<?php
// =====================================================
//
// s-p-e - Content management system.
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
//
// This file is part of s-p-e.
//
// s-p-e is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// s-p-e is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
// You can contact me via e-mail: bvbn at lipetsk period ru
//
// bams.php
//
// Abstract: Bindings and Sections management.
//
// Revision History:
//
// 1 2004-03-27 - 2005-07-02 vbt
// 2 2005-07-22 vbt
// 3 2005-09-18 vbt
// 4 2010-06-24 vbt
// 5 2011-01-21 vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");
include("configure/specfg.php");
include("../include/functions.php");
cache();
session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();
gc();
redirect(read(session_id()));
if(read(session_id()) == "administrator")
{
echo "<html>
<head>
<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
</head>
<body>";
language($cfg["deflangadmin"]);
if(isset($_POST['delpart']))
{
$delpart = $_POST['delpart'];
}
if(isset($_POST['addpart']))
{
$addpart = $_POST['addpart'];
}
if(isset($_POST['addbind']))
{
$addbind = $_POST['addbind'];
}
if(isset($_POST['username']))
{
$username = trim($_POST['username']);
}
if(isset($_POST['userbind']))
{
$userbind = trim($_POST['userbind']);
}
if(isset($_POST['newpart']))
{
$newpart = trim($_POST['newpart']);
}
if(isset($_POST['part']))
{
$part = trim($_POST['part']);
}
if(isset($_POST['bind']))
{
$bind = $_POST['bind'];
}
if(isset($_POST['type']))
{
$type = $_POST['type'];
}
if(isset($type) && $type == 1)
{
$length = 10;
$stype = "".(_("news"))."";
}
if(isset($type) && $type == 0)
{
$length = 11;
$stype = "".(_("articles"))."";
}
if(isset($addpart) || isset($delpart))
{
if(isset($addpart) && isset($newpart))
{
if($newpart == false)
{
echo "<font class='negative'>
".(_("Please, specify the name of the new section."))."
</font>";
}
else
{
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
$result = mysql_query("select num
from ".($cfg["prefix"])."partition
where partname='$newpart'
and pnid regexp '^.{".($length)."}$'", $connector)
or die("error #102-1");
while($row = mysql_fetch_array($result))
{
$id = $row["num"];
}
if(mysql_num_rows($result) == 0)
{
if($type == 1)
{
$srcpid = "".mt_rand(111, 999).strftime("%j").strftime("%m").strftime("%d")."";
}
if($type == 0)
{
$srcpid = "".mt_rand(1111, 9999).strftime("%j").strftime("%m").strftime("%d")."";
}
mysql_query("insert into ".($cfg["prefix"])."partition
(partname, pnid, date, timer)
values ('$newpart', '$srcpid', CURDATE(), now())", $connector)
or die("error #102-2");
mysql_query("create table ".($cfg["prefix"].$srcpid)."
(num integer auto_increment,
login varchar(25) not null,
mail varchar(35) not null,
theme varchar(255) not null,
intro text not null,
text text not null,
date date not null,
timer time not null,
state varchar(10),
robot varchar(1), key(num))", $connector)
or die("error #102-3");
echo "<font class='positive'>".(ucfirst($stype))." ".(_("section"))."</font>
$newpart
<font class='positive'>".(_("created successfully."))."</font>";
}
else
{
echo "<font class='negative'>".(ucfirst($stype))." ".(_("section"))."</font>
$newpart <font class='negative'>".(_("already exists."))."</font>";
}
mysql_free_result($result);
mysql_close($connector);
}
}
if(isset($delpart) && isset($newpart))
{
if($newpart == false)
{
echo "<font class='negative'>".(_("Please, specify the name of the section."))."</font>";
}
else
{
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
$rpart = mysql_query("select num, pnid
from ".($cfg["prefix"])."partition
where partname='$newpart'
and pnid regexp '^.{".($length)."}$'", $connector)
or die("error #102-4");
if(mysql_num_rows($rpart) == 0)
{
echo "<font class='negative'>".(_("You cannot remove section"))."</font>
$newpart .
<font class='negative'>".(_("It does not exist."))."</font>";
}
else
{
while($row = mysql_fetch_array($rpart))
{
$pointer = $row["pnid"];
$id = $row["num"];
}
mysql_free_result($rpart);
mysql_query("delete from ".($cfg["prefix"])."partition
where num='$id'", $connector)
or die("error #102-5");
mysql_query("drop table ".($cfg["prefix"].$pointer)."", $connector) or die("error #102-6");
mysql_query("delete from ".($cfg["prefix"])."lines
where partnameid='$id'", $connector)
or die("error #102-7");
mysql_close($connector);
echo "<font class='positive'>
".(ucfirst($stype))." ".(_("section"))."
</font>
$newpart
<font class='positive'>".(_("removed successfully."))."</font>";
}
}
}
}
if(isset($addbind) && isset($part) && isset($userbind))
{
if($userbind == "admin")
{
echo "<font class='negative'>
".(_("You cannot bind the administrator's login to any section."))."
</font>";
}
else
{
connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
$result = mysql_query("select pnid
from ".($cfg["prefix"])."partition
where partname='$part'
and pnid regexp '^.{".($length)."}$'", $connector)
or die("error #102-8");
if((mysql_num_rows($result) == 0) && ($bind == 1))
{
echo "<font class='negative'>
".(_("Create the needed section first, then create a binding."))."
</font>";
}
while($row = mysql_fetch_array($result))
{
$partnameid = $row["pnid"];
}
mysql_free_result($result);
if($bind == 1 && isset($partnameid))
{
$result = mysql_query("select num
from ".($cfg["prefix"])."lines
where partnameid='$partnameid'
and login='$userbind'", $connector)
or die("error #102-9");
if(mysql_num_rows($result) == 0)
{
mysql_query("insert into ".($cfg["prefix"])."lines
(login, partnameid)
values ('$userbind', '$partnameid')", $connector)
or die("error #102-10");
echo "<font class='positive'>".(_("The binding of the user"))."</font>
$userbind
<font class='positive'>".(_("to the section"))."</font>
$part
<font class='positive'>".(_("created successfully."))."</font>";
}
else
{
echo "<font class='negative'>
".(_("User"))."
</font>
$userbind
<font class='negative'>
".(_("had already been binded to the section"))."
</font>
$part.";
}
mysql_free_result($result);
}
if($bind == 0 && isset($partnameid))
{
mysql_query("delete from ".($cfg["prefix"])."lines
where partnameid='$partnameid'
and login='$userbind'", $connector)
or die("error #102-11");
echo "<font class='positive'>".(_("The binding of the user"))."</font>
$userbind
<font class='positive'>".(_("to the section"))."</font>
$part
<font class='positive'>".(_("removed successfully."))."</font>";
}
if($bind == 0 && isset($partnameid) == false)
{
echo "<font class='negative'>
".(_("The binding you want to remove does not exist."))."
</font>";
}
mysql_close($connector);
}
}
echo "<p>
<font class='s-normal'>
".(_("Back to the"))." <a href='admin.php'>".(_("s-p-e Administrator's Page"))."</a>
</font>
</p>
</body>
</html>";
} else {
echo _("Access denied.");
}
?>