function management()
{
global $wpdb;
?>
<div class="wrap">
<h2>XSPF Player Plugin Management</h2>
<?php
switch ($_POST['xspf_mgmt']) {
case 'delete':
// deleting a new track
$wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . '` WHERE `idtrack` = ' . intval($_POST['idtrack']));
$wpdb->query('DELETE FROM `' . xspf_player::table() . '` WHERE `id` = ' . intval($_POST['idtrack']));
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'));
break;
case 'edit':
// Editing old values
xspf_player::show_management(__('Update Track'), 'update', __('Update Track Info'), intval($_POST['idtrack']), intval($_POST['offset']));
break;
case 'update':
// Update Track Info
$id = $wpdb->escape(intval(trim($_POST['idtrack'])));
$wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE `idtrack` = '{$id}'");
// Delete all relations
if (is_array($_POST['post_category'])) {
//post_category is defined an is an array
foreach ($_POST['post_category'] as $idcat => $valor) {
if ($valor == 1) {
// Category set?
$wpdb->query('INSERT INTO `' . xspf_player::table_cat_rel() . "`(`idtrack`, `idcat`) VALUES('{$id}', '{$idcat}')");
}
}
}
$url = trim($wpdb->escape(trim($_POST['url'])));
if ($url === '') {
// Empty tracks url not allowed
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset']));
break;
}
$imageurl = $wpdb->escape(trim($_POST['imageurl']));
$infourl = $wpdb->escape(trim($_POST['infourl']));
$artist = $wpdb->escape(xspf_player::unescape($_POST['artist']));
$title = $wpdb->escape(xspf_player::unescape($_POST['title']));
$wpdb->query('UPDATE `' . xspf_player::table() . "` SET `artist` = '{$artist}', `title` = '{$title}', `imageurl` = '{$imageurl}', `url` = '{$url}', `infourl` = '{$infourl}'" . " WHERE `id` = '{$id}'");
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset']));
break;
case 'add':
// adding a new track
$url = trim($wpdb->escape(trim($_POST['url'])));
if ($url === '') {
// Empty tracks url not allowed
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'));
break;
}
$imageurl = $wpdb->escape(trim($_POST['imageurl']));
$infourl = $wpdb->escape(trim($_POST['infourl']));
$artist = $wpdb->escape(xspf_player::unescape($_POST['artist']));
$title = $wpdb->escape(xspf_player::unescape($_POST['title']));
$wpdb->query('INSERT INTO `' . xspf_player::table() . "`(`artist`, `title`, `imageurl`, `url`, `infourl`) VALUES ('{$artist}', '{$title}', '{$imageurl}', '{$url}', '{$infourl}')");
$id = $wpdb->get_var('SELECT `id` FROM `' . xspf_player::table() . "` WHERE `url`= '{$url}'");
$wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE `idtrack` = '{$id}'");
// Delete al relations (should not be needed)
if (is_array($_POST['post_category'])) {
//post_category is defined an is an array
foreach ($_POST['post_category'] as $idcat => $valor) {
if ($valor == 1) {
// Category set?
$wpdb->query('INSERT INTO `' . xspf_player::table_cat_rel() . "`(`idtrack`, `idcat`) VALUES('{$id}', '{$idcat}')");
}
}
}
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'));
break;
case 'switch_to_tracks':
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'));
break;
case 'cancel_track_edit':
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, intval($_POST['offset']));
break;
case 'switch_to_cats':
xspf_player::show_categories_table();
break;
case 'delete_cat':
// This should be done automatically by MySQL database (DELETE CASCADE) but depends on table types and versions...
$wpdb->query('DELETE FROM `' . xspf_player::table_cat_rel() . "` WHERE idtrack = '" . $wpdb->escape($_POST['idcat']) . "'");
// Delete category from categories table
$wpdb->query('DELETE FROM `' . xspf_player::table_categories() . "` WHERE id = '" . $wpdb->escape($_POST['idcat']) . "'");
xspf_player::show_categories_table();
break;
case 'update_cat':
$cat = $wpdb->escape(trim(xspf_player::unescape($_POST['cat_name'])));
$rand = $wpdb->escape($_POST['rand']);
$autostart = $wpdb->escape($_POST['autostart']);
$result = $wpdb->get_var('SELECT `id` FROM `' . xspf_player::table_categories() . "` WHERE `name` = '{$cat}'");
if (is_null($result) || $result == $_POST['idcat']) {
$wpdb->query('UPDATE `' . xspf_player::table_categories() . "` SET `name` = '{$cat}', `description` = '" . $wpdb->escape(xspf_player::unescape($_POST['desc'])) . "', `random` = '{$rand}', `autostart`= '{$autostart}' WHERE id = '" . $wpdb->escape($_POST['idcat']) . "'");
}
xspf_player::show_categories_table();
break;
case 'update_cat_order':
// Update category order
$idcat = intval($_POST['idcat']);
$order = $_POST['order'];
$order = xspf_player::parse_orderlist($order, $idcat);
$wpdb->query('UPDATE `' . xspf_player::table_categories() . "` SET `order` = '{$order}' WHERE id = {$idcat}");
xspf_player::show_categories_table();
break;
case 'add_category':
$cat = $wpdb->escape(trim(xspf_player::unescape($_POST['new_cat'])));
$rand = $wpdb->escape($_POST['rand']);
if ($cat != '') {
// Not empty string and...
if (!$wpdb->query('SELECT * FROM `' . xspf_player::table_categories() . "` WHERE `name` = '{$cat}'")) {
// Not already inserted
$wpdb->query('INSERT INTO `' . xspf_player::table_categories() . "`(`name`, `random`) VALUES ('{$cat}', '{$rand}')");
}
}
xspf_player::show_categories_table();
break;
case 'order':
// Display the category song-order list
xspf_player::show_categories_order_mgmt($_POST['idcat']);
break;
case 'gotopage':
// Display the song list to the next, previos page as selected by the user
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'), FALSE, $_POST['offset']);
break;
default:
xspf_player::show_management(__('Add New Track'), 'add', __('Add New Track'));
}
?>
</div><?php
}
// Comment some headers introduced by some free web hosts
require_once '../../../wp-config.php';
require_once '../../../wp-settings.php';
require_once 'xspf_player_class.php';
echo ' -->', "\n";
$charset = get_option('blog_charset');
?>
<playlist version="0" xmlns = "http://xspf.org/ns/0/">
<title>XSPF Player</title>
<annotation>http://musicplayer.sourceforge.net</annotation>
<trackList>
<?php
$query = 'SELECT * FROM `' . xspf_player::table() . '` a';
if (isset($_GET['cat']) || isset($_GET['order'])) {
if (isset($_GET['cat'])) {
$query .= ' INNER JOIN `' . xspf_player::table_cat_rel() . '` b ' . "ON (a.`id` = b.`idtrack`) WHERE `idcat` = '" . $wpdb->escape($_GET['cat']) . "'";
$random = $wpdb->get_var('SELECT `random`, `order` FROM `' . xspf_player::table_categories() . "` WHERE `id` = '" . $wpdb->escape($_GET['cat']) . "'");
if (!$random) {
$order = $wpdb->get_var(NULL, 1);
}
}
if (isset($_GET['order'])) {
$order = $_GET['order'];
}
if ($order != '') {
if (isset($_GET['cat'])) {
$query .= ' AND ';
} else {
$query .= ' WHERE ';
}
$tracks = xspf_player::order_list($query, $order);
