<?
###############################################################################
# Copyright (C) 2000 Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating
# that you changed the files and the date of any change. And you are required
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it.
# However, nothing else grants you permission to modify or distribute this
# Program or its derivative works. These actions are prohibited by law if
# you do not accept this License. Therefore, by modifying or distributing
# this Program (or any work based on this Program), you indicate your
# acceptance of this License to do so, and all its terms and conditions
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################
global $config;
// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
die ("Access Deny!");
}
/*********************************************************/
/* Queue News functions */
/*********************************************************/
function deleteQueueNews($qid) {
// function to delete news in queue
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("1",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
$result = mysql_query("delete from ps_queue where qid=$qid");
if (!$result) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
} else {
$mesg = translate("Operation+Successful!");
unset($qid,$rightArray,$result);
Header("Location: admin.php?mesg=$mesg");
}
}
function queueNews ($qid,$uid,$author,$subject,$fulltext,$topic,$ip) {
// display the news in queue and let user to modify it.
global $config;
if (!$qid) {
errorPage("You have to choose an article!",$config[def_theme]);
}
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("1",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// if no variables passed in, we will get the info from database. Else, he must be passing in variables, dont' read from DB.
if ($uid == "" || $author == "" || $subject == "" || $fulltext == "" || $topic =="" || $ip == "") {
$result = mysql_query("SELECT qid, uid, uname, subject, story, topic,ip FROM ps_queue where qid=$qid");
list($qid, $uid, $author, $subject, $fulltext, $topic,$ip) = mysql_fetch_row($result);
mysql_free_result($result);
}
// anonymous fix
if ($uid ==0) {
$author = "Anonymous";
}
// check if he has right to edit this topic
$topics = getTopicRights();
if (!in_array($topic,$topics)) {
errorPage("Access Deny! $topic",$config[def_theme]);
}
$fulltext = check_html($fulltext);
$subject = check_html($subject);
// now we display the page
ps_header("");
?>
<h3><?PHP echo translate("Moderate News")." #$qid"; ?></h3>
<h4><a href="admin.php"><?PHP echo translate("Back to main menu"); ?></a></h4>
<p><hr>
<b><? echo translate("Subject") . ": " . $subject;?></b>
<br><br>
<?=myNl2Br($fulltext)?>
<hr>
<form action="admin.php" method="post">
<p><b><? echo translate("IP Address"); ?></b><br>
<?=$ip?>
<p><b><?php echo translate("Name"); ?></b><br>
<input type="text" NAME="author" SIZE=50 value="<?PHP echo "$author"; ?>">
<p><b><?php echo translate("Subject"); ?></b><br>
<textarea wrap=virtual cols=40 rows=1 name=subject><?= $subject ?></textarea>
<p><b><?=translate("Topic");?></b><Br>
<select name=topic>
<?
$topics = getTopicRights();
$size = sizeof($topics);
for ($i = 0; $i < $size; $i++) {
echo "<option value=\"$topics[$i]\" ";
if ($topic == $topics[$i]) echo "selected";
echo ">$topics[$i]\n";
}
?>
</select>
<p><b><?php echo translate("Full Text"); ?></b><br>
<textarea wrap=virtual cols=80 rows=8 name=fulltext><?PHP echo "$fulltext"; ?></textarea><BR>
<input type="hidden" NAME="ip" value="<?PHP echo "$ip"; ?>">
<input type="hidden" NAME="qid" value="<?PHP echo "$qid"; ?>">
<input type="hidden" NAME="uid" value="<?PHP echo "$uid"; ?>">
<select name="op">
<option value="deleteQueueNews"><?php echo translate("Delete News"); ?></option>
<option value="queueNews" SELECTED><?php echo translate("PreviewAgain"); ?></option>
<option value="postQueueNews"><?php echo translate("Post News"); ?></option>
</select>
<INPUT type="submit" value="<? echo translate("Go!"); ?>">
</FORM>
<?
echo "<br><small>".translate("Allowed HTML").":<br>";
while (list($key,)= each($config[AllowableHTML])) echo " <".$key.">";
echo "</small>";
unset($qid,$uid,$author,$subject,$fulltext,$topic,$ip,$rightArray,$topics,$result,$size,$i,$key);
ps_footer("");
}
function editNews ($sid, $author, $subject, $fulltext, $topic,$ip) {
// Edit news which is already posted.
global $config;
if (!$sid) {
errorPage("You have to choose an article!",$config[def_theme]);
}
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("2",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
if ($author == "" || $subject == "" || $fulltext == "" || $topic =="" || $ip == "") {
$result = mysql_query("SELECT sid, aid, title, full_text, topic,ip FROM ps_stories where sid=$sid");
list($sid, $author, $subject, $fulltext, $topic,$ip) = mysql_fetch_row($result);
mysql_free_result($result);
}
// check if he has right to edit this topic
$topics = getTopicRights();
if (!in_array($topic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
if ($subject =="") {
errorPage("No such news!",$config[def_theme]);
}
$fulltext = check_html($fulltext);
$subject = check_html($subject);
ps_header("");
// now we display the page
?>
<h3><?PHP echo translate("Edit News")." #$sid"; ?></h3>
<h4><a href="admin.php"><?PHP echo translate("Back to main menu"); ?></a></h4>
<p><hr>
<b><? echo translate("Subject") . ": " . $subject;?></b>
<br><br>
<?=myNl2Br(auto_link($fulltext))?>
<hr>
<form action="admin.php" method="post">
<p><b><? echo translate("IP Address"); ?></b><br>
<?=$ip?>
<p><b><?php echo translate("Name"); ?></b><br>
<input type="text" NAME="author" SIZE=50 value="<?PHP echo "$author"; ?>">
<p><b><?php echo translate("Subject"); ?></b><br>
<textarea wrap=virtual cols=80 rows=1 name=subject><?= $subject ?></textarea>
<p><b><?=translate("Topic");?></b><Br>
<select name=topic>
<?
$topics = getTopicRights();
$size = sizeof($topics);
for ($i = 0; $i < $size; $i++) {
echo "<option value=\"$topics[$i]\" ";
if ($topic == $topics[$i]) echo "selected";
echo ">$topics[$i]\n";
}
?>
</select>
<p><b><?php echo translate("Full Text"); ?></b><br>
<textarea wrap=virtual cols=80 rows=8 name=fulltext><?PHP echo "$fulltext"; ?></textarea><BR>
<input type="hidden" NAME="ip" value="<?PHP echo "$ip"; ?>">
<input type="hidden" NAME="sid" value="<?PHP echo "$sid"; ?>">
<select name="op">
<option value="removeNews"><?php echo translate("Delete News"); ?></option>
<option value="editNews" SELECTED><?php echo translate("PreviewAgain"); ?></option>
<option value="updateNews"><?php echo translate("Update News"); ?></option>
</select>
<INPUT type="submit" value="<? echo translate("Go!"); ?>">
</form>
<?
echo "<br><small>".translate("Allowed HTML").":<br>";
while (list($key,)= each($config[AllowableHTML])) echo " <".$key.">";
echo "</small>";
unset($sid, $author, $subject, $fulltext, $topic,$ip,$rightArray,$result,$topics,$size,$i,$key);
ps_footer("");
}
function postQueueNews($qid, $uid, $author, $subject, $fulltext, $topic, $ip) {
// post the news in queue
global $config;
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("1",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// check if he has right to edit this topic
$topics = getTopicRights();
if (!in_array($topic,$topics)) {
errorPage("Access Deny!",$config[def_theme]);
}
if ($uid == 0) $author = "Anonymous";
$fulltext = fixquotes(check_html($fulltext));
$subject = fixquotes(check_html($subject));
$author = fixquotes($author);
$result = mysql_query("insert into ps_stories values (NULL, '$author', '$subject', now(), '$fulltext', '0', '$topic','$ip')");
if (!$result) {
echo mysql_errno(). ": ".mysql_error(). "<br>";
return;
}
$result = mysql_query("update ps_users set newsPostNum=newsPostNum+1 where uid=$uid");
unset($uid, $author, $subject, $fulltext, $topic, $ip,$rightArray,$topics,$result);
deleteQueueNews($qid);
}
function removeNews ($sid, $ok=0) {
// remove existing news
global $config;
// check if he has right to use this function
$rightArray = getAdminRights();
if (!in_array("2",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// no $sid input, throw error message
if ($sid == "") {
errorPage("Access Deny!",$config[def_theme]);
}
// if $ok is passed in, we are ready to delete it.
if($ok) {
$result = mysql_query("select topic from ps_stories where sid=$sid");
list($topic) = mysql_fetch_row($result);
mysql_free_result($result);
// check if he has right to edit this topic
$topics = getTopicRights();
if (in_array($topic,$topics)) {
mysql_query("DELETE FROM ps_stories where sid=$sid");
mysql_query("DELETE FROM ps_comments where sid=$sid");
$mesg = translate("News+is+deleted!");
Header("Location: admin.php?mesg=$mesg");
} else {
errorPage("Access Denied",$config[def_theme]);
}
} else {
// No $ok is passed in, we will show the confirmation mesg.
ps_header("");
echo "<h3>".translate("Delete News")."</h3>";
printf ( translate("Are you sure you want to remove news ID #%s AND it's comments?"), $sid);
echo " [ <a href=\"admin.php\">".translate("No")."</a> | <a href=\"admin.php?op=removeNews&sid=$sid&ok=1\">".translate("Yes")."</a> ]";
$result = mysql_query("SELECT title, topic, aid FROM ps_stories WHERE sid=$sid");
list($title, $topic, $author) = mysql_fetch_row($result);
mysql_free_result($result);
list($count) = mysql_fetch_row(mysql_query("SELECT count(sid) FROM ps_comments where sid=$sid"));
?>
<BR>
<P><?php echo translate("News details"); ?>:</P>
<TABLE CELLPADDING=0 CELLSPACING=0 BORDER=0>
<TR><TH align=left><?php echo translate("Topic"); ?>: </TH><TD><?php echo "$topic"; ?></TD>
<TR><TH align=left><?php echo translate("Title"); ?>: </TH><TD><?php echo "$title"; ?></TD>
<TR><TH align=left><?php echo translate("Author"); ?>: </TH><TD><?php echo "$author"; ?></TD>
<TR><TH align=left><?php echo translate("Number of Comments"); ?>: </TH><TD><?php echo "$count"; ?></TD>
</TABLE>
<BR>
<?
unset($sid, $ok,$result,$topic,$topics,$mesg,$result,$title,$author,$count);
ps_footer("");
}
}
function selectNews($page) {
// show a list of News
global $config;
$rightArray = getAdminRights();
if (!in_array("2",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
ps_header("");
// restrict one page show only 10 news.
$topics = getTopicRights();
if ($page == ""){
$num = 0;
} else {
$num = ($page * 10) + 1;
}
$result = mysql_query("SELECT sid FROM ps_stories");
if ($result) {
$numRow = mysql_num_rows($result);
mysql_free_result($result);
}
$result = mysql_query("SELECT sid, title, topic, time,aid FROM ps_stories ORDER BY time desc,topic limit $num,10");
$numRow2 = mysql_num_rows($result);
if (!$result) {
echo "<BR>". translate("No articles found in index") ."<BR>\n";
} else {
// show the news
echo "<h3>".translate("Select news to Edit/Delete") . "</h3>";
echo "<table border=1><tr><td><B>".translate("Topic")."</B></td><td><b>".translate("Author")."</b></td><td><B>".translate("Edit")."</B></td><td><B>".translate("Delete")."</B></td><td><B>".translate("Subject")."</B></td><td><B>".translate("Date of post")."</B></td></tr>";
while (list($sid,$title,$topic,$datetime,$author) = mysql_fetch_row($result)) {
// show only the topic that the user can see
if (in_array($topic,$topics)) {
echo "<tr><td>$topic</td>";
echo "<td>$author</td>";
echo "<td><a href=\"admin.php?op=editNews&sid=$sid\">".translate("Edit")."</a></td>";
echo "<td><a href=\"admin.php?op=removeNews&sid=$sid\">".translate("Delete")."</a></td>";
echo "<td>$title</td>";
echo "<td>".formatTimestamp($datetime)."</td></tr>";
}
}
echo "</table>";
// make the next page link
if ($page == "") {
$page = 1;
} else {
$page++;
}
if ($numRow > ($num + $numRow2)) {
echo "<br><a href=\"admin.php?op=selectNews&page=$page\">Next page---></a>";
}
mysql_free_result($result);
}
unset($page,$topics,$rightArray,$page,$num,$result,$numRow,$numRow2,$sid,$title,$topic,$datetime,$author);
ps_footer("");
}
function updateNews($sid, $author, $subject, $fulltext, $topic,$ip) {
// Update the news that is just edited.
global $config;
// check if he has right use this function
$rightArray = getAdminRights();
if (!in_array("2",$rightArray)) {
errorPage("Access Deny!",$config[def_theme]);
}
// check if he has right to edit this topic
$topics = getTopicRights();
if (!in_array($topic,$topics) || $sid== "") {
errorPage("Access Deny!",$config[def_theme]);
}
$subject = check_html($subject);
$fulltext= check_html($fulltext);
$subject = fixquotes($subject);
$fulltext = fixquotes($fulltext);
mysql_query("update ps_stories set title='$subject', full_text='$fulltext', aid='$author', topic='$topic' where sid=$sid");
$mesg = translate("News+is+updated!");
unset($sid, $author, $subject, $fulltext, $topic,$ip,$topics,$rightArray);
Header("Location: admin.php?mesg=$mesg");
}
?>