function render_single_article($id)
{
global $table_articles, $articles_date, $comment_article_style;
$q_article = mysql_query("SELECT id, author, title, body, UNIX_TIMESTAMP(date) as date, category, open FROM {$table_articles} WHERE id = '{$id}'");
$content = NULL;
$search = array('<$article_id$>', '<$article_title$>', '<$article_text$>', '<$article_author$>', '<$article_title$>', '<$article_category$>', '<$article_date$>');
while ($article = mysql_fetch_array($q_article, MYSQL_ASSOC)) {
$replace = array($article['id'], text_out($article['title']), text_out($article['body']), text_out($article['author']), text_out($article['title']), text_out($article['category']), date($articles_date, $article['date']));
$content .= str_replace($search, $replace, $comment_article_style);
}
return $content;
}
<tr>
<td valign="top" align="right"><b>Password:</b></td>
<td><input type="password" name="edit_password" class="tbox" /></td>
</tr>
<tr>
<td valign="top" align="right"><b>Confirm:</b></td>
<td><input type="password" name="edit_password_confirm" class="tbox" />
<div class="small"><i style="color: red;">*</i>( Type your password into both fields to change. Otherwise, leave it empty)</td>
</tr>
<tr>
<td valign="top" align="right"><b>Timezone:</b></td>
<td><input type="text" name="edit_timezone" class="tbox" value="' . $edit->timezone . '" />
<div class="small"><i style="color: red;">*</i>( Please enter timezones in this format: +|- # ie. +800 )</div></td>
</tr>
<tr>
<td valign="top" align="right"><b>Email:</b></td>
<td><input type="text" name="edit_email" class="tbox" value="' . $edit->email . '" /></td>
</tr>
<tr>
<td valign="top" align="right"><b>Biography:</b></td>
<td><textarea name="edit_info" class="tbox" cols="60" rows="10">' . text_out($edit->info) . '</textarea>
<div class="small"><i style="color: red;">*</i>( You may use HTML in this field )</div></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="submit" value="Apply changes" class="tbox" /></td>
</table>
</form>';
exit;
}
print $footer;
</form>';
print $footer;
}
} else {
print $header;
print '<i>>>> An error has occured. Invalid entry id</i>';
print $footer;
}
exit;
}
if (isset($_REQUEST['delete_article'])) {
if (isset($_REQUEST['id'])) {
$q_edit = mysql_query("SELECT title FROM {$table_articles} WHERE id = '" . $_REQUEST['id'] . "'");
print $header;
while ($blog = mysql_fetch_object($q_edit)) {
print '<center>Are you sure you wish to remove the entry entitled, "' . text_out($blog->title) . '"?<br />
<a href="text.php?deleting_article=1&id=' . $_REQUEST['id'] . '">Yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">No</a></center>';
}
} else {
print '<i>>>> An error has occured. Invalid entry id</i>';
}
print $footer;
exit;
}
if (isset($_REQUEST['deleting_article'])) {
if (isset($_REQUEST['id'])) {
$id = $_REQUEST['id'];
$q_delete = "DELETE FROM {$table_articles} WHERE id = '{$id}'";
if (mysql_query($q_delete)) {
print $header;
print "<i>>>> Post deleted.</i>";
if (mysql_query($q_add)) {
print $header;
print '<i>>>> Blog created</i>';
print $footer;
} else {
print $header;
print '<i>>>> <b>Error:</b></i>' . mysql_error();
}
}
exit;
}
if (isset($_REQUEST['remove'])) {
$q_blog = mysql_query("SELECT blog FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'");
while ($blog = mysql_fetch_object($q_blog)) {
print $header;
print '<center>Are you sure you wish to remove the blog "' . text_out($blog->blog) . '"?<br />
<b><a href="permissions.php?removing=1&id=' . $_REQUEST['id'] . '">Yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">No</a></b></center>';
print $footer;
}
exit;
}
if (isset($_REQUEST['removing'])) {
$q_remove_blog = "DELETE FROM {$table_blog_owners} WHERE id = '" . $_REQUEST['id'] . "'";
$q_remove_content = "DELETE FROM {$table_blogs} WHERE blog_name = '" . text_in($_REQUEST['blog']) . "'";
print $header;
if (mysql_query($q_remove_blog)) {
print '<i>>>> Blog removed</i><br />';
} else {
print '<i>>>> <b>Error:</b></i><br />' . mysql_error();
}
if (mysql_query($q_remove_content)) {
if (isset($_REQUEST['id'])) {
$username = $_SESSION['identity'];
$id = $_REQUEST['id'];
$q_file = mysql_query("SELECT id, filename, filename2, description, UNIX_TIMESTAMP(date) as date, owner, public, category, counter FROM {$table_uploads} WHERE owner = '{$username}' AND id = '{$id}'");
print $header;
while ($file = mysql_fetch_object($q_file)) {
$category = render_categories_menu("category", $file->category, $_SESSION['identity']);
if ($file->public == 1) {
$public = 'checked';
}
print '<form name="editform" method="post" action="uploads.php?updating=1">
<div class="title">Updating file details</div>
<table class="boxen">
<tr>
<td align="right"><b>File:</b></td>
<td>' . text_out($file->filename2) . '</td>
</tr>
<tr>
<td align="right"><b>Category:</b></td>
<td>' . $category . '</td>
</tr>
<tr>
<td align="right"><b>Public:</b></td>
<td><input type="checkbox" class="tbox" name="public" ' . $public . ' /></td>
</tr>
<tr>
<td align="right"><b>Description:</b></td>
<td><textarea name="description" cols="40" rows="10" class="tbox">' . to_raw($file->description) . '</textarea></td>
</tr>
<tr>
<td></td>
if (strstr($filetype, "image")) {
print '
<tr>
<td align="right" valign="top"><b>Description:</b></td>
<td>' . text_out($file->description) . '</td>
</tr>
<tr>
<td align="right" valign="top"><b>Preview:</b></td>
<td>Click to view full sized image<div class="small"><i style="color:red;">*</i>( There might not be an preview here if your browser doesn\'t support the filetype )</div><br /><br /><a href="viewer.php?filename=' . $file->owner . "/" . text_out($file->filename) . '"><img src="' . $thumbnail_path . $file->filename . '" alt="" /></a></td>
</tr>
</table>';
} else {
print '
<tr>
<td align="right" valign="top"><b>Description:</b></td>
<td>' . text_out($file->description) . '</td>
</tr>
</table>';
}
print $footer;
}
} else {
print $header;
print '<i>>>> Invalid ID</i>';
print $footer;
}
exit;
}
print $header;
print '<div class="title">Administration of users, and their content.</div><br />
Manage content:
print $footer;
exit;
}
print $header;
$query = mysql_query("SELECT DISTINCT username FROM {$table_admins}");
$content = '<div class="title">For,</div><ul>';
while ($blogs = mysql_fetch_array($query)) {
$content .= '<li><a href="blogs.php?name=' . $blogs['username'] . '">' . $blogs['username'] . '</a></li>';
}
print $content . "</ul>";
print $footer;
}
if (isset($_REQUEST['name'])) {
print $header;
$author = $_REQUEST['name'];
$query = mysql_query(" SELECT id , author , title , body , mood , listening , category , UNIX_TIMESTAMP(date) as date FROM {$table_blogs} WHERE author='{$author}' ORDER BY date DESC LIMIT {$start},{$limit}");
$search = array("<%id%>", "<%author%>", "<%title%>", "<%body%>", "<%date%>", "<%comments%>", "<%category%>", "<%mood%>", "<%listening%>");
$content = '<div class="title">for ' . $author . ',</div><br />';
while ($blogs = mysql_fetch_array($query)) {
$id = $blogs['id'];
$comments = mysql_query("SELECT id FROM {$table_comments} WHERE p_id = '{$id}' AND type = '3'");
$comments = mysql_num_rows($comments);
$replace = array($blogs['id'], $blogs['author'], text_out($blogs['title']), text_out($blogs['body']), date($date_format, $blogs['date']), $comments, text_out($blogs['category']), text_out($blogs['mood']), text_out($blogs['listening']));
$content .= str_replace($search, $replace, $theme_blogs_style);
}
if (mysql_num_rows($query) == 0) {
$content = '<div class="title">no entries for this person</div><br />';
}
print $content . $limit_link;
print $footer;
}
<div class="small"><i style="color: red;">*</i>( This option will permanently delete all blogs, articles, and other content in this category.)</div>
<br />
<input class="tbox" name="submit" type="submit" value="Remove" /></form>' . $footer;
}
if (isset($_REQUEST['delete'])) {
$category = $_REQUEST['category'];
$q_category = mysql_query("SELECT id, category FROM {$table_category} WHERE category = '{$category}' AND owner = '" . $_SESSION['identity'] . "'");
while ($cat = mysql_fetch_object($q_category)) {
$category = $cat->category;
if (!empty($_REQUEST['content'])) {
print $header . '<div align="center"><b>Notice:</b> You have chosen to remove all content associated with this category.<br />
Are you sure you wish to remove the "' . text_out($category) . '" category?<br />
<b><a href="category.php?type=category&deleting=1&category=' . text_out($_REQUEST['category']) . '&content=1">yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">no</a></b></div><br />' . $footer;
} else {
print $header . '<div align="center">Are you sure you wish to remove the "' . text_out($category) . '" category?<br />
<b><a href="category.php?type=category&deleting=1&category=' . text_out($_REQUEST['category']) . '">yes</a> / <a href="' . $_SERVER['HTTP_REFERER'] . '">no</a></b></div><br />' . $footer;
}
}
if (mysql_num_rows($q_category) == 0) {
print $header . '<i>>>> No such category</i><br />' . $footer;
}
}
if (isset($_REQUEST['deleting'])) {
$username = $_SESSION['identity'];
$category = $_REQUEST['category'];
$q_category = "DELETE FROM {$table_category} WHERE owner = '{$username}' AND category = '{$category}'";
print $header;
if (mysql_query($q_category)) {
print '<i>>>> Category removed</i><br />';
} else {
print '<i>>>> Category wasn\'t removed. An error occured: ' . mysql_error() . '</i><br />';
function render_users_blogs($user, $name, $default)
{
global $table_blog_owners;
if ($user == "ALL") {
$q_blogs = mysql_query("SELECT blog FROM " . $table_blog_owners . "");
} else {
$q_blogs = mysql_query("SELECT blog FROM " . $table_blog_owners . " WHERE owner = '" . $user . "'");
}
$output = '<select name="' . $name . '" class="tbox">';
if ($default != NULL) {
$output .= '<option value="' . text_out($default) . '">' . text_out($default) . '</option>
<option value=""></option>';
}
while ($blogs = mysql_fetch_object($q_blogs)) {
$output .= '<option value="' . text_out($blogs->blog) . '">' . text_out($blogs->blog) . '</option>';
}
$output .= '</select>';
return $output;
}