function management() { global $wpdb; ?> <div class="wrap"> <h2>XSPF Player Plugin Management</h2> <?php switch ($_POST['xspf_mgmt']) { case 'delete': // deleting a new track $wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . '` WHERE `idtrack` = ' . intval($_POST['idtrack'])); $wpdb->query('DELETE FROM `' . xspf_player::table() . '` WHERE `id` = ' . intval($_POST['idtrack'])); xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track')); break; case 'edit': // Editing old values xspf_player::show_management(__('Update Track'), 'update', __('Update Track Info'), intval($_POST['idtrack']), intval($_POST['offset'])); break; case 'update': // Update Track Info $id = $wpdb->escape(intval(trim($_POST['idtrack']))); $wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE `idtrack` = '{$id}'"); // Delete all relations if (is_array($_POST['post_category'])) { //post_category is defined an is an array foreach ($_POST['post_category'] as $idcat => $valor) { if ($valor == 1) { // Category set? $wpdb->query('INSERT INTO `' . xspf_player::table_cat_rel() . "`(`idtrack`, `idcat`) VALUES('{$id}', '{$idcat}')"); } } } $url = trim($wpdb->escape(trim($_POST['url']))); if ($url === '') { // Empty tracks url not allowed xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset'])); break; } $imageurl = $wpdb->escape(trim($_POST['imageurl'])); $infourl = $wpdb->escape(trim($_POST['infourl'])); $artist = $wpdb->escape(xspf_player::unescape($_POST['artist'])); $title = $wpdb->escape(xspf_player::unescape($_POST['title'])); $wpdb->query('UPDATE `' . xspf_player::table() . "` SET `artist` = '{$artist}', `title` = '{$title}', `imageurl` = '{$imageurl}', `url` = '{$url}', `infourl` = '{$infourl}'" . " WHERE `id` = '{$id}'"); xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset'])); break; case 'add': // adding a new track $url = trim($wpdb->escape(trim($_POST['url']))); if ($url === '') { // Empty tracks url not allowed xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track')); break; } $imageurl = $wpdb->escape(trim($_POST['imageurl'])); $infourl = $wpdb->escape(trim($_POST['infourl'])); $artist = $wpdb->escape(xspf_player::unescape($_POST['artist'])); $title = $wpdb->escape(xspf_player::unescape($_POST['title'])); $wpdb->query('INSERT INTO `' . xspf_player::table() . "`(`artist`, `title`, `imageurl`, `url`, `infourl`) VALUES ('{$artist}', '{$title}', '{$imageurl}', '{$url}', '{$infourl}')"); $id = $wpdb->get_var('SELECT `id` FROM `' . xspf_player::table() . "` WHERE `url`= '{$url}'"); $wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE `idtrack` = '{$id}'"); // Delete al relations (should not be needed) if (is_array($_POST['post_category'])) { //post_category is defined an is an array foreach ($_POST['post_category'] as $idcat => $valor) { if ($valor == 1) { // Category set? $wpdb->query('INSERT INTO `' . xspf_player::table_cat_rel() . "`(`idtrack`, `idcat`) VALUES('{$id}', '{$idcat}')"); } } } xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track')); break; case 'switch_to_tracks': xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track')); break; case 'cancel_track_edit': xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset'])); break; case 'switch_to_cats': xspf_player::show_categories_table(); break; case 'delete_cat': // This should be done automatically by MySQL database (DELETE CASCADE) but depends on table types and versions... $wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE idtrack = '" . $wpdb->escape($_POST['idcat']) . "'"); // Delete category from categories table $wpdb->query('DELETE FROM `' . xspf_player::table_categories() . "` WHERE id = '" . $wpdb->escape($_POST['idcat']) . "'"); xspf_player::show_categories_table(); break; case 'update_cat': $cat = $wpdb->escape(trim(xspf_player::unescape($_POST['cat_name']))); $rand = $wpdb->escape($_POST['rand']); $autostart = $wpdb->escape($_POST['autostart']); $result = $wpdb->get_var('SELECT `id` FROM `' . xspf_player::table_categories() . "` WHERE `name` = '{$cat}'"); if (is_null($result) || $result == $_POST['idcat']) { $wpdb->query('UPDATE `' . xspf_player::table_categories() . "` SET `name` = '{$cat}', `description` = '" . $wpdb->escape(xspf_player::unescape($_POST['desc'])) . "', `random` = '{$rand}', `autostart`= '{$autostart}' WHERE id = '" . $wpdb->escape($_POST['idcat']) . "'"); } xspf_player::show_categories_table(); break; case 'update_cat_order': // Update category order $idcat = intval($_POST['idcat']); $order = $_POST['order']; $order = xspf_player::parse_orderlist($order, $idcat); $wpdb->query('UPDATE `' . xspf_player::table_categories() . "` SET `order` = '{$order}' WHERE id = {$idcat}"); xspf_player::show_categories_table(); break; case 'add_category': $cat = $wpdb->escape(trim(xspf_player::unescape($_POST['new_cat']))); $rand = $wpdb->escape($_POST['rand']); if ($cat != '') { // Not empty string and... if (!$wpdb->query('SELECT * FROM `' . xspf_player::table_categories() . "` WHERE `name` = '{$cat}'")) { // Not already inserted $wpdb->query('INSERT INTO `' . xspf_player::table_categories() . "`(`name`, `random`) VALUES ('{$cat}', '{$rand}')"); } } xspf_player::show_categories_table(); break; case 'order': // Display the category song-order list xspf_player::show_categories_order_mgmt($_POST['idcat']); break; case 'gotopage': // Display the song list to the next, previos page as selected by the user xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, $_POST['offset']); break; default: xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track')); } ?> </div><?php }
header('Content-Type: text/xml; charset=utf-8'); echo '<?xml version="1.0" encoding="utf-8"?>', "\n"; echo '<!-- '; // Comment some headers introduced by some free web hosts require_once '../../../wp-config.php'; require_once '../../../wp-settings.php'; require_once 'xspf_player_class.php'; echo ' -->', "\n"; $charset = get_option('blog_charset'); ?> <playlist version="0" xmlns = "http://xspf.org/ns/0/"> <title>XSPF Player</title> <annotation>http://musicplayer.sourceforge.net</annotation> <trackList> <?php $query = 'SELECT * FROM `' . xspf_player::table() . '` a'; if (isset($_GET['cat']) || isset($_GET['order'])) { if (isset($_GET['cat'])) { $query .= ' INNER JOIN `' . xspf_player::table_cat_rel() . '` b ' . "ON (a.`id` = b.`idtrack`) WHERE `idcat` = '" . $wpdb->escape($_GET['cat']) . "'"; $random = $wpdb->get_var('SELECT `random`, `order` FROM `' . xspf_player::table_categories() . "` WHERE `id` = '" . $wpdb->escape($_GET['cat']) . "'"); if (!$random) { $order = $wpdb->get_var(NULL, 1); } } if (isset($_GET['order'])) { $order = $_GET['order']; } if ($order != '') { if (isset($_GET['cat'])) { $query .= ' AND '; } else {