$tpl = new IntegratedTemplate("tpl");
$error_message = "";
# post actions
if ($_POST[action] != "") {
if ($_POST[action] == "login") {
$headtpl->SetVariable("titel", "Login");
if ($_POST[password] == $PASSWORD) {
$_SESSION[password] = $PASSWORD;
$error_message = "Logged in";
} else {
$error_message = "Wrong password. Fool.";
}
} elseif ($_POST[action] == "new") {
$headtpl->SetVariable("titel", "Neuen Eintrag speichern");
if ($_SESSION[password] == $PASSWORD) {
new_article();
$error_message = "New Article saved";
} else {
$error_message = "Nicht authentifiziert. Fool.";
}
} elseif ($_POST[action] == "kill") {
if ($_SESSION[password] == $PASSWORD) {
$headtpl->SetVariable("titel", "Eintrag Löschen");
kill_article($_POST[entry_id]);
$error_message = "Eintrag gelöscht";
} else {
$error_message = "Nicht authentifiziert. Fool.";
}
} elseif ($_POST[action] == "edit") {
if ($entry = get_article_raw($_POST[entry_id])) {
$headtpl->SetVariable("titel", "Eintrag Editieren: {$entry['title']}");
<?php
include 'functions/connect_bd.php';
include 'functions/functions.php';
$mysqli = connect();
$mydata_article = take_article($mysqli);
if (isset($_GET["action"])) {
$action = $_GET["action"];
} else {
$action = "";
}
if ($action == "add") {
$id = $_GET["id"];
$id = $_POST["id"];
$title = $_POST["title"];
$text = $_POST["text"];
$newtext = new_article($mysqli, $id, $title, $text);
header("Location: index.php");
}
include 'view/view.php';
function processing()
{
if ($_SESSION['Logged_In'] != True) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_not_logged_in') . "</p></div>";
return 0;
}
$action = $_REQUEST['action'];
$id = $_REQUEST['id'];
$commentid = $_POST['commentid'];
$name = str_replace("\\'", "'", $_POST['name']);
$category = $_POST['category'];
$description = $_POST['description'];
$title = str_replace("\\'", "'", $_POST['title']);
$seftitle = $_POST['seftitle'];
$comment = str_replace("\\'", "'", $_POST['editedcomment']);
$text = str_replace("\\'", "'", $_POST['text']);
$text_limit = $_POST['text_limit'];
$auto_html = $_POST['auto_html'];
$date = date('Y-m-d H:i:s');
$display_title = $_POST['display_title'];
$display_info = $_POST['display_info'];
$commentable = $_POST['commentable'];
$publish = $_POST['publish'];
$publish_category = $_POST['publish'];
$position = $_POST['position'];
$display = $_POST['display'];
$image = $_POST['image'];
$fpost_enabled = false;
$fpublished = 1;
if ($_POST['fposting'] == "YES" or $_POST['task'] == "advancededit") {
$fpublished = 0;
$fpost_enabled = true;
$fpost_day = $_POST['fposting_day'];
$fpost_month = $_POST['fposting_month'];
$fpost_year = $_POST['fposting_year'];
$fpost_hour = $_POST['fposting_hour'];
$fpost_minute = $_POST['fposting_minute'];
}
if ($text_limit == "") {
$text_limit = 0;
}
if ($position == "") {
$position = 1;
}
if ($commentable == "") {
$commentable = "NO";
}
if ($publish != "ON") {
$position = 4;
}
if ($display_title == "") {
$display_title = "NO";
}
if ($display_info == "") {
$display_info = "NO";
}
if ($fpost_enabled or $_POST['task'] == "advancededit") {
$date = $fpost_year . '-' . $fpost_month . '-' . $fpost_day . ' ' . $fpost_hour . ':' . $fpost_minute . ':00';
}
if ($_POST['task'] == "add_category") {
if ($_POST['submit_text']) {
if ($name == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>";
view_categories();
} else {
if ($seftitle == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>";
view_categories();
} else {
if (check_if_unique('category_name', $name)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>";
view_categories();
} else {
if (check_if_unique('category_seftitle', $seftitle)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>";
view_categories();
} else {
if (cleancheckSEF($seftitle) == "notok") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>";
view_categories();
} else {
mysql_query("INSERT INTO " . s('prefix') . "categories(name,seftitle,description,published) VALUES('{$name}', '{$seftitle}', '{$description}', '{$publish_category}')");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>";
}
}
}
}
}
}
}
if ($_POST['task'] == "edit_category") {
if ($_POST['submit_text']) {
if ($name == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_empty') . "</p></div>";
edit_category();
} else {
if ($seftitle == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_empty') . "</p></div>";
edit_category();
} else {
if (check_if_unique('category_name', $name, $id)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_name_exists') . "</p></div>";
edit_category();
} else {
if (check_if_unique('category_seftitle', $seftitle, $id)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_exists') . "</p></div>";
edit_category();
} else {
if (cleancheckSEF($seftitle) == "notok") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_category_seftitle_illegal') . "</p></div>";
edit_category();
} else {
mysql_query("UPDATE " . s('prefix') . "categories SET name='{$name}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "categories SET seftitle='{$seftitle}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "categories SET description='{$description}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "categories SET published='{$publish_category}' WHERE id='{$id}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p></div>";
}
}
}
}
}
}
} else {
if ($_POST['task'] == "new") {
if ($_POST['submit_text']) {
$_SESSION['temp']['title'] = $title;
$_SESSION['temp']['seftitle'] = $seftitle;
$_SESSION['temp']['text'] = $text;
if ($title == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
new_article();
unset($_SESSION['temp']);
} else {
if ($seftitle == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>";
$_SESSION['temp']['seftitle'] = $_SESSION['temp']['title'];
new_article();
unset($_SESSION['temp']);
} else {
if (cleancheckSEF($seftitle) == "notok") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>";
new_article();
unset($_SESSION['temp']);
} else {
if (check_if_unique('article_title', $title)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
new_article();
unset($_SESSION['temp']);
} else {
if (check_if_unique('article_seftitle', $seftitle)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>";
new_article();
unset($_SESSION['temp']);
} else {
if ($auto_html == "ON") {
$text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>');
}
$query = "INSERT INTO " . s('prefix') . "articles(title,seftitle,text,textlimit,date,category,position,displaytitle,displayinfo,commentable,image,published) VALUES('" . $title . "', '" . $seftitle . "', '" . $text . "', '" . $text_limit . "', '" . $date . "', '" . $category . "', '" . $position . "', '" . $display_title . "', '" . $display_info . "', '" . $commentable . "', '" . $image . "', '" . $fpublished . "')";
mysql_query($query);
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . "'>" . l('back') . "</a></p></div>";
unset($_SESSION['temp']);
}
}
}
}
}
}
} else {
if ($_POST['task'] == "simpleedit") {
if ($_POST['submit_text']) {
$_SESSION['temp']['title'] = $title;
$_SESSION['temp']['text'] = $text;
if ($title == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
edit_article(simple);
unset($_SESSION['temp']);
} else {
if (check_if_unique('article_title', $title, $id)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
edit_article(simple);
unset($_SESSION['temp']);
} else {
$text = str_replace('<p></p>', '', '<p>' . preg_replace('#\\n|\\r#', '</p>$0<p>', $text) . '</p>');
mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
unset($_SESSION['temp']);
}
}
}
} else {
if ($_POST['task'] == "advancededit") {
if ($_POST['submit_text']) {
$_SESSION['temp']['title'] = $title;
$_SESSION['temp']['seftitle'] = $seftitle;
$_SESSION['temp']['text'] = $text;
if ($title == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_empty') . "</p></div>";
edit_article(advanced);
unset($_SESSION['temp']);
} else {
if ($seftitle == "") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_empty') . "</p></div>";
edit_article(advanced);
unset($_SESSION['temp']);
} else {
if (cleancheckSEF($seftitle) == "notok") {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_illegal') . "</p></div>";
edit_article(advanced);
unset($_SESSION['temp']);
} else {
if (check_if_unique('article_title', $title, $id)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_title_exists') . "</p></div>";
edit_article(advanced);
unset($_SESSION['temp']);
} else {
if (check_if_unique('article_seftitle', $seftitle, $id)) {
echo "<div class=\"" . s('css_error') . "\"><h2>" . l('admin_error') . "</h2><p>" . l('error_article_seftitle_exists') . "</p></div>";
edit_article(advanced);
unset($_SESSION['temp']);
} else {
mysql_query("UPDATE " . s('prefix') . "articles SET title='{$title}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET seftitle='{$seftitle}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET text='{$text}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET textlimit='{$text_limit}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET date='{$date}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET category='{$category}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET position='{$position}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET displaytitle='{$display_title}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET displayinfo='{$display_info}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET commentable='{$commentable}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET image='{$image}' WHERE id='{$id}'");
mysql_query("UPDATE " . s('prefix') . "articles SET published='{$fpublished}' WHERE id='{$id}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($category) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
unset($_SESSION['temp']);
}
}
}
}
}
}
} else {
if ($_GET['task'] == "delete") {
mysql_query("DELETE FROM " . s('prefix') . "articles WHERE id='{$id}'");
echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "'>" . l('backhome') . "</a></p>";
} else {
if ($_POST['task'] == "editcomment") {
mysql_query("UPDATE " . s('prefix') . "comments SET name='{$name}' WHERE id='{$commentid}'");
mysql_query("UPDATE " . s('prefix') . "comments SET comment='{$comment}' WHERE id='{$commentid}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
} else {
if ($_GET['task'] == "freezecomments") {
$categoryid = find_article_cat($id);
mysql_query("UPDATE " . s('prefix') . "articles SET commentable='FREEZ' WHERE id='{$id}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
} else {
if ($_GET['task'] == "unfreezecomments") {
$categoryid = find_article_cat($id);
mysql_query("UPDATE " . s('prefix') . "articles SET commentable='YES' WHERE id='{$id}'");
echo "<div class=\"" . s('css_success') . "\"><h2>" . l('operation_completed') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($id) . "/'>" . l('back') . "</a></p></div>";
} else {
if ($_GET['task'] == "deletecomment") {
$commentid = $_GET['commentid'];
$articleid = $_GET['articleid'];
mysql_query("DELETE FROM " . s('prefix') . "comments WHERE id='{$commentid}'");
echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . find_cat_sef($categoryid) . "/" . find_article_sef($articleid) . "/'>" . l('back') . "</a></p>";
} else {
if ($_GET['task'] == "deletecategory") {
$categoryid = $_GET['categoryid'];
mysql_query("DELETE FROM " . s('prefix') . "categories WHERE id='{$id}'");
echo "<h2>" . l('deleted_success') . "</h2><p><a href='" . s('website') . "categories/'>" . l('back') . "</a></p>";
}
}
}
}
}
}
}
}
}
}
}
<?php
require 'lib.php';
$db = db_connect();
$update = $_SERVER['QUERY_STRING'] == 'edit' ? $_POST['article'] : 0;
if ($update == 0) {
$feed = $_POST['feed'];
} else {
$feed = 0;
}
//Does not know feed if updating, does not change it.
$title = $_POST['title'];
$desc = $_POST['desc'];
$link = $_POST['link'];
$auth = $_POST['author'];
$cat = $_POST['cat'];
$pubDate = $_POST['pubDate'] * 1;
new_article($db, $feed, $title, $desc, $link, $auth, $cat, $pubDate, $update);
if ($update == 0) {
header("Location: feed.php?f={$feed}");
} else {
header("Location: article.php?a={$update}");
}
echo site_url('article/' . $article['id']);
?>
"><?php
echo $article['name'];
?>
</a></li>
<?php
}
?>
</ol>
</div>
<div class="tuijian">
<h2>最新发布</h2>
<ol>
<?php
$articles = new_article();
foreach ($articles as $key => $article) {
?>
<li><span><strong><?php
echo $key + 1;
?>
</strong></span><a href="<?php
echo site_url('article/' . $article['id']);
?>
"><?php
echo $article['name'];
?>
</a></li>
<?php
}
?>