Location: PHPKode > projects > RAMUI WEBBLOG > fw_blog/admin/include/clspage.php
<?php
/*
Copyright (c) 2008 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class page extends clsmain
{
private function show_fw_preview()
{
    $pagename=trim(rawurldecode($_POST["pagename"]));
    $pagename=fw_preview_pagename($pagename);
    $title=trim(fw_add_slashes(rawurldecode($_POST["title"])));
    $heads=trim(fw_add_slashes(rawurldecode($_POST["heads"])));
    $content=trim(fw_add_slashes(rawurldecode($_POST["content"])));
    $template=trim(fw_add_slashes(rawurldecode($_POST["template"])));
    $defaultstyle=$_POST["defaultstyle"];
    $query="SELECT id FROM ".$this->prefix."preview";
    $result=@mysql_query($query);
    $dt=time();
    if(!(@mysql_num_rows($result))){
        $query="INSERT INTO ".$this->prefix."preview(pagename, title, heads, content, publish, template, defaultstyle, date) VALUES ('$pagename', '$title', '$heads', '', 'Y', '$template', '$defaultstyle', $dt)";}
    else{$query="UPDATE ".$this->prefix."preview SET title = '$title', heads = '$heads', content = '', pagename = '$pagename', template = '$template', defaultstyle = '$defaultstyle', publish = 'Y', date = $dt";}
    @mysql_query($query);

    foreach (glob("../pages/*preview:*.php") as $filename) {
            @unlink($filename);}

    if($this->create_page($pagename,$content)){
        $_SESSION['fw_preview']=$pagename;}
    echo 'http://'.getenv('HTTP_HOST').fw_get_docroot().$pagename.'.html';
}
private function show_edit($page_id='')
{
        $this->build_head("Create page || Edit page","script/editpage.js");
        if($page_id != ''){
            $query="SELECT* FROM ".$this->prefix."pageinf WHERE id = ".$page_id;
            $result = @mysql_query($query);
            $row = @mysql_fetch_array($result, MYSQL_ASSOC);}
        include "include/editpage.php";
        $this->build_footer();
}

private function delete_page1($page_id)
{
    $query="SELECT pagename FROM ".$this->prefix."pageinf WHERE id = ".$page_id;
    $result = @mysql_query($query);
    $row = @mysql_fetch_array($result, MYSQL_ASSOC);
    $pagename=$row['pagename'];
    @unlink('../pages/'.str_replace('/','.',$pagename).'.php');
    @unlink('../headers/'.str_replace('/','.',$pagename).'.php');
    $this->delete_page("pageinf", 1, $page_id);
}

private function edit_page($overwrite, $id='')
{
    $pagename=trim(rawurldecode($_POST["pagename"]));
    if(substr($pagename,0,5)==='fw_blog/'){
        echo 'Error: please do not create page in your blog directory';
        exit;}
    $headers=fw_strip_slashes(rawurldecode(trim($_POST["headers"])));
    $title=trim(fw_add_slashes(rawurldecode($_POST["title"])));
    $description=trim(htmlentities(rawurldecode($_POST["description"]),ENT_QUOTES));
    $description=str_replace("\n"," ",str_replace("\r","",$description));
    while(strpos($description,'  ')!==false){$description=str_replace('  ',' ',$description);}
    $keywords=trim(htmlentities(rawurldecode($_POST["keywords"]),ENT_QUOTES));
    $keywords=str_replace("\n"," ",str_replace("\r","",$keywords));
    while(strpos($keywords,'  ')!==false){$keywords=str_replace('  ',' ',$keywords);}
    $heads=fw_add_slashes(rawurldecode(trim($_POST["heads"])));
    $heads=fw_add_slashes(rawurldecode(trim($_POST["heads"])));
    $content=fw_strip_slashes(rawurldecode(trim($_POST["content"])));
    $template=trim(fw_add_slashes(rawurldecode($_POST["template"])));
    $defaultstyle=$_POST["defaultstyle"];
    $indexed=$_POST["indexed"];
    $allowcomments=$_POST["allowcomments"];
    $n=true;
    $dt=time();

    if($overwrite=='1'){$n=false;}
    else{
            $query="SELECT pagename FROM ".$this->prefix."postinf WHERE pagename = '$pagename'";
            $result = @mysql_query($query);
            $row = @mysql_fetch_array($result, MYSQL_ASSOC);
            if(!empty($row['pagename'])){
                    echo 'post';
                    return;}

            $query="SELECT pagename FROM ".$this->prefix."pageinf WHERE pagename = '$pagename'";
            $result = @mysql_query($query);
            $row = @mysql_fetch_array($result, MYSQL_ASSOC);
            if(!empty($row['pagename'])){
                    $n=false;
                    if(empty($id)){
                           echo 'confirm';
                           return;}
                    else{
                           $query="SELECT pagename FROM ".$this->prefix."pageinf WHERE id = $id";
                           $result = @mysql_query($query);
                           $row = @mysql_fetch_array($result, MYSQL_ASSOC);
                           if($row['pagename']!==$pagename){
                                echo 'confirm';
                                return;}
                    }
            }
    }

    $query="UPDATE ".$this->prefix."pageinf SET title = '$title', description = '$description', keywords = '$keywords', heads = '$heads', template = '$template', defaultstyle = '$defaultstyle', indexed = '$indexed', allowcomments = '$allowcomments', date = $dt WHERE pagename = '$pagename'";
    if($n){$query="INSERT INTO ".$this->prefix."pageinf(pagename, title, description, keywords, heads, template, defaultstyle, indexed, allowcomments, date) VALUES ('$pagename', '$title', '$description', '$keywords', '$heads', '$template', '$defaultstyle', '$indexed', '$allowcomments', $dt)";}
    if(!$this->create_page($pagename,$content)){
         echo "Error: Unable to create page content. Please check file permission.";
         exit;}
    if(!$this->create_header($pagename,$headers)){
         echo "Error: Unable to modify header file. Please check file permission.";
         exit;}
    if(!(@mysql_query($query))){
          echo 'Error: '.mysql_error();
          return;}
    $query="SELECT id FROM ".$this->prefix."pageinf WHERE pagename = '$pagename'";
    $result = @mysql_query($query);
    $row = @mysql_fetch_array($result, MYSQL_ASSOC);
    $str= "index.php?qur=1M1M".$row['id'];
    $str.=(($n)? '&create='.substr(bin2hex($pagename),0,20) : '&edit='.substr(bin2hex($pagename),0,20));
    echo $str;
}

public function get_query($query='')
{
if ($this->validate_user()){
switch ($query[1]) {
    case "6":
        $this->show_list("File list",1,"pageinf",$query[2]);
    break;
    case "7":
        $this->edit_page($query[2], $query[3]);
    break;
    case "1":
        $this->show_edit($query[2]);
    break;
    case "2":
        $this->delete_page1($query[2]);
    break;
    case "3":
        $this->publish("pageinf", 1, $query[2]);
    break;
    case "4":
        $this->show_fw_preview();
    break;
    case "5":
        $this->log_out();
    break;
    default :
        $this->show_list("File list",1,"pageinf",1);
}
}
else{if(($query[1]!='4')||($query[1]!='7')){$this->log_in();}}
}
}
?>
Return current item: RAMUI WEBBLOG