function processing() { if (!_ADMIN) { echo notification(1, l('error_not_logged_in'), 'home'); } else { $action = clean(cleanXSS($_GET['action'])); $id = clean(cleanXSS($_GET['id'])); $commentid = $_POST['commentid']; $approved = $_POST['approved'] == 'on' ? 'True' : ''; $name = clean(entity($_POST['name'])); $category = !empty($_POST['define_category']) ? $_POST['define_category'] : 0; $subcat = $_POST['subcat']; $page = $_POST['define_page']; $def_extra = $_POST['define_extra']; $description = clean(entity($_POST['description'])); $title = clean(entity($_POST['title'])); $seftitle = $_POST['seftitle']; $url = cleanXSS($_POST['url']); $comment = $_POST['editedcomment']; $text = clean($_POST['text']); $date = date('Y-m-d H:i:s'); $description_meta = entity($_POST['description_meta']); $keywords_meta = entity($_POST['keywords_meta']); $display_title = $_POST['display_title'] == 'on' ? 'YES' : 'NO'; $display_info = $_POST['display_info'] == 'on' ? 'YES' : 'NO'; $commentable = $_POST['commentable'] == 'on' ? 'YES' : 'NO'; $freez = $_POST['freeze'] == 'on' ? 'YES' : 'NO'; if ($freez == 'YES' && $commentable == 'YES') { $commentable = 'FREEZ'; } $position = $_POST['position'] > 0 ? $_POST['position'] : 1; if ($position == 2) { $position = $_POST['cat_dependant'] == 'on' ? 21 : 2; } $publish_article = $_POST['publish_article'] == 'on' ? 1 : 0; $show_in_subcats = $_POST['show_in_subcats'] == 'on' ? 'YES' : 'NO'; $show_on_home = $_POST['show_on_home'] == 'on' || $position > 1 ? 'YES' : 'NO'; $publish_category = $_POST['publish'] == 'on' ? 'YES' : 'NO'; $fpost_enabled = false; if ($_POST['fposting'] == 'on') { $fpost_enabled = true; $date = $_POST['fposting_year'] . '-' . $_POST['fposting_month'] . '-' . $_POST['fposting_day'] . ' ' . $_POST['fposting_hour'] . ':' . $_POST['fposting_minute'] . ':00'; if (date('Y-m-d H:i:s') < $date) { $publish_article = 2; } } $task = clean(cleanXSS($_GET['task'])); switch ($task) { case 'save_settings': if (isset($_POST['save'])) { $website_title = $_POST['website_title']; $home_sef = $_POST['home_sef']; $website_description = $_POST['website_description']; $website_keywords = $_POST['website_keywords']; $website_email = $_POST['website_email']; $contact_subject = $_POST['contact_subject']; $language = $_POST['language']; $charset = $_POST['charset']; $date_format = $_POST['date_format']; $article_limit = $_POST['article_limit']; $rss_limit = $_POST['rss_limit']; $display_page = $_POST['display_page']; $display_new_on_home = $_POST['display_new_on_home']; $display_pagination = $_POST['display_pagination']; $num_categories = $_POST['num_categories']; $show_cat_names = $_POST['show_cat_names']; $approve_comments = $_POST['approve_comments']; $mail_on_comments = $_POST['mail_on_comments']; $comments_order = $_POST['comments_order']; $comment_limit = $_POST['comment_limit']; $word_filter_enable = $_POST['word_filter_enable']; $word_filter_file = $_POST['word_filter_file']; $word_filter_change = $_POST['word_filter_change']; $enable_extras = $_POST['enable_extras'] == 'on' ? 'YES' : 'NO'; $enable_comments = $_POST['enable_comments'] == 'on' ? 'YES' : 'NO'; $comment_repost_timer = is_numeric($_POST['comment_repost_timer']) ? $_POST['comment_repost_timer'] : '15'; $freeze_comments = $_POST['freeze_comments'] == 'on' ? 'YES' : 'NO'; $file_ext = $_POST['file_ext']; $allowed_file = $_POST['allowed_file']; $allowed_img = $_POST['allowed_img']; $ufield = array('website_title' => $website_title, 'home_sef' => $home_sef, 'website_description' => $website_description, 'website_keywords' => $website_keywords, 'website_email' => $website_email, 'contact_subject' => $contact_subject, 'language' => $language, 'charset' => $charset, 'date_format' => $date_format, 'article_limit' => $article_limit, 'rss_limit' => $rss_limit, 'display_page' => $display_page, 'comments_order' => $comments_order, 'comment_limit' => $comment_limit, 'word_filter_file' => $word_filter_file, 'word_filter_change' => $word_filter_change, 'display_new_on_home' => $display_new_on_home, 'display_pagination' => $display_pagination, 'num_categories' => $num_categories, 'show_cat_names' => $show_cat_names, 'approve_comments' => $approve_comments, 'mail_on_comments' => $mail_on_comments, 'word_filter_enable' => $word_filter_enable, 'enable_extras' => $enable_extras, 'enable_comments' => $enable_comments, 'freeze_comments' => $freeze_comments, 'comment_repost_timer' => $comment_repost_timer, 'file_extensions' => $file_ext, 'allowed_files' => $allowed_file, 'allowed_images' => $allowed_img); while (list($key, $value) = each($ufield)) { mysql_query("UPDATE " . _PRE . 'settings' . " SET VALUE = '{$value}' WHERE name = '{$key}' LIMIT 1"); } echo notification(0, '', 'snews_settings'); } break; case 'changeup': if (isset($_POST['submit_pass'])) { $user = checkUserPass($_POST['uname']); $pass1 = checkUserPass($_POST['pass1']); $pass2 = checkUserPass($_POST['pass2']); if ($user && $pass1 && $pass2 && $pass1 === $pass2) { $uname = md5($user); $pass = md5($pass2); $query = "UPDATE " . _PRE . 'settings' . " SET VALUE="; mysql_query($query . "'{$uname}' WHERE name='username' LIMIT 1"); mysql_query($query . "'{$pass}' WHERE name='password' LIMIT 1"); echo notification(0, '', 'administration'); } else { die(notification(2, l('pass_mismatch'), 'snews_settings')); } } break; case 'admin_groupings': switch (true) { case empty($name): echo notification(1, l('err_TitleEmpty') . l('errNote')); form_groupings(); break; case empty($seftitle): echo notification(1, l('err_SEFEmpty') . l('errNote')); form_groupings(); break; case check_if_unique('group_name', $name, $id, ''): echo notification(1, l('err_TitleExists') . l('errNote')); form_groupings(); break; case check_if_unique('group_seftitle', $seftitle, $id, ''): echo notification(1, l('err_SEFExists') . l('errNote')); form_groupings(); break; case cleancheckSEF($seftitle) == 'notok': echo notification(1, l('err_SEFIllegal') . l('errNote')); form_groupings(); break; default: switch (true) { case isset($_POST['add_groupings']): mysql_query("INSERT INTO " . _PRE . 'extras' . "(name, seftitle, description)\r\n\t\t\t\t\t\t\t\tVALUES('{$name}', '{$seftitle}', '{$description}')"); break; case isset($_POST['edit_groupings']): mysql_query("UPDATE " . _PRE . 'extras' . " SET\r\n\t\t\t\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\tdescription = '{$description}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1"); break; case isset($_POST['delete_groupings']): mysql_query("DELETE FROM " . _PRE . 'extras' . " WHERE id = {$id} LIMIT 1"); break; } echo notification(0, '', 'groupings'); } break; case 'admin_category': case 'admin_subcategory': switch (true) { case empty($name): echo notification(1, l('err_TitleEmpty') . l('errNote')); form_categories(); break; case empty($seftitle): echo notification(1, l('err_SEFEmpty') . l('errNote')); form_categories(); break; case isset($_POST['add_category']) && check_if_unique('subcat_name', $name, '', $subcat): echo notification(1, l('err_TitleExists') . l('errNote')); form_categories(); break; case isset($_POST['add_category']) && check_if_unique('subcat_seftitle', $seftitle, '', $subcat): echo notification(1, l('err_SEFExists') . l('errNote')); form_categories(); break; case isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_name_edit', $name, $id, ''): echo notification(1, l('err_TitleExists') . l('errNote')); form_categories(); break; case isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_seftitle_edit', $seftitle, $id, ''): echo notification(1, l('err_SEFExists') . l('errNote')); form_categories(); break; case isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_name_edit', $name, $id, $subcat): echo notification(1, l('err_TitleExists') . l('errNote')); form_categories(); break; case isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_seftitle_edit', $seftitle, $id, $subcat): echo notification(1, l('err_SEFExists') . l('errNote')); form_categories(); break; case cleancheckSEF($seftitle) == 'notok': echo notification(1, l('err_SEFIllegal') . l('errNote')); form_categories(); break; case $subcat == $id: echo notification(1, l('errNote')); form_categories(); break; default: switch (true) { case isset($_POST['add_category']): $catorder = mysql_fetch_array(mysql_query("SELECT MAX(catorder) as max\r\n\t\t\t\t\t\t\t\tFROM " . _PRE . 'categories' . " WHERE subcat = {$subcat}")); $catorder = $catorder['max'] + 1; mysql_query("INSERT INTO " . _PRE . 'categories' . "\r\n\t\t\t\t\t\t\t\t(name, seftitle, description, published, catorder, subcat)\r\n\t\t\t\t\t\t\t\tVALUES('{$name}', '{$seftitle}', '{$description}', '{$publish_category}', '{$catorder}','{$subcat}')"); break; case isset($_POST['edit_category']): $catorder = mysql_fetch_array(mysql_query("SELECT MAX(catorder) as max\r\n\t\t\t\t\t\t\t\tFROM " . _PRE . 'categories' . " WHERE subcat = {$subcat}")); $catorder = isset($_POST['catorder']) ? $_POST['catorder'] : $catorder['max'] + 1; mysql_query("UPDATE " . _PRE . 'categories' . " SET\r\n\t\t\t\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\tdescription = '{$description}',\r\n\t\t\t\t\t\t\t\tpublished = '{$publish_category}',\r\n\t\t\t\t\t\t\t\tsubcat='{$subcat}',\r\n\t\t\t\t\t\t\t\tcatorder='{$catorder}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1"); break; case isset($_POST['delete_category']): $any_subcats = retrieve('COUNT(id)', 'categories', 'subcat', $id); $any_articles = retrieve('COUNT(id)', 'articles', 'category', $id); if ($any_subcats > 0 || $any_articles > 0) { echo notification(1, l('warn_catnotempty'), ''); echo '<p><a href="' . _SITE . 'administration/" title="' . l('administration') . '"> ' . l('administration') . '</a> OR <a href="' . _SITE . '?action=process&task=delete_category_all&id=' . $id . '" onclick="javascript: return pop(\'x\')" title="' . l('administration') . '"> ' . l('empty_cat') . '</a></p>'; $no_success = true; } else { delete_cat($id); } break; } $success = isset($no_success) ? '' : notification(0, '', 'snews_categories'); echo $success; } break; case 'reorder': if (isset($_POST['reorder'])) { switch ($_POST['order']) { case 'snews_articles': case 'extra_contents': case 'snews_pages': $table = 'articles'; $order_type = 'artorder'; $remove = 'page_'; break; case 'snews_categories': $table = 'categories'; $order_type = 'catorder'; $remove = 'cat_'; break; } foreach ($_POST as $key => $value) { $type_id = str_replace($remove, '', $key); $key = clean(cleanXSS(trim($value))); if ($key != 'reorder' && $key != 'order' && $key != $table && $key != l('order_content') && $key != $_POST['order']) { $query = "UPDATE " . _PRE . $table . " SET {$order_type} = {$value} WHERE id = {$type_id} LIMIT 1;"; mysql_query($query) or die(mysql_error() . '<br />' . $query); } } echo notification(0, l('please_wait')); echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $_POST['order'] . '/">'; } break; case 'admin_article': $_SESSION[_SITE . 'temp']['title'] = $title; $_SESSION[_SITE . 'temp']['seftitle'] = $seftitle; $_SESSION[_SITE . 'temp']['text'] = $text; switch (true) { case empty($title): echo notification(1, l('err_TitleEmpty') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case empty($seftitle): echo notification(1, l('err_SEFEmpty') . l('errNote')); $_SESSION[_SITE . 'temp']['seftitle'] = $_SESSION[_SITE . 'temp']['title']; form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case cleancheckSEF($seftitle) == 'notok': echo notification(1, l('err_SEFIllegal') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case $position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article']) && check_if_unique('article_title', $title, $category, ''): echo notification(1, l('err_TitleExists') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case $position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article']) && check_if_unique('article_seftitle', $seftitle, $category, ''): echo notification(1, l('err_SEFExists') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case !isset($_POST['delete_article']) && !isset($_POST['edit_article']) && check_if_unique('article_title', $title, $category, ''): echo notification(1, l('err_TitleExists') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; case !isset($_POST['delete_article']) && !isset($_POST['edit_article']) && check_if_unique('article_seftitle', $seftitle, $category, ''): echo notification(1, l('err_SEFExists') . l('errNote')); form_articles(''); unset($_SESSION[_SITE . 'temp']); break; default: $pos = $position; $sub = !empty($category) ? ' AND category = ' . $category : ''; $curr_artorder = retrieve('artorder', 'articles', 'id', $id); if (!$curr_artorder) { $artorder = 1; } else { $artorder = $curr_artorder; } switch ($pos) { case 1: $link = 'snews_articles'; break; case 2: $link = 'extra_contents'; break; case 3: $link = 'snews_pages'; break; } switch (true) { case isset($_POST['add_article']): mysql_query("INSERT INTO " . _PRE . 'articles' . "(\r\n\t\t\t\t\t\t\t\ttitle, seftitle, text, date, category,\r\n\t\t\t\t\t\t\t\tposition, extraid, page_extra, displaytitle,\r\n\t\t\t\t\t\t\t\tdisplayinfo, commentable, published, description_meta,\r\n\t\t\t\t\t\t\t\tkeywords_meta, show_on_home, show_in_subcats, artorder)\r\n\t\t\t\t\t\t\tVALUES('{$title}', '{$seftitle}', '{$text}', '{$date}', '{$category}',\r\n\t\t\t\t\t\t\t\t'{$position}', '{$def_extra}', '{$page}', '{$display_title}',\r\n\t\t\t\t\t\t\t\t'{$display_info}', '{$commentable}', '{$publish_article}',\r\n\t\t\t\t\t\t\t\t'{$description_meta}', '{$keywords_meta}', '{$show_on_home}',\r\n\t\t\t\t\t\t\t\t'{$show_in_subcats}', '{$artorder}')"); break; case isset($_POST['edit_article']): $category = $position == 3 ? 0 : $category; $old_pos = retrieve('position', 'articles', 'id', $id); // Only do this if page is changed to art/extra if ($position != $old_pos && $old_pos == 3) { $chk_extra_query = "SELECT id FROM " . _PRE . 'articles' . "\r\n\t\t\t\t\t\t\t\t\tWHERE position = 2 AND category = -3 AND page_extra = {$id}"; $chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error('oops')); if ($chk_extra_sql) { while ($xtra = mysql_fetch_array($chk_extra_sql)) { $xtra_id = $xtra['id']; mysql_query("UPDATE " . _PRE . 'articles' . " SET\r\n\t\t\t\t\t\t\t\t\t\t\tcategory = '0', page_extra = ''\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE id = {$xtra_id}"); } } } if ($fpost_enabled == true) { $future = "date = '{$date}',"; //allows backdating of article $publish_article = strtotime($date) < time() ? 1 : $publish_article; } mysql_query("UPDATE " . _PRE . 'articles' . " SET\r\n\t\t\t\t\t\t\t\ttitle='{$title}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\ttext = '{$text}',\r\n\t\t\t\t\t\t\t\t" . $future . "\r\n\t\t\t\t\t\t\t\tcategory = {$category},\r\n\t\t\t\t\t\t\t\tposition = {$position},\r\n\t\t\t\t\t\t\t\textraid = '{$def_extra}',\r\n\t\t\t\t\t\t\t\tpage_extra = '{$page}',\r\n\t\t\t\t\t\t\t\tdisplaytitle = '{$display_title}',\r\n\t\t\t\t\t\t\t\tdisplayinfo = '{$display_info}',\r\n\t\t\t\t\t\t\t\tcommentable = '{$commentable}',\r\n\t\t\t\t\t\t\t\tpublished = {$publish_article},\r\n\t\t\t\t\t\t\t\tdescription_meta = '{$description_meta}',\r\n\t\t\t\t\t\t\t\tkeywords_meta = '{$keywords_meta}',\r\n\t\t\t\t\t\t\t\tshow_on_home='{$show_on_home}',\r\n\t\t\t\t\t\t\t\tshow_in_subcats='{$show_in_subcats}',\r\n\t\t\t\t\t\t\t\tartorder = '{$artorder}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1") or die(mysql_error()); break; case isset($_POST['delete_article']): if ($position == 3) { $chk_extra_query = "SELECT id FROM " . _PRE . 'articles' . "\r\n\t\t\t\t\t\t\t\t\tWHERE position = 2 AND category = -3 AND page_extra = {$id}"; $chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error()); if ($chk_extra_sql) { while ($xtra = mysql_fetch_array($chk_extra_sql)) { $xtra_id = $xtra['id']; mysql_query("UPDATE " . _PRE . 'articles' . " SET category = '0',page_extra = ''\tWHERE id = {$xtra_id}"); } } } mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE id = {$id}"); mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$id}"); if ($id == s('display_page')) { mysql_query("UPDATE " . _PRE . 'settings' . " SET\r\n\t\t\t\t\t\t\t\t\tVALUE = 0 WHERE name = 'display_page'"); } break; } echo notification(0, '', $link); unset($_SESSION[_SITE . 'temp']); } break; case 'editcomment': $articleID = retrieve('articleid', 'comments', 'id', $commentid); $articleSEF = retrieve('seftitle', 'articles', 'id', $articleID); $articleCAT = retrieve('category', 'articles', 'seftitle', $articleSEF); $postCat = cat_rel($articleCAT, 'seftitle'); $link = $postCat . '/' . $articleSEF; if (isset($_POST['submit_text'])) { mysql_query("UPDATE " . _PRE . 'comments' . " SET\r\n\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\turl = '{$url}',\r\n\t\t\t\t\tcomment = '{$comment}',\r\n\t\t\t\t\tapproved = '{$approved}'\r\n\t\t\t\t\tWHERE id = {$commentid}"); } else { if (isset($_POST['delete_text'])) { mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE id = {$commentid}"); } } echo notification(0, '', $link); break; case 'deletecomment': $commentid = $_GET['commentid']; $articleid = retrieve('articleid', 'comments', 'id', $commentid); $articleSEF = retrieve('seftitle', 'articles', 'id', $articleid); $articleCAT = retrieve('category', 'articles', 'id', $articleid); $postCat = cat_rel($articleCAT, 'seftitle'); $link = $postCat . '/' . $articleSEF; mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE id = {$commentid}"); echo notification(0, '', $link); echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $postCat . '/' . $articleSEF . '/">'; break; case 'delete_category_all': $art_query = mysql_query("SELECT id FROM " . _PRE . 'articles' . " WHERE category = {$id}"); while ($rart = mysql_fetch_array($art_query)) { mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$rart['id']}"); } mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE category = {$id}"); $sub_query = mysql_query("SELECT id FROM " . _PRE . 'categories' . " WHERE subcat = {$id}"); while ($rsub = mysql_fetch_array($sub_query)) { $art_query = mysql_query("SELECT id FROM " . _PRE . 'articles' . " WHERE category = {$rsub['id']}"); while ($rart = mysql_fetch_array($art_query)) { mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$rart['id']}"); } mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE category = {$rsub['id']}"); } mysql_query("DELETE FROM " . _PRE . 'categories' . " WHERE subcat = {$id}"); delete_cat($id); echo notification(0, '', 'snews_categories'); break; case 'hide': case 'show': $id = $_GET['id']; $item = $_GET['item']; $back = $_GET['back']; $no_yes = $task == 'hide' ? 'NO' : 'YES'; switch ($item) { case 'snews_articles': $order = 'artorder'; $link = empty($back) ? 'snews_articles' : $back; break; case 'extra_contents': $order = 'artorder'; $link = empty($back) ? 'extra_contents' : $back; break; case 'snews_pages': $order = 'artorder'; $link = empty($back) ? 'snews_pages' : $back; break; } $item = 'articles'; mysql_query("UPDATE " . _PRE . "{$item} SET visible = '{$no_yes}' WHERE id = '{$id}'"); echo notification(0, l('please_wait')); echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $link . '/">'; break; } } }
function processing() { if ($_SESSION['Logged_In'] != True) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_not_logged_in') . "</p></div>"; return 0; } $action = $_REQUEST['action']; $id = $_REQUEST['id']; $commentid = $_POST['commentid']; $name = str_replace("\\'", "'", $_POST['name']); $category = $_POST['category']; $description = $_POST['description']; $title = str_replace("\\'", "'", $_POST['title']); $seftitle = $_POST['seftitle']; $comment = str_replace("\\'", "'", $_POST['editedcomment']); $text = str_replace("\\'", "'", $_POST['text']); $text_limit = $_POST['text_limit']; $auto_html = $_POST['auto_html']; $date = date('Y-m-d H:i:s'); $display_title = $_POST['display_title']; $display_info = $_POST['display_info']; $commentable = $_POST['commentable']; $publish = $_POST['publish']; $publish_category = $_POST['publish']; $position = $_POST['position']; $display = $_POST['display']; $image = $_POST['image']; $fpost_enabled = false; $fpublished = 1; if ($_POST['fposting'] == "YES" or $_POST['task'] == "advancededit") { $fpublished = 0; $fpost_enabled = true; $fpost_day = $_POST['fposting_day']; $fpost_month = $_POST['fposting_month']; $fpost_year = $_POST['fposting_year']; $fpost_hour = $_POST['fposting_hour']; $fpost_minute = $_POST['fposting_minute']; } if ($text_limit == "") { $text_limit = 0; } if ($position == "") { $position = 1; } if ($commentable == "") { $commentable = "NO"; } if ($publish != "ON") { $position = 4; } if ($display_title == "") { $display_title = "NO"; } if ($display_info == "") { $display_info = "NO"; } if ($fpost_enabled or $_POST['task'] == "advancededit") { $date = $fpost_year . '-' . $fpost_month . '-' . $fpost_day . ' ' . $fpost_hour . ':' . $fpost_minute . ':00'; } if ($_POST['task'] == "add_category") { if ($_POST['submit_text']) { if ($name == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>"; view_categories(); } else { if ($seftitle == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>"; view_categories(); } else { if (check_if_unique('category_name', $name)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>"; view_categories(); } else { if (check_if_unique('category_seftitle', $seftitle)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>"; view_categories(); } else { if (cleancheckSEF($seftitle) == "notok") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>"; view_categories(); } else { mysql_query("INSERT INTO " . s('prefix') . "categories(name,seftitle,description,published) VALUES('{$name}', '{$seftitle}', '{$description}', '{$publish_category}')"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>"; } } } } } } } if ($_POST['task'] == "edit_category") { if ($_POST['submit_text']) { if ($name == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>"; edit_category(); } else { if ($seftitle == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>"; edit_category(); } else { if (check_if_unique('category_name', $name, $id)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>"; edit_category(); } else { if (check_if_unique('category_seftitle', $seftitle, $id)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>"; edit_category(); } else { if (cleancheckSEF($seftitle) == "notok") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>"; edit_category(); } else { mysql_query("UPDATE " . s('prefix') . "categories SET name='{$name}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "categories SET seftitle='{$seftitle}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "categories SET description='{$description}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "categories SET published='{$publish_category}' WHERE id='{$id}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>"; } } } } } } } else { if ($_POST['task'] == "new") { if ($_POST['submit_text']) { $_SESSION['temp']['title'] = $title; $_SESSION['temp']['seftitle'] = $seftitle; $_SESSION['temp']['text'] = $text; if ($title == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>"; new_article(); unset($_SESSION['temp']); } else { if ($seftitle == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>"; $_SESSION['temp']['seftitle'] = $_SESSION['temp']['title']; new_article(); unset($_SESSION['temp']); } else { if (cleancheckSEF($seftitle) == "notok") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>"; new_article(); unset($_SESSION['temp']); } else { if (check_if_unique('article_title', $title)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>"; new_article(); unset($_SESSION['temp']); } else { if (check_if_unique('article_seftitle', $seftitle)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>"; new_article(); unset($_SESSION['temp']); } else { if ($auto_html == "ON") { $text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>'); } $query = "INSERT INTO " . s('prefix') . "articles(title,seftitle,text,textlimit,date,category,position,displaytitle,displayinfo,commentable,image,published) VALUES('" . $title . "', '" . $seftitle . "', '" . $text . "', '" . $text_limit . "', '" . $date . "', '" . $category . "', '" . $position . "', '" . $display_title . "', '" . $display_info . "', '" . $commentable . "', '" . $image . "', '" . $fpublished . "')"; mysql_query($query); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "'>" . l('back') . "</a></p></div>"; unset($_SESSION['temp']); } } } } } } } else { if ($_POST['task'] == "simpleedit") { if ($_POST['submit_text']) { $_SESSION['temp']['title'] = $title; $_SESSION['temp']['text'] = $text; if ($title == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>"; edit_article(simple); unset($_SESSION['temp']); } else { if (check_if_unique('article_title', $title, $id)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>"; edit_article(simple); unset($_SESSION['temp']); } else { $text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>'); mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>"; unset($_SESSION['temp']); } } } } else { if ($_POST['task'] == "advancededit") { if ($_POST['submit_text']) { $_SESSION['temp']['title'] = $title; $_SESSION['temp']['seftitle'] = $seftitle; $_SESSION['temp']['text'] = $text; if ($title == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>"; edit_article(advanced); unset($_SESSION['temp']); } else { if ($seftitle == "") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>"; edit_article(advanced); unset($_SESSION['temp']); } else { if (cleancheckSEF($seftitle) == "notok") { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>"; edit_article(advanced); unset($_SESSION['temp']); } else { if (check_if_unique('article_title', $title, $id)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>"; edit_article(advanced); unset($_SESSION['temp']); } else { if (check_if_unique('article_seftitle', $seftitle, $id)) { echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>"; edit_article(advanced); unset($_SESSION['temp']); } else { mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET seftitle='{$seftitle}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET date='{$date}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'"); mysql_query("UPDATE " . s('prefix') . "articles SET published='{$fpublished}' WHERE id='{$id}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>"; unset($_SESSION['temp']); } } } } } } } else { if ($_GET['task'] == "delete") { mysql_query("DELETE FROM " . s('prefix') . "articles WHERE id='{$id}'"); echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "'>" . l('backhome') . "</a></p>"; } else { if ($_POST['task'] == "editcomment") { mysql_query("UPDATE " . s('prefix') . "comments SET name='{$name}' WHERE id='{$commentid}'"); mysql_query("UPDATE " . s('prefix') . "comments SET comment='{$comment}' WHERE id='{$commentid}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>"; } else { if ($_GET['task'] == "freezecomments") { $categoryid = find_article_cat($id); mysql_query("UPDATE " . s('prefix') . "articles SET commentable='FREEZ' WHERE id='{$id}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>"; } else { if ($_GET['task'] == "unfreezecomments") { $categoryid = find_article_cat($id); mysql_query("UPDATE " . s('prefix') . "articles SET commentable='YES' WHERE id='{$id}'"); echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>"; } else { if ($_GET['task'] == "deletecomment") { $commentid = $_GET['commentid']; $articleid = $_GET['articleid']; mysql_query("DELETE FROM " . s('prefix') . "comments WHERE id='{$commentid}'"); echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($articleid) . "/'>" . l('back') . "</a></p>"; } else { if ($_GET['task'] == "deletecategory") { $categoryid = $_GET['categoryid']; mysql_query("DELETE FROM " . s('prefix') . "categories WHERE id='{$id}'"); echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p>"; } } } } } } } } } } }