Esempio n. 1
0
$tpl = new IntegratedTemplate("tpl");
$error_message = "";
# post actions
if ($_POST[action] != "") {
    if ($_POST[action] == "login") {
        $headtpl->SetVariable("titel", "Login");
        if ($_POST[password] == $PASSWORD) {
            $_SESSION[password] = $PASSWORD;
            $error_message = "Logged in";
        } else {
            $error_message = "Wrong password. Fool.";
        }
    } elseif ($_POST[action] == "new") {
        $headtpl->SetVariable("titel", "Neuen Eintrag speichern");
        if ($_SESSION[password] == $PASSWORD) {
            new_article();
            $error_message = "New Article saved";
        } else {
            $error_message = "Nicht authentifiziert. Fool.";
        }
    } elseif ($_POST[action] == "kill") {
        if ($_SESSION[password] == $PASSWORD) {
            $headtpl->SetVariable("titel", "Eintrag Löschen");
            kill_article($_POST[entry_id]);
            $error_message = "Eintrag gelöscht";
        } else {
            $error_message = "Nicht authentifiziert. Fool.";
        }
    } elseif ($_POST[action] == "edit") {
        if ($entry = get_article_raw($_POST[entry_id])) {
            $headtpl->SetVariable("titel", "Eintrag Editieren: {$entry['title']}");
Esempio n. 2
0
<?php

include 'functions/connect_bd.php';
include 'functions/functions.php';
$mysqli = connect();
$mydata_article = take_article($mysqli);
if (isset($_GET["action"])) {
    $action = $_GET["action"];
} else {
    $action = "";
}
if ($action == "add") {
    $id = $_GET["id"];
    $id = $_POST["id"];
    $title = $_POST["title"];
    $text = $_POST["text"];
    $newtext = new_article($mysqli, $id, $title, $text);
    header("Location: index.php");
}
include 'view/view.php';
Esempio n. 3
0
function processing()
{
    if ($_SESSION['Logged_In'] != True) {
        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_not_logged_in') . "</p></div>";
        return 0;
    }
    $action = $_REQUEST['action'];
    $id = $_REQUEST['id'];
    $commentid = $_POST['commentid'];
    $name = str_replace("\\'", "&#39;", $_POST['name']);
    $category = $_POST['category'];
    $description = $_POST['description'];
    $title = str_replace("\\'", "&#39;", $_POST['title']);
    $seftitle = $_POST['seftitle'];
    $comment = str_replace("\\'", "&#39;", $_POST['editedcomment']);
    $text = str_replace("\\'", "&#39;", $_POST['text']);
    $text_limit = $_POST['text_limit'];
    $auto_html = $_POST['auto_html'];
    $date = date('Y-m-d H:i:s');
    $display_title = $_POST['display_title'];
    $display_info = $_POST['display_info'];
    $commentable = $_POST['commentable'];
    $publish = $_POST['publish'];
    $publish_category = $_POST['publish'];
    $position = $_POST['position'];
    $display = $_POST['display'];
    $image = $_POST['image'];
    $fpost_enabled = false;
    $fpublished = 1;
    if ($_POST['fposting'] == "YES" or $_POST['task'] == "advancededit") {
        $fpublished = 0;
        $fpost_enabled = true;
        $fpost_day = $_POST['fposting_day'];
        $fpost_month = $_POST['fposting_month'];
        $fpost_year = $_POST['fposting_year'];
        $fpost_hour = $_POST['fposting_hour'];
        $fpost_minute = $_POST['fposting_minute'];
    }
    if ($text_limit == "") {
        $text_limit = 0;
    }
    if ($position == "") {
        $position = 1;
    }
    if ($commentable == "") {
        $commentable = "NO";
    }
    if ($publish != "ON") {
        $position = 4;
    }
    if ($display_title == "") {
        $display_title = "NO";
    }
    if ($display_info == "") {
        $display_info = "NO";
    }
    if ($fpost_enabled or $_POST['task'] == "advancededit") {
        $date = $fpost_year . '-' . $fpost_month . '-' . $fpost_day . ' ' . $fpost_hour . ':' . $fpost_minute . ':00';
    }
    if ($_POST['task'] == "add_category") {
        if ($_POST['submit_text']) {
            if ($name == "") {
                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>";
                view_categories();
            } else {
                if ($seftitle == "") {
                    echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>";
                    view_categories();
                } else {
                    if (check_if_unique('category_name', $name)) {
                        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>";
                        view_categories();
                    } else {
                        if (check_if_unique('category_seftitle', $seftitle)) {
                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>";
                            view_categories();
                        } else {
                            if (cleancheckSEF($seftitle) == "notok") {
                                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>";
                                view_categories();
                            } else {
                                mysql_query("INSERT INTO " . s('prefix') . "categories(name,seftitle,description,published) VALUES('{$name}', '{$seftitle}', '{$description}', '{$publish_category}')");
                                echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>";
                            }
                        }
                    }
                }
            }
        }
    }
    if ($_POST['task'] == "edit_category") {
        if ($_POST['submit_text']) {
            if ($name == "") {
                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>";
                edit_category();
            } else {
                if ($seftitle == "") {
                    echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>";
                    edit_category();
                } else {
                    if (check_if_unique('category_name', $name, $id)) {
                        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>";
                        edit_category();
                    } else {
                        if (check_if_unique('category_seftitle', $seftitle, $id)) {
                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>";
                            edit_category();
                        } else {
                            if (cleancheckSEF($seftitle) == "notok") {
                                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>";
                                edit_category();
                            } else {
                                mysql_query("UPDATE " . s('prefix') . "categories SET name='{$name}' WHERE id='{$id}'");
                                mysql_query("UPDATE " . s('prefix') . "categories SET seftitle='{$seftitle}' WHERE id='{$id}'");
                                mysql_query("UPDATE " . s('prefix') . "categories SET description='{$description}' WHERE id='{$id}'");
                                mysql_query("UPDATE " . s('prefix') . "categories SET published='{$publish_category}' WHERE id='{$id}'");
                                echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>";
                            }
                        }
                    }
                }
            }
        }
    } else {
        if ($_POST['task'] == "new") {
            if ($_POST['submit_text']) {
                $_SESSION['temp']['title'] = $title;
                $_SESSION['temp']['seftitle'] = $seftitle;
                $_SESSION['temp']['text'] = $text;
                if ($title == "") {
                    echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
                    new_article();
                    unset($_SESSION['temp']);
                } else {
                    if ($seftitle == "") {
                        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>";
                        $_SESSION['temp']['seftitle'] = $_SESSION['temp']['title'];
                        new_article();
                        unset($_SESSION['temp']);
                    } else {
                        if (cleancheckSEF($seftitle) == "notok") {
                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>";
                            new_article();
                            unset($_SESSION['temp']);
                        } else {
                            if (check_if_unique('article_title', $title)) {
                                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
                                new_article();
                                unset($_SESSION['temp']);
                            } else {
                                if (check_if_unique('article_seftitle', $seftitle)) {
                                    echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>";
                                    new_article();
                                    unset($_SESSION['temp']);
                                } else {
                                    if ($auto_html == "ON") {
                                        $text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>');
                                    }
                                    $query = "INSERT INTO " . s('prefix') . "articles(title,seftitle,text,textlimit,date,category,position,displaytitle,displayinfo,commentable,image,published) VALUES('" . $title . "', '" . $seftitle . "', '" . $text . "', '" . $text_limit . "', '" . $date . "', '" . $category . "', '" . $position . "', '" . $display_title . "', '" . $display_info . "', '" . $commentable . "', '" . $image . "', '" . $fpublished . "')";
                                    mysql_query($query);
                                    echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "'>" . l('back') . "</a></p></div>";
                                    unset($_SESSION['temp']);
                                }
                            }
                        }
                    }
                }
            }
        } else {
            if ($_POST['task'] == "simpleedit") {
                if ($_POST['submit_text']) {
                    $_SESSION['temp']['title'] = $title;
                    $_SESSION['temp']['text'] = $text;
                    if ($title == "") {
                        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
                        edit_article(simple);
                        unset($_SESSION['temp']);
                    } else {
                        if (check_if_unique('article_title', $title, $id)) {
                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
                            edit_article(simple);
                            unset($_SESSION['temp']);
                        } else {
                            $text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>');
                            mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'");
                            mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'");
                            echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
                            unset($_SESSION['temp']);
                        }
                    }
                }
            } else {
                if ($_POST['task'] == "advancededit") {
                    if ($_POST['submit_text']) {
                        $_SESSION['temp']['title'] = $title;
                        $_SESSION['temp']['seftitle'] = $seftitle;
                        $_SESSION['temp']['text'] = $text;
                        if ($title == "") {
                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
                            edit_article(advanced);
                            unset($_SESSION['temp']);
                        } else {
                            if ($seftitle == "") {
                                echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>";
                                edit_article(advanced);
                                unset($_SESSION['temp']);
                            } else {
                                if (cleancheckSEF($seftitle) == "notok") {
                                    echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>";
                                    edit_article(advanced);
                                    unset($_SESSION['temp']);
                                } else {
                                    if (check_if_unique('article_title', $title, $id)) {
                                        echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
                                        edit_article(advanced);
                                        unset($_SESSION['temp']);
                                    } else {
                                        if (check_if_unique('article_seftitle', $seftitle, $id)) {
                                            echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>";
                                            edit_article(advanced);
                                            unset($_SESSION['temp']);
                                        } else {
                                            mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET seftitle='{$seftitle}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET date='{$date}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'");
                                            mysql_query("UPDATE " . s('prefix') . "articles SET published='{$fpublished}' WHERE id='{$id}'");
                                            echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
                                            unset($_SESSION['temp']);
                                        }
                                    }
                                }
                            }
                        }
                    }
                } else {
                    if ($_GET['task'] == "delete") {
                        mysql_query("DELETE FROM " . s('prefix') . "articles WHERE id='{$id}'");
                        echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "'>" . l('backhome') . "</a></p>";
                    } else {
                        if ($_POST['task'] == "editcomment") {
                            mysql_query("UPDATE " . s('prefix') . "comments SET name='{$name}' WHERE id='{$commentid}'");
                            mysql_query("UPDATE " . s('prefix') . "comments SET comment='{$comment}' WHERE id='{$commentid}'");
                            echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
                        } else {
                            if ($_GET['task'] == "freezecomments") {
                                $categoryid = find_article_cat($id);
                                mysql_query("UPDATE " . s('prefix') . "articles SET commentable='FREEZ' WHERE id='{$id}'");
                                echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
                            } else {
                                if ($_GET['task'] == "unfreezecomments") {
                                    $categoryid = find_article_cat($id);
                                    mysql_query("UPDATE " . s('prefix') . "articles SET commentable='YES' WHERE id='{$id}'");
                                    echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
                                } else {
                                    if ($_GET['task'] == "deletecomment") {
                                        $commentid = $_GET['commentid'];
                                        $articleid = $_GET['articleid'];
                                        mysql_query("DELETE FROM " . s('prefix') . "comments WHERE id='{$commentid}'");
                                        echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($articleid) . "/'>" . l('back') . "</a></p>";
                                    } else {
                                        if ($_GET['task'] == "deletecategory") {
                                            $categoryid = $_GET['categoryid'];
                                            mysql_query("DELETE FROM " . s('prefix') . "categories WHERE id='{$id}'");
                                            echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p>";
                                        }
                                    }
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}
Esempio n. 4
0
<?php

require 'lib.php';
$db = db_connect();
$update = $_SERVER['QUERY_STRING'] == 'edit' ? $_POST['article'] : 0;
if ($update == 0) {
    $feed = $_POST['feed'];
} else {
    $feed = 0;
}
//Does not know feed if updating, does not change it.
$title = $_POST['title'];
$desc = $_POST['desc'];
$link = $_POST['link'];
$auth = $_POST['author'];
$cat = $_POST['cat'];
$pubDate = $_POST['pubDate'] * 1;
new_article($db, $feed, $title, $desc, $link, $auth, $cat, $pubDate, $update);
if ($update == 0) {
    header("Location: feed.php?f={$feed}");
} else {
    header("Location: article.php?a={$update}");
}
Esempio n. 5
0
File: right.php Progetto: ilei/blog
    echo site_url('article/' . $article['id']);
    ?>
"><?php 
    echo $article['name'];
    ?>
</a></li>
	  <?php 
}
?>
    </ol>
  </div>
  <div class="tuijian">
    <h2>最新发布</h2>
    <ol>
	  <?php 
$articles = new_article();
foreach ($articles as $key => $article) {
    ?>
      <li><span><strong><?php 
    echo $key + 1;
    ?>
</strong></span><a href="<?php 
    echo site_url('article/' . $article['id']);
    ?>
"><?php 
    echo $article['name'];
    ?>
</a></li>
	  <?php 
}
?>