Location: PHPKode > projects > phpBannerEx > editsite.php
<?
################################################################################################
#
#  project           	: phpBannerEx
#  filename          	: editsite.php
#  last modified by  	: 
#  e-mail            	: hide@address.com
#  purpose           	: Edit a Site-entry
#
#################################################################################################


#  Include Configs & Variables
#################################################################################################
require("admin/config.php");
require("library.php");

db_connect();
ReadConfig();

$user = authorize();

if($user[ur_id] == 1) {
  unauthorize();
  print "<script>document.location=document.location; </script>";
}


function main_list() {
  global $lang, $user;

  echo "<form name=\"frmBann\" method=post>\n";
  echo "<h1>".get_msg(sites,$lang)."</h1>\n";
  echo "<table class=list width=50%>\n";
  echo "  <tr>\n";
  echo "    <th class=list>".get_msg(sitecode,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(sitetitle,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(shows,$lang)."</th>\n";
  echo "    <th class=list>".get_msg(clicks,$lang)."</th>\n";
  echo "    <th width=60 class=list>".get_msg(delete,$lang)."</th>\n";
  echo "  </tr>\n";
  $sql = "SELECT * FROM site WHERE st_user_ref='$user[ur_id]' ORDER BY st_id"; $res = db_query($sql);
  while($row = mysql_fetch_array($res)) {
    echo "  <tr>\n";
    echo "    <td class=list><a href=\"help.php?lang=$lang&id=$row[st_id]\"> $row[st_id] </a></td>\n";
    echo "    <td class=list><a href=\"editsite.php?lang=$lang&act=mod_form&bid=$row[st_id]\">$row[st_name]</a></td>\n";
    $ratio = 0;
    if ($row[st_show_me] > 0 ) { $ratio = $row[st_show_my]/$row[st_show_me]; }
    echo "    <td class=list>".sprintf("%d / %d (%3.2f)",$row[st_show_my],$row[st_show_me],$ratio)."</td>\n";
    echo "    <td class=list>$row[st_click_my]</td>\n";
    echo "    <td class=list><a href=\"editsite.php?lang=$lang&act=del&bid=$row[st_id]\">".get_msg(delete,$lang)."</a></td>\n";
    echo "   </tr>\n";
  }
  echo "</table>\n";
  echo "</form>\n";
}

function mod_form() {
  global $auto_entersize, $max_banner_height, $max_banner_width,
         $show_categories, $lang, $bid, $user;

  $sql = "SELECT * FROM site WHERE st_id='$bid' AND st_user_ref='$user[ur_id]'";
  $ban = mysql_fetch_array(db_query($sql));

  if ($show_categories) {
    if($lang) {
      $sql = "SELECT ct_id, cl_name FROM cat LEFT JOIN cat_l ON (ct_id = cl_cat_ref) WHERE cl_lang_ref='$lang' ORDER BY cl_name";
    } else {
      $sql = "SELECT ct_id, ct_name FROM cat ORDER BY ct_name";
    }
    $res = db_query($sql);

    $catstr.="<div class=\"mainleft\">".get_msg(category,$lang).":<br></div>\n";
    $catstr.="<select name=\"st_cat_ref\">";
    while ($row = mysql_fetch_row($res)) {
      $catstr.= "<option value=\"$row[0]\"";
      if($row[0] == $ban[st_cat_ref]) { $catstr .= " selected"; }
      $catstr .= ">$row[1]</option>\n";
    }
    $catstr.="</select><br>\n";
  }

  echo "<table class=\"standard\">\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\"><center><b>".get_msg(modyoursite,$lang)."</b></center></td>\n";
  echo "  </tr>\n";
  echo "  <tr>\n";
  echo "    <td class=\"standard\">\n";
  echo "      <FORM ACTION=\"editsite.php\" METHOD=\"POST\" ENCTYPE=\"multipart/form-data\">\n";
  echo "        <div class=\"mainleft\">".get_msg(siteurl,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"st_url\" VALUE=\"$ban[st_url]\" SIZE=\"60\" MAXLENGTH=\"200\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(sitetitle,$lang).":<br></div>\n";
  echo "        <INPUT TYPE=\"text\" NAME=\"st_name\" VALUE=\"$ban[st_name]\" SIZE=\"60\" MAXLENGTH=\"100\">\n";
  echo "        <br>\n";
  echo "        <div class=\"mainleft\">".get_msg(sitedesc,$lang).":<br></div>\n";
  echo "        <textarea NAME=\"st_desc\" cols=45 rows=7>$ban[st_desc]</textarea>\n";
  echo "        $catstr\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"act\" VALUE=\"mod_site\">\n";
  echo "        <INPUT TYPE=\"hidden\" NAME=\"bid\" VALUE=\"$bid\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "        <div class=\"mainleft\">".get_msg(banner,$lang).":<br></div>\n";
  echo "        <img src=\"adm_show.php?id=$ban[st_id]\">\n";
  echo "        <br>\n";
  echo "        <input type=\"submit\" value=\"".get_msg(submit,$lang)."\" onclick=\"exit=false\" >\n";
  echo "      </FORM>\n";
  echo "    </td>\n";
  echo "  </tr>\n";
  echo "</table>\n";
}

function mod_site() {
  global $st_url, $st_name, $st_desc, $st_cat_ref,
         $max_banner_height, $max_banner_width,
         $webmasterapproval, $emailapproval, $user, $lang, $bid,
         $notify_email;

  # check duplicate
  $sql = "SELECT st_url FROM site WHERE st_url='$st_url' AND st_id != '$bid'";
  $res = db_query($sql);
  $row = mysql_fetch_row($res);
  $dup = ($row[0] == $st_url);

  // Check Input
  if(!$st_url || ($st_url == "http://") || !$st_name || !$st_desc ||
     check_bad_words($st_desc) || check_bad_words($st_name)
     || $dup) {

    echo "<table class=\"standard\">\n";
    echo "  <tr>\n";
    echo "    <td class=\"standard\">\n";
    echo "      <center><b>".get_msg(error,$lang)."<hr></b></center>\n";
    echo "    </td>\n";
    echo "  </tr>\n";
    echo "    <td class=\"standard\">\n";

    if($dup)                  { echo get_msg(error_duplicate,$lang)."<br>\n"; }
    if(!$st_url)              { echo get_msg(error_emptysiteurl,$lang)."<br>\n"; }
    if($st_url == "http://")  { echo get_msg(error_emptysiteurl,$lang)."<br>\n"; }
    if(!$st_name)             { echo get_msg(error_emptysitename,$lang)."<br>\n"; }
    if(!$st_desc)             { echo get_msg(error_emptysitedesc,$lang)."<br>\n"; }

    if(check_bad_words($st_name)) { echo get_msg(error_badsitename,$lang)."<br>\n"; }
    if(check_bad_words($st_desc)) { echo get_msg(error_badsitedesc,$lang)."<br>\n"; }

    echo "    </td>\n";
    echo "  </tr>\n";
    echo "</table>\n";
    echo "</center>\n";

  } else {

    // What it does if the forms are all correct
    $st_name = addslashesnew(strip_tags($st_name));
    $st_desc = addslashesnew(strip_tags($st_desc));
    if (!$st_cat_ref) { $st_cat_ref = 0; }

    $sql = "UPDATE site SET st_cat_ref='$st_cat_ref', st_name='$st_name',
           st_url='$st_url', st_desc='$st_desc'";
    if ($webmasterapproval) { $sql .= ",st_status = 0"; }
    $sql .= " WHERE st_id='$bid' AND st_user_ref='$user[ur_id]'";
    $res = db_query($sql);
    $st_id = mysql_insert_id();

    // takes out all slashes then sends out emails

    $st_name = stripslashes($st_name);
    $st_desc = stripslashes($st_desc);
    if($notify_email){
      #mail_modnotifyadm($user,$st_id,$st_name,$st_url,$st_desc);
    }

    if ($webmasterapproval) {
      echo "<table class=\"standard\">\n";
      echo "  <tr>\n";
      echo "    <td class=\"standard\">\n";
      echo "      <center><b>".get_msg(modthanks,$lang)."</b></center>\n";
      echo "    </td>\n";
      echo "  </tr>\n";
      echo "  <tr>\n";
      echo "    <td class=\"standard\">\n";
      echo get_msg(addapproval,$lang)."<p>\n";
      echo "    </td>\n";
      echo "  </tr>\n";
      echo "</table>";
    }
  }

  echo "<p>\n";
  echo "<FORM action=\"editsite.php\" method=\"POST\">\n";
  echo "<INPUT TYPE=\"submit\" name=\"Done_submit\" onclick=\"exit=false\" VALUE=\"".get_msg(done,$lang)."\">\n";
  if(isset($lang)) { echo "        <INPUT TYPE=\"hidden\" NAME=\"lang\" VALUE=\"$lang\">\n"; }
  echo "</FORM>\n";
  echo "<p>\n";
}

function del_site() {
  global $bid, $user;

  $sql = "DELETE FROM site WHERE st_id = '$bid' AND st_user_ref='$user[ur_id]'";
  $res = db_query($sql);

  main_list();
}

include($editheader);

include("menu.inc");

if(!$act)  { main_list(); }

if($act == "mod_form") { mod_form(); }
if($act == "mod_site") { mod_site(); }
if($act == "del")      { del_site(); }

include($editfooter);

?>
Return current item: phpBannerEx