<?php
SESSION_START();
//Stillsoft's RS v1.0 - Faisal Tasleem's édition
//15:57 17/july/2009 French Standard Time.
//includes/core_reviewing.php
if($_SESSION["admin"] == "yes")
{
require("../includes/configuration.php");
if($core_reviw == "allowed")
{
if($_GET["action"] == "deletethisart")
{
if(is_numeric($_GET["artid"]))
{
$artkey = $_GET["artid"];
$deletecheck = mysql_query("SELECT * from articles where art_key = $artkey");
$deletecheckresult = mysql_fetch_array($deletecheck);
$catid = $deletecheckresult["art_cat"];
if($deletecheckresult == "")
{
SB_error("Sorry, but this already doesn't exist, it might be because it is already deleted...!");
}else
{
$deletearticle = mysql_query("DELETE FROM articles where art_key = $artkey;");
$deletereplies = mysql_query("DELETE FROM comments where art_id = $artkey;");
echo "<h3>This article and all of it's replies, comments and ratings are deleted...!</h3><br> You will be taken back to the category now!!!";
echo "<meta http-equiv=\"REFRESH\" content=\"5;URL=?category=$catid\">";
}
}else{
SB_error("Invalid article ID!");
}
}elseif($_GET["action"] == "guest_posting")
{
$security = md5(SESSION_ID());
if($_GET["post"] == "yes")
{
if(secure($_POST["security"] == $security))
{
$poster = secure($_POST["poster"]);
$title = secure($_POST["title"]);
$cover = secure($_POST["cover"]);
$review = mysql_real_escape_string("$_POST[review]");
$rating_on = secure($_POST["rating"]);
$rating_off = commentsrat($rating_on);
$category = secure($_POST["category"]);
if($title == "")
{
echo "<br>title field can't be left blank :(";
}else
{
$seco1 = "1";
}
if($cover == "")
{
echo "<br>cover field is blank...!";
}else
{
$seco2 = "1";
}
if($review == "")
{
echo "<br>review field can't be left blank...!";
}else
{
$seco3 = "1";
}
$secofinale = $seco1 + $seco2 + $seco3;
if($secofinale == "3")
{
if($guest_article_approval == "yes")
{
$query = mysql_query("INSERT INTO articles_guest (article_title, article_cover, article_message, article_category, art_rating, rating_off, article_poster) VALUES (\"$title\",\"$cover\",\"$review\",\"$category\",\"$rating_on\",\"$rating_off\",\"$poster\"); ");
echo "<h1>Congratulations,</h1>";
echo "<br> Your article is submitted successfully to be approved, your article will be published on the correct category once it is approved by one of our staff...";
echo "You will be taken to homepage in 5 seconds...";
echo "<meta http-equiv=\"REFRESH\" content=\"5;URL=?show=home\">";
}elseif($guest_article_approval == "no")
{
$query_direct = mysql_query("INSERT INTO articles (art_title, art_url, art_message, art_cat, art_rating, rating_off, article_poster) VALUES (\"$title\",\"$cover\",\"$review\",\"$category\",\"$rating_on\",\"$rating_off\",\"$poster\"); ");
echo "Your article is posted successfully, Click <a href=\"?category=$category\">me</a> to watch your article...";
echo "<br>";
echo "In 5 seconds you will be taken to the category of the article you posted...";
echo "<meta http-equiv=\"REFRESH\" content=\"5;URL=?category=$category\">";
}else
{
echo "A problem occured while processing your request, please check /includes/configuration.php and look for guest_article_approval, set it to yes or no...";
}
}else
{
echo "<table width=\"100%\">
<tr>
<td>
<h3 align=\"center\"><font face=\"Comic Sans MS\">Posting a new article as a
guest :</font></h3>
<form method=\"POST\" action=\"?action=guest_posting&post=yes\">
<p align=\"center\">Your name :
<input type=\"text\" name=\"poster\" size=\"20\"></p>
<p align=\"center\">Article title :
<input type=\"text\" name=\"title\" size=\"22\"></p>
<p align=\"center\">Article cover :
<input type=\"text\" name=\"cover\" size=\"20\"></p>
<p align=\"center\">Article review :
<textarea rows=\"3\" name=\"review\" cols=\"16\"></textarea></p>
<p align=\"center\">How many starts? : <select size=\"1\" name=\"rating\">
<option selected value=\"1\">1 out of 5</option>
<option value=\"2\">2 out of 5</option>
<option value=\"3\">3 out of 5</option>
<option value=\"4\">4 out of 5</option>
<option value=\"5\">5 out of 5</option>
</select></p>
<p align=\"center\">Category : <select size=\"1\" name=\"category\">";
$qgettingcat = mysql_query("SELECT * from cats");
while($qgettingresult = mysql_fetch_array($qgettingcat))
{
echo "<option value=\"$qgettingresult[cat_id]\">$qgettingresult[cat_name]</option>";
}
echo "</select></p>
<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* Article cover is an
image (photo) link, such as logo, slogan or photo. The link must be
a hot link.</font></p>";
if($guest_article_approval == "yes")
{
echo "<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* All the submitted
articles are reviewed by humans <b>before</b> being published on
site...</font></p>";
}
echo "<p align=\"left\"> <table width=\"100%\" bgcolor=\"#FF0066\">
<tr>
<td>
<p align=\"center\"> Security :
<input type=\"text\" name=\"security\" size=\"39\"> <p align=\"center\"> kjljhsur88rakly3<font color=\"brown\">$security</font>5678465bbchk<p align=\"center\"><img src=\"images/please_copy.png\"> </td>
</tr>
</table></p>
<p align=\"center\">
<input type=\"submit\" value=\"Submit\" name=\"Submit\" style=\"font-weight: 700\"><input type=\"reset\" value=\"Reset Fields\" name=\"reset\"></p>
</form>
</td>
</tr>
</table>";
}
}else
{
echo "<font color=\"RED\"> Sorry, the security key is invalid, please copy the brown text into the box and resubmit.</font>";
echo "<table width=\"100%\">
<tr>
<td>
<h3 align=\"center\"><font face=\"Comic Sans MS\">Posting a new article as a
guest :</font></h3>
<form method=\"POST\" action=\"?action=guest_posting&post=yes\">
<p align=\"center\">Your name :
<input type=\"text\" name=\"poster\" size=\"20\"></p>
<p align=\"center\">Article title :
<input type=\"text\" name=\"title\" size=\"22\"></p>
<p align=\"center\">Article cover :
<input type=\"text\" name=\"cover\" size=\"20\"></p>
<p align=\"center\">Article review :
<textarea rows=\"3\" name=\"review\" cols=\"16\"></textarea></p>
<p align=\"center\">How many starts? : <select size=\"1\" name=\"rating\">
<option selected value=\"1\">1 out of 5</option>
<option value=\"2\">2 out of 5</option>
<option value=\"3\">3 out of 5</option>
<option value=\"4\">4 out of 5</option>
<option value=\"5\">5 out of 5</option>
</select></p>
<p align=\"center\">Select a category : <select size=\"1\" name=\"category\">";
$qgettingcat = mysql_query("SELECT * from cats");
while($qgettingresult = mysql_fetch_array($qgettingcat))
{
echo "<option value=\"$qgettingresult[cat_id]\">$qgettingresult[cat_name]</option>";
}
echo "</select></p>
<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* Article cover is an
image (photo) link, such as logo, slogan or photo. The link must be
a hot link.</font></p>";
if($guest_article_approval == "yes")
{
echo "<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* All the submitted
articles are reviewed by humans <b>before</b> being published on
site...</font></p>";
}
echo "<p align=\"left\"> <table width=\"100%\" bgcolor=\"#FF0066\">
<tr>
<td>
<p align=\"center\"> Security :
<input type=\"text\" name=\"security\" size=\"39\"> <p align=\"center\"> kjljhsur88rakly3<font color=\"brown\">$security</font>5678465bbchk<p align=\"center\"><img src=\"images/please_copy.png\"> </td>
</tr>
</table></p>
<p align=\"center\">
<input type=\"submit\" value=\"Submit\" name=\"Submit\" style=\"font-weight: 700\"><input type=\"reset\" value=\"Reset Fields\" name=\"reset\"></p>
</form>
</td>
</tr>
</table>";
}
}
else
{
echo "<table width=\"100%\">
<tr>
<td>
<h3 align=\"center\"><font face=\"Comic Sans MS\">Posting a new article as a
guest :</font></h3>
<form method=\"POST\" action=\"?action=guest_posting&post=yes\">
<p align=\"center\">Your name :
<input type=\"text\" name=\"poster\" size=\"20\"></p>
<p align=\"center\">Article title :
<input type=\"text\" name=\"title\" size=\"22\"></p>
<p align=\"center\">Article cover :
<input type=\"text\" name=\"cover\" size=\"20\"></p>
<p align=\"center\">Article review :
<textarea rows=\"3\" name=\"review\" cols=\"16\"></textarea></p>
<p align=\"center\">How many starts? : <select size=\"1\" name=\"rating\">
<option selected value=\"1\">1 out of 5</option>
<option value=\"2\">2 out of 5</option>
<option value=\"3\">3 out of 5</option>
<option value=\"4\">4 out of 5</option>
<option value=\"5\">5 out of 5</option>
</select></p>
<p align=\"center\">Select a category : <select size=\"1\" name=\"category\">";
$qgettingcat = mysql_query("SELECT * from cats");
while($qgettingresult = mysql_fetch_array($qgettingcat))
{
echo "<option value=\"$qgettingresult[cat_id]\">$qgettingresult[cat_name]</option>";
}
echo "</select></p>
<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* Article cover is an
image (photo) link, such as logo, slogan or photo. The link must be
a hot link.</font></p>
<p align=\"left\"><font size=\"1\" color=\"#FF0000\">* All the submitted
articles are reviewed by humans <b>before</b> being published on
site...</font></p>
<p align=\"left\"> <table width=\"100%\" bgcolor=\"#FF0066\">
<tr>
<td>
<p align=\"center\"> Security :
<input type=\"text\" name=\"security\" size=\"39\"> <p align=\"center\"> kjljhsur88rakly3<font color=\"brown\">$security</font>5678465bbchk<p align=\"center\"><img src=\"images/please_copy.png\"> </td>
</tr>
</table></p>
<p align=\"center\">
<input type=\"submit\" value=\"Submit\" name=\"Submit\" style=\"font-weight: 700\"><input type=\"reset\" value=\"Reset Fields\" name=\"reset\"></p>
</form>
</td>
</tr>
</table>";
}
}elseif($_GET["start"] && $_GET["category"])
{
$end = $_GET["start"];
$start = $end;
$cat = $_GET["category"];
if(!is_numeric("$end"))
{
SB_error("An attemp to invalid / wrong access to core information...");
}
$query6 = mysql_query("SELECT * from articles WHERE art_cat = $cat ORDER BY art_key DESC limit $end,10");
$results6 = mysql_fetch_array($query6);
if($results6 == "")
{
SB_error("Invalid article number or limit...");
}else
{
$query8 = mysql_query("SELECT * from articles WHERE art_cat = $cat ORDER BY art_key DESC limit $end,10");
while($results7 = mysql_fetch_array($query8))
{
echo "<table width=\"100%\">
<tr>
<td align=\"center\"><font face=\"Comic Sans MS\"><b>$results7[art_title]</b></font><p>
<i><b><font size=\"1\" face=\"\">posted by $results7[article_poster]</font></b></i><form method=\"POST\" action=\"?action=deletethisart&artid=$results7[art_key]\">
<p>
<input type=\"submit\" value=\"Delete this article >>>\" name=\"delete\" style=\"font-weight: 700\"></p>
<p>
<font size=\"1\" color=\"#FF0000\">The button will fully delete this article with
all the comments (replies) in it.</font></p>
</form></td>
<td align=\"center\" width=\"157\">
<a href=\"?article=$results7[art_key]&start=$start\">
<img border=\"0\" src=\"$results7[art_url]\" width=\"157\" height=\"141\"></a></td>
</tr>
</table>
<hr><br>";
}
}
$endstart = $end+10;
$endback = $end-10;
$query7 = mysql_query("SELECT * FROM articles where art_cat = $cat ORDER BY art_key DESC LIMIT $endstart,10");
$see7 = mysql_fetch_array($query7);
if($see7 == "")
{
echo "<form method=\"POST\" action=\"?category=$cat&start=$endback\">
<p align=\"center\">
<input type=\"submit\" value=\"<<< Back\" name=\"next\" style=\"font-weight: 700\"></p>
</form>";
}else
{
echo "<table width=\"100%\">
<tr>
<td>
<form method=\"POST\" action=\"?category=$cat&start=$endback\">
<p align=\"center\">
<input type=\"submit\" value=\"<<< Back\" name=\"next\" style=\"font-weight: 700\"></p>
</form>
</td>
<td> <form method=\"POST\" action=\"?category=$cat&start=$endstart\">
<p align=\"center\">
<input type=\"submit\" value=\"Next >>>\" name=\"next\" style=\"font-weight: 700\"></p>
</form></td>
</tr>
</table>";
/*
echo "<form method=\"POST\" action=\"?category=$cat&start=$endstart\">
<p align=\"center\">
<input type=\"submit\" value=\"Next >>>\" name=\"next\" style=\"font-weight: 700\"></p>
</form>";
echo "<form method=\"POST\" action=\"?category=$cat&start=$endback\">
<p align=\"center\">
<input type=\"submit\" value=\"<<< Back\" name=\"next\" style=\"font-weight: 700\"></p>
</form>";
// */
}
}elseif($_GET["category"])
{
if(is_numeric($_GET["category"]))
{
$cat = $_GET["category"];
$query1 = mysql_query("SELECT * FROM cats where cat_id = $cat");
$cat_info = mysql_fetch_array($query1);
$query2 = mysql_query("SELECT * FROM articles where art_cat = $cat");
$art_info = mysql_fetch_array($query2);
if($cat_info == "")
{
SB_error("Sorry, Invalid category ID...");
}else
{
if($art_info == "")
{
echo "Sorry, this cateogry doesn't have any article in it, would you like to be the first one to <a href=\"?action=guest_posting\">post</a>?";
}else
{
$cat = $_GET["category"];
$query2 = mysql_query("SELECT * FROM articles where art_cat = $cat ORDER BY art_key DESC LIMIT 0,10");
while($art_infos = mysql_fetch_array($query2))
{
/* echo "<table width=\"100%\">
<tr>
<td align=\"center\"><font face=\"Comic Sans MS\"><b>$art_infos[art_title]</b></font><p>
<i><b><font size=\"1\" face=\"\">posted by $art_infos[article_poster]</font></b></i></td>
<td align=\"center\">
<a href=\"?article=$art_infos[art_key]\">
<img border=\"0\" src=\"$art_infos[art_url]\" width=\"157\" height=\"141\"></a></td>
</tr>
</table>
<hr><br>"; */
echo "<table width=\"100%\">
<tr>
<td align=\"center\"><font face=\"Comic Sans MS\"><b>$art_infos[art_title]</b></font><p>
<i><b><font size=\"1\" face=\"\">posted by $art_infos[article_poster]</font></b></i>
<form method=\"POST\" action=\"?action=deletethisart&artid=$art_infos[art_key]\">
<p>
<input type=\"submit\" value=\"Delete this article >>>\" name=\"delete\" style=\"font-weight: 700\"></p>
<p>
<font size=\"1\" color=\"#FF0000\">The button will fully delete this article with
all the comments (replies) in it.</font></p>
</form>
</td>
<td align=\"center\" width=\"157\">
<a href=\"?article=$art_infos[art_key]\">
<img border=\"0\" src=\"$art_infos[art_url]\" width=\"157\" height=\"141\"></a></td>
</tr>
</table>
<hr><br>";
}
$query3 = mysql_query("SELECT * FROM articles where art_cat = $cat ORDER BY art_key DESC LIMIT 20,10");
$see10 = mysql_fetch_array($query3);
if($see10 == "")
{
}else
{
echo "<form method=\"POST\" action=\"?category=$cat&start=10\">
<p align=\"center\">
<input type=\"submit\" value=\"Next >>>\" name=\"next\" style=\"font-weight: 700\"></p>
</form>";
}
}
}
}else
{
SB_error("Sorry, Invalid category ID...");
exit();
}
}
elseif($_GET["article"])
{
if(is_numeric($_GET["article"]))
{
$art = $_GET["article"];
$query2 = mysql_query("SELECT * FROM articles where art_key = $art");
$art_info = mysql_fetch_array($query2);
if($art_info == "")
{
SB_error("Sorry, Invalid article ID...");
exit();
}
}else
{
SB_error("Sorry, Invalid article ID...");
exit();
}
$art = $_GET["article"];
$startnext = $_GET["start"];
$articleshow = mysql_query("SELECT * from articles where art_key = $art");
$articleshows = mysql_fetch_array($articleshow);
echo "<table width=\"100%\">
<tr>
<td>
<p align=\"center\"><b><font size=\"4\" face=\"Comic Sans MS\">$articleshows[art_title]</font></b></p>
<p align=\"center\"><font face=\"Arial\">";
$mess = nl2br(stripslashes($articleshows["art_message"]));
echo $mess;
echo "</font></p>
<p align=\"right\"><font face=\"Arial\" size=\"1\"><i>Posted by
$articleshows[article_poster]</i></font></td>
<td>
<img border=\"0\" src=\"$articleshows[art_url]\" width=\"250\" height=\"200\">
<p>";
echo "<p align=\"center\">";
rating_on($art);
rating_off($art);
echo "</p>";
echo "</td>
</tr>
</table>";
$cattoback = mysql_query("SELECT art_cat from articles where art_key = $art");
$cattoback1 = mysql_fetch_array($cattoback);
$catbacking = $cattoback1["art_cat"];
if($startnext == "")
{
echo "<form method=\"POST\" action=\"?category=$catbacking\">
<p>
<input type=\"submit\" value=\"<< Back to article list\" name=\"back\" style=\"font-weight: 700\"></p>
</form>";
}else
{
echo "<form method=\"POST\" action=\"?category=$catbacking&start=$startnext\">
<p>
<input type=\"submit\" value=\"<< Back to article list\" name=\"back\" style=\"font-weight: 700\"></p>
</form>";
}
echo "<hr>";
$access_core_comments = "allowed";
//echo "<p> <marquee style=\"font-family: Comic Sans MS; font-size: 14pt\" behavior=\"alternate\">~ Comments ~</marquee></p>";
require("core_comments.php");
$access_core_commentpost = "allowed";
require("core_commentspost.php");
}else{
require("editme.php");
}
}else
{
echo "An attempt to invalid access!";
exit();
}
}else
{
echo " An attempt to invalid access!";
}
?>