<?php
if(!defined('IN_ADMIN') || !defined('IN_BLOG'))
{
header('Location: admin.php');
exit;
}
switch($mode)
{
default:
case 'list':
$result = mysql_query('SELECT * FROM `miniblog`') or die(mysql_error());
while($row = mysql_fetch_assoc($result))
{
$published = ($row['published'] == 1) ? 'Published' : 'Unpublished';
$preview_link = ($row['published'] == 1) ? "<a href=\"../{$config['miniblog-filename']}?post={$row['post_slug']}\"><img src=\"images/view.png\" alt=\"View post\" /></a> " : '';
$post_list .= "<tr>
<td><a href=\"admin.php?mode=edit&id={$row['post_id']}\">{$row['post_title']}</a></td>
<td>" . date($config['date-format'], $row['date']) . "</td>
<td>{$published}</td>
<td>
{$preview_link}
<a href=\"admin.php?mode=delete&id={$row['post_id']}\" onclick=\"return confirm_dialog('admin.php?mode=delete&id={$row['post_id']}', 'This will remove the post, are you sure you want to continue?')\"><img src=\"images/delete.png\" alt=\"Remove\" /></a>
</td>
</tr>";
}
include('list.php');
break;
case 'edit':
$id = mysql_real_escape_string($_GET['id']);
$post_sql = "SELECT * FROM `miniblog` WHERE `post_id` = '{$id}'";
$result = mysql_query($post_sql);
$post = mysql_fetch_assoc($result);
if(mysql_num_rows($result) == 1)
{
if(isset($_POST['miniblog_PostBack']))
{
$data = $_POST['data'];
if($_POST['data']['post_title'] != $post['post_title'])
{
$data['post_slug'] = mb_slug($_POST['data']['post_title']);
}
$sql = '';
$i = 1;
foreach($data as $field => $value)
{
if($value == '')
{
$failed = true;
break;
}
$sql .= "`" . mysql_real_escape_string($field) . "` = '" . mysql_real_escape_string($value) . "'";
$sql .= ($i == sizeof($data)) ? '' : ', ';
$i++;
}
if($failed)
{
$response_text = 'Error: You must fill out all fields';
}
else
{
$sql = mysql_query("UPDATE `miniblog` SET {$sql} WHERE `post_id` = '{$id}'") or die(mysql_error());
$result = mysql_query($post_sql);
$post = mysql_fetch_assoc($result);
$response_text = 'Post updated';
}
}
include('edit.php');
}
break;
case 'options':
if(isset($_POST['miniblog_PostBack']))
{
$data = $_POST['data'];
foreach($data as $name => $value)
{
if($value == '')
{
$failed = true;
break;
}
$name = mysql_real_escape_string($name);
$value = mysql_real_escape_string($value);
$sql = mysql_query("UPDATE `miniblog_config` SET `config_value` = '{$value}' WHERE `config_name` = '{$name}'") or die(mysql_error());
}
if($failed)
{
$response_text = 'Error: You must fill out all fields';
}
else
{
$response_text = 'Options updated';
}
}
$sql = mysql_query("SELECT * FROM `miniblog_config` WHERE `config_name` <> 'password'");
while($row = mysql_fetch_array($sql))
{
$option_list .= "<p>
<label for=\"{$row['config_name']}\">" . str_replace('-', ' ', trim(ucfirst($row['config_name']))) . "</label><br />
<input type=\"text\" name=\"data[{$row['config_name']}]\" value=\"" . stripslashes($row['config_value']) . "\" id=\"{$row['config_name']}\" /><br /><span class=\"form-text\">{$row['config_explain']}</span>
</p>";
}
include('options.php');
break;
case 'add':
if(isset($_POST['miniblog_PostBack']))
{
$data = $_POST['data'];
$data['post_slug'] = mb_slug($_POST['data']['post_title']);
$data['date'] = time();
$sql ='';
$i = 1;
foreach($data as $field => $value)
{
if($value == '')
{
$failed = true;
break;
}
$fields .= "`" . mysql_real_escape_string($field) . "`";
$values .= "'" . mysql_real_escape_string($value) . "'";
$values .= ($i == sizeof($data)) ? '' : ', ';
$fields .= ($i == sizeof($data)) ? '' : ', ';
$i++;
}
$post = $_POST['data'];
if($failed)
{
$response_text = 'Error: You must fill out all fields';
}
else
{
$result = mysql_query("INSERT INTO `miniblog` ({$fields}) VALUES({$values})");
$response_text = ($result) ? 'Post added' : 'Post could not be added';
}
}
include('edit.php');
break;
case 'delete':
$id = mysql_real_escape_string($_GET['id']);
$post_sql = "SELECT * FROM `miniblog` WHERE `post_id` = '{$id}'";
$result = mysql_query($post_sql);
if(mysql_num_rows($result) == 1)
{
$result = mysql_query("DELETE FROM `miniblog` WHERE `post_id` = '{$id}'");
if($result)
{
header("Location: admin.php?mode=list");
}
else
{
die(mysql_error());
}
}
else
{
header("Location: admin.php?mode=list");
}
break;
case 'login':
if(isset($_POST['SimplePoll_Login']))
{
if(md5($_POST['password']) == PASSWORD)
{
session_start();
$_SESSION['miniblog_Admin'] = true;
$_SESSION['miniblog_AdminPass'] = PASSWORD;
define('miniblog_ID', md5(time()));
header('Location: admin.php?mode=list');
}
else
{
$error_text = 'Incorrect password';
}
}
include('login.php');
break;
case 'password':
if(isset($_POST['miniblog_PostBack']))
{
if($_POST['current_password'] != '' && $_POST['new_password'] != '' && $_POST['confirm_password'] != '')
{
$current_password = md5($_POST['current_password']);
$new_password = md5($_POST['new_password']);
$confirm_password = md5($_POST['confirm_password']);
$real_current_pass = mysql_result(mysql_query("SELECT `config_value` FROM `miniblog_config` WHERE `config_name` = 'password'"), 0);
if($current_password == $real_current_pass)
{
if($new_password == $confirm_password)
{
$result = mysql_query("UPDATE `miniblog_config` SET `config_value` = '{$new_password}' WHERE `config_name` = 'password'");
if($result)
{
$response_text = 'Password updated';
}
else
{
$response_text = 'Could not update password';
}
}
else
{
$response_text = 'Both passwords must match';
}
}
else
{
$response_text = 'Current password incorrect';
}
}
else
{
$response_text = 'You must fill out all fields';
}
}
include('password.php');
break;
case 'logout':
$_SESSION['miniblog_Admin'] = false;
unset($_SESSION['miniblog_Admin']);
unset($_SESSION['miniblog_AdminPass']);
session_destroy();
header('Location: admin.php?mode=login');
break;
}
?>