approve.php at Yet Another Link Directory

<?php
/******************************************************************************
* This file is part of Yet Another Link Directory.                            *
*                                                                             *
* Yet Another Link Directory is free software; you can redistribute it and/or *
* modify it under the terms of the GNU General Public License as published by *
* the Free Software Foundation; either version 2 of the License, or           *
* (at your option) any later version.                                         *
*                                                                             *
* Yet Another Link Directory is distributed in the hope that it will be       *
* useful, but WITHOUT ANY WARRANTY; without even the implied warranty of      *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               *
* GNU General Public License for more details.                                *
*                                                                             *
* You should have received a copy of the GNU General Public License           *
* along with Yet Another Link Directory; if not, write to the Free Software   *
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA  *
******************************************************************************/

require('../inc/config.php');
require('../inc/functions.php');
mysql_connect($mysql['host'],$mysql['username'],$mysql['password']);
mysql_select_db($mysql['db']);

$settings = getSettings();

session_start();

if(!isset($_SESSION['yald_admin_logged_in'])){
	header('Location: login.php');
	exit;
}

$template = file_get_contents('template.html');


if(isset($_GET['reject'])){
	$query = 'DELETE FROM `'.$settings['links_table'].'` WHERE id="'.mysql_safe($_GET['reject']).'"';
	mysql_query($query);
	$error = 'Link rejected successfully. <a href="'.$_SERVER['PHP_SELF'].'">OK</a>';
	logEvent('rej_link','0',urldecode($_GET['url']));
}
if(isset($_GET['approve'])){
	$query = 'UPDATE `'.$settings['links_table'].'` SET approved="true",dateapproved="'.time().'" WHERE id="'.mysql_safe($_GET['approve']).'"';
	mysql_query($query);
	$error = 'Links approved successfully. <a href="'.$_SERVER['PHP_SELF'].'">OK</a>';
	logEvent('app_link','0',urldecode($_GET['url']));
}

$yald_body = '';

if(isset($error)){
	$yald_body .= '<div align="center"><div class="errorbox"><b>'.$error.'</b></div></div>';
}

$yald_body .= '<strong>Approve Links:</strong><br /><br />';

if(numUnapprovedLinks()>0){
	$yald_body .= listUnapprovedLinks();
} else {
	$yald_body .= '<i>There are no links currently awaiting your approval.</i>';
}

$yald_head = '<script type="text/javascript">
function reject_link(linkid,linkurl){
input_box = confirm("Are you sure you want to delete that link?")
if(input_box==true){
window.location="'.$_SERVER['PHP_SELF'].'?reject="+linkid+"&url="+linkurl
}
}
</script>';

$template = admin_output('approve_links');

print $template;
?>