function postmessage($ar)
{
$cn = connect_db();
$sql = "insert into `message` (touserid,fromuserid,subject,message,name) values ('" . $ar['touserid'] . "','" . $ar['fromuserid'] . "','" . magicquotes(htmlspecialchars($ar['subject'])) . "','" . formattext(htmlspecialchars(magicquotes($ar['message']))) . "','" . htmlspecialchars($ar['name']) . "')";
$result = mysql_query($sql, $cn) or die("ERROR :" . mysql_error());
disconnect_db($cn);
}
document.getElementById('txtspan').style.display="block";
// document.getElementById('div_servicesubmenu').innerHTML="";
}
</script>
<?php
$cn = connectdb();
if (isset($_GET['action']) == "add" && $_GET['type'] == "newpage") {
$sqladd = "INSERT INTO contentmanager(page_title,meta_description,meta_keywords,menu_name,page_tpl,page_type) VALUES ('" . seofilter_title(magicquotes($_POST['pagetitle'])) . "','" . seofilter_meta(magicquotes($_POST['metadesc'])) . "','" . seofilter_meta(magicquotes($_POST['metakeywords'])) . "','" . magicquotes($_POST['menuname']) . "','" . urlencode($_POST['FCKeditor1']) . "','newpage')";
$linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Added...'); window.location='contentmanager.php';</script>";
}
if (isset($_GET['action']) == "add" && $_GET['type'] == "linkpage") {
$sqladd = "INSERT INTO contentmanager(menu_name,ex_url,page_type) VALUES ('" . magicquotes($_POST['txtexmenuname']) . "','" . magicquotes($_POST['txtexurl']) . "','linkpage')";
$linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Added...'); window.location='contentmanager.php';</script>";
}
?>
<table align="center" >
<tr>
<td><img src="images/contentman.gif" /></td>
<td style="color:#003399; font-family:Arial, Helvetica, sans-serif; font-weight:bold; font-size:18px;" align="center" valign="middle">
Content Manager</td>
</tr>
</table>
<br /><br />
Edit Content Manager</td>
</tr>
</table>
<br /><br />
<?php
$cn = connectdb();
if ($_GET['action'] != "" && $_GET['pageid'] != "") {
// action update type newpage
if ($_GET['action'] == "update" && $_GET['type'] == "newpage") {
$sqladd = "UPDATE contentmanager set page_title='" . seofilter_title(magicquotes($_POST['pagetitle'])) . "',meta_description='" . seofilter_meta(magicquotes($_POST['metadesc'])) . "',meta_keywords='" . seofilter_meta(magicquotes($_POST['metakeywords'])) . "',menu_name='" . $_POST['menuname'] . "',page_tpl='" . urlencode($_POST['FCKeditor1']) . "' where id='" . $_GET['pageid'] . "'";
$linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Updated...'); window.location='contentmanager.php';</script>";
}
// action update type linkpage
if ($_GET['action'] == "update" && $_GET['type'] == "linkpage") {
$sqladd = "UPDATE contentmanager set menu_name='" . magicquotes($_POST['txtexmenuname']) . "',ex_url='" . magicquotes($_POST['txtexurl']) . "' where id='" . $_GET['pageid'] . "'";
$linkadd = mysql_query($sqladd, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Updated...'); window.location='contentmanager.php';</script>";
}
// delete page
if ($_GET['action'] == "delete") {
$sql1 = "delete from contentmanager where id='" . $_GET['pageid'] . "'";
$link1 = mysql_query($sql1, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Deleted...'); window.location='contentmanager.php';</script>";
}
// block page
if ($_GET['action'] == "block") {
$sql2 = "update contentmanager set block='1' where id='" . $_GET['pageid'] . "'";
$link2 = mysql_query($sql2, $cn) or die("Error : " . mysql_error());
echo "<script>alert('Menu Blocked...'); window.location='contentmanager.php';</script>";
}
function image_update($id, $date, $title, $description, $rotate)
{
$cn = connect_db();
if ($title == "") {
$title = "No Title";
}
if ($description == "") {
$description = "No Description";
}
$sql = "SELECT * FROM `photo` WHERE id='" . $id . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
$data = mysql_fetch_assoc($link);
$path1 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['original_url']);
$path2 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['medium_url']);
$path3 = get_full_domain_path() . str_replace(get_domain_path(), "", $data['thumb_url']);
if ($rotate == "CW") {
rotateImage($path1, "CW");
rotateImage($path2, "CW");
rotateImage($path3, "CW");
}
if ($rotate == "CCW") {
rotateImage($path1, "CCW");
rotateImage($path2, "CCW");
rotateImage($path3, "CCW");
}
$d1 = date("Y-m-d", strtotime($date));
$d1 .= date(" H:i:s", time());
$sql = "update `photo` set upload_time='" . $d1 . "', title='" . formattext(htmlspecialchars(magicquotes($title))) . "', description='" . formattext(magicquotes(htmlspecialchars($description))) . "' where id='" . $id . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
disconnect_db($cn);
}
function update_user($ar)
{
$cn = connect_db();
// print_r($ar);
if ($ar['hidedob'] == "on") {
$hidedob = 1;
} else {
$hidedob = 0;
}
if ($ar['hidegender'] == "on") {
$hidegender = 1;
} else {
$hidegender = 0;
}
$sql = "update `users` set firstname='" . magicquotes($ar['firstname']) . "', lastname='" . magicquotes($ar['lastname']) . "', email='" . magicquotes($ar['email']) . "', photoid='" . $ar['photoid'] . "',title='" . magicquotes($ar['title']) . "', sitetype='" . $ar['sitetype'] . "', themecolor='" . $ar['color'] . "', description='" . formattext(magicquotes(htmlspecialchars($ar['sitedesc']))) . "', allowprint='" . $ar['allowprint'] . "',pictureview='" . $ar['pictureview'] . "',hidegender='" . $hidegender . "',hidedob='" . $hidedob . "' where userid='" . $_SESSION['gallery_userid'] . "'";
$link = mysql_query($sql, $cn) or die("Error : " . mysql_error());
disconnect_db($cn);
}
