<?php
/*
+--------------------------------------------------------------------------
| NovaBoard
| ========================================
| By Dave Murchison
| (c) 2009 NovaBoard
| http://www.novaboard.net
| ========================================
| categories.php - create/edit/delete forums
*/
if (!defined('NOVA_RUN')){
echo "<h1>ACCESS DENIED</h1>You cannot access this file directly.";
exit();
}
template_hook("pages/admin/categories.template.php", "start");
if ($can_change_forum_settings=='0'){
nova_redirect("index.php?page=error&error=11","error/11");
}
elseif ($_GET['func']=='delete')
{
if ($_POST['agree']!='1')
{
list($token_id, $token, $token_name) = tokenCreate('categories_delete', (int) $_GET['id']);
template_hook("pages/admin/categories.template.php", "warn");
}
else
{
$category_post_id = (int) $_GET['id'];
if (tokenCheck('categories_delete', $category_post_id))
{
$query212 = "select ID from {$db_prefix}posts WHERE FORUM_ID='$category_post_id'" ;
$result212 = mysql_query($query212) or die("delete.php - Error in query: $query212") ;
while ($results212 = mysql_fetch_array($result212))
{
$remove_id = $results212['ID'];
// first, delete attachments associated with these posts...
$query2121 = "select FILENAME from {$db_prefix}attachments WHERE POSTID='$remove_id'" ;
$result2121 = mysql_query($query2121) or die("delete.php - Error in query: $query2121") ;
while ($results2121 = mysql_fetch_array($result2121))
{
$filename = strip_slashes($results2121['FILENAME']);
foreach (glob("uploads/attachments/$filename") as $filename)
{
unlink($filename);
}
foreach (glob("uploads/attachments/t_$filename") as $filename)
{
unlink($filename);
}
mysql_query("DELETE FROM {$db_prefix}attachments WHERE postid ='$remove_id'");
}
}
mysql_query('
DELETE p.*, pl.*, plv.*
FROM ' . $db_prefix . 'posts p
LEFT JOIN ' . $db_prefix . 'polls pl
ON p.topic_id = pl.topic_id
LEFT JOIN ' . $db_prefix . 'polls_votes plv
ON pl.id = plv.poll_id
WHERE forum_id = ' . $category_post_id
);
mysql_query("DELETE FROM {$db_prefix}categories WHERE id ='$category_post_id'");
mysql_query("DELETE FROM {$db_prefix}permissions WHERE forum_id ='$category_post_id'");
mysql_query('DELETE FROM ' . $db_prefix . 'moderators WHERE forum_id = ' . $category_post_id);
$query3 = "select PARENT, ID from {$db_prefix}categories WHERE PARENT='$category_post_id' ORDER BY ID desc" ;
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
while ($results3 = mysql_fetch_array($result3))
{
$parent = $results3['PARENT'];
$id = $results3['ID'];
$query212 = "select ID from {$db_prefix}posts WHERE FORUM_ID='$id'" ;
$result212 = mysql_query($query212) or die("delete.php - Error in query: $query212") ;
while ($results212 = mysql_fetch_array($result212))
{
$remove_id = $results212['ID'];
// first, delete attachments associated with these posts...
$query2121 = "select FILENAME from {$db_prefix}attachments WHERE POSTID='$remove_id'" ;
$result2121 = mysql_query($query2121) or die("delete.php - Error in query: $query2121") ;
while ($results2121 = mysql_fetch_array($result2121))
{
$filename = strip_slashes($results2121['FILENAME']);
foreach (glob("uploads/attachments/$filename") as $filename)
{
unlink($filename);
}
foreach (glob("uploads/attachments/t_$filename") as $filename)
{
unlink($filename);
}
mysql_query("DELETE FROM {$db_prefix}attachments WHERE postid ='$remove_id'");
}
}
mysql_query('
DELETE p.*, pl.*, plv.*
FROM ' . $db_prefix . 'posts p
LEFT JOIN ' . $db_prefix . 'polls pl
ON p.topic_id = pl.topic_id
LEFT JOIN ' . $db_prefix . 'polls_votes plv
ON pl.id = plv.poll_id
WHERE forum_id = ' . $id
);
mysql_query("DELETE FROM {$db_prefix}categories WHERE id ='$id'");
mysql_query("DELETE FROM {$db_prefix}permissions WHERE forum_id ='$id'");
mysql_query('DELETE FROM ' . $db_prefix . 'moderators WHERE forum_id = ' . $id);
$query31 = "select PARENT, ID from {$db_prefix}categories WHERE PARENT='$id' ORDER BY ID desc" ;
$result31 = mysql_query($query31) or die("categories.php - Error in query: $query31") ;
while ($results31 = mysql_fetch_array($result31))
{
$sub_parent = $results31['PARENT'];
$sub_id = $results31['ID'];
$query212 = "select ID from {$db_prefix}posts WHERE FORUM_ID='$sub_id'" ;
$result212 = mysql_query($query212) or die("delete.php - Error in query: $query212") ;
while ($results212 = mysql_fetch_array($result212))
{
$remove_id = $results212['ID'];
// first, delete attachments associated with these posts...
$query2121 = "select FILENAME from {$db_prefix}attachments WHERE POSTID='$remove_id'" ;
$result2121 = mysql_query($query2121) or die("delete.php - Error in query: $query2121") ;
while ($results2121 = mysql_fetch_array($result2121))
{
$filename = strip_slashes($results2121['FILENAME']);
foreach (glob("uploads/attachments/$filename") as $filename)
{
unlink($filename);
}
foreach (glob("uploads/attachments/t_$filename") as $filename)
{
unlink($filename);
}
mysql_query("DELETE FROM {$db_prefix}attachments WHERE postid ='$remove_id'");
}
}
mysql_query('
DELETE p.*, pl.*, plv.*
FROM ' . $db_prefix . 'posts p
LEFT JOIN ' . $db_prefix . 'polls pl
ON p.topic_id = pl.topic_id
LEFT JOIN ' . $db_prefix . 'polls_votes plv
ON pl.id = plv.poll_id
WHERE forum_id = ' . $sub_id
);
mysql_query("DELETE FROM {$db_prefix}categories WHERE id ='$sub_id'");
mysql_query("DELETE FROM {$db_prefix}permissions WHERE forum_id ='$sub_id'");
mysql_query('DELETE FROM ' . $db_prefix . 'moderators WHERE forum_id = ' . $sub_id);
}
}
// perform auto-cache
include "scripts/php/auto_cache.php";
# Re-cache moderators
$Cache->delete('moderators');
template_hook("pages/admin/categories.template.php", "form_1");
nova_redirect("index.php?page=admin&act=categories","admin/categories");
}
else
{
nova_redirect('index.php?page=error&error=28', 'error/28');
}
}
}
elseif ($_POST['post_form']!=''){
$token_id = escape_string($_POST['token_id']);
$token_name = "token_categories_reorder_$token_id";
if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name]){
$query3 = "select ID from {$db_prefix}categories ORDER BY ID desc LIMIT 1" ;
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$last = mysql_result($result3, 0);
$counted="1";
for ( $counter = $counted; $counter <= $last; $counter += 1) {
$forum_order="forum_order"."$counter";
$forum_id="forum_id"."$counter";
$forum_id=escape_string($_POST[$forum_id]);
$forum_order=escape_string($_POST[$forum_order]);
mysql_query("UPDATE {$db_prefix}categories SET forum_order='$forum_order' WHERE id='$forum_id'");
}
template_hook("pages/admin/categories.template.php", "form_2");
nova_redirect("index.php?page=admin&act=categories","admin/categories");
}
else{
nova_redirect("index.php?page=error&error=28","error/28");
}
}
elseif ($_POST['new_forum_form'] != '')
{
$token_id = escape_string($_POST['token_id']);
$token_name = "token_categories_new_$token_id";
if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name])
{
$forum_name = escape_string($_POST['name']);
$forum_description = escape_string($_POST['description']);
$forum_rules = escape_string($_POST['forum_rules']);
$forum_parent = escape_string($_POST['parent']);
$forum_read_only = escape_string($_POST['read_only']);
$forum_post_count = escape_string($_POST['post_count']);
$forum_theme = escape_string($_POST['forum_theme']);
if ( ($_POST['redirect_url'] != '') && (!stristr($_POST['redirect_url'], "http://")) && (!stristr($_POST['redirect_url'], "ftp://")) && (!stristr($_POST['redirect_url'], "https://")) )
{
$redirect_url = "http://" . escape_string($_POST['redirect_url']);
}
else
{
$redirect_url = escape_string($_POST['redirect_url']);
}
mysql_query("INSERT INTO {$db_prefix}categories (name, description, forum_rules, parent, forum_order, read_only, post_count, theme, redirect_url) VALUES ('$forum_name', '$forum_description', '$forum_rules', '$forum_parent', '0', '$forum_read_only', '$forum_post_count', '$forum_theme', '$redirect_url')");
// now go to the permissions page...
$query3 = "select ID from {$db_prefix}categories ORDER BY ID desc LIMIT 1" ;
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$last = mysql_result($result3, 0);
// perform auto-cache
include "scripts/php/auto_cache.php";
template_hook("pages/admin/categories.template.php", "form_3");
nova_redirect("index.php?page=admin&act=permissions&id=$last","admin/permissions/$last");
}
else
{
nova_redirect("index.php?page=error&error=28","error/28");
}
}
elseif($_POST['post_edit_form'] != '')
{
$id = escape_string($_POST['id']);
$token_id = escape_string($_POST['token_id']);
$token_name = "token_categories_edit_$id$token_id";
if (isset($_POST[$token_name]) && isset($_SESSION[$token_name]) && $_SESSION[$token_name] == $_POST[$token_name])
{
$forum_name=escape_string($_POST['name']);
$forum_description=escape_string($_POST['description']);
$forum_rules=escape_string($_POST['forum_rules']);
$forum_parent=escape_string($_POST['parent']);
$forum_read_only=escape_string($_POST['read_only']);
$forum_post_count=escape_string($_POST['post_count']);
$forum_theme=escape_string($_POST['forum_theme']);
if ( ($_POST['redirect_url'] != '') && (!stristr($_POST['redirect_url'], "http://")) && (!stristr($_POST['redirect_url'], "ftp://")) && (!stristr($_POST['redirect_url'], "https://")) )
{
$redirect_url = "http://" . escape_string($_POST['redirect_url']);
}
else
{
$redirect_url = escape_string($_POST['redirect_url']);
}
mysql_query("UPDATE {$db_prefix}categories SET name='$forum_name', description='$forum_description', forum_rules='$forum_rules', parent='$forum_parent', read_only='$forum_read_only', post_count='$forum_post_count', theme='$forum_theme', redirect_url='$redirect_url' WHERE id = '$id' ");
template_hook("pages/admin/categories.template.php", "form_4");
nova_redirect("index.php?page=admin&act=categories","admin/categories");
}
else
{
nova_redirect("index.php?page=error&error=28","error/28");
}
}
elseif($_GET['func'] == 'edit')
{
$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));
$category_edit_id = (int) $_GET['id'];
$token_name = "token_categories_edit_$category_edit_id$token_id";
$_SESSION[$token_name] = $token;
$query3 = "select ID, NAME, DESCRIPTION, FORUM_RULES, PARENT, READ_ONLY, POST_COUNT, THEME, REDIRECT_URL from {$db_prefix}categories WHERE ID='$category_edit_id'" ;
$result3 = mysql_query($query3) or die("attachments.php - Error in query: $query3") ;
while ($results3 = mysql_fetch_array($result3))
{
$id = $results3['ID'];
$name = strip_slashes($results3['NAME']);
$description = strip_slashes($results3['DESCRIPTION']);
$forum_rules = strip_slashes($results3['FORUM_RULES']);
$parent = $results3['PARENT'];
$read_only = $results3['READ_ONLY'];
$post_count = $results3['POST_COUNT'];
$forum_theme = strip_slashes($results3['FORUM_THEME']);
$redirect_url = strip_slashes($results3['REDIRECT_URL']);
$forum_rules = str_replace("<br />", "", $forum_rules);
$query31 = "select NAME from {$db_prefix}categories WHERE ID='$parent'" ;
$result31 = mysql_query($query31) or die("attachments.php - Error in query: $query31") ;
$parent_name = strip_slashes(mysql_result($result31, 0));
template_hook("pages/admin/categories.template.php", "5");
$query34 = "select ID, NAME, PARENT from {$db_prefix}categories WHERE PARENT='0' AND ID!='$id'";
$result34 = mysql_query($query34) or die("attachments.php - Error in query: $query34") ;
while ($results34 = mysql_fetch_array($result34))
{
$id = $results34['ID'];
$name = strip_slashes($results34['NAME']);
$parent = $results34['PARENT'];
template_hook("pages/admin/categories.template.php", "6");
$query4 = "select ID, NAME from {$db_prefix}categories WHERE PARENT='$id' AND ID!='$category_edit_id'";
$result4 = mysql_query($query4) or die("categories.php - Error in query: $query4") ;
while ($results4 = mysql_fetch_array($result4))
{
$id = $results4['ID'];
$name = strip_slashes($results4['NAME']);
template_hook("pages/admin/categories.template.php", "7");
}
}
template_hook("pages/admin/categories.template.php", "8");
list_themes("themes/");
template_hook("pages/admin/categories.template.php", "27");
}
}
elseif ($_GET['func'] == 'new')
{
$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));
$token_name = "token_categories_new_$token_id";
$_SESSION[$token_name] = $token;
template_hook("pages/admin/categories.template.php", "10");
if ($_GET['id'] != '')
{
$id = escape_string($_GET['id']);
$query3 = "select ID, NAME, PARENT from {$db_prefix}categories WHERE ID='$id'";
}
else
{
$query3 = "select ID, NAME, PARENT from {$db_prefix}categories WHERE PARENT='0'";
echo "<option value='0'>".$lang_admin['categories_edit_parent_no']."</option>";
}
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
while ($results3 = mysql_fetch_array($result3))
{
$id = $results3['ID'];
$name = strip_slashes($results3['NAME']);
$parent = $results3['PARENT'];
template_hook("pages/admin/categories.template.php", "11");
if ($_GET['id'] != '')
{
$query4 = "select ID, NAME from {$db_prefix}categories WHERE PARENT='$id'";
$result4 = mysql_query($query4) or die("categories.php - Error in query: $query4") ;
while ($results4 = mysql_fetch_array($result4))
{
$id = $results4['ID'];
$name = strip_slashes($results4['NAME']);
template_hook("pages/admin/categories.template.php", "12");
}
}
}
template_hook("pages/admin/categories.template.php", "13");
list_themes("themes/");
template_hook("pages/admin/categories.template.php", "26");
}
else
{
$token_id = md5(microtime());
$token = md5(uniqid(rand(),true));
$token_name = "token_categories_reorder_$token_id";
$_SESSION[$token_name] = $token;
template_hook("pages/admin/categories.template.php", "14");
$query3 = "select ID, NAME, DESCRIPTION, FORUM_ORDER from {$db_prefix}categories WHERE PARENT='0' ORDER BY FORUM_ORDER, ID asc" ;
$result3 = mysql_query($query3) or die("categories.php - Error in query: $query3") ;
$number_of_forums=mysql_num_rows($result3);
while ($results3 = mysql_fetch_array($result3)){
$id = $results3['ID'];
$parent_id = $results3['ID'];
$name = strip_slashes($results3['NAME']);
$description = strip_slashes($results3['DESCRIPTION']);
$forum_order = $results3['FORUM_ORDER'];
template_hook("pages/admin/categories.template.php", "15");
$root_counter="1";
for ( $root_counter = $counted; $root_counter <= $number_of_forums; $root_counter += 1) {
template_hook("pages/admin/categories.template.php", "16");
}
template_hook("pages/admin/categories.template.php", "17");
$query4 = "select ID, NAME, DESCRIPTION, FORUM_ORDER, READ_ONLY from {$db_prefix}categories WHERE PARENT='$id' ORDER BY FORUM_ORDER, ID asc" ;
$result4 = mysql_query($query4) or die("categories.php - Error in query: $query4") ;
$number_of_sub_forums=mysql_num_rows($result4);
while ($results4 = mysql_fetch_array($result4)){
$id = $results4['ID'];
$name = strip_slashes($results4['NAME']);
$read_only = $results4['READ_ONLY'];
$description = strip_slashes($results4['DESCRIPTION']);
$forum_order = $results4['FORUM_ORDER'];
$sub_counter="1";
template_hook("pages/admin/categories.template.php", "18");
for ( $sub_counter = $counted; $sub_counter <= $number_of_sub_forums; $sub_counter += 1) {
template_hook("pages/admin/categories.template.php", "19");
}
template_hook("pages/admin/categories.template.php", "20");
// sub-forums...
$sub_counter_two="0";
$query_sub = "select ID, NAME, DESCRIPTION, FORUM_ORDER, READ_ONLY from {$db_prefix}categories WHERE PARENT='$id' ORDER BY FORUM_ORDER, ID asc" ;
$result_sub = mysql_query($query_sub) or die("categories.php - Error in query: $query_sub") ;
$number_of_sub_forums_two=mysql_num_rows($result_sub);
while ($results_sub = mysql_fetch_array($result_sub)){
$id = $results_sub['ID'];
$name = strip_slashes($results_sub['NAME']);
$read_only = $results_sub['READ_ONLY'];
$description = strip_slashes($results_sub['DESCRIPTION']);
$forum_order_two = $results_sub['FORUM_ORDER'];
$sub_counter_two="1";
template_hook("pages/admin/categories.template.php", "21");
for ( $sub_counter_two = $counted_two; $sub_counter_two <= $number_of_sub_forums_two; $sub_counter_two += 1) {
template_hook("pages/admin/categories.template.php", "22");
}
template_hook("pages/admin/categories.template.php", "23");
}
}
template_hook("pages/admin/categories.template.php", "24");
}
template_hook("pages/admin/categories.template.php", "25");
}
template_hook("pages/admin/categories.template.php", "end");
?>