Location: PHPKode > projects > VideoSplurge > admin/index.php
<?php
if(!file_exists("../dbinc.php")) { die("VideoSplurge is not installed yet. <a href=\"../install.php\">Click here to run installer.</a>"); }
if(file_exists("../install.php")) { echo "Security warning: You need to delete install.php.<br />\n"; }
include("../dbinc.php");
include("includes/db.php");
include("includes/sanitize.php");
include("includes/videoinfo.php");
include("includes/getrecordcount.php");

$ipaddress = $REMOTE_ADDR;
$func = $_GET['func']; 			// page to show (home page, search, video)
$msg = $_GET['msg'];			// message to display to user

logaccess("accesslog.txt", $ipaddress, $func);

// Connect to MySQL database server
$link = mysql_connect($dbhost, $dbuser, $dbpass);
if (!$link) { die('Could not connect: ' . mysql_error() . "\nPlease review your settings for MySQL database host, db name, db user, db password."); }
// Select database
mysql_select_db($dbname) or die('Could not connect: ' . mysql_error() . "\nPlease review that the user has adequate access to the database.");

if($func=="login" && $_POST['username'])
{
	$username = $_POST['username'];
	$hash = md5($_POST['password']);
	$storedhash = getvar('AdminPass');
	$AdminUsername = getvar('AdminUsername');
	
	if($username==$AdminUsername && $hash==$storedhash)
	{
		setvar("AdminLoggedIn", "1");
		setvar("AdminIPaddress", $ipaddress);
		header("Location: index.php?func=adminhome");
		die();
	}
	else
	{
		header("Location: index.php?func=login&msg=Incorrect username or password.");
		die();
	}
}

// Require login check unless on "login" or "resendpass" pages.
if($func && $func!="login" && $func!="resendpass") {
	if(getvar("AdminLoggedIn") == "1" && getvar("AdminIPaddress") == $ipaddress) { $loggedin=true; }
	else { header("Location: index.php?func=login&msg=You need to log in to access this resource."); die(); }
}

// Page variables from DB
$stylesheet = getvar("StyleSheet");
$siteurl = getvar("SiteURL");

// Generate page title & heading text
if($func=="adminhome") { $functiondescription = "Home"; }
elseif($func=="statistics") { $functiondescription = "Statistics"; }
elseif($func=="categorymanager") { $functiondescription = "Category Manager"; }
elseif($func=="videomanager") { $functiondescription = "Video Manager"; }
elseif($func=="contentmanager") { $functiondescription = "Content Manager"; }
elseif($func=="advertisementmanager") { $functiondescription = "Advertisement Manager"; }
elseif($func=="configuration") { $functiondescription = "Configuration"; }
elseif($func=="featuredvideos") { $functiondescription = "Featured Videos"; }
elseif($func=="administrator") { $functiondescription = "Administrator Settings"; }
elseif($func=="resendpass") { $functiondescription = "Resend Password"; }
elseif($func=="logout") { $functiondescription = "You are now logged out."; }
elseif(!$func || $func=="login") { $functiondescription = "Login"; }
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
	<title>VideoSplurge Administration - <?php echo $functiondescription; ?></title>
	<meta http-equiv="content-type" content="text/html;charset=utf-8" />
	<meta http-equiv="Content-Style-Type" content="text/css" />
	<meta name="robots" value="noindex,nofollow" />
	<meta name="Author" content="Matt Gulden" />
	<link rel="shortcut icon" type="image/x-icon" href="../videosplurge.ico" />
<?php echo "	<link rel=\"stylesheet\" href=\"../$stylesheet\">\n";?>
</head>
<body>
<table style="width:100%; text-align:left;">
<tr>
<td width="220" style="text-align:center;"><a href="index.php?func=adminhome">
	<img style="border:0;" src="imgs/videosplurge.gif" title="Logo" /></a>
</td>
<td width="800" style="vertical-align:middle;">
	<h1>Administration - <?php echo $functiondescription; ?></h1>
<? if($loggedin="true" && $func && $func!="logout" && $func!="login" && $func!="resendpass") {
echo "	<p><font size=\"-1\"><strong><a href=\"index.php?func=adminhome\">Home</a> - <a href=\"index.php?func=configuration\">Configuration</a> - " .
	"	<a href=\"index.php?func=featuredvideos\">Featured Videos</a> - <a href=\"index.php?func=statistics\">Statistics</a> - " .
	"	<a href=\"index.php?func=categorymanager\">Categories</a> - <a href=\"index.php?func=videomanager\">Videos</a> - " .
	"	<a href=\"index.php?func=contentmanager\">Content</a> - <a href=\"index.php?func=advertisementmanager\">Advertisements</a> - " .
	"	<a href=\"index.php?func=administrator\">Administrator Settings</a> - <a href=\"$siteurl" . "index.php\" target=\"_blank\">Preview Site</a> - " .
	"	<a href=\"index.php?func=logout\">Log Out</a></strong></font></p>";
}?>
</td></tr>
<tr>
<td style="text-align:center;padding:20px;" width="100%" colspan="2">
<?php
if(!$func || $func=="login")
{
	if($msg) { showloginform($msg); } else { showloginform("Hello, $ipaddress"); }
}
elseif($func=="logout")
{
	setvar("AdminLoggedIn", "0");
	showloginform("You have been logged out.");
}
elseif($func=="adminhome") // grid of large icons to common tasks
{
	showadminhome("Welcome.");
}
elseif($func=="configuration") // form AND accepts posted data from form and sets variables in DB
{
	if(!$_POST['SiteURL']) // NOTE: GETVAR AND SETVAR HANDLE SANITIZE AND STRIPSLASHES
	{
		$SiteURL = getvar('SiteURL');
		$SiteDomainName = getvar('SiteDomainName');
		$SiteTitle = getvar('SiteTitle');
		$SiteTagline = getvar('SiteTagline');
		$MetaDescription = getvar('MetaDescription');
		$MetaKeywords = getvar('MetaKeywords');
		$MetaRobots = getvar('MetaRobots');
		$FrontpageVideosCols = getvar('FrontpageVideosCols');
		$FrontpageVideosRows = getvar('FrontpageVideosRows');
		$SearchResultsPerPage = getvar('SearchResultsPerPage');
		$PlayerWidth = getvar('PlayerWidth');
		$PlayerHeight = getvar('PlayerHeight');

		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=configuration\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td>Site URL (include trailing slash):</td><td><input type=\"text\" name=\"SiteURL\" value=\"$SiteURL\" size=\"40\"></td></tr>\n";
		echo "<tr><td>Site Domain Name:</td><td><input type=\"text\" name=\"SiteDomainName\" value=\"$SiteDomainName\" size=\"30\"></td></tr>\n";
		echo "<tr><td>Site Title:</td><td><input type=\"text\" name=\"SiteTitle\" value=\"$SiteTitle\" size=\"40\"></td></tr>\n";
		echo "<tr><td>Site Tagline:</td><td><input type=\"text\" name=\"SiteTagline\" value=\"$SiteTagline\" size=\"60\"></td></tr>\n";
		echo "<tr><td>CSS Stylesheet:</td><td><input type=\"text\" name=\"StyleSheet\" value=\"$stylesheet\"></td></tr>\n";
		echo "<tr><td>Description meta tag:</td><td><input type=\"text\" name=\"MetaDescription\" value=\"$MetaDescription\" size=\"60\"></td></tr>\n";
		echo "<tr><td>Keywords meta tag:</td><td><input type=\"text\" name=\"MetaKeywords\" value=\"$MetaKeywords\" size=\"60\"></td></tr>\n";
		echo "<tr><td>Robots meta tag:</td><td><input type=\"text\" name=\"MetaRobots\" value=\"$MetaRobots\"></td></tr>\n";
		echo "<tr><td>No. of columns on frontpage/category video grid:</td><td><input type=\"text\" name=\"FrontpageVideosCols\" value=\"$FrontpageVideosCols\" size=\"5\"></td></tr>\n";
		echo "<tr><td>No. of rows on frontpage/category video grid:</td><td><input type=\"text\" name=\"FrontpageVideosRows\" value=\"$FrontpageVideosRows\" size=\"5\"></td></tr>\n";
		echo "<tr><td>No. of search results per page:</td><td><input type=\"text\" name=\"SearchResultsPerPage\" value=\"$SearchResultsPerPage\" size=\"5\"></td></tr>\n";
		echo "<tr><td>Video player width:</td><td><input type=\"text\" name=\"PlayerWidth\" value=\"$PlayerWidth\" size=\"5\"></td></tr>\n";
		echo "<tr><td>Video player height:</td><td><input type=\"text\" name=\"PlayerHeight\" value=\"$PlayerHeight\" size=\"5\"></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=adminhome\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else
	{
		setvar("SiteURL", $_POST['SiteURL']);
		setvar("SiteDomainName", $_POST['SiteDomainName']);
		setvar("SiteTitle", $_POST['SiteTitle']);
		setvar("SiteTagline", $_POST['SiteTagline']);
		setvar("StyleSheet", $_POST['StyleSheet']);
		setvar("MetaDescription", $_POST['MetaDescription']);
		setvar("MetaKeywords", $_POST['MetaKeywords']);
		setvar("MetaRobots", $_POST['MetaRobots']);
		setvar("FrontpageVideosCols", $_POST['FrontpageVideosCols']);
		setvar("FrontpageVideosRows", $_POST['FrontpageVideosRows']);
		setvar("SearchResultsPerPage", $_POST['SearchResultsPerPage']);
		setvar("PlayerWidth", $_POST['PlayerWidth']);
		setvar("PlayerHeight", $_POST['PlayerHeight']);

		showadminhome("Configuration settings applied.");
	}
}
elseif($func=="categorymanager")
{
	if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
	{
		$Parent = sanitize($_POST['Parent']);
		$Name = sanitize($_POST['Name']);
		$Description = sanitize($_POST['Description']);
		$sql = "INSERT INTO categories (Parent, Name, Description) VALUES ($Parent, \"$Name\", \"$Description\")";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcategorymanager("New category added successfully.", $Parent);
	}
	elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit Category Form to DB
	{
		$id = sanitize($_POST['id']);
		$Parent = sanitize($_POST['Parent']);
		$Name = sanitize($_POST['Name']);
		$Description = sanitize($_POST['Description']);
		$sql = "UPDATE categories SET Parent=$Parent, Name='$Name', Description='$Description' WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcategorymanager("Category modified successfully.", $Parent);
	}
	elseif($_GET['operation']=="edit") // Edit Category Form
	{
		$id = sanitize($_GET['id']);
		$sql = "SELECT * FROM categories WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		
		$numrows = mysql_num_rows($result);
		if($numrows<1) { die("Invalid category id."); }
		else { $row = mysql_fetch_row($result); }

		$parentselect = parentselect($row[1], 1, "Parent");
		
		$Name = stripslashes($row[2]);
		$Description = stripslashes($row[3]);
		
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=categorymanager\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>New Category</h3></td></tr>\n";
		echo "<tr><td>Parent</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\"></td></tr>\n";
		echo "<tr><td>Description</td><td><input type=\"text\" name=\"Description\" value=\"$Description\" size=\"40\"></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
			"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
			"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
			"<td><form action=\"index.php?func=categorymanager&category=$row[1]\" method=\"post\">" .
			"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	elseif($_GET['operation']=="delete") // Delete Category Function
	{
		$id = sanitize($_GET['id']);
		$category = sanitize($_GET['category']);
		
		// check for sub categories, videos, and content items before deleting.
		// If any exist, warn user and exit delete routine
		$sql = "SELECT * FROM categories WHERE Parent=$id";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		$numrows = mysql_num_rows($result);
		if($numrows) { echo "Subcategories exist within this category. Cannot delete."; die(); }
		
		$sql = "SELECT * FROM videos WHERE Category=$id";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		$numrows = mysql_num_rows($result);
		if($numrows) { echo "Videos exist within this category. Cannot delete."; die(); }
		
		$sql = "SELECT * FROM content WHERE Category=$id";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		$numrows = mysql_num_rows($result);
		if($numrows) { echo "Content items exist within this category. Cannot delete."; die(); }
		
		// If code makes it here, no subcategories, videos, or content items were present within category
		
		$sql = "DELETE FROM categories WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcategorymanager("Category deleted successfully.", $category);
	}
	elseif($_GET['operation']=="new") // New Category Form
	{
		$category = sanitize($_GET['category']);
		if(!$category) { $category=-99; }
		$parentselect = parentselect($category, 1, "Parent");
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=categorymanager\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>New Category</h3></td></tr>\n";
		echo "<tr><td>Parent</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\"></td></tr>\n";
		echo "<tr><td>Description</td><td><input type=\"text\" name=\"Description\" size=\"40\"></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=categorymanager\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else // browse mode
	{
		$categoryid = $_GET['category'];
		if($categoryid) { $categoryid=sanitize($categoryid); }
		if(!$categoryid||$categoryid==-99) { showcategorymanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
		else {
			$sql = "SELECT * FROM categories WHERE id=$categoryid";
			$result = mysql_query($sql) or die("Error: " . mysql_error());
			$numrows = mysql_num_rows($result);
			if($numrows<1) { echo "Invalid category id."; }
			else {
				$row = mysql_fetch_row($result);
				$categoryname = $row[2];
				showcategorymanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
			}
		}
	}
}
elseif($func=="videomanager")
{
	if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
	{
		//Category Type RemoteID Name Thumbnail Description
		$Category = sanitize($_POST['Category']);
		$Type = sanitize($_POST['Type']);
		$RemoteID = sanitize($_POST['RemoteID']);
		$Name = sanitize($_POST['Name']);
  
		// Thumbnail,length
		if($Type=="1") // Locally hosted
		{ 
			$uploadfilename = basename($_FILES['videofile']['name']);
			$uploadfile = "../videos/" . $uploadfilename;
			$RemoteID = $uploadfilename;

			if(move_uploaded_file($_FILES['videofile']['tmp_name'], $uploadfile))
			{
				echo "File was successfully uploaded.\n";
			}
			else
			{
				echo "Upload of $uploadfilename failed.\n";
				print_r($_FILES); // more debugging info
				die();
			}

			do {
				// generate 16 character random string of letters and numbers for thumbnail filename, and append ".jpg"
				$chars = "abcdefghijkmnopqrstuvwxyz023456789";
				srand((double)microtime()*1000000);
				$pass = '';

				for($i=0; ($i <= 15); $i++) {
					$num = rand() % 33;
					$tmp = substr($chars, $num, 1);
					$pass = $pass . $tmp;
				}
			} while(file_exists("../videos/thumbs/" . $pass . ".jpg"));

			$imgfile = $siteurl . "videos/thumbs/" . $pass . ".jpg";
			$movie_length = movie_get_length_in_seconds($uploadfile);
			$random_seconds = rand(0, floor($movie_length));
			$was_image_created = movie_take_screenshot($uploadfile, $random_seconds, $pass . ".jpg");
			
			if($was_image_created) {
				$Thumbnail = $imgfile;
				$Length = strtotime($movie_length);
			} else {
				die("Thumbnail image could not be created.");
			}
		}
		elseif($Type=="2") // Google Video
		{
			$vrss = file_get_contents("http://video.google.com/videofeed?docid=".$RemoteID);

			if(!empty($vrss)) {
				preg_match('/<media:thumbnail url="([^"]+)/',$vrss,$thumbnail_array);
				$Thumbnail = $thumbnail_array[1];
				//Remove amp;
				$Thumbnail = str_replace('amp;','',$Thumbnail);
			}
			$Length = "";
		}
		elseif($Type=="3") // YouTube
		{
			$Thumbnail = "http://img.youtube.com/vi/$RemoteID/2.jpg";
			$Length = "";
		}
		
		$Description = sanitize($_POST['Description']);
		$Keywords = sanitize($_POST['Keywords']);
		$DateAdded = date("Y-m-d");
		$sql = "INSERT INTO videos (Category, Type, RemoteID, Name, Thumbnail, Description, Keywords, Length, DateAdded) " .
			"VALUES ($Category, $Type, \"$RemoteID\", \"$Name\", \"$Thumbnail\", \"$Description\", \"$Keywords\", \"$Length\", \"$DateAdded\")";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showvideomanager("New video added successfully.", $Category);
	}
	elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit Video Form to DB
	{
		$id = sanitize($_POST['id']);
		$Category = sanitize($_POST['Category']);
		$Type = sanitize($_POST['Type']);
		$RemoteID = sanitize($_POST['RemoteID']);
		$Name = sanitize($_POST['Name']);
		$Thumbnail = sanitize($_POST['Thumbnail']);
		$Description = sanitize($_POST['Description']);
		$Keywords = sanitize($_POST['Keywords']);
		$Length = sanitize($_POST['Length']);
		$sql = "UPDATE videos SET Category=$Category, Type=$Type, RemoteID=\"$RemoteID\", Name='$Name', Thumbnail=\"$Thumbnail\", Description='$Description', Keywords='$Keywords', Length='$Length' WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showvideomanager("Video modified successfully.", $Category);
	}
	elseif($_GET['operation']=="edit") // Edit Video Form
	{
		$category = sanitize($_GET['category']);
		$id = sanitize($_GET['id']);
		$sql = "SELECT * FROM videos WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		
		$numrows = mysql_num_rows($result);
		if($numrows<1) { die("Invalid video id."); }
		else { $row = mysql_fetch_row($result); }

		$parentselect = parentselect($row[1], 2, "Category");
		$videotypeselect = videotypeselect($row[2]);
		
		$RemoteID = stripslashes($row[3]);
		$Name = stripslashes($row[4]);
		$Thumbnail = stripslashes($row[5]);
		$Keywords = stripslashes($row[8]);
		$Description = stripslashes($row[7]);
		$Length = stripslashes($row[6]);
		
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=videomanager&category=$category\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>Edit Video</h3></td></tr>\n";
		echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Type</td><td>$videotypeselect</td></tr>\n";
		echo "<tr><td>Remote ID, or filename if local</td><td><input type=\"text\" name=\"RemoteID\" value=\"$RemoteID\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Thumbnail URL (ex: imgs/thumb0001.jpg)</td><td><input type=\"text\" name=\"Thumbnail\" value=\"$Thumbnail\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" value=\"$Keywords\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"10\" cols=\"60\">$Description</textarea></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
			"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
			"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
			"<td><form action=\"index.php?func=videomanager&category=$row[1]\" method=\"post\">" .
			"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	elseif($_GET['operation']=="delete") // Delete Video Function
	{
		$id = sanitize($_GET['id']);
		$category = sanitize($_GET['category']);
		
		// check for sub categories before deleting
		
		$sql = "DELETE FROM videos WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showvideomanager("Video deleted successfully.", $category);
	}
	elseif($_GET['operation']=="new") // New Video Form
	{
		$category = sanitize($_GET['category']);
		if(!$category) { $category=-99; }
		$parentselect = parentselect($category, 2, "Category");
		$videotypeselect = videotypeselect(1);
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=videomanager&category=$category\" enctype=\"multipart/form-data\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>New Video</h3></td></tr>\n";
		echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Type</td><td>$videotypeselect</td></tr>\n";
		echo "<tr><td>Remote ID</td><td><input type=\"text\" name=\"RemoteID\" size=\"50\"></td></tr>\n";
		echo "<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"96000000\">\n"; // MAX_FILE_SIZE must precede the file input field
		echo "<tr><td>or Upload Video</td><td><input type=\"file\" name=\"videofile\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Description</td><td><textarea name=\"Description\" cols=\"60\" rows=\"10\"></textarea></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=videomanager&category=$category\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else // browse mode
	{
		$categoryid = $_GET['category'];
		if($categoryid) { $categoryid=sanitize($categoryid); }
		if(!$categoryid||$categoryid==-99) { showvideomanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
		else {
			$sql = "SELECT * FROM categories WHERE id=$categoryid";
			$result = mysql_query($sql) or die("Error: " . mysql_error());
			$numrows = mysql_num_rows($result);
			if($numrows<1) { echo "Invalid category id."; }
			else {
				$row = mysql_fetch_row($result);
				$categoryname = $row[2];
				showvideomanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
			}
		}
	}
}
elseif($func=="contentmanager")
{
	if($_POST['operation']=="submit") // Receive and enter contents of New form into DB
	{
		$Category = sanitize($_POST['Category']);
		$Name = sanitize($_POST['Name']);
		$Description = sanitize($_POST['Description']);
		$ShortText = sanitize($_POST['ShortText']);
		$FullText = sanitize($_POST['FullText']);
		$Keywords = sanitize($_POST['Keywords']);
		$DateCreated = date("Y-m-d");
		$DateLastModified = date("Y-m-d");
		$sql = "INSERT INTO content (Category, Name, Description, ShortText, `FullText`, Keywords, DateCreated, DateLastModified) " .
			"VALUES ($Category, \"$Name\", \"$Description\", \"$ShortText\", \"$FullText\", \"$Keywords\", \"$DateCreated\", \"$DateLastModified\")";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcontentmanager("New content item added successfully.", $Category);
	}
	elseif($_POST['operation']=="submitedit") // Receive and enter contents of Edit form into DB
	{
		$id = sanitize($_POST['id']);
		$Category = sanitize($_POST['Category']);
		$Name = sanitize($_POST['Name']);
		$Description = sanitize($_POST['Description']);
		$ShortText = sanitize($_POST['ShortText']);
		$FullText = sanitize($_POST['FullText']);
		$Keywords = sanitize($_POST['Keywords']);
		$DateLastModified = date("Y-m-d");
		$sql = "UPDATE content SET Category=$Category, Name='$Name', Description='$Description', ShortText='$ShortText', `FullText`='$FullText', Keywords='$Keywords', DateLastModified=\"$DateLastModified\" WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcontentmanager("Content item modified successfully.", $Category);
	}
	elseif($_GET['operation']=="edit") // Edit Content Item Form
	{
		$category = sanitize($_GET['category']);
		$id = sanitize($_GET['id']);
		$sql = "SELECT * FROM content WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		
		$numrows = mysql_num_rows($result);
		if($numrows<1) { die("Invalid content item id."); }
		else { $row = mysql_fetch_row($result); }

		$parentselect = parentselect($row[1], 2, "Category");
		
		$Name = stripslashes($row[2]);
		$Keywords = stripslashes($row[6]);
		$Description = stripslashes($row[3]);
		$ShortText = stripslashes($row[4]);
		$FullText = stripslashes($row[5]);
		
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=contentmanager&category=$category\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>Edit Content Item</h3></td></tr>\n";
		echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" value=\"$Name\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" value=\"$Keywords\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"3\" cols=\"60\">$Description</textarea></td></tr>\n";
		echo "<tr><td>Short Text</td><td><textarea name=\"ShortText\" rows=\"5\" cols=\"60\">$ShortText</textarea></td></tr>\n";
		echo "<tr><td>Full Text</td><td><textarea name=\"FullText\" rows=\"20\" cols=\"60\">$FullText</textarea></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><input type=\"hidden\" name=\"operation\" value=\"submitedit\">" .
			"<input type=\"hidden\" name=\"id\" value=\"$row[0]\">" .
			"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" .
			"<td><form action=\"index.php?func=contentmanager&category=$row[1]\" method=\"post\">" .
			"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	elseif($_GET['operation']=="delete") // Delete Content Item Function
	{
		$id = sanitize($_GET['id']);
		$category = sanitize($_GET['category']);
		$sql = "DELETE FROM content WHERE id=$id LIMIT 1";
		$result = mysql_query($sql) or die("Error: " . mysql_error());
		showcontentmanager("Content item deleted successfully.", $category);
	}
	elseif($_GET['operation']=="new") // New Content Item Form
	{
		$category = sanitize($_GET['category']);
		if(!$category) { $category=-99; }
		$parentselect = parentselect($category, 2, "Category");
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=contentmanager&category=$category\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td colspan=\"2\"><h3>New Content Item</h3></td></tr>\n";
		echo "<tr><td>Category</td><td>$parentselect</td></tr>\n";
		echo "<tr><td>Name</td><td><input type=\"text\" name=\"Name\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Keywords</td><td><input type=\"text\" name=\"Keywords\" size=\"50\"></td></tr>\n";
		echo "<tr><td>Description</td><td><textarea name=\"Description\" rows=\"3\" cols=\"60\"></textarea></td></tr>\n";
		echo "<tr><td>Short Text</td><td><textarea name=\"ShortText\" rows=\"5\" cols=\"60\"></textarea></td></tr>\n";
		echo "<tr><td>Full Text</td><td><textarea name=\"FullText\" rows=\"20\" cols=\"60\"></textarea></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\"><table><tr><td><input type=\"hidden\" name=\"operation\" value=\"submit\"><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td><td><form action=\"index.php?func=contentmanager&category=$category\" method=\"post\"><input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else // browse mode
	{
		$categoryid = $_GET['category'];
		if($categoryid) { $categoryid=sanitize($categoryid); }
		if(!$categoryid||$categoryid==-99) { showcontentmanager("<strong>Browsing Top Level Categories</strong>", -99); } // -99 is Parent id for top level
		else {
			$sql = "SELECT * FROM categories WHERE id=$categoryid";
			$result = mysql_query($sql) or die("Error: " . mysql_error());
			$numrows = mysql_num_rows($result);
			if($numrows<1) { echo "Invalid category id."; }
			else {
				$row = mysql_fetch_row($result);
				$categoryname = $row[2];
				showcontentmanager("<strong>Browsing Category: $categoryname</strong>", $categoryid);
			}
		}
	}
}
elseif($func=="advertisementmanager") // NOTE: GETVAR AND SETVAR HANDLE SANITIZE AND STRIPSLASHES
{
	if($_POST['operation']!="submit")
	{
		$AdHeader = getvar('AdHeader');
		$AdLeftSide = getvar('AdLeftSide');
		$AdPlayVideo = getvar('AdPlayVideo');
		$AdFooter = getvar('AdFooter');
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=advertisementmanager\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td>Header position:</td><td><textarea name=\"AdHeader\" rows=\"5\" cols=\"60\">$AdHeader</textarea></td></tr>\n";
		echo "<tr><td>Left Side position (below category list):</td><td><textarea name=\"AdLeftSide\" rows=\"5\" cols=\"60\">$AdLeftSide</textarea></td></tr>\n";
		echo "<tr><td>Play Video position (on play.php page):</td><td><textarea name=\"AdPlayVideo\" rows=\"5\" cols=\"60\">$AdPlayVideo</textarea></td></tr>\n";
		echo "<tr><td>Footer position:</td><td><textarea name=\"AdFooter\" rows=\"5\" cols=\"60\">$AdFooter</textarea></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\">" . 
			"<input type=\"hidden\" name=\"operation\" value=\"submit\">" . 
			"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" . 
			"<td><form action=\"index.php?func=adminhome\" method=\"post\">" . 
			"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else
	{
		setvar("AdHeader", $_POST['AdHeader']);
		setvar("AdLeftSide", $_POST['AdLeftSide']);
		setvar("AdPlayVideo", $_POST['AdPlayVideo']);
		setvar("AdFooter", $_POST['AdFooter']);
		showadminhome("Advertisement settings applied.");
	}
}
elseif($func=="statistics")
{
	$TotalCategories = getrecordcount("categories", "1");
	$TotalVideos = getrecordcount("videos", "1");
	$TotalContentItems = getrecordcount("content", "1");
	
	//total views
	//total emails
	
	echo "<table width=\"100%\">\n";
	echo "<tr><td>Total Number of Categories:</td><td>$TotalCategories</td></tr>\n";
	echo "<tr><td>Total Number of Videos:</td><td>$TotalVideos</td></tr>\n";
	echo "<tr><td>Total Number of Content Items:</td><td>$TotalContentItems</td></tr>\n";
	echo "<tr><td></td></tr>\n";
	echo "</table>\n";
}
elseif($func=="featuredvideos")
{

}
elseif($func=="administrator") // form to change administrator settings AND accept POSTed data from form
{
	if($_POST['operation']!="submit")
	{
		$AdminUserName = getvar('AdminUserName');
		$AdminRealName = getvar('AdminRealName');
		$AdminEmail = getvar('AdminEmail');
		echo "<div class=\"centerFieldset\">\n";
		echo "<form action=\"index.php?func=administrator\" method=\"POST\">\n";
		echo "<table width=\"100%\">\n";
		echo "<tr><td>Administrator Username:</td><td><input type=\"text\" name=\"AdminUserName\" value=\"$AdminUserName\"></td></tr>\n";
		echo "<tr><td>Change Password:</td><td><input type=\"password\" name=\"AdminPass\" value=\"\"></td></tr>\n";
		echo "<tr><td>Confirm New Password:</td><td><input type=\"password\" name=\"AdminPassConfirm\" value=\"\"></td></tr>\n";
		echo "<tr><td>Administrator Real name:</td><td><input type=\"text\" name=\"AdminRealName\" value=\"$AdminRealName\"></td></tr>\n";
		echo "<tr><td>Administrator E-mail Address:</td><td><input type=\"text\" name=\"AdminEmail\" value=\"$AdminEmail\"></td></tr>\n";
		echo "<tr><td colspan=\"2\" align=\"center\">" . 
			"<input type=\"hidden\" name=\"operation\" value=\"submit\">" . 
			"<table><tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Apply\"></form></td>" . 
			"<td><form action=\"index.php?func=adminhome\" method=\"post\">" . 
			"<input type=\"submit\" class=\"commonbutton\" value=\"Cancel\"></form></td></tr></table></td></tr>\n";
		echo "</table>\n";
		echo "</div>\n";
	}
	else
	{
		if($_POST['AdminPass']==$_POST['AdminPassConfirm'])
		{
			if($_POST['AdminPass'])	{ setvar("AdminPass", md5($_POST['AdminPass'])); }
			setvar("AdminUserName", $_POST['AdminUserName']);
			setvar("AdminRealName", $_POST['AdminRealName']);
			setvar("AdminEmail", $_POST['AdminEmail']);
			showadminhome("Administrator settings applied.");
		}
		else
		{
			echo "Password and confirm password fields do not match. <a href=\"index.php?func=administrator\">Try again</a>.<br />\n";
		}
	}
}
elseif($func=="resendpass") // mail password to administrator e-mail, don't expose e-mail address
{
	resendpassword($ipaddress);
}

// Close link to database - no sql commands should be issued after this point - use only one connection
mysql_close($link);

function showloginform($message)
{
	echo "<div class=\"centerFieldset\">\n";
	echo "<form action=\"index.php?func=login\" method=\"POST\">\n";
	echo "<fieldset>\n";
	echo "<table>\n";
	echo "<tr><td>Username:</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
	echo "<tr><td>Password:</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
	echo "<tr><td><input type=\"submit\" class=\"commonbutton\" value=\"Login\"><font size=\"-1\"></td><td><a href=\"index.php?func=resendpass\">Resend Password</a></font></td></tr>\n";
	echo "</table>\n";
	echo "<p><font size=\"-1\">$message</font></p>\n";
	echo "</fieldset>\n";
	echo "</form>\n";
	echo "</div>\n";
}

function showadminhome($message)
{
	echo "<div class=\"centerFieldset\">\n";
	echo "<h2>$message</h2>\n";
	echo "<table width=\"100%\">\n";
	echo "<tr>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=configuration\"><img src=\"imgs/configuration.png\" alt=\"Configuration\" title=\"Configuration\" border=\"0\"><br />Configuration</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=featuredvideos\"><img src=\"imgs/featuredvideos.png\" alt=\"Featured Videos\" title=\"Featured Videos\" border=\"0\"><br />Featured Videos</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=statistics\"><img src=\"imgs/statistics.png\" alt=\"Statistics\" title=\"Statistics\" border=\"0\"><br />Statistics</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=categorymanager\"><img src=\"imgs/categorymanager.png\" alt=\"\" title=\"\" border=\"0\"><br />Category Manager</a></td>\n";
	echo "</tr>\n";
	echo "<tr>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=videomanager\"><img src=\"imgs/videomanager.png\" alt=\"Video Manager\" title=\"Video Manager\" border=\"0\"><br />Video Manager</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=contentmanager\"><img src=\"imgs/contentmanager.png\" alt=\"Content Manager\" title=\"Content Manager\" border=\"0\"><br />Content Manager</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=advertisementmanager\"><img src=\"imgs/advertisementmanager.png\" alt=\"Advertisement Manager\" title=\"Advertisement Manager\" border=\"0\"><br />Advertisement Manager</a></td>\n";
	echo "<td style=\"text-align:center;\" width=\"25%\"><a href=\"index.php?func=administrator\"><img src=\"imgs/administrator.png\" alt=\"Administrator\" title=\"Administrator\" border=\"0\"><br />Administrator</a></td>\n";
	echo "</tr>\n";
	echo "</table>\n";
	echo "</div>\n";
}

function logaccess($logfile, $ip, $tag)
{
$datetime = date('d-m-Y/H:i:s');
$fp = fopen("$logfile", "a");
fputs($fp,"($datetime) $ip $tag\n");
flock($fp, 3); fclose($fp);
}

function resendpassword($ip_address)
{
	$sitedomainname = getvar("SiteDomainName");
	$newpassword = generatepassword();
	$mailmessage = "A reset password request has been initiated from your VideoSplurge installation.\n\n" .
		"Your credentials for the VideoSplurge Administrator area are as follows:\n" .
		"Username: " . getvar("AdminUserName") . "\n" .
		"Password: " . $newpassword . "\n\n" .
		"This request was initiated from ip address: $ip_address\n";
	$result = mail(getvar("AdminEmail"), "VideoSplurge Password Reset", $mailmessage, "From: \"VideoSplurge mailer\" <mailer@$sitedomainname>");
	if(!$result) { echo "Mail send failed. Password was not reset"; }
	else {
	setvar("AdminPass", md5($newpassword));
	showloginform("Password reset. Check your e-mail.");
       }
}

function generatepassword()
{
	$chars = "abcdefghijkmnopqrstuvwxyz023456789";
	srand((double)microtime()*1000000);
	$i = 0;
	$pass = '' ;

	while ($i <= 7) {
		$num = rand() % 33;
		$tmp = substr($chars, $num, 1);
		$pass = $pass . $tmp;
		$i++;
	}

	return $pass;
}

function videotypeselect($selectedtype)
{
	$videotypeselect = "<select name=\"Type\">\n";
	if($selectedtype==1) {
		$videotypeselect .= "<option value=\"1\" selected>Locally Hosted</option>\n";
		$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
		$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
	elseif($selectedtype==2) {
		$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
		$videotypeselect .= "<option value=\"2\" selected>Google Video</option>\n";
		$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
	elseif($selectedtype==3) {
		$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
		$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
		$videotypeselect .= "<option value=\"3\" selected>YouTube</option>\n"; }
	else {
		$videotypeselect .= "<option value=\"1\">Locally Hosted</option>\n";
		$videotypeselect .= "<option value=\"2\">Google Video</option>\n";
		$videotypeselect .= "<option value=\"3\">YouTube</option>\n"; }
	$videotypeselect .= "</select>\n";
	
	return $videotypeselect;
}

function parentselect($selectedid, $levels, $inputname) // generate drop-down box code for Categories
{
	$sql = "SELECT * FROM categories WHERE Parent=-99";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	$numrows = mysql_num_rows($result);

	$parentselect = "<select name=\"$inputname\">\n";
	if($selectedid==-99) { $parentselect .= "<option value=\"-99\" selected>Top Level</option>\n"; }
	else { $parentselect .= "<option value=\"-99\">Top Level</option>\n"; }

	if($numrows > 0)
	{
		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			if($selectedid==$row[0]) { $parentselect .= "<option value=\"$row[0]\" selected>$row[2]</option>\n"; }
			else { $parentselect .= "<option value=\"$row[0]\">$row[2]</option>\n"; }

			if($levels==2)
			{
				$sql2 = "SELECT * FROM categories WHERE Parent=$row[0]";
				$result2 = mysql_query($sql2) or die("Error: " . mysql_error());
				$numrows2 = mysql_num_rows($result2);
				
				if($numrows2 > 0) {
					for($num2=0;$num2<$numrows2;$num2++) {
						$row2 = mysql_fetch_row($result2);
						if($selectedid==$row2[0]) { $parentselect .= "<option value=\"$row2[0]\" selected>$row[2] / $row2[2]</option>\n"; }
						else { $parentselect .= "<option value=\"$row2[0]\">$row[2] / $row2[2]</option>\n"; }
					}
				}
			}
		}
	}

	$parentselect .= "</select>\n";	
	
	return $parentselect;
}

function showcategorymanager($message, $parent)
{
	echo "<table width=\"100%\">\n";

	echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
	echo "<a href=\"index.php?func=categorymanager&operation=new&category=$parent\">\n" .
		"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Category\" title=\"New Category\" border=\"0\"></a>\n";
	if($parent!=-99){
	echo "<a href=\"index.php?func=categorymanager\">\n" .
		"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
	}
	echo	"<strong>$message</strong></td></tr>\n";

	$sql = "SELECT * FROM categories WHERE Parent=$parent";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	
	// output all fields, with edit and delete buttons on right side
	$numrows = mysql_num_rows($result);
	if($numrows)
	{
		// echo header row with field names
		$numfields = mysql_num_fields($result);
		if($numfields)
		{
			echo "<tr>";
			for($num=2;$num<4;$num++)
			{
				$fieldname = mysql_field_name($result, $num);
				echo "<th>$fieldname</th>";
			}
			echo "<th>Actions</th></tr>\n";
		} // end echo header row

		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			$Name = stripslashes($row[2]);
			$Description = stripslashes($row[3]);
			
			if($row[1]==-99) { echo "<tr><td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=categorymanager&category=$row[0]\">$Name</a></td>"; }
			else { echo "<tr><td width=\"200\" style=\"text-align:left;\">$Name</td>"; }
			echo "<td style=\"text-align:left;\">$Description</td>" .
				"<td style=\"text-align:center;\"><a href=\"index.php?func=categorymanager&operation=edit&id=$row[0]&category=$parent\"><img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\"></a>" .
				"<a href=\"index.php?func=categorymanager&operation=delete&id=$row[0]&category=$parent\"><img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\"></a></td></tr>\n";
		}
	}
	else { echo "<tr><td>No categories.</td></tr>\n"; }
	echo "</table>\n";
}

function showvideomanager($message, $parent)
{
	echo "<table width=\"100%\">\n";

	echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
	echo "<a href=\"index.php?func=videomanager&operation=new&category=$parent\">\n" .
		"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Video\" title=\"New Video\" border=\"0\"></a>\n";
	if($parent!=-99){
	echo "<a href=\"index.php?func=videomanager\">\n" .
		"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
	}
	echo	"<strong>$message</strong></td></tr>\n";

	$sql = "SELECT * FROM categories WHERE Parent=$parent";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	
	$numrows = mysql_num_rows($result);
	if($numrows)
	{
		// echo header row with field names
		echo "<tr><th>Category</th><th>Description</th></tr>\n";
		// end echo header row

		// list categories with names linked to view contents of that category
		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			$Name = stripslashes($row[2]);
			$Description = stripslashes($row[3]);
			echo "<tr>" .
				"<td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=videomanager&category=$row[0]\">$Name</a></td>" .
				"<td style=\"text-align:left;\">$Description</td>" . 
				"</tr>\n";
		}
	}
	echo "</table>\n";

	$CurrentPage = (int)sanitize($_GET['page']);
	if(!$CurrentPage) { $CurrentPage=1; }
	$NumberOfVideos = getrecordcount("videos", "Category=$parent");
	$LastPage = ceil($NumberOfVideos / 20);
	$Offset = ($CurrentPage-1) * 20;

	// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
	if($LastPage) {
		echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
		echo "<table width=\"100%\">\n";
		echo "<tr>\n";
		for($page=1; $page<=$LastPage; $page++) {
			if($page==$CurrentPage) { $PageLinks .= " $page "; }
			else { $PageLinks .= " <a href=\"$self?func=videomanager&category=$parent&page=$page\">$page</a> "; } 
		}
		echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		$PreviousPage = $CurrentPage - 1;
		$NextPage = $CurrentPage + 1;
		if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		echo "</tr>\n";
		echo "</table>\n";
	}
	// End navigation bar

	echo "<table width=\"100%\">\n";
	$sql = "SELECT * FROM videos WHERE Category=$parent ORDER BY Views DESC LIMIT 20 OFFSET $Offset";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	
	$numrows = mysql_num_rows($result);
	if($numrows)
	{
		// echo header row with field names
		$numfields = mysql_num_fields($result);
		if($numfields)
		{
			echo "<tr>";
			$fieldname = mysql_field_name($result, 2);
			echo "<th>$fieldname</th>";
			for($num=4;$num<6;$num++)
			{
				$fieldname = mysql_field_name($result, $num);
				echo "<th>$fieldname</th>";
			}
			$fieldname = mysql_field_name($result, 9);
			echo "<th>$fieldname</th>";
			echo "<th>Actions</th></tr>\n";
		} // end echo header row

		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			if($row[2]==1) { $videotype = "Local"; }
			elseif($row[2]==2) { $videotype = "Google Video"; }
			elseif($row[2]==3) { $videotype = "YouTube"; }
			$Name = stripslashes($row[4]);
			$Thumbnail = stripslashes($row[5]);
			
			echo "<tr>\n" .
				"<td style=\"text-align:left;\">$videotype</td>\n" .
				"<td style=\"text-align:left;\">$Name</td>\n" .
				"<td style=\"text-align:center;\"><a href=\"../play.php?id=$row[0]\" target=\"_blank\"><img src=\"$Thumbnail\" height=\"96\" width=\"135\"></a></td>\n" .
				"<td style=\"text-align:center;\">$row[9]</td>\n" .
				"<td style=\"text-align:center;\">\n" .
				"<a href=\"index.php?func=videomanager&operation=edit&id=$row[0]&category=$parent\">\n" .
				"<img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\">\n" .
				"</a>\n" .
				"<a href=\"index.php?func=videomanager&operation=delete&id=$row[0]&category=$parent\">\n" . 
				"<img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\">\n" . 
				"</a>\n" . 
				"</td>\n" . 
				"</tr>\n";
		}
	}

	echo "</table>\n";
	
	// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
	if($LastPage) {
		echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
		echo "<table width=\"100%\">\n";
		echo "<tr>\n";
		echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		$PreviousPage = $CurrentPage - 1;
		$NextPage = $CurrentPage + 1;
		if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		echo "</tr>\n";
		echo "</table>\n";
	}
	// End navigation bar
}

function showcontentmanager($message, $parent)
{
	echo "<table width=\"100%\">\n";

	echo "<tr><td colspan=\"3\" style=\"text-align:center;\">\n";
	echo "<a href=\"index.php?func=contentmanager&operation=new&category=$parent\">\n" .
		"<img src=\"imgs/new.png\" style=\"float:right;\" alt=\"New Content Item\" title=\"New Content Item\" border=\"0\"></a>\n";
	if($parent!=-99){
	echo "<a href=\"index.php?func=contentmanager\">\n" .
		"<img src=\"imgs/home.png\" style=\"float:right;\" alt=\"Home\" title=\"Home\" border=\"0\"></a>\n";
	}
	echo	"<strong>$message</strong></td></tr>\n";

	$sql = "SELECT * FROM categories WHERE Parent=$parent";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	
	$numrows = mysql_num_rows($result);
	if($numrows)
	{
		// echo header row with field names
		echo "<tr><th>Category</th><th>Description</th></tr>\n";
		// end echo header row

		// list categories with names linked to view contents of that category
		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			$Name = stripslashes($row[2]);
			$Description = stripslashes($row[3]);
			echo "<tr>" .
				"<td width=\"200\" style=\"text-align:left;\"><a href=\"index.php?func=contentmanager&category=$row[0]\">$Name</a></td>" .
				"<td style=\"text-align:left;\">$Description</td>" . 
				"</tr>\n";
		}
	}
	echo "</table>\n";

	$CurrentPage = (int)sanitize($_GET['page']);
	if(!$CurrentPage) { $CurrentPage=1; }
	$NumberOfItems = getrecordcount("content", "Category=$parent");
	$LastPage = ceil($NumberOfItems / 20);
	$Offset = ($CurrentPage-1) * 20;

	// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
	if($LastPage) {
		echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
		echo "<table width=\"100%\">\n";
		echo "<tr>\n";
		for($page=1; $page<=$LastPage; $page++) {
			if($page==$CurrentPage) { $PageLinks .= " $page "; }
			else { $PageLinks .= " <a href=\"$self?func=videomanager&category=$parent&page=$page\">$page</a> "; } 
		}
		echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		$PreviousPage = $CurrentPage - 1;
		$NextPage = $CurrentPage + 1;
		if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		echo "</tr>\n";
		echo "</table>\n";
	}
	// End navigation bar

	echo "<table width=\"100%\">\n";
	$sql = "SELECT * FROM content WHERE Category=$parent ORDER BY Views DESC LIMIT 20 OFFSET $Offset";
	$result = mysql_query($sql) or die("Error: " . mysql_error());
	
	$numrows = mysql_num_rows($result);
	if($numrows)
	{
		// echo header row with field names
		$numfields = mysql_num_fields($result);
		if($numfields)
		{
			echo "<tr>";
			$fieldname = mysql_field_name($result, 2);
			echo "<th>$fieldname</th>";
			for($num=7;$num<11;$num++)
			{
				$fieldname = mysql_field_name($result, $num);
				echo "<th>$fieldname</th>";
			}
			echo "<th>Actions</th></tr>\n";
		} // end echo header row

		for($num=0;$num<$numrows;$num++)
		{
			$row = mysql_fetch_row($result);
			$Name = stripslashes($row[2]);
			
			echo "<tr>\n" .
				"<td style=\"text-align:left;\">$Name</td>\n" .
				"<td style=\"text-align:center;\">$row[7]</td>\n" .
				"<td style=\"text-align:center;\">$row[8]</td>\n" .
				"<td style=\"text-align:center;\">$row[9]</td>\n" .
				"<td style=\"text-align:center;\">$row[10]</td>\n" .
				"<td style=\"text-align:center;\">\n" .
				"<a href=\"index.php?func=contentmanager&operation=edit&id=$row[0]&category=$parent\">\n" .
				"<img src=\"imgs/edit.png\" alt=\"Edit\" title=\"Edit\" border=\"0\">\n" .
				"</a>\n" .
				"<a href=\"index.php?func=contentmanager&operation=delete&id=$row[0]&category=$parent\">\n" . 
				"<img src=\"imgs/delete.png\" alt=\"Delete\" title=\"Delete\" border=\"0\">\n" . 
				"</a>\n" . 
				"</td>\n" . 
				"</tr>\n";
		}
	}

	echo "</table>\n";
	
	// Show navigation bar (Previous page/next page, then all page links 1 through MAX)
	if($LastPage) {
		echo "<strong>Page $CurrentPage of $LastPage</strong>\n";
		echo "<table width=\"100%\">\n";
		echo "<tr>\n";
		echo "<td colspan=\"2\" width=\"100%\" style=\"text-align:center;\">$PageLinks</td>\n";
		echo "</tr>\n";
		echo "<tr>\n";
		$PreviousPage = $CurrentPage - 1;
		$NextPage = $CurrentPage + 1;
		if($PreviousPage>=1) { echo "<td width=\"50%\" style=\"text-align:left;\"><a href=\"$self?func=videomanager&category=$parent&page=$PreviousPage\">Previous 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		if($NextPage<=$LastPage) { echo "<td width=\"50%\" style=\"text-align:right;\"><a href=\"$self?func=videomanager&category=$parent&page=$NextPage\">Next 20 videos</a></td>\n"; }
		else { echo "<td width=\"50%\">&nbsp;</td>\n"; }
		echo "</tr>\n";
		echo "</table>\n";
	}
	// End navigation bar	
}
?>
</td>
</tr>
</table>
<h6 align="center"><a href="http://www.videosplurge.com/" target="_blank">VideoSplurge</a></h6>
</body>
</html>
Return current item: VideoSplurge