Location: PHPKode > projects > HB-NS > hb-ns/admin.php
<?php
include("configuration.php");
include("functions.php");
require("lang/$language.php");
// should the adminscript be secured? (yes or no)
$security = "no";
// if so, look for "your_username_goes_here"
// and "your_userpassword_goes_here" below (line 14)
// and change these according to how you want to log in
// You can also secure the adminscript with .htaccess and .htpasswd, if so set this to "no"
$include_script = "yes";
if ($security == "yes")
{
	if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW)) || ($PHP_AUTH_USER != 'your_username_goes_here')  || ($PHP_AUTH_PW != 'your_userpassword_goes_here'))
	{
		header('WWW-Authenticate: Basic realm="newsadministration"');
		header('HTTP/1.0 401 Unauthorized');
		echo '<html><head><title>Access Denied!</title></head><body>Authorization Required.</body></html>';
		exit;
	}
	else
	{
		// echo "<!-- page generated especially for $PHP_AUTH_USER -->\n";
	}
}
$timespan = time()+(604800*52);// 1 year
setcookie("pwd", yes, $timespan, '/');// allows you to edit all comments, even those not your own
include("head.php");

// timestamp functions
// first sanitize the years so they have four numbers
// then construct the datestamps that mysql will use
// note: this code can work with 1, 2 or 4 number years
// if someone enters a 3 number year (like 200) by mistake an invalid date is created
// and mysql will ignore it (effectively converting the date to 0000-00-00)
// adding a workaround would be possible but overkill (probably)
if (!empty ($year1) && $year1 < 99)
{
	$year1 = sprintf("%02d", $year1);
	$year1 = "20" . $year1;
}
$push = sprintf("%04d%02d%02d", $year1, $month1, $day1);

if (!empty ($year2) && $year2 < 99)
{
	$year2 = sprintf("%02d", $year2);
	$year2 = "20" . $year2;
}
$expires = sprintf("%04d%02d%02d", $year2, $month2, $day2);

$year = date('Y');
$month = date('m');
$day = date('d');

// determine the date format for the default newstitle, don't change!
// this new method allows us to customise the dates in the notification email to a more readable format
if ($date_format == "american")
{
	$dateformat = date("m/d/Y");
}
else
{
	$dateformat = date("d-m-Y");
}
// default title for news submissions
// overrule if needed because you don't want a date in the default title
$default_title = "News $dateformat:";

//
// see what action we should perform based on the action paramater in the url
//

switch($action)
{
	case "check":
		check();
	break;
	case "add":
		add();
	break;
	case "delete":
		delete();
	break;
	case "delete_temp":
		delete_temp();
	break;
	case "update":
		update();
	break;
	case "temp":
		temp();
	break;
	case "topics":
		topics();
	break;
	case "mod_comments":
		mod_comments();
	break;
	case "delete_comment":
		delete_comment();
	break;
	case "delete_all":
		delete_all_unapproved_comments();
	break;
	case "approve_comment":
		approve_comment();
	break;
	default:
		update();
	break;
}


//
// we are in the admin function but haven't been given a module
// we present the admin with a list of options
// this function is also used in all other functions
//

function admin()
{
	global $PHP_SELF, $news_base;

	echo "<hr />\n";
	echo MAKE_CHOICE . ":<br />\n";
	echo "<a href=\"$PHP_SELF?action=add\" class=\"adminlink\">" . ADD_ITEM . "</a><br />\n";
	echo "<a href=\"$PHP_SELF?action=update\" class=\"adminlink\">" . CHANGE_ITEM . "</a><br />\n";
	echo "<a href=\"$PHP_SELF?action=mod_comments\" class=\"adminlink\">" . C_ADMIN_MODERATED . "</a><br />\n";
	echo "<a href=\"$PHP_SELF?action=temp\" class=\"adminlink\">" . CHANGE_TEMP . "</a><br /><br />\n";
	echo "<a href=\"$news_base\" target=\"_blank\" class=\"adminlink\">" . VISITOR_INTERFACE . "</a> " . NEW_WINDOW . "\n";
}


//
// this function checks if all required fields are filled in and then inserts the data into the database
// uses REPLACE INTO to enable us to update records
//

function check()
{
	global $PHP_SELF, $table, $previewtable, $submit, $id, $text, $title, $topic, $poster, $push, $expires, $mail_submission, $email, $subject, $sitename, $now, $SERVER_NAME, $scriptname, $version, $copyright, $script_homepage, $date_format, $publicationdate, $news_base, $base_url, $description, $adminname, $copy;

	$save_button = SAVE_BUTTON;
	if (get_magic_quotes_gpc() == "0") $text = addslashes($text);
	// $text = addslashes($text);
	if ($text == "" || $title == "" || $topic == "new topic")
	{
		echo "<h4>" . MISSING_FIELDS . "</h4>\n";
		again();
	}
	else if ($submit == $save_button)
	{
		if ($publicationdate == "")
		{
			$now = date("YmdHis");
			$publicationdate = "$now";
		}
		$query = "REPLACE INTO $table (id, title, topic, poster, publicationdate, push, expires, text) VALUES ('$id','$title','$topic','$poster','$publicationdate','$push','$expires','$text')";

		$result = mysql_query($query);

		// check if the insert was successful
		$num_rows = mysql_affected_rows();
		// nope:
		if($num_rows == "0")
		{
			echo "<h4>" . UNKNOWN_ERROR . "</h4>\n";
			// go to the add() function
			add();
		}
		// yep:
		else
		{
			echo"<strong>" . SUCCESFULL_ENTRY . ":</strong><br /><br />";
			if ($id != "")
			{
				// if we updated an item select it and echo the data
				$query = "SELECT id, title, topic, poster, DATE_FORMAT(publicationdate,'%d-%m-%Y %H:%i:%s') as publicationdate, text, DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2 FROM $table WHERE id = '$id'";
			}
			else
			{
				// else we inserted a new item and we echo it by grabbing it by its unique id
				// (which is conveniently saved for us)
				$query = "SELECT id, title, topic, poster, DATE_FORMAT(publicationdate,'%d-%m-%Y %H:%i:%s') as publicationdate, text, DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2 FROM $table WHERE id = LAST_INSERT_ID()";
				// old way of selecting newest id
				// not always accurate (in theory):
				// $query = "SELECT title, text, push, expires FROM $table ORDER BY id DESC LIMIT 0,1";
			}
			$result = mysql_query($query);
			while($query_data = mysql_fetch_array($result))
			{
				$id = $query_data["id"];
				$title = $query_data["title"];
				$topic = $query_data["topic"];
				$poster = $query_data["poster"];
				$publicationdate = $query_data["publicationdate"];
				$text = $query_data["text"];
				$date1 = $query_data["date1"];
				$date2 = $query_data["date2"];

				echo "<div class=\"newsitem\">\n";
				echo "<span class=\"newstitle\">$title";
				if ($poster != "")
				{
					echo "<span class=\"newswritername\"> - $poster</span>";
				}
				echo "</span>\n";
				if (!empty ($topic))
				{
					echo "<div class=\"newstopic\"><a href=\"$PHP_SELF?action=topic&amp;topic=$topic\">$topic</a></div>\n";
				}
				echo "<div class=\"newsbody\">" . convertBBCode($text) . "</div>\n";

				if ($date_format == "american")
				{
					// mangle publicationdate here
					$arrDateTime = explode("-", $publicationdate);
					$day = $arrDateTime[0];
					$month = $arrDateTime[1];
					$year = $arrDateTime[2];
					$publicationdate = "$month/$day/$year";
				}
				echo "<div class=\"newsfooter\">$publicationdate</div>\n";
				echo "</div><br />\n";
	
				echo "<fieldset><legend>" . NOTE . "</legend>\n";
				if ($date2 != "0000-00-00")
				{
					$arrDateTime1 = explode("-", $date2);
					$day2 = $arrDateTime1[2];
					$month2 = $arrDateTime1[1];
					$year2 = $arrDateTime1[0];
					if ($date_format == "american")
					{
						$expires = "$month2/$day2/$year2";
					}
					else
					{
						$expires = "$day2-$month2-$year2";
					}
					echo EXPIRE_ON_1 . " $expires.<br />\n";
				}
				else
				{
					echo EXPIRE_ON_2 . ".<br />\n";
				}

				$now = date("Y-m-d");
				if ($date1 > $now)
				{
					$arrDateTime = explode("-", $date1);
					$day1 = $arrDateTime[2];
					$month1 = $arrDateTime[1];
					$year1 = $arrDateTime[0];
					if ($date_format == "american")
					{
						$push_on = "$month1/$day1/$year1";
					}
					else
					{
						$push_on = "$day1-$month1-$year1";
					}
					echo AVAILABLE_ON_1 . " $push_on.<br />\n";
				}
				else
				{
					echo AVAILABLE_ON_2 . ".<br />\n";
				}
				echo "<a href=\"$PHP_SELF?action=update&amp;id=$id\">Update this item.</a><br />\n";
				include("write_xml.php");// comment this line out if you can't CHMOD the rss.xml file
				echo "</fieldset>\n\n";

				admin();
				if ($mail_submission == "yes")
				{
					$date_time = date("F d Y, H:i:s");
					$message = MAIL_HEAD_1 . " $sitename " . MAIL_HEAD_2 . " $date_time\n" . MAIL_HEAD_3 . ":\n$title\n\n" . MAIL_HEAD_4 . ":\n$text";
					if ($date2 == "0000-00-00")
					{
						$message .= "\n\n\n    " . EXPIRE_ON_2;
					}
					else
					{
						$message .= "\n\n\n    " . EXPIRE_ON_1 . " $expires.";
					}
					if ($date1 > $now)
					{
						$message .= "\n    " . AVAILABLE_ON_1 . " $push_on.";
					}
					else
					{
						$message .= "\n    " . AVAILABLE_ON_2 . ".";
					}
					//$message .= "\n    (note: dates are in yyyymmdd format)";
					$message .= "\n\n-- \n$scriptname $version\n$copyright\n$script_homepage\nmaintained by: $email";
					mail("$email", "$subject", $message, "From: webmaster@$SERVER_NAME\nReply-To: webmaster@$SERVER_NAME");
				}
			}
		}
	}
	else // preview code
	{
		$query = "REPLACE INTO $previewtable (id, title, topic, poster, publicationdate, push, expires, text) VALUES ('$id','$title','$topic','$poster','$publicationdate','$push','$expires','$text')";
		$result = mysql_query($query);

		$title_clean = stripslashes($title);
		$text_clean = stripslashes($text);

		echo "<fieldset>\n<legend>" . PREVIEW_LEGEND . "</legend>\n";
		echo PREVIEW_NEXT . ".<br /><br />\n";
		echo "<div class=\"newsitem\">\n";
		echo "<span class=\"newstitle\">$title_clean</span><div class=\"newstopic\">$topic</div>\n<div class=\"newsbody\">" . convertBBCode($text_clean) . "</div><br /><br />\n";
		echo "</div>\n";
		echo "</fieldset>\n";
		again();
	}
}


//
// this is the function that presents a form with incomplete data
// we give the user the possibility to add extra data
// after which we send them back to check()
// we continue this until all required fields are filled in
//

function again()
{
	global $PHP_SELF, $id, $text, $title, $topic, $poster, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate;

	form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
	admin();
}


//
// this is the function that shows an empty form to add new newsitem
// we send the user to check() to see if all required fields are submitted
//

function add()
{
	global $PHP_SELF, $default_title, $year, $month, $day;

	form($id, $title, $topic, $poster ,$text, $day, $month, $year, $day2, $month2, $year2, $publicationdate);
	admin();
}


//
// this function presents a list of all newsitems in the database
// we present the titles in a table with a hyperlink
// we also display a text that shows if the item is in the "waitingroom"
//
// if the user clicked a link (or has gone to the item directly by supplying a url with a valid id)
// we present to a form that pulls data from the database
// at the top is a remove button, underneath that a standard form to change data
// on Save we go to check() to see if all neccessary data is filled in
//

function update()
{
	global $PHP_SELF, $id, $table, $now, $day, $month, $year;

	if (!isset($id))
	{
		admin();
		echo "<hr />\n";

		$query = "SELECT id, title, topic, DATE_FORMAT(push,'%Y%m%d') as push, DATE_FORMAT(expires,'%Y%m%d') as expires FROM $table ORDER BY id DESC";
		$result = mysql_query($query);
		echo "<strong>" . AVAILABLE . ":</strong><br />\n";
		echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"1\">\n";
		echo "<tr>\n<th align=\"left\" class=\"newsadminrows\">" . SORT_TITLE . "</th><th align=\"left\" class=\"newsadminrows\">" . SORT_TOPIC . "</th><th align=\"right\" class=\"newsadminrows\">" . STATUS . "</th></tr>\n";
		while($query_data = mysql_fetch_array($result))
		{
			$id = $query_data["id"];
			$title = $query_data["title"];
			$length = 50; // maximum amount of characters
			if (strlen($title) > $length) $title = ereg_replace("^(.{1,$length})[ .,].*", "\\1&hellip;", $title); // echo the maximum amount of characters, but don't break words
			$push = $query_data["push"];
			$expires = $query_data["expires"];
			$topic = $query_data["topic"];

			echo "<tr>\n<td class=\"newsadminrows\"><a href=\"$PHP_SELF?action=update&amp;id=$id\">$title</a></td>\n<td class=\"newsadminrows newsadminrow2\">$topic</td>\n";
			

			if ($expires == $now)
			{
				$status = EXPIRES_TODAY;
				$statusclass = "today";
			}
			if ($expires < $now)
			{
				$status = EXPIRED;
				$statusclass = "expired";
			}
			if ($expires > $now)
			{
				$status = NOT_YET_EXPIRED;
				$statusclass = "notyet";
			}
			if ($expires == '00000000')
			{
				$status = EXPIRES_NEVER;
				$statusclass = "never";
			}
			if ($push > $now)
			{
				$status = WAITING;
				$statusclass = "waiting";
			}
			echo "<td align=\"right\" class=\"newsadminrows\"><span class=\"$statusclass\">$status</span></td>\n</tr>\n";
		}
		echo "</table>\n";
	}
	// we have an id, present an update form and a removal form
	else
	{
		$query = "SELECT DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2, id, title, topic, poster, text, publicationdate FROM $table WHERE id = '$id'";
		$result = mysql_query($query);
		while($query_data = mysql_fetch_array($result))
		{
			$text = $query_data["text"];
			$title = $query_data["title"];
			$topic = $query_data["topic"];
			$publicationdate = $query_data["publicationdate"];
			$poster = $query_data["poster"];
			$id = $query_data["id"];
			$date1 = $query_data["date1"];
			$date2 = $query_data["date2"];

			if ($date1 != "0000-00-00")
			{
				$arrDateTime = explode("-", $date1);// split the push date on - so we can update the seperate parts
				$day1 = $arrDateTime[2];
				$month1 = $arrDateTime[1];
				$year1 = $arrDateTime[0];
			}
			else
			{
				$day1 = "$day";
				$month1 = "$month";
				$year1 = "$year";
			}
			if ($date2 != "0000-00-00")
			{
				$arrDateTime1 = explode("-", $date2);// split the expiry date on - so we can update the seperate parts
				$day2 = $arrDateTime1[2];
				$month2 = $arrDateTime1[1];
				$year2 = $arrDateTime1[0];
			}
			else
			{
				$day2 = "";
				$month2 = "";
				$year2 = "";
			}

			echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
			echo "<fieldset>\n<legend>" . DELETE_ITEM . "</legend>\n";
			echo "<input type=\"hidden\" name=\"action\" value=\"delete\" />\n";
			echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
			echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
			echo "</fieldset>\n";
			echo "</form>\n";
			form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
		}
	}
	admin();
}



function temp()
{
	global $PHP_SELF, $id, $previewtable, $now, $day, $month, $year;

	if (!isset($id))
	{
		admin();
		echo "<hr />\n";

		$query = "SELECT id, title, topic, DATE_FORMAT(push,'%Y%m%d') as push, DATE_FORMAT(expires,'%Y%m%d') as expires FROM $previewtable ORDER BY id DESC";
		$result = mysql_query($query);
		echo "<strong>" . AVAILABLE . ":</strong><br />\n";
		echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"1\">\n";
		echo "<tr>\n<th align=\"left\" class=\"newsadminrows\">" . SORT_TITLE . "</th><th align=\"left\" class=\"newsadminrows\">" . SORT_TOPIC . "</th><th align=\"right\" class=\"newsadminrows\">" . STATUS . "</th></tr>\n";
		while($query_data = mysql_fetch_array($result))
		{
			$id = $query_data["id"];
			$title = $query_data["title"];
			$length = 50; // maximum amount of characters
			if (strlen($title) > $length) $title = ereg_replace("^(.{1,$length})[ .,].*", "\\1&hellip;", $title); // echo the maximum amount of characters, but don't break words
			$push = $query_data["push"];
			$expires = $query_data["expires"];
			$topic = $query_data["topic"];

			echo "<tr>\n<td class=\"newsadminrows\"><a href=\"$PHP_SELF?action=temp&amp;id=$id\">$title</a></td>\n<td class=\"newsadminrows newsadminrow2\">$topic</td>\n";

			if ($expires == $now)
			{
				$status = EXPIRES_TODAY;
				$statusclass = "today";
			}
			if ($expires < $now)
			{
				$status = EXPIRED;
				$statusclass = "expired";
			}
			if ($expires > $now)
			{
				$status = NOT_YET_EXPIRED;
				$statusclass = "notyet";
			}
			if ($expires == '00000000')
			{
				$status = EXPIRES_NEVER;
				$statusclass = "never";
			}
			if ($push > $now)
			{
				$status = WAITING;
				$statusclass = "waiting";
			}
			echo "<td align=\"right\" class=\"newsadminrows\"><span class=\"$statusclass\">$status</span></td>\n</tr>\n";
		}
		echo "</table>\n";
	}
	// we have an id, present an update form and a removal form
	else
	{
		$query = "SELECT DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2, title, topic, poster, text, publicationdate FROM $previewtable WHERE id = '$id'";
		$result = mysql_query($query);
		while($query_data = mysql_fetch_array($result))
		{
			$text = $query_data["text"];
			$title = $query_data["title"];
			$topic = $query_data["topic"];
			$publicationdate = $query_data["publicationdate"];
			$poster = $query_data["poster"];
			$date1 = $query_data["date1"];
			$date2 = $query_data["date2"];

			if ($date1 != "0000-00-00")
			{
				$arrDateTime = explode("-", $date1);// split the push date on - so we can update the seperate parts
				$day1 = $arrDateTime[2];
				$month1 = $arrDateTime[1];
				$year1 = $arrDateTime[0];
			}
			else
			{
				$day1 = "$day";
				$month1 = "$month";
				$year1 = "$year";
			}
			if ($date2 != "0000-00-00")
			{
				$arrDateTime1 = explode("-", $date2);// split the expiry date on - so we can update the seperate parts
				$day2 = $arrDateTime1[2];
				$month2 = $arrDateTime1[1];
				$year2 = $arrDateTime1[0];
			}
			else
			{
				$day2 = "";
				$month2 = "";
				$year2 = "";
			}

			echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
			echo "<fieldset>\n<legend>" . DELETE_ITEM . "</legend>\n";
			echo "<input type=\"hidden\" name=\"action\" value=\"delete_temp\" />\n";
			echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
			echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
			echo "</fieldset>\n";
			echo "</form>\n";
			$id =""; // temp table $id is useless for real purposes and $publicationdate should be filled in
			$publicationdate = "";
			form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
		}
	}
	admin();
}

//
// remove the item with id=$id from the database
//
function delete()
{
	global $PHP_SELF, $table, $id;

	$query = "DELETE FROM $table where id='$id'";
	$result = mysql_query($query);
	$num_rows = mysql_affected_rows();
	if($num_rows == "0")
	{
		echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
	}
	else
	{
		echo "<strong>" . ITEM_REMOVED . ".</strong>\n";
		include("write_xml.php");// comment this line out if you can't CHMOD the rss.xml file
		admin();
	}
}

function delete_temp()
{
	global $PHP_SELF, $previewtable, $id;

	$query = "DELETE FROM $previewtable where id='$id'";
	$result = mysql_query($query);
	$num_rows = mysql_affected_rows();
	if($num_rows == "0")
	{
		echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
	}
	else
	{
		echo "<strong>" . ITEM_REMOVED . ".</strong>\n";
		admin();
	}
}

function form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate)
{
	global $PHP_SELF, $table, $show_poster;// , $day1, $month1, $year1, $day2, $month2, $year2

	$title = stripslashes($title);
	$text = stripslashes($text);
	echo "<form action=\"$PHP_SELF?action=check\" method=\"post\" name=\"theForm\">\n";
	echo "<fieldset>\n<legend>" . LEGEND . "</legend>\n";
	echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
	echo "<input type=\"hidden\" name=\"publicationdate\" value=\"$publicationdate\" />\n";
	echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n";
	echo "	<tr>\n";
	echo "		<td align=\"left\">" . TITLE_FIELD . "</td>\n";
	echo "		<td align=\"left\"><input type=\"text\" name=\"title\" size=\"20\" maxlength=\"100\" value=\"$title\" title=\"" . TOOLTIP_TITLE . "\" /></td>\n";
	echo "	</tr>\n";

	echo "	<tr>\n";
	echo "		<td>" . TOPIC_FIELD . "</td>\n";
	echo "		<td><select name=\"list_topics\" onchange='document.theForm.topic.value=document.theForm.list_topics.options[document.theForm.list_topics.selectedIndex].value'>\n";
	echo "		<option value=\"new topic\">" . CATEGORY_FIELD . "</option>\n";

	$cat = mysql_query("SELECT DISTINCT topic FROM $table ORDER BY topic ASC");
	while($row = mysql_fetch_row($cat))
	{
		echo "            <option value=\"" . stripslashes($row[0]) . "\">" . stripslashes($row[0]) . "</option>\n";
	}
	mysql_free_result($cat);

	echo "		</select></td>\n";
	echo "	</tr>\n";

	echo "	<tr>\n";
	echo "		<td align=\"left\">&nbsp;</td>\n";
	echo "		<td align=\"left\"><input type=\"text\" name=\"topic\" size=\"20\" maxlength=\"50\" value=\"$topic\" title=\"" . TOOLTIP_CATEGORY . "\" /></td>\n";
	echo "	</tr>\n";

	if ($show_poster == "yes")
	{
		echo "	<tr>\n";
		echo "		<td align=\"left\">" . POSTER_FIELD . "</td>\n";
		echo "		<td align=\"left\"><input type=\"text\" name=\"poster\" size=\"20\" maxlength=\"50\" value=\"$poster\" /></td>\n";
		echo "	</tr>\n";
	}

	echo "	<tr>\n";
	echo "		<td align=\"left\">" . PUSH_FIELD . "</td>\n";
	echo "		<td align=\"left\">
	<input type=\"text\" name=\"year1\" size=\"4\" maxlength=\"4\" value=\"$year1\" title=\"" . TOOLTIP_YYYY . "\" />&nbsp;
	<input type=\"text\" name=\"month1\" size=\"2\" maxlength=\"2\" value=\"$month1\" title=\"" . TOOLTIP_MM . "\"/>&nbsp;
	<input type=\"text\" name=\"day1\" size=\"2\" maxlength=\"2\" value=\"$day1\" title=\"" . TOOLTIP_DD . "\"/>&nbsp;"
	. PUSH_EXPL . "</td>\n";
	echo "	</tr>\n";
	echo "	<tr>\n";
	echo "		<td align=\"left\">" . EXPIRY_FIELD . "</td>\n";
	echo "		<td align=\"left\">
	<input type=\"text\" name=\"year2\" size=\"4\" maxlength=\"4\" value=\"$year2\" title=\"" . TOOLTIP_YYYY . "\" />&nbsp;
	<input type=\"text\" name=\"month2\" size=\"2\" maxlength=\"2\" value=\"$month2\" title=\"" . TOOLTIP_MM . "\" />&nbsp;
	<input type=\"text\" name=\"day2\" size=\"2\" maxlength=\"2\" value=\"$day2\" title=\"" . TOOLTIP_DD . "\" />&nbsp;" . EXPIRY_EXPL . "</td>\n";
	echo "	</tr>\n";
	echo "	<tr>\n";
	echo "		<td align=\"center\" colspan=\"2\">";
	echo "<input type='button' value='URL' title='" . TOOLTIP_URL . "' onclick='bbCodeUrl(\"message\");' />";
	echo "<input type='button' value='IMG' title='" . TOOLTIP_IMG . "' onclick='bbCodeImg(\"message\");' />";
	echo "<input type='button' value='EMAIL' title='" . TOOLTIP_EMAIL . "' onclick='bbCodeEmail(\"message\");' />";
	echo "<input type='button' value='ABBR' title='" . TOOLTIP_ABBR . "' onclick='bbCodeAbbr(\"message\");' />";
	echo "<input type='button' value='QUOTE' title='" . TOOLTIP_QUOTE . "' onclick='bbCodeQuote(\"message\");' />";
	echo "<input type='button' value='BOLD' title='" . TOOLTIP_BOLD . "' onclick='bbCodeBold(\"message\");' />";
	echo "<input type='button' value='ITALIC' title='" . TOOLTIP_ITALIC . "' onclick='bbCodeItalic(\"message\");' />";
	echo "<input type='button' value='CODE' title='" . TOOLTIP_CODE . "' onclick='bbCodePre(\"message\");' />\n";
	echo "<input type='button' value='LIST' title='" . TOOLTIP_LIST . "' onclick='bbCodeList(\"message\");' />\n";
	echo "</td>\n";
	echo "	</tr>\n";
	echo "	<tr>\n";
	echo "		<td align=\"left\" valign=\"top\">" . TEXT_FIELD . "</td>\n";
	echo "		<td align=\"left\"><textarea cols=\"50\" rows=\"20\" name=\"text\" id=\"message\" title=\"" . TOOLTIP_TEXTAREA . "\">$text</textarea></td>\n";
	echo "	</tr>\n";
	echo "</table>\n";
	echo "<input type=\"submit\" name=\"submit\" value=\"" . PREVIEW_BUTTON . "\" title=\"" . PREVIEW_BUTTON . "\" />&nbsp;&nbsp;&nbsp;&nbsp;<input type=\"submit\" name=\"submit\" value=\"" . SAVE_BUTTON . "\" title=\"" . SAVE_BUTTON . "\" />\n";
	echo "</fieldset>\n";
	echo "</form>\n";
}


function mod_comments()
{
	global $comment_table, $table, $news_base, $PHP_SELF;

	$query = "SELECT * FROM $comment_table WHERE approved = '0' ORDER BY uniqueid ASC";
	$result = mysql_query($query);
	echo C_ADMIN_MODERATED . ":<br /><br />\n";
	while($query_data = mysql_fetch_array($result))
	{
		$id = $query_data["id"];
		$uniqueid = $query_data["uniqueid"];
		$the_name = $query_data["poster_name"];
		$the_email = $query_data["poster_email"];
		$the_homepage = $query_data["poster_homepage"];
		$the_comment = convertBBCode($query_data["comment"]);

		$query2 = "SELECT id, title FROM $table WHERE id=$id";
		$result2 = mysql_query($query2);
		while($query_data2 = mysql_fetch_array($result2))
		{
			$id = $query_data2["id"];
			$title = $query_data2["title"];
		}

		echo "<div class=\"newsitem\">\n<div class=\"newsbody\">";
		echo "<span class=\"newscommentname\">$the_name on <a href=\"$news_base?action=comment&article=$id\" target=\"_blank\">$title</a></span>";
		if (!empty ($the_homepage))
		{
			echo " - <a href=\"$the_homepage\">$the_homepage</a>";
		}
		if (!empty ($the_email))
		{
			echo " - <a href=\"mailto:$the_email\">$the_email</a>";
		}
		echo "<br /><br />\n$the_comment</div>\n";
		echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
		echo "<input type=\"hidden\" name=\"action\" value=\"delete_comment\" />\n";
		echo "<input type=\"hidden\" name=\"uniqueid\" value=\"$uniqueid\" />\n";
		echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
		echo "</form><br />\n";
		echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
		echo "<input type=\"hidden\" name=\"action\" value=\"approve_comment\" />\n";
		echo "<input type=\"hidden\" name=\"uniqueid\" value=\"$uniqueid\" />\n";
		echo "<input type=\"submit\" value=\" Approve \" />\n";
		echo "</form>\n";
		echo "</div>\n<br />\n";
	}
	echo "<a href=\"$PHP_SELF?action=delete_all\">" . DELETE_ALL_UAC . "</a><br />";
	admin();
}


function delete_comment()
{
	global $comment_table, $uniqueid;

	$query = "DELETE FROM $comment_table where uniqueid='$uniqueid'";
	$result = mysql_query($query);
	$num_rows = mysql_affected_rows();
	if($num_rows == "0")
	{
		echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
	}
	else
	{
		echo "<strong>" . ITEM_REMOVED . ".</strong><br />\n";
	}
	mod_comments();
}

function delete_all_unapproved_comments()
{
	global $comment_table, $uniqueid;

	$query = "DELETE FROM $comment_table where approved='0'";
	$result = mysql_query($query);
	$num_rows = mysql_affected_rows();
	if($num_rows == "0")
	{
		echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
	}
	else
	{
		echo "<strong>" . ITEM_REMOVED . ".</strong><br />\n";
	}
	mod_comments();
}

function approve_comment()
{
	global $comment_table, $uniqueid;

	$query = "UPDATE $comment_table SET approved='1' WHERE uniqueid='$uniqueid'";
	$result = mysql_query($query);
	// check if the insert was successful
	$num_rows = mysql_affected_rows();
	// nope:
	if($num_rows == "0")
	{
		echo "<h4>" . UNKNOWN_ERROR . "</h4>\n";// possibly due to the fact that there were no changes, so no need to worry if that's the case
	}
	mod_comments();
}


include "foot.php";
mysql_close($conn);
?>
Return current item: HB-NS