program is free software: you can redistribute it and/or modify it under
// the terms of the GNU General Public License as published by the Free Software
// Foundation, either version 3 of the License, or (at your option) any later
// version.
//
// This program is distributed in the hope that it will be useful, but WITHOUT
// ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
// FOR A PARTICULAR PURPOSE. See the GNU General Public License for more
// details.
//
// You should have received a copy of the GNU General Public License along with
// this program. If not, see <http://www.gnu.org/licenses/>.
// -----------------------------------------------------------------------------

include('./../includes/common.php');

page_header($lang['ADMIN_CATEGORIES']);

// Advanced moderator or administrator?
if ($users['user_level'] > 2)
{
    // http://www.php.net/post-max-size
    // If the size of POST data is greater than post_max_size, the $_POST and $_FILES superglobals will be empty
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && empty($_POST) && $_SERVER['CONTENT_LENGTH'] > 0)
    {
        $valid_size = return_bytes(ini_get('post_max_size'));
        error_template(sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size));
    }
    // Add?
    elseif (isset($_POST['add_category']))
    {
        $error = '';
        $upload_dir = './../images/categories/';
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $upload_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['category_image']['name']);
        }
        else
        {
            $upload_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['category_image']['name']);
        }
        $upload_file = $upload_dir . $upload_name;
        $upload_ext = substr($upload_name, strrpos($upload_name, '.'));
        $valid_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        $valid_size = return_bytes(ini_get('upload_max_filesize'));
        // Check name
        if (!trim($_POST['category_name']))
        {
            $error .= $lang['ERROR_NO_NAME'];
        }
        else
        {
            $sql->query('SELECT category_name
                         FROM ' . TABLE_CATEGORIES . '
                         WHERE category_name = \'' . utf8_entities($_POST['category_name']) . '\'');
            $table_categories = $sql->fetch();
            // Check duplicate names
            if ($table_categories['category_name'])
            {
                $error .= $lang['ERROR_NAME_USED'];
            }
        }
        // Check image
        if (!trim($upload_name))
        {
            $empty_image = true;
            $upload_ext = '.png';
            $upload_file .= 'empty.png';
        }
        // Check directory permissions
        if (!is_writable($upload_dir))
        {
            $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $upload_dir);
        }
        // Check duplicate image
        if ($upload_file != './../images/categories/empty.png' && file_exists($upload_file))
        {
            $error .= $lang['ERROR_IMAGE_EXISTS'];
        }
        // Check image format
        if (!in_array($upload_ext, $valid_ext))
        {
            $error .= $lang['ERROR_INVALID_IMAGE_FILE'];
        }
        // Check file size
        if ($_FILES['category_image']['size'] > $valid_size)
        {
            $error .= sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size);
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            if (move_uploaded_file($_FILES['category_image']['tmp_name'], $upload_file) || isset($empty_image))
            {
                $sql->query('INSERT INTO ' . TABLE_CATEGORIES . ' (category_description, category_image, category_level, category_name, category_creation)
                             VALUES (\'' . utf8_entities($_POST['category_description']) . '\', \'' . utf8_entities($upload_file) . '\', \'' . $_POST['category_level'] . '\', \'' . utf8_entities($_POST['category_name']) . '\', \'' . time() . '\')');
                $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                success_template($lang['CATEGORY_ADDED'], './../admin/categories.php?action=view_categories');
            }
            else
            {
                error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
            }
        }
    }
    // Categories list
    elseif (isset($_GET['action']) && $_GET['action'] == 'view_categories')
    {
        // Query string - ?action=view_categories&sort=&order=&page=&list=
        if (!empty($_GET['sort']) && preg_match('`^(category_id|category_name)$`', $_GET['sort']))
        {
            $query = 'sort=' . $_GET['sort'];
        }
        if (!empty($_GET['order']) && preg_match('`^(ASC|DESC)$`', $_GET['order']))
        {
            if (!empty($_GET['sort']) && preg_match('`^(category_id|category_name)$`', $_GET['sort']))
            {
                $query .= '&amp;order=' . $_GET['order'];
            }
        }
        if ((empty($_GET['sort']) || !preg_match('`^(category_id|category_name)$`', $_GET['sort'])) || (empty($_GET['order']) || !preg_match('`^(ASC|DESC)$`', $_GET['order'])))
        {
            $clause = '';
            $query = '';
        }
        else
        {
            $clause = 'ORDER BY ' . $_GET['sort'] . ' ' . $_GET['order'];
            $query .= '&amp;';
        }

        // Create pages list
        if (empty($_GET['page']) || !string_is_int($_GET['page']))
        {
            $_GET['page'] = 1;
        }
        $categories_offset = ($_GET['page'] - 1) * $settings['categories_per_page'];
        $sql->query('SELECT category_id
                     FROM ' . TABLE_CATEGORIES);
        $num_categories = $sql->num_rows();
        $num_pages = ceil($num_categories / $settings['categories_per_page']);
        $pages_list = get_pages_list('./../admin/categories.php?action=view_categories&amp;' . $query, $num_pages);

        $template->set_file('admin', 'admin/categories/view.htpl');
        $template->set_block('admin', 'CATEGORIES_BLOCK', 'categories');
        $sql->query('SELECT category_id, category_image, category_level, category_name
                     FROM ' . TABLE_CATEGORIES . '
                     ' . $clause . '
                     LIMIT ' . $settings['categories_per_page'] . ' OFFSET ' . $categories_offset);
        while ($table_categories = $sql->fetch())
        {
            if ($table_categories['category_level'] == 0)
            {
                $category_level = $lang['PRIVATE'];
            }
            elseif ($table_categories['category_level'] == 1)
            {
                $category_level = $lang['ARTICLES_ONLY'];
            }
            elseif ($table_categories['category_level'] == 2)
            {
                $category_level = $lang['NEWS_ONLY'];
            }
            elseif ($table_categories['category_level'] == 3)
            {
                $category_level = $lang['FORUM_ONLY'];
            }
            else
            {
                $category_level = $lang['ARTICLES_NEWS_FORUM'];
            }
            $template->set_var(array('CATEGORY_ID' => $table_categories['category_id'],
                                     'CATEGORY_IMAGE' => utf8_chars($table_categories['category_image']),
                                     'CATEGORY_LEVEL' => $category_level,
                                     'CATEGORY_NAME' => $table_categories['category_name']));
            $template->parse('CATEGORIES_BLOCK', 'categories', true);
        }
        $template->set_var('PAGES', sprintf($lang['PAGES'], $pages_list));
        $template->parse('admin');
    }
    // Edit form
    elseif (isset($_GET['action']) && $_GET['action'] == 'edit_category')
    {
        // Check query
        if (!empty($_GET['category_id']) && string_is_int($_GET['category_id']))
        {
            $sql->query('SELECT category_description, category_id, category_image, category_level, category_name
                         FROM ' . TABLE_CATEGORIES . '
                         WHERE category_id = \'' . $_GET['category_id'] . '\'');
            $table_categories = $sql->fetch();
            // Check category
            if (!$table_categories['category_id'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $category_image = utf8_chars($table_categories['category_image']);
                if ($category_image != './../images/categories/empty.png')
                {
                    $empty_image = ' <input type="checkbox" name="empty_image" value="1" /> ' . $lang['EMPTY_IMAGE'];
                }
                else
                {
                    $empty_image = '';
                }
                if ($table_categories['category_level'] == 0)
                {
                    $category_level_options = '<option value="0" selected="selected">' . $lang['PRIVATE'] . '</option><option value="1">' . $lang['ARTICLES_ONLY'] . '</option><option value="2">' . $lang['NEWS_ONLY'] . '</option><option value="3">' . $lang['FORUM_ONLY'] . '</option><option value="4">' . $lang['ARTICLES_NEWS_FORUM'] . '</option>';
                }
                elseif ($table_categories['category_level'] == 1)
                {
                    $category_level_options = '<option value="0">' . $lang['PRIVATE'] . '</option><option value="1" selected="selected">' . $lang['ARTICLES_ONLY'] . '</option><option value="2">' . $lang['NEWS_ONLY'] . '</option><option value="3">' . $lang['FORUM_ONLY'] . '</option><option value="4">' . $lang['ARTICLES_NEWS_FORUM'] . '</option>';
                }
                elseif ($table_categories['category_level'] == 2)
                {
                    $category_level_options = '<option value="0">' . $lang['PRIVATE'] . '</option><option value="1">' . $lang['ARTICLES_ONLY'] . '</option><option value="2" selected="selected">' . $lang['NEWS_ONLY'] . '</option><option value="3">' . $lang['FORUM_ONLY'] . '</option><option value="4">' . $lang['ARTICLES_NEWS_FORUM'] . '</option>';
                }
                elseif ($table_categories['category_level'] == 3)
                {
                    $category_level_options = '<option value="0">' . $lang['PRIVATE'] . '</option><option value="1">' . $lang['ARTICLES_ONLY'] . '</option><option value="2">' . $lang['NEWS_ONLY'] . '</option><option value="3" selected="selected">' . $lang['FORUM_ONLY'] . '</option><option value="4">' . $lang['ARTICLES_NEWS_FORUM'] . '</option>';
                }
                else
                {
                    $category_level_options = '<option value="0">' . $lang['PRIVATE'] . '</option><option value="1">' . $lang['ARTICLES_ONLY'] . '</option><option value="2">' . $lang['NEWS_ONLY'] . '</option><option value="3">' . $lang['FORUM_ONLY'] . '</option><option value="4" selected="selected">' . $lang['ARTICLES_NEWS_FORUM'] . '</option>';
                }
                $template->set_file('admin', 'admin/categories/edit.htpl');
                $template->set_var(array('CATEGORY_DESCRIPTION' => $table_categories['category_description'],
                                         'CATEGORY_ID' => $table_categories['category_id'],
                                         'CATEGORY_IMAGE' => $category_image,
                                         'CATEGORY_LEVEL_OPTIONS' => $category_level_options,
                                         'CATEGORY_NAME' => $table_categories['category_name'],
                                         'EMPTY_IMAGE' => $empty_image));
                $template->parse('admin');
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Edit?
    elseif (isset($_POST['edit_category']))
    {
        $error = '';
        $upload_dir = './../images/categories/';
        // http://bugs.php.net/bug.php?id=47096
        if (strtoupper(substr(PHP_OS, 0, 3)) === 'WIN')
        {
            $upload_name = preg_replace(array('`[^a-z0-9-_.\s]`i', '`\s+`'), array(' ', '_'), $_FILES['category_image_new']['name']);
        }
        else
        {
            $upload_name = preg_replace('`["!#$%&\'*+/=?^\`{|}~()<>\[\]:;@\\\\,\s\t]+`', '_', $_FILES['category_image_new']['name']);
        }
        $upload_file = $upload_dir . $upload_name;
        $upload_ext = substr($upload_name, strrpos($upload_name, '.'));
        $valid_ext = array('.gif', '.GIF', '.jpg', '.JPG', '.jpeg', '.JPEG', '.png', '.PNG');
        $valid_size = return_bytes(ini_get('upload_max_filesize'));
        // Check name
        if (!trim($_POST['category_name']))
        {
            $error .= $lang['ERROR_NO_NAME'];
        }
        else
        {
            $sql->query('SELECT category_name
                         FROM ' . TABLE_CATEGORIES . '
                         WHERE category_name = \'' . utf8_entities($_POST['category_name']) . '\'
                         AND category_id <> \'' . $_POST['category_id'] . '\'');
            $table_categories = $sql->fetch();
            // Check duplicate names
            if ($table_categories['category_name'])
            {
                $error .= $lang['ERROR_NAME_USED'];
            }
        }
        // Check new image
        if (!empty($upload_name))
        {
            // Check directory permissions
            if (!is_writable($upload_dir))
            {
                $error .= sprintf($lang['ERROR_DIR_NOT_WRITABLE'], $upload_dir);
            }
            // Check duplicate image
            if (file_exists($upload_file))
            {
                $error .= $lang['ERROR_IMAGE_EXISTS'];
            }
            // Check image format
            if (!in_array($upload_ext, $valid_ext))
            {
                $error .= $lang['ERROR_INVALID_IMAGE_FILE'];
            }
            // Check file size
            if ($_FILES['category_image_new']['size'] > $valid_size)
            {
                $error .= sprintf($lang['ERROR_INVALID_FILE_SIZE'], $valid_size);
            }
        }
        // Check category
        $sql->query('SELECT category_articles, category_news, category_posts
                     FROM ' . TABLE_CATEGORIES . '
                     WHERE category_id = \'' . $_POST['category_id'] . '\'');
        $table_categories = $sql->fetch();
        switch ($_POST['category_level'])
        {
            // Forum
            case 0:
            case 3:
                if ($table_categories['category_articles'] > 0)
                {
                    $error .= sprintf($table_categories['category_articles'] > 1 ? $lang['ERROR_CATEGORY_EDIT_ARTICLES'] : $lang['ERROR_CATEGORY_EDIT_ARTICLE'], $table_categories['category_articles']);
                }
                if ($table_categories['category_news'] > 0)
                {
                    $error .= sprintf($lang['ERROR_CATEGORY_EDIT_NEWS'], $table_categories['category_news']);
                }
                break;
            // Articles only
            case 1:
                if ($table_categories['category_news'] > 0)
                {
                    $error .= sprintf($lang['ERROR_CATEGORY_EDIT_NEWS'], $table_categories['category_news']);
                }
                if ($table_categories['category_posts'] > 0)
                {
                    $error .= sprintf($table_categories['category_posts'] > 1 ? $lang['ERROR_CATEGORY_EDIT_POSTS'] : $lang['ERROR_CATEGORY_EDIT_POST'], $table_categories['category_posts']);
                }
                break;
            // News only
            case 2:
                if ($table_categories['category_articles'] > 0)
                {
                    $error .= sprintf($table_categories['category_articles'] > 1 ? $lang['ERROR_CATEGORY_EDIT_ARTICLES'] : $lang['ERROR_CATEGORY_EDIT_ARTICLE'], $table_categories['category_articles']);
                }
                if ($table_categories['category_posts'] > 0)
                {
                    $error .= sprintf($table_categories['category_posts'] > 1 ? $lang['ERROR_CATEGORY_EDIT_POSTS'] : $lang['ERROR_CATEGORY_EDIT_POST'], $table_categories['category_posts']);
                }
                break;
        }
        if ($error)
        {
            error_template($error);
        }
        else
        {
            // New image?
            if (!empty($upload_name))
            {
                if (move_uploaded_file($_FILES['category_image_new']['tmp_name'], $upload_file))
                {
                    // Delete old image
                    if ($_POST['category_image'] != './../images/categories/empty.png')
                    {
                        unlink($_POST['category_image']);
                    }
                    $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                                 SET category_description = \'' . utf8_entities($_POST['category_description']) . '\', category_image = \'' . utf8_entities($upload_file) . '\', category_level = \'' . $_POST['category_level'] . '\', category_name = \'' . utf8_entities($_POST['category_name']) . '\', category_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                                 WHERE category_id = \'' . $_POST['category_id'] . '\'');
                }
                else
                {
                    error_template($lang['ERROR_INVALID_UPLOADED_FILE']);
                }
            }
            else
            {
                if (isset($_POST['empty_image']))
                {
                    $category_image = './../images/categories/empty.png';
                    if ($_POST['category_image'] != $category_image)
                    {
                        unlink($_POST['category_image']);
                    }
                }
                else
                {
                    $category_image = $_POST['category_image'];
                }
                $sql->query('UPDATE ' . TABLE_CATEGORIES . '
                             SET category_description = \'' . utf8_entities($_POST['category_description']) . '\', category_image = \'' . utf8_entities($category_image) . '\', category_level = \'' . $_POST['category_level'] . '\', category_name = \'' . utf8_entities($_POST['category_name']) . '\', category_edition = \'' . time() . '\', edition_id = \'' . $_SESSION['user_id'] . '\', edition_name = \'' . $users['user_name'] . '\'
                             WHERE category_id = \'' . $_POST['category_id'] . '\'');
            }
            $GLOBALS['cache']->clean(TABLE_CATEGORIES);
            success_template($lang['CATEGORY_EDITED'], './../admin/categories.php?action=view_categories');
        }
    }
    // Delete?
    elseif (isset($_GET['action']) && $_GET['action'] == 'delete_category')
    {
        // Check query
        if (!empty($_GET['category_id']) && string_is_int($_GET['category_id']))
        {
            $sql->query('SELECT category_articles, category_image, category_news, category_posts
                         FROM ' . TABLE_CATEGORIES . '
                         WHERE category_id = \'' . $_GET['category_id'] . '\'');
            $table_categories = $sql->fetch();
            // Check category
            if (!$table_categories['category_image'])
            {
                error_template($lang['ERROR_QUERY']);
            }
            else
            {
                $error = '';
                if ($table_categories['category_articles'] > 0)
                {
                    $error .= sprintf($table_categories['category_articles'] > 1 ? $lang['ERROR_CATEGORY_DELETE_ARTICLES'] : $lang['ERROR_CATEGORY_DELETE_ARTICLE'], $table_categories['category_articles']);
                }
                if ($table_categories['category_news'] > 0)
                {
                    $error .= sprintf($lang['ERROR_CATEGORY_DELETE_NEWS'], $table_categories['category_news']);
                }
                if ($table_categories['category_posts'] > 0)
                {
                    $error .= sprintf($table_categories['category_posts'] > 1 ? $lang['ERROR_CATEGORY_DELETE_POSTS'] : $lang['ERROR_CATEGORY_DELETE_POST'], $table_categories['category_posts']);
                }
                if ($error)
                {
                    error_template($error);
                }
                else
                {
                    $category_image = utf8_chars($table_categories['category_image']);
                    // Delete old image
                    if ($category_image != './../images/categories/empty.png')
                    {
                        unlink($category_image);
                    }
                    $sql->query('DELETE FROM ' . TABLE_CATEGORIES . '
                                 WHERE category_id = \'' . $_GET['category_id'] . '\'');
                    $GLOBALS['cache']->clean(TABLE_CATEGORIES);
                    success_template($lang['CATEGORY_DELETED'], './../admin/categories.php?action=view_categories');
                }
            }
        }
        else
        {
            error_template($lang['ERROR_QUERY']);
        }
    }
    // Add form
    else
    {
        $template->set_file('admin', 'admin/categories/add.htpl');
        $template->parse('admin');
    }
}
// Other
else
{
    error_template($lang['ERROR_LEVEL_ACCESS']);
}

page_footer();

?>
Return current item: Gnew