PageRenderTime 48ms CodeModel.GetById 17ms RepoModel.GetById 0ms app.codeStats 0ms

/v1.4/puslapiai/dievai/straipsniai.php

http://mightmedia.googlecode.com/
PHP | 272 lines | 228 code | 26 blank | 18 comment | 58 complexity | 659e7a461f9b987bf63c7ce4a3caf972 MD5 | raw file
Possible License(s): AGPL-1.0, LGPL-2.0, GPL-2.0 
    

  1. <?php

    2. 

  2. /**

    3. 

  3.  * @Projektas: MightMedia TVS

    4. 

  4.  * @Puslapis: www.coders.lt

    5. 

  5.  * @$Author$

    6. 

  6.  * @copyright CodeRS Š2008

    7. 

  7.  * @license GNU General Public License v2

    8. 

  8.  * @$Revision$

    9. 

  9.  * @$Date$

    10. 

  10.  **/

    11. 

  11. 

    12. 

  12. if (!defined("OK") || !ar_admin(basename(__file__)))

    13. 

  13. {

    14. 

  14.     header('location: ?');

    15. 

  15.     exit();

    16. 

  16. }

    17. 

  17. unset($text, $extra);

    18. 

  18. $buttons = <<< HTML

    19. 

  19. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,2'">{$lang['system']['createcategory']}</button>

    20. 

  20. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,3'">{$lang['system']['editcategory']}</button>

    21. 

  21. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,5'">{$lang['system']['createsubcategory']}</button>

    22. 

  22. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,4'">{$lang['admin']['article_edit']}</button>

    23. 

  23. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,7'">{$lang['admin']['article_create']}</button>

    24. 

  24. <button onclick="location.href='?id,{$_GET['id']};a,{$_GET['a']};v,6'">{$lang['admin']['article_unpublished']}</button>

    25. 

  25. 

    26. 

  26. HTML;

    27. 

  27. if (empty($_GET['v']))

    28. 

  28. {

    29. 

  29.     $_GET['v'] = 0;

    30. 

  30. }

    31. 

  31. lentele($lang['admin']['Articles'], $buttons);

    32. 

  32. unset($buttons);

    33. 

  33. include_once ("priedai/kategorijos.php");

    34. 

  34. kategorija("straipsniai", true);

    35. 

  35. 

    36. 

  36. if (isset($_GET['p']))

    37. 

  37. {

    38. 

  38.     $result = mysql_query1("UPDATE `" . LENTELES_PRIESAGA . "straipsniai` SET rodoma='TAIP' 

    39. 

  39. 			WHERE `id`=" . escape($_GET['p']) . ";

    40. 

  40. 			");

    41. 

  41.     if ($result)

    42. 

  42.     {

    43. 

  43.         msg($lang['system']['done'], "{$lang['admin']['article_activated']}.");

    44. 

  44.     }

    45. 

  45.     else

    46. 

  46.     {

    47. 

  47.         klaida("{$lang['system']['error']}", " <br><b>" . mysql_error() . "</b>");

    48. 

  48.     }

    49. 

  49. }

    50. 

  50. $tags = array("p" => 1, "br" => 0, "a" => 1, "img" => 0, "li" => 1, "ol" => 1, "ul" => 1, "b" => 1, "i" => 1, "em" => 1, "strong" => 1, "del" => 1, "ins" => 1, "u" => 1, "code" => 1, "pre" => 1, "blockquote" => 1, "hr" => 0, "span" => 1, "font" => 1, "h1" => 1, "h2" => 1, "h3" => 1, "table" => 1, "tr" => 1, "td" => 1, "th" => 1, "tbody" => 1, "div" => 1, "embed" => 1);

    51. 

  51. if (((isset($_POST['action']) && $_POST['action'] == $lang['admin']['delete'] && LEVEL == 1 && isset($_POST['edit_new']) && $_POST['edit_new'] > 0)) || isset($url['t']) && LEVEL == 1)

    52. 

  52. {

    53. 

  53.     if (isset($url['t']))

    54. 

  54.     {

    55. 

  55.         $trinti = (int)$url['t'];

    56. 

  56.     } elseif (isset($_POST['edit_new']))

    57. 

  57.     {

    58. 

  58.         $trinti = (int)$_POST['edit_new'];

    59. 

  59.     }

    60. 

  60.     $ar = mysql_query1("DELETE FROM `" . LENTELES_PRIESAGA . "straipsniai` WHERE id=" . escape($trinti) . " LIMIT 1") or die(mysql_error());

    61. 

  61.     if ($ar)

    62. 

  62.     {

    63. 

  63.         msg($lang['system']['done'], "{$lang['admin']['article_Deleted']}");

    64. 

  64.     }

    65. 

  65.     else

    66. 

  66.     {

    67. 

  67.         klaida("{$lang['system']['error']}", " <br><b>" . mysql_error() . "</b>");

    68. 

  68.     }

    69. 

  69.     mysql_query1("DELETE FROM `" . LENTELES_PRIESAGA . "kom` WHERE pid='puslapiai/straipsnis' AND kid=" . escape($trinti) . "");

    70. 

  70.     //redirect("?id,".$_GET['id'].";a,".$_GET['a'],"header");

    71. 

  71. } elseif (isset($_POST['action']) && isset($_POST['str']) && $_POST['action'] == $lang['admin']['edit'])

    72. 

  72. {

    73. 

  73.     //apsauga nuo kenksmingo kodo

    74. 

  74.     include_once ('priedai/safe_html.php');

    75. 

  75. 

    76. 

  76.     $apr = safe_html(str_replace(array("&#39;"), array("'"), $_POST['apr']), $tags);

    77. 

  77.     $str = safe_html(str_replace(array("&#39;"), array("'"), $_POST['str']), $tags);

    78. 

  78.     $komentaras = (isset($_POST['kom']) && $_POST['kom'] == 'taip' ? 'taip' : 'ne');

    79. 

  79.     $rodoma = (isset($_POST['rodoma']) && $_POST['rodoma'] == 'TAIP' ? 'TAIP' : 'NE');

    80. 

  80.     $kategorija = (int)$_POST['kategorija'];

    81. 

  81.     $pavadinimas = strip_tags($_POST['pav']);

    82. 

  82.     $id = ceil((int)$_POST['idas']);

    83. 

  83. 

    84. 

  84.     if ($komentaras == 'ne')

    85. 

  85.     {

    86. 

  86.         mysql_query1("DELETE FROM `" . LENTELES_PRIESAGA . "kom` WHERE pid=" . escape((int)$_GET['id']) . " AND kid=" . escape($id));

    87. 

  87.     }

    88. 

  88. 

    89. 

  89.     $resultas = mysql_query1("UPDATE `" . LENTELES_PRIESAGA . "straipsniai` SET

    90. 

  90. 	    `kat` = " . escape($kategorija) . ",

    91. 

  91. 			`pav` = " . escape($pavadinimas) . ",

    92. 

  92. 			`t_text` = " . escape($apr) . ",

    93. 

  93. 			`f_text` = " . escape($str) . ",

    94. 

  94. 			`kom` = " . escape($komentaras) . ",

    95. 

  95. 			`rodoma` = " . escape($rodoma) . "

    96. 

  96. 			WHERE `id`=" . escape($id) . ";

    97. 

  97. 			") or klaida("{$lang['system']['error']}", " <br><b>" . mysql_error() . "</b>");

    98. 

  98.     if ($resultas)

    99. 

  99.     {

    100. 

  100.         msg($lang['system']['done'], "{$lang['admin']['article_updated']}.");

    101. 

  101.     }

    102. 

  102.     else

    103. 

  103.     {

    104. 

  104.         klaida("{$lang['system']['error']}", " <br><b>" . mysql_error() . "</b>");

    105. 

  105.     }

    106. 

  106. 

    107. 

  107. } elseif (isset($_POST['action']) && $_POST['action'] == $lang['admin']['article_create'])

    108. 

  108. {

    109. 

  109.     //apsauga nuo kenksmingo kodo

    110. 

  110.     include_once ('priedai/safe_html.php');

    111. 

  111. 

    112. 

  112.     $apr = safe_html(str_replace(array("&#39;"), array("'"), $_POST['apr']), $tags);

    113. 

  113.     $str = safe_html(str_replace(array("&#39;"), array("'"), $_POST['str']), $tags);

    114. 

  114.     $komentaras = (isset($_POST['kom']) && $_POST['kom'] == 'taip' ? 'taip' : 'ne');

    115. 

  115.     $kategorija = (int)$_POST['kategorija'];

    116. 

  116.     $pavadinimas = strip_tags($_POST['pav']);

    117. 

  117.     $rodoma = (isset($_POST['rodoma']) && $_POST['rodoma'] == 'TAIP' ? 'TAIP' : 'NE');

    118. 

  118.     $autorius = $_SESSION['username'];

    119. 

  119.     $autoriusid = $_SESSION['id'];

    120. 

  120.     if (empty($str) || empty($pavadinimas))

    121. 

  121.     {

    122. 

  122.         $error = "{$lang['admin']['article_emptyfield']}.";

    123. 

  123.     }

    124. 

  124.     if (!isset($error))

    125. 

  125.     {

    126. 

  126.         $result = mysql_query1("INSERT INTO `" . LENTELES_PRIESAGA . "straipsniai` SET

    127. 

  127. 	    `kat` = " . escape($kategorija) . ",

    128. 

  128. 			`pav` = " . escape($pavadinimas) . ",

    129. 

  129. 			`t_text` = " . escape($apr) . ",

    130. 

  130. 			`f_text` = " . escape($str) . ",

    131. 

  131. 			`date` = " . time() . ",

    132. 

  132. 			`autorius` = " . escape($autorius) . ",

    133. 

  133. 			`autorius_id` = " . escape($autoriusid) . ",

    134. 

  134. 			`kom` = " . escape($komentaras) . ",

    135. 

  135. 			`rodoma` = " . escape($rodoma) . "");

    136. 

  136.         if ($result)

    137. 

  137.         {

    138. 

  138.             msg($lang['system']['done'], "{$lang['admin']['article_created']}");

    139. 

  139.         }

    140. 

  140.         else

    141. 

  141.         {

    142. 

  142.             klaida("{$lang['system']['error']}", " <br><b>" . mysql_error() . "</b>");

    143. 

  143.         }

    144. 

  144.     }

    145. 

  145.     else

    146. 

  146.     {

    147. 

  147.         klaida("{$lang['system']['error']}", $error);

    148. 

  148.     }

    149. 

  149.     unset($rodoma, $pavadinimas, $kategorija, $komentaras, $str, $apr, $_POST['action'], $result);

    150. 

  150.     redirect("?id," . $_GET['id'] . ";a," . $_GET['a'] . "", "meta");

    151. 

  151. 

    152. 

  152. }

    153. 

  153. 

    154. 

  154. 

    155. 

  155. //straipsnio redagavimas

    156. 

  156. elseif (((isset($_POST['edit_new']) && isNum($_POST['edit_new']) && $_POST['edit_new'] > 0)) || isset($url['h']))

    157. 

  157. {

    158. 

  158.     if (isset($url['h']))

    159. 

  159.     {

    160. 

  160.         $redaguoti = (int)$url['h'];

    161. 

  161.     } elseif (isset($_POST['edit_new']))

    162. 

  162.     {

    163. 

  163.         $redaguoti = (int)$_POST['edit_new'];

    164. 

  164.     }

    165. 

  165. 

    166. 

  166.     $extra = mysql_query1("SELECT * FROM `" . LENTELES_PRIESAGA . "straipsniai` WHERE `id`=" . escape($redaguoti) . " LIMIT 1");

    167. 

  167.     $extra = mysql_fetch_assoc($extra);

    168. 

  168. }

    169. 

  169. if (isset($_GET['v']))

    170. 

  170. {

    171. 

  171.     $sql = mysql_query1("SELECT * FROM  `" . LENTELES_PRIESAGA . "grupes` WHERE `kieno`='straipsniai' AND `path`=0 ORDER BY `id` DESC") or die(mysql_error());

    172. 

  172.     if (mysql_num_rows($sql) > 0)

    173. 

  173.     {

    174. 

  174.         while ($row = mysql_fetch_assoc($sql))

    175. 

  175.         {

    176. 

  176. 

    177. 

  177.             $sql2 = mysql_query1("SELECT * FROM  `" . LENTELES_PRIESAGA . "grupes` WHERE `kieno`='straipsniai' AND path!=0 and `path` like '" . $row['id'] . "%' ORDER BY `id` ASC");

    178. 

  178.             if (mysql_num_rows($sql2) > 0)

    179. 

  179.             {

    180. 

  180.                 $subcat = '';

    181. 

  181.                 while ($path = mysql_fetch_assoc($sql2))

    182. 

  182.                 {

    183. 

  183. 

    184. 

  184.                     $subcat .= "->" . $path['pavadinimas'];

    185. 

  185.                     $kategorijos[$row['id']] = $row['pavadinimas'];

    186. 

  186.                     $kategorijos[$path['id']] = $row['pavadinimas'] . $subcat;

    187. 

  187. 

    188. 

  188. 

    189. 

  189.                 }

    190. 

  190.             }

    191. 

  191.             else

    192. 

  192.             {

    193. 

  193.                 $kategorijos[$row['id']] = $row['pavadinimas'];

    194. 

  194.             }

    195. 

  195. 

    196. 

  196. 

    197. 

  197.         }

    198. 

  198.     }

    199. 

  199.     /*else

    200. 

  200.     {

    201. 

  201.         $kategorijos[] = "{$lang['system']['nocategories']}";

    202. 

  202.     }*/

    203. 

  203.     $kategorijos[0] = "--";

    204. 

  204. }

    205. 

  205. $sql2 = mysql_query1("SELECT id, pav FROM  `" . LENTELES_PRIESAGA . "straipsniai` ORDER BY ID DESC");

    206. 

  206. if (mysql_num_rows($sql2) > 0)

    207. 

  207. {

    208. 

  208.     while ($row2 = mysql_fetch_assoc($sql2))

    209. 

  209.     {

    210. 

  210.         $straipsniai[$row2['id']] = $row2['pav'];

    211. 

  211.     }

    212. 

  212. }

    213. 

  213. else

    214. 

  214. {

    215. 

  215.     $straipsniai[] = "{$lang['admin']['article_no']}";

    216. 

  216. }

    217. 

  217. include_once ("priedai/class.php");

    218. 

  218. $bla = new forma();

    219. 

  219. if ($_GET['v'] == 4)

    220. 

  220. {

    221. 

  221.     $redagavimas = array("Form" => array("action" => "?id,{$_GET['id']};a,{$_GET['a']};v,7", "method" => "post", "name" => "reg"), "{$lang['admin']['article']}:" => array("type" => "select", "value" => $straipsniai, "name" => "edit_new"), " " => array("type" => "submit", "name" => "action", "value" => "{$lang['admin']['edit']}"), "" => array("type" => "submit", "name" => "action",

    222. 

  222.         "value" => "{$lang['admin']['delete']}"));

    223. 

  223.     lentele($lang['admin']['article_edit'], $bla->form($redagavimas));

    224. 

  224. }

    225. 

  225. 

    226. 

  226. if ($_GET['v'] == 7 || isset($url['h']))

    227. 

  227. {

    228. 

  228.     if ($i = 1)

    229. 

  229.     {

    230. 

  230.         $ar = array("TAIP" => "{$lang['admin']['yes']}", "NE" => "{$lang['admin']['no']}");

    231. 

  231.         $straipsnis = array("Form" => array("action" => "?id," . $_GET['id'] . ";a," . $_GET['a'] . "", "method" => "post", "name" => "reg"), "{$lang['admin']['article_title']}:" => array("type" => "text", "value" => input((isset($extra)) ? $extra['pav'] : ''), "name" => "pav", "style" => "width:100%"), "" => array("type" => "hidden", "name" => "idas", "value" => (isset($extra['id']) ?

    232. 

  232.             input($extra['id']) : '')), "{$lang['admin']['article_comments']}:" => array("type" => "select", "value" => array('taip' => $lang['admin']['yes'], 'ne' => $lang['admin']['no']), "name" => "kom", "class" => "input", "style" => "width:100%"), "{$lang['system']['category']}:" => array("type" => "select", "value" => $kategorijos, "name" => "kategorija", "class" => "input", "style" =>

    233. 

  233.             "width:100%", "selected" => (isset($extra['kat']) ? input($extra['kat']) : '')), "{$lang['admin']['article_shown']}:" => array("type" => "select", "value" => $ar, "name" => "rodoma", "class" => "input", "style" => "width:100%", "selected" => (isset($extra['rodoma']) ? input($extra['rodoma']) : '')), "{$lang['admin']['article']}:" => array("type" => "string", "value" =>

    234. 

  234.             editorius('spaw', 'standartinis', array('apr' => 'Straipsnio ?žanga', 'str' => 'straipsnis'), array('apr' => (isset($extra)) ? $extra['t_text'] : $lang['admin']['article_preface'], 'str' => (isset($extra)) ? $extra['f_text'] : $lang['admin']['article']))), (isset($extra)) ? $lang['admin']['edit'] : $lang['admin']['article_create'] => array("type" => "submit", "name" => "action",

    235. 

  235.             "value" => (isset($extra)) ? $lang['admin']['edit'] : $lang['admin']['article_create']), );

    236. 

  236.         if (isset($extra['id']))

    237. 

  237.         {

    238. 

  238.             $naujiena[''] = array("type" => "text", "name" => "idas", "value" => (isset($extra['id']) ? input($extra['id']) : ''));

    239. 

  239.         }

    240. 

  240. 

    241. 

  241.         lentele($lang['admin']['article_create'], $bla->form($straipsnis));

    242. 

  242.     }

    243. 

  243.     else

    244. 

  244.     {

    245. 

  245.         klaida("{$lang['system']['warning']}", "{$lang['system']['nocategories']}.");

    246. 

  246.     }

    247. 

  247. } elseif ($_GET['v'] == 6)

    248. 

  248. {

    249. 

  249. 

    250. 

  250.     $q = mysql_query1("SELECT * FROM `" . LENTELES_PRIESAGA . "straipsniai` WHERE rodoma='NE'");

    251. 

  251.     if ($q)

    252. 

  252.     {

    253. 

  253. 

    254. 

  254.         include_once ("priedai/class.php");

    255. 

  255.         $bla = new Table();

    256. 

  256.         $info = array();

    257. 

  257.         while ($sql = mysql_fetch_assoc($q))

    258. 

  258.         {

    259. 

  259.             $sql2 = mysql_fetch_assoc(mysql_query1("SELECT nick FROM `" . LENTELES_PRIESAGA . "users` WHERE id='" . $sql['autorius'] . "'"));

    260. 

  260. 

    261. 

  261.             $info[] = array("ID" => $sql['id'], "{$lang['admin']['article']}:" => '<a href="#" title="<b>' . $sql['pav'] . '</b>

    262. 

  262. 			<br />' . $lang['admin']['article_author'] . ': <b>' . $sql2['nick'] . '</b><br />' . $lang['admin']['article_date'] . ': <b>' . date('Y-m-d H:i:s ', $sql['date']) . ' - ' . kada(date('Y-m-d H:i:s ', $sql['date'])) . '</b>" target="_blank">' . $sql['pav'] . '</a>', "{$lang['admin']['action']}:" => "<a href='?id,{$_GET['id']};a,{$_GET['a']};p," . $sql['id'] . "'title='{$lang['admin']['acept']}'><img src='images/icons/icon_accept.gif' border='0'></a> <a href='?id,{$_GET['id']};a,{$_GET['a']};t," .

    263. 

  263.                 $sql['id'] . "' title='{$lang['admin']['delete']}'><img src='images/icons/cross.png' border='0'></a> <a href='?id,{$_GET['id']};a,{$_GET['a']};h," . $sql['id'] . "' title='{$lang['admin']['edit']}'><img src='images/icons/pencil.png' border='0'></a>");

    264. 

  264. 

    265. 

  265.         }

    266. 

  266.         lentele($lang['admin']['article_unpublished'], $bla->render($info));

    267. 

  267. 

    268. 

  268.     }

    269. 

  269. 

    270. 

  270. }

    271. 

  271. //unset($_POST);

    272. 

  272. ?>

    273. 

  273.