function module_admininput()
{
// adminpage, stop here if not logged in/right access-level
if (!isValidAdmin()) {
echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
return;
}
$inputaction = $_REQUEST['inputaction'];
if ($inputaction == "addarticle") {
save_form_article();
$title = $_REQUEST['title'];
$author = $_REQUEST['author'];
$author_username = $_REQUEST['author_username'];
$date_posted = $_REQUEST['year'] . "-" . $_REQUEST['month'] . "-" . $_REQUEST['day'];
$time_posted = $_REQUEST['hours'] . ":" . $_REQUEST['minutes'];
$comment_to = $_REQUEST['comment_to'];
$is_draft = $_REQUEST['is_draft'];
$body = $_REQUEST['body'];
if ($is_draft == "ON") {
$is_draft = 1;
$log_description .= "savedraft,";
} else {
$is_draft = 'NULL';
}
if (strlen($comment_to) < 1) {
$comment_to = "NULL";
$log_description .= "savenewarticle,";
} else {
$log_description .= "savenewcomment,";
}
$query = "INSERT INTO articles (title, author, author_username, body, date_posted, time_posted, comment_to, is_draft, view_count) VALUES(\"{$title}\", \"{$author}\", \"{$author_username}\", \"{$body}\", \"{$date_posted}\", \"{$time_posted}\", {$comment_to},{$is_draft},0);";
echo $query;
$result = DB_insert($query);
global $logtype;
if ($result) {
echo "Artikkel lagt inn med id: " . mysql_insert_id();
unset_form_article();
if ($comment_to != "NULL") {
$log_description .= "commentadded!,";
write_log_entry(mysql_insert_id(), $logtype['comment'], $log_description);
} else {
$log_description .= "articleadded!,";
write_log_entry(mysql_insert_id(), $logtype['article'], $log_description);
}
} else {
echo "Oops: " . mysql_error();
}
} else {
form_start_post();
echo '<table class="default_table">';
echo '<tr><td>Forfatter</td><td>';
form_textfield("author", stripslashes($_SESSION['author']));
echo '</td></tr>';
echo '<tr><td>Forfatter_brukernavn</td><td>';
form_textfield("author_username", stripslashes($_SESSION['author']));
echo '</td></tr>';
echo '<tr><td>Tittel</td><td class="form_article_title">';
form_textfield("title", stripslashes(fix_quotes($_SESSION['title'])));
echo '</td></tr>';
echo '<tr><td>Dato</td><td>';
form_datewidget($_SESSION['date_posted']);
echo '</td></tr>';
echo '<tr><td>Tidspunkt</td><td>';
form_timewidget($_SESSION['time_posted']);
echo '</td></tr>';
echo '<tr><td>Kommentar til</td><td>';
form_textfield("comment_to", $_SESSION['comment_to']);
echo '</td></tr>';
if ($_SESSION['is_draft'] == "ON") {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "1");
echo '</td></tr>';
} else {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "0");
echo '</td></tr>';
}
echo '<tr><td colspan=2 class="form_article_text">';
form_textarea("body", stripslashes($_SESSION['body']), 30, 10);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("Button", "Lagre artikkelen");
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("preview", "Forhåndsvis artikkel");
echo '</td></tr>';
form_hidden("m_c", "module_admininput");
form_hidden("inputaction", "addarticle");
form_hidden("articleid", $_SESSION['articleid']);
if (isset($edit)) {
form_hidden("editarticle", "editarticle");
}
echo '</table>';
form_end();
}
}
function module_admin()
{
// adminpage, stop here if not logged in/right access-level
if (!isValidAdmin()) {
echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
return;
}
if (isset($_REQUEST['admin_action'])) {
$action = $_REQUEST['admin_action'];
} else {
$action = "";
}
if ($action == "confirmpurge") {
$articleid = $_REQUEST['purgeid'];
echo '<div class="default_header">Bekreft sletting av fil ' . $articleid . '</div>';
form_start_post();
form_hidden("m_c", "module_admin");
form_hidden("admin_action", "deleteforgood");
form_hidden("purgeid", $articleid);
form_submit("submit", "Ja, slett filen for godt");
form_end();
} else {
if ($action == "deleteforgood") {
$articleid = $_REQUEST['purgeid'];
$query = "DELETE FROM articles WHERE articleid = " . $articleid . ";";
$result = DB_update($query);
if ($result) {
global $logtype;
write_log_entry($_SESSION['valid_user'], $logtype['user'], "admin_purgedfile,");
echo '<div class="default_header">Filen er slettet.</div>';
} else {
echo '<div class="default_header">Sletting mislyktes.</div>';
}
} else {
if ($action == "showfile") {
$articleid = $_REQUEST['articleid'];
$query = "SELECT * FROM articles WHERE articleid =" . $articleid . " AND (is_draft IS NULL OR is_draft=0);";
$result = DB_get_table($query);
$num_results = DB_rows_affected($query);
$row = DB_next_row($result);
echo "<div class=\"header2\">" . $row['title'] . "</div>";
echo "<div class=\"metatext\">";
echo "<span class='author'>Forfatter: ";
if (isset($row['author_username'])) {
echo '<a href="index.php?m_c=mvp&username='******'author_username'] . '">' . stripslashes($row['author']) . '</a>';
} else {
echo stripslashes($row['author']);
}
echo ', ';
if ($row['author_username']) {
echo " (" . stripslashes($row['author_username']) . ").</span>";
} else {
echo " (" . $unknown_author . ").</span>";
}
echo "<span class=\"time\">Lagt opp: " . make_date($row['date_posted']) . ", " . make_time($row['time_posted']) . "</span></div>";
echo "<div class=\"textbody\">" . stripslashes(nl2br($row['body'])) . "</div>";
} else {
if ($action == "showstats") {
$query = "SELECT articleid, author, view_count, title FROM articles WHERE view_count > 0 ORDER BY view_count DESC;";
$result = DB_get_table($query);
$num_rows = DB_rows_affected($result);
echo '<table class="default_table">';
echo "<tr>";
echo '<td>Artikkel-ID</td><td>Tittel</td><td>Forfatter</td>';
echo '<td>Antall visninger</td></tr>';
while ($row = DB_next_row($result)) {
echo "<tr>";
echo '<td>' . $row['articleid'] . '</td><td>' . $row['title'] . '</td><td>' . $row['author'] . '</td>';
echo '<td>' . $row['view_count'] . '</td><td>';
form_start_get();
form_hidden("m_c", "m_va");
form_hidden("articleid", $row['articleid']);
form_submit("submit", "Les artikkel");
form_end();
echo '</td></tr>';
}
echo '</table>';
} else {
if ($action == "undelete") {
$articleid = $_REQUEST['articleid'];
$query = "UPDATE articles SET is_deleted = NULL WHERE articleid = " . $articleid . ";";
$result = DB_update($query);
echo $query;
if ($result) {
global $logtype;
write_log_entry($_SESSION['valid_user'], $logtype['user'], "admin_restoredfile,");
echo "Vellykket gjenoppretting.";
} else {
echo "Gjenoppretting mislyktes.";
}
} else {
if ($action == "listdeleted") {
$query = "SELECT time, comment_to, articleid, title, author, ip FROM articles,eventlog WHERE articleid = itemid AND is_deleted IS NOT NULL;";
$result = DB_get_table($query);
$num_rows = DB_rows_affected($result);
echo '<table class="default_table">';
echo "<tr>";
echo '<td>Artikkel-ID</td><td>Kommentar til</td><td>Tittel</td><td>Forfatter</td>';
echo '<td>IP</td><td>Tidspunkt</td></tr>';
while ($row = DB_next_row($result)) {
echo "<tr>";
echo '<td>' . $row['articleid'] . '</td><td>' . $row['comment_to'] . '</td><td>' . $row['title'] . '</td><td>' . $row['author'] . "</td><td>" . $row['ip'] . '</td><td>' . $row['time'] . '</td>';
echo '<td>';
form_start_post();
form_hidden("m_c", "module_admin");
form_hidden("admin_action", "confirmpurge");
form_hidden("purgeid", $row['articleid']);
form_submit("submit", "Slett for godt");
form_end();
echo '</td><td>';
form_start_get();
form_hidden("m_c", "module_admin");
form_hidden("admin_action", "showfile");
form_hidden("articleid", $row['articleid']);
form_submit("submit", "Les");
form_end();
echo '</td><td>';
form_start_get();
form_hidden("m_c", "module_admin");
form_hidden("admin_action", "undelete");
form_hidden("articleid", $row['articleid']);
form_submit("submit", "Gjenoppliv");
form_end();
echo '</td><td>';
echo '</td></tr>';
}
echo '</table>';
} else {
if ($action == "viewlog") {
$type = $_REQUEST['type'];
$date = $_REQUEST['date'];
global $logtype;
if (isset($type)) {
$sqldate = $_REQUEST['year'] . "-" . $_REQUEST['month'] . "-" . $_REQUEST['day'];
$sqldate = date("Y-m-d", strtotime($sqldate));
$query = "SELECT * FROM eventlog WHERE time LIKE '" . $sqldate . "%' AND log_type=" . $type . ";";
$result = DB_get_table($query);
$num_results = DB_rows_affected($result);
$types_array = array_flip($logtype);
echo '<table class="default_table">';
echo '<tr><td>Event ID</td><td>Logtype</td><td>Affected item-ID</td><td>Resp. user</td><td>Description</td><td>IP</td><td>Time</td></tr>';
while ($row = DB_next_row($result)) {
echo '<tr>';
echo '<td>' . $row["eventid"] . '</td><td>' . $types_array[$row["log_type"]] . '</td><td>' . $row["itemid"] . '</td><td>' . $row["username"] . '</td>';
echo '<td>' . $row["event_type"] . '</td><td>' . $row["ip"] . '</td><td>' . $row["time"] . '</td></tr>';
}
echo '</table>';
} else {
form_start_post();
echo 'Type of log-entry:';
echo '<select name="type" >';
foreach ($logtype as $id => $logtypes) {
echo '<option value="' . $logtypes . '">' . $id . '</option>\\n';
}
echo '</select>';
echo '<br/>For this day: ';
form_datewidget(date("Y-m-d"));
form_hidden("m_c", "module_admin");
form_hidden("admin_action", "viewlog");
form_submit("Submit", "Vis");
form_end();
}
} else {
echo '<div class="default_list"><a href="index.php?m_c=module_admin&page_title=Slettede_filer&admin_action=listdeleted">Vis slettede filer</a>';
echo '<br/><a href="index.php?m_c=module_admin&page_title=Stat&admin_action=showstats">Vis statistikk</a>';
echo '<br/><a href="index.php?m_c=module_files&page_title=Filadmin">Fil(bilde)admin</a>';
echo '<br/><a href="index.php?m_c=module_user_admin&page_title=User+administration">Brukeradmin</a>';
echo '<br/><a href="index.php?m_c=module_admin&page_title=User+administration&admin_action=viewlog">Logger</a>';
echo '<br><a href="index.php?m_c=module_register_form&page_title=Register<+new+user">Registrer en ny bruker</a>';
echo '<br><a href="index.php?m_c=module_admininput&page_title=Admininput">Legg inn en artikkel</a>';
echo '<br><a href="index.php?m_c=module_polladmin&page_title=Polladmin">Administrer polls</a>';
echo '<br><a href="index.php?m_c=module_categoryadmin&page_title=Categoryadmin">Opprett, slett og endre kategorier</a>';
echo '<br><a href="index.php?m_c=showSettingsGUI">' . getString("admin_edit_settings", "Innstillinger") . '</a>';
echo '</div>';
}
}
}
}
}
}
}
}
function editArticle()
{
// Check if session contains variables from previous entry attempt
if (isset($_SESSION['save_attempted'])) {
$formContents = buildArticleArray($_SESSION);
} else {
$temp = getAnyArticle($_REQUEST['articleid']);
$formContents = buildArticleArray($temp[0]);
}
if ($formContents['comment_to'] == "NULL") {
h3("Rediger artikkel");
} else {
h3("Rediger kommentar");
}
table_open();
form_start_post();
tr_open();
td_open(1);
echo "Tittel";
td_close();
td_open(1);
form_textfield("title", fix_quotes($formContents['title']));
td_close();
tr_close();
if ($formContents['comment_to'] == "NULL") {
tr_open();
td_open(1);
echo "Publiseringsdato";
td_close();
td_open(1);
form_datewidget($formContents['date_posted']);
td_close();
tr_close();
tr_open();
td_open(1);
echo "Publiseringstidspunkt";
td_close();
td_open(1);
form_timewidget($formContents['time_posted']);
td_close();
tr_close();
tr_open();
td_open(1);
echo "Bare lagre, ikke publiser";
td_close();
td_open(1);
if ($formContents['is_draft'] == "1") {
form_checkbox("is_draft", "1", "1");
} else {
form_checkbox("is_draft", "1", "0");
}
td_close();
tr_close();
tr_open();
td_open(1);
echo "Språk";
td_close();
td_open(1);
form_dropdown("language", getAllLanguageIds(), getAllLanguageNames(), $formContents['language']);
td_close();
tr_close();
}
tr_open();
td_open(2);
echo "Tekst";
td_close();
tr_close();
tr_open();
td_open(2);
form_textarea("body", stripslashes($formContents['body']), 50, 20);
td_close();
tr_close();
tr_open();
td_open(1);
form_submit("submit", "Legg opp");
form_submit("submit", "Forhåndsvis");
form_submit("submit", "Avbryt");
td_close();
td_open(1);
td_close();
tr_close();
form_hidden("author", $formContents['author']);
form_hidden("category", "0");
form_hidden("m_c", "addArticleGUI");
br();
form_hidden("articleid", $formContents['articleid']);
form_hidden("comment_to", $formContents['comment_to']);
form_hidden("author_username", $formContents['author_username']);
form_end();
table_close();
}
function form_article()
{
$edit = $_REQUEST['edit'];
// Set if edit requested on an article
$re_edit = $_SESSION['editarticle'];
// Set if user got an error on first attempt to edit
if (isset($re_edit)) {
echo '<table class="default_table">';
form_start_post();
echo '<tr><td>Forfatter</td><td>';
form_textfield("author", stripslashes($_SESSION['author']));
echo '</td></tr>';
echo '<tr><td>Tittel</td><td class="form_article_title">';
form_textfield("title", stripslashes(fix_quotes($_SESSION['title'])));
echo '</td></tr>';
echo '<tr><td>Dato</td><td>';
form_datewidget($_SESSION['date_posted']);
echo '</td></tr>';
echo '<tr><td>Tidspunkt</td><td>';
form_timewidget($_SESSION['time_posted']);
echo '</td></tr>';
if ($_SESSION['is_draft'] == "ON") {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "1");
echo '</td></tr>';
} else {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "0");
echo '</td></tr>';
}
echo '<tr><td colspan=2 class="form_article_text">';
form_textarea("body", stripslashes($_SESSION['body']), 30, 10);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("Button", "Lagre artikkelen");
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("preview", "Forhåndsvis artikkel");
echo '</td></tr>';
form_hidden("m_c", "module_add_article");
form_hidden("articleid", $_SESSION['articleid']);
if (isset($edit)) {
form_hidden("editarticle", "editarticle");
}
echo '</table>';
form_end();
} else {
if (isset($edit)) {
$articleid = $_REQUEST['articleid'];
$query = "SELECT * FROM articles WHERE articleid = " . $_REQUEST['articleid'] . ";";
$row = DB_search($query);
form_start_post();
echo '<tr><td>Forfatter</td><td>';
form_textfield("author", $row['author']);
echo '</td></tr>';
echo '<tr><td>Tittel</td><td class="form_article_title">';
form_textfield("title", stripslashes(fix_quotes($row['title'])));
echo '</td></tr>';
echo '<tr><td>Dato</td><td>';
form_datewidget($row['date_posted']);
echo '</td></tr>';
echo '<tr><td>Tidspunkt</td><td>';
form_timewidget($row['time_posted']);
echo '</td></tr>';
if (isset($row['is_draft']) && $row['is_draft'] == 1) {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "1");
echo '</td></tr>';
} else {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "0");
echo '</td></tr>';
}
echo '<tr><td colspan=2 class="form_article_text">';
form_textarea("body", stripslashes($row['body']), 30, 10);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("Button", "Lagre endringene");
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("preview", "Forhåndsvis artikkel");
echo '</td></tr>';
form_hidden("editarticle", "true");
form_hidden("m_c", "module_add_article");
form_hidden("articleid", $row['articleid']);
echo '</table>';
form_end();
} else {
form_start_post();
echo '<tr><td>Forfatter</td><td>';
form_textfield("author", $_SESSION['user_firstname']);
echo '</td></tr>';
echo '<tr><td>Tittel</td><td class="form_article_title">';
form_textfield("title", "");
echo '</td></tr>';
echo '<tr><td>Dato</td><td>';
form_datewidget(date("Y-m-d"));
echo '</td></tr>';
echo '<tr><td>Tidspunkt</td><td>';
form_timewidget(date("H:i"));
echo '</td></tr>';
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "0");
echo '</td></tr>';
echo '<tr><td colspan=2 class="form_article_text">';
form_textarea("body", "", 30, 10);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("Button", "Lagre artikkelen");
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("preview", "Forhåndsvis artikkel");
echo '</td></tr>';
form_hidden("m_c", "module_add_article");
echo '</table>';
form_end();
}
}
}