<?php
if(!file_exists("../dbinc.php")) { die("VideoSplurge is not installed yet. <a href=\"../install.php\">Click here to run installer.</a>"); }
if(file_exists("../install.php")) { echo "Security warning: You need to delete install.php.<br />\n"; }
include("../dbinc.php");
include("includes/db.php");
include("includes/sanitize.php");
include("includes/videoinfo.php");
include("includes/getrecordcount.php");
$ipaddress = $REMOTE_ADDR;
$func = $_GET['func']; // page to show (home page, search, video)
$msg = $_GET['msg']; // message to display to user
logaccess("accesslog.txt", $ipaddress, $func);
// Connect to MySQL database server
$link = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$link) { die('Could not connect: ' . mysql_error() . "\nPlease review your settings for MySQL database host, db name, db user, db password."); }
// Select database
mysql_select_db($dbname) or die('Could not connect: ' . mysql_error() . "\nPlease review that the user has adequate access to the database.");
if($func=="login" && $_POST['username'])
{
$username = $_POST['username'];
$hash = md5($_POST['password']);
$storedhash = getvar('AdminPass');
$AdminUsername = getvar('AdminUsername');
if($username==$AdminUsername && $hash==$storedhash)
{
setvar("AdminLoggedIn", "1");
setvar("AdminIPaddress", $ipaddress);
header("Location: index.php?func=adminhome");
die();
}
else
{
header("Location: index.php?func=login&msg=Incorrect username or password.");
die();
}
}
// Require login check unless on "login" or "resendpass" pages.
if($func && $func!="login" && $func!="resendpass") {
if(getvar("AdminLoggedIn") == "1" && getvar("AdminIPaddress") == $ipaddress) { $loggedin=true; }
else { header("Location: index.php?func=login&msg=You need to log in to access this resource."); die(); }
}
// Page variables from DB
$stylesheet = getvar("StyleSheet");
$siteurl = getvar("SiteURL");
// Generate page title & heading text
if($func=="adminhome") { $functiondescription = "Home"; }
elseif($func=="statistics") { $functiondescription = "Statistics"; }
elseif($func=="categorymanager") { $functiondescription = "Category Manager"; }
elseif($func=="videomanager") { $functiondescription = "Video Manager"; }
elseif($func=="contentmanager") { $functiondescription = "Content Manager"; }
elseif($func=="advertisementmanager") { $functiondescription = "Advertisement Manager"; }
elseif($func=="configuration") { $functiondescription = "Configuration"; }
elseif($func=="featuredvideos") { $functiondescription = "Featured Videos"; }
elseif($func=="administrator") { $functiondescription = "Administrator Settings"; }
elseif($func=="resendpass") { $functiondescription = "Resend Password"; }
elseif($func=="logout") { $functiondescription = "You are now logged out."; }
elseif(!$func || $func=="login") { $functiondescription = "Login"; }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>VideoSplurge Administration - <?php echo $functiondescription; ?></title>
<meta http-equiv="content-type" content="text/html;charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="robots" value="noindex,nofollow" />
<meta name="Author" content="Matt Gulden" />
<link rel="shortcut icon" type="image/x-icon" href="../videosplurge.ico" />
<?php echo " <link rel=\"stylesheet\" href=\"../$stylesheet\">\n";?>
</head>
<body>
<table style="width:100%; text-align:left;">
<tr>
<td width="220" style="text-align:center;"><a href="index.php?func=adminhome">
<img style="border:0;" src="imgs/videosplurge.gif" title="Logo" /></a>
</td>
<td width="800" style="vertical-align:middle;">
<h1>Administration - <?php echo $functiondescription; ?></h1>
<? if($loggedin="true" && $func && $func!="logout" && $func!="login" && $func!="resendpass") {
echo " <p><font size=\"-1\"><strong><a href=\"index.php?func=adminhome\">Home</a> - <a href=\"index.php?func=configuration\">Configuration</a> - " .
" <a href=\"index.php?func=featuredvideos\">Featured Videos</a> - <a href=\"index.php?func=statistics\">Statistics</a> - " .
" <a href=\"index.php?func=categorymanager\">Categories</a> - <a href=\"index.php?func=videomanager\">Videos</a> - " .
" <a href=\"index.php?func=contentmanager\">Content</a> - <a href=\"index.php?func=advertisementmanager\">Advertisements</a> - " .
" <a href=\"index.php?func=administrator\">Administrator Settings</a> - <a href=\"$siteurl" . "index.php\" target=\"_blank\">Preview Site</a> - " .
" <a href=\"index.php?func=logout\">Log Out</a></strong></font></p>";
}?>
</td></tr>
<tr>
<td style="text-align:center;padding:20px;" width="100%" colspan="2">
<?php
if(!$func || $func=="login")
{
if($msg) { showloginform($msg); } else { showloginform("Hello, $ipaddress"); }
}
elseif($func=="logout")
{
setvar("AdminLoggedIn", "0");
showloginform("You have been logged out.");
}
elseif($func=="adminhome") // grid of large icons to common tasks
{
showadminhome("Welcome.");
}
elseif($func=="configuration") // form AND accepts posted data from form and sets variables in DB
{
if(!$_POST['SiteURL']) // NOTE: GETVAR AND SETVAR HANDLE SANITIZE AND STRIPSLASHES
{
$SiteURL = getvar('SiteURL');
$SiteDomainName = getvar('SiteDomainName');
$SiteTitle = getvar('SiteTitle');
$SiteTagline = getvar('SiteTagline');
$MetaDescription = getvar('MetaDescription');
$MetaKeywords = getvar('MetaKeywords');
$MetaRobots = getvar('MetaRobots');
$FrontpageVideosCols = getvar('FrontpageVideosCols');
$FrontpageVideosRows = getvar('FrontpageVideosRows');
$SearchResultsPerPage = getvar('SearchResultsPerPage');
$PlayerWidth = getvar('PlayerWidth');
$PlayerHeight = getvar('PlayerHeight');
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=configuration\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td>Site URL (include trailing slash):</td><td><input type=\"text\" name=\"SiteURL\" value=\"$SiteURL\" size=\"40\"></td></tr>\n";
echo "<tr><td>Site Domain Name:</td><td><input type=\"text\" name=\"SiteDomainName\" value=\"$SiteDomainName\" size=\"30\"></td></tr>\n";
echo "<tr><td>Site Title:</td><td><input type=\"text\" name=\"SiteTitle\" value=\"$SiteTitle\" size=\"40\"></td></tr>\n";
echo "<tr><td>Site Tagline:</td><td><input type=\"text\" name=\"SiteTagline\" value=\"$SiteTagline\" size=\"60\"></td></tr>\n";
echo "<tr><td>CSS Stylesheet:</td><td><input type=\"text\" name=\"StyleSheet\" value=\"$stylesheet\"></td></tr>\n";
echo "<tr><td>Description meta tag:</td><td><input type=\"text\" name=\"MetaDescription\" value=\"$MetaDescription\" size=\"60\"></td></tr>\n";
echo "<tr><td>Keywords meta tag:</td><td><input type=\"text\" name=\"MetaKeywords\" value=\"$MetaKeywords\" size=\"60\"></td></tr>\n";
echo "<tr><td>Robots meta tag:</td><td><input type=\"text\" name=\"MetaRobots\" value=\"$MetaRobots\"></td></tr>\n";
echo "<tr><td>No. of columns on frontpage/category video grid:</td><td><input type=\"text\" name=\"FrontpageVideosCols\" value=\"$FrontpageVideosCols\" size=\"5\"></td></tr>\n";
echo "<tr><td>No. of rows on frontpage/category video grid:</td><td><input type=\"text\" name=\"FrontpageVideosRows\" value=\"$FrontpageVideosRows\" size=\"5\"></td></tr>\n";
echo "<tr><td>No. of search results per page:</td><td><input type=\"text\" name=\"SearchResultsPerPage\" value=\"$SearchResultsPerPage\" size=\"5\"></td></tr>\n";
echo "<tr><td>Video player width:</td><td><input type=\"text\" name=\"PlayerWidth\" value=\"$PlayerWidth\" size=\"5\"></td></tr>\n";
echo "<tr><td>Video player height:</td><td><input type=\"text\" name=\"PlayerHeight\" value=\"$PlayerHeight\" size=\"5\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=adminhome\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else
{
setvar("SiteURL", $_POST['SiteURL']);
setvar("SiteDomainName", $_POST['SiteDomainName']);
setvar("SiteTitle", $_POST['SiteTitle']);
setvar("SiteTagline", $_POST['SiteTagline']);
setvar("StyleSheet", $_POST['StyleSheet']);
setvar("MetaDescription", $_POST['MetaDescription']);
setvar("MetaKeywords", $_POST['MetaKeywords']);
setvar("MetaRobots", $_POST['MetaRobots']);
setvar("FrontpageVideosCols", $_POST['FrontpageVideosCols']);
setvar("FrontpageVideosRows", $_POST['FrontpageVideosRows']);
setvar("SearchResultsPerPage", $_POST['SearchResultsPerPage']);
setvar("PlayerWidth", $_POST['PlayerWidth']);
setvar("PlayerHeight", $_POST['PlayerHeight']);
showadminhome("Configuration settings applied.");
}
}
elseif($func=="categorymanager")
{
if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
{
$Parent = sanitize($_POST['Parent']);
$Name = sanitize($_POST['Name']);
$Description = sanitize($_POST['Description']);
$sql = "INSERT INTO categories (Parent, Name, Description) VALUES ($Parent, \"$Name\", \"$Description\")";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcategorymanager("New category added successfully.", $Parent);
}
elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit Category Form to DB
{
$id = sanitize($_POST['id']);
$Parent = sanitize($_POST['Parent']);
$Name = sanitize($_POST['Name']);
$Description = sanitize($_POST['Description']);
$sql = "UPDATE categories SET Parent=$Parent, Name='$Name', Description='$Description' WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcategorymanager("Category modified successfully.", $Parent);
}
elseif($_GET['operation']=="edit") // Edit Category Form
{
$id = sanitize($_GET['id']);
$sql = "SELECT * FROM categories WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { die("Invalid category id."); }
else { $row = mysql_fetch_row($result); }
$parentselect = parentselect($row[1], 1, "Parent");
$Name = stripslashes($row[2]);
$Description = stripslashes($row[3]);
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=categorymanager\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>New Category</h3></td></tr>\n";
echo "<tr><td>Parent</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\"></td></tr>\n";
echo "<tr><td>Description</td><td><input type=\"text\" name=\"Description\" value=\"$Description\" size=\"40\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
"<td><form action=\"index.php?func=categorymanager&category=$row[1]\" method=\"post\">" .
"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
elseif($_GET['operation']=="delete") // Delete Category Function
{
$id = sanitize($_GET['id']);
$category = sanitize($_GET['category']);
// check for sub categories, videos, and content items before deleting.
// If any exist, warn user and exit delete routine
$sql = "SELECT * FROM categories WHERE Parent=$id";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows) { echo "Subcategories exist within this category. Cannot delete."; die(); }
$sql = "SELECT * FROM videos WHERE Category=$id";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows) { echo "Videos exist within this category. Cannot delete."; die(); }
$sql = "SELECT * FROM content WHERE Category=$id";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows) { echo "Content items exist within this category. Cannot delete."; die(); }
// If code makes it here, no subcategories, videos, or content items were present within category
$sql = "DELETE FROM categories WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcategorymanager("Category deleted successfully.", $category);
}
elseif($_GET['operation']=="new") // New Category Form
{
$category = sanitize($_GET['category']);
if(!$category) { $category=-99; }
$parentselect = parentselect($category, 1, "Parent");
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=categorymanager\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>New Category</h3></td></tr>\n";
echo "<tr><td>Parent</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\"></td></tr>\n";
echo "<tr><td>Description</td><td><input type=\"text\" name=\"Description\" size=\"40\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=categorymanager\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else // browse mode
{
$categoryid = $_GET['category'];
if($categoryid) { $categoryid=sanitize($categoryid); }
if(!$categoryid||$categoryid==-99) { showcategorymanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
else {
$sql = "SELECT * FROM categories WHERE id=$categoryid";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { echo "Invalid category id."; }
else {
$row = mysql_fetch_row($result);
$categoryname = $row[2];
showcategorymanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
}
}
}
}
elseif($func=="videomanager")
{
if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
{
//Category Type RemoteID Name Thumbnail Description
$Category = sanitize($_POST['Category']);
$Type = sanitize($_POST['Type']);
$RemoteID = sanitize($_POST['RemoteID']);
$Name = sanitize($_POST['Name']);
// Thumbnail,length
if($Type=="1") // Locally hosted
{
$uploadfilename = basename($_FILES['videofile']['name']);
$uploadfile = "../videos/" . $uploadfilename;
$RemoteID = $uploadfilename;
if(move_uploaded_file($_FILES['videofile']['tmp_name'], $uploadfile))
{
echo "File was successfully uploaded.\n";
}
else
{
echo "Upload of $uploadfilename failed.\n";
print_r($_FILES); // more debugging info
die();
}
do {
// generate 16 character random string of letters and numbers for thumbnail filename, and append ".jpg"
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$pass = '';
for($i=0; ($i <= 15); $i++) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
}
} while(file_exists("../videos/thumbs/" . $pass . ".jpg"));
$imgfile = $siteurl . "videos/thumbs/" . $pass . ".jpg";
$movie_length = movie_get_length_in_seconds($uploadfile);
$random_seconds = rand(0, floor($movie_length));
$was_image_created = movie_take_screenshot($uploadfile, $random_seconds, $pass . ".jpg");
if($was_image_created) {
$Thumbnail = $imgfile;
$Length = strtotime($movie_length);
} else {
die("Thumbnail image could not be created.");
}
}
elseif($Type=="2") // Google Video
{
$vrss = file_get_contents("http://video.google.com/videofeed?docid=".$RemoteID);
if(!empty($vrss)) {
preg_match('/<media:thumbnail url="([^"]+)/',$vrss,$thumbnail_array);
$Thumbnail = $thumbnail_array[1];
//Remove amp;
$Thumbnail = str_replace('amp;','',$Thumbnail);
}
$Length = "";
}
elseif($Type=="3") // YouTube
{
$Thumbnail = "http://img.youtube.com/vi/$RemoteID/2.jpg";
$Length = "";
}
$Description = sanitize($_POST['Description']);
$Keywords = sanitize($_POST['Keywords']);
$DateAdded = date("Y-m-d");
$sql = "INSERT INTO videos (Category, Type, RemoteID, Name, Thumbnail, Description, Keywords, Length, DateAdded) " .
"VALUES ($Category, $Type, \"$RemoteID\", \"$Name\", \"$Thumbnail\", \"$Description\", \"$Keywords\", \"$Length\", \"$DateAdded\")";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showvideomanager("New video added successfully.", $Category);
}
elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit Video Form to DB
{
$id = sanitize($_POST['id']);
$Category = sanitize($_POST['Category']);
$Type = sanitize($_POST['Type']);
$RemoteID = sanitize($_POST['RemoteID']);
$Name = sanitize($_POST['Name']);
$Thumbnail = sanitize($_POST['Thumbnail']);
$Description = sanitize($_POST['Description']);
$Keywords = sanitize($_POST['Keywords']);
$Length = sanitize($_POST['Length']);
$sql = "UPDATE videos SET Category=$Category, Type=$Type, RemoteID=\"$RemoteID\", Name='$Name', Thumbnail=\"$Thumbnail\", Description='$Description', Keywords='$Keywords', Length='$Length' WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showvideomanager("Video modified successfully.", $Category);
}
elseif($_GET['operation']=="edit") // Edit Video Form
{
$category = sanitize($_GET['category']);
$id = sanitize($_GET['id']);
$sql = "SELECT * FROM videos WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { die("Invalid video id."); }
else { $row = mysql_fetch_row($result); }
$parentselect = parentselect($row[1], 2, "Category");
$videotypeselect = videotypeselect($row[2]);
$RemoteID = stripslashes($row[3]);
$Name = stripslashes($row[4]);
$Thumbnail = stripslashes($row[5]);
$Keywords = stripslashes($row[8]);
$Description = stripslashes($row[7]);
$Length = stripslashes($row[6]);
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=videomanager&category=$category\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>Edit Video</h3></td></tr>\n";
echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Type</td><td>$videotypeselect</td></tr>\n";
echo "<tr><td>Remote ID, or filename if local</td><td><input type=\"text\" name=\"RemoteID\" value=\"$RemoteID\" size=\"50\"></td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\" size=\"50\"></td></tr>\n";
echo "<tr><td>Thumbnail URL (ex: imgs/thumb0001.jpg)</td><td><input type=\"text\" name=\"Thumbnail\" value=\"$Thumbnail\" size=\"50\"></td></tr>\n";
echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" value=\"$Keywords\" size=\"50\"></td></tr>\n";
echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"10\" cols=\"60\">$Description</textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
"<td><form action=\"index.php?func=videomanager&category=$row[1]\" method=\"post\">" .
"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
elseif($_GET['operation']=="delete") // Delete Video Function
{
$id = sanitize($_GET['id']);
$category = sanitize($_GET['category']);
// check for sub categories before deleting
$sql = "DELETE FROM videos WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showvideomanager("Video deleted successfully.", $category);
}
elseif($_GET['operation']=="new") // New Video Form
{
$category = sanitize($_GET['category']);
if(!$category) { $category=-99; }
$parentselect = parentselect($category, 2, "Category");
$videotypeselect = videotypeselect(1);
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=videomanager&category=$category\" enctype=\"multipart/form-data\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>New Video</h3></td></tr>\n";
echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Type</td><td>$videotypeselect</td></tr>\n";
echo "<tr><td>Remote ID</td><td><input type=\"text\" name=\"RemoteID\" size=\"50\"></td></tr>\n";
echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"96000000\">\n"; // MAX_FILE_SIZE must precede the file input field
echo "<tr><td>or Upload Video</td><td><input type=\"file\" name=\"videofile\" size=\"50\"></td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" size=\"50\"></td></tr>\n";
echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" size=\"50\"></td></tr>\n";
echo "<tr><td>Description</td><td><textarea name=\"Description\" cols=\"60\" rows=\"10\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=videomanager&category=$category\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else // browse mode
{
$categoryid = $_GET['category'];
if($categoryid) { $categoryid=sanitize($categoryid); }
if(!$categoryid||$categoryid==-99) { showvideomanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
else {
$sql = "SELECT * FROM categories WHERE id=$categoryid";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { echo "Invalid category id."; }
else {
$row = mysql_fetch_row($result);
$categoryname = $row[2];
showvideomanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
}
}
}
}
elseif($func=="contentmanager")
{
if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
{
$Category = sanitize($_POST['Category']);
$Name = sanitize($_POST['Name']);
$Description = sanitize($_POST['Description']);
$ShortText = sanitize($_POST['ShortText']);
$FullText = sanitize($_POST['FullText']);
$Keywords = sanitize($_POST['Keywords']);
$DateCreated = date("Y-m-d");
$DateLastModified = date("Y-m-d");
$sql = "INSERT INTO content (Category, Name, Description, ShortText, `FullText`, Keywords, DateCreated, DateLastModified) " .
"VALUES ($Category, \"$Name\", \"$Description\", \"$ShortText\", \"$FullText\", \"$Keywords\", \"$DateCreated\", \"$DateLastModified\")";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcontentmanager("New content item added successfully.", $Category);
}
elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit form into DB
{
$id = sanitize($_POST['id']);
$Category = sanitize($_POST['Category']);
$Name = sanitize($_POST['Name']);
$Description = sanitize($_POST['Description']);
$ShortText = sanitize($_POST['ShortText']);
$FullText = sanitize($_POST['FullText']);
$Keywords = sanitize($_POST['Keywords']);
$DateLastModified = date("Y-m-d");
$sql = "UPDATE content SET Category=$Category, Name='$Name', Description='$Description', ShortText='$ShortText', `FullText`='$FullText', Keywords='$Keywords', DateLastModified=\"$DateLastModified\" WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcontentmanager("Content item modified successfully.", $Category);
}
elseif($_GET['operation']=="edit") // Edit Content Item Form
{
$category = sanitize($_GET['category']);
$id = sanitize($_GET['id']);
$sql = "SELECT * FROM content WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { die("Invalid content item id."); }
else { $row = mysql_fetch_row($result); }
$parentselect = parentselect($row[1], 2, "Category");
$Name = stripslashes($row[2]);
$Keywords = stripslashes($row[6]);
$Description = stripslashes($row[3]);
$ShortText = stripslashes($row[4]);
$FullText = stripslashes($row[5]);
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=contentmanager&category=$category\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>Edit Content Item</h3></td></tr>\n";
echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\" size=\"50\"></td></tr>\n";
echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" value=\"$Keywords\" size=\"50\"></td></tr>\n";
echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"3\" cols=\"60\">$Description</textarea></td></tr>\n";
echo "<tr><td>Short Text</td><td><textarea name=\"ShortText\" rows=\"5\" cols=\"60\">$ShortText</textarea></td></tr>\n";
echo "<tr><td>Full Text</td><td><textarea name=\"FullText\" rows=\"20\" cols=\"60\">$FullText</textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
"<td><form action=\"index.php?func=contentmanager&category=$row[1]\" method=\"post\">" .
"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
elseif($_GET['operation']=="delete") // Delete Content Item Function
{
$id = sanitize($_GET['id']);
$category = sanitize($_GET['category']);
$sql = "DELETE FROM content WHERE id=$id LIMIT 1";
$result = mysql_query($sql) or die("Error: " . mysql_error());
showcontentmanager("Content item deleted successfully.", $category);
}
elseif($_GET['operation']=="new") // New Content Item Form
{
$category = sanitize($_GET['category']);
if(!$category) { $category=-99; }
$parentselect = parentselect($category, 2, "Category");
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=contentmanager&category=$category\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"2\"><h3>New Content Item</h3></td></tr>\n";
echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" size=\"50\"></td></tr>\n";
echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" size=\"50\"></td></tr>\n";
echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"3\" cols=\"60\"></textarea></td></tr>\n";
echo "<tr><td>Short Text</td><td><textarea name=\"ShortText\" rows=\"5\" cols=\"60\"></textarea></td></tr>\n";
echo "<tr><td>Full Text</td><td><textarea name=\"FullText\" rows=\"20\" cols=\"60\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=contentmanager&category=$category\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else // browse mode
{
$categoryid = $_GET['category'];
if($categoryid) { $categoryid=sanitize($categoryid); }
if(!$categoryid||$categoryid==-99) { showcontentmanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
else {
$sql = "SELECT * FROM categories WHERE id=$categoryid";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows<1) { echo "Invalid category id."; }
else {
$row = mysql_fetch_row($result);
$categoryname = $row[2];
showcontentmanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
}
}
}
}
elseif($func=="advertisementmanager") // NOTE: GETVAR AND SETVAR HANDLE SANITIZE AND STRIPSLASHES
{
if($_POST['operation']!="submit")
{
$AdHeader = getvar('AdHeader');
$AdLeftSide = getvar('AdLeftSide');
$AdPlayVideo = getvar('AdPlayVideo');
$AdFooter = getvar('AdFooter');
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=advertisementmanager\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td>Header position:</td><td><textarea name=\"AdHeader\" rows=\"5\" cols=\"60\">$AdHeader</textarea></td></tr>\n";
echo "<tr><td>Left Side position (below category list):</td><td><textarea name=\"AdLeftSide\" rows=\"5\" cols=\"60\">$AdLeftSide</textarea></td></tr>\n";
echo "<tr><td>Play Video position (on play.php page):</td><td><textarea name=\"AdPlayVideo\" rows=\"5\" cols=\"60\">$AdPlayVideo</textarea></td></tr>\n";
echo "<tr><td>Footer position:</td><td><textarea name=\"AdFooter\" rows=\"5\" cols=\"60\">$AdFooter</textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\">" .
"<input type=\"hidden\" name=\"operation\" value=\"submit\">" .
"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
"<td><form action=\"index.php?func=adminhome\" method=\"post\">" .
"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else
{
setvar("AdHeader", $_POST['AdHeader']);
setvar("AdLeftSide", $_POST['AdLeftSide']);
setvar("AdPlayVideo", $_POST['AdPlayVideo']);
setvar("AdFooter", $_POST['AdFooter']);
showadminhome("Advertisement settings applied.");
}
}
elseif($func=="statistics")
{
$TotalCategories = getrecordcount("categories", "1");
$TotalVideos = getrecordcount("videos", "1");
$TotalContentItems = getrecordcount("content", "1");
//total views
//total emails
echo "<table width=\"100%\">\n";
echo "<tr><td>Total Number of Categories:</td><td>$TotalCategories</td></tr>\n";
echo "<tr><td>Total Number of Videos:</td><td>$TotalVideos</td></tr>\n";
echo "<tr><td>Total Number of Content Items:</td><td>$TotalContentItems</td></tr>\n";
echo "<tr><td></td></tr>\n";
echo "</table>\n";
}
elseif($func=="featuredvideos")
{
}
elseif($func=="administrator") // form to change administrator settings AND accept POSTed data from form
{
if($_POST['operation']!="submit")
{
$AdminUserName = getvar('AdminUserName');
$AdminRealName = getvar('AdminRealName');
$AdminEmail = getvar('AdminEmail');
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=administrator\" method=\"POST\">\n";
echo "<table width=\"100%\">\n";
echo "<tr><td>Administrator Username:</td><td><input type=\"text\" name=\"AdminUserName\" value=\"$AdminUserName\"></td></tr>\n";
echo "<tr><td>Change Password:</td><td><input type=\"password\" name=\"AdminPass\" value=\"\"></td></tr>\n";
echo "<tr><td>Confirm New Password:</td><td><input type=\"password\" name=\"AdminPassConfirm\" value=\"\"></td></tr>\n";
echo "<tr><td>Administrator Real name:</td><td><input type=\"text\" name=\"AdminRealName\" value=\"$AdminRealName\"></td></tr>\n";
echo "<tr><td>Administrator E-mail Address:</td><td><input type=\"text\" name=\"AdminEmail\" value=\"$AdminEmail\"></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"center\">" .
"<input type=\"hidden\" name=\"operation\" value=\"submit\">" .
"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
"<td><form action=\"index.php?func=adminhome\" method=\"post\">" .
"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
echo "</table>\n";
echo "</div>\n";
}
else
{
if($_POST['AdminPass']==$_POST['AdminPassConfirm'])
{
if($_POST['AdminPass']) { setvar("AdminPass", md5($_POST['AdminPass'])); }
setvar("AdminUserName", $_POST['AdminUserName']);
setvar("AdminRealName", $_POST['AdminRealName']);
setvar("AdminEmail", $_POST['AdminEmail']);
showadminhome("Administrator settings applied.");
}
else
{
echo "Password and confirm password fields do not match. <a href=\"index.php?func=administrator\">Try again</a>.<br />\n";
}
}
}
elseif($func=="resendpass") // mail password to administrator e-mail, don't expose e-mail address
{
resendpassword($ipaddress);
}
// Close link to database - no sql commands should be issued after this point - use only one connection
mysql_close($link);
function showloginform($message)
{
echo "<div class=\"centerFieldset\">\n";
echo "<form action=\"index.php?func=login\" method=\"POST\">\n";
echo "<fieldset>\n";
echo "<table>\n";
echo "<tr><td>Username:</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>Password:</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Login\"><font size=\"-1\"></td><td><a href=\"index.php?func=resendpass\">Resend Password</a></font></td></tr>\n";
echo "</table>\n";
echo "<p><font size=\"-1\">$message</font></p>\n";
echo "</fieldset>\n";
echo "</form>\n";
echo "</div>\n";
}
function showadminhome($message)
{
echo "<div class=\"centerFieldset\">\n";
echo "<h2>$message</h2>\n";
echo "<table width=\"100%\">\n";
echo "<tr>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=configuration\"><img src=\"imgs/configuration.png\" alt=\"Configuration\" title=\"Configuration\" border=\"0\"><br />Configuration</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=featuredvideos\"><img src=\"imgs/featuredvideos.png\" alt=\"Featured Videos\" title=\"Featured Videos\" border=\"0\"><br />Featured Videos</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=statistics\"><img src=\"imgs/statistics.png\" alt=\"Statistics\" title=\"Statistics\" border=\"0\"><br />Statistics</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=categorymanager\"><img src=\"imgs/categorymanager.png\" alt=\"\" title=\"\" border=\"0\"><br />Category Manager</a></td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=videomanager\"><img src=\"imgs/videomanager.png\" alt=\"Video Manager\" title=\"Video Manager\" border=\"0\"><br />Video Manager</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=contentmanager\"><img src=\"imgs/contentmanager.png\" alt=\"Content Manager\" title=\"Content Manager\" border=\"0\"><br />Content Manager</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=advertisementmanager\"><img src=\"imgs/advertisementmanager.png\" alt=\"Advertisement Manager\" title=\"Advertisement Manager\" border=\"0\"><br />Advertisement Manager</a></td>\n";
echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=administrator\"><img src=\"imgs/administrator.png\" alt=\"Administrator\" title=\"Administrator\" border=\"0\"><br />Administrator</a></td>\n";
echo "</tr>\n";
echo "</table>\n";
echo "</div>\n";
}
function logaccess($logfile, $ip, $tag)
{
$datetime = date('d-m-Y/H:i:s');
$fp = fopen("$logfile", "a");
fputs($fp,"($datetime) $ip $tag\n");
flock($fp, 3); fclose($fp);
}
function resendpassword($ip_address)
{
$sitedomainname = getvar("SiteDomainName");
$newpassword = generatepassword();
$mailmessage = "A reset password request has been initiated from your VideoSplurge installation.\n\n" .
"Your credentials for the VideoSplurge Administrator area are as follows:\n" .
"Username: " . getvar("AdminUserName") . "\n" .
"Password: " . $newpassword . "\n\n" .
"This request was initiated from ip address: $ip_address\n";
$result = mail(getvar("AdminEmail"), "VideoSplurge Password Reset", $mailmessage, "From: \"VideoSplurge mailer\" <mailer@$sitedomainname>");
if(!$result) { echo "Mail send failed. Password was not reset"; }
else {
setvar("AdminPass", md5($newpassword));
showloginform("Password reset. Check your e-mail.");
}
}
function generatepassword()
{
$chars = "abcdefghijkmnopqrstuvwxyz023456789";
srand((double)microtime()*1000000);
$i = 0;
$pass = '' ;
while ($i <= 7) {
$num = rand() % 33;
$tmp = substr($chars, $num, 1);
$pass = $pass . $tmp;
$i++;
}
return $pass;
}
function videotypeselect($selectedtype)
{
$videotypeselect = "<select name=\"Type\">\n";
if($selectedtype==1) {
$videotypeselect .= "<option value=\"1\" selected>Locally Hosted</option>\n";
$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
elseif($selectedtype==2) {
$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
$videotypeselect .= "<option value=\"2\" selected>Google Video</option>\n";
$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
elseif($selectedtype==3) {
$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
$videotypeselect .= "<option value=\"3\" selected>YouTube</option>\n"; }
else {
$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
$videotypeselect .= "</select>\n";
return $videotypeselect;
}
function parentselect($selectedid, $levels, $inputname) // generate drop-down box code for Categories
{
$sql = "SELECT * FROM categories WHERE Parent=-99";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
$parentselect = "<select name=\"$inputname\">\n";
if($selectedid==-99) { $parentselect .= "<option value=\"-99\" selected>Top Level</option>\n"; }
else { $parentselect .= "<option value=\"-99\">Top Level</option>\n"; }
if($numrows > 0)
{
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
if($selectedid==$row[0]) { $parentselect .= "<option value=\"$row[0]\" selected>$row[2]</option>\n"; }
else { $parentselect .= "<option value=\"$row[0]\">$row[2]</option>\n"; }
if($levels==2)
{
$sql2 = "SELECT * FROM categories WHERE Parent=$row[0]";
$result2 = mysql_query($sql2) or die("Error: " . mysql_error());
$numrows2 = mysql_num_rows($result2);
if($numrows2 > 0) {
for($num2=0;$num2<$numrows2;$num2++) {
$row2 = mysql_fetch_row($result2);
if($selectedid==$row2[0]) { $parentselect .= "<option value=\"$row2[0]\" selected>$row[2] / $row2[2]</option>\n"; }
else { $parentselect .= "<option value=\"$row2[0]\">$row[2] / $row2[2]</option>\n"; }
}
}
}
}
}
$parentselect .= "</select>\n";
return $parentselect;
}
function showcategorymanager($message, $parent)
{
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
echo "<a href=\"index.php?func=categorymanager&operation=new&category=$parent\">\n" .
"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Category\" title=\"New Category\" border=\"0\"></a>\n";
if($parent!=-99){
echo "<a href=\"index.php?func=categorymanager\">\n" .
"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
}
echo "<strong>$message</strong></td></tr>\n";
$sql = "SELECT * FROM categories WHERE Parent=$parent";
$result = mysql_query($sql) or die("Error: " . mysql_error());
// output all fields, with edit and delete buttons on right side
$numrows = mysql_num_rows($result);
if($numrows)
{
// echo header row with field names
$numfields = mysql_num_fields($result);
if($numfields)
{
echo "<tr>";
for($num=2;$num<4;$num++)
{
$fieldname = mysql_field_name($result, $num);
echo "<th>$fieldname</th>";
}
echo "<th>Actions</th></tr>\n";
} // end echo header row
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
$Name = stripslashes($row[2]);
$Description = stripslashes($row[3]);
if($row[1]==-99) { echo "<tr><td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=categorymanager&category=$row[0]\">$Name</a></td>"; }
else { echo "<tr><td width=\"200\" style=\"text-align:left;\">$Name</td>"; }
echo "<td style=\"text-align:left;\">$Description</td>" .
"<td style=\"text-align:center;\"><a href=\"index.php?func=categorymanager&operation=edit&id=$row[0]&category=$parent\"><img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\"></a>" .
"<a href=\"index.php?func=categorymanager&operation=delete&id=$row[0]&category=$parent\"><img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\"></a></td></tr>\n";
}
}
else { echo "<tr><td>No categories.</td></tr>\n"; }
echo "</table>\n";
}
function showvideomanager($message, $parent)
{
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
echo "<a href=\"index.php?func=videomanager&operation=new&category=$parent\">\n" .
"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Video\" title=\"New Video\" border=\"0\"></a>\n";
if($parent!=-99){
echo "<a href=\"index.php?func=videomanager\">\n" .
"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
}
echo "<strong>$message</strong></td></tr>\n";
$sql = "SELECT * FROM categories WHERE Parent=$parent";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows)
{
// echo header row with field names
echo "<tr><th>Category</th><th>Description</th></tr>\n";
// end echo header row
// list categories with names linked to view contents of that category
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
$Name = stripslashes($row[2]);
$Description = stripslashes($row[3]);
echo "<tr>" .
"<td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=videomanager&category=$row[0]\">$Name</a></td>" .
"<td style=\"text-align:left;\">$Description</td>" .
"</tr>\n";
}
}
echo "</table>\n";
$CurrentPage = (int)sanitize($_GET['page']);
if(!$CurrentPage) { $CurrentPage=1; }
$NumberOfVideos = getrecordcount("videos", "Category=$parent");
$LastPage = ceil($NumberOfVideos / 20);
$Offset = ($CurrentPage-1) * 20;
// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
if($LastPage) {
echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
echo "<table width=\"100%\">\n";
echo "<tr>\n";
for($page=1; $page<=$LastPage; $page++) {
if($page==$CurrentPage) { $PageLinks .= " $page "; }
else { $PageLinks .= " <a href=\"$self?func=videomanager&category=$parent&page=$page\">$page</a> "; }
}
echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
echo "</tr>\n";
echo "<tr>\n";
$PreviousPage = $CurrentPage - 1;
$NextPage = $CurrentPage + 1;
if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
echo "</tr>\n";
echo "</table>\n";
}
// End navigation bar
echo "<table width=\"100%\">\n";
$sql = "SELECT * FROM videos WHERE Category=$parent ORDER BY Views DESC LIMIT 20 OFFSET $Offset";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows)
{
// echo header row with field names
$numfields = mysql_num_fields($result);
if($numfields)
{
echo "<tr>";
$fieldname = mysql_field_name($result, 2);
echo "<th>$fieldname</th>";
for($num=4;$num<6;$num++)
{
$fieldname = mysql_field_name($result, $num);
echo "<th>$fieldname</th>";
}
$fieldname = mysql_field_name($result, 9);
echo "<th>$fieldname</th>";
echo "<th>Actions</th></tr>\n";
} // end echo header row
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
if($row[2]==1) { $videotype = "Local"; }
elseif($row[2]==2) { $videotype = "Google Video"; }
elseif($row[2]==3) { $videotype = "YouTube"; }
$Name = stripslashes($row[4]);
$Thumbnail = stripslashes($row[5]);
echo "<tr>\n" .
"<td style=\"text-align:left;\">$videotype</td>\n" .
"<td style=\"text-align:left;\">$Name</td>\n" .
"<td style=\"text-align:center;\"><a href=\"../play.php?id=$row[0]\" target=\"_blank\"><img src=\"$Thumbnail\" height=\"96\" width=\"135\"></a></td>\n" .
"<td style=\"text-align:center;\">$row[9]</td>\n" .
"<td style=\"text-align:center;\">\n" .
"<a href=\"index.php?func=videomanager&operation=edit&id=$row[0]&category=$parent\">\n" .
"<img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\">\n" .
"</a>\n" .
"<a href=\"index.php?func=videomanager&operation=delete&id=$row[0]&category=$parent\">\n" .
"<img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\">\n" .
"</a>\n" .
"</td>\n" .
"</tr>\n";
}
}
echo "</table>\n";
// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
if($LastPage) {
echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
echo "<table width=\"100%\">\n";
echo "<tr>\n";
echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
echo "</tr>\n";
echo "<tr>\n";
$PreviousPage = $CurrentPage - 1;
$NextPage = $CurrentPage + 1;
if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
echo "</tr>\n";
echo "</table>\n";
}
// End navigation bar
}
function showcontentmanager($message, $parent)
{
echo "<table width=\"100%\">\n";
echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
echo "<a href=\"index.php?func=contentmanager&operation=new&category=$parent\">\n" .
"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Content Item\" title=\"New Content Item\" border=\"0\"></a>\n";
if($parent!=-99){
echo "<a href=\"index.php?func=contentmanager\">\n" .
"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
}
echo "<strong>$message</strong></td></tr>\n";
$sql = "SELECT * FROM categories WHERE Parent=$parent";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows)
{
// echo header row with field names
echo "<tr><th>Category</th><th>Description</th></tr>\n";
// end echo header row
// list categories with names linked to view contents of that category
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
$Name = stripslashes($row[2]);
$Description = stripslashes($row[3]);
echo "<tr>" .
"<td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=contentmanager&category=$row[0]\">$Name</a></td>" .
"<td style=\"text-align:left;\">$Description</td>" .
"</tr>\n";
}
}
echo "</table>\n";
$CurrentPage = (int)sanitize($_GET['page']);
if(!$CurrentPage) { $CurrentPage=1; }
$NumberOfItems = getrecordcount("content", "Category=$parent");
$LastPage = ceil($NumberOfItems / 20);
$Offset = ($CurrentPage-1) * 20;
// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
if($LastPage) {
echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
echo "<table width=\"100%\">\n";
echo "<tr>\n";
for($page=1; $page<=$LastPage; $page++) {
if($page==$CurrentPage) { $PageLinks .= " $page "; }
else { $PageLinks .= " <a href=\"$self?func=videomanager&category=$parent&page=$page\">$page</a> "; }
}
echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
echo "</tr>\n";
echo "<tr>\n";
$PreviousPage = $CurrentPage - 1;
$NextPage = $CurrentPage + 1;
if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
echo "</tr>\n";
echo "</table>\n";
}
// End navigation bar
echo "<table width=\"100%\">\n";
$sql = "SELECT * FROM content WHERE Category=$parent ORDER BY Views DESC LIMIT 20 OFFSET $Offset";
$result = mysql_query($sql) or die("Error: " . mysql_error());
$numrows = mysql_num_rows($result);
if($numrows)
{
// echo header row with field names
$numfields = mysql_num_fields($result);
if($numfields)
{
echo "<tr>";
$fieldname = mysql_field_name($result, 2);
echo "<th>$fieldname</th>";
for($num=7;$num<11;$num++)
{
$fieldname = mysql_field_name($result, $num);
echo "<th>$fieldname</th>";
}
echo "<th>Actions</th></tr>\n";
} // end echo header row
for($num=0;$num<$numrows;$num++)
{
$row = mysql_fetch_row($result);
$Name = stripslashes($row[2]);
echo "<tr>\n" .
"<td style=\"text-align:left;\">$Name</td>\n" .
"<td style=\"text-align:center;\">$row[7]</td>\n" .
"<td style=\"text-align:center;\">$row[8]</td>\n" .
"<td style=\"text-align:center;\">$row[9]</td>\n" .
"<td style=\"text-align:center;\">$row[10]</td>\n" .
"<td style=\"text-align:center;\">\n" .
"<a href=\"index.php?func=contentmanager&operation=edit&id=$row[0]&category=$parent\">\n" .
"<img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\">\n" .
"</a>\n" .
"<a href=\"index.php?func=contentmanager&operation=delete&id=$row[0]&category=$parent\">\n" .
"<img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\">\n" .
"</a>\n" .
"</td>\n" .
"</tr>\n";
}
}
echo "</table>\n";
// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
if($LastPage) {
echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
echo "<table width=\"100%\">\n";
echo "<tr>\n";
echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
echo "</tr>\n";
echo "<tr>\n";
$PreviousPage = $CurrentPage - 1;
$NextPage = $CurrentPage + 1;
if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
else { echo "<td width=\"50%\"> </td>\n"; }
echo "</tr>\n";
echo "</table>\n";
}
// End navigation bar
}
?>
</td>
</tr>
</table>
<h6 align="center"><a href="http://www.videosplurge.com/" target="_blank">VideoSplurge</a></h6>
</body>
</html>