Esempio n. 1
0
<?php

include "config.php";
$error = 0;
$user = $_POST["user"] ? $_POST["user"] : false;
$pass = $_POST["pass"] ? $_POST["pass"] : false;
if (!($user && $pass)) {
    $error = 1;
} else {
    if (!checkUserPass($user, $pass)) {
        $error = 2;
    }
}
if (!$error) {
    header('Location: ../subir-archivos.php');
} else {
    header('Location: ../login.php?error=' . $error);
}
Esempio n. 2
0
// verific daca e deja logat
if (getAuthCode() == 0) {
    // sunt deja logat
    header('Location: personalPage.php');
    // opresc executia scriptului curent
    exit;
}
// verific daca a fost facut submit
if (isset($_POST['login'])) {
    // validez datele
    if (empty($_POST['user']) || empty($_POST['pass'])) {
        // setez un mesaj de eroare
        $error = getError(ERR_INVALID_DATA);
    } else {
        // caut user-ul si verific parola
        if (checkUserPass($_POST['user'], $_POST['pass'], $conn) == null) {
            // setez un mesaj de eroare
            $error = getError(ERR_LOGIN_FAILED);
        } else {
            // daca s-a ajuns aici inseamna ca se poate loga
            markLoggedIn($conn);
        }
    }
}
// verific daca a fost vreo eroare venita de la o alta pagina
if (isset($_GET['error'])) {
    $error = getError($_GET['error']);
}
?>
<!DOCTYPE html>
<html>
Esempio n. 3
0
// define variables and set to empty values
$nameErr = $passErr = $subErr = "";
//connect
require_once "reference/reference.php";
if (isset($_SESSION['user_id'])) {
    header('Location:redirect.php');
}
if ($_SERVER["REQUEST_METHOD"] == "POST") {
    if (empty($_POST["username"])) {
        $nameErr = "Name is required";
    } else {
        if (empty($_POST["password"])) {
            $passErr = "Password is required";
        } else {
            $subErr = checkUserPass();
        }
    }
}
function checkUserPass()
{
    $username = str_replace("'", "''", $_POST["username"]);
    $password = md5($_POST["password"]);
    // Verify that user is in database
    $q = "SELECT * FROM `users` WHERE `username` = '{$username}' AND `password` = '{$password}'";
    $result = mysqli_query(getConnection(), $q);
    $rowcount = mysqli_num_rows($result);
    if ($rowcount > 0) {
        $resultrow = mysqli_fetch_row($result);
        var_dump($resultrow);
        $_SESSION['user_id'] = $resultrow[0];
Esempio n. 4
0
function processing()
{
    if (!_ADMIN) {
        echo notification(1, l('error_not_logged_in'), 'home');
    } else {
        $action = clean(cleanXSS($_GET['action']));
        $id = clean(cleanXSS($_GET['id']));
        $commentid = $_POST['commentid'];
        $approved = $_POST['approved'] == 'on' ? 'True' : '';
        $name = clean(entity($_POST['name']));
        $category = !empty($_POST['define_category']) ? $_POST['define_category'] : 0;
        $subcat = $_POST['subcat'];
        $page = $_POST['define_page'];
        $def_extra = $_POST['define_extra'];
        $description = clean(entity($_POST['description']));
        $title = clean(entity($_POST['title']));
        $seftitle = $_POST['seftitle'];
        $url = cleanXSS($_POST['url']);
        $comment = $_POST['editedcomment'];
        $text = clean($_POST['text']);
        $date = date('Y-m-d H:i:s');
        $description_meta = entity($_POST['description_meta']);
        $keywords_meta = entity($_POST['keywords_meta']);
        $display_title = $_POST['display_title'] == 'on' ? 'YES' : 'NO';
        $display_info = $_POST['display_info'] == 'on' ? 'YES' : 'NO';
        $commentable = $_POST['commentable'] == 'on' ? 'YES' : 'NO';
        $freez = $_POST['freeze'] == 'on' ? 'YES' : 'NO';
        if ($freez == 'YES' && $commentable == 'YES') {
            $commentable = 'FREEZ';
        }
        $position = $_POST['position'] > 0 ? $_POST['position'] : 1;
        if ($position == 2) {
            $position = $_POST['cat_dependant'] == 'on' ? 21 : 2;
        }
        $publish_article = $_POST['publish_article'] == 'on' ? 1 : 0;
        $show_in_subcats = $_POST['show_in_subcats'] == 'on' ? 'YES' : 'NO';
        $show_on_home = $_POST['show_on_home'] == 'on' || $position > 1 ? 'YES' : 'NO';
        $publish_category = $_POST['publish'] == 'on' ? 'YES' : 'NO';
        $fpost_enabled = false;
        if ($_POST['fposting'] == 'on') {
            $fpost_enabled = true;
            $date = $_POST['fposting_year'] . '-' . $_POST['fposting_month'] . '-' . $_POST['fposting_day'] . ' ' . $_POST['fposting_hour'] . ':' . $_POST['fposting_minute'] . ':00';
            if (date('Y-m-d H:i:s') < $date) {
                $publish_article = 2;
            }
        }
        $task = clean(cleanXSS($_GET['task']));
        switch ($task) {
            case 'save_settings':
                if (isset($_POST['save'])) {
                    $website_title = $_POST['website_title'];
                    $home_sef = $_POST['home_sef'];
                    $website_description = $_POST['website_description'];
                    $website_keywords = $_POST['website_keywords'];
                    $website_email = $_POST['website_email'];
                    $contact_subject = $_POST['contact_subject'];
                    $language = $_POST['language'];
                    $charset = $_POST['charset'];
                    $date_format = $_POST['date_format'];
                    $article_limit = $_POST['article_limit'];
                    $rss_limit = $_POST['rss_limit'];
                    $display_page = $_POST['display_page'];
                    $display_new_on_home = $_POST['display_new_on_home'];
                    $display_pagination = $_POST['display_pagination'];
                    $num_categories = $_POST['num_categories'];
                    $show_cat_names = $_POST['show_cat_names'];
                    $approve_comments = $_POST['approve_comments'];
                    $mail_on_comments = $_POST['mail_on_comments'];
                    $comments_order = $_POST['comments_order'];
                    $comment_limit = $_POST['comment_limit'];
                    $word_filter_enable = $_POST['word_filter_enable'];
                    $word_filter_file = $_POST['word_filter_file'];
                    $word_filter_change = $_POST['word_filter_change'];
                    $enable_extras = $_POST['enable_extras'] == 'on' ? 'YES' : 'NO';
                    $enable_comments = $_POST['enable_comments'] == 'on' ? 'YES' : 'NO';
                    $comment_repost_timer = is_numeric($_POST['comment_repost_timer']) ? $_POST['comment_repost_timer'] : '15';
                    $freeze_comments = $_POST['freeze_comments'] == 'on' ? 'YES' : 'NO';
                    $file_ext = $_POST['file_ext'];
                    $allowed_file = $_POST['allowed_file'];
                    $allowed_img = $_POST['allowed_img'];
                    $ufield = array('website_title' => $website_title, 'home_sef' => $home_sef, 'website_description' => $website_description, 'website_keywords' => $website_keywords, 'website_email' => $website_email, 'contact_subject' => $contact_subject, 'language' => $language, 'charset' => $charset, 'date_format' => $date_format, 'article_limit' => $article_limit, 'rss_limit' => $rss_limit, 'display_page' => $display_page, 'comments_order' => $comments_order, 'comment_limit' => $comment_limit, 'word_filter_file' => $word_filter_file, 'word_filter_change' => $word_filter_change, 'display_new_on_home' => $display_new_on_home, 'display_pagination' => $display_pagination, 'num_categories' => $num_categories, 'show_cat_names' => $show_cat_names, 'approve_comments' => $approve_comments, 'mail_on_comments' => $mail_on_comments, 'word_filter_enable' => $word_filter_enable, 'enable_extras' => $enable_extras, 'enable_comments' => $enable_comments, 'freeze_comments' => $freeze_comments, 'comment_repost_timer' => $comment_repost_timer, 'file_extensions' => $file_ext, 'allowed_files' => $allowed_file, 'allowed_images' => $allowed_img);
                    while (list($key, $value) = each($ufield)) {
                        mysql_query("UPDATE " . _PRE . 'settings' . " SET VALUE = '{$value}' WHERE name = '{$key}' LIMIT 1");
                    }
                    echo notification(0, '', 'snews_settings');
                }
                break;
            case 'changeup':
                if (isset($_POST['submit_pass'])) {
                    $user = checkUserPass($_POST['uname']);
                    $pass1 = checkUserPass($_POST['pass1']);
                    $pass2 = checkUserPass($_POST['pass2']);
                    if ($user && $pass1 && $pass2 && $pass1 === $pass2) {
                        $uname = md5($user);
                        $pass = md5($pass2);
                        $query = "UPDATE " . _PRE . 'settings' . " SET VALUE=";
                        mysql_query($query . "'{$uname}' WHERE name='username' LIMIT 1");
                        mysql_query($query . "'{$pass}' WHERE name='password' LIMIT 1");
                        echo notification(0, '', 'administration');
                    } else {
                        die(notification(2, l('pass_mismatch'), 'snews_settings'));
                    }
                }
                break;
            case 'admin_groupings':
                switch (true) {
                    case empty($name):
                        echo notification(1, l('err_TitleEmpty') . l('errNote'));
                        form_groupings();
                        break;
                    case empty($seftitle):
                        echo notification(1, l('err_SEFEmpty') . l('errNote'));
                        form_groupings();
                        break;
                    case check_if_unique('group_name', $name, $id, ''):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_groupings();
                        break;
                    case check_if_unique('group_seftitle', $seftitle, $id, ''):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_groupings();
                        break;
                    case cleancheckSEF($seftitle) == 'notok':
                        echo notification(1, l('err_SEFIllegal') . l('errNote'));
                        form_groupings();
                        break;
                    default:
                        switch (true) {
                            case isset($_POST['add_groupings']):
                                mysql_query("INSERT INTO " . _PRE . 'extras' . "(name, seftitle, description)\r\n\t\t\t\t\t\t\t\tVALUES('{$name}', '{$seftitle}', '{$description}')");
                                break;
                            case isset($_POST['edit_groupings']):
                                mysql_query("UPDATE " . _PRE . 'extras' . " SET\r\n\t\t\t\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\tdescription = '{$description}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1");
                                break;
                            case isset($_POST['delete_groupings']):
                                mysql_query("DELETE FROM " . _PRE . 'extras' . " WHERE id = {$id} LIMIT 1");
                                break;
                        }
                        echo notification(0, '', 'groupings');
                }
                break;
            case 'admin_category':
            case 'admin_subcategory':
                switch (true) {
                    case empty($name):
                        echo notification(1, l('err_TitleEmpty') . l('errNote'));
                        form_categories();
                        break;
                    case empty($seftitle):
                        echo notification(1, l('err_SEFEmpty') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['add_category']) && check_if_unique('subcat_name', $name, '', $subcat):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['add_category']) && check_if_unique('subcat_seftitle', $seftitle, '', $subcat):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_name_edit', $name, $id, ''):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['edit_category']) && $subcat == 0 && check_if_unique('cat_seftitle_edit', $seftitle, $id, ''):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_name_edit', $name, $id, $subcat):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_categories();
                        break;
                    case isset($_POST['edit_category']) && $subcat != 0 && check_if_unique('subcat_seftitle_edit', $seftitle, $id, $subcat):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_categories();
                        break;
                    case cleancheckSEF($seftitle) == 'notok':
                        echo notification(1, l('err_SEFIllegal') . l('errNote'));
                        form_categories();
                        break;
                    case $subcat == $id:
                        echo notification(1, l('errNote'));
                        form_categories();
                        break;
                    default:
                        switch (true) {
                            case isset($_POST['add_category']):
                                $catorder = mysql_fetch_array(mysql_query("SELECT MAX(catorder) as max\r\n\t\t\t\t\t\t\t\tFROM " . _PRE . 'categories' . " WHERE subcat = {$subcat}"));
                                $catorder = $catorder['max'] + 1;
                                mysql_query("INSERT INTO " . _PRE . 'categories' . "\r\n\t\t\t\t\t\t\t\t(name, seftitle, description, published, catorder, subcat)\r\n\t\t\t\t\t\t\t\tVALUES('{$name}', '{$seftitle}', '{$description}', '{$publish_category}', '{$catorder}','{$subcat}')");
                                break;
                            case isset($_POST['edit_category']):
                                $catorder = mysql_fetch_array(mysql_query("SELECT MAX(catorder) as max\r\n\t\t\t\t\t\t\t\tFROM " . _PRE . 'categories' . " WHERE subcat = {$subcat}"));
                                $catorder = isset($_POST['catorder']) ? $_POST['catorder'] : $catorder['max'] + 1;
                                mysql_query("UPDATE " . _PRE . 'categories' . " SET\r\n\t\t\t\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\tdescription = '{$description}',\r\n\t\t\t\t\t\t\t\tpublished = '{$publish_category}',\r\n\t\t\t\t\t\t\t\tsubcat='{$subcat}',\r\n\t\t\t\t\t\t\t\tcatorder='{$catorder}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1");
                                break;
                            case isset($_POST['delete_category']):
                                $any_subcats = retrieve('COUNT(id)', 'categories', 'subcat', $id);
                                $any_articles = retrieve('COUNT(id)', 'articles', 'category', $id);
                                if ($any_subcats > 0 || $any_articles > 0) {
                                    echo notification(1, l('warn_catnotempty'), '');
                                    echo '<p><a href="' . _SITE . 'administration/" title="' . l('administration') . '">
									' . l('administration') . '</a>  OR  <a href="' . _SITE . '?action=process&amp;task=delete_category_all&amp;id=' . $id . '" onclick="javascript: return pop(\'x\')" title="' . l('administration') . '">
									' . l('empty_cat') . '</a></p>';
                                    $no_success = true;
                                } else {
                                    delete_cat($id);
                                }
                                break;
                        }
                        $success = isset($no_success) ? '' : notification(0, '', 'snews_categories');
                        echo $success;
                }
                break;
            case 'reorder':
                if (isset($_POST['reorder'])) {
                    switch ($_POST['order']) {
                        case 'snews_articles':
                        case 'extra_contents':
                        case 'snews_pages':
                            $table = 'articles';
                            $order_type = 'artorder';
                            $remove = 'page_';
                            break;
                        case 'snews_categories':
                            $table = 'categories';
                            $order_type = 'catorder';
                            $remove = 'cat_';
                            break;
                    }
                    foreach ($_POST as $key => $value) {
                        $type_id = str_replace($remove, '', $key);
                        $key = clean(cleanXSS(trim($value)));
                        if ($key != 'reorder' && $key != 'order' && $key != $table && $key != l('order_content') && $key != $_POST['order']) {
                            $query = "UPDATE " . _PRE . $table . " SET {$order_type} = {$value} WHERE id = {$type_id} LIMIT 1;";
                            mysql_query($query) or die(mysql_error() . '<br />' . $query);
                        }
                    }
                    echo notification(0, l('please_wait'));
                    echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $_POST['order'] . '/">';
                }
                break;
            case 'admin_article':
                $_SESSION[_SITE . 'temp']['title'] = $title;
                $_SESSION[_SITE . 'temp']['seftitle'] = $seftitle;
                $_SESSION[_SITE . 'temp']['text'] = $text;
                switch (true) {
                    case empty($title):
                        echo notification(1, l('err_TitleEmpty') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case empty($seftitle):
                        echo notification(1, l('err_SEFEmpty') . l('errNote'));
                        $_SESSION[_SITE . 'temp']['seftitle'] = $_SESSION[_SITE . 'temp']['title'];
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case cleancheckSEF($seftitle) == 'notok':
                        echo notification(1, l('err_SEFIllegal') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case $position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article']) && check_if_unique('article_title', $title, $category, ''):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case $position == 1 && $_POST['article_category'] != $category && isset($_POST['edit_article']) && check_if_unique('article_seftitle', $seftitle, $category, ''):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case !isset($_POST['delete_article']) && !isset($_POST['edit_article']) && check_if_unique('article_title', $title, $category, ''):
                        echo notification(1, l('err_TitleExists') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    case !isset($_POST['delete_article']) && !isset($_POST['edit_article']) && check_if_unique('article_seftitle', $seftitle, $category, ''):
                        echo notification(1, l('err_SEFExists') . l('errNote'));
                        form_articles('');
                        unset($_SESSION[_SITE . 'temp']);
                        break;
                    default:
                        $pos = $position;
                        $sub = !empty($category) ? ' AND category = ' . $category : '';
                        $curr_artorder = retrieve('artorder', 'articles', 'id', $id);
                        if (!$curr_artorder) {
                            $artorder = 1;
                        } else {
                            $artorder = $curr_artorder;
                        }
                        switch ($pos) {
                            case 1:
                                $link = 'snews_articles';
                                break;
                            case 2:
                                $link = 'extra_contents';
                                break;
                            case 3:
                                $link = 'snews_pages';
                                break;
                        }
                        switch (true) {
                            case isset($_POST['add_article']):
                                mysql_query("INSERT INTO " . _PRE . 'articles' . "(\r\n\t\t\t\t\t\t\t\ttitle, seftitle, text, date, category,\r\n\t\t\t\t\t\t\t\tposition, extraid, page_extra, displaytitle,\r\n\t\t\t\t\t\t\t\tdisplayinfo, commentable, published, description_meta,\r\n\t\t\t\t\t\t\t\tkeywords_meta, show_on_home, show_in_subcats, artorder)\r\n\t\t\t\t\t\t\tVALUES('{$title}', '{$seftitle}', '{$text}', '{$date}', '{$category}',\r\n\t\t\t\t\t\t\t\t'{$position}', '{$def_extra}', '{$page}', '{$display_title}',\r\n\t\t\t\t\t\t\t\t'{$display_info}', '{$commentable}', '{$publish_article}',\r\n\t\t\t\t\t\t\t\t'{$description_meta}', '{$keywords_meta}', '{$show_on_home}',\r\n\t\t\t\t\t\t\t\t'{$show_in_subcats}', '{$artorder}')");
                                break;
                            case isset($_POST['edit_article']):
                                $category = $position == 3 ? 0 : $category;
                                $old_pos = retrieve('position', 'articles', 'id', $id);
                                // Only do this if page is changed to art/extra
                                if ($position != $old_pos && $old_pos == 3) {
                                    $chk_extra_query = "SELECT id FROM " . _PRE . 'articles' . "\r\n\t\t\t\t\t\t\t\t\tWHERE position = 2 AND category = -3 AND  page_extra = {$id}";
                                    $chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error('oops'));
                                    if ($chk_extra_sql) {
                                        while ($xtra = mysql_fetch_array($chk_extra_sql)) {
                                            $xtra_id = $xtra['id'];
                                            mysql_query("UPDATE " . _PRE . 'articles' . " SET\r\n\t\t\t\t\t\t\t\t\t\t\tcategory = '0', page_extra = ''\r\n\t\t\t\t\t\t\t\t\t\t\tWHERE id = {$xtra_id}");
                                        }
                                    }
                                }
                                if ($fpost_enabled == true) {
                                    $future = "date = '{$date}',";
                                    //allows backdating of article
                                    $publish_article = strtotime($date) < time() ? 1 : $publish_article;
                                }
                                mysql_query("UPDATE " . _PRE . 'articles' . " SET\r\n\t\t\t\t\t\t\t\ttitle='{$title}',\r\n\t\t\t\t\t\t\t\tseftitle = '{$seftitle}',\r\n\t\t\t\t\t\t\t\ttext = '{$text}',\r\n\t\t\t\t\t\t\t\t" . $future . "\r\n\t\t\t\t\t\t\t\tcategory = {$category},\r\n\t\t\t\t\t\t\t\tposition = {$position},\r\n\t\t\t\t\t\t\t\textraid = '{$def_extra}',\r\n\t\t\t\t\t\t\t\tpage_extra = '{$page}',\r\n\t\t\t\t\t\t\t\tdisplaytitle = '{$display_title}',\r\n\t\t\t\t\t\t\t\tdisplayinfo = '{$display_info}',\r\n\t\t\t\t\t\t\t\tcommentable = '{$commentable}',\r\n\t\t\t\t\t\t\t\tpublished = {$publish_article},\r\n\t\t\t\t\t\t\t\tdescription_meta = '{$description_meta}',\r\n\t\t\t\t\t\t\t\tkeywords_meta = '{$keywords_meta}',\r\n\t\t\t\t\t\t\t\tshow_on_home='{$show_on_home}',\r\n\t\t\t\t\t\t\t\tshow_in_subcats='{$show_in_subcats}',\r\n\t\t\t\t\t\t\t\tartorder = '{$artorder}'\r\n\t\t\t\t\t\t\t\tWHERE id = {$id} LIMIT 1") or die(mysql_error());
                                break;
                            case isset($_POST['delete_article']):
                                if ($position == 3) {
                                    $chk_extra_query = "SELECT id FROM " . _PRE . 'articles' . "\r\n\t\t\t\t\t\t\t\t\tWHERE position = 2 AND category = -3 AND  page_extra = {$id}";
                                    $chk_extra_sql = mysql_query($chk_extra_query) or die(mysql_error());
                                    if ($chk_extra_sql) {
                                        while ($xtra = mysql_fetch_array($chk_extra_sql)) {
                                            $xtra_id = $xtra['id'];
                                            mysql_query("UPDATE " . _PRE . 'articles' . " SET category = '0',page_extra = ''\tWHERE id = {$xtra_id}");
                                        }
                                    }
                                }
                                mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE id = {$id}");
                                mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$id}");
                                if ($id == s('display_page')) {
                                    mysql_query("UPDATE " . _PRE . 'settings' . " SET\r\n\t\t\t\t\t\t\t\t\tVALUE = 0 WHERE name = 'display_page'");
                                }
                                break;
                        }
                        echo notification(0, '', $link);
                        unset($_SESSION[_SITE . 'temp']);
                }
                break;
            case 'editcomment':
                $articleID = retrieve('articleid', 'comments', 'id', $commentid);
                $articleSEF = retrieve('seftitle', 'articles', 'id', $articleID);
                $articleCAT = retrieve('category', 'articles', 'seftitle', $articleSEF);
                $postCat = cat_rel($articleCAT, 'seftitle');
                $link = $postCat . '/' . $articleSEF;
                if (isset($_POST['submit_text'])) {
                    mysql_query("UPDATE " . _PRE . 'comments' . " SET\r\n\t\t\t\t\tname = '{$name}',\r\n\t\t\t\t\turl = '{$url}',\r\n\t\t\t\t\tcomment = '{$comment}',\r\n\t\t\t\t\tapproved = '{$approved}'\r\n\t\t\t\t\tWHERE id = {$commentid}");
                } else {
                    if (isset($_POST['delete_text'])) {
                        mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE id = {$commentid}");
                    }
                }
                echo notification(0, '', $link);
                break;
            case 'deletecomment':
                $commentid = $_GET['commentid'];
                $articleid = retrieve('articleid', 'comments', 'id', $commentid);
                $articleSEF = retrieve('seftitle', 'articles', 'id', $articleid);
                $articleCAT = retrieve('category', 'articles', 'id', $articleid);
                $postCat = cat_rel($articleCAT, 'seftitle');
                $link = $postCat . '/' . $articleSEF;
                mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE id = {$commentid}");
                echo notification(0, '', $link);
                echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $postCat . '/' . $articleSEF . '/">';
                break;
            case 'delete_category_all':
                $art_query = mysql_query("SELECT id FROM " . _PRE . 'articles' . " WHERE category = {$id}");
                while ($rart = mysql_fetch_array($art_query)) {
                    mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$rart['id']}");
                }
                mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE category = {$id}");
                $sub_query = mysql_query("SELECT id FROM " . _PRE . 'categories' . " WHERE subcat = {$id}");
                while ($rsub = mysql_fetch_array($sub_query)) {
                    $art_query = mysql_query("SELECT id FROM " . _PRE . 'articles' . " WHERE category = {$rsub['id']}");
                    while ($rart = mysql_fetch_array($art_query)) {
                        mysql_query("DELETE FROM " . _PRE . 'comments' . " WHERE articleid = {$rart['id']}");
                    }
                    mysql_query("DELETE FROM " . _PRE . 'articles' . " WHERE category = {$rsub['id']}");
                }
                mysql_query("DELETE FROM " . _PRE . 'categories' . " WHERE subcat = {$id}");
                delete_cat($id);
                echo notification(0, '', 'snews_categories');
                break;
            case 'hide':
            case 'show':
                $id = $_GET['id'];
                $item = $_GET['item'];
                $back = $_GET['back'];
                $no_yes = $task == 'hide' ? 'NO' : 'YES';
                switch ($item) {
                    case 'snews_articles':
                        $order = 'artorder';
                        $link = empty($back) ? 'snews_articles' : $back;
                        break;
                    case 'extra_contents':
                        $order = 'artorder';
                        $link = empty($back) ? 'extra_contents' : $back;
                        break;
                    case 'snews_pages':
                        $order = 'artorder';
                        $link = empty($back) ? 'snews_pages' : $back;
                        break;
                }
                $item = 'articles';
                mysql_query("UPDATE " . _PRE . "{$item} SET visible = '{$no_yes}' WHERE id = '{$id}'");
                echo notification(0, l('please_wait'));
                echo '<meta http-equiv="refresh" content="1; url=' . _SITE . $link . '/">';
                break;
        }
    }
}