Location: PHPKode > projects > JaxBlog > JaxBlog/app/admin/admin_stories/admin_stories.php
<?php

require_once('../../../config.php');
require_once(FOLDER_RELATIVE_COMMON . 'authorization.php');
require_once(FOLDER_RELATIVE_COMMON . 'database.php');
require_once(FOLDER_RELATIVE_COMMON . 'html.php');

$exitearly = true;
$errors = '';
$xml_delete_choice = null;
$stage = isset($_GET['stage']) ? $_GET['stage'] : '';
$request = isset($_GET['request']) ? $_GET['request'] : 'add';

if ($request == 'xml') {
	
	header('Content-Type: text/xml');
	$xml = '<?xml version="1.0" encoding="UTF-8" standalone="yes"?>' . "\n";
	$xml .= "<root>\n";

	if ($stage == 'add') {
		$xml .= "	<controls_input>\n";
		$xml .= "		<record><key>request</key><value>add</value></record>\n";
		$xml .= "		<record><key>stage</key><value>$stage</value></record>\n";
		$xml .= "	</controls_input>\n";
		
	} else if ($stage == 'edit') {
		$story_id = $_SESSION['id'];
		
		// Get the story's info
		$sql = 'SELECT title, content FROM Stories WHERE id = ?';
		$row = databaseGetRow($sql, array($story_id));
		
		$story_title = $row['title'];
		$story_content = $row['content'];
		
		// Get the page title list
		$sql = '';
		$sql .= 'SELECT p.id AS id, p.title AS title ';
		$sql .= 'FROM PageToStory t, Pages p ';
		$sql .= 'WHERE p.id = t.page_id and t.story_id = ?';
		$page_rows = databaseGetRows($sql, array($story_id));
		$counter = 0;
		$page_id = '';
		$page_title = '';
		foreach ($page_rows as $page_row) {
			$counter++;
			$page_id .= $page_row['id'] . '|';
			$page_title .= removeBreak($page_row['title'], false) . '|';
		}
		
		// Retranslate line breaks.
		$story_title = removeBreak($story_title, true);
		$story_content = removeBreak($story_content, true);
		
		// Compile the xml document
		$xml .= "	<controls_id>\n";
		$xml .= "		<record><key>page_title_list</key><value><![CDATA[$page_title]]></value></record>\n";
		$xml .= "		<record><key>story_content_editor</key><value><![CDATA[$story_content]]></value></record>\n";
		$xml .= "		<record><key>story_title</key><value><![CDATA[$story_title]]></value></record>\n";
		$xml .= "	</controls_id>\n";
		
		$xml .= "	<controls_input>\n";
		$xml .= "		<record><key>request</key><value>edit</value></record>\n";
		$xml .= "		<record><key>stage</key><value>$stage</value></record>\n";
		$xml .= "		<record><key>story_id</key><value>$story_id</value></record>\n";
//		$xml .= "		<record><key>sql</key><value>$sql</value></record>\n";
		$xml .= "	</controls_input>\n";
		
		// Find 'delete page reference' info separately
		if ($counter > 0) {
			$page_id = '0|' . $page_id;
			$page_title = 'Please choose one|' . $page_title;
			
			$xml_delete_choice = '';
			$xml_delete_choice .= '';
			$xml_delete_choice .= "		<record>";
			$xml_delete_choice .= "			<key>page_title_delete</key>";
			$xml_delete_choice .= "			<value>0</value>";
			$xml_delete_choice .= "			<captions><![CDATA[$page_title]]></captions>";
			$xml_delete_choice .= "			<choices>$page_id</choices>";
			$xml_delete_choice .= "		</record>";
		} 
	}
	
	// Regardless of add or edit, write a list of pages out to the 
	// form so the user can select what page the story should go with.
	if ($stage == 'add' || $stage == 'edit') {
		$sql = 'SELECT title, id FROM Pages ORDER BY sortorder';
		$rows = databaseGetRows($sql, array());
		$captions = 'Please choose one|';
		$choices = '0|';
		foreach ($rows as $row) {
			$captions .= removeBreak($row['title'], false) . '|';
			$choices .= $row['id'] . '|';
		}
		
		$xml .= "	<controls_select>\n";
		$xml .= "		<record>";
		$xml .= "			<key>page_title_add</key>";
		$xml .= "			<value>0</value>";
		$xml .= "			<captions><![CDATA[$captions]]></captions>";
		$xml .= "			<choices><![CDATA[$choices]]></choices>";
		$xml .= "		</record>\n";
		if ($xml_delete_choice != null) $xml .= $xml_delete_choice;
		$xml .= "	</controls_select>\n";
	}
	
	$xml .= "</root>\n";
	echo $xml;
	exit;
}

if ($request == 'add') {
	if ($stage == 'add') {
		// User just submitted.
		$story_title = removeNewline($_POST['story_title'], true);
		$story_title = stripSlashes($story_title);
		$story_content = removeNewline($_POST['story_content'], true);
		$story_content = stripSlashes($story_content);
		
		$sql = 'INSERT INTO Stories (id, title, content) VALUES ( ?, ?, ? )';
		$args = array(0, $story_title, $story_content);
		$story_id = databaseExecuteReturnId($sql, $args, 'stories_id_seq');
		
		$page_id = $_POST['page_title_add'];
		if ($page_id != null && $page_id > 0) {
			$sql = 'INSERT INTO PageToStory ( page_id, story_id ) VALUES ( ?, ? )';
			databaseExecute($sql, array($page_id, $story_id ));
		}
		
	} else {
		// Send user to the 'add' form.
		$_SESSION['id'] = -1;
		$stage = 'add';
		$exitearly = false;
	}
	
} else if ($request == 'edit') {
	if ($stage == 'edit') {

		// User just submitted.
		$story_id = $_POST['story_id'];
		$story_title = removeNewline($_POST['story_title'], true);
		$story_title = stripSlashes($story_title);
		$story_content = removeNewline($_POST['story_content'], true);
		$story_content = stripSlashes($story_content);
		
		$sql = 'UPDATE Stories SET stamp = ' . databaseSetDate() . ', title = ?, content = ? WHERE id = ?';
		databaseExecute($sql, array($story_title, $story_content, $story_id));
		
		// Only insert a record into PageToStory if one doesn't exist.
		if (isset($_POST['page_title_add'])) {
			$page_id = $_POST['page_title_add'];
			if ($page_id != 0) {
				$sql = 'SELECT * FROM PageToStory WHERE page_id = ? AND story_id = ?';
				$row = databaseGetRow($sql, array($page_id, $story_id));
				if (!$row) {
					$sql = 'INSERT INTO PageToStory (page_id, story_id) VALUES ( ?, ? )';
					databaseExecute($sql, array($page_id, $story_id));
				}
			}
		}
		
		if (isset($_POST['page_title_delete'])) {
			$page_id = $_POST['page_title_delete'];
			if ($page_id != 0) {
				$sql = 'DELETE FROM PageToStory WHERE page_id = ? AND story_id = ?';
				databaseExecute($sql, array($page_id, $story_id));
			}
		}
		
	} else {
		// Send user to the 'edit' form.
		$_SESSION['id'] = $_GET['id'];
		$stage = 'edit';
		$exitearly = false;
	}
	
} else if ($request == 'delete') {
	$sql = 'DELETE FROM PageToStory WHERE story_id = ?';
	databaseExecute($sql, array($_GET['id']));

	$sql = 'DELETE FROM Stories WHERE id = ?';
	databaseExecute($sql, array($_GET['id']));
}

if ($exitearly) {
	// TODO: find a neat way to out the error messages to the user.
	if ($errors != '') { 
		echo $errors;
		exit;
	}
    header('location:admin_stories_list.php');
	exit;
}


// Show the stories list form.
require_once(FOLDER_RELATIVE_COMMON . 'builder-admin.php');

$header = '<script type="text/javascript" src="admin_stories.js"></script>' . "\n";

$onload = '';
$onload .= "jaxEditorSetFolderURL('../admin_files/admin_files_list.php?request=xml', '" . FOLDER_RELATIVE_BASE . "upload/', 'upload/'); ";
$onload .= "jaxFormSetCallBack(jaxEditorTranslateFromStorage); ";
$onload .= "jaxEditorRegister('" . FOLDER_RELATIVE_BASE . "module/JaxEditor/', 'story_content'); ";
$onload .= "jaxFormRegister('admin_stories.php?request=xml&stage=$stage'); ";
$onload .= "initializePage(); ";

$title   = 'Stories';
$content = 'admin_stories.html';
$page    = buildAdminPage($header, $onload, $title, $content);

echo $page;

?>
Return current item: JaxBlog