<?php
/*******************************************************************
Name : raSMP 2.0
Copyright : 2002, Adam Alkins
Website : http://www.rasmp.com
email : hide@address.com
$Id: pages.php,v 1.51 2003/03/26 01:21:44 rasadam Exp $:
*******************************************************************/
/*******************************************************************
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the
Free Software Foundation Inc., 59 Temple Place, Suite 330,
Boston, MA 02111-1307 USA
*******************************************************************/
/*
Pages Admin Module
[Copy] - [Create] - [Delete] - [Edit]
*/
define('RASMP',true);
define('RASMP_ADMIN',true);
define('SCRIPT_PATH','../');
include SCRIPT_PATH.'common/extension.inc';
// Include functions et all
include SCRIPT_PATH.'common/admin_common.'.FILE_EXT;
// Check authentication
check_auth('pages');
// Set mode to lower case
$_GET['mode'] = strtolower($_GET['mode']);
function do_header($title)
{
display_header($title);
display_menu();
display_body();
}
function display_menu()
{
?>
<table width="98%" border="0" cellspacing="0" cellpadding="0" align="center">
<tr>
<td bgcolor="#0066CC">
<div align="center"><a class="menulink" href="<?php echo attach_sid("pages.".FILE_EXT."?mode=create"); ?>">Create</a> | <a class="menulink" href="<?php echo attach_sid("pages.".FILE_EXT."?mode=copy"); ?>">Copy</a> | <a class="menulink" href="<?php echo attach_sid("pages.".FILE_EXT."?mode=delete"); ?>">Delete</a> | <a class="menulink" href="<?php echo attach_sid("pages.".FILE_EXT."?mode=edit"); ?>">Edit</a> | <a class="menulink" href="<?php echo attach_sid("pages.".FILE_EXT."?mode=index"); ?>">Index</a></div>
</td>
</tr>
</table>
<?php
}
//
// Main switch statement, all the functions of the Pages module are here
//
switch($_GET['mode'])
{
case 'create':
// If button is not pressed
if(isset($_POST['docreate']))
{
// If one of the fields don't exist
if( (!isset($_POST['page_name']))||(!isset($_POST['cat_id']))||(!isset($_POST['page_title']))||(!isset($_POST['page_content']))||(!isset($_POST['template_id'])||(!isset($_POST['use_php']))) )
{
redirect_page('Missing Data Field to Create Page',attach_sid("pages.".FILE_EXT."?mode=create&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
$_POST['cat_id'] = intval($_POST['cat_id']);
$_POST['template_id'] = intval($_POST['template_id']);
$_POST['use_php'] = intval($_POST['use_php']);
// If page name is empty
if(empty($_POST['page_name']))
{
redirect_page('Page name is not valid',attach_sid("pages.".FILE_EXT."?mode=create&page_title=".urlencode($_POST['page_title'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// use_php must be 1 or 0, for true or false
if( ($_POST['use_php']!=0)&&($_POST['use_php']!=1) )
{
redirect_page('PHP Setting Incorrect',attach_sid("pages.".FILE_EXT."?mode=create&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']));
}
// Check if the template exists
$query = "SELECT template_id FROM ".TEMPLATES_TABLE." WHERE template_id = ".$_POST['template_id']." LIMIT 1";
if( (db_numrows('',$query,'Could not select template ID from the Templates table')==0)&&($_POST['template_id']!=0) )
{
redirect_page('Template ID incorrect',attach_sid("pages.".FILE_EXT."?mode=create&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&use_php=".$_POST['use_php']));
}
// Check if category exists
$query = "SELECT cat_id FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_POST['cat_id']." LIMIT 1";
if(db_numrows('',$query,'Could not select category ID from the Category table')==0)
{
redirect_page('Category does not exist',attach_sid("pages.".FILE_EXT."?mode=create&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// clean up page_name
$_POST['page_name'] = clean_public($_POST['page_name']);
// Check if the page already exists
$query = "SELECT page_name FROM ".PAGES_TABLE." WHERE page_name = '".$_POST['page_name']."' AND cat_id = ".$_POST['cat_id']." LIMIT 1";
if(db_numrows('',$query,'Could not select page name from Page table')!=0)
{
redirect_page('Page name already exists in the Selected Category',attach_sid("pages.".FILE_EXT."?mode=create&cat_id=".$_POST['cat_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// Clean up title, makes < > characters (No need to use striptags as it won't be evaluated as PHP, save processing time
$_POST['page_title'] = addslashes($_POST['page_title']);
$_POST['page_title'] = htmlentities($_POST['page_title']);
$contents = $_POST['page_content'];
if(ini_get('file_uploads')==1)
{
if(is_uploaded_file($_FILES['uploaded_page']['tmp_name'])&&$_FILES['uploaded_page']['size']!=0)
{
$fp = fopen($_FILES['uploaded_page']['tmp_name'],'r');
$contents = fread($fp, $_FILES['uploaded_page']['size']);
fclose($fp);
}
}
// Add slashes to characters than can break the query
$contents = addslashes($contents);
// Insert page
$query = "INSERT INTO ".PAGES_TABLE." (page_name, cat_id, date, page_title, page_content, template_id, use_php) VALUES('".$_POST['page_name']."',".$_POST['cat_id'].",".date("U").",'".$_POST['page_title']."','".$contents."',".$_POST['template_id'].",".$_POST['use_php'].")";
db_query($query,'Could not insert new page into the pages table');
// Redirect on completion
redirect_page('Successfully Added Page',attach_sid('pages.'.FILE_EXT.'?mode=index'));
}
else
{
// Show header
do_header('Admin Panel >> Pages Management >> Create');
if(ini_get('file_uploads')==1)
{
$form_type = ' enctype="multipart/form-data"';
}
else
{
$form_type = '';
}
// Show create screen
?>
<br /> <p align="center">Enter information to create a New page. Note: page name should not have any spaces (recommended), html is stripped for the title, select template "none" if you don't want the page to use any headers/footers, only Parse PHP if you're using PHP tags in this page (Improves Performance).</p>
<table width="90%" border="0" cellspacing="0" cellpadding="0" align="center" valign="middle">
<tr>
<td width="50%">
<div align="center">
<form name="create" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=create"); ?>"<?php echo $form_type; ?>>
Page name:
<input type="text" name="page_name" size="20" maxlength="255" value="<?php echo htmlentities(urldecode($_GET['page_name'])); ?>" />
</div>
</td>
<td width="50%">
<div align="center">
Category:
<select name="cat_id">
<?php
// Get categories list
$query = "SELECT cat_id,cat_pname FROM ".CATEGORIES_TABLE." ORDER BY cat_pname";
$result = db_query($query,'Could not select categories from categories table');
//
// category select box
//
// If cat_id is passed by the URL
if(isset($_GET['cat_id']))
{
while($cat_data = db_fetchassoc($result))
{
// Check if database row is the same as the URL passed ID
if($cat_data['cat_id'] == $_GET['cat_id'])
{
echo "<option value=\"".$cat_data['cat_id']."\" selected>".$cat_data['cat_pname']."</option>";
}
else
{
echo "<option value=\"".$cat_data['cat_id']."\">".$cat_data['cat_pname']."</option>";
}
}
}
else
{
while($cat_data = db_fetchassoc($result))
{
echo "<option value=\"".$cat_data['cat_id']."\">".$cat_data['cat_pname']."</option>";
}
}
?>
</select>
</div>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Page Title:
<input type="text" name="page_title" size="75" maxlength="255" value="<?php echo htmlentities(urldecode($_GET['page_title'])); ?>" />
</div>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Content:<br />
<textarea name="page_content" cols="80" rows="10"><?php echo htmlentities(urldecode($_GET['page_content'])); ?></textarea>
</div>
</td>
</tr>
</table>
<?php
if(ini_get('file_uploads')==1)
{
?>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center"> Or upload file:
<input type="hidden" name="MAX_FILE_SIZE" value="30000000" /><input name="uploaded_page" type="file" id="uploaded_page" />
<br />
</div>
</td>
</tr>
</table>
<?php
}
?>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Template:
<select name="template_id">
<?php
// Get template list
$query = "SELECT template_id,template_name FROM ".TEMPLATES_TABLE." ORDER BY template_id ASC";
$result = db_query($query,'Could not select templates from template table');
// If template id is passed in the URL
if(isset($_GET['template_id']))
{
while($template_data = db_fetchassoc($result))
{
// Check if database row is the same as the URL passed ID
if($template_data['template_id'] == $_GET['template_id'])
{
echo "<option value=\"".$template_data['template_id']."\" selected>".htmlentities(stripslashes($template_data['template_name']))."</option>";
}
else
{
echo "<option value=\"".$template_data['template_id']."\">".htmlentities(stripslashes($template_data['template_name']))."</option>";
}
}
}
else
{
while($template_data = db_fetchassoc($result))
{
echo "<option value=\"".$template_data['template_id']."\">".htmlentities(stripslashes($template_data['template_name']))."</option>";
}
}
?>
</select>
</div>
</td>
<td>
<div align="center">
Parse PHP?:
<select name="use_php">
<?php
// If use_php is sent via the URL
if(isset($_GET['use_php']))
{
// If the URL var is true
if($_GET['use_php']==1)
{
echo "<option value=\"1\" selected>Yes</option><option value=\"0\">No</option>";
}
else
{
echo "<option value=\"1\">Yes</option><option value=\"0\">No</option selected>";
}
}
else
{
?>
<option value="1">Yes</option>
<option value="0" selected>No</option>
<?php
}
?>
</select>
</div>
<td>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
<input type="submit" name="docreate" value="Add Page" />
</form>
</div>
</td>
</tr>
</table>
<?php
// Footer
display_footer();
}
break;
case 'copy':
if(db_rowcount(PAGES_TABLE)==0)
{
redirect_page('There are no Pages to Copy.',attach_sid("pages.".FILE_EXT."?mode=index"));
}
// if button was pressed
if(isset($_POST['docopy']))
{
// If any of the required values weren't set
if( !isset($_POST['page_name'])||!isset($_POST['dest_page_name'])||!isset($_POST['cat_id'])||!isset($_POST['dest_cat_id']) )
{
redirect_page('Missing a field',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&cat_id=".$_POST['cat_id']."&dest_page_name=".$_POST['dest_page_name']."&dest_cat_id=".$POST['dest_cat_id']));
}
// Set cat_id's to Integer, like it matters much though as this should be a secure area
// but whatever
$_POST['cat_id'] = intval($_POST['cat_id']);
$_POST['dest_cat_id'] = intval($_POST['dest_cat_id']);
// If all the data is the same
if( ($_POST['dest_cat_id']==$_POST['cat_id'])&&($_POST['page_name']==$_POST['dest_page_name']) )
{
redirect_page('Cannot copy to the same page!',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&cat_id=".$_POST['cat_id']."&dest_page_name=".$_POST['dest_page_name']."&dest_cat_id=".$POST['dest_cat_id']));
}
// If the source category doesn't exist. Granted if this wasn't here
// the next check would produce an error, this provides a better error
// message, well more precise anyway.
$query = "SELECT cat_id FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_POST['cat_id'];
if(db_numrows('',$query,'Could not lookup category data')==0)
{
redirect_page('Source Category is invalid',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&dest_page_name=".$_POST['dest_page_name']."&dest_cat_id=".$POST['dest_cat_id']));
}
// clean up page_name
$_POST['page_name'] = clean_public($_POST['page_name']);
// If the source page doesn't exist..
$query = "SELECT page_name,cat_id,page_title,page_content,template_id,use_php FROM ".PAGES_TABLE." WHERE page_name = '".clean($_POST['page_name'])."' AND cat_id = ".$_POST['cat_id'];
$result = db_query($query,'Could not lookup page data');
if(db_numrows($result)==0)
{
redirect_page('Source Page does not exist!',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&cat_id=".$_POST['cat_id']."&dest_page_name=".$_POST['dest_page_name']."&dest_cat_id=".$POST['dest_cat_id']));
}
else
{
$page_data = db_fetchassoc($result);
}
// If the destination category doesn't exist. Granted if this wasn't here
// the next check would produce an error, this provides a better error
// message, well more precise anyway.
$query = "SELECT cat_id FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_POST['dest_cat_id'];
if(db_numrows('',$query,'Could not lookup category data')==0)
{
redirect_page('Destination Category is invalid',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&cat_id=".$_POST['cat_id']."&dest_page_name=".$_POST['dest_page_name']));
}
// clean up dest_page_name
$_POST['dest_page_name'] = clean_public($_POST['dest_page_name']);
// If the source page doesn't exist..
$query = "SELECT page_name FROM ".PAGES_TABLE." WHERE page_name = '".$_POST['dest_page_name']."' AND cat_id = ".$_POST['dest_cat_id'];
if(db_numrows('',$query,'Could not lookup page data')!=0)
{
redirect_page('Destination Page already exists!',attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".urlencode($_POST['page_name'])."&cat_id=".$_POST['cat_id']."&dest_page_name=".$_POST['dest_page_name']."&dest_cat_id=".$POST['dest_cat_id']));
}
$query = "INSERT INTO ".PAGES_TABLE." (page_name, cat_id, date, page_title, page_content, template_id, use_php) VALUES('".$_POST['dest_page_name']."',".$_POST['dest_cat_id'].",".date("U").",'".$page_data['page_title']."','".$page_data['page_content']."',".$page_data['template_id'].",".$page_data['use_php'].")";
db_query($query,'Could not copy page');
redirect_page('Successfully copied Page',attach_sid("pages.".FILE_EXT."?mode=index"));
}
else
{
// Show header
do_header('Admin Panel >> Pages Management >> Copy page');
// If page_id was posted, basically meaning the data came from the index page
// NOTE: POST will override GET data (Look on...)
if(isset($_POST['page_id']))
{
$query = "SELECT p.page_name, c.cat_pname FROM ".PAGES_TABLE." as p, ".CATEGORIES_TABLE." as c WHERE p.page_id = ".intval($_POST['page_id'])." AND c.cat_id = p.cat_id";
$result = db_query($query,'Could not select Page and Category data');
$page_data = db_fetchassoc($result);
if(db_numrows($result)!=0)
{
$from_page_name = $page_data['page_name'];
$from_cat_pname = $page_data['cat_pname'];
$from_cat_id = intval($_POST['cat_id']);
}
}
else
// Covers URL passed variables
{
if(isset($_GET['page_name']))
{
$from_page_name = urldecode($_GET['page_name']);
}
unset($from_cat_pname);
unset($from_cat_id);
if(isset($_GET['cat_id']))
{
$_GET['cat_id'] = intval($_GET['cat_id']);
$from_cat_id = $_GET['cat_id'];
$query = "SELECT cat_pname FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_GET['cat_id'];
$result = db_query($query,'Could not select Category data');
$cat_data = db_fetchassoc($result);
if(db_numrows($result)!=0)
{
$from_cat_pname = $cat_data['cat_pname'];
$from_cat_id = intval($_GET['cat_id']);
}
}
unset($to_page_name);
unset($to_cat_id);
// Note use of variables are different from the passed ones (variable names)
// This is to prevent register_globals problems
if( isset($_GET['dest_page_name']) )
{
$to_page_name = urldecode($_GET['dest_page_name']);
}
if( isset($_GET['dest_cat_id']) )
{
$_GET['dest_cat_id'] = intval($_GET['dest_cat_id']);
$query = "SELECT cat_pname FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_GET['dest_cat_id'];
$result = db_query($query,'Could not select Category data');
$cat_data = db_fetchassoc($result);
if(db_numrows($result)!=0)
{
$to_cat_id = intval($_GET['dest_cat_id']);
$to_cat_pname = $cat_data['cat_pname'];
}
}
}
?>
<form name="copypage" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=copy"); ?>">
<div align="center">
<p>Page name:
<input type="textfield" name="page_name" value="<?php echo $from_page_name; ?>" />
in Category:
<select name="cat_id">
<?php
$query_arguments = " ";
if( isset($from_cat_id)&&isset($from_cat_pname) )
{
echo "<option value=\"".$from_cat_id."\" selected>".$from_cat_pname."</option>";
$query_arguments .= "WHERE cat_id <> '".$from_cat_id."' ";
}
$query = "SELECT cat_id, cat_pname FROM ".CATEGORIES_TABLE.$query_arguments."ORDER BY cat_pname";
$result = db_query($query,'Could not select Categories data');
while( $cat_data = db_fetchassoc($result) )
{
echo "<option value=\"".$cat_data['cat_id']."\">".$cat_data['cat_pname']."</option>";
}
?>
</select>
</p>
<p> <br />
to</p>
<p> <br />
Page name:
<input type="text" name="dest_page_name" value="<?php echo $to_page_name; ?>" />
in Category:
<select name="dest_cat_id">
<?php
$query_arguments = " ";
if( isset($to_cat_id)&&isset($to_cat_pname) )
{
echo "<option value=\"".$to_cat_id."\" selected>".$to_cat_pname."</option>";
$query_arguments .= "WHERE cat_id <> '".$to_cat_id."' ";
}
$query = "SELECT cat_id, cat_pname FROM ".CATEGORIES_TABLE.$query_arguments."ORDER BY cat_pname";
$result = db_query($query,'Could not select Categories data');
while( $cat_data = db_fetchassoc($result) )
{
echo "<option value=\"".$cat_data['cat_id']."\">".$cat_data['cat_pname']."</option>";
}
?>
</select>
</p>
<input type="submit" name="docopy" value="Copy Page" />
</div>
</form>
<?php
display_footer();
}
break;
case 'delete':
if(db_rowcount(PAGES_TABLE)==0)
{
redirect_page('There are no Pages to Delete.',attach_sid("pages.".FILE_EXT."?mode=index"));
}
unset($delete_id);
if( !isset($_POST['dodelete'])&&!isset($_GET['page_id'])&&!isset($_POST['page_id']) )
{
do_header('Admin Panel >> Pages Management >> Delete');
?>
<form name="deletepage" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=delete"); ?>">
<div align="center"><p>You can delete any page here. Important: If you delete a page which is the default page for a category, you should set a new default page immediately!</p>
<p>Page name:
<input type="textfield" name="page_name" />
in Category:
<select name="cat_id">
<?php
// Make categories list
$query = "SELECT cat_id, cat_pname FROM ".CATEGORIES_TABLE." ORDER BY cat_pname";
$result = db_query($query,'Could not select categories data');
while( $cat_data = db_fetchassoc($result) )
{
echo '<option value="'.$cat_data['cat_id'].'">'.$cat_data['cat_pname'].'</option>';
}
?>
</select>
</p>
<input type="submit" name="dodelete" value="Delete" />
</div>
</form>
<?php
display_footer();
}
else
{
// If page_id wasn't passed in the url
if(isset($_GET['page_id']))
{
$delete_id = intval($_GET['page_id']);
// If the id doesn't exist
if(!find_id($delete_id))
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=delete"));
}
}
else if(isset($_POST['page_id']))
{
$delete_id = intval($_POST['page_id']);
if(!find_id($delete_id))
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=delete"));
}
}
// If both the page_name and cat_id are posted
else if( isset($_POST['page_name'])&&isset($_POST['cat_id']) )
{
// Select page
$query = "SELECT page_id FROM ".PAGES_TABLE." WHERE page_name = '".clean($_POST['page_name'])."' AND cat_id = ".$_POST['cat_id'];
$result = db_query($query,'Could not select page data');
// if it doesn't exist
if(db_numrows($result)==0)
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=delete"));
}
else
{
$page_data = db_fetchassoc($result);
$delete_id = $page_data['page_id'];
}
}
else
{
// Shouldn't happen but its always good to have a backup
redirect_page('Field Data Missing!',attach_sid("pages.".FILE_EXT."?mode=delete"));
}
// Check if page is the default of a category, and if it is, set the default to 0
$query = "UPDATE ".CATEGORIES_TABLE." SET page_id = -1 WHERE page_id = $delete_id";
db_query($query,'Could not fetch data from Categories table');
// Deletes page
$query = "DELETE FROM ".PAGES_TABLE." WHERE page_id = ".$delete_id;
db_query($query,'Could not delete page');
redirect_page('Page successfully deleted.',attach_sid("pages.".FILE_EXT."?mode=index"));
}
break;
case 'edit':
if(db_rowcount(PAGES_TABLE)==0)
{
redirect_page('There are no Pages to Edit.',attach_sid("pages.".FILE_EXT."?mode=index"));
}
unset($edit_id);
if(isset($_POST['doedit']))
{
// if page id isn't there
if(!isset($_POST['page_id']))
{
redirect_page('No Page to Edit',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
// set as an integer
$_POST['page_id'] = intval($_POST['page_id']);
// if page doesn't exist
if(!find_id($_POST['page_id']))
{
redirect_page('Page not found',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
// If one of the fields don't exist
if( (!isset($_POST['page_name']))||(!isset($_POST['cat_id']))||(!isset($_POST['page_title']))||(!isset($_POST['page_content']))||(!isset($_POST['template_id'])||(!isset($_POST['use_php']))) )
{
redirect_page('Missing Data Field to Field Page',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
$_POST['cat_id'] = intval($_POST['cat_id']);
$_POST['template_id'] = intval($_POST['template_id']);
$_POST['use_php'] = intval($_POST['use_php']);
// If page name is empty
if(empty($_POST['page_name']))
{
redirect_page('Page name invalid',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// use_php must be 1 or 0, for true or false
if( ($_POST['use_php']!=0)&&($_POST['use_php']!=1) )
{
redirect_page('PHP Setting incorrect',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']));
}
// Check if the template exists
$query = "SELECT template_id FROM ".TEMPLATES_TABLE." WHERE template_id = ".$_POST['template_id']." LIMIT 1";
if( (db_numrows('',$query,'Could not select template ID from the Templates table')==0)&&($_POST['template_id']!=0) )
{
redirect_page('Template does not exist',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&use_php=".$_POST['use_php']));
}
// Check if category exists
$query = "SELECT cat_id FROM ".CATEGORIES_TABLE." WHERE cat_id = ".$_POST['cat_id']." LIMIT 1";
if(db_numrows('',$query,'Could not select category ID from the Category table')==0)
{
redirect_page('Category does not exist',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// clean up page_name
$_POST['page_name'] = clean_public($_POST['page_name']);
// Check if the page already exists (if changed)
$query = "SELECT page_name FROM ".PAGES_TABLE." WHERE page_name = '".$_POST['page_name']."' AND cat_id = ".$_POST['cat_id']." AND page_id <> ".$_POST['page_id']." LIMIT 1";
if(db_numrows('',$query,'Could not select page name from Page table')!=0)
{
redirect_page('Page name already exists',attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$_POST['page_id']."&page_name=".urlencode($_POST['page_name'])."&page_title=".urlencode($_POST['page_title'])."&page_content=".urlencode($_POST['page_content'])."&cat_id=".$_POST['cat_id']."&page_content=".urlencode($_POST['page_content'])."&template=".$_POST['template_id']."&use_php=".$_POST['use_php']));
}
// Clean up title, makes < > characters (No need to use striptags as it won't be evaluated as PHP, save processing time
$_POST['page_title'] = addslashes($_POST['page_title']);
$_POST['page_title'] = htmlentities($_POST['page_title']);
$contents = $_POST['page_content'];
if(ini_get('file_uploads')==1)
{
if(is_uploaded_file($_FILES['uploaded_page']['tmp_name'])&&$_FILES['uploaded_page']['size']!=0)
{
$fp = fopen($_FILES['uploaded_page']['tmp_name'],'r');
$contents = fread($fp, $_FILES['uploaded_page']['size']);
fclose($fp);
}
}
// Add slashes to characters than can break the query
$contents = addslashes($contents);
$query = "UPDATE ".PAGES_TABLE." SET page_name = '".$_POST['page_name']."', cat_id = ".$_POST['cat_id'].", date = ".date("U").", page_title = '".$_POST['page_title']."', page_content = '".$contents."', template_id = ".$_POST['template_id'].", use_php = ".$_POST['use_php']." WHERE page_id = ".$_POST['page_id'];
db_query($query, 'Could not update page information');
redirect_page('Page Successfully Edited',attach_sid("pages.".FILE_EXT."?mode=index"));
}
else
{
// If any of the possible var combinations aren't set, display screen to choose edit page
if( ( !isset($_POST['page_id'])&&!isset($_GET['page_id']) )&&( ( !isset($_POST['page_name'])||!isset($_POST['cat_id']) )&&( !isset($_GET['page_name'])||!isset($_GET['cat_id']) ) ) )
{
do_header('Admin Panel >> Pages Management >> Edit');
?>
<form name="editpage" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=edit"); ?>">
<div align="center"><p>Enter the page you'd like to make changes to</p>
<p>Page name:
<input type="textfield" name="page_name" />
in Category:
<select name="cat_id">
<?php
// Get categories list
$query = "SELECT cat_id, cat_pname FROM ".CATEGORIES_TABLE." ORDER BY cat_pname";
$result = db_query($query,'Could not select categories data');
while( $cat_data = db_fetchassoc($result) )
{
echo '<option value="'.$cat_data['cat_id'].'">'.$cat_data['cat_pname'].'</option>';
}
?>
</select>
</p>
<input type="submit" name="Submit" value="Edit" />
</div>
</form>
<?php
display_footer();
}
else
{
// If page_id to edit was posted
if(isset($_POST['page_id']))
{
// set it as $edit_id
$edit_id = intval($_POST['page_id']);
// try to find id
if(!find_id($edit_id))
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
}
// see if it was passed in the url
else if(isset($_GET['page_id']))
{
$edit_id = intval($_GET['page_id']);
if(!find_id($edit_id))
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
}
// see if we got the page name and category id instead
else if( isset($_POST['page_name'])&&isset($_POST['cat_id']) )
{
// get page id from name and cat
$query = "SELECT page_id FROM ".PAGES_TABLE." WHERE page_name = '".clean(urldecode($_POST['page_name']))."' AND cat_id = ".$_POST['cat_id'];
$result = db_query($query,'Could not fetch page id');
// not found
if(db_numrows($result)==0)
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
else
{
$page_data = db_fetchassoc($result);
$edit_id = $page_data['page_id'];
}
}
// if the page_name or cat_id was passed in the url
else if( isset($_GET['page_name'])&&isset($_GET['cat_id']) )
{
$query = "SELECT page_id FROM ".PAGES_TABLE." WHERE page_name = '".clean(urldecode($_GET['page_name']))."' AND cat_id = ".$_GET['cat_id'];
$result = db_query($query,'Could not fetch page id');
if(db_numrows($result)==0)
{
redirect_page('Page could not be found',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
else
{
$page_data = db_fetchassoc($result);
$edit_id = $page_data['page_id'];
}
}
else
{
// Shouldn't happen but good to have
redirect_page('Missing field',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
// Show header as we have a valid page to edit
do_header('Admin Panel >> Pages Management >> Edit');
// Get all the page data
$query = "SELECT p.page_id,p.page_name,p.page_title,p.cat_id,p.page_content,p.template_id,p.use_php,c.cat_pname,t.template_name FROM ".PAGES_TABLE." as p, ".CATEGORIES_TABLE." as c, ".TEMPLATES_TABLE." as t WHERE p.page_id = $edit_id AND c.cat_id = p.cat_id AND t.template_id = p.template_id";
$result = db_query($query,'Could get fetch page data');
if(db_numrows($result)==0)
{
// shouldn't happen also based on above checks
redirect_page('Invalid Edit Id',attach_sid("pages.".FILE_EXT."?mode=edit"));
}
else
{
if(ini_get('file_uploads')==1)
{
$form_type = ' enctype="multipart/form-data"';
}
else
{
$form_type = '';
}
// assign the var
$page_data = db_fetchassoc($result);
// unset vars to be used for security
unset($page_name);
unset($cat_id);
unset($cat_pname);
unset($template_id);
unset($template_name);
unset($page_title);
unset($page_content);
unset($use_php);
// if passed in the url meaning the edit failed so we fill with the edited values
if( isset($_GET['page_name']) )
{
$page_name = htmlentities(urldecode($_GET['page_name']));
}
else
{
// else we take the data from the db
$page_name = htmlentities($page_data['page_name']);
}
// get from the url
if( isset($_GET['cat_id']) )
{
// make an integer
$cat_id = intval($_GET['cat_id']);
// get the category name for this id
$query = "SELECT cat_pname FROM ".CATEGORIES_TABLE." WHERE cat_id = $cat_id";
$result = db_query($query,'Could not query categories table');
// if the category wasn't found..
if(db_numrows('',$query,'')==0)
{
// get from the original values
$cat_id = $page_data['cat_id'];
$cat_pname = htmlentities(stripslashes($page_data['cat_pname']));
}
else
{
// get from the passed values
$cat_data = db_fetchassoc($result);
$cat_pname = htmlentities(stripslashes($cat_data['cat_pname']));
}
}
else
{
// get from the original values
$cat_id = $page_data['cat_id'];
$cat_pname = htmlentities(stripslashes($page_data['cat_pname']));
}
// if title was passed
if( isset($_GET['page_title']) )
{
$page_title = htmlentities(urldecode($_GET['page_title']));
}
else
{
// clean up data if from the original
$page_title = htmlentities(stripslashes($page_data['page_title']));
}
// if passed in the url
if( isset($_GET['page_content']) )
{
$page_content = htmlentities(urldecode($_GET['page_content']));
}
else
{
// clean up data from db
$page_content = htmlentities(stripslashes($page_data['page_content']));
}
// check template id from url
if( isset($_GET['template_id']) )
{
// set as integer
$template_id = intval($tempalte_id);
// fetch data
$query = "SELECT template_name FROM ".TEMPLATES_TABLE." WHERE template_id = $template_id";
$result = db_query($query,'Could not query Template information');
// if it isn't there
if(db_numrows($result)==0)
{
$template_id = $page_data['template_id'];
$template_name = htmlentities(stripslashes($page_data['template_name']));
}
else
{
$template_data = db_fetchassoc($result);
$template_name = htmlentities(stripslashes($template_data['template_name']));
}
}
else
{
$template_id = $page_data['template_id'];
$template_name = htmlentities(stripslashes($page_data['template_name']));
}
// if use_php is set and its either 1 or 0
if( isset($_GET['use_php'])&&($_GET['use_php']==0||$_GET['use_php']==1) )
{
$use_php = $_GET['use_php'];
}
else
{
$use_php = $page_data['use_php'];
}
?>
<br /> <p align="center">Change the values of this page. Note: Same rules apply as to when creating a page, i.e. page name should not have any spaces (recommended), html is stripped for the title, select template "none" if you don't want the page to use any headers/footers, only Parse PHP if you're using PHP tags in this page (Improves Performance).</p>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="50%">
<div align="center">
<form name="create" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=edit"); ?>"<?php echo $form_type; ?>>
Page name:
<input type="text" name="page_name" size="20" maxlength="255" value="<?php echo $page_name; ?>" />
</div>
</td>
<td width="50%">
<div align="center">
Category:
<select name="cat_id">
<?php
// show the selected one first
echo '<option value="'.$cat_id.'" selected="selected">'.$cat_pname.'</option>';
// get list
$query = "SELECT cat_id,cat_pname FROM ".CATEGORIES_TABLE." WHERE cat_id <> $cat_id ORDER BY cat_pname";
$result = db_query($query,'Could not select categories from categories table');
while($cat_data = db_fetchassoc($result))
{
echo "<option value=\"".$cat_data['cat_id']."\">".$cat_data['cat_pname']."</option>";
}
?>
</select>
</div>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Page Title:
<input type="text" name="page_title" size="75" maxlength="255" value="<?php echo $page_title; ?>" />
</div>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Content:<br />
<textarea name="page_content" cols="80" rows="10"><?php echo $page_content; ?></textarea>
</div>
</td>
</tr>
</table>
<?php
if(ini_get('file_uploads')==1)
{
?>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center"> Or upload file:
<input type="hidden" name="MAX_FILE_SIZE" value="30000000" /><input name="uploaded_page" type="file" id="uploaded_page" />
<br />
</div>
</td>
</tr>
</table>
<?php
}
?>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
Template:
<select name="template_id">
<?php
// show selected
echo '<option value="'.$template_id.'" selected>'.$template_name.'</option>';
// get list
$query = "SELECT template_id,template_name FROM ".TEMPLATES_TABLE." WHERE template_id <> $template_id ORDER BY template_name";
$result = db_query($query,'Could not select template data');
while($template_data = db_fetchassoc($result))
{
echo '<option value="'.$template_data['template_id'].'">'.stripslashes($template_data['template_name']).'</option>';
}
?>
</select>
</div>
</td>
<td>
<div align="center">
Parse PHP?:
<select name="use_php">
<?php
if($use_php==1)
{
echo "<option value=\"1\" selected>Yes</option><option value=\"0\">No</option>";
}
else
{
echo "<option value=\"1\">Yes</option><option value=\"0\" selected>No</option>";
}
?>
</select>
</div>
<td>
</td>
</tr>
</table>
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
<input type="hidden" name="page_id" value="<?php echo $edit_id; ?>" />
<input type="submit" name="doedit" value="Make Changes" />
</form>
</div>
</td>
</tr>
</table>
<?php
display_footer();
}
}
}
break;
case 'index':
default:
unset($order_by);
unset($sort_by);
unset($o_sort_by);
unset($o_order_by);
unset($cat_query);
unset($cat_url);
unset($selected_cat);
unset($query_arguments);
unset($url_arguments);
unset($define);
unset($define_name);
do_header('Admin Panel >> Pages');
$_GET['orderby'] = strtolower($_GET['orderby']);
if(($_GET['orderby']=='page_id')||($_GET['orderby']=='page_name')||($_GET['orderby']=='page_title'))
{
$order_by = $_GET['orderby'];
}
else
{
$order_by = 'page_id';
}
$_GET['sortby'] = strtoupper($_GET['sortby']);
if($_GET['sortby']=='ASC')
{
$sort_by = 'ASC';
$o_sort_by = 'DESC';
}
else if($_GET['sortby']=='DESC')
{
$sort_by = 'DESC';
$o_sort_by = 'ASC';
}
else
{
$sort_by = 'ASC';
$o_sort_by = 'DESC';
}
if( (!isset($_POST['cat_id']) && (!isset($_GET['cat_id']))||($_GET['cat_id']=='all' || $_POST['cat_id']=='all') ) )
{
$cat_query = '';
$cat_url = '';
}
else
{
if(isset($_POST['cat_id']))
{
$_POST['cat_id'] = intval($_POST['cat_id']);
$selected_cat = $_POST['cat_id'];
$cat_query = "WHERE cat_id = ".$_POST['cat_id']." ";
$cat_url = "&cat_id=".$_POST['cat_id'];
}
else
{
$_GET['cat_id'] = intval($_GET['cat_id']);
$selected_cat = $_GET['cat_id'];
$cat_query = "WHERE cat_id = ".$_GET['cat_id']." ";
$cat_url = "&cat_id=".$_GET['cat_id'];
}
}
$query_arguments = $cat_query.'ORDER BY '.$order_by.' '.$sort_by;
$url_arguments = $cat_url."&sortby=".$o_sort_by;
?>
<p align="center">Welcome to the Pages Administration. Navigate on top to modify and add pages. You can view the pages in your database below. Select a yellow coloured title to sort by the that column, and click it again to change the order of sorting (Ascending or Descending). You can also only show pages in a specific category.</p>
<table width="90%" border="1" cellspacing="0" cellpadding="0" align="center" bordercolor="#A8B9FF">
<tr>
<td bgcolor="0066CC">
<div align="center"><b><font color="#FFFFFF" size="3"><?php echo "<a class=\"sortlink\" href=\"".attach_sid("pages.".FILE_EXT."?mode=index&orderby=page_id".$url_arguments)."\">Page ID</a>"; ?></font></b></div>
</td>
<td bgcolor="0066CC">
<div align="center"><font size="3" color="#FFFFFF"><b><?php echo "<a class=\"sortlink\" href=\"".attach_sid("pages.".FILE_EXT."?mode=index&orderby=page_name".$url_arguments)."\">Page Name</a>"; ?></b></font></div>
</td>
<td bgcolor="0066CC">
<div align="center"><font size="3" color="#FFFFFF"><b>Category Name</b></font></div>
</td>
<td bgcolor="0066CC">
<div align="center"><b><font size="3" color="#FFFFFF"><?php echo "<a class=\"sortlink\" href=\"".attach_sid("pages.".FILE_EXT."?mode=index&orderby=page_title".$url_arguments)."\">Page Title</a>"; ?></font></b></div>
</td>
<td bgcolor="0066CC"> </td>
<td bgcolor="0066CC"> </td>
<td bgcolor="0066CC"> </td>
<td bgcolor="0066CC"> </td>
</tr>
<?php
$query = "SELECT cat_id,cat_name,cat_pname FROM ".CATEGORIES_TABLE." ORDER BY cat_pname";
$result = db_query($query,'Could not select category name');
echo '<div align="center"><form name="catselect" method="post" action="'.attach_sid("pages.".FILE_EXT."?mode=index").'">';
echo 'Show Pages in Category: <select name="cat_id">';
echo '<option value="all" selected>All Categories</option>';
while($catdata = db_fetchassoc($result))
{
$cat_id = $catdata['cat_id'];
$define[$cat_id] = $catdata['cat_pname'];
$define_name[$cat_id] = $catdata['cat_name'];
if($cat_id == $_POST['cat_id'])
{
echo '<option value="'.$cat_id.'" selected="selected">'.$catdata['cat_pname'].'</option>';
}
else
{
echo '<option value="'.$cat_id.'">'.$catdata['cat_pname'].'</option>';
}
}
echo '</select> <input type="submit" name="Submit" value="Show" /></form></div>';
$query = "SELECT page_id,page_name,cat_id,page_title FROM ".PAGES_TABLE." ".$query_arguments;
$result = db_query($query,'Could not select pages from page table');
while($page_data = db_fetchassoc($result))
{
$cat_id = $page_data['cat_id'];
$page_data['page_title'] = stripslashes($page_data['page_title']);
?>
<tr>
<td width="60">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo $page_data['page_id']; ?></font></div>
</td>
<td width="100">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo $page_data['page_name']; ?></font></div>
</td>
<td width="125">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo $define[$cat_id]; ?></font></div>
</td>
<td>
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo $page_data['page_title']; ?></font></div>
</td>
<td width="50">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".attach_sid("pages.".FILE_EXT."?mode=edit&page_id=".$page_data['page_id'])."\">Edit</a>"; ?></font></div>
</td>
<td width="50">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".attach_sid("pages.".FILE_EXT."?mode=copy&page_name=".$page_data['page_name']."&cat_id=".$cat_id)."\">Copy</a>"; ?></font></div>
</td>
<td width="50">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".attach_sid("pages.".FILE_EXT."?mode=delete&page_id=".$page_data['page_id'])."\">Delete</a>"; ?></font></div>
</td>
<td width="50">
<div align="center"><font size="3" face="Times New Roman, Times, serif"><?php echo "<a href=\"".SCRIPT_PATH."index.".FILE_EXT."?".CATEGORY_NAME."=".$define_name[$cat_id]."&".PAGE_NAME."=".$page_data['page_name']."\" target=\"_blank\">View</a>"; ?></font></div>
</td>
</tr>
<?php
}
?>
</table>
<br />
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
<form name="copypage" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=copy"); ?>">
<input type="text" name="page_id" value="Enter Page ID" size="20" maxlength="255" />
<input type="submit" name="Submit" value="Copy Page" />
</form>
</div>
</td>
<td>
<div align="center">
<form name="edit" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=edit"); ?>">
<input type="text" name="page_id" value="Enter Page ID" size="20" maxlength="255" />
<input type="submit" name="Submit" value="Edit Page" />
</form>
</div>
</td>
<td>
<div align="center">
<form name="delete" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=delete"); ?>">
<input type="text" name="page_id" value="Enter Page ID" size="20" maxlength="100" />
<input type="submit" name="Submit" value="Delete Page" />
</form>
</div>
</td>
</tr>
</table>
<br />
<table width="90%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td>
<div align="center">
<form name="create" method="post" action="<?php echo attach_sid("pages.".FILE_EXT."?mode=create"); ?>">
<input type="submit" name="Submit2" value="Create Page" />
</form>
</div>
</td>
</tr>
</table>
<?php
display_footer();
}
?>