Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/public.php
<?php 
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  public.php
//
//  Abstract: Publications management.
//  
//  Revision History:
// 
//	1  2004-03-27 - 2005-07-02  vbt
//	2  2005-07-22  vbt
//	3  2005-11-26  vbt
//	4  2010-06-24  vbt
//	5  2011-01-22  vbt
// 6  2011-05-25  vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");

include("configure/specfg.php"); 
include("../include/functions.php");

cache();

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");
session_start();

gc();

redirect(read(session_id()));

if(read(session_id()) == "user")
{

	language($cfg["deflangadmin"]); 
	
	connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
	
	if($login = auth($connector, session_id(), "user", $cfg["prefix"]))
	{
		if((isset($_GET['type']) && ctype_digit(base64_decode($_GET['type']))) 
		|| (isset($_POST['type']) && ctype_digit(base64_decode($_POST['type']))))
		{
			if(isset($_POST['type']) && ctype_digit(base64_decode($_POST['type'])))
			{
				$type = base64_decode($_POST['type']);
			}
			if(isset($_GET['type']) && ctype_digit(base64_decode($_GET['type'])))
			{
				$type = base64_decode($_GET['type']);
			}
		} 
		else 
		{
			$type = 110;
		}
		
		if($type == 110)
		{
			$length = 10;
			$stype = _("News");
			$tabheader = _("News management");
		}
		if($type == 111)
		{
			$length = 11;
			$stype = _("Articles");
			$tabheader = _("Articles management");
		}
		
		echo "<HTML>
		<HEAD>
		<TITLE>$stype&nbsp;".(_("Publication"))."</TITLE>
		<link rel=\"stylesheet\" type=\"text/css\" href=\"../skin/".($cfg["skin"])."/style.css\">
		</HEAD>
		<BODY class='admin'>
		<table>
		<tr>
		<td valign='top'>
		<table border='1' class='admin-table'>
			<form action='public.php' method='post'>
			<tr>
			 <td width='240' height='15'>
			 <font class='s-normal' id='w-bold'>".(_("Session"))."&nbsp;$login!</font>
			 </td>
			</tr>
			<tr><td class='admin'><br>
		
		<table>
		<tr>
		<td><font class='s-normal' id='w-normal'>".(_("Section")).":&nbsp;</font></td>
		<td>";
		
		connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
		$result = mysql_query("select ".($cfg["prefix"])."partition.partname 
			from ".($cfg["prefix"])."lines, ".($cfg["prefix"])."partition 
			where ".($cfg["prefix"])."lines.login='$login' 
			and ".($cfg["prefix"])."partition.pnid=".($cfg["prefix"])."lines.partnameid 
			and ".($cfg["prefix"])."partition.pnid regexp '^[0-9]{".($length)."}$'", $connector) 
			or die("error #102-1");
		if(mysql_num_rows($result) == 0)
		{
			echo "<font class='negative'>".(_("Access denied."))."</font>";
		} 
		else 
		{
			echo "<select style='font-size:9pt' name='start[]'>";
			while($row = mysql_fetch_array($result))
			{
				echo "<option value='".$row["partname"]."'>".$row["partname"]."</option>";
			}
			echo "</select>";
		}
		mysql_free_result($result);
		mysql_close($connector);
			
		echo "</td>
		</tr>
		<tr>
		<td>
			<font class='s-normal' id='w-normal'>".(_("Theme")).":</font>
		</td>
		<td>
			<INPUT class='admin-text' type='text' name='theme'>
		</td>
		</tr>
		<tr>
		<td>
			<font class='s-normal' id='w-normal'>".(_("Date")).":</font>
		</td>
		<td>
			<INPUT class='admin-text' type='text' name='date'>
		</td>
		</tr>
		</table>
		
		</td>
		</tr>
		
		<tr>
		<td class='admin'>
		
		<div align='right'>
			<INPUT type='hidden' name='type' value='".(base64_encode($type))."'>	
			<INPUT class='admin-button' type='reset' value='".(_("Reset"))."'>
			<INPUT class='admin-button' type='submit' value='".(_("View"))."&nbsp;&raquo;'>
		</div>
		
		</td>
		</tr>
		</form>
		</table>
		<table border='1' class='admin-table'>
			<tr>
			<td width='240' height='15'><font class='s-normal' id='w-bold'>".(_("Service"))."</font></td>
			</tr>
			<tr>
			<td class='admin' align='center'>";
			if($type == 110)
			{ 
				echo "<font class='s-normal' id='w-normal'>
				<a href='public.php?type=".(base64_encode("111"))."'>".(_("add articles"))."</a>
				</font>";
			}
			if($type == 111)
			{ 
				echo "<font class='s-normal' id='w-normal'>
				<a href='public.php?type=".(base64_encode("110"))."'>".(_("add news"))."</a>
				</font>";
			}
				echo "<p>
				<font class='s-normal' id='w-normal'>
				<a href='logout.php'>".(_("Log out"))."</font></a>
				</font>
				</p>
			</td>
			</tr>
		</td>
		</tr>
		</form>
		</table>
		</td>
		<td valign='top'>";
		
		if(isset($_POST['start']))
		{
			$start = $_POST['start'];
			for($i = 0; $i < sizeof($start); $i++)
			{
				$partname = $start[$i];
			}
		}
		
		
		// "num" and "id" variables are 
		// sent by the "update" link,
		// using GET method

		if(isset($_GET['num']))
		{
			$num = $_GET['num'];
		}
		if(isset($_GET['id']))
		{
			$id = $_GET['id'];
		}
		
		if(isset($partname))
		{
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			$result = mysql_query("select num, pnid 
				from ".($cfg["prefix"])."partition 
				where partname='$partname' 
				and pnid regexp '^[0-9]{".($length)."}$'", $connector) 
				or die("error #102-2");
			while($row = mysql_fetch_array($result))
			{
				$pointer = $row["pnid"];
				$id = $row["num"];
			}
			mysql_free_result($result);
			mysql_close($connector);
		}
			
		if(isset($num))
		{
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			$result = mysql_query("select num, pnid, partname 
				from ".($cfg["prefix"])."partition 
				where num='$id'", $connector);
			while($row = mysql_fetch_array($result))
			{
				$partname = $row["partname"];
				$pointer = $row["pnid"];
			}
			mysql_free_result($result);
			
			if(isset($id) == false)
			{
				echo "error #101-1";
			}
			if(isset($id))
			{
				$query = "select num, login, mail, date, theme, intro, text, timer 
				       from ".($cfg["prefix"].$pointer)." 
				       where login='$login' 
				       and num='$num'";
			}
			$result = mysql_query("$query", $connector) or die("error #102-3");
			if($row = mysql_fetch_array($result))
			{
				publicform($type, 
				$tabheader, 
				$partname, 
				$row["theme"], 
				$row["intro"], 
				$row["text"], 
				$row["date"], 
				$row["num"], 
				$row["timer"], 
				"y");
			}
		}
		
		if((isset($num) == false) && isset($start))
		{
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			$result = mysql_query("select ".($cfg["prefix"])."lines.num 
				from ".($cfg["prefix"])."lines, ".($cfg["prefix"])."partition 
				where ".($cfg["prefix"])."lines.login='$login' 
				and  ".($cfg["prefix"])."partition.pnid=".($cfg["prefix"])."lines.partnameid", $connector) 
				or die("error #102-4");
			if(mysql_num_rows($result) == 0)
			{
				echo _("Access denied.");
			} 
			else 
			{
				$resultCheck = mysql_query("select num 
				from ".($cfg["prefix"].$pointer)." 
				where login='$login'", $connector) 
				or die("error #102-5");
				if(mysql_num_rows($resultCheck) == 0)
				{
					publicform($type, $tabheader, $partname, "", "", "", "n", "n", "n", "n");
				}
				mysql_free_result($resultCheck);
			}
			mysql_free_result($result);
			mysql_close($connector);
		}
		
		if(isset($_POST['table']))
		{ 
			$partname = $_POST['table'];
		}
		
		if(isset($_POST['theme']))
		{ 
			$theme = $_POST['theme'];
			$theme = trim($theme);
		}
		
		if(isset($_POST['date']))
		{ 
			$rqdate = $_POST['date'];
			$rqdate = trim($rqdate);
		}
		
		if(isset($_POST['start']))
		{ 
			$start = $_POST['start'];
			for($i=0; $i<sizeof($start); $i++)
			{
				$partname = $start[$i];
			}
		}
	
				
		if((isset($partname) && isset($num) == false) || (isset($start) && isset($num) == false))
		{
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			if(isset($partname) == false)
			{
				echo "error #101-2";
			}
			if(isset($theme) && isset($rqdate))
			{
				$query = "select num, login, mail, date, theme, intro, text, timer 
					from ".($cfg["prefix"].$pointer)." 
					where login='$login' 
					and theme like '".($theme)."%' 
					and date like '".($rqdate)."%'";
			}
			if(isset($theme) && isset($rqdate) == false)
			{
				$query = "select num, login, mail, date, theme, intro, text, timer 
					from ".($cfg["prefix"].$pointer)." 
					where login='$login' 
					and theme like '".($theme)."%'";
			}
			if(isset($rqdate) && isset($theme) == false)
			{
				$query = "select num, login, mail, date, theme, intro, text, timer 
				       from ".($cfg["prefix"].$pointer)." 
				       	where login='$login' 
					and date like '".($rqdate)."%'";
			}
			if((isset($rqdate) == false) && (isset($theme) == false))
			{
				$query = "select num, login, mail, date, theme, intro, text, timer 
				       from ".($cfg["prefix"].$pointer)." 
				       where login='$login'";
			}
			$result = mysql_query("$query", $connector) or die("error #102-6");
			if($row = mysql_fetch_array($result))
			{
					publicform($type, 
					$tabheader, 
					$partname, 
					$row["theme"], 
					$row["intro"], 
					$row["text"], 
					$row["date"], 
					$row["num"], 
					$row["timer"], 
					"n");											
			} 
			else 
			{
				echo "<font class='s-normal' id='w-bold'>
				$partname.&nbsp;".(_("The section is empty."))."
				</font>";
			} 
			mysql_free_result($result);
			echo "</td>";
			echo "<td valign='top'>";
			
			connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
			$result = mysql_query("select ".($cfg["prefix"])."lines.num, ".($cfg["prefix"])."partition.num 
				from ".($cfg["prefix"])."lines, ".($cfg["prefix"])."partition 
				where ".($cfg["prefix"])."lines.login='$login' 
				and ".($cfg["prefix"])."partition.partname='$partname' 
				and  ".($cfg["prefix"])."partition.pnid=".($cfg["prefix"])."lines.partnameid", $connector) 
				or die("error #102-7");
			while($row = mysql_fetch_array($result))
			{
				$id = $row["num"];
			}
			if(mysql_num_rows($result) != 1)
			{
				echo _("Access denied.");
			} 
			else 
			{
				// Check out the behavior if the "table" is FALSE.
				if($partname == false)
				{
					echo "error #101-3";
				}
				if($partname == true)
				{
					$query = "select num, login, date, theme, timer 
					       from ".($cfg["prefix"].$pointer)." 
					       where login='$login' 
					       order by date desc, timer desc";
				}
				
				$result = mysql_query("$query", $connector) or die("error #102-8");

				echo "<table border='1' class='admin-table' width='267'>
				<tr>
				<td>
					<font class='s-normal' id='w-bold'>$stype.&nbsp;$partname</font>
				</td>
				</tr>";
				while($row = mysql_fetch_array($result))
				{
					echo "<form action='addnews.php' method='post'>";
					echo "<tr>
					<td class='admin'>
					<table>
					<input type='checkbox' name='ndel[]' value='".$row["num"]."'>
					<tr>
					<td>
					<font class='s-normal' id='w-normal'>
					".(_("Author")).":&nbsp;&nbsp;&nbsp;
					</font>
					</td>
					<td>
					<font class='s-normal' id='w-normal'>".$row["login"]."</font><br>
					</td>
					</tr>
					<tr>
					<td>
					<font class='s-normal' id='w-normal'>".(_("Published")).": </font>
					</td>
					<td>
					<font class='s-normal' id='w-normal'>
					  ".$row["date"].";&nbsp;".$row["timer"]."
					</font>
					<br>
					</td>
					</tr>
					<tr valign='top'>
					<td>
					<font class='s-normal' id='w-normal'>".(_("Theme")).": </font>
					</td>
					<td>
					<font class='s-normal' id='w-normal'>".$row["theme"]."</font><br>
					</td>
					</tr>
					<tr>
					<td>
					<font class='s-normal' id='w-normal'>&nbsp;&nbsp;
					<a href='public.php?id=$id&num=".$row["num"]."&type=".(base64_encode($type))."'>
					".(_("Update"))."</a>
					</td>
					<td></td>
					</tr>
					</table>
					</td>
					</tr>";
				}
				if(mysql_num_rows($result) > 0)
				{
				  echo "<tr>
				  <td align='center' class='admin'>
				  <input type='hidden' name='type' value='".(base64_encode($type))."'>
				  <input type='hidden' name='partname' value='".(base64_encode($partname))."'>
  			          <input class='admin-button' type='submit' name='delete' value='".(_("Remove selected"))."'>
  				  </td>
				  </tr>";
				}
				echo "</form></table>";
			}
			mysql_free_result($result);
			mysql_close($connector);
		
		}
		echo "</td>
		</tr>
		</table>";
		echo "</BODY></HTML>";
	} 
	else 
	{
		echo _("Access denied.");
	}
} 
else 
{
	echo _("Access denied.");
}
?>
100% Free PHP Newsletter Script! Download now!
Return current item: Sound PHP Engine