Location: PHPKode > projects > Quick Guestbook > quicktalk/qtg_adm_medit_exe.php
<?php

/**
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.0 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license.  If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to hide@address.com so we can mail you a copy immediately.
*
* @package    QuickTalk Guestbook
* @author     Philippe Vandenberghe <hide@address.com>
* @copyright  2009-2012 The PHP Group
* @version    2.5 build:20100731
*/

session_start();
require_once('bin/qtg_init.php');
if ( !isset($_SESSION['qtgAuth']) ) HtmlRedirect('qtg_login.php'); // CHECK LOGIN
if ( $_SESSION['qtgAuth']!='yes' ) HtmlRedirect('qtg_login.php');

include(GetLang().'qtg_adm.php');
$qtg_skin='admin';
$pg_name='';
$pg_url='qtg_adm_medit_exe.php';

function ToCsv($str='')
{
  if ( empty($str) ) return '""';
  return '"'.str_replace('"',"'",$str).'"';
}

// CHECK ARGUMENTS

if ( !isset($_GET['y']) ) die ('Missing argument [y]');
if ( !isset($_GET['m']) ) die ('Missing argument [m]');
if ( !isset($_GET['ip']) ) die ('Missing argument [ip]');
if ( !isset($_GET['n']) ) die ('Missing argument [n]');
if ( !isset($_GET['charset']) ) $_GET['charset']='UTF-8';

// READ ARGUMENTS (protection against injection)

$intYear = intval($_GET['y']);
$intMonth = intval($_GET['m']);
$strIp = strip_tags(substr($_GET['ip'],0,30));
$intNum = intval($_GET['n']);
$strCharset = strip_tags(substr($_GET['charset'],0,15));

$bHidden = true;
$bBbc = true;
$bSmile = true;
if ( isset($_GET['f']) ) { $f=substr($_GET['f'],0,3); } else { $f='txt'; }
if ( isset($_GET['h']) ) { if ( $_GET['h']=='N' ) $bHidden=false; }
if ( isset($_GET['b']) ) { if ( $_GET['b']=='N' ) $bBbc=false; }
if ( isset($_GET['s']) ) { if ( $_GET['s']=='N' ) $bSmile=false; }

// --------
// SUBMITTED
// --------

if ( isset($_GET['export']) || isset($_GET['delete']) || isset($_GET['hide']) || isset($_GET['unhide']) )
{      
  $strDate = strval($intYear); if ( $intMonth>0 ) $strDate = strval($intYear*100+$intMonth);
  switch(substr($oDB->type,0,5))
  {
  case 'mysql':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'mssql':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'pg':   $strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'ibase':$strWhere = 'SUBSTRING(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'sqlit':$strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'db2':  $strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'oci':  $strWhere = 'SUBSTR(issuedate,1,'.strlen($strDate).')="'.$strDate.'"'; break;
  case 'file': $strWhere = ''; break;
  default: die('Unknown db type '.$oDB->type);
  }

  
  if ( isset($_GET['delete']) || isset($_GET['hide']) || isset($_GET['unhide']) )
  {
    include('qtg_p_header.php');
    include('qtg_adm_menu.php');
    
    if ( isset($_GET['hide']) )
    {
      if ( is_a($oDB,'cDT') )
      {
        if ( !empty($strIp) ) $strWhere .= $strIp;
        $strWhere .= '-y';
        $arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
        foreach($arr as $str)
        {
        $oPost = new cPost();
        $oPost->id = $str;
        $oPost->SetStatus('n');
        }
      }
      else
      {
        if ( !empty($strIp) )$strWhere .= ' AND ip="'.$strIp.'"';
        $oDB->Query('UPDATE '.TABMESSAGE.' SET visible="N" WHERE id>=0 AND '.$strWhere);
      }
    }
    if ( isset($_GET['unhide']) )
    {
      if ( is_a($oDB,'cDT') )
      {
        if ( !empty($strIp) ) $strWhere .= $strIp;
        $strWhere .= '-n';
        $arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
        foreach($arr as $strFile)
        {
        $oPost = new cPost();
        $oPost->id = $strFile;
        $oPost->SetStatus('y');
        }
      }
      else
      {
        if ( !empty($strIp) ) $strWhere .= ' AND ip="'.$strIp.'"';
        $oDB->Query('UPDATE '.TABMESSAGE.' SET visible="Y" WHERE id>=0 AND '.$strWhere);
      }
    }
    if ( isset($_GET['delete']) )
    {
      if ( is_a($oDB,'cDT') )
      {
        if ( !empty($strIp) ) $strWhere .= $strIp;
        $arr = $oDB->GetFiles($strWhere,0,$strDate,$strDate,false);
        foreach($arr as $strFile)
        {
        $oPost = new cPost();
        $oPost->id = $strFile;
        $oPost->Delete();
        }
      }
      else
      {
        if ( !empty($strIp) ) $strWhere .= ' AND ip="'.$strIp.'"';
        $oDB->Query('DELETE FROM '.TABMESSAGE.' WHERE id>=0 AND '.$strWhere);
      }
    }
    
    echo '<h1>',$L['Update_successfull'],'</h1>';
    echo '
    <p><a id="exiturl" href="qtg_adm_msg.php">',$L['Messages'],'</a></p>
    <script type="text/javascript">
    <!--
    setTimeout(\'window.location=document.getElementById("exiturl").href\',1000);
    -->
    </script>
    ';
    include('qtg_p_footer.php');
    exit;
  }
  
  if ( isset($_GET['export']) )
  {
    // query
    
    if ( is_a($oDB,'cDT') )
    {
      if ( !empty($strIp) ) $strWhere .= $strIp;
      if ( !$bHidden ) $strWhere .= '-y';
      $oDB->GetFiles($strWhere,0,$strDate,$strDate);
      rsort($oDB->arrFiles);
      $oDB->curFiles=0;
    }
    else
    {
      $oDB->Query('SELECT * FROM '.TABMESSAGE.' WHERE id>=0 AND '.$strWhere.($bHidden ? '' : ' AND visible="Y"'));
    }
    
    // export
    
    if ( !headers_sent() )
    {
    header('Content-Type: text/plain; charset='.$strCharset);
    header('Content-Disposition: attachment; filename="qt_'.date('Ymd').'.'.$f);
    }

    while($row=$oDB->Getrow())
    {    
      $oPost = new cPost($row);
     
      if ( $bBbc || $bSmile )
      {
        if ( strstr($oPost->message,'[') )
        {
          if ( $bBbc )   $oPost->message=QTunbbc($oPost->message,true);
          if ( $bSmile ) $oPost->message=preg_replace('\[(\:|\;).\]','',$oPost->message);
        }
        if ( strstr($oPost->name,'[') )
        {
          if ( $bBbc )   $oPost->name=QTunbbc($oPost->name,true);
          if ( $bSmile ) $oPost->name=preg_replace('\[(\:|\;).\]','',$oPost->name);
        }
      }

      // uncode all html entities (requires php 4.3)
      $oPost->message = html_entity_decode($oPost->message,ENT_QUOTES,$strCharset);
      $oPost->name = html_entity_decode($oPost->name,ENT_QUOTES,$strCharset);
      $oPost->postfrom = html_entity_decode($oPost->postfrom,ENT_QUOTES,$strCharset);

      if ( $f=='txt' )
      {        
        echo $oPost->name;
        if ( !empty($oPost->userage) )   echo " ($oPost->userage)";
        if ( !empty($oPost->useremail) ) echo ", $oPost->useremail";
        if ( !empty($oPost->postfrom) )  echo ", $oPost->postfrom";
        if ( !empty($oPost->issuedate) ) echo " ".QTdatestr($oPost->issuedate,'j-n-Y',$qtg_formattime);
        echo "\r\n\r\n".$oPost->message;
        echo "\r\n___________________________\r\n\r\n";
      }
      if ( $f=='csv' )
      {
        $oPost->message = str_replace("\r\n","\n",$oPost->message);
        $oPost->message = str_replace("\n","\\n",$oPost->message);
        echo ToCsv($oPost->id).';';
        echo ToCsv($oPost->name).';';
        echo ToCsv($oPost->userage).';';
        echo ToCsv($oPost->useremail).';';
        echo ToCsv($oPost->postfrom).';';
        echo ToCsv(QTdatestr($oPost->issuedate,'Y-m-d','H:i')).';';
        echo ToCsv($oPost->y).';';
        echo ToCsv($oPost->x).';';
        echo ToCsv($oPost->z).';';
        echo ToCsv($oPost->message).';';
        echo "\r\n";
      }
    }
    exit;  
  }
}

// --------
// HTML START
// --------

include('qtg_p_header.php');
include('qtg_adm_menu.php');

if ( !isset($_GET['a']) ) die ('Missing argument [a]');
$a = substr($_GET['a'],0,6);

if ( $a=='Export' )
{
$arr = array(
"ISO-8859-1"=>"ISO-8859-1 (Western European, Latin-1)",
"ISO-8859-15"=>"ISO-8859-15 (Western European, Latin-9)",
"UTF-8"=>"UTF-8 (ASCII compatible multi-byte 8-bit Unicode)",
"cp1251"=>"cp1251 (Windows-specific Cyrillic charset)",
"cp1252"=>"cp1252 (Windows specific charset for Western European)");
echo '
<h1>',$L['Export'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
',$L['Format'],'&nbsp;<select name="f">
<option value="txt">Text</option>
<option value="csv">CSV</option>
</select>&nbsp; Charset
<select name="charset">
',QTasTag($arr,$strCharset),'
</select><br/><br/>
',$L['Include_hidden'],'&nbsp;<select name="h">
<option value="Y"',($bHidden ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bHidden ? QSEL : ''),'>',$L['No'],'</option>
</select>&nbsp;&nbsp;
',$L['Drop_bbc'],'&nbsp;<select name="b">
<option value="Y"',($bBbc ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bBbc ? QSEL : ''),'>',$L['No'],'</option>
</select>&nbsp;&nbsp;
',$L['Drop_smile'],'&nbsp;<select name="s">
<option value="Y"',($bSmile ? QSEL : ''),'>',$L['Yes'],'</option>
<option value="N"',(!$bSmile ? QSEL : ''),'>',$L['No'],'</option>
</select>&nbsp;&nbsp;
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="export" value="',$L['Ok'],'"/>
</form></p>
';
}
if ( $a=='Hide' )
{
echo '
<h1>',$L['Hide'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="hide" value="',$L['Hide'],' !"/>
</form></p>
';
}
if ( $a=='Unhide' )
{
echo '
<h1>',$L['Unhide'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="unhide" value="',$L['Unhide'],' !"/>
</form></p>
';
}
if ( $a=='Delete' )
{
echo '
<h1>',$L['Delete'],' ',$intNum,' ',$L['Messages'],'</h1>
<p><form method="get" action="',Href('qtg_adm_medit_exe.php'),'">
<input type="hidden" name="y" value="',$intYear,'"/>
<input type="hidden" name="m" value="',$intMonth,'"/>
<input type="hidden" name="ip" value="',$strIp,'"/>
<input type="hidden" name="n" value="',$intNum,'"/>
<input type="submit" name="delete" value="',$L['Delete'],' !"/>
</form></p>
';
}

// --------
// HTML END
// --------

include('qtg_p_footer.php');

?>
Return current item: Quick Guestbook