<?php

// Submission page.
$adfl = FALSE;
include_once 'config/config.php';
include_once 'functions.php';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$parentid = mifi($_REQUEST['parentid']);
$mysqldb->query("SELECT Title from articles where FileID ='{$parentid}'");
$result = mysql_query($query);
$row = $mysqldb->fetchObject();
$title = "Re: {$row->Title}";
if (isset($_POST['submit'])) {
    // Handle the Form
    $message = NULL;
    // Create an empty new variable.
    // sanitise user input
    $titlee = escdata(xss_clean($_POST['commenttitle']));
    $articledatae = escdata(xss_clean($_POST['article']));
    // Validate user input
    // Check for Title.
    if (strlen($titlee) > 0) {
        $title = TRUE;
    } else {
        $title = FALSE;
        $message .= 'You need to include a title for your comment.  ';
    }
    // Check for Article.
<?php

// a_authordetails.php -- Admin view Author Details
include './functions.php';
require_once './config/auth.php';
require './config/config.php';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$authorid = mifi($_REQUEST[aid]);
$mysqldb->query("SELECT CONCAT(FirstName, ' ', LastName) AS name, Approved, UserName, Email, DATE_FORMAT(RegistrationDate, '%M %d, %Y') AS dr, (SELECT count(*) from articles WHERE Approved = 'N' AND AuthorID='{$authorid}') AS PendingArticles, (SELECT count(*) from articles WHERE Approved = 'Y' AND AuthorID='{$authorid}') AS ApprovedArticles, (SELECT count(*) from articles WHERE Approved = 'S' AND AuthorID='{$authorid}') AS SavedArticles FROM authors WHERE AuthorID='{$authorid}'");
$row = $mysqldb->fetchObject();
$totalarticles = $row->ApprovedArticles + $row->PendingArticles + $row->SavedArticles;
if (isset($_REQUEST['newperms'])) {
    $title = 'Permissions Updated';
} else {
    $title = 'Author details for ' . $row->name . ' (' . $row->UserName . ')';
}
$approved = $row->Approved;
if ($approved != 'Y') {
    $approved = "<a href=\"aufe2a.php?aid={$authorid}\">{$row->Approved}</a>";
}
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
echo <<<_AUTHORDETAILS
AuthorID : {$authorid}<br />
UserName : {$row->UserName}<br />
Full Name : {$row->name}<br />
Permissions : {$row->Approved}<br>
Example #3
0
<?php

/* article rating */
if (isset($_REQUEST['score'])) {
    $score = mifi($_REQUEST['score']);
}
$newratedtotal = '';
// get existing rating
$mysqldb->select();
$mysqldb->query("SELECT RatingTotal, RatedTotal from articles WHERE FileID={$a}");
while ($row = $mysqldb->fetchObject()) {
    $sum = $row->RatingTotal;
    $rcount = $row->RatedTotal;
}
if ($rcount > 0) {
    $articleRating = $sum / $rcount;
} else {
    $articleRating = 0;
}
if (!isset($score)) {
    /* if we don't have a score, we'll just display the form */
    // display rating form
    echo "<p><form action=\"v.php?a={$a}\" method=\"post\">";
    $begbuttonstr = '<input type="radio" name="score" value="';
    $endbuttonstr = '" />';
    $starstr = '<img src="./imgs/star.gif" height="10" width="10" />';
    $starcount = 5;
    $star = 5;
    while ($starcount > 0) {
        echo $begbuttonstr . $starcount . $endbuttonstr;
        while ($star > 0) {
Example #4
0
<?php

// Submit Authored Article
$adfl = FALSE;
include_once 'config/config.php';
include_once 'functions.php';
$title = "Question";
$aid = mifi($_REQUEST['aid']);
if (isset($_POST['submit'])) {
    $message = NULL;
    // sanitise user input
    $articledatae = escdata(xss_clean($_POST['article']));
    // Form Validation
    // Check for Article.
    if (strlen($articledatae) > 0) {
        $article = TRUE;
        // create keywords from question words greater than 4 letters.
        $arrkeywords = explode(' ', $articledatae);
        foreach ($arrkeywords as $keyword) {
            if (strlen($keyword) > 4) {
                $keywords .= ' ' . $keyword;
            }
        }
    } else {
        $article = FALSE;
        $message .= 'You need to include the question.  ';
    }
    if ($article) {
        // If everythings okay.
        include "./classes/mysql.class.php";
        $mysqldb = new mysql();
//starting database
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
//variables
$adfl = TRUE;
$pagetitle = 'View Registered Users';
head_page($pagetitle);
menu_options($pagetitle, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($pagetitle);
// Number of Records to show per page:
$display = DB_MAX_REC;
// Determine where in the db results to start returning results
if (isset($_GET['s'])) {
    // Already determined
    $start = mifi($_GET['s']);
} else {
    $start = 0;
}
$query = "SELECT CONCAT(au.LastName, ', ', au.FirstName) AS name, au.AuthorID, DATE_FORMAT(RegistrationDate, '%M %d, %Y') AS dr,(SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='N' AND a.ParentID='0') AS pending, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='S' AND a.ParentID='0') AS saved, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='Y' AND a.ParentID='0') AS approved, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND  a.ParentID='0') AS total FROM authors AS au";
$viewquery = $query . " LIMIT {$start}, {$display}";
// That's the end of our query making.
$mysqldb->query($query);
$num_records = $mysqldb->numRows($query);
$mysqldb->query($viewquery);
if ($num_records > $display) {
    // more than one page
    $num_pages = ceil($num_records / $display);
} else {
    $num_pages = 1;
}
Example #6
0
<?php

// delete.php Delete Article
include './config/config.php';
include 'functions.php';
$title = 'Delete Article';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
$fileid = mifi($_GET['num']);
// must be the author of this article to be able to delete it.
if (!isset($_SESSION['first_name'])) {
    header("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
    ob_end_clean();
    exit;
} else {
    $first = TRUE;
    $mysqldb->query("DELETE from articles WHERE FileID='{$fileid}' AND AuthorID='{$_SESSION['user_id']}'");
    echo "Article Deleted!<br /> \n</td></tr>\n";
    footer($title);
}
Example #7
0
<?php

// adminea.php Admin Edit Article
include './functions.php';
require_once './config/auth.php';
include './config/config.php';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$enum = mifi($_REQUEST['num']);
if (isset($_REQUEST['submit'])) {
    // Handle the Form
    $message = NULL;
    // Create an empty new variable.
    // Check for Title.
    if (strlen($_REQUEST['title']) > 0) {
        $title = TRUE;
    } else {
        $title = FALSE;
        $message .= 'needs a title, ';
    }
    // Check for Article.
    if (strlen($_REQUEST['article']) > 0) {
        $article = TRUE;
    } else {
        $article = FALSE;
        $message .= 'needs content, ';
    }
    // Check for Keywords.
    if (strlen($_REQUEST['keywords']) > 0) {
Example #8
0
include "./functions.php";
require "./config/auth.php";
include "./config/config.php";
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
if ($_REQUEST['type']) {
    // post process function for (article\comment\question deletion) or (article\comment) approval
    $type = $_REQUEST['type'];
    $id = mifi($_REQUEST['id']);
    $pagetitle = postprocess($type, $id);
}
$acq = $_REQUEST['acq'];
$aid = mifi($_SESSION['user_id']);
$pagesize = DB_MAX_REC;
$recordstart = isset($_GET['start']) ? mifi($_GET['start']) : 0;
switch ($acq) {
    case 'a':
        $table = 'articles';
        $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='N' AND ParentID='0'), \nTitle, Articledata, Approved, AuthorID, \n(SELECT authors.UserName FROM authors  WHERE authors.AuthorID=articles.AuthorID) \nas AuthorName, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='N' AND ParentID='0' LIMIT {$recordstart}, {$pagesize}";
        $updateoremail = 'Last Updated';
        break;
    case 'c':
        $table = 'comments';
        $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='N' AND ParentID!=0), \nTitle, Articledata, Approved, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='N' AND ParentID!=0 LIMIT {$recordstart}, {$pagesize}";
        $updateoremail = 'Last Updated';
        break;
    case 'q':
        $table = 'questions';
        $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='Q' AND ParentID='0'), \nTitle, Articledata, Approved, AuthorID, \n(SELECT authors.UserName FROM authors  WHERE authors.AuthorID=articles.AuthorID) \nas AuthorName, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='Q' AND ParentID='0' LIMIT {$recordstart}, {$pagesize}";
        $updateoremail = 'Last Updated';
Example #9
0
<?php

// Submit Saved Article
// Set the page title and include the HTML header.
$adfl = FALSE;
include_once "./config/config.php";
include_once "functions.php";
include "./classes/mysql.class.php";
$title = 'Submit Saved Article';
$fileid = mifi($_REQUEST['fileid']);
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
// must be the author of this article to be able to delete it.
if (!isset($_SESSION['first_name'])) {
    header("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
    ob_end_clean();
    exit;
} else {
    $first = TRUE;
    $query = "UPDATE articles SET Approved='N' where FileID='{$fileid}' AND AuthorID='{$_SESSION['user_id']}' LIMIT 1";
    $mysqldb->query($query);
    echo "Article Submitted!<br /> \n</td></tr>\n";
    // The HTML footer file.
    footer($title);
}
Example #10
0
<?php

// v.php
// variables
include './config/config.php';
include_once 'functions.php';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$a = mifi($_REQUEST['a']);
$aid = $_SESSION['user_id'];
// admin override for viewing un-approved articles
if ($_SESSION['adfl']) {
    $adminview = '';
} else {
    $adminview = "AND Approved='Y'";
}
// query
$mysqldb->query("\n SELECT articles.FileID, (SELECT ArticleData FROM articles WHERE Approved='A' AND ParentID={$a} LIMIT 1) as question, articles.ParentID, articles.AuthorID, (SELECT authors.UserName FROM authors  WHERE authors.AuthorID=articles.AuthorID) as AuthorName, articles.Title, articles.Keyw, articles.ArticleData, articles.Approved, articles.Views, articles.RatingTotal, articles.RatedTotal, articles.SubmitDate \n FROM \n articles \n WHERE FileID='{$a}'\n {$adminview}\n ");
// retrieve result as an object
$row = $mysqldb->fetchObject();
$fileid = $row->FileID;
$title = $row->Title;
$parentid = $row->ParentID;
$approved = $row->Approved;
$keywords = $row->Keyw;
$views = $row->Views + 1;
//article is being viewed, adding to the view count.
$ratingtotal = $row->RatingTotal;
$ratedtotal = $row->RatedTotal;
Example #11
0
<?php

// delete.php Delete Upload
// Set the page title and include the HTML header.
include './config/config.php';
include 'functions.php';
include './classes/mysql.class.php';
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$title = 'Delete Upload';
head_page($title);
menu_options($title, $vnum, $viewop, $pid, $keys, $adfl);
contentinit($title);
$uid = mifi($_GET['uid']);
// must be the author of this article to be able to delete it.
if (!isset($_SESSION['first_name'])) {
    header("Location:  http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php");
    ob_end_clean();
    exit;
} else {
    $mysqldb->query("DELETE from uploads WHERE UploadID='{$uid}' AND AuthorID='{$_SESSION['user_id']}'");
    echo "Upload Deleted!<br /> \n</td></tr>\n";
    footer($title);
}
Example #12
0
<?php

// Author Edit Article
include_once 'functions.php';
include_once 'config/config.php';
include_once 'config/dbsettings.php';
$title = "Edit Article";
$fileid = mifi(escdata(xss_clean($_REQUEST['fileid'])));
$aid = mifi(escdata(xss_clean($_REQUEST['aid'])));
$authorid = $aid;
if (isset($_SESSION['first_name'])) {
    $enum = TRUE;
}
if (isset($_REQUEST['submit'])) {
    $message = NULL;
    // sanitise user input
    $titlee = escdata(xss_clean($_POST['title']));
    $keywordse = escdata(xss_clean($_POST['keywords']));
    $articledatae = escdata(xss_clean($_POST['article']));
    $descriptione = escdata(xss_clean($_POST['description']));
    // Form Validation
    // Check for Title.
    if (strlen($titlee) > 0) {
        $title = TRUE;
    } else {
        $title = FALSE;
        $message .= 'You need to include a title for the article.  ';
    }
    // Check for Article.
    if (strlen($articledatae) > 0) {
        $article = TRUE;
Example #13
0
<?php

// Submit Authored Article
$adfl = FALSE;
include_once 'config/config.php';
include_once 'functions.php';
include "./classes/mysql.class.php";
$mysqldb = new mysql();
$mysqldb->connect();
$mysqldb->select();
$title = "Submit Article";
$aid = mifi($_REQUEST['aid']);
if ($_REQUEST['a']) {
    $ans = mifi($_REQUEST['a']);
}
if (isset($_SESSION['first_name'])) {
    $enum = TRUE;
}
$message = NULL;
// sanitise user input
$titlee = escdata(xss_clean($_POST['title']));
$keywordse = escdata(xss_clean($_POST['keywords']));
$productide = escdata(xss_clean($_POST['productid']));
$articledatae = escdata(xss_clean($_POST['article']));
$savestatus = xss_clean($_POST['savestatus']);
$descriptione = escdata(xss_clean($_POST['description']));
if (isset($_POST['submit'])) {
    // Form Validation
    // Check for Title.
    if (strlen($titlee) > 0) {
        $title = TRUE;