Location: PHPKode > projects > JaxBlog > JaxBlog/app/admin/admin_pages/admin_pages.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');
require_once(FOLDER_RELATIVE_COMMON . 'html.php');

$exitearly = true;
$errors = '';
$stage = isset($_GET['stage']) ? $_GET['stage'] : '';
$request = isset($_GET['request']) ? $_GET['request'] : '';

if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	$xml .= '<root>' . "\n";
	
	if ($stage == 'add') {
		// Display parent information.
		$parent_id = $_SESSION['id'];
		$sql = 'SELECT title FROM Pages WHERE id = ?';
		$parent_title = databaseGetValue($sql, array($parent_id));
		
		// Retranslate line breaks.
		$parent_title = removeBreak($parent_title, true);
		$page_title = '';
		
		$xml .= '	<controls_id>' . "\n";
		$xml .= '		<record><key>parent_title</key><value><![CDATA[' . $parent_title . ']]></value></record>' . "\n";
		$xml .= '		<record><key>page_title</key><value><![CDATA[' . $page_title . ']]></value></record>' . "\n";
		$xml .= '	</controls_id>' . "\n";
		$xml .= '	<controls_input>' . "\n";
		$xml .= '		<record><key>request</key><value>add</value></record>' . "\n";
		$xml .= '		<record><key>stage</key><value>' . $stage . '</value></record>' . "\n";
		$xml .= '		<record><key>parent_id</key><value>' . $parent_id . '</value></record>' . "\n";
		$xml .= '	</controls_input>' . "\n";
		$xml .= '	<controls_select>' . "\n";
		$xml .= '		<record>';
		$xml .= '			<key>page_visible_stories</key>';
		$xml .= '			<value>3</value>';
		$xml .= '			<captions>0|1|2|3|4|5|</captions>';
		$xml .= '			<choices>0|1|2|3|4|5|</choices>';
		$xml .= '		</record>' . "\n";
		$xml .= '	</controls_select>' . "\n";
		
	} else if ($stage == 'edit') {
		
		$page_id = $_SESSION['id'];
		$parent_id = databaseGetValue('SELECT parent_id FROM Pages WHERE id = ?', array($page_id));
		
		if ($parent_id == 0) {
			$sql = '';
			$sql .= ' SELECT title, 0 AS parent_id, \'\' AS parent_title, visible_stories, require_login ';
			$sql .= ' FROM Pages WHERE id = ? ';
			$row = databaseGetRow($sql, array($page_id));
		} else {
	    	$sql = '';
	    	$sql .= 'SELECT ';
			$sql .= '  a.parent_id AS parent_id, ';
			$sql .= '  b.title as parent_title, ';
			$sql .= '  a.title AS title, ';
			$sql .= '  a.visible_stories AS visible_stories, ';
			$sql .= '  a.require_login AS require_login ';
			$sql .= 'FROM Pages a, Pages b ';
			$sql .= 'WHERE a.id = ? AND b.id = a.parent_id ';
			$row = databaseGetRow($sql, array($page_id));
		}
		$page_title            = $row['title'];
		$parent_id             = $row['parent_id'];
		$parent_title          = $row['parent_title'];
		$page_visible_stories  = $row['visible_stories'];
		$page_require_login    = $row['require_login'];
		
		$parent_title = removeBreak($parent_title, true);
		$page_title   = removeBreak($page_title, true);
		
		$xml .= '	<controls_id>' . "\n";
		$xml .= '		<record><key>parent_title</key><value><![CDATA[' . $parent_title . ']]></value></record>' . "\n";
		$xml .= '	</controls_id>' . "\n";
		$xml .= '	<controls_input>' . "\n";
		$xml .= '		<record><key>request</key><value>edit</value></record>' . "\n";
		$xml .= '		<record><key>stage</key><value>' . $stage . '</value></record>' . "\n";
		$xml .= '		<record><key>page_id</key><value>' . $page_id . '</value></record>' . "\n";
		$xml .= '		<record><key>parent_id</key><value>' . $parent_id . '</value></record>' . "\n";
		$xml .= '		<record><key>page_title</key><value><![CDATA[' . $page_title . ']]></value></record>' . "\n";
		$xml .= '		<record><key>page_require_login</key><value><![CDATA[' . $page_require_login . ']]></value></record>' . "\n";
		$xml .= '	</controls_input>' . "\n";
		$xml .= '	<controls_select>' . "\n";
		$xml .= '		<record>';
		$xml .= '			<key>page_visible_stories</key>';
		$xml .= '			<value>' . $page_visible_stories . '</value>';
		$xml .= '			<captions>0|1|2|3|4|5|</captions>';
		$xml .= '			<choices>0|1|2|3|4|5|</choices>';
		$xml .= '		</record>' . "\n";
		$xml .= '	</controls_select>' . "\n";
	};
	
	$xml .= '</root>' . "\n";
	echo $xml;
	exit;
}

if ($request == 'add') {
	if ($stage == 'add') {
		// User just submitted.
		$parent_id             = $_POST['parent_id'];
		$page_title            = stripslashes($_POST['page_title']);
		$page_visible_stories  = $_POST['page_visible_stories'];
		$page_require_login    = isset($_POST['page_require_login']) && ($_POST['page_require_login'] == 'on') ? 'Y' : 'N';
		
		// Allow line breaks in titles.
		$page_title = removeNewline($page_title, true);
		
		// Insert the page.
		$sql = 'INSERT INTO Pages (id, parent_id, title, visible_stories, require_login) VALUES ( ?, ?, ?, ?, ? )';
		$id = databaseExecuteReturnId($sql, array(0, $parent_id, $page_title, $page_visible_stories, $page_require_login), 'pages_id_seq');
		
		$sql = 'SELECT COUNT(*) FROM Pages WHERE parent_id = (SELECT parent_id FROM Pages WHERE id = ?)';
		$count = databaseGetValue($sql, array($id));
		
		// Update sortorder so the page is the last one among siblings.
		$sql = 'UPDATE Pages SET sortorder = ? WHERE id = ?';
		databaseExecute($sql, array($count, $id));
		
	} else {
		// Send user to the 'add' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'add';
		$exitearly = false;
	}
	
} else if ($request == 'edit') {
	if ($stage == 'edit') {
		// User just submitted.
	    $page_id              = $_POST['page_id'];
	    $parent_id            = $_POST['parent_id'];
		$page_title           = stripslashes($_POST['page_title']);
		$page_visible_stories = $_POST['page_visible_stories'];
		$page_require_login   = isset($_POST['page_require_login']) && ($_POST['page_require_login'] == 'on') ? 'Y' : 'N';
		
		// Allow line breaks in titles.
		$page_title = removeNewline($page_title, true);
		
		$sql = 'UPDATE Pages SET parent_id = ?, title = ?, visible_stories = ?, require_login = ? WHERE id = ?';
		databaseExecute($sql, array($parent_id, $page_title, $page_visible_stories, $page_require_login, $page_id));
		
	} else {
		// Send user to the 'edit' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'edit';
		$exitearly = false;
	}
	
} else if ($request == 'moveup') {
	
	$id = $_GET['id'];
	
	// First check to see if we're already at the top of the sibling 
	// tree, which would mean bumping to a higher set of siblings.
	$sortorder = databaseGetValue('SELECT sortorder FROM Pages WHERE id = ?', array($id));
	if ($sortorder == 1) {
		// Bump sibling sortorder up by 1.
		$sql = 'UPDATE Pages SET sortorder = sortorder - 1 WHERE parent_id = ( SELECT parent_id FROM Pages WHERE id = ? )';
		databaseExecute($sql, array($id));
		
		// Move node up one parent.
		$sql = '';
		$sql .= ' UPDATE Pages ';
		$sql .= ' SET parent_id = ( ';
		$sql .= '   SELECT b.parent_id ';
		$sql .= '   FROM Pages a, Pages b ';
		$sql .= '   WHERE a.id = ? AND b.id = a.parent_id ';
		$sql .= ' ) WHERE id = ? ';
		databaseExecute($sql, array($id, $id));
		
		// Reset node sortorder.
		$sql = 'UPDATE Pages SET sortorder = (SELECT COUNT(*) FROM Pages WHERE parent_id = (SELECT parent_id FROM Pages WHERE id = ?)) WHERE id = ?';
		databaseExecute($sql, array($id, $id));
		
	// Not top of sibling tree, so swap sortorders with sibling above.
	} else {
		// Grab higher sibling's id.
		$sql = '';
		$sql .= ' SELECT b.id ';
		$sql .= ' FROM Pages a, Pages b ';
		$sql .= ' WHERE a.id = ? AND b.parent_id = a.parent_id AND b.sortorder = a.sortorder - 1 ';
		$sibling_id = databaseGetValue($sql, array($id));
		
		// Swap sort order.
		databaseExecute('UPDATE Pages SET sortorder = sortorder - 1 WHERE id = ?;', array($id));
		databaseExecute('UPDATE Pages SET sortorder = sortorder + 1 WHERE id = ?;', array($sibling_id));
	}

} else if ($request == 'movedown') {
	
	$id = array($_GET['id']);

	// KNOWN BUG: what do you do if someone hits 'down' when you're already at the bottom of
	// a set of siblings?  Should go up the tree ... ?  This introduces a lot of problems.

	// Grab lower sibling's id.
	$sql = '';
	$sql .= ' SELECT b.id ';
	$sql .= ' FROM Pages a, Pages b ';
	$sql .= ' WHERE a.id = ? AND b.parent_id = a.parent_id AND b.sortorder = a.sortorder + 1 ';
	$sibling_id = databaseGetValue($sql, array($id));
	
	// Swap sort order.
	if ($sibling_id != null) {
		databaseExecute('UPDATE Pages SET sortorder = sortorder + 1 WHERE id = ?;', array($id));
		databaseExecute('UPDATE Pages SET sortorder = sortorder - 1 WHERE id = ?;', array($sibling_id));
	}
	
} else if ($request == 'delete') {
    $sql = 'DELETE FROM Pages WHERE id = ?';
    databaseExecute($sql, array($_GET['id']));
}

if ($exitearly) {
	// TODO: find a neat way to out the error messages to the user.
	if ($errors != '') { 
		echo $errors;
		exit;
	}
    header('location:admin_pages_list.php');
	exit;
}


// Show the pages list form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');

$header  = '<script type="text/javascript" src="admin_pages.js"></script>' . "\n";
$onload  = "jaxFormRegister('admin_pages.php?request=xml&stage=$stage'); initializePage();";
$title   = 'Pages';
$content = 'admin_pages.html';
$page    = buildAdminPage($header, $onload, $title, $content);

echo $page;
?>
PHP Helpdesk script - 100% PHP source code. Try it now!
Return current item: JaxBlog