<?php
// File: $Id: qotd.php,v 1.15 2001/12/04 23:53:46 jgm Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Erik Slooff <hide@address.com> www.slooff.com
// Purpose of file:
// PHP-NUKE 5.0: Quote of the day Add-On
// Copyright (c) 2000 by Erik Slooff (hide@address.com)
// ----------------------------------------------------------------------
// Changes for this admin module thanks to Heinz Hombergs
// (hide@address.com), http://www.kodewulf.za.net
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
modules_get_language();
// Default function to display the admin stuff for the Quote Add-on
function QotdAdmin() {
global $hlpfile, $admin, $pntable;
include(WHERE_IS_PERSO."config.php");
$hlpfile = "manual/qotd.html";
include ("header.php");
GraphicAdmin($hlpfile);
if (authorised(0, 'Quotes::', '::', ACCESS_ADD)) {
OpenTable();
echo "</center><font size=4><b>"._QOTDADDQ."</b><br><br>
<font size=2>
<form action=admin.php method=post>
<table border=0 width=\"100%\"><tr><td>".
_QTDQT.
"</td><td><textarea class=pn-normal name=qquote cols=60 rows=5></textarea></td></tr><tr><td>".
_AUTHOR.
"</td><td><input class=pn-normal type=text name=qauthor size=31 maxlength=128></td></tr><tr><td>
</td></tr></table>
<input type=hidden name=op value=QotdAdd>
<input type=submit value=".
_ADD.
"></form><br>";
CloseTable();
}
if (authorised(0, 'Quotes::', '::', ACCESS_EDIT)) {
echo "<a href =\"admin.php?op=QotdDisplay&page=1\">".
_QOTDMODIFYQ.
"</a></font><br><br>";
}
include("footer.php");
}
// function for adding new quotes
function QotdAdd($qquote, $qauthor) {
global $pntable, $dbconn;
csrfcheck();
if (!(authorised(0, 'Quotes::', "$qauthor::", ACCESS_ADD))) {
include 'header.php';
echo _QUOTESADDNOAUTH;
include 'footer.php';
return;
}
$time = date("Y-m-d");
$column = &$pntable['quotes_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextId = $dbconn->GenId("{$pntable['quotes']}_SEQ");
$result = $dbconn->Execute("INSERT INTO $pntable[quotes] ($column[qid],
$column[quote], $column[author])
VALUES ($nextId, '$qquote', '$qauthor')");
if($dbconn->ErrorNo()<>0)
{
error_log("DB Error: Problem adding quote. " . $dbconn->ErrorMsg());
error_log("INSERT INTO $pntable[quotes] ($column[qid],
$column[quote], $column[author])
VALUES ($nextId, '$qquote', '$qauthor')");
}
pnRedirect('admin.php?op=QotdAdmin');
}
// function for displaying multiple quotes
function QotdDisplay($page) {
global $hlpfile, $admin, $keyword, $bgcolor1, $bgcolor2, $bgcolor3, $bgcolor4, $pntable, $dbconn;
include(WHERE_IS_PERSO."config.php");
$hlpfile = "manual/qotd.html";
include ("header.php");
GraphicAdmin($hlpfile);
if (!(authorised(0, 'Quotes::', '::', ACCESS_READ))) {
include 'header.php';
echo _QUOTESNOAUTH;
include 'footer.php';
return;
}
OpenTable();
$column = &$pntable['quotes_column'];
$keyword2 = ereg_replace(" ", "%", $keyword);
$whereclause = "where $column[quote] like \"%".$keyword2."%\"";
if ($keyword == "") $whereclause = "";
$result = $dbconn->Execute("SELECT COUNT(*) FROM $pntable[quotes] $whereclause");
list($numrecords) = $result->fields;
$entriesperpage = 20;
$totalpages = ceil($numrecords / $entriesperpage);
if ($numrecords > 0) {
echo "</center><font size=4><b>"._QOTDMODIFYQ."</b></font><br><br>
<table><tr><td>
<form action=admin.php method=post>
"._QOTDSFK." <input class=pn-normal type=text name=keyword size=31 maxlength=128 value=\"$keyword\">
<input type=hidden name=page value=1>
<input type=hidden name=op value=QotdDisplay>
<input type=submit value="._SEARCH.">
</form></td><td><form action=admin.php method=post>
<input type=hidden name=page value=1>
<input type=hidden name=op value=QotdDisplay>
<input type=submit value=\""._QOTDRSEARCH."\">
</form></td></tr></table>
<font size=2>
<table border width=\"100%\">";
echo "<tr bgcolor=\"$bgcolor4\"><td ><font class=\"pn-title\">" ._QOTDQ."</td><td><font class=\"pn-title\">" ._AUTHOR."</td><td><font class=\"pn-title\">" ._QOTDACT."</td></tr>";
$start = $entriesperpage * ($page - 1);
$column = &$pntable['quotes_column'];
$sql = buildQuery(array('quotes'), array($column['qid'], $column['quote'],
$column['author']), '', array("$column[qid]"), $entriesperpage, $start);
$result = $dbconn->Execute($sql);
//FTO : Rewrite the condition loop clearly to test EOF
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
while(!$result->EOF) {
list($qqid, $qquote, $qauthor) = $result->fields;
$result->MoveNext();
if (authorised(0, 'Quotes::', "$qauthor::$qid", ACCESS_READ)) {
echo "<tr><td bgcolor=\"$bgcolor4\"><font class=\"pn-normal\">".substr($qquote,0,50)."</td><td bgcolor=\"$bgcolor4\"><font class=\"pn-normal\">".substr($qauthor,0,50)."</td>";
echo "<td bgcolor=\"$bgcolor4\"><font class=\"pn-normal\">";
if (authorised(0, 'Quotes::', "$qauthor::$qid", ACCESS_EDIT)) {
echo "<a href=\"admin.php?op=QotdEdit&qid=$qqid&page=$page\">" ._EDIT."</a>";
if (authorised(0, 'Quotes::', "$qauthor::$qid", ACCESS_DELETE)) {
echo " | <a href=\"admin.php?op=QotdDelete&qid=$qqid&page=$page\">" ._DELETE."</a></td>";
} else {
echo "</td>";
}
} else {
echo " ";
}
echo "</tr>";
}
}
echo "</table><br>";
if ($page > 1) {
$prevpage = $page - 1;
} else {
$prevpage = 0;
}
if ($page < $totalpages) {
$nextpage = $page + 1;
} else {
$nextpage = 0;
}
echo "<table border=0 width=\"100%\"><tr><td align=\"center\" width=\"33%\">";
if ($prevpage != 0) {
echo "<a href=\"admin.php?op=QotdDisplay&page=$prevpage&keyword=$keyword\">" ._QOTDPP."</a>";
} else {
echo " ";
}
echo "</td><td align=\"center\" width=\"33%\">";
echo "<a href=\"admin.php?op=QotdAdmin\">" ._QOTDBACK."</a>";
echo "</td><td align=\"center\" width=\"33%\">";
if ($nextpage !=0) {
echo "<a href=\"admin.php?op=QotdDisplay&page=$nextpage&keyword=$keyword\">" ._QOTDNP."</a>";
} else {
echo " ";
}
echo "</td></tr></table>";
} else {
echo ""._QOTDNQ."";
}
CloseTable();
include("footer.php");
}
// function for deletion of quotes
function QotdDelete($qid,$page) {
global $hlpfile, $admin, $pntable, $dbconn;
include(WHERE_IS_PERSO."config.php");
$hlpfile = "manual/qotd.html";
include ("header.php");
GraphicAdmin($hlpfile);
$column = &$pntable['quotes_column'];
$result = $dbconn->Execute("SELECT $column[author]
FROM $pntable[quotes]
WHERE $column[qid] = $qid");
list($author) = $result->fields;
$result->Close();
if (!(authorised(0, 'Quotes::', "$author::$qid", ACCESS_DELETE))) {
echo _QUOTESDELNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "</center><font size=4><b>"._QOTDDELQ."</b><br><br>";
echo "<center>";
echo "<font size=3 color=Red>";
echo "<b>"._QOTDDELQW."</b><br><br><font color=Black>";
echo "[ <a href=admin.php?op=QotdDeleteOk&qid=$qid&page=$page>"._YES."</a> | <a href=admin.php?op=QotdDisplay&page=$page>"._NO."</a> ]<br><br>";
CloseTable();
include("footer.php");
}
// function for confirmation for deletion of quotes
function QotdDeleteOk($qid,$page) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['quotes_column'];
$result = $dbconn->Execute("SELECT $column[author]
FROM $pntable[quotes]
WHERE $column[qid] = $qid");
list($author) = $result->fields;
$result->Close();
if (!(authorised(0, 'Quotes::', "$author::$qid", ACCESS_DELETE))) {
echo _QUOTESDELNOAUTH;
include 'footer.php';
return;
}
$result = $dbconn->Execute("DELETE FROM $pntable[quotes]
WHERE {$pntable[quotes_column][qid]}='$qid'");
if($dbconn->ErrorNo()<>0)
{
error_log("Error: Deleting Quote" . $dbconn->ErrorMsg());
}
pnRedirect('admin.php?op=QotdDisplay&page='.$page);
}
// function for editing of quotes
function QotdEdit($qid,$page) {
global $hlpfile, $admin, $pntable, $dbconn;
include(WHERE_IS_PERSO."config.php");
$hlpfile = "manual/qotd.html";
include ("header.php");
GraphicAdmin($hlpfile);
$column = &$pntable['quotes_column'];
$result = $dbconn->Execute("SELECT $column[author]
FROM $pntable[quotes]
WHERE $column[qid] = $qid");
list($author) = $result->fields;
$result->Close();
if (!(authorised(0, 'Quotes::', "$author::$qid", ACCESS_EDIT))) {
echo _QUOTESEDITNOAUTH;
include 'footer.php';
return;
}
$result = $dbconn->Execute("SELECT $column[quote], $column[author]
FROM $pntable[quotes]
WHERE $column[qid] = '$qid'");
list($quote,$author) = $result->fields;
OpenTable();
echo "</center><font size=4><b>" ._QOTDEQ."</b><br><br>
<font size=2>
<form action=admin.php?op=QotdAdmin method=post>
<table border=0 width=\"100%\"><tr><td>
" ._QTDQT." </td><td><textarea class=\"pn-normal\" name=\"qquote\" cols=\"60\" rows=\"5\">$quote</textarea></td></tr><tr><td>
" ._AUTHOR.": </td><td><input class=\"pn-normal\" type=\"text\" name=\"qauthor\" size=\"31\" maxlength=\"128\" value=\"$author\"></td></tr><tr><td>
</td></tr></table>
<input type=hidden name=op value=QotdSave>
<input type=hidden name=page value=$page>
<input type=hidden name=qqid value=$qid>
<input type=submit value=" ._SAVE.">
</form>";
CloseTable();
include("footer.php");
}
// function for saving modified quotes
function QotdSave($qqid,$qquote,$qauthor,$page) {
global $pntable, $dbconn;
csrfcheck();
if (!(authorised(0, 'Quotes::', "$qauthor::$qid", ACCESS_EDIT))) {
include 'header.php';
echo _QUOTESEDITNOAUTH;
include 'footer.php';
return;
}
$column = &$pntable['quotes_column'];
$result = $dbconn->Execute("UPDATE $pntable[quotes]
SET $column[quote]='$qquote', $column[author]='$qauthor'
WHERE $column[qid]='$qqid'");
if($dbconn->ErrorNo()<>0)
{
error_log("Error: Saving Quote" . $dbconn->ErrorMsg());
}
pnRedirect('admin.php?op=QotdDisplay&page='.$page);
}
if (!(authorised(0, 'Quotes::', '::', ACCESS_ADMIN))) {
include 'header.php';
echo _QUOTESNOAUTH;
include 'footer.php';
} else {
switch($op) {
case "QotdAdmin":
QotdAdmin();
break;
case "QotdAdd":
QotdAdd($qquote, $qauthor);
break;
case "QotdSave":
QotdSave($qqid,$qquote,$qauthor,$page);
break;
case "QotdDeleteOk":
QotdDeleteOk($qid,$page);
break;
case "QotdDelete":
QotdDelete($qid,$page);
break;
case "QotdDisplay":
QotdDisplay($page);
break;
case "QotdEdit":
QotdEdit($qid,$page);
break;
}
}
?>