Location: PHPKode > projects > Sound PHP Engine > s-p-e-0.3.0/s-p-e-0.3.0/data/addnews.php
<?php
// ===================================================== 
// 
// s-p-e - Content management system. 
// Copyright (C) 2004, 2005, 2010, 2011 Vladimir B. Tsarkov
// 
// This file is part of s-p-e. 
// 
// s-p-e is free software; you can redistribute it and/or modify 
// it under the terms of the GNU General Public License as published by 
// the Free Software Foundation, either version 3 of the License, or 
// (at your option) any later version. 
// 
// s-p-e is distributed in the hope that it will be useful, 
// but WITHOUT ANY WARRANTY; without even the implied warranty of 
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 
// GNU General Public License for more details. 
// 
// You should have received a copy of the GNU General Public License 
// along with s-p-e. If not, see <http://www.gnu.org/licenses/>.
//
// ------
//
//  You can contact me via e-mail: lipetsk-gnu-lug at bk period ru
//
//  addnews.php
//
//  Abstract: Publications management.
//  
//  Revision History:
// 
//	1  2004-03-27 - 2005-07-02  vbt
//	2  2005-07-20  vbt
//	3  2005-09-18  vbt
//	4  2010-06-24  vbt
//	5  2011-01-21  vbt
//
// =====================================================
header("Content-Type: text/html; charset=UTF-8");

include("configure/specfg.php"); 
include("../include/functions.php");
cache();

session_set_save_handler("open", "close", "read", "write", "destroy", "gc");

session_start();

gc();

redirect(read(session_id()));

if(read(session_id()) == "user")
{
	language($cfg["deflangadmin"]); 	
	
	connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);

	if($login = auth($connector, session_id(), "user", $cfg["prefix"]))
	{
		echo "<html>
		<head>
		<title>".(_("Publications management"))."</title> 
		<link rel='stylesheet' type='text/css' href='../skin/".($cfg["skin"])."/style.css'>
		</head>
		<body>";	

		if(isset($_POST['partname']))
		{
			$partname = base64_decode($_POST['partname']);
		}
		
		if(isset($_POST['type']))
		{
			$type = base64_decode($_POST['type']);
		}
		
		if(isset($type) && $type == 110)
		{
			$length = 10;
		}
		
		if(isset($type) && $type == 111)
		{
			$length = 11;
		}
		
		if(isset($_POST['save']))
		{
			$save = $_POST['save'];
		}
		
		if(isset($_POST['update']))
		{
			$update = $_POST['update'];
		}
		
		if(isset($_POST['newtheme']))
		{			
			$newtheme = $_POST['newtheme'];
			$newtheme = trim($newtheme);
			$newtheme = addslashes($newtheme);
		}
		
		if(isset($_POST['newtext']))
		{
			$newtext = $_POST['newtext'];
			$newtext = str_replace("\n", "<br>", $newtext);
			$newtext = addslashes($newtext);
		}
		
		if(isset($_POST['newintro']))
		{
			$newintro = $_POST['newintro'];			
			$newintro = str_replace("\n", "<br>", $newintro);
			$newintro = addslashes($newintro);
		}
		
		if(isset($_POST['num']))
		{
			$num = base64_decode($_POST['num']);
		}
		
		if(isset($_POST['delete'])){
			$delete = $_POST['delete'];
		}
		
		if(isset($_POST['ndel'])){
			$ndel = $_POST['ndel'];
		}
		
		connect($cfg["host"], $cfg["user"], $cfg["password"], $cfg["database"], $connector);
		$result = mysql_query("select ".($cfg["prefix"])."lines.num 
			from ".($cfg["prefix"])."lines, ".($cfg["prefix"])."partition 
			where ".($cfg["prefix"])."lines.login='$login' 
			and ".($cfg["prefix"])."partition.partname='$partname' 
			and ".($cfg["prefix"])."partition.pnid=".($cfg["prefix"])."lines.partnameid", $connector) 
			or die("error #102-1");
		if(mysql_num_rows($result) == 0)
		{
			echo _("Access denied.");
		} 
		else 
		{		
			$result = mysql_query("select mail 
				from ".($cfg["prefix"])."security 
				where login='$login'") or die("error #102-2");
			while($row = mysql_fetch_array($result, MYSQL_NUM))
			{
				$mail = $row[0];
			}
			mysql_free_result($result);
			
			$result = mysql_query("select num, pnid 
				from ".($cfg["prefix"])."partition 
				where partname='$partname' and pnid regexp '^[0-9]{".($length)."}$'") 
				or die("error #102-3");
			while($row = mysql_fetch_array($result, MYSQL_NUM))
			{
				$partnum = $row[0];
				$pointer = $row[1];
			}
			mysql_free_result($result);
			if(isset($save))
			{				
				$maxlen = "60000";
				if(strlen($newintro) > $maxlen)
				  echo "<font class='negative'>
                                  ".(_("The introduction is longer than 60000 characters and cannot be saved."))."
				   </font>";
				else if(strlen($newtext) > $maxlen)
				  echo "<font class='negative'>
				  ".(_("The full text is longer than 60000 characters and cannot be saved."))."
				  </font>";
				else 
				{
				  mysql_query("insert into ".($cfg["prefix"].$pointer)."
				  (login, mail, theme, intro, text, date, timer) 
				  values ('$login', '$mail', '$newtheme', 
				  '$newintro', '$newtext', '".(date("Y-m-d"))."', now())") or die("error #102-4");
				  echo "<font class='positive'>".(_("Data saved successfully."))."</font>";						  }				
			}
	
			if(isset($update))
			{
				$maxlen = "60000";
				
				if(strlen($newintro) > $maxlen)
		  		  echo "<font class='negative'> 
				  ".(_("The introduction is longer than 60000 characters and cannot be saved."))."
				  </font>";
				else if(strlen($newtext) > $maxlen)
				  echo "<font class='negative'>
				  ".(_("The full text is longer than 60000 characters and cannot be saved."))."
				  </font>";
				else 
				{
				  mysql_query("update ".($cfg["prefix"].$pointer)." 
					set intro='$newintro', text='$newtext', robot=null
 					where num='$num'") 
					or die("error #102-5");

				  mysql_query("delete from ".($cfg["prefix"])."search 
					where id='$partnum' and number='$num'") or die("error #102-6");

				  echo "<font class='positive'>".(_("The entry was updated successfully."))."</font>";
				}
			}
	
			if(isset($delete))
			{				
				if($ndel == false)
				{
					$ndel = "n";
				} 
				if($ndel == "n")
				{
					echo _("Please, specify the entry to be removed.");
				}
				if($ndel != "n" && $ndel == true)
				{
					for($i = 0; $i < sizeof($ndel); $i++)
					{
						mysql_query("delete from ".($cfg["prefix"].$pointer)."
 							where num=$ndel[$i]", $connector) 
							or die("error #102-7");

						mysql_query("delete from ".($cfg["prefix"])."search 
							where id='$partnum' and number='$ndel[$i]'") 
							or die("error #102-8");
					}
					echo "<font class='positive'>
					".(_("The entry was removed successfully."))."
					</font>";
				}
			}
		}
		echo "<p>
		     <font class='s-normal'>
		     ".(_("Back to the"))." 
		     <a href='public.php?type=".(base64_encode($type))."'>".(_("s-p-e Publications' Page"))."</a>
		     </font>	
		</p>
		</body>
		</html>";
	} 
	else 
	{
		echo _("Access denied.");
	}
} 
else 
{
	echo _("Access denied.");
}

?>
Return current item: Sound PHP Engine