Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/edproc.php
<?php 
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  edproc.php
//
//  Abstract: Writing into editor's column.
// 
//  Revision History:
// 
//	1  2004-03-27 - 2005-07-02  vbt
//	2  2005-07-20  vbt
//	3  2010-06-24  vbt
//	4  2011-01-22  vbt
// 5  2011-12-23  vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");

include("configure/specfg.php"); 
include("../include/functions.php");

cache();

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();

gc();

redirect(read(session_id()));

if(read(session_id()) == "editor")
{
	
	language($cfg["deflangadmin"]);
	
	connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
	
	if($login = auth($connector, session_id(), "editor", $cfg["prefix"]))
	{
	
		echo "<html>
		<head>
		<title>".(_("Editor's column"))."</title>
		<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
		</head>
		<body>";
		if(isset($_POST["save"]))
		{
			$save = $_POST['save'];
		}
		if(isset($_POST["update"]))
		{
			$update = $_POST['update'];
		}
		if(isset($_POST["delete"]))
		{
			$delete = $_POST['delete'];
		}
		
		if(isset($save))
		{
			$message = $_POST['message'];
			$message = trim($message);
			$message = str_replace("\n", "<br>", $message);
			$message = addslashes($message);
			$theme = addslashes($_POST['theme']);
			$maxlen = "5000";
			
			$theme = trim($theme);
			
			if($theme == false)
				echo "<font class='negative'>".(_("Please, specify the theme."))."</font>";
			else if($message == false)
				echo "<font class='negative'>".(_("Please, specify the message."))."</font>";
			else if(strlen($message) > $maxlen)
				echo "<font class='negative'>
				".(_("The message is longer than 5000 characters and cannot be saved."))."
				</font>";
			else 
			{
				connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
				$result = mysql_query("select mail 
					  	from ".($cfg["prefix"])."security 
						where login='$login' 
						and addk='editor'", $connector) 
						or die("error #102-1");
				while($row = mysql_fetch_array($result))
				{
					$mail = $row["mail"];
				}
				mysql_free_result($result);

				mysql_query("insert into ".($cfg["prefix"])."editor 
					(login, theme, text, mail, date, timer) 
					values ('$login', '$theme', '$message', 
					'$mail', '".(date("Y-m-d"))."', now())", $connector)
					or die("error #102-2");
				echo "<font class='positive'>".(_("The message was saved successfully."))."</font>";
				mysql_close($connector);
			}
		}

		if(isset($update))
		{
			$ptrEntry = base64_decode($_POST['colptr']);
			$message = $_POST['message'];
			$message = trim($message);
			$message = str_replace("\n", "<br>", $message);
			$message = addslashes($message);
			$maxlen = "5000";
			
			if($message == false)
				echo "<font class='negative'>".(_("Please, specify the message."))."</font>";
			else if(strlen($message) > $maxlen)
				echo "<font class='negative'>
				".(_("The message is longer than 5000 characters and cannot be updated."))."
				</font>";
			else 
			{
				connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
				mysql_query("update ".($cfg["prefix"])."editor 
					set text='$message' 
					where num='$ptrEntry'", $connector) 
					or die("error #102-3");
				echo "<font class='positive'>".(_("The entry was updated successfully."))."</font>";
				mysql_close($connector);
			}
		}

		if(isset($delete))
		{
			$colpoint = $_POST['colrm'];
			if($colpoint == false)
			{
				$colpoint="n";
			} 
			if($colpoint == "n")
			{
				echo _("Please, specify the entry to be removed.");
			}
			if(($colpoint != "n") && ($colpoint == true))
			{
				for($i = 0; $i < sizeof($colpoint); $i++)
				{
				  connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
				  mysql_query("delete from ".($cfg["prefix"])."editor 
						where num=$colpoint[$i]", $connector) 
						or die("error #102-4");
				  mysql_close($connector);
				}
				echo "<font class='positive'>".(_("The entry was removed successfully."))."</font>";
			}
		}
		echo "<p><font class='s-normal' id='w-normal'>
		".(_("Back to the"))." <a href='edcol.php'>".(_("s-p-e Editor's Page"))."</a>.
		</font></p>
		</body>
		</html>";
	} else {
		echo _("Access denied.");
	}
} else {
	echo _("Access denied.");
}

?>
Return current item: Sound PHP Engine