Location: PHPKode > scripts > Ramui web hosting directory script > Ramui web hosting directory script/gb/admin/include/clspost.php
<?php
/*
Copyright (c) 2011 http://ramui.com. All right reserved.
This product is protected by copyright and distributed under licenses restricting copying, distribution. Permission is granted to the public to download and use this script provided that this Notice and any statement of authorship are reproduced in every page on all copies of the script.
*/
class post extends clsmain
{
private function show_edit($post_id)
{
		$query="SELECT tp.*, tu.user, IF(ISNULL(tc.id), 0,COUNT(tc.id)) AS c FROM ";
		$query.=$this->prefix."post tp LEFT JOIN ".$this->prefix."user tu ON tp.uid=tu.id LEFT JOIN ".$this->prefix."comments tc ON tp.id=tc.pid WHERE ";
		$query.="tp.id = $post_id";
		$result = @mysql_query($query);
		$row = @mysql_fetch_array($result, MYSQL_ASSOC);
		$max=sprintf("%d",$this->site['postsize']);
		if(empty($row)){@header("Location: index.php?qur=2M");exit;}
		$this->build_head("Edit post",'<script type="text/javascript" src="script/editpost.js"></script><script>var pid ='.$post_id.';</script>');
		include "include/editpost.php";
		$this->build_footer();
}

private function delete_page($page_id)
{
		$query = sprintf("DELETE tp, ts, tc FROM ".$this->prefix."post tp, ".$this->prefix."search ts, ".$this->prefix."comments tc WHERE tp.id = %d AND tp.id = tc.pid AND tp.id = ts.pid",$page_id);
		@mysql_query($query);
		$loc="Location: index.php?qur=2M";
		@header($loc);
}

private function publish($page_id)
{
		$query="SELECT publish FROM ".$this->prefix."post WHERE id = $page_id";
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if($row['publish']=='Y'){$response='Publish'; $publish='';}
		else{$response='Block'; $publish='Y';}
		$query=sprintf("UPDATE ".$this->prefix."post tp, ".$this->prefix."search ts SET tp.publish = '$publish', ts.publish = '$publish' WHERE tp.id = %d AND tp.id = ts.pid",$page_id);
        if(@mysql_query($query)!=false){echo $response;}
        exit;
}

private function lock_post($page_id)
{
		$query=sprintf("SELECT locked FROM ".$this->prefix."post WHERE id = %d",$page_id);
        $result = @mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if($row['locked']=='Y'){$response='Lock'; $lock='';}
		else{$response='Unlock'; $lock='Y';}
        $query=sprintf("UPDATE ".$this->prefix."post SET locked = '$lock' WHERE id = %d",$page_id);
        if(@mysql_query($query)){echo $response;}
        exit;
}

private function edit_post($id)
{
		$title=trim(fw_strip_slashes(rawurldecode($_POST["title"])));
		$title=htmlspecialchars(fw_remove_smarttag($title));
		$content=trim(fw_strip_slashes(rawurldecode($_POST["content"])));
		$content=fw_remove_smarttag($content);
		$content_text=fw_bb2text($content);
		$url=trim(fw_strip_slashes(rawurldecode($_POST["url"])));
		$afflink=trim(fw_strip_slashes(rawurldecode($_POST["afflink"])));
		if(!($this->verify_url($url,$id))){echo $url;exit;}
		$bw=trim(fw_strip_slashes(rawurldecode($_POST["bw"])));
		$usd=trim(fw_strip_slashes(rawurldecode($_POST["usd"])));
		$space=trim(fw_strip_slashes(rawurldecode($_POST["space"])));
		$uptime=trim(fw_strip_slashes(rawurldecode($_POST["uptime"])));
		$noofdomain=trim(fw_strip_slashes(rawurldecode($_POST["noofdomain"])));
		$server=$_POST['server'];
		$freedomain=(empty($_POST["freedomain"])? 0 : 1);
		$autolink=(empty($_POST["autolink"])? 0 : 1);
		$dt=time();
		$max_size=$this->site['postsize'];
		if((strlen($content)>$max_size)||(strlen($title)>80)){exit;}
		$description=trim(fw_strip_slashes(rawurldecode($_POST["description"])));
		$tags=trim(fw_strip_slashes(rawurldecode($_POST["tags"])));
		$description=htmlspecialchars(fw_remove_smarttag($description));
		$description=str_replace("\n"," ",str_replace("\r","",$description));
		$tags=htmlspecialchars(fw_remove_smarttag($tags));
		if((strlen($description)>250)||(strlen($tags)>250)){exit;}
		$query="UPDATE ".$this->prefix."post SET title = '%s', url = '%s', afflink = '%s', content = '%s', description = '%s', keywords = '%s', autolink = $autolink, bw = %.2f, usd = %.2f, space = %.2f, uptime = %.2f, noofdomain = %u, freedomain = $freedomain, server = %u, updated = $dt WHERE id = %d";
		$query=sprintf($query,mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($afflink),mysql_real_escape_string($content),mysql_real_escape_string($description),mysql_real_escape_string($tags),$bw,$usd,$space,$uptime,$noofdomain,$server,$id);
		if(!(@mysql_query($query))){echo '<span style="color:red;">Error: '.mysql_error().'</span>';}
		else{
			$query=sprintf("UPDATE ".$this->prefix."search SET title = '%s', url = '%s', keywords = '%s', description = '%s', body = '%s' WHERE pid = %d AND cid = 0",mysql_real_escape_string($title),mysql_real_escape_string($url),mysql_real_escape_string($tags),mysql_real_escape_string($description),mysql_real_escape_string($content_text),$id);
			@mysql_query($query);
			echo '<span style="color:green;">Data has been successfully updated</span>';}
		exit;
}
private function verify_url(&$url,$id)
{
		$arr=parse_url(strtolower($url));
		if(($arr===false)||(empty($arr['host']))){$url='<span style="color:red; background-color:white;">Bad URL! Please enter correct url.</span>';return false;}
		$scheme=empty($arr['scheme'])? 'http' : $arr['scheme'];
		$u=(strpos($arr['host'],'www.')===0)? substr($arr['host'],4) : $arr['host'];
		$w=$scheme.'://www.'.$u;
		$u=$scheme.'://'.$u;
		$query=sprintf("SELECT id FROM ".$this->prefix."post WHERE (url LIKE '%s%%' OR url LIKE '%s%%') AND id <> %d",mysql_real_escape_string($u),mysql_real_escape_string($w),$id);
		$result=@mysql_query($query);
        $row = @mysql_fetch_array($result, MYSQL_ASSOC);
		if(!empty($row['id'])){$url='<span style="color:red; background-color:white;">Domain already exists!</span><br /><a href="index.php?qur=2M1M'.$row['id'].'">Edit post</a>';return false;}
		$url=$scheme.'://'.$arr['host']; return true;
}

public function get_query($query)
{
if($this->validate_user()){
    switch ($query[1]) {
        case "6":
            $this->show_list($query[2],$query[3],$query[4],$query[5]);
        break;
        case "7":
            $this->edit_post($query[2]);
        break;
        case "8":
            $this->lock_post($query[2]);
        break;
        case "1":
            $this->show_edit($query[2]);
        break;
        case "2":
            $this->delete_page($query[2]);
        break;
        case "3":
            $this->publish($query[2]);
        break;
        case "5":
            $this->log_out();
        break;
        default :
            $this->show_list(1,0,0,0);
    }
}
else{if(($query[1]===6)||($query[1]===1)||empty($query[1])){$this->log_in();}}
}
}
?>
Return current item: Ramui web hosting directory script