<?php // Submission page. $adfl = FALSE; include_once 'config/config.php'; include_once 'functions.php'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $parentid = mifi($_REQUEST['parentid']); $mysqldb->query("SELECT Title from articles where FileID ='{$parentid}'"); $result = mysql_query($query); $row = $mysqldb->fetchObject(); $title = "Re: {$row->Title}"; if (isset($_POST['submit'])) { // Handle the Form $message = NULL; // Create an empty new variable. // sanitise user input $titlee = escdata(xss_clean($_POST['commenttitle'])); $articledatae = escdata(xss_clean($_POST['article'])); // Validate user input // Check for Title. if (strlen($titlee) > 0) { $title = TRUE; } else { $title = FALSE; $message .= 'You need to include a title for your comment. '; } // Check for Article.
<?php // a_authordetails.php -- Admin view Author Details include './functions.php'; require_once './config/auth.php'; require './config/config.php'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $authorid = mifi($_REQUEST[aid]); $mysqldb->query("SELECT CONCAT(FirstName, ' ', LastName) AS name, Approved, UserName, Email, DATE_FORMAT(RegistrationDate, '%M %d, %Y') AS dr, (SELECT count(*) from articles WHERE Approved = 'N' AND AuthorID='{$authorid}') AS PendingArticles, (SELECT count(*) from articles WHERE Approved = 'Y' AND AuthorID='{$authorid}') AS ApprovedArticles, (SELECT count(*) from articles WHERE Approved = 'S' AND AuthorID='{$authorid}') AS SavedArticles FROM authors WHERE AuthorID='{$authorid}'"); $row = $mysqldb->fetchObject(); $totalarticles = $row->ApprovedArticles + $row->PendingArticles + $row->SavedArticles; if (isset($_REQUEST['newperms'])) { $title = 'Permissions Updated'; } else { $title = 'Author details for ' . $row->name . ' (' . $row->UserName . ')'; } $approved = $row->Approved; if ($approved != 'Y') { $approved = "<a href=\"aufe2a.php?aid={$authorid}\">{$row->Approved}</a>"; } head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); echo <<<_AUTHORDETAILS AuthorID : {$authorid}<br /> UserName : {$row->UserName}<br /> Full Name : {$row->name}<br /> Permissions : {$row->Approved}<br>
<?php /* article rating */ if (isset($_REQUEST['score'])) { $score = mifi($_REQUEST['score']); } $newratedtotal = ''; // get existing rating $mysqldb->select(); $mysqldb->query("SELECT RatingTotal, RatedTotal from articles WHERE FileID={$a}"); while ($row = $mysqldb->fetchObject()) { $sum = $row->RatingTotal; $rcount = $row->RatedTotal; } if ($rcount > 0) { $articleRating = $sum / $rcount; } else { $articleRating = 0; } if (!isset($score)) { /* if we don't have a score, we'll just display the form */ // display rating form echo "<p><form action=\"v.php?a={$a}\" method=\"post\">"; $begbuttonstr = '<input type="radio" name="score" value="'; $endbuttonstr = '" />'; $starstr = '<img src="./imgs/star.gif" height="10" width="10" />'; $starcount = 5; $star = 5; while ($starcount > 0) { echo $begbuttonstr . $starcount . $endbuttonstr; while ($star > 0) {
<?php // Submit Authored Article $adfl = FALSE; include_once 'config/config.php'; include_once 'functions.php'; $title = "Question"; $aid = mifi($_REQUEST['aid']); if (isset($_POST['submit'])) { $message = NULL; // sanitise user input $articledatae = escdata(xss_clean($_POST['article'])); // Form Validation // Check for Article. if (strlen($articledatae) > 0) { $article = TRUE; // create keywords from question words greater than 4 letters. $arrkeywords = explode(' ', $articledatae); foreach ($arrkeywords as $keyword) { if (strlen($keyword) > 4) { $keywords .= ' ' . $keyword; } } } else { $article = FALSE; $message .= 'You need to include the question. '; } if ($article) { // If everythings okay. include "./classes/mysql.class.php"; $mysqldb = new mysql();
//starting database $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); //variables $adfl = TRUE; $pagetitle = 'View Registered Users'; head_page($pagetitle); menu_options($pagetitle, $vnum, $viewop, $pid, $keys, $adfl); contentinit($pagetitle); // Number of Records to show per page: $display = DB_MAX_REC; // Determine where in the db results to start returning results if (isset($_GET['s'])) { // Already determined $start = mifi($_GET['s']); } else { $start = 0; } $query = "SELECT CONCAT(au.LastName, ', ', au.FirstName) AS name, au.AuthorID, DATE_FORMAT(RegistrationDate, '%M %d, %Y') AS dr,(SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='N' AND a.ParentID='0') AS pending, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='S' AND a.ParentID='0') AS saved, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.Approved='Y' AND a.ParentID='0') AS approved, (SELECT COUNT(*) FROM articles AS a WHERE a.AuthorID=au.AuthorID AND a.ParentID='0') AS total FROM authors AS au"; $viewquery = $query . " LIMIT {$start}, {$display}"; // That's the end of our query making. $mysqldb->query($query); $num_records = $mysqldb->numRows($query); $mysqldb->query($viewquery); if ($num_records > $display) { // more than one page $num_pages = ceil($num_records / $display); } else { $num_pages = 1; }
<?php // delete.php Delete Article include './config/config.php'; include 'functions.php'; $title = 'Delete Article'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); $fileid = mifi($_GET['num']); // must be the author of this article to be able to delete it. if (!isset($_SESSION['first_name'])) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php"); ob_end_clean(); exit; } else { $first = TRUE; $mysqldb->query("DELETE from articles WHERE FileID='{$fileid}' AND AuthorID='{$_SESSION['user_id']}'"); echo "Article Deleted!<br /> \n</td></tr>\n"; footer($title); }
<?php // adminea.php Admin Edit Article include './functions.php'; require_once './config/auth.php'; include './config/config.php'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $enum = mifi($_REQUEST['num']); if (isset($_REQUEST['submit'])) { // Handle the Form $message = NULL; // Create an empty new variable. // Check for Title. if (strlen($_REQUEST['title']) > 0) { $title = TRUE; } else { $title = FALSE; $message .= 'needs a title, '; } // Check for Article. if (strlen($_REQUEST['article']) > 0) { $article = TRUE; } else { $article = FALSE; $message .= 'needs content, '; } // Check for Keywords. if (strlen($_REQUEST['keywords']) > 0) {
include "./functions.php"; require "./config/auth.php"; include "./config/config.php"; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); if ($_REQUEST['type']) { // post process function for (article\comment\question deletion) or (article\comment) approval $type = $_REQUEST['type']; $id = mifi($_REQUEST['id']); $pagetitle = postprocess($type, $id); } $acq = $_REQUEST['acq']; $aid = mifi($_SESSION['user_id']); $pagesize = DB_MAX_REC; $recordstart = isset($_GET['start']) ? mifi($_GET['start']) : 0; switch ($acq) { case 'a': $table = 'articles'; $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='N' AND ParentID='0'), \nTitle, Articledata, Approved, AuthorID, \n(SELECT authors.UserName FROM authors WHERE authors.AuthorID=articles.AuthorID) \nas AuthorName, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='N' AND ParentID='0' LIMIT {$recordstart}, {$pagesize}"; $updateoremail = 'Last Updated'; break; case 'c': $table = 'comments'; $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='N' AND ParentID!=0), \nTitle, Articledata, Approved, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='N' AND ParentID!=0 LIMIT {$recordstart}, {$pagesize}"; $updateoremail = 'Last Updated'; break; case 'q': $table = 'questions'; $query = "SELECT FileID, \n(SELECT COUNT('FileID') as count FROM articles WHERE Approved='Q' AND ParentID='0'), \nTitle, Articledata, Approved, AuthorID, \n(SELECT authors.UserName FROM authors WHERE authors.AuthorID=articles.AuthorID) \nas AuthorName, \nDATE_FORMAT(SubmitDate, '%m/%e/%y') \nas date FROM articles WHERE \nApproved='Q' AND ParentID='0' LIMIT {$recordstart}, {$pagesize}"; $updateoremail = 'Last Updated';
<?php // Submit Saved Article // Set the page title and include the HTML header. $adfl = FALSE; include_once "./config/config.php"; include_once "functions.php"; include "./classes/mysql.class.php"; $title = 'Submit Saved Article'; $fileid = mifi($_REQUEST['fileid']); $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); // must be the author of this article to be able to delete it. if (!isset($_SESSION['first_name'])) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php"); ob_end_clean(); exit; } else { $first = TRUE; $query = "UPDATE articles SET Approved='N' where FileID='{$fileid}' AND AuthorID='{$_SESSION['user_id']}' LIMIT 1"; $mysqldb->query($query); echo "Article Submitted!<br /> \n</td></tr>\n"; // The HTML footer file. footer($title); }
<?php // v.php // variables include './config/config.php'; include_once 'functions.php'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $a = mifi($_REQUEST['a']); $aid = $_SESSION['user_id']; // admin override for viewing un-approved articles if ($_SESSION['adfl']) { $adminview = ''; } else { $adminview = "AND Approved='Y'"; } // query $mysqldb->query("\n SELECT articles.FileID, (SELECT ArticleData FROM articles WHERE Approved='A' AND ParentID={$a} LIMIT 1) as question, articles.ParentID, articles.AuthorID, (SELECT authors.UserName FROM authors WHERE authors.AuthorID=articles.AuthorID) as AuthorName, articles.Title, articles.Keyw, articles.ArticleData, articles.Approved, articles.Views, articles.RatingTotal, articles.RatedTotal, articles.SubmitDate \n FROM \n articles \n WHERE FileID='{$a}'\n {$adminview}\n "); // retrieve result as an object $row = $mysqldb->fetchObject(); $fileid = $row->FileID; $title = $row->Title; $parentid = $row->ParentID; $approved = $row->Approved; $keywords = $row->Keyw; $views = $row->Views + 1; //article is being viewed, adding to the view count. $ratingtotal = $row->RatingTotal; $ratedtotal = $row->RatedTotal;
<?php // delete.php Delete Upload // Set the page title and include the HTML header. include './config/config.php'; include 'functions.php'; include './classes/mysql.class.php'; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $title = 'Delete Upload'; head_page($title); menu_options($title, $vnum, $viewop, $pid, $keys, $adfl); contentinit($title); $uid = mifi($_GET['uid']); // must be the author of this article to be able to delete it. if (!isset($_SESSION['first_name'])) { header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . "/index.php"); ob_end_clean(); exit; } else { $mysqldb->query("DELETE from uploads WHERE UploadID='{$uid}' AND AuthorID='{$_SESSION['user_id']}'"); echo "Upload Deleted!<br /> \n</td></tr>\n"; footer($title); }
<?php // Author Edit Article include_once 'functions.php'; include_once 'config/config.php'; include_once 'config/dbsettings.php'; $title = "Edit Article"; $fileid = mifi(escdata(xss_clean($_REQUEST['fileid']))); $aid = mifi(escdata(xss_clean($_REQUEST['aid']))); $authorid = $aid; if (isset($_SESSION['first_name'])) { $enum = TRUE; } if (isset($_REQUEST['submit'])) { $message = NULL; // sanitise user input $titlee = escdata(xss_clean($_POST['title'])); $keywordse = escdata(xss_clean($_POST['keywords'])); $articledatae = escdata(xss_clean($_POST['article'])); $descriptione = escdata(xss_clean($_POST['description'])); // Form Validation // Check for Title. if (strlen($titlee) > 0) { $title = TRUE; } else { $title = FALSE; $message .= 'You need to include a title for the article. '; } // Check for Article. if (strlen($articledatae) > 0) { $article = TRUE;
<?php // Submit Authored Article $adfl = FALSE; include_once 'config/config.php'; include_once 'functions.php'; include "./classes/mysql.class.php"; $mysqldb = new mysql(); $mysqldb->connect(); $mysqldb->select(); $title = "Submit Article"; $aid = mifi($_REQUEST['aid']); if ($_REQUEST['a']) { $ans = mifi($_REQUEST['a']); } if (isset($_SESSION['first_name'])) { $enum = TRUE; } $message = NULL; // sanitise user input $titlee = escdata(xss_clean($_POST['title'])); $keywordse = escdata(xss_clean($_POST['keywords'])); $productide = escdata(xss_clean($_POST['productid'])); $articledatae = escdata(xss_clean($_POST['article'])); $savestatus = xss_clean($_POST['savestatus']); $descriptione = escdata(xss_clean($_POST['description'])); if (isset($_POST['submit'])) { // Form Validation // Check for Title. if (strlen($titlee) > 0) { $title = TRUE;