summary refs log tree commit diff stats
path: root/pages/admin.php
diff options
context:
space:
mode:
Diffstat (limited to 'pages/admin.php')
-rwxr-xr-xpages/admin.php64
1 files changed, 36 insertions, 28 deletions
diff --git a/pages/admin.php b/pages/admin.php index 8534d91..56542f9 100755 --- a/pages/admin.php +++ b/pages/admin.php
@@ -37,9 +37,11 @@ if (isLoggedIn())
37 { 37 {
38 $template = new FITemplate('admin/write'); 38 $template = new FITemplate('admin/write');
39 } else { 39 } else {
40 $tags = mysql_real_escape_string(serialize(explode(',', $_POST['tags'])));
41
40 if ($_POST['type'] == 'draft') 42 if ($_POST['type'] == 'draft')
41 { 43 {
42 $insdraft = "INSERT INTO drafts (title,author,text,tag1,tag2,tag3,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $_POST['tag1'] . "\",\"" . $_POST['tag2'] . "\",\"" . $_POST['tag3'] . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 44 $insdraft = "INSERT INTO drafts (title,author,text,tags,slug) VALUES (\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $tags . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
43 $insdraft2 = mysql_query($insdraft); 45 $insdraft2 = mysql_query($insdraft);
44 46
45 $getdraft = "SELECT * FROM drafts ORDER BY id DESC LIMIT 0,1"; 47 $getdraft = "SELECT * FROM drafts ORDER BY id DESC LIMIT 0,1";
@@ -50,7 +52,7 @@ if (isLoggedIn())
50 $template->add('ID', $getdraft3['id']); 52 $template->add('ID', $getdraft3['id']);
51 } else if ($_POST['type'] == 'instant') 53 } else if ($_POST['type'] == 'instant')
52 { 54 {
53 postBlogPost($_POST['title'], sess_get('uname'), $_POST['tag1'], $_POST['tag2'], $_POST['tag3'], $_POST['text']); 55 postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']);
54 56
55 $getpost = "SELECT * FROM updates ORDER BY id DESC LIMIT 0,1"; 57 $getpost = "SELECT * FROM updates ORDER BY id DESC LIMIT 0,1";
56 $getpost2 = mysql_query($getpost); 58 $getpost2 = mysql_query($getpost);
@@ -86,7 +88,7 @@ if (isLoggedIn())
86 generateError(404); 88 generateError(404);
87 } 89 }
88 90
89 $inspending = "INSERT INTO pending (id,title,author,text,tag1,tag2,tag3,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $_POST['tag1'] . "\",\"" . $_POST['tag2'] . "\",\"" . $_POST['tag3'] . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 91 $inspending = "INSERT INTO pending (id,title,author,text,tags,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $tags . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
90 $inspending2 = mysql_query($inspending); 92 $inspending2 = mysql_query($inspending);
91 93
92 $template = new FITemplate('admin/pendingSuccess'); 94 $template = new FITemplate('admin/pendingSuccess');
@@ -120,21 +122,21 @@ if (isLoggedIn())
120 $template = new FITemplate('admin/editDraft'); 122 $template = new FITemplate('admin/editDraft');
121 $template->add('ID', $_GET['id']); 123 $template->add('ID', $_GET['id']);
122 $template->add('TEXT', $getdraft3['text']); 124 $template->add('TEXT', $getdraft3['text']);
123 $template->add('TAG1', $getdraft3['tag1']); 125 $template->add('TAGS', implode(',', unserialize($getdraft3['tags'])));
124 $template->add('TAG2', $getdraft3['tag2']);
125 $template->add('TAG3', $getdraft3['tag3']);
126 $template->add('TITLE', $getdraft3['title']); 126 $template->add('TITLE', $getdraft3['title']);
127 } else { 127 } else {
128 $tags = mysql_real_escape_string(serialize(explode(',', $_POST['tags'])));
129
128 if ($_POST['type'] == 'draft') 130 if ($_POST['type'] == 'draft')
129 { 131 {
130 $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; 132 $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tags = \"" . $tags . "\" WHERE id = " . $_GET['id'];
131 $setdraft2 = mysql_query($setdraft); 133 $setdraft2 = mysql_query($setdraft);
132 134
133 $template = new FITemplate('admin/draftSuccess'); 135 $template = new FITemplate('admin/draftSuccess');
134 $template->add('ID', $_GET['id']); 136 $template->add('ID', $_GET['id']);
135 } else if ($_POST['type'] == 'instant') 137 } else if ($_POST['type'] == 'instant')
136 { 138 {
137 postBlogPost($_POST['title'], sess_get('uname'), $_POST['tag1'], $_POST['tag2'], $_POST['tag3'], $_POST['text']); 139 postBlogPost($_POST['title'], sess_get('uname'), $tags, $_POST['text']);
138 140
139 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; 141 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id'];
140 $deldraft2 = mysql_query($deldraft); 142 $deldraft2 = mysql_query($deldraft);
@@ -173,7 +175,7 @@ if (isLoggedIn())
173 generateError(404); 175 generateError(404);
174 } 176 }
175 177
176 $inspending = "INSERT INTO pending (id,title,author,text,tag1,tag2,tag3,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $_POST['tag1'] . "\",\"" . $_POST['tag2'] . "\",\"" . $_POST['tag3'] . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; 178 $inspending = "INSERT INTO pending (id,title,author,text,tags,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $tags . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
177 $inspending2 = mysql_query($inspending); 179 $inspending2 = mysql_query($inspending);
178 180
179 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; 181 $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id'];
@@ -221,7 +223,7 @@ if (isLoggedIn())
221 { 223 {
222 $template = new FITemplate('post'); 224 $template = new FITemplate('post');
223 $template->adds_block('INTERNAL',array('exi'=>1)); 225 $template->adds_block('INTERNAL',array('exi'=>1));
224 $template->adds_block('POST', array( 'ID' => $getdraft3['id'], 226 $template->add_ref(0, 'POST', array( 'ID' => $getdraft3['id'],
225 'YEARID' => ((date('Y')-2006) % 4), 227 'YEARID' => ((date('Y')-2006) % 4),
226 'DATE' => date('F dS Y \a\\t g:i:s a'), 228 'DATE' => date('F dS Y \a\\t g:i:s a'),
227 'MONTH' => date('M'), 229 'MONTH' => date('M'),
@@ -229,11 +231,14 @@ if (isLoggedIn())
229 'CODED' => $getdraft3['slug'], 231 'CODED' => $getdraft3['slug'],
230 'TITLE' => $getdraft3['title'], 232 'TITLE' => $getdraft3['title'],
231 'AUTHOR' => $getdraft3['author'], 233 'AUTHOR' => $getdraft3['author'],
232 'TAG1' => $getdraft3['tag1'],
233 'TAG2' => $getdraft3['tag2'],
234 'TAG3' => $getdraft3['tag3'],
235 'RATING' => 0, 234 'RATING' => 0,
236 'TEXT' => parseBBCode($getdraft3['text']))); 235 'TEXT' => parseBBCode($getdraft3['text'])));
236
237 $tags = unserialize($getdraft3['tags']);
238 foreach ($tags as $tag)
239 {
240 $template->adds_ref_sub(0, 'TAGS', array('TAG' => $tag));
241 }
237 } else { 242 } else {
238 $template = new FITemplate('msg'); 243 $template = new FITemplate('msg');
239 $template->add('BACK', 'the previous page'); 244 $template->add('BACK', 'the previous page');
@@ -266,12 +271,12 @@ if (isLoggedIn())
266 $template = new FITemplate('admin/editPending'); 271 $template = new FITemplate('admin/editPending');
267 $template->add('ID', $_GET['id']); 272 $template->add('ID', $_GET['id']);
268 $template->add('TEXT', $getpending3['text']); 273 $template->add('TEXT', $getpending3['text']);
269 $template->add('TAG1', $getpending3['tag1']); 274 $template->add('TAGS', implode(',', unserialize($getdraft3['tags'])));
270 $template->add('TAG2', $getpending3['tag2']);
271 $template->add('TAG3', $getpending3['tag3']);
272 $template->add('TITLE', $getpending3['title']); 275 $template->add('TITLE', $getpending3['title']);
273 } else { 276 } else {
274 $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; 277 $tags = mysql_real_escape_string(serialize(explode(',', $_POST['tags'])));
278
279 $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tags = \"" . $tags . "\" WHERE id = " . $_GET['id'];
275 $setpending2 = mysql_query($setpending); 280 $setpending2 = mysql_query($setpending);
276 281
277 $template = new FITemplate('admin/pendingSuccess'); 282 $template = new FITemplate('admin/pendingSuccess');
@@ -315,7 +320,7 @@ if (isLoggedIn())
315 { 320 {
316 $template = new FITemplate('post'); 321 $template = new FITemplate('post');
317 $template->adds_block('INTERNAL',array('exi'=>1)); 322 $template->adds_block('INTERNAL',array('exi'=>1));
318 $template->adds_block('POST', array( 'ID' => $getpending3['id'], 323 $template->add_ref(0, 'POST', array( 'ID' => $getpending3['id'],
319 'YEARID' => ((date('Y')-2006) % 4), 324 'YEARID' => ((date('Y')-2006) % 4),
320 'DATE' => date('F dS Y \a\\t g:i:s a'), 325 'DATE' => date('F dS Y \a\\t g:i:s a'),
321 'MONTH' => date('M'), 326 'MONTH' => date('M'),
@@ -323,11 +328,14 @@ if (isLoggedIn())
323 'CODED' => $getpending3['slug'], 328 'CODED' => $getpending3['slug'],
324 'TITLE' => $getpending3['title'], 329 'TITLE' => $getpending3['title'],
325 'AUTHOR' => $getpending3['author'], 330 'AUTHOR' => $getpending3['author'],
326 'TAG1' => $getpending3['tag1'],
327 'TAG2' => $getpending3['tag2'],
328 'TAG3' => $getpending3['tag3'],
329 'RATING' => 0, 331 'RATING' => 0,
330 'TEXT' => parseBBCode($getpending3['text']))); 332 'TEXT' => parseBBCode($getpending3['text'])));
333
334 $tags = unserialize($getpending3['tags']);
335 foreach ($tags as $tag)
336 {
337 $template->adds_ref_sub(0, 'TAGS', array('TAG' => $tag));
338 }
331 } else { 339 } else {
332 $template = new FITemplate('msg'); 340 $template = new FITemplate('msg');
333 $template->add('BACK', 'the previous page'); 341 $template->add('BACK', 'the previous page');
@@ -376,10 +384,10 @@ if (isLoggedIn())
376 $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id']; 384 $delpending = "DELETE FROM pending WHERE id = " . $_GET['id'] . " OR id = " . $otherPending['id'];
377 $delpending2 = mysql_query($delpending); 385 $delpending2 = mysql_query($delpending);
378 386
379 $inspending = "INSERT INTO pending (id, title, author, text, tag1, tag2, tag3, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['tag1'] . "\",\"" . $otherPending['tag2'] . "\",\"" . $otherPending['tag3'] . "\",\"" . $otherPending['slug'] . "\")"; 387 $inspending = "INSERT INTO pending (id, title, author, text, tags, slug) VALUES (" . $_GET['id'] . ",\"" . $otherPending['title'] . "\",\"" . $otherPending['author'] . "\",\"" . $otherPending['text'] . "\",\"" . $otherPending['tags'] . "\",\"" . $otherPending['slug'] . "\")";
380 $inspending2 = mysql_query($inspending); 388 $inspending2 = mysql_query($inspending);
381 389
382 $ins2pending = "INSERT INTO pending (id, title, author, text, tag1, tag2, tag3, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['tag1'] . "\",\"" . $getpending3['tag2'] . "\",\"" . $getpending3['tag3'] . "\",\"" . $getpending3['slug'] . "\")"; 390 $ins2pending = "INSERT INTO pending (id, title, author, text, tags, slug) VALUES (" . $otherPending['id'] . ",\"" . $getpending3['title'] . "\",\"" . $getpending3['author'] . "\",\"" . $getpending3['text'] . "\",\"" . $getpending3['tags'] . "\",\"" . $getpending3['slug'] . "\")";
383 $ins2pending2 = mysql_query($ins2pending); 391 $ins2pending2 = mysql_query($ins2pending);
384 392
385 $template = new FITemplate('admin/managePending'); 393 $template = new FITemplate('admin/managePending');
@@ -428,12 +436,12 @@ if (isLoggedIn())
428 $template = new FITemplate('admin/editPost'); 436 $template = new FITemplate('admin/editPost');
429 $template->add('ID', $_GET['id']); 437 $template->add('ID', $_GET['id']);
430 $template->add('TEXT', $getpost3['text']); 438 $template->add('TEXT', $getpost3['text']);
431 $template->add('TAG1', $getpost3['tag1']); 439 $template->add('TAGS', implode(',', unserialize($getpost3['tags'])));
432 $template->add('TAG2', $getpost3['tag2']);
433 $template->add('TAG3', $getpost3['tag3']);
434 $template->add('TITLE', $getpost3['title']); 440 $template->add('TITLE', $getpost3['title']);
435 } else { 441 } else {
436 $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; 442 $tags = mysql_real_escape_string(serialize(explode(',', $_POST['tags'])));
443
444 $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tags = \"" . $tags . "\" WHERE id = " . $_GET['id'];
437 $setpost2 = mysql_query($setpost); 445 $setpost2 = mysql_query($setpost);
438 446
439 $template = new FITemplate('admin/postSuccess'); 447 $template = new FITemplate('admin/postSuccess');