<?php
// File: $Id: topics.php,v 1.19 2001/12/06 20:41:26 rwwood Exp $ $Name: $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file:
// Purpose of file:
// ----------------------------------------------------------------------
if (!eregi("admin.php", $PHP_SELF)) { die ("Access Denied"); }
$hlpfile = "manual/topics.html";
modules_get_language();
/*********************************************************/
/* Topics Manager Functions */
/*********************************************************/
function topicsmanager() {
global $hlpfile, $tipath, $pntable, $dbconn, $topicsinrow; // added topicsinrow string - rwwood
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._TOPICSMANAGER."</b></font></center>";
CloseTable();
echo "<br>";
// List of current topics
if (authorised(0, 'Topics::Topic', '::', ACCESS_READ)) {
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._CURRENTTOPICS."</b></font><br>"._CLICK2EDIT."</font></center><br>"
."<table border=\"0\" width=\"100%\" align=\"center\" cellpadding=\"2\">";
$count = 0;
$column = &$pntable['topics_column'];
$result = $dbconn->Execute("SELECT $column[topicid], $column[topicname], $column[topicimage], $column[topictext] FROM $pntable[topics] ORDER BY $column[topicname]");
// FTO Check EOF and databse error
if (!$result) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
while(!$result->EOF) {
list($topicid, $topicname, $topicimage, $topictext) = $result->fields;
$result->MoveNext();
echo "<td align=\"center\">";
if (authorised(0, 'Topics::Topic', "$topicname::$topicid", ACCESS_EDIT)) {
echo "<a href=\"admin.php?op=topicedit&topicid=$topicid\"><img src=\"$tipath$topicimage\" border=\"0\" alt=\"\"></a><br>"
."<a href=\"admin.php?op=topicedit&topicid=$topicid\"><font class=\"pn-normal\"><b>$topictext</td></a>";
} else {
echo "<img src=\"$tipath$topicimage\" border=\"0\" alt=\"\"><br>"
."<font class=\"pn-normal\"><b>$topictext</td></a>";
}
$count++;
if ($count == $topicsinrow) { // changed hardcoded number of topics icons - rwwood
echo "</tr><tr>";
$count = 0;
}
}
echo "</table>";
echo "<br><center><font class=\"pn-title\"><b>"._ROWDEFINE."</b></font>"; // added for topics icon spacing - rwwood
CloseTable();
}
echo "<br>";
// Add a topic
if (authorised(0, 'Topics::Topic', '::', ACCESS_ADD)) {
echo "<a name=\"Add\">";
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._ADDATOPIC."</b></font></center><br>"
."<form action=\"admin.php\" method=\"post\">"
."<b>"._TOPICNAME.":</b><br><font class=\"pn-sub\">"._TOPICNAME1."<br>"
.""._TOPICNAME2."</font><br>"
."<input type=\"text\" name=\"topicname\" size=\"20\" maxlength=\"20\" value=\"$topicname\"><br><br>"
."<b>"._TOPICTEXT.":</b><br><font class=\"pn-sub\">"._TOPICTEXT1."<br>"
.""._TOPICTEXT2."</font><br>"
."<input type=\"text\" name=\"topictext\" size=\"40\" maxlength=\"40\" value=\"$topictext\"><br><br>"
."<b>"._TOPICIMAGE.":</b><br><font class=\"pn-sub\">("._TOPICIMAGE1." $tipath)<br>"
.""._TOPICIMAGE2."</font><br>"
."<input type=\"text\" name=\"topicimage\" size=\"20\" maxlength=\"20\" value=\"$topicimage\"><br><br>"
."<input type=\"hidden\" name=\"op\" value=\"topicmake\">"
."<input type=\"submit\" value=\""._ADDTOPIC."\">"
."</form>";
CloseTable();
}
include("footer.php");
}
function topicedit($topicid) {
global $tipath, $pntable, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._TOPICSMANAGER."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['topics_column'];
$result = $dbconn->Execute("SELECT $column[topicid], $column[topicname], $column[topicimage], $column[topictext] FROM $pntable[topics] WHERE $column[topicid]=$topicid");
list($topicid, $topicname, $topicimage, $topictext) = $result->fields;
if (!(authorised(0, 'Topics::Topic', "$topicname::$topicid", ACCESS_EDIT))) {
echo _TOPICSEDITNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<img src=\"$tipath$topicimage\" border=\"0\" align=\"right\" alt=\"$topictext\">"
."<font class=\"pn-title\"><b>"._EDITTOPIC.": $topictext</b></font>"
."<br><br>"
."<form action=\"admin.php\" method=\"post\"><br>"
."<b>"._TOPICNAME.":</b><br><font class=\"pn-sub\">"._TOPICNAME1."<br>"
.""._TOPICNAME2."</font><br>"
."<input type=\"text\" name=\"topicname\" size=\"20\" maxlength=\"20\" value=\"$topicname\"><br><br>"
."<b>"._TOPICTEXT.":</b><br><font class=\"pn-sub\">"._TOPICTEXT1."<br>"
.""._TOPICTEXT2."</font><br>"
."<input type=\"text\" name=\"topictext\" size=\"40\" maxlength=\"40\" value=\"$topictext\"><br><br>"
."<b>"._TOPICIMAGE.":</b><br><font class=\"pn-sub\">("._TOPICIMAGE1." $tipath)<br>"
.""._TOPICIMAGE2."</font><br>"
."<input type=\"text\" name=\"topicimage\" size=\"20\" maxlength=\"20\" value=\"$topicimage\"><br><br>";
if (authorised(0, 'Topics::Related', "$topicname::", ACCESS_ADD)) {
echo "<b>"._ADDRELATED.":</b><br>"
._SITENAME.": <input type=\"text\" name=\"name\" size=\"30\" maxlength=\"30\"><br>"
.""._URL.": <input type=\"text\" name=\"url\" value=\"http://\" size=\"50\" maxlength=\"200\"><br><br>";
}
if (authorised(0, 'Topics::Related', "$topicname::", ACCESS_EDIT)) {
echo "<b>"._ACTIVERELATEDLINKS.":</b><br>";
OpenTable2();
$column = &$pntable['related_column'];
$res=$dbconn->Execute("SELECT $column[rid], $column[name], $column[url] FROM $pntable[related] WHERE $column[tid]=$topicid");
// FTO Check EOF and databse error
if (!$res) {
PN_DBMsgError($dbconn, __FILE__, __LINE__, "An error ocurred");
die();
}
if ($res->EOF) {
echo "<tr><td><font class=\"pn-sub\">"._NORELATED."</font></td></tr>";
}
while(!$res->EOF) {
list($rid, $name, $url) = $res->fields;
$res->MoveNext();
echo "<tr><td align=\"center\"><font class=\"pn-normal\"><strong><big>·</big></strong> <a href=\"$url\">$name</a></td>"
."<td align=\"center\"><font class=\"pn-normal\"><a href=\"$url\">$url</a></td>";
if (authorised(0, 'Topics::Related', "$topicname::", ACCESS_EDIT)) {
echo "<td align=\"right\"><font class=\"pn-normal\">[ <a href=\"admin.php?op=relatededit&tid=$topicid&rid=$rid\">"._EDIT."</a>";
if (authorised(0, 'Topics::Related', "$topicname::", ACCESS_DELETE)) {
echo " | <a href=\"admin.php?op=relateddelete&tid=$topicid&rid=$rid\">"._DELETE."</a> ]";
} else {
echo " ]";
}
}
echo "</td></tr>";
}
CloseTable2();
echo "<br><br>";
}
echo "<input type=\"hidden\" name=\"topicid\" value=\"$topicid\">"
."<input type=\"hidden\" name=\"op\" value=\"topicchange\">"
."<INPUT type=\"submit\" value=\""._SAVECHANGES."\"> <font class=\"pn-normal\">[ <a href=\"admin.php?op=topicdelete&topicid=$topicid\">"._DELETE."</a> ]</font>"
."</form>";
CloseTable();
include("footer.php");
}
function relatededit($tid, $rid) {
global $tipath, $pntable, $dbconn;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._TOPICSMANAGER."</b></font></center>";
CloseTable();
// grab an entry from the related table
echo "<br>";
$column = &$pntable['related_column'];
$sql = buildQuery(array('related'), array($column['name'], $column['url']), "$column[rid]=$rid", '');
$result = $dbconn->SelectLimit($sql,1);
list($name, $url) = $result->fields;
$result->Close();
// grab the topic and description
$column = &$pntable['topics_column'];
$sql = buildQuery(array('topics'), array($column['topictext'], $column['topicimage']), "$column[topicid]=$tid", '');
$result = $dbconn->SelectLimit($sql,1);
list($topictext, $topicimage) = $result->fields;
if (!(authorised(0, 'Topics::Related', "$name:$topicname:$tid", ACCESS_EDIT))) {
echo _TOPICSEDITNOAUTH;
include 'footer.php';
return;
}
OpenTable();
echo "<center>"
."<img src=\"$tipath$topicimage\" border=\"0\" alt=\"$topictext\" align=\"right\">"
."<font class=\"pn-title\"><b>"._EDITRELATED."</b></font><br>"
."<b>"._TOPIC.":</b> $topictext</center>"
."<form action=\"admin.php\" method=\"post\">"
.""._SITENAME.": <input type=\"text\" name=\"name\" value=\"$name\" size=\"30\" maxlength=\"30\"><br><br>"
.""._URL.": <input type=\"text\" name=\"url\" value=\"$url\" size=\"60\" maxlength=\"200\"><br><br>"
."<input type=\"hidden\" name=\"op\" value=\"relatedsave\">"
."<input type=\"hidden\" name=\"tid\" value=\"$tid\">"
."<input type=\"hidden\" name=\"rid\" value=\"$rid\">"
."<input type=\"submit\" value=\""._SAVECHANGES."\"> "._GOBACK.""
."</form>";
CloseTable();
include("footer.php");
}
function relatedsave($tid, $rid, $name, $url) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['topics_column'];
$sql = "SELECT $column[topicname]
FROM $pntable[topics]
WHERE $column[topicid]=$tid ORDER BY $column[topicid]";
$result=$dbconn->SelectLimit($sql,1);
list($topicname) = $result->fields;
$result->Close();
if (!(authorised(0, 'Topics::Related', "$name:$topicname:$tid", ACCESS_EDIT))) {
include 'header.php';
echo _TOPICSEDITNOAUTH;
include 'footer.php';
return;
}
$column = &$pntable['related_column'];
$dbconn->Execute("UPDATE $pntable[related] SET $column[name]='$name', $column[url]='$url' where $column[rid]=$rid");
pnRedirect('admin.php?op=topicedit&topicid='.$tid);
}
function relateddelete($tid, $rid) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['topics_column'];
$sql = "SELECT $column[topicname]
FROM $pntable[topics]
WHERE $column[topicid]=$tid ORDER BY $column[topicid]";
$result=$dbconn->SelectLimit($sql,1);
list($topicname) = $result->fields;
$result->Close();
if (!(authorised(0, 'Topics::Related', "$name:$topicname:$tid", ACCESS_DELETE))) {
include 'header.php';
echo _TOPICSDELNOAUTH;
include 'footer.php';
return;
}
$column = &$pntable['related_column'];
$dbconn->Execute("DELETE FROM $pntable[related] WHERE $column[rid]='$rid'");
pnRedirect('admin.php?op=topicedit&topicid='.$tid);
}
function topicmake($topicname, $topicimage, $topictext) {
global $pntable, $dbconn;
csrfcheck();
if (!(authorised(0, 'Topics::Topic', "$topicname::", ACCESS_ADD))) {
include 'header.php';
echo _TOPICSADDNOAUTH;
include 'footer.php';
return;
}
$topicname = stripslashes(FixQuotes($topicname));
$topicimage = stripslashes(FixQuotes($topicimage));
$topictext = stripslashes(FixQuotes($topictext));
$column = &$pntable['topics_column'];
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextid = $dbconn->GenId("{$pntable['topics']}_SEQ");
$dbconn->Execute("INSERT INTO $pntable[topics] ($column[topicid], $column[topicname], $column[topicimage], $column[topictext], $column[counter]) VALUES ($nextid,'$topicname','$topicimage','$topictext',0)");
pnRedirect('admin.php?op=topicsmanager');
}
function topicchange($topicid, $topicname, $topicimage, $topictext, $name, $url) {
global $pntable, $dbconn;
csrfcheck();
// Must use old topicname for authorisation check
$column = &$pntable['topics_column'];
$sql = "SELECT $column[topicname]
FROM $pntable[topics]
WHERE $column[topicid]=$topicid ORDER BY $column[topicid]";
$result=$dbconn->SelectLimit($sql,1);
list($oldtopicname) = $result->fields;
$result->Close();
if (!(authorised(0, 'Topics::Topic', "$oldtopicname::$topicid", ACCESS_EDIT))) {
include 'header.php';
echo _TOPICSEDITNOAUTH;
include 'footer.php';
return;
}
$topicname = stripslashes(FixQuotes($topicname));
$topicimage = stripslashes(FixQuotes($topicimage));
$topictext = stripslashes(FixQuotes($topictext));
$name = stripslashes(FixQuotes($name));
$url = stripslashes(FixQuotes($url));
$column = &$pntable['topics_column'];
$dbconn->Execute("UPDATE $pntable[topics] SET $column[topicname]='$topicname', $column[topicimage]='$topicimage', $column[topictext]='$topictext' WHERE $column[topicid]=$topicid");
if (!$name) {
} else {
// FTO : Add SEQ suffix to avoid conflict name with ORACLE
$nextid = $dbconn->GenId("{$pntable['related']}_SEQ");
$column = &$pntable['related_column'];
$dbconn->Execute("INSERT INTO $pntable[related] ($column[rid], $column[tid], $column[name], $column[url]) VALUES ($nextid, '$topicid','$name','$url')");
}
pnRedirect('admin.php?op=topicedit&topicid='.$topicid);
}
function topicdelete($topicid, $ok=0) {
global $pntable, $dbconn;
csrfcheck();
$column = &$pntable['topics_column'];
$sql = "SELECT $column[topicname]
FROM $pntable[topics]
WHERE $column[topicid]=$topicid ORDER BY $column[topicid]";
$result=$dbconn->SelectLimit($sql,1);
list($oldtopicname) = $result->fields;
$result->Close();
if (!(authorised(0, 'Topics::Topic', "$oldtopicname::$topicid", ACCESS_DELETE))) {
include 'header.php';
echo _TOPICSDELNOAUTH;
include 'footer.php';
return;
}
if ($ok==1) {
$column = &$pntable['stories_column'];
$result=$dbconn->Execute("SELECT $column[sid] FROM $pntable[stories] WHERE $column[topic]='$topicid'");
list($sid) = $result->fields;
$dbconn->Execute("DELETE FROM $pntable[stories] WHERE {$pntable['stories_column']['topic']}='$topicid'");
$dbconn->Execute("DELETE FROM $pntable[topics] WHERE {$pntable['topics_column']['topicid']}='$topicid'");
$dbconn->Execute("DELETE FROM $pntable[related] WHERE {$pntable['related_column']['tid']}='$topicid'");
$column = &$pntable['comments_column'];
$result = $dbconn->Execute("SELECT $column[sid] FROM $pntable[comments] WHERE $column[sid]='$sid'");
list($sid) = $result->fields;
$result->Close();
$dbconn->Execute("DELETE FROM $pntable[comments] WHERE {$pntable['comments_column']['sid']}='$sid'");
pnRedirect('admin.php?op=topicsmanager');
} else {
global $tipath, $topicimage;
include("header.php");
GraphicAdmin($hlpfile);
OpenTable();
echo "<center><font class=\"pn-title\"><b>"._TOPICSMANAGER."</b></font></center>";
CloseTable();
echo "<br>";
$column = &$pntable['topics_column'];
$result=$dbconn->Execute("SELECT $column[topicimage], $column[topictext] FROM $pntable[topics] WHERE $column[topicid]='$topicid'");
list($topicimage, $topictext) = $result->fields;
OpenTable();
echo "<center><img src=\"$tipath$topicimage\" border=\"0\" alt=\"$topictext\"><br><br>"
."<b>"._DELETETOPIC." $topictext</b><br><br>"
.""._TOPICDELSURE." <i>$topictext</i>?<br>"
.""._TOPICDELSURE1."<br><br>"
."[ <a href=\"admin.php?op=topicsmanager\">"._NO."</a> | <a href=\"admin.php?op=topicdelete&topicid=$topicid&ok=1\">"._YES."</a> ]</center><br><br>";
CloseTable();
include("footer.php");
}
}
if (!authorised(0, 'Topics::', '::', ACCESS_EDIT)) {
include 'header.php';
echo _TOPICSNOAUTH;
include 'footer.php';
} else {
switch ($op) {
case "topicsmanager":
topicsmanager();
break;
case "topicedit":
topicedit($topicid);
break;
case "topicmake":
topicmake($topicname, $topicimage, $topictext);
break;
case "topicdelete":
topicdelete($topicid, $ok);
break;
case "topicchange":
topicchange($topicid, $topicname, $topicimage, $topictext, $name, $url);
break;
case "relatedsave":
relatedsave($tid, $rid, $name, $url);
break;
case "relatededit":
relatededit($tid, $rid);
break;
case "relateddelete":
relateddelete($tid, $rid);
break;
}
}
?>