<?php
include("configuration.php");
include("functions.php");
require("lang/$language.php");
// should the adminscript be secured? (yes or no)
$security = "no";
// if so, look for "your_username_goes_here"
// and "your_userpassword_goes_here" below (line 14)
// and change these according to how you want to log in
// You can also secure the adminscript with .htaccess and .htpasswd, if so set this to "no"
$include_script = "yes";
if ($security == "yes")
{
if ((!isset($PHP_AUTH_USER)) || (!isset($PHP_AUTH_PW)) || ($PHP_AUTH_USER != 'your_username_goes_here') || ($PHP_AUTH_PW != 'your_userpassword_goes_here'))
{
header('WWW-Authenticate: Basic realm="newsadministration"');
header('HTTP/1.0 401 Unauthorized');
echo '<html><head><title>Access Denied!</title></head><body>Authorization Required.</body></html>';
exit;
}
else
{
// echo "<!-- page generated especially for $PHP_AUTH_USER -->\n";
}
}
$timespan = time()+(604800*52);// 1 year
setcookie("pwd", yes, $timespan, '/');// allows you to edit all comments, even those not your own
include("head.php");
// timestamp functions
// first sanitize the years so they have four numbers
// then construct the datestamps that mysql will use
// note: this code can work with 1, 2 or 4 number years
// if someone enters a 3 number year (like 200) by mistake an invalid date is created
// and mysql will ignore it (effectively converting the date to 0000-00-00)
// adding a workaround would be possible but overkill (probably)
if (!empty ($year1) && $year1 < 99)
{
$year1 = sprintf("%02d", $year1);
$year1 = "20" . $year1;
}
$push = sprintf("%04d%02d%02d", $year1, $month1, $day1);
if (!empty ($year2) && $year2 < 99)
{
$year2 = sprintf("%02d", $year2);
$year2 = "20" . $year2;
}
$expires = sprintf("%04d%02d%02d", $year2, $month2, $day2);
$year = date('Y');
$month = date('m');
$day = date('d');
// determine the date format for the default newstitle, don't change!
// this new method allows us to customise the dates in the notification email to a more readable format
if ($date_format == "american")
{
$dateformat = date("m/d/Y");
}
else
{
$dateformat = date("d-m-Y");
}
// default title for news submissions
// overrule if needed because you don't want a date in the default title
$default_title = "News $dateformat:";
//
// see what action we should perform based on the action paramater in the url
//
switch($action)
{
case "check":
check();
break;
case "add":
add();
break;
case "delete":
delete();
break;
case "delete_temp":
delete_temp();
break;
case "update":
update();
break;
case "temp":
temp();
break;
case "topics":
topics();
break;
case "mod_comments":
mod_comments();
break;
case "delete_comment":
delete_comment();
break;
case "delete_all":
delete_all_unapproved_comments();
break;
case "approve_comment":
approve_comment();
break;
default:
update();
break;
}
//
// we are in the admin function but haven't been given a module
// we present the admin with a list of options
// this function is also used in all other functions
//
function admin()
{
global $PHP_SELF, $news_base;
echo "<hr />\n";
echo MAKE_CHOICE . ":<br />\n";
echo "<a href=\"$PHP_SELF?action=add\" class=\"adminlink\">" . ADD_ITEM . "</a><br />\n";
echo "<a href=\"$PHP_SELF?action=update\" class=\"adminlink\">" . CHANGE_ITEM . "</a><br />\n";
echo "<a href=\"$PHP_SELF?action=mod_comments\" class=\"adminlink\">" . C_ADMIN_MODERATED . "</a><br />\n";
echo "<a href=\"$PHP_SELF?action=temp\" class=\"adminlink\">" . CHANGE_TEMP . "</a><br /><br />\n";
echo "<a href=\"$news_base\" target=\"_blank\" class=\"adminlink\">" . VISITOR_INTERFACE . "</a> " . NEW_WINDOW . "\n";
}
//
// this function checks if all required fields are filled in and then inserts the data into the database
// uses REPLACE INTO to enable us to update records
//
function check()
{
global $PHP_SELF, $table, $previewtable, $submit, $id, $text, $title, $topic, $poster, $push, $expires, $mail_submission, $email, $subject, $sitename, $now, $SERVER_NAME, $scriptname, $version, $copyright, $script_homepage, $date_format, $publicationdate, $news_base, $base_url, $description, $adminname, $copy;
$save_button = SAVE_BUTTON;
if (get_magic_quotes_gpc() == "0") $text = addslashes($text);
// $text = addslashes($text);
if ($text == "" || $title == "" || $topic == "new topic")
{
echo "<h4>" . MISSING_FIELDS . "</h4>\n";
again();
}
else if ($submit == $save_button)
{
if ($publicationdate == "")
{
$now = date("YmdHis");
$publicationdate = "$now";
}
$query = "REPLACE INTO $table (id, title, topic, poster, publicationdate, push, expires, text) VALUES ('$id','$title','$topic','$poster','$publicationdate','$push','$expires','$text')";
$result = mysql_query($query);
// check if the insert was successful
$num_rows = mysql_affected_rows();
// nope:
if($num_rows == "0")
{
echo "<h4>" . UNKNOWN_ERROR . "</h4>\n";
// go to the add() function
add();
}
// yep:
else
{
echo"<strong>" . SUCCESFULL_ENTRY . ":</strong><br /><br />";
if ($id != "")
{
// if we updated an item select it and echo the data
$query = "SELECT id, title, topic, poster, DATE_FORMAT(publicationdate,'%d-%m-%Y %H:%i:%s') as publicationdate, text, DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2 FROM $table WHERE id = '$id'";
}
else
{
// else we inserted a new item and we echo it by grabbing it by its unique id
// (which is conveniently saved for us)
$query = "SELECT id, title, topic, poster, DATE_FORMAT(publicationdate,'%d-%m-%Y %H:%i:%s') as publicationdate, text, DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2 FROM $table WHERE id = LAST_INSERT_ID()";
// old way of selecting newest id
// not always accurate (in theory):
// $query = "SELECT title, text, push, expires FROM $table ORDER BY id DESC LIMIT 0,1";
}
$result = mysql_query($query);
while($query_data = mysql_fetch_array($result))
{
$id = $query_data["id"];
$title = $query_data["title"];
$topic = $query_data["topic"];
$poster = $query_data["poster"];
$publicationdate = $query_data["publicationdate"];
$text = $query_data["text"];
$date1 = $query_data["date1"];
$date2 = $query_data["date2"];
echo "<div class=\"newsitem\">\n";
echo "<span class=\"newstitle\">$title";
if ($poster != "")
{
echo "<span class=\"newswritername\"> - $poster</span>";
}
echo "</span>\n";
if (!empty ($topic))
{
echo "<div class=\"newstopic\"><a href=\"$PHP_SELF?action=topic&topic=$topic\">$topic</a></div>\n";
}
echo "<div class=\"newsbody\">" . convertBBCode($text) . "</div>\n";
if ($date_format == "american")
{
// mangle publicationdate here
$arrDateTime = explode("-", $publicationdate);
$day = $arrDateTime[0];
$month = $arrDateTime[1];
$year = $arrDateTime[2];
$publicationdate = "$month/$day/$year";
}
echo "<div class=\"newsfooter\">$publicationdate</div>\n";
echo "</div><br />\n";
echo "<fieldset><legend>" . NOTE . "</legend>\n";
if ($date2 != "0000-00-00")
{
$arrDateTime1 = explode("-", $date2);
$day2 = $arrDateTime1[2];
$month2 = $arrDateTime1[1];
$year2 = $arrDateTime1[0];
if ($date_format == "american")
{
$expires = "$month2/$day2/$year2";
}
else
{
$expires = "$day2-$month2-$year2";
}
echo EXPIRE_ON_1 . " $expires.<br />\n";
}
else
{
echo EXPIRE_ON_2 . ".<br />\n";
}
$now = date("Y-m-d");
if ($date1 > $now)
{
$arrDateTime = explode("-", $date1);
$day1 = $arrDateTime[2];
$month1 = $arrDateTime[1];
$year1 = $arrDateTime[0];
if ($date_format == "american")
{
$push_on = "$month1/$day1/$year1";
}
else
{
$push_on = "$day1-$month1-$year1";
}
echo AVAILABLE_ON_1 . " $push_on.<br />\n";
}
else
{
echo AVAILABLE_ON_2 . ".<br />\n";
}
echo "<a href=\"$PHP_SELF?action=update&id=$id\">Update this item.</a><br />\n";
include("write_xml.php");// comment this line out if you can't CHMOD the rss.xml file
echo "</fieldset>\n\n";
admin();
if ($mail_submission == "yes")
{
$date_time = date("F d Y, H:i:s");
$message = MAIL_HEAD_1 . " $sitename " . MAIL_HEAD_2 . " $date_time\n" . MAIL_HEAD_3 . ":\n$title\n\n" . MAIL_HEAD_4 . ":\n$text";
if ($date2 == "0000-00-00")
{
$message .= "\n\n\n " . EXPIRE_ON_2;
}
else
{
$message .= "\n\n\n " . EXPIRE_ON_1 . " $expires.";
}
if ($date1 > $now)
{
$message .= "\n " . AVAILABLE_ON_1 . " $push_on.";
}
else
{
$message .= "\n " . AVAILABLE_ON_2 . ".";
}
//$message .= "\n (note: dates are in yyyymmdd format)";
$message .= "\n\n-- \n$scriptname $version\n$copyright\n$script_homepage\nmaintained by: $email";
mail("$email", "$subject", $message, "From: webmaster@$SERVER_NAME\nReply-To: webmaster@$SERVER_NAME");
}
}
}
}
else // preview code
{
$query = "REPLACE INTO $previewtable (id, title, topic, poster, publicationdate, push, expires, text) VALUES ('$id','$title','$topic','$poster','$publicationdate','$push','$expires','$text')";
$result = mysql_query($query);
$title_clean = stripslashes($title);
$text_clean = stripslashes($text);
echo "<fieldset>\n<legend>" . PREVIEW_LEGEND . "</legend>\n";
echo PREVIEW_NEXT . ".<br /><br />\n";
echo "<div class=\"newsitem\">\n";
echo "<span class=\"newstitle\">$title_clean</span><div class=\"newstopic\">$topic</div>\n<div class=\"newsbody\">" . convertBBCode($text_clean) . "</div><br /><br />\n";
echo "</div>\n";
echo "</fieldset>\n";
again();
}
}
//
// this is the function that presents a form with incomplete data
// we give the user the possibility to add extra data
// after which we send them back to check()
// we continue this until all required fields are filled in
//
function again()
{
global $PHP_SELF, $id, $text, $title, $topic, $poster, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate;
form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
admin();
}
//
// this is the function that shows an empty form to add new newsitem
// we send the user to check() to see if all required fields are submitted
//
function add()
{
global $PHP_SELF, $default_title, $year, $month, $day;
form($id, $title, $topic, $poster ,$text, $day, $month, $year, $day2, $month2, $year2, $publicationdate);
admin();
}
//
// this function presents a list of all newsitems in the database
// we present the titles in a table with a hyperlink
// we also display a text that shows if the item is in the "waitingroom"
//
// if the user clicked a link (or has gone to the item directly by supplying a url with a valid id)
// we present to a form that pulls data from the database
// at the top is a remove button, underneath that a standard form to change data
// on Save we go to check() to see if all neccessary data is filled in
//
function update()
{
global $PHP_SELF, $id, $table, $now, $day, $month, $year;
if (!isset($id))
{
admin();
echo "<hr />\n";
$query = "SELECT id, title, topic, DATE_FORMAT(push,'%Y%m%d') as push, DATE_FORMAT(expires,'%Y%m%d') as expires FROM $table ORDER BY id DESC";
$result = mysql_query($query);
echo "<strong>" . AVAILABLE . ":</strong><br />\n";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"1\">\n";
echo "<tr>\n<th align=\"left\" class=\"newsadminrows\">" . SORT_TITLE . "</th><th align=\"left\" class=\"newsadminrows\">" . SORT_TOPIC . "</th><th align=\"right\" class=\"newsadminrows\">" . STATUS . "</th></tr>\n";
while($query_data = mysql_fetch_array($result))
{
$id = $query_data["id"];
$title = $query_data["title"];
$length = 50; // maximum amount of characters
if (strlen($title) > $length) $title = ereg_replace("^(.{1,$length})[ .,].*", "\\1…", $title); // echo the maximum amount of characters, but don't break words
$push = $query_data["push"];
$expires = $query_data["expires"];
$topic = $query_data["topic"];
echo "<tr>\n<td class=\"newsadminrows\"><a href=\"$PHP_SELF?action=update&id=$id\">$title</a></td>\n<td class=\"newsadminrows newsadminrow2\">$topic</td>\n";
if ($expires == $now)
{
$status = EXPIRES_TODAY;
$statusclass = "today";
}
if ($expires < $now)
{
$status = EXPIRED;
$statusclass = "expired";
}
if ($expires > $now)
{
$status = NOT_YET_EXPIRED;
$statusclass = "notyet";
}
if ($expires == '00000000')
{
$status = EXPIRES_NEVER;
$statusclass = "never";
}
if ($push > $now)
{
$status = WAITING;
$statusclass = "waiting";
}
echo "<td align=\"right\" class=\"newsadminrows\"><span class=\"$statusclass\">$status</span></td>\n</tr>\n";
}
echo "</table>\n";
}
// we have an id, present an update form and a removal form
else
{
$query = "SELECT DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2, id, title, topic, poster, text, publicationdate FROM $table WHERE id = '$id'";
$result = mysql_query($query);
while($query_data = mysql_fetch_array($result))
{
$text = $query_data["text"];
$title = $query_data["title"];
$topic = $query_data["topic"];
$publicationdate = $query_data["publicationdate"];
$poster = $query_data["poster"];
$id = $query_data["id"];
$date1 = $query_data["date1"];
$date2 = $query_data["date2"];
if ($date1 != "0000-00-00")
{
$arrDateTime = explode("-", $date1);// split the push date on - so we can update the seperate parts
$day1 = $arrDateTime[2];
$month1 = $arrDateTime[1];
$year1 = $arrDateTime[0];
}
else
{
$day1 = "$day";
$month1 = "$month";
$year1 = "$year";
}
if ($date2 != "0000-00-00")
{
$arrDateTime1 = explode("-", $date2);// split the expiry date on - so we can update the seperate parts
$day2 = $arrDateTime1[2];
$month2 = $arrDateTime1[1];
$year2 = $arrDateTime1[0];
}
else
{
$day2 = "";
$month2 = "";
$year2 = "";
}
echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
echo "<fieldset>\n<legend>" . DELETE_ITEM . "</legend>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete\" />\n";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
echo "</fieldset>\n";
echo "</form>\n";
form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
}
}
admin();
}
function temp()
{
global $PHP_SELF, $id, $previewtable, $now, $day, $month, $year;
if (!isset($id))
{
admin();
echo "<hr />\n";
$query = "SELECT id, title, topic, DATE_FORMAT(push,'%Y%m%d') as push, DATE_FORMAT(expires,'%Y%m%d') as expires FROM $previewtable ORDER BY id DESC";
$result = mysql_query($query);
echo "<strong>" . AVAILABLE . ":</strong><br />\n";
echo "<table border=\"0\" cellpadding=\"0\" cellspacing=\"1\">\n";
echo "<tr>\n<th align=\"left\" class=\"newsadminrows\">" . SORT_TITLE . "</th><th align=\"left\" class=\"newsadminrows\">" . SORT_TOPIC . "</th><th align=\"right\" class=\"newsadminrows\">" . STATUS . "</th></tr>\n";
while($query_data = mysql_fetch_array($result))
{
$id = $query_data["id"];
$title = $query_data["title"];
$length = 50; // maximum amount of characters
if (strlen($title) > $length) $title = ereg_replace("^(.{1,$length})[ .,].*", "\\1…", $title); // echo the maximum amount of characters, but don't break words
$push = $query_data["push"];
$expires = $query_data["expires"];
$topic = $query_data["topic"];
echo "<tr>\n<td class=\"newsadminrows\"><a href=\"$PHP_SELF?action=temp&id=$id\">$title</a></td>\n<td class=\"newsadminrows newsadminrow2\">$topic</td>\n";
if ($expires == $now)
{
$status = EXPIRES_TODAY;
$statusclass = "today";
}
if ($expires < $now)
{
$status = EXPIRED;
$statusclass = "expired";
}
if ($expires > $now)
{
$status = NOT_YET_EXPIRED;
$statusclass = "notyet";
}
if ($expires == '00000000')
{
$status = EXPIRES_NEVER;
$statusclass = "never";
}
if ($push > $now)
{
$status = WAITING;
$statusclass = "waiting";
}
echo "<td align=\"right\" class=\"newsadminrows\"><span class=\"$statusclass\">$status</span></td>\n</tr>\n";
}
echo "</table>\n";
}
// we have an id, present an update form and a removal form
else
{
$query = "SELECT DATE_FORMAT(push,'%Y-%m-%d') as date1, DATE_FORMAT(expires,'%Y-%m-%d') as date2, title, topic, poster, text, publicationdate FROM $previewtable WHERE id = '$id'";
$result = mysql_query($query);
while($query_data = mysql_fetch_array($result))
{
$text = $query_data["text"];
$title = $query_data["title"];
$topic = $query_data["topic"];
$publicationdate = $query_data["publicationdate"];
$poster = $query_data["poster"];
$date1 = $query_data["date1"];
$date2 = $query_data["date2"];
if ($date1 != "0000-00-00")
{
$arrDateTime = explode("-", $date1);// split the push date on - so we can update the seperate parts
$day1 = $arrDateTime[2];
$month1 = $arrDateTime[1];
$year1 = $arrDateTime[0];
}
else
{
$day1 = "$day";
$month1 = "$month";
$year1 = "$year";
}
if ($date2 != "0000-00-00")
{
$arrDateTime1 = explode("-", $date2);// split the expiry date on - so we can update the seperate parts
$day2 = $arrDateTime1[2];
$month2 = $arrDateTime1[1];
$year2 = $arrDateTime1[0];
}
else
{
$day2 = "";
$month2 = "";
$year2 = "";
}
echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
echo "<fieldset>\n<legend>" . DELETE_ITEM . "</legend>\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete_temp\" />\n";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
echo "</fieldset>\n";
echo "</form>\n";
$id =""; // temp table $id is useless for real purposes and $publicationdate should be filled in
$publicationdate = "";
form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate);
}
}
admin();
}
//
// remove the item with id=$id from the database
//
function delete()
{
global $PHP_SELF, $table, $id;
$query = "DELETE FROM $table where id='$id'";
$result = mysql_query($query);
$num_rows = mysql_affected_rows();
if($num_rows == "0")
{
echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
}
else
{
echo "<strong>" . ITEM_REMOVED . ".</strong>\n";
include("write_xml.php");// comment this line out if you can't CHMOD the rss.xml file
admin();
}
}
function delete_temp()
{
global $PHP_SELF, $previewtable, $id;
$query = "DELETE FROM $previewtable where id='$id'";
$result = mysql_query($query);
$num_rows = mysql_affected_rows();
if($num_rows == "0")
{
echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
}
else
{
echo "<strong>" . ITEM_REMOVED . ".</strong>\n";
admin();
}
}
function form($id, $title, $topic, $poster, $text, $day1, $month1, $year1, $day2, $month2, $year2, $publicationdate)
{
global $PHP_SELF, $table, $show_poster;// , $day1, $month1, $year1, $day2, $month2, $year2
$title = stripslashes($title);
$text = stripslashes($text);
echo "<form action=\"$PHP_SELF?action=check\" method=\"post\" name=\"theForm\">\n";
echo "<fieldset>\n<legend>" . LEGEND . "</legend>\n";
echo "<input type=\"hidden\" name=\"id\" value=\"$id\" />\n";
echo "<input type=\"hidden\" name=\"publicationdate\" value=\"$publicationdate\" />\n";
echo "<table border=\"0\" cellpadding=\"2\" cellspacing=\"1\">\n";
echo " <tr>\n";
echo " <td align=\"left\">" . TITLE_FIELD . "</td>\n";
echo " <td align=\"left\"><input type=\"text\" name=\"title\" size=\"20\" maxlength=\"100\" value=\"$title\" title=\"" . TOOLTIP_TITLE . "\" /></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td>" . TOPIC_FIELD . "</td>\n";
echo " <td><select name=\"list_topics\" onchange='document.theForm.topic.value=document.theForm.list_topics.options[document.theForm.list_topics.selectedIndex].value'>\n";
echo " <option value=\"new topic\">" . CATEGORY_FIELD . "</option>\n";
$cat = mysql_query("SELECT DISTINCT topic FROM $table ORDER BY topic ASC");
while($row = mysql_fetch_row($cat))
{
echo " <option value=\"" . stripslashes($row[0]) . "\">" . stripslashes($row[0]) . "</option>\n";
}
mysql_free_result($cat);
echo " </select></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"><input type=\"text\" name=\"topic\" size=\"20\" maxlength=\"50\" value=\"$topic\" title=\"" . TOOLTIP_CATEGORY . "\" /></td>\n";
echo " </tr>\n";
if ($show_poster == "yes")
{
echo " <tr>\n";
echo " <td align=\"left\">" . POSTER_FIELD . "</td>\n";
echo " <td align=\"left\"><input type=\"text\" name=\"poster\" size=\"20\" maxlength=\"50\" value=\"$poster\" /></td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\">" . PUSH_FIELD . "</td>\n";
echo " <td align=\"left\">
<input type=\"text\" name=\"year1\" size=\"4\" maxlength=\"4\" value=\"$year1\" title=\"" . TOOLTIP_YYYY . "\" />
<input type=\"text\" name=\"month1\" size=\"2\" maxlength=\"2\" value=\"$month1\" title=\"" . TOOLTIP_MM . "\"/>
<input type=\"text\" name=\"day1\" size=\"2\" maxlength=\"2\" value=\"$day1\" title=\"" . TOOLTIP_DD . "\"/> "
. PUSH_EXPL . "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\">" . EXPIRY_FIELD . "</td>\n";
echo " <td align=\"left\">
<input type=\"text\" name=\"year2\" size=\"4\" maxlength=\"4\" value=\"$year2\" title=\"" . TOOLTIP_YYYY . "\" />
<input type=\"text\" name=\"month2\" size=\"2\" maxlength=\"2\" value=\"$month2\" title=\"" . TOOLTIP_MM . "\" />
<input type=\"text\" name=\"day2\" size=\"2\" maxlength=\"2\" value=\"$day2\" title=\"" . TOOLTIP_DD . "\" /> " . EXPIRY_EXPL . "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">";
echo "<input type='button' value='URL' title='" . TOOLTIP_URL . "' onclick='bbCodeUrl(\"message\");' />";
echo "<input type='button' value='IMG' title='" . TOOLTIP_IMG . "' onclick='bbCodeImg(\"message\");' />";
echo "<input type='button' value='EMAIL' title='" . TOOLTIP_EMAIL . "' onclick='bbCodeEmail(\"message\");' />";
echo "<input type='button' value='ABBR' title='" . TOOLTIP_ABBR . "' onclick='bbCodeAbbr(\"message\");' />";
echo "<input type='button' value='QUOTE' title='" . TOOLTIP_QUOTE . "' onclick='bbCodeQuote(\"message\");' />";
echo "<input type='button' value='BOLD' title='" . TOOLTIP_BOLD . "' onclick='bbCodeBold(\"message\");' />";
echo "<input type='button' value='ITALIC' title='" . TOOLTIP_ITALIC . "' onclick='bbCodeItalic(\"message\");' />";
echo "<input type='button' value='CODE' title='" . TOOLTIP_CODE . "' onclick='bbCodePre(\"message\");' />\n";
echo "<input type='button' value='LIST' title='" . TOOLTIP_LIST . "' onclick='bbCodeList(\"message\");' />\n";
echo "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\" valign=\"top\">" . TEXT_FIELD . "</td>\n";
echo " <td align=\"left\"><textarea cols=\"50\" rows=\"20\" name=\"text\" id=\"message\" title=\"" . TOOLTIP_TEXTAREA . "\">$text</textarea></td>\n";
echo " </tr>\n";
echo "</table>\n";
echo "<input type=\"submit\" name=\"submit\" value=\"" . PREVIEW_BUTTON . "\" title=\"" . PREVIEW_BUTTON . "\" /> <input type=\"submit\" name=\"submit\" value=\"" . SAVE_BUTTON . "\" title=\"" . SAVE_BUTTON . "\" />\n";
echo "</fieldset>\n";
echo "</form>\n";
}
function mod_comments()
{
global $comment_table, $table, $news_base, $PHP_SELF;
$query = "SELECT * FROM $comment_table WHERE approved = '0' ORDER BY uniqueid ASC";
$result = mysql_query($query);
echo C_ADMIN_MODERATED . ":<br /><br />\n";
while($query_data = mysql_fetch_array($result))
{
$id = $query_data["id"];
$uniqueid = $query_data["uniqueid"];
$the_name = $query_data["poster_name"];
$the_email = $query_data["poster_email"];
$the_homepage = $query_data["poster_homepage"];
$the_comment = convertBBCode($query_data["comment"]);
$query2 = "SELECT id, title FROM $table WHERE id=$id";
$result2 = mysql_query($query2);
while($query_data2 = mysql_fetch_array($result2))
{
$id = $query_data2["id"];
$title = $query_data2["title"];
}
echo "<div class=\"newsitem\">\n<div class=\"newsbody\">";
echo "<span class=\"newscommentname\">$the_name on <a href=\"$news_base?action=comment&article=$id\" target=\"_blank\">$title</a></span>";
if (!empty ($the_homepage))
{
echo " - <a href=\"$the_homepage\">$the_homepage</a>";
}
if (!empty ($the_email))
{
echo " - <a href=\"mailto:$the_email\">$the_email</a>";
}
echo "<br /><br />\n$the_comment</div>\n";
echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"delete_comment\" />\n";
echo "<input type=\"hidden\" name=\"uniqueid\" value=\"$uniqueid\" />\n";
echo "<input type=\"submit\" value=\" Remove \" onclick=\"return confirm('" . DELETE_WARN . "');\" />\n";
echo "</form><br />\n";
echo "<form action=\"$PHP_SELF\" method=\"get\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"approve_comment\" />\n";
echo "<input type=\"hidden\" name=\"uniqueid\" value=\"$uniqueid\" />\n";
echo "<input type=\"submit\" value=\" Approve \" />\n";
echo "</form>\n";
echo "</div>\n<br />\n";
}
echo "<a href=\"$PHP_SELF?action=delete_all\">" . DELETE_ALL_UAC . "</a><br />";
admin();
}
function delete_comment()
{
global $comment_table, $uniqueid;
$query = "DELETE FROM $comment_table where uniqueid='$uniqueid'";
$result = mysql_query($query);
$num_rows = mysql_affected_rows();
if($num_rows == "0")
{
echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
}
else
{
echo "<strong>" . ITEM_REMOVED . ".</strong><br />\n";
}
mod_comments();
}
function delete_all_unapproved_comments()
{
global $comment_table, $uniqueid;
$query = "DELETE FROM $comment_table where approved='0'";
$result = mysql_query($query);
$num_rows = mysql_affected_rows();
if($num_rows == "0")
{
echo "<h4>" . NOTHING_REMOVED . ".</h4>\n";
}
else
{
echo "<strong>" . ITEM_REMOVED . ".</strong><br />\n";
}
mod_comments();
}
function approve_comment()
{
global $comment_table, $uniqueid;
$query = "UPDATE $comment_table SET approved='1' WHERE uniqueid='$uniqueid'";
$result = mysql_query($query);
// check if the insert was successful
$num_rows = mysql_affected_rows();
// nope:
if($num_rows == "0")
{
echo "<h4>" . UNKNOWN_ERROR . "</h4>\n";// possibly due to the fact that there were no changes, so no need to worry if that's the case
}
mod_comments();
}
include "foot.php";
mysql_close($conn);
?>