Location: PHPKode > projects > PluggedOut Blog > admin/exec.php
<?php
/*
#===========================================================================
#= Project: PluggedOut Blog
#= File   : admin/exec.php
#= Version: 1.9.9i (2006-08-31)
#= Author : Jonathan Beckett
#= Email  : hide@address.com
#= Website: http://www.pluggedout.com/index.php?pk=dev_blog
#= Support: http://www.pluggedout.com/development/forums/viewforum.php?f=26
#===========================================================================
#= Copyright (c) 2005 Jonathan Beckett
#= You are free to use and modify this script as long as this header
#= section stays intact. This file is part of PluggedOut Blog.
#=
#= This program is free software; you can redistribute it and/or modify
#= it under the terms of the GNU General Public License as published by
#= the Free Software Foundation; either version 2 of the License, or
#= (at your option) any later version.
#=
#= This program is distributed in the hope that it will be useful,
#= but WITHOUT ANY WARRANTY; without even the implied warranty of
#= MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#= GNU General Public License for more details.
#=
#= You should have received a copy of the GNU General Public License
#= along with CMS files; if not, write to the Free Software
#= Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
#===========================================================================
*/

require "../lib/config.php";
require "../lib/database.php";
require "../lib/session.php";
require "../lib/misc.php";
require "lib/feedcreator.class.php";


// Description : Handles a login attempt
// Arguments   : username - the user name
//               password - the user password
// Returns     : true / false
// Last Change : 2006-04-02
// Author      : Jonathan Beckett (hide@address.com)
function user_login($username,$password){

	global $db_prefix;

	$con = db_connect();

	$username = mysql_escape_string($username);
	$password = mysql_escape_string(crypt($password,$username));

	$sql = "SELECT * FROM ".$db_prefix."users WHERE cUsername='".$username."' AND cPassword='".$password."'";
	$result = mysql_query($sql,$con);
	if ($result!=false){
		if (mysql_num_rows($result)>0){

			// user found
			$row = mysql_fetch_array($result);

			// initialise session variables
			$_SESSION["blog_userid"]=$row["nUserId"];
			$_SESSION["blog_username"]=stripslashes($row["cUsername"]);

			// put the session variables into cookies
			setcookie("pluggedout_blog",$password,time()+3600*24*30);

			$login_result = true;

		} else {

			// user not found

			// unset the session variables (redundant, but we do it anyway)
			unset($_SESSION["blog_userid"]);
			unset($_SESSION["blog_username"]);

			$login_result = false;
		}
	} else {
		report_problem(1,"user_login ".$sql);
	}

	db_disconnect($con);

	return $login_result;
}


// Description : Logs the user out of the admin interface
// Arguments   : None
// Returns     : True / False
// Last Change : 2006-04-02
// Author      : Jonathan Beckett (hide@address.com)
function user_logout(){

	if (isset($_SESSION["blog_userid"])){

		// destroy cookies (blank them, and set to exire in the past)
		setcookie ("pluggedout_blog", "", time() - 3600);

		// destroy session variables
		unset($_SESSION["blog_userid"]);
		unset($_SESSION["blog_username"]);

		return true;

	} else {
		header("Location: index.php");
	}
}


function theme_set($theme){
	if (isset($_SESSION["blog_userid"])){

		$result = set_setting("theme",$theme);
		return $result;

	} else {
		header("Location: index.php");
	}
}

function user_add(){

	if (isset($_SESSION["blog_userid"])){

		global $db_prefix;

		// default the result
		$result = true;

		// username and password are mandatory
		if (isset($_REQUEST["username"]) && isset($_REQUEST["password"])){

			$username = mysql_escape_string(strip_tags($_REQUEST["username"]));
			$password = mysql_escape_string(crypt(strip_tags($_REQUEST["password"]),$username));
			$email = mysql_escape_string(strip_tags($_REQUEST["email"]));
			$role = mysql_escape_string($_REQUEST["role"]);

			$sql = "INSERT INTO ".$db_prefix."users (cUsername,cPassword,cEMail,cRole)"
				." VALUES ("
				."'".$username."'"
				.",'".$password."'"
				.",'".$email."'"
				.",'".$role."'"
				.")";

			$con = db_connect();
			$result = mysql_query($sql,$con);
			db_disconnect($con);

			if ($result!=false){
				$result = true;
			}
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function user_edit(){

	if (isset($_SESSION["blog_userid"])){

		global $db_prefix;

		// default the result
		$result = true;

		// entryid and username are mandatory
		if (isset($_REQUEST["userid"]) && isset($_REQUEST["username"])){

			$username = mysql_escape_string($_REQUEST["username"]);
			$email = mysql_escape_string($_REQUEST["email"]);
			$role = mysql_escape_string($_REQUEST["role"]);

			$con = db_connect();

			$sql = "UPDATE ".$db_prefix."users SET"
				." cUsername='".$username."'"
				.",cEMail='".$email."'"
				.",cRole='".$role."'"
				." WHERE nUserId=".$_REQUEST["userid"];

			$result = mysql_query($sql,$con);

			if ($result!=false){

				if (isset($_REQUEST["user_password"])){
					if ($_REQUEST["user_password"]!=""){
						$password = mysql_escape_string(crypt($_REQUEST["user_password"],$username));
						$sql = "UPDATE ".$db_prefix."users SET cPassword='".$password."' WHERE nUserId=".$_REQUEST["userid"];
						$con = db_connect();
						$result = mysql_query($sql,$con);
					}
				}

			} else {
				// problem with SQL
			}

			// make sure the result gives back true if it is not false
			// (php uses loose typing to hold more than one datatype in results sometimes)
			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

		} else {
			// problem
		}

		return $result;

	} else {
		header("Location: index.php");
	}

}

function user_remove(){

	if (isset($_SESSION["blog_userid"])){

		global $db_prefix;

		$result = true;

		if (isset($_REQUEST["userid"]) && isset($_REQUEST["replaceid"])){

			$con = db_connect();

			// rewrite the nUserAdded and nUserEdited fields in Entry records
			$sql = "UPDATE ".$db_prefix."entries SET nUserAdded=".$_REQUEST["replaceid"].",nUserEdited=".$_REQUEST["replaceid"];
			$result = mysql_query($sql,$con);

			// remove the user record
			$sql = "DELETE FROM ".$db_prefix."users WHERE nUserId=".$_REQUEST["userid"];
			$result = mysql_query($sql,$con);

			db_disconnect($con);
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function entry_add(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		if (isset($_REQUEST["title"]) && isset($_REQUEST["body"]) && isset($_REQUEST["dateadded"])){

			$con = db_connect();

			$title = mysql_escape_string(addslashes($_REQUEST["title"]));
			$body = mysql_escape_string(addslashes($_REQUEST["body"]));
			$date_added = $_REQUEST["dateadded"];

			// needs to be set according to user type
			$role = get_user_role($_SESSION["blog_userid"]);
			if ($role!="contributor"){
				$status = $_REQUEST["status"];
			} else {
				$status = "U";
			}

			// prepare data for basic entry insert
			$sql = "INSERT INTO ".$db_prefix."entries (cTitle,dAdded,dEdited,cBody,cStatus,nUserAdded,nUserEdited)"
				." VALUES ("
				."'".$title."'"
				.",'".$date_added."'"
				.",now()"
				.",'".$body."'"
				.",'".$status."'"
				.",".$_SESSION["blog_userid"]
				.",".$_SESSION["blog_userid"]
				.")";

			$result = mysql_query($sql,$con);
			if ($result!=false){
			} else {
				//print $sql;
			}

			$entryid = mysql_insert_id();

			// loop through the request object and single out the 'catXX' entries
			foreach ($_REQUEST as $key=>$value){
				if (substr($key,0,3)=="cat" && $key!="cat_count"){
					// figure out the cat number
					$catnum = substr($key,3,strlen($key)-3);
					$sql = "INSERT INTO ".$db_prefix."entry_categories (nEntryId,nCategoryId)"
						." VALUES (".$entryid.",".$catnum.")";
					$result = mysql_query($sql,$con);
				}
			}

			db_disconnect($con);

			// update the RSS feed XML file
			generate_feed();

		} else {
			// missing information
			header("Location: problem.php");
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function entry_edit(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		$result = true;

		if (isset($_REQUEST["entryid"])){

			$con = db_connect();

			$entryid = $_REQUEST["entryid"];

			$title = mysql_escape_string(addslashes($_REQUEST["title"]));
			$body = mysql_escape_string(addslashes($_REQUEST["body"]));
			$dateadded = mysql_escape_string($_REQUEST["dateadded"]);

			$role = get_user_role($_SESSION["blog_userid"]);
			if ($role!="contributor"){
				$status = $_REQUEST["status"];
			} else {
				$status = "U";
			}

			// make changes to the entry
			$sql = "UPDATE ".$db_prefix."entries SET"
				." cTitle='".$title."'"
				.",dAdded='".$dateadded."'"
				.",cStatus='".$status."'"
				.",dEdited=now()"
				.",nUserEdited=".$_SESSION["blog_userid"]
				.",cBody='".$body."'"
				." WHERE nEntryid=".$entryid;

			$result = mysql_query($sql,$con);

			if ($result!=false){

				// remove category records
				$sql = "DELETE FROM ".$db_prefix."entry_categories WHERE nEntryId=".$entryid;
				$result = mysql_query($sql,$con);

				// insert new category records
				$cat_count = $_REQUEST["catcount"];

				// loop through the request object and single out the 'catXX' entries
				foreach ($_REQUEST as $key=>$value){
					if (substr($key,0,3)=="cat" && $key!="cat_count"){
						// figure out the cat number
						$catnum = substr($key,3,strlen($key)-3);
						$sql = "INSERT INTO ".$db_prefix."entry_categories (nEntryId,nCategoryId)"
							." VALUES (".$entryid.",".$catnum.")";
						$result = mysql_query($sql,$con);
					}
				}

			} else {
				print "problem with sql<br>".$sql;
			}

			db_disconnect($con);

			// update the RSS feed XML file
			generate_feed();
			
		} else {
			$result = false;
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function entry_remove(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		if (isset($_REQUEST["entryid"])){
			$entryid = $_REQUEST["entryid"];

			$con = db_connect();

			// remove the entry
			$sql = "DELETE FROM ".$db_prefix."entries WHERE nEntryId=".$entryid;
			$result = mysql_query($sql,$con);

			// remove the associated categories			
			$sql = "DELETE FROM ".$db_prefix."entry_categories WHERE nEntryId=".$entryid;
			$result = mysql_query($sql,$con);

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

			// update the RSS feed XML file
			generate_feed();
			
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function entry_publish(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		if (isset($_REQUEST["entryid"])){
			$entryid = $_REQUEST["entryid"];

			$con = db_connect();

			$sql = "UPDATE ".$db_prefix."entries SET cStatus='P' WHERE nEntryId=".$entryid;

			$result = mysql_query($sql,$con);

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

			// update the RSS feed XML file
			generate_feed();
			
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function entry_unpublish(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		if (isset($_REQUEST["entryid"])){
			$entryid = $_REQUEST["entryid"];

			$con = db_connect();

			$sql = "UPDATE ".$db_prefix."entries SET cStatus='U' WHERE nEntryId=".$entryid;

			$result = mysql_query($sql,$con);

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

			// update the RSS feed XML file
			generate_feed();
			
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function category_add(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		$result = true;

		if (isset($_REQUEST["category_name"])){

			$con = db_connect();

			// first, check if the category already exists
			$sql = "SELECT * FROM ".$db_prefix."categories WHERE cCategoryName='".mysql_escape_string($_REQUEST["category_name"])."'";
			$result = mysql_query($sql,$con);
			if ($result!=false){
				$count = mysql_num_rows($result);
			} else {
				// problem
			}

			// if the category does not exist, add it
			if ($count==0){
				$sql = "INSERT INTO ".$db_prefix."categories (cCategoryName) VALUES ('".mysql_escape_string(strip_tags($_REQUEST["category_name"]))."')";
				$result = mysql_query($sql,$con);
			}

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

		} else {
			$result = false;
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function category_edit(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		$result = true;

		if (isset($_REQUEST["categoryid"]) && isset($_REQUEST["category_name"])){

			$con = db_connect();

			// first, check if the category name already exists
			$sql = "SELECT * FROM ".$db_prefix."categories WHERE cCategoryName='".mysql_escape_string($_REQUEST["category_name"])."'";
			$result = mysql_query($sql,$con);
			if ($result!=false){
				$count = mysql_num_rows($result);
			} else {
				// problem
			}

			// if the category does not exist, add it
			if ($count==0){
				$sql = "UPDATE ".$db_prefix."categories SET cCategoryName='".mysql_escape_string(strip_tags($_REQUEST["category_name"]))."' WHERE nCategoryId=".$_REQUEST["categoryid"];
				$result = mysql_query($sql,$con);
			}

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

		} else {
			$result = false;
		}

		return $result;

	} else {
		header("Location: index.php");
	}
}


function category_remove(){

	if ($_SESSION["blog_userid"]!=""){

		global $db_prefix;

		if (isset($_REQUEST["categoryid"])){

			$categoryid = $_REQUEST["categoryid"];

			$con = db_connect();

			$sql = "DELETE FROM ".$db_prefix."categories WHERE nCategoryId=".$categoryid;

			$result = mysql_query($sql,$con);

			if ($result!=false){
				$result = true;
			}

			db_disconnect($con);

		}

		return $result;

	} else {
		header("Location: index.php");
	}
}

function settings_edit(){

	if ($_SESSION["blog_userid"]!=""){

		// general settings
		$result = set_setting("results_per_page",$_REQUEST["results_per_page"]);
		$result = set_setting("default_entry_list_limit",$_REQUEST["entry_list_limit"]);
		$result = set_setting("parse_smilies",$_REQUEST["parse_smilies"]);
		$result = set_setting("notify_comments",$_REQUEST["notify_comments"]);
		$result = set_setting("rich_editing",$_REQUEST["rich_editing"]);
		$result = set_setting("timedelta",$_REQUEST["timedelta"]);
		$result = set_setting("parse_crlf",$_REQUEST["parse_crlf"]);
		$result = set_setting("banned_words",$_REQUEST["banned_words"]);
		$result = set_setting("comment_code",$_REQUEST["comment_code"]);
		$result = set_setting("comment_order",$_REQUEST["comment_order"]);
		$result = set_setting("verify_comments",$_REQUEST["verify_comments"]);

		// rss specific settings
		$result = set_setting("rss_root_url",$_REQUEST["rss_root_url"]);
		$result = set_setting("rss_title",$_REQUEST["rss_title"]);
		$result = set_setting("rss_description",$_REQUEST["rss_description"]);
		$result = set_setting("rss_language",$_REQUEST["rss_language"]);
		$result = set_setting("rss_copyright",$_REQUEST["rss_copyright"]);
		$result = set_setting("rss_editor",$_REQUEST["rss_editor"]);
		$result = set_setting("rss_webmaster",$_REQUEST["rss_webmaster"]);
		$result = set_setting("rss_category",$_REQUEST["rss_category"]);
		$result = set_setting("rss_ttl",$_REQUEST["rss_ttl"]);
		$result = set_setting("rss_image",$_REQUEST["rss_image"]);
		
		// re-generate the XML feed (the settings may have changed)
		generate_feed();
	}
}

function filebrowse_file_upload(){

	if ($_SESSION["blog_userid"]!=""){
	
		ini_set("memory_limit","10M");
		ini_set("post_max_size","9M");
		ini_set("upload_max_filesize","8M");

		$uploaddir = $_GET["destination"];
		$uploadfile = $uploaddir."/".$_FILES['userfile']['name'];

		if (is_uploaded_file($_FILES['userfile']['tmp_name'])){
			if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
				// successful upload
				chmod($uploadfile, 0755);
				// sorted
				header("Location: index.php?action=file_browse&path=".$_GET["destination"]);
			} else {
				// move failed
				header("Location: index.php?action=problem");
			}
		} else {
			// upload failed
			header("Location: admin.php?action=problem");
		}
	}
}

function filebrowse_file_delete(){

	if ($_SESSION["blog_userid"]!=""){

		$filename = $_GET["file"];
		if ($filename!=""){
			// get path from filename
			unlink($filename);
			header("Location: index.php?action=file_browse&path=".$_GET["path"]);
		} else {
			header("Location: index.php?action=problem");
		}
	}
}

function filebrowse_directory_create(){
	if ($_POST["directory"]!=""){
		// check the directory name is valid
		$oldumask = umask(0);
		mkdir($_POST["path"]."/".$_POST["directory"]);
		umask($oldumask);
		chmod($_POST["path"]."/".$_POST["directory"],0777);
		header("Location: index.php?action=file_browse&path=".$_POST["path"]."/".$_POST["directory"]);
	} else {
		header("Location: index.php?action=file_browse&path=".$_POST["path"]);
	}
}

function filebrowse_directory_remove(){
	$directory = $_GET["directory"];
	if ($directory!="") {
		$result =@ rmdir($directory);
		if ($result){
			header("Location: index.php?action=file_browse&path=".$_GET["path"]);
		} else {
			header("Location: index.php?action=file_browse&path=".$_GET["path"]);
		}
	} else {
		header("Location: index.php?action=problem");
	}
}


function comment_edit(){

	if ($_REQUEST["entryid"]!="" && $_REQUEST["commentid"]!=""){

		global $db_prefix;

		$comment_id = $_REQUEST["commentid"];
		$name = mysql_escape_string($_REQUEST["name"]);
		$email = mysql_escape_string($_REQUEST["email"]);
		$url = mysql_escape_string($_REQUEST["url"]);
		$body = mysql_escape_string($_REQUEST["body"]);

		$sql = "UPDATE ".$db_prefix."comments"
			." SET cName='".$name."', cEMail='".$email."', cURL='".$url."', cComment='".$body."'"
			." WHERE nCommentId=".$comment_id;

		$con = db_connect();
		$result = mysql_query($sql,$con);
		if ($result!=false){
			if (isset($_GET["entryid"])){
				header("Location: index.php?action=entry_view&entryid=".$_REQUEST["entryid"]);
			} else {
				// go back to the comment list
				header("Location: index.php?action=comment_list");
			}
		}

	} else {
		$result = false;
	}

	return $result;
}


function template_file_edit(){
	if ($_REQUEST["file"]!=""){
		$file = realpath($_REQUEST["file"]);
		if (file_exists($file)){
			if (is_writable($file)){
				$handle = fopen($file, "w");
				fwrite($handle,stripslashes($_REQUEST["template"]));
				fclose($handle);
				header("Location: index.php?action=template_file_list&theme=".$_REQUEST["theme"]);
			} else {
				header("Location: problem.php?f=edit_template_file&p=file_not_writable");
			}
		} else {
			header("Location: problem.php?f=edit_template_file&p=file_not_found");
		}
	}
}


function comment_remove(){

	if ($_REQUEST["entryid"]!="" && $_REQUEST["commentid"]!=""){

		global $db_prefix;

		$comment_id = $_REQUEST["commentid"];
		$name = mysql_escape_string($_REQUEST["name"]);
		$email = mysql_escape_string($_REQUEST["email"]);
		$url = mysql_escape_string($_REQUEST["url"]);
		$body = mysql_escape_string($_REQUEST["body"]);

		$sql = "DELETE FROM ".$db_prefix."comments"
			." WHERE nCommentId=".$comment_id;

		$con = db_connect();
		$result = mysql_query($sql,$con);
		if ($result!=false){

			// work out how many comments the entry now has
			$sql = "SELECT COUNT(*) AS nCount FROM ".$db_prefix."comments WHERE nEntryId=".$_REQUEST["entryid"];
			$result = mysql_query($sql,$con);
			if ($result!=false){
				$row = mysql_fetch_array($result);
				$num_comments = $row["nCount"];
				$sql = "UPDATE ".$db_prefix."entries SET nComments=".$num_comments." WHERE nEntryId=".$_REQUEST["entryid"];
				$result = mysql_query($sql,$con);
				if ($result!=false){
					if (isset($_GET["entryid"])){
						header("Location: index.php?action=entry_view&entryid=".$_REQUEST["entryid"]);
					} else {
						header("Location: index.php?action=comment_list");
					}
				} else {
					$result = false;
				}
			} else {
				$result = false;
			}
		}

	} else {
		$result = false;
	}

	return $result;
}

function verify_comments(){
	

	global $db_prefix;
	
	$con = db_connect();
		
	// loop through the _POST object and find out which comments need
	// to be approved, or removed
	foreach($_POST as $key=>$val){
	
		if (substr($key,0,6)=="verify"){
			$id = substr($key,7);
			switch($val){
				case "approve":
					$sql = "UPDATE ".$db_prefix."comments SET cComment=REPLACE(cComment,'pending:','') WHERE nCommentId=".$id;
					break;
				case "reject":
					$sql = "DELETE FROM ".$db_prefix."comments WHERE nCommentId=".$id;
					break;
			}
		}
		
		if (substr($key,0,6)=="remove"){
			$id = substr($key,7);
			$sql = "DELETE FROM ".$db_prefix."comments WHERE nCommentId=".$id;
		}
		
		if (isset($id)){
			// find out the entryid corresponding with the comment id
			$entryid="";
			$sql_entry = "SELECT nEntryId FROM ".$db_prefix."comments WHERE nCommentId=".$id;
			$result = mysql_query($sql_entry,$con);
			if ($result!=false){
				if (mysql_num_rows($result)>0){
					$row = mysql_fetch_array($result);
					$entryid = $row["nEntryId"];
				}
			}
		}
		
		// execute the sql
		$result = mysql_query($sql,$con);
		if ($result!=false){
			// fine
			
			// update the comment counts
			if ( ( substr($sql,0,6)=="DELETE" || substr($sql,0,6)=="UPDATE" ) && $entryid!=""){
				$sql = "SELECT COUNT(*) AS nCount FROM ".$db_prefix."comments WHERE nEntryId=".$entryid;
				
				$result = mysql_query($sql,$con);
				if ($result!=false){
					$row = mysql_fetch_array($result);
					$num_comments = $row["nCount"];
					$sql = "UPDATE ".$db_prefix."entries SET nComments=".$num_comments." WHERE nEntryId=".$entryid;
					
					$result = mysql_query($sql,$con);
					if ($result!=false){
						$result = true;
					} else {
						$result = false;
					}
				} else {
					$result = false;
				}
			}
			
		} else {
			header("Location: problem.php?f=verify_comments&p=sql_error");
		}
	
	}
	
	header("Location: index.php?action=comment_list");
	
}

function generate_feed(){

	global $db_prefix;

	if (file_exists("../rss.xml")){
		
		$file = realpath("../rss.xml");
		
		if (is_writable($file)){
			
			$rss_root_url = get_setting("rss_root_url");
			$rss_title = get_setting("rss_title");
			$rss_image = get_setting("rss_image");
			$rss_description = get_setting("rss_description");
			$rss_link = get_setting("rss_link");
			$rss_language = get_setting("rss_language");
			$rss_copyright = get_setting("rss_copyright");
			$rss_editor = get_setting("rss_editor");
			$rss_webmaster = get_setting("rss_webmaster");
			$rss_category = get_setting("rss_category");
			$rss_ttl = get_setting("rss_ttl"); // 60 = default

			$rss = new UniversalFeedCreator();

			$rss->title = $rss_title;
			$rss->description = $rss_description;
			$rss->link = $rss_root_url;
			$rss->feedURL = $rss_root_url;

			$image = new FeedImage();
			$image->title = $rss_title;
			$image->url = $rss_image;
			$image->link = $rss_root_url;
			$image->description = $rss_description;

			$image->descriptionHtmlSyndicated = true;

			$rss->image = $image;

			// connect to the database
			$con = db_connect();

			// get the last 20 entries
			$sql = "SELECT * FROM ".$db_prefix."entries ent"
				." INNER JOIN ".$db_prefix."users usr ON ent.nUserAdded=usr.nUserId"
				." WHERE ent.cStatus='P'"
				." ORDER BY ent.dAdded DESC LIMIT 20";
				
			$result = mysql_query($sql,$con);

			if ($result!=false){

				if (mysql_num_rows($result)>0){

					while ($row=@mysql_fetch_array($result)){

						// prepare data

						$title = stripslashes($row["cTitle"]);
						$entryid = $row["nEntryId"];
						$item_pub_date = $row["dAdded"];
						
						// prepare categories

						unset($cats);
						$sql = "SELECT cCategoryName FROM ".$db_prefix."categories cat"
							." INNER JOIN ".$db_prefix."entry_categories entcat ON cat.nCategoryId=entcat.nCategoryId"
							." WHERE entcat.nEntryId=".$row["nEntryId"];
						$cat_result = mysql_query($sql,$con);
						if ($cat_result!=false){
							while($cat_row=@mysql_fetch_array($cat_result)){
								$cats[] = stripslashes($cat_row["cCategoryName"]);
							}
						}
						if (isset($cats)){
							if (count($cats)>0){
								$categories = implode(" ",$cats);
							}
						} else {
							$categories = "";
						}

						$item = new FeedItem();
						$item->title = $title;
						$item->link = $rss_root_url."/index.php?entryid=".$entryid;
						
						// check if we are supposed to be parsing line breaks
						if (get_setting("parse_crlf")!=""){
							$item->description = nl2br(bbcode(stripslashes($row["cBody"])));
						} else {
							$item->description = bbcode(stripslashes($row["cBody"]));
						}
						
						$item->descriptionHtmlSyndicated = true;
						$item->date = strtotime($row["dAdded"]);
						$item->source = $rss_link;
						$item->author = stripslashes($row["cEMail"]);
						$item->category = $categories;
						$item->comments = $rss_root_url."/index.php?entryid=".$entryid;

						$rss->addItem($item);

					}
				}

			} else {
				header("Location: problem.php?f=generate_feed&p=sql_error");
			}

			db_disconnect($con);

			// valid format strings are: RSS0.91, RSS1.0, RSS2.0, PIE0.1, MBOX, OPML, ATOM0.3, HTML, JS
			$rss->saveFeed("RSS2.0",$file, false);
		}
	}
}




if (isset($_SESSION["blog_userid"])){

	if ($_SESSION["blog_userid"]!=""){

		$role = get_user_role($_SESSION["blog_userid"]);

		switch($_REQUEST["action"]){

			case "user_logout":
				$result = user_logout();
				if ($result){
					// logout success
					header("Location: index.php");
				} else {
					// logout failure
					header("Location: index.php");
				}
				break;

			case "theme_set":
				$result = theme_set($_REQUEST["theme"]);
				if ($result){
					// theme set successfully
					header("Location: index.php?action=theme_list");
				} else {
					// theme set failed
					header("Location: index.php?action=theme_list");
				}
				break;

			case "user_add":
				$result = user_add();
				if ($result){
					header("Location: index.php?action=user_list");
				} else {
					// problem
				}
				break;

			case "user_edit":
				$result = user_edit();
				if ($result){
					header("Location: index.php?action=user_list");
				} else {
					// problem
				}
				break;

			case "user_remove":
				$result = user_remove();
				if ($result){
					header("Location: index.php?action=user_list");
				} else {
					// problem
				}
				break;

			case "entry_add":
				$result = entry_add();
				header("Location: index.php?action=entry_list");
				break;

			case "entry_edit":
				$result = entry_edit();
				header("Location: index.php?action=entry_list");
				break;

			case "entry_remove":
				$result = entry_remove();
				header("Location: index.php?action=entry_list");
				break;

			case "entry_publish":
				$result = entry_publish();
				header("Location: index.php?action=entry_list");
				break;

			case "entry_unpublish":
				$result = entry_unpublish();
				header("Location: index.php?action=entry_list");
				break;

			case "category_add":
				$result = category_add();
				header("Location: index.php?action=category_list");
				break;

			case "category_edit":
				$result = category_edit();
				header("Location: index.php?action=category_list");
				break;

			case "category_remove":
				$result = category_remove();
				header("Location: index.php?action=category_list");
				break;

			case "settings_edit":
				$result = settings_edit();
				header("Location: index.php?action=settings_edit");
				break;

			case "filebrowse_file_upload":
				$result = filebrowse_file_upload();
				break;

			case "filebrowse_file_delete":
				$result = filebrowse_file_delete();
				break;

			case "filebrowse_directory_create":
				$result = filebrowse_directory_create();
				break;

			case "filebrowse_directory_remove":
				$result = filebrowse_directory_remove();
				break;

			case "comment_edit":
				$result = comment_edit();
				break;

			case "comment_remove":
				$result = comment_remove();
				break;

			case "template_file_edit":
				$result = template_file_edit();
				break;

			case "verify_comments":
				$result = verify_comments();
				break;
				
			default:
				// no action sent
				break;
		}

	} else {
	
		// problem
		header("Location: problem.php?f=admin/exec&p=no_login");
	
	}

} else {

	// no user logged in
	switch($_REQUEST["action"]){
		case "user_login":
			$username = $_REQUEST["username"];
			$password = $_REQUEST["password"];
			$result = user_login($username,$password);
			if ($result){
				// login success
				header("Location: index.php");
			} else {
				// login failure
				header("Location: index.php?problem=login_failure");
			}
		break;
	}
}
?>
Return current item: PluggedOut Blog