<?
###############################################################################
# Copyright (C) 2000 Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating
# that you changed the files and the date of any change. And you are required
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it.
# However, nothing else grants you permission to modify or distribute this
# Program or its derivative works. These actions are prohibited by law if
# you do not accept this License. Therefore, by modifying or distributing
# this Program (or any work based on this Program), you indicate your
# acceptance of this License to do so, and all its terms and conditions
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################
global $config;
// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
die ("Access Deny!");
}
/*********************************************************/
/* Article functions */
/*********************************************************/
function manageArticle($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg) {
// function to create, edit, and remove article.
global $config;
// check if he has right to user this function
$rightArray = getAdminRights();
if (!in_array("8",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
switch($action) {
case "createArticle":
// create an article
$topic = FixQuotes($topic);
$result = mysql_query("select cName,cid from ps_category where topic='$topic'");
$numRow = mysql_num_rows($result);
if ($numRow == 0) {
// every article have to be under an category, if you have no category, prompt error
errorPage("You need to create an category for topic $topic first!",$config[def_theme]);
}
ps_header("");
?>
<h3><?echo translate("Create Article");?></h3>
<hr>
<form action="admin.php" method="post">
<table border=0>
<tr>
<td><b><?echo translate("Article Name");?></b></td><td><input type="text" name="aName" size="50" maxlength="50"></td>
</tr>
<tr>
<td><b><?echo translate("Under Category");?></b></td><td><select name="cid">
<? $result = mysql_query("select cName,cid from ps_category where topic='$topic'");
while (list($cName,$cid) = mysql_fetch_row($result)) {
echo "<option value=\"$cid\">$cName";
}
?></select>
</td>
</tr>
<tr>
<td><b><?= translate("URL")?></b></td><td><input type="text" name="url" value="http://"><br><input type="checkbox" name="link"><font size=-1>* <?=translate("If you just want to make a link, please check this box and leave below empty.");?></font></td>
</tr>
<tr>
<td colspan=2><b><?=translate("Content")?></b><input type="checkbox" name="html"><font size=-1>* <?=translate("If you are using html code, please check this box.");?></font><br><textarea rows="40" name="content" cols="70"></textarea></td>
</tr>
<input type="hidden" name="action" value="preview">
<input type="hidden" name="topic" value="<?=htmlspecialchars($topic)?>">
<input type="hidden" name="op" value="mod_article">
<tr>
<td><input type="submit" value="Preview"></td>
</tr>
</table>
</form>
<?
ps_footer("");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$numRow,$result,$cName,$cid);
break;
case "preview":
$topic = FixQuotes($topic);
$aName = check_html($aName);
$userArray = getCookie($config[user_cookie_name]);
ps_header("");
echo "<hr>";
?>
<h3><?echo translate("Preview Article");?></h3>
<?
if ($html) {
echo "<b>html = $html<b>";
} else {
echo "<b>html = off<b>";
}
echo "<hr>";
if ($html == "on") {
themeindex ($userArray[username],"Now", $aName, $myTopic, myNL2Br($content), "", "", "");
} else {
themeindex ($userArray[username],"Now", $aName, $myTopic, myNL2Br($content), "", "", "");
}
?>
<form action="admin.php" method="post">
<table border=0>
<tr>
<td><b><?echo translate("Article Name");?></b></td>
<td><input type="text" name="aName" size="50" maxlength="50" value="<?=htmlspecialchars($aName)?>"></td>
</tr>
<tr>
<td><b><?echo translate("Under Category");?></b></td>
<td>
<select name="cid">
<?
$result = mysql_query("select cName,cid from ps_category where topic='$topic'");
while (list($cName,$cid2) = mysql_fetch_row($result)) {
echo "<option value=\"$cid2\"";
if ($cid == $cid2) {
echo " selected";
}
echo ">$cName";
}
?>
</select>
</td>
</tr>
<tr>
<td><b><?= translate("URL")?></b></td>
<td><input type="text" name="url" value="<?=htmlspecialchars($url)?>"><br><input type="checkbox" name="link" <? if ($link == "on") { echo "checked";}?>><font size=-1>* <?=translate("If you just want to make a link, please check this box and leave below empty.");?></font></td>
</tr>
<tr>
<td colspan=2><b><?=translate("Content")?></b><input type="checkbox" name="html" <? if ($html == "on") {echo "checked";}?>><font size=-1>* <?=translate("If you are using html code, please check this box.");?></font><br><textarea rows="40" name="content" cols="80"><?= $content ?></textarea></td>
</tr>
<tr>
<td>
<select name="action"><option value="preview"><?=translate("Preview Again")?>
<option value="createAction"><?=translate("Post Article")?>
</select>
</td>
</tr>
<input type="hidden" name="topic" value="<?=htmlspecialchars($topic)?>">
<input type="hidden" name="op" value="mod_article">
<tr>
<td>
<input type="submit" value="submit">
</td>
</tr>
</table>
</form>
<?
ps_footer("");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$userArray);
break;
case "createAction":
// the actual work to create an article
$topics = getTopicRights2(); // only a topic have their own section can create article. Check if this topic have their own section
if ($html == "") {
$html = "off";
}
if ($link == "") {
$link = "off";
}
if ($url == "http://") {
$url = "";
}
if (!in_array($topic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
if ($aName == "" || ($content == "" && $link == "off") || $topic =="") {
errorPage("Missing Field!",$config[def_theme]);
}
$userArray = getCookie($config[user_cookie_name]);
$topic = FixQuotes($topic);
$aName = check_html(check_words(FixQuotes($aName)));
$content = check_words(fixquotes($content));
$url = check_html(fixquotes($url));
$result = mysql_query("insert into ps_article values (NULL,'$aName','$content','$topic',$cid,'$html',now(),$userArray[userid],'$link','$url',100)");
if (!$result) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
} else {
$mesg = translate("Article+is+created!");
header("Location: admin.php?op=mod_article&topic=$topic&action=listArticle&mesg=$mesg");
}
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$userArray,$topics,$result);
break;
case "listArticle":
// show all the article
global $header;
$header[js] = "true";
ps_header($header);
echo "<h3>" . translate("List article") ;
if ($mesg) {
echo" <small><font color=red>(".translate("$mesg").")</font></small>";
}
echo "</h3>";
echo "<table border=1>";
echo "<tr>";
echo "<td><b>" . translate("Topic") . "</b></td><td><b>" . translate("Category") . "</b></td>";
echo "<td><b>" . translate("Article") . "</b></td>";
echo "<td><b>" . translate("Author") . "</b></td>";
echo "<td><b>" . translate("List Order") . "</b></td>";
echo "<td><b>" . translate("Edit") . "</b></td><td><b>" . translate("Delete") . "</b></td>";
echo "</tr>";
$result = mysql_query("select aid,aName,topic,cid,html,uid,listOrder from ps_article where topic='$topic' order by cid, listOrder");
$topics = getTopicRights2(); // only a topic have their own section can create article. Check if this topic have their own section
while (list($aid,$aName,$topic,$cid,$html,$uid,$listOrder) = mysql_fetch_row($result)) {
if (in_array($topic,$topics)) {
$result2 = mysql_query("select cName from ps_category where cid=$cid");
list($cName) = mysql_fetch_row($result2);
$result3 = mysql_query("select uname from ps_users where uid=$uid");
list($uname) = mysql_fetch_row($result3);
echo "<tr><td>$topic</td><td>$cName</td><td>$aName</td><td>$uname</td><td>$listOrder</td>";
echo "<td><a href=\"admin.php?op=mod_article&action=editArticle&aid=$aid\">Edit</a></td>";
echo "<td><a href=\"admin.php?op=mod_article&action=delArticle&aid=$aid\" onclick=\"return confirmDelete()\">Delete</a></td>";
echo "</tr>";
}
}
echo "</table><br><br><br>";
ps_footer("");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$userArray,$header,$result,$topics,$result2,$result3,$uname);
break;
case "editArticle":
// edit an article
// if no variable pass in, we get it from database
if ($aName =="" || $content == "" || $topic == "") {
$result = mysql_query("select * from ps_article where aid=$aid");
list($aid,$aName,$content,$topic,$cid,$html,$datetime,$uid,$link,$url,$listOrder) = mysql_fetch_row($result);
} else {
$result = mysql_query("select uid,timeStamp from ps_article where aid=$aid");
list($uid,$datetime) = mysql_fetch_row($result);
}
$result3 = mysql_query("select uname from ps_users where uid=$uid");
list($uname) = mysql_fetch_row($result3);
$topics = getTopicRights2(); // only a topic have their own section can create article. Check if this topic have their own section
if (!in_array($topic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
$datetime = formatTimestamp($datetime);
$userArray = getCookie($config[user_cookie_name]);
ps_header("");
?>
<h3><?echo translate("Edit Article");?></h3>
<?
if ($html) {
echo "<b>html = $html<b>";
} else {
echo "<b>html = off<b>";
}
echo "<hr>";
if ($html == "on") {
themeindex ($uname,$datetime, $aName, $myTopic, $content, "", "", "");
} else {
themeindex ($uname,$datetime, $aName, $myTopic, myNL2Br($content), "", "", "");
}
echo "<hr>";
?>
<form action="admin.php" method="post">
<table border=0>
<tr>
<td><b><?echo translate("Article Name");?></b></td>
<td><input type="text" name="aName" size="50" maxlength="50" value="<?=htmlspecialchars($aName)?>"></td>
</tr>
<tr>
<td><b><?echo translate("Under Category");?></b></td>
<td>
<select name="cid">
<?
$result = mysql_query("select cName,cid from ps_category where topic='$topic'");
while (list($cName,$cid2) = mysql_fetch_row($result)) {
echo "<option value=\"$cid2\"";
if ($cid == $cid2) {
echo " selected";
}
echo ">$cName";
}
?>
</select>
</td>
</tr>
<tr>
<td><b><?=translate("List Order")?></b></td>
<td><input type="text" name="listOrder" value="<?=$listOrder?>"><font size=-1> (<?=translate("1 is highest and will be put this link at the top")?>)</font></td>
</tr>
<tr>
<td><b><?= translate("URL")?></b></td>
<td><input type="text" name="url" value="<?=htmlspecialchars($url)?>"><br><input type="checkbox" name="link" <? if ($link == "on") { echo "checked";}?>><font size=-1>* <?=translate("If you just want to make a link, please check this box and leave below empty.");?></font></td>
</tr>
<tr>
<td colspan=2><b><?=translate("Content")?></b><input type="checkbox" name="html" <? if ($html == "on") {echo "checked";}?>><font size=-1>* <?=translate("If you are using html code, please check this box.");?></font><br><textarea rows="40" name="content" cols="70"><?= $content ?></textarea></td>
</tr>
<tr>
<td colspan=2>
<select name="action">
<option value="editArticle"><?=translate("Preview Again")?>
<option value="editAction"><?=translate("Update Article")?>
</select>
</td>
</tr>
<input type="hidden" name="topic" value="<?=htmlspecialchars($topic)?>">
<input type="hidden" name="op" value="mod_article">
<input type="hidden" name="aid" value="<?=$aid?>">
<tr>
<td colspan=2><input type="submit" value="submit"></td>
</tr>
</table>
</form>
<?
ps_footer("");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$userArray,$uid,$datetime,$result,$result3,$userArray,$cName,$cid2);
break;
case "editAction":
// the actual work to update the article
$topics = getTopicRights2(); // only a topic have their own section can create article. Check if this topic have their own section
if ($html == "") {
$html = "off";
}
if ($link == "") {
$link = "off";
}
if ($url == "http://") {
$url = "";
}
if ($listOrder == "") {
$listOrder = 1;
}
if (!in_array($topic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
if ($aName == "" || ($content == "" && $link == "off") || $topic =="") {
errorPage("Missing Field!",$config[def_theme]);
}
$topic = FixQuotes($topic);
$url = check_html(fixquotes($url));
$aName = check_html(check_words(FixQuotes($aName)));
$content = check_words(fixQuotes($content));
$result = mysql_query("update ps_article set aName='$aName',content='$content',cid=$cid,html='$html',timeStamp=now(),link='$link',url='$url',listOrder=$listOrder where aid=$aid");
if (!$result) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
} else {
$mesg = translate("Article+is+updated!");
header("Location: admin.php?mesg=$mesg&op=mod_article&topic=$topic&action=listArticle");
}
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$result,$topics);
break;
case "delArticle":
// actual work to delete an article
$result = mysql_query("select topic from ps_article where aid=$aid");
list($cTopic) = mysql_fetch_row($result);
mysql_free_result($result);
$topics = getTopicRights2(); // only a topic have their own section can create article. Check if this topic have their own section
if (!in_array($cTopic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
mysql_query("delete from ps_article where aid=$aid");
$mesg = translate("Article is deleted!");
header("Location: admin.php?mesg=$mesg&op=mod_article&topic=$cTopic&action=listArticle");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$cTopic,$topics,$result);
break;
default:
// show menu
ps_header("");
?>
<h3><?echo translate("Manage Article")?></h3>
<table>
<form action="admin.php" method="post">
<tr>
<td><b><?=translate("Create Article in topic");?></b></td>
<td>
<select name="topic">
<?
$topics = getTopicRights2();
foreach ($topics as $topic) {
echo "<option value=\"".htmlspecialchars($topic)."\">$topic";
}
?>
</select>
<input type="submit" value="submit">
</td>
</tr>
<input type="hidden" name="op" value="mod_article">
<input type="hidden" name="action" value="createArticle">
</form>
<form action="admin.php" method="post">
<tr>
<td><b><?=translate("Edit/Delete Article in topic");?></b></td>
<td>
<select name="topic">
<?
$topics = getTopicRights2();
foreach ($topics as $topic) {
echo "<option value=\"$topic\">$topic";
}
?>
</select>
<input type="submit" value="submit">
</td>
</tr>
<input type="hidden" name="op" value="mod_article">
<input type="hidden" name="action" value="listArticle">
</form>
</table>
<br><br><br>
<?
ps_footer("");
unset($action,$topic,$aName,$cid,$content,$aid,$html,$link,$url,$listOrder,$mesg,$topics);
break;
}
}
?>