<?php
// =====================================================
//
// s-p-e - Content management system.
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
//
// This file is part of s-p-e.
//
// s-p-e is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// s-p-e is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
// You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
// addnews.php
//
// Abstract: Publications management.
//
// Revision History:
//
// 1 2004-03-27 - 2005-07-02 vbt
// 2 2005-07-20 vbt
// 3 2005-09-18 vbt
// 4 2010-06-24 vbt
// 5 2011-01-21 vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");
include("configure/specfg.php");
include("../include/functions.php");
cache();
session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();
gc();
redirect(read(session_id()));
if(read(session_id()) == "user")
{
language($cfg["deflangadmin"]);
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
if($login = auth($connector, session_id(), "user", $cfg["prefix"]))
{
echo "<html>
<head>
<title>".(_("Publications management"))."</title>
<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
</head>
<body>";
if(isset($_POST['partname']))
{
$partname = base64_decode($_POST['partname']);
}
if(isset($_POST['type']))
{
$type = base64_decode($_POST['type']);
}
if(isset($type) && $type == 110)
{
$length = 10;
}
if(isset($type) && $type == 111)
{
$length = 11;
}
if(isset($_POST['save']))
{
$save = $_POST['save'];
}
if(isset($_POST['update']))
{
$update = $_POST['update'];
}
if(isset($_POST['newtheme']))
{
$newtheme = $_POST['newtheme'];
$newtheme = trim($newtheme);
$newtheme = addslashes($newtheme);
}
if(isset($_POST['newtext']))
{
$newtext = $_POST['newtext'];
$newtext = str_replace("\n", "<br>", $newtext);
$newtext = addslashes($newtext);
}
if(isset($_POST['newintro']))
{
$newintro = $_POST['newintro'];
$newintro = str_replace("\n", "<br>", $newintro);
$newintro = addslashes($newintro);
}
if(isset($_POST['num']))
{
$num = base64_decode($_POST['num']);
}
if(isset($_POST['delete'])){
$delete = $_POST['delete'];
}
if(isset($_POST['ndel'])){
$ndel = $_POST['ndel'];
}
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
$result = mysql_query("select ".($cfg["prefix"])."lines.num
from ".($cfg["prefix"])."lines, ".($cfg["prefix"])."partition
where ".($cfg["prefix"])."lines.login='$login'
and ".($cfg["prefix"])."partition.partname='$partname'
and ".($cfg["prefix"])."partition.pnid=".($cfg["prefix"])."lines.partnameid", $connector)
or die("error #102-1");
if(mysql_num_rows($result) == 0)
{
echo _("Access denied.");
}
else
{
$result = mysql_query("select mail
from ".($cfg["prefix"])."security
where login='$login'") or die("error #102-2");
while($row = mysql_fetch_array($result, MYSQL_NUM))
{
$mail = $row[0];
}
mysql_free_result($result);
$result = mysql_query("select num, pnid
from ".($cfg["prefix"])."partition
where partname='$partname' and pnid regexp '^[0-9]{".($length)."}$'")
or die("error #102-3");
while($row = mysql_fetch_array($result, MYSQL_NUM))
{
$partnum = $row[0];
$pointer = $row[1];
}
mysql_free_result($result);
if(isset($save))
{
$maxlen = "60000";
if(strlen($newintro) > $maxlen)
echo "<font class='negative'>
".(_("The introduction is longer than 60000 characters and cannot be saved."))."
</font>";
else if(strlen($newtext) > $maxlen)
echo "<font class='negative'>
".(_("The full text is longer than 60000 characters and cannot be saved."))."
</font>";
else
{
mysql_query("insert into ".($cfg["prefix"].$pointer)."
(login, mail, theme, intro, text, date, timer)
values ('$login', '$mail', '$newtheme',
'$newintro', '$newtext', '".(date("Y-m-d"))."', now())") or die("error #102-4");
echo "<font class='positive'>".(_("Data saved successfully."))."</font>"; }
}
if(isset($update))
{
$maxlen = "60000";
if(strlen($newintro) > $maxlen)
echo "<font class='negative'>
".(_("The introduction is longer than 60000 characters and cannot be saved."))."
</font>";
else if(strlen($newtext) > $maxlen)
echo "<font class='negative'>
".(_("The full text is longer than 60000 characters and cannot be saved."))."
</font>";
else
{
mysql_query("update ".($cfg["prefix"].$pointer)."
set intro='$newintro', text='$newtext', robot=null
where num='$num'")
or die("error #102-5");
mysql_query("delete from ".($cfg["prefix"])."search
where id='$partnum' and number='$num'") or die("error #102-6");
echo "<font class='positive'>".(_("The entry was updated successfully."))."</font>";
}
}
if(isset($delete))
{
if($ndel == false)
{
$ndel = "n";
}
if($ndel == "n")
{
echo _("Please, specify the entry to be removed.");
}
if($ndel != "n" && $ndel == true)
{
for($i = 0; $i < sizeof($ndel); $i++)
{
mysql_query("delete from ".($cfg["prefix"].$pointer)."
where num=$ndel[$i]", $connector)
or die("error #102-7");
mysql_query("delete from ".($cfg["prefix"])."search
where id='$partnum' and number='$ndel[$i]'")
or die("error #102-8");
}
echo "<font class='positive'>
".(_("The entry was removed successfully."))."
</font>";
}
}
}
echo "<p>
<font class='s-normal'>
".(_("Back to the"))."
<a href='public.php?type=".(base64_encode($type))."'>".(_("s-p-e Publications' Page"))."</a>
</font>
</p>
</body>
</html>";
}
else
{
echo _("Access denied.");
}
}
else
{
echo _("Access denied.");
}
?>