'.article_form().'
';
} elseif ($do == "p") { //if new form submitted
//quick permission check (redir to error)
if ($globalvars['rank'][10] == 0) {
header("Location: index.php?do=permissiondenied");
die();
}
//now, if this user needs approval to post, we'll set the approve to 0 (which is 'no', or not approved) ELSE, 1
if ($globalvars['rank'][10] == 2) {
$data['approved'] = 0;
} elseif ($globalvars['rank'][10] == 1) {
$data['approved'] = 1;
}
if (isset($_POST)) {
$proceed = "yes"; //for verification later
//define new item array from POST data
$data['article_title'] = $_POST['article_title'];
$data['article_subtitle'] = $_POST['article_subtitle'];
$data['article_cat'] = $_POST['article_cat'];
$data['article_text'] = $_POST['article_text'];
$data['article_exptext'] = $_POST['article_exptext'];
$data['acchecked'] = $_POST['acchecked'];
$data['achecked'] = $_POST['achecked'];;
$data['start_date'] = $_POST['start_date'];
$data['end_date'] = $_POST['end_date'];
// we already have this set, nulled out here for reference
// $data['approved'] = "0";
$error_message = '';
if (!trim($data['article_title'])) {
$proceed = "no";
$error_message = $error_message.'
A category is necessary. You should NOT recieve this message, something is wrong. Make sure you have a category defined.
';
}
//check to see if user is ALLOWED to post to this category
if (!strstr($_SESSION['category_list'], $data['article_cat']) && !strstr($_SESSION['category_list'], 'all')) {
$proceed = "no";
$error_message = $error_message.'
Your rank is not allowed to post to this category.
';
}
//convert start and end date times | function will do everything, it also returns errors.
if ($data['start_date']) {
$unixtime['start'] = validate_date($data,'start');
}
if ($data['end_date']) {
$unixtime['end'] = validate_date($data,'end');
}
if ($data['achecked'] == "") { //if no value (not selected)
$data['achecked'] = 1;
}
if ($data['acchecked'] == "") { //if no value (not selected)
$data['acchecked'] = 1;
}
//new article process (clean data, then submit to database)
foreach ($data as $key => $value) {
//clean data (SQL injection security)
$data[$key] = clean_data($value);
}
if ($proceed == "yes") {
if ($_FILES['image']['name']) {
if (!$data['image'] = upload_image($_FILES['image'])) {
$proceed = "no";
$error_message .= '
The image upload returned an error, which means the file was not an image, or we had trouble moving the file to (images/uploads). Check the permissions for the directory.
';
}
}
if ($proceed == "yes") { //if we're STILL ok, even with file upload... we finish up.
//generate sef_url
$data['article_sef_title'] = create_sef($data['article_title']);
new_item($data,$_SESSION['username']); //submit the data(function in inc/function.php) with username
$globalvars['page_name'] = 'article success'; //set page name
$globalvars['page_image'] = 'success';
//send email
//send_mail($data['article_title'], "Hello,\nThe user '".$_SESSION['username']."' posted a new article at ".$_SERVER['HTTP_HOST'].".\nTitle: ".$data['article_title']."\nMain Article:\n".$data['article_text']."\n\nTo edit this article, go to: ".$globalvars['path_to_uri']."");
//set content for page success!
$content = "";
} else {
$globalvars['page_name'] = 'new article'; //set page name
$globalvars['page_image'] = 'error'; //error image
$error_message = $error_message.''; //end error message ordered list
//we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
$data['acchecked_check'] = ' checked="checked"';
}
if ($data['achecked'] == 0) { //if the article is NOT active, check the box
$data['achecked_check'] = ' checked="checked"';
}
$content = article_form(); //display form (function in function.php)
}
} else { //problem. display form with vars.
$globalvars['page_name'] = 'new article'; //set page name
$globalvars['page_image'] = 'error'; //error image
$error_message = $error_message.''; //end error message ordered list
//we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
$data['acchecked_check'] = ' checked="checked"';
}
if ($data['achecked'] == 0) { //if the article is NOT active, check the box
$data['achecked_check'] = ' checked="checked"';
}
$content = article_form(); //display form (function in function.php)
}
}
} elseif ($do == "edit") { //do elseif (edit)
//quick permission check (redir to error)
if ($globalvars['rank'][14] == 0) {
header("Location: index.php?do=permissiondenied");
die();
}
$globalvars['page_name'] = 'edit article'; //set page name
$globalvars['page_image'] = 'article management'; //set image
$news_id = clean_data($_GET['id']);
//sql and execution, grab update data from IP.
$get_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."articles WHERE id='$news_id' LIMIT 1");
$data = mysql_fetch_assoc($get_res) or die(mysql_error());
if ($data['start_date']) {
$data['start_date'] = date('m/d/Y',$data['start_date']);
}
if ($data['end_date']) {
$data['end_date'] = date('m/d/Y',$data['end_date']);
}
//define checked boxes...
if ($data['allow_comments'] == 0) { //if the article DISALLOWS comments, check the box
$data['acchecked_check'] = ' checked="checked"';
}
if ($data['active'] == 0) { //if the article is NOT active, check the box
$data['achecked_check'] = ' checked="checked"';
}
//display edit form
$content = article_form();
} elseif ($do == "editp") { //do elseif (edit process)
//quick permission check (redir to error)
if ($globalvars['rank'][14] == 0) {
header("Location: index.php?do=permissiondenied");
die();
}
$globalvars['page_name'] = 'edit article';
if (isset($_POST)) {
$proceed = "yes"; //for verification later
//define new item array from POST data
$data['article_title'] = $_POST['article_title'];
$data['article_subtitle'] = $_POST['article_subtitle'];
$data['article_cat'] = $_POST['article_cat'];
$data['article_text'] = $_POST['article_text'];
$data['article_exptext'] = $_POST['article_exptext'];
$data['acchecked'] = $_POST['acchecked'];
$data['achecked'] = $_POST['achecked'];
$data['start_date'] = $_POST['start_date'];
$data['end_date'] = $_POST['end_date'];
//now we need to check if the article is approved, and set the var accordingly for the form button for activation.
$approved_fetch = general_query("SELECT approved FROM ".$databaseinfo['prefix']."articles WHERE id='".$_POST['id']."' LIMIT 1", TRUE);
$data['approved'] = $approved_fetch['approved'];
$error_message = '';
if (!trim($data['article_title'])) {
$proceed = "no";
$error_message = $error_message.'
A category is necessary. You should NOT recieve this message, something is wrong. Make sure you have a category defined...
';
}
//check to see if user is ALLOWED to post to this category
if (!strstr($_SESSION['category_list'], $data['article_cat']) && !strstr($_SESSION['category_list'], 'all')) {
$proceed = "no";
$error_message = $error_message.'
Your rank is not allowed to post or edit articles in this category.
';
}
//convert start and end date times | function will do everything, it also returns errors.
if ($data['start_date']) {
$unixtime['start'] = validate_date($data,'start');
}
if ($data['end_date']) {
$unixtime['end'] = validate_date($data,'end');
}
if ($data['achecked'] == "") { //if no value (not selected)
$data['achecked'] = 1;
}
if ($data['acchecked'] == "") { //if no value (not selected)
$data['acchecked'] = 1;
}
//new article process (clean data, then submit to database)
foreach($data as $key => $value) {
//clean data (SQL injection security)
$data[$key] = clean_data($value);
}
if ($proceed == "yes") {
if ($_FILES['image']['name']) {
if (!$data['image'] = upload_image($_FILES['image'])) {
$proceed = "no";
$error_message .= '
The image upload returned an error, which means the file was not an image, or we had trouble moving the file to (images/uploads). Check the permissions for the directory.
';
}
}
if ($proceed == "yes") {
$data['id'] = $_POST['id'];
//generate sef_url
$data['article_sef_title'] = create_sef($data['article_title']);
edit_item($data,$_SESSION['username']); //submit the data(function in inc/function.php) with user
header("Location: article.php?do=edit&id=".$data['id']."&success=1");
} else { //edit error display form and errors
$globalvars['page_name'] = 'edit article'; //set page name
$globalvars['page_image'] = 'error';
$news_id = clean_data($_GET['id']);
$error_message = $error_message.''; //end error message ordered list
//if the form dates are correct, recreate the human readable for edit page...
if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
$data['acchecked_check'] = ' checked="checked"';
}
if ($data['achecked'] == 0) { //if the article is NOT active, check the box
$data['achecked_check'] = ' checked="checked"';
}
$content = article_form(); //display form (function in function.php)
}
} else {
$globalvars['page_name'] = 'edit article'; //set page name
$globalvars['page_image'] = 'error'; //error image
$news_id = clean_data($_GET['id']);
$error_message = $error_message.''; //end error message ordered list
//we have to convert the date back from the UNIX timestamp, IF it's in the correct format. (We already did this above)
if ($data['acchecked'] == 0) { //if the article DISALLOWS comments, check the box
$data['acchecked_check'] = ' checked="checked"';
}
if ($data['achecked'] == 0) { //if the article is NOT active, check the box
$data['achecked_check'] = ' checked="checked"';
}
$content = article_form(); //display form (function in function.php)
}
}
} elseif ($do == "activate") {
if ($globalvars['rank'][12] == 0) {
header("Location: index.php?do=permissiondenied");
die();
}
//activating the article, function and then redirect.
$id = $_GET['id'];
$action = $_GET['action'];
change_active_status($id, $action); //updates article, sets to active, and updates timestamp.
header("Location: article.php?do=edit&id=$id");
} elseif ($do == "comments") {
if ($_GET['action'] == 'delete') {
$items = $_POST; //get vars
if (!$items) { //if no items, avoid mysql error by just redirecting
header("Location: ?do=comments&id=".$_GET['id']."");
}
//we're going to create list of ids to be deleted from database.
foreach($items as $key=>$value) {
$items_f = $items_f."'$key',";
}
//remove last comma in list for SQL
$items_f = substr_replace($items_f,"",-1);
//delete the items in 'articles'
delete('comments',$items_f);
//we deleted comments; display success
$success .= '
The selected item(s) have been deleted.
';
//log this
log_this('delete_comments','User '.$_SESSION['username'].' has deleted the comments: "'.$items_f.'"');
}
//if the id isn't numeric, kill the script. Injection protection.
if (!is_numeric($_GET['id'])) { die("non numeric article id"); }
$id = $_GET['id'];
$globalvars['page_name'] = 'comment list';
$globalvars['page_image'] = 'none';
//now, we generate comments for this specific article
//get the template currently active in the installation
$template = fetch_template();
$fetch_com_res = general_query("SELECT * FROM ".$databaseinfo['prefix']."comments WHERE article_id='".$id."' AND approved='1'");
//for each row (or comment) generated, we translate the item and assign it to $content
while ($row = mysql_fetch_assoc($fetch_com_res)) {
$comment_list .= ''.translate_comment($row, $template['html_comment'], 'html_comment');
}
//if empty output (with comments)
if (trim($comment_list) == NULL && mysql_num_rows($fetch_com_res) > 0) {
$comment_list .= '
This article does have comments posted, however, no output was given. This is usually because your comment_template for your selected template is empty.