Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/msaver.php
<?php
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  msaver.php
//
//  Abstract: Saves messages on message board.
//  
//  Revision History:
// 
//	1  2005-09-05  vbt
//	2  2010-06-24  vbt
//	3  2011-01-22  vbt
// 4  2011-12-23  vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");

include("configure/specfg.php"); 
include("../include/functions.php");

cache();

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();

gc();

redirect(read(session_id()));

if(read(session_id()) == "administrator")
{ 
	language($cfg["deflangadmin"]);
	echo "<html>
	<head>
	<title>".(_("Message board"))."&nbsp;/&nbsp;".(_("s-p-e Administrator's Panel"))."</TITLE>
	<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'></HEAD>
	<body class='admin'>
	<p><br><font class='s-normal' id='w-normal'>".(_("Back to the"))."&nbsp;
	<a href='admin.php'>".(_("s-p-e Administrator's Page"))."</a>.</font></p>
	<table>
	<tr valign='top'>
	    <td>";
	
	if(isset($_GET["num"]) == false)
	{
		echo "<table class='admin-table' border='1'>
		<tr><td><font class='s-normal' id='w-bold'>".(_("Messages"))."</font></td></tr>
		<tr><td>
			<table>
			<form action='msaver.php' method='post'>
			<tr>
			<td><font class='s-normal' id='w-normal'>".(_("Theme")).":</font>&nbsp;&nbsp;</td>
			<td>
				<INPUT class='admin-input' type='text' name='mname' maxlength='255'>
			</td>
			</tr>
			<tr>
			<td><font class='s-normal' id='w-normal'>".(_("Text")).":</font>&nbsp;&nbsp;</td>
			<td>
				<textarea cols='42' rows='15' name='mtext' class='admin-tarea'></textarea>
			</td>
			</tr>
			<tr>
			<td></td>
			<td>
			<table>
			<tr>
			<td><INPUT class='admin-button' type='reset' value='".(_("Reset"))."'></td>
			<td>
			  <INPUT class='admin-button' type='submit' name='save' value='".(_("Save"))."&nbsp;&raquo;'>
			</td>
			<td><INPUT class='admin-button' type='submit' name='view' value='".(_("View"))."'></td>
			</tr>
			</table>
			</td></tr>
			</form>
			</table>
		</td></tr>
		</table>";
	}
	
	if(isset($_GET["num"]) && ctype_digit($_GET["num"]))
	{
		$num = $_GET["num"];
		connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
		$result = mysql_query("select num, theme, text 
			from ".($cfg["prefix"])."message 
			where num='$num'", $connector) 
			or die("error #102-1");
		if($row = mysql_fetch_array($result, MYSQL_NUM))
		{
			echo "<table class='admin-table' border='1'>
			<tr><td><font class='s-normal' id='w-bold'>".(_("Messages"))."</font></td></tr>
			<tr><td>
				<table>
				<form action='msaver.php' method='post'>
				<tr>
				<td><font class='s-normal' id='w-normal'>".(_("Theme")).":</font>&nbsp;&nbsp;</td>
				<td>
				<font class='s-normal' id='w-bold'>".$row[1]."</font>
				<input type='hidden' value='".$row[0]."' name='number'>
				</td>
				</tr>
				<tr>
				<td><font class='s-normal' id='w-normal'>".(_("Text")).":</font>&nbsp;&nbsp;</td>
				<td>
				<textarea 
				cols='42' 
				rows='15' 
				name='mtext' 
				class='admin-tarea'>".(str_replace("<br>", "\n", $row[2]))."</textarea>
				</td>
				</tr>
				<tr>
				<td></td>
				<td>
				<table>
				<tr>
				<td>
				  <INPUT class='admin-button' type='submit' name='view' value='".(_("View"))."'>
				</td>
				<td>
				  <INPUT class='admin-button' type='submit' name='update' value='".(_("Update"))."&nbsp;&raquo;'>
				</td>
				</tr>
				</table>
				</td></tr>
				</form>
				</table>
			</td></tr>
			</table>";
		}
		mysql_free_result($result);
	}
		
	if(isset($_POST["save"]))
	{
		if(isset($_POST["mname"]))
		{
			$mname = $_POST["mname"];
			$mname = trim($mname);
			$mname = addslashes("$mname");
		}
		if(isset($_POST["mtext"]))
		{
			$mtext = $_POST["mtext"];
			$mtext = addslashes("$mtext");
		}
		 
		if(strlen($mname)>255)
			echo "<ul>
			<font class='s-normal' id='w-normal' color='orange'>
			".(_("The theme of the message cannot be longer than 255 characters"))."
			</font>
			</ul>";
		else if(strlen($mtext)>60000)
			echo "<ul>
			<font class='s-normal' id='w-normal' color='orange'>
			".(_("The text of the message cannot be longer than"))."&nbsp;60000&nbsp;".(_("characters"))."
			</font>
			</ul>";
		else 
		{
			$mname = str_replace("\n", "<br>", $mname);
			$mtext = str_replace("\n", "<br>", $mtext);
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			mysql_query("insert into ".($cfg["prefix"])."message 
				(theme, text, date, timer) 
				values ('$mname', '$mtext', '".(date("Y-m-d"))."', now())", $connector) 
				or die("error #102-2");
			mysql_close($connector);
			echo "<ul>
			<font class='s-normal' id='w-normal' color='white'>
			".(_("Message saved successfully"))."
			</font>
			</ul>";
		}
	}
	
	if(isset($_POST['update']))
	{
		$update = $_POST['update'];
	}
	if(isset($update))
	{
		if(isset($_POST["mtext"]))
		{
			$mtext = $_POST["mtext"];
			$mtext = addslashes("$mtext");
		}
		if(isset($_POST["number"]) && ctype_digit($_POST["number"]))
		{
			$num = $_POST["number"];
		}
		$textlength = "60000";
		if(strlen($mtext) > $textlength)
		{
			echo "<ul>
			<font class='s-normal' id='w-normal' color='white'>
			".(_("The message is longer than"))."&nbsp;$textlength&nbsp;".(_("characters"))."
			</font>
			</ul>";
		} 
		else 
		{
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			mysql_query("update ".($cfg["prefix"])."message 
				set text='$mtext' where num='$num'") 
				or die("error #102-3");
			echo "<ul>
			<font class='s-normal' id='w-normal' color='white'>
			".(_("Message updated successfully"))."
			</font>
			</ul>";
			mysql_close($connector);
		}
	}	
	
	if(isset($_POST['delete']))
	{
		$delete = $_POST['delete'];
	}
	if(isset($_POST['ndel']))
	{
		$ndel = $_POST['ndel'];
	}
	if(isset($_POST['view']))
	{
		$view = $_POST["view"];
	}
	if(isset($delete))
	{
		if(isset($ndel) == false)
		{
			$ndel = "n";
		} 
		if($ndel == "n")
		{
			echo "<font class='s-normal' id='w-normal' color='orange'>
			".(_("Please, specify the message to be deleted"))."
			</font>";
		}
		if(isset($ndel) && $ndel != "n")
		{
			for($i = 0; $i < sizeof($ndel); $i++)
			{
				connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
				mysql_query("delete from ".($cfg["prefix"])."message 
					where num=$ndel[$i]", $connector) 
					or die("error #102-4");
				mysql_close($connector);
			}
			echo "<ul>
			<font class='s-normal' id='w-normal' color='white'>
			".(_("Message deleted successfully"))."
			</font>
			</ul>";
		}
	}
	
	echo "</td><td>";
	if(isset($view))
	{
		connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
		$result = mysql_query("select num, theme, text, date, timer 
			from ".($cfg["prefix"])."message 
			order by date desc, timer desc", $connector) 
			or die("error #102-5");
		echo "<table class='admin-table' border='1'>";
		echo "<tr>
		<td>
			<font class='s-normal' id='w-bold'>
			".(_("List of Messages"))."
			</font>
		</td>
		</tr>";
		if(mysql_num_rows($result) == 0){
			echo "<tr>
			<td>
				<font class='s-normal' id='w-normal'>
				".(_("Message board is empty"))."
				</font>
			</td>
			</tr>";
		} 
		else 
		{
			while($row = mysql_fetch_array($result, MYSQL_NUM))
			{
				echo "<form action='msaver.php' method='post'>";
				echo "<tr>
				<td class='admin'>
				    <table>
				    <input type='checkbox' name='ndel[]' value='".$row[0]."'>
				    <tr>
				    <td>
				    <font class='s-normal' id='w-normal'>".(_("Date")).":&nbsp;</font>
				    </td>
				    <td>
				    <font class='s-normal' id='w-normal'>".$row[3]."</font>
				    </td>
				    </tr>
				    <tr>
				    <td>
				    <font class='s-normal' id='w-normal'>".(_("Time")).":&nbsp;</font>
				    </td>
				    <td>
				    <font class='s-normal' id='w-normal'>".$row[4]."</font>
				    </td>
				    </tr>
				    <tr>
				    <td>
				    <font class='s-normal' id='w-normal'>".(_("Theme")).":&nbsp;</font>
				    </td>
				    <td>
				    <font class='s-normal' id='w-normal'>".$row[1]."</font>
				    </td>
				    </tr>
				    <tr>
				    <td>
					<font class='s-normal' id='w-normal'>
					<a href='msaver.php?num=".$row[0]."'>".(_("Update"))."</a>
				    	</font>
				    </td>
				    <td>
				    </td>
				    </tr>
				    </table>
				</td>
				</tr>";
			}
			if(mysql_num_rows($result) > 0)
			{
				echo "<tr>
				<td align='center'>
				<INPUT class='admin-button' type='submit' name='delete' value='".(_("Remove marked"))."'>
				</td>
				</tr>
				</form>";
			}
		}
		echo "</table>";
		mysql_free_result($result);
		mysql_close($connector);
	}
	echo "</td>
	</tr>
	</table>
	</body>
	</html>";
} 
else 
{
	echo _("Access denied.");
}
?>
Return current item: Sound PHP Engine