From 24503e3abe705acde2df159aeae61be0d009f92e Mon Sep 17 00:00:00 2001 From: Starla Insigna Date: Wed, 19 Nov 2008 17:27:03 -0500 Subject: Imported sources --- pages/admin.php | 661 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 661 insertions(+) create mode 100644 pages/admin.php (limited to 'pages/admin.php') diff --git a/pages/admin.php b/pages/admin.php new file mode 100644 index 0000000..ca7a7fa --- /dev/null +++ b/pages/admin.php @@ -0,0 +1,661 @@ +add('ID', $getdraft3['id']); + } else if ($_POST['type'] == 'instant') + { + postBlogPost($_POST['title'], sess_get('uname'), $_POST['tag1'], $_POST['tag2'], $_POST['tag3'], $_POST['text']); + + $getpost = "SELECT * FROM updates ORDER BY id DESC LIMIT 0,1"; + $getpost2 = mysql_query($getpost); + $getpost3 = mysql_fetch_array($getpost2); + + $template = new FITemplate('admin/postSuccess'); + $template->add('ID', $getpost3['id']); + $template->add('CODED', $getpost3['slug']); + } else { + if ($_POST['type'] == 'normal') + { + $getpending = "SELECT * FROM pending ORDER BY id DESC LIMIT 0,1"; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + if (isset($getpending3['id']) === FALSE) + { + $id = 50; + } else { + $id = $getpending3['id']+1; + } + } else if ($_POST['type'] == 'priority') + { + $getpending = "SELECT * FROM pending ORDER BY id ASC LIMIT 0,1"; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + if (isset($getpending3['id']) === FALSE) + { + $id = 50; + } else { + $id = $getpending3['id']-1; + } + } else { + generateError(404); + } + + $inspending = "INSERT INTO pending (id,title,author,text,tag1,tag2,tag3,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $_POST['tag1'] . "\",\"" . $_POST['tag2'] . "\",\"" . $_POST['tag3'] . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending2 = mysql_query($inspending); + + $template = new FITemplate('admin/pendingSuccess'); + $template->add('ID', $id); + } + } + } else if ($_GET['page'] == 'manageDrafts') + { + $template = new FITemplate('admin/manageDrafts'); + + $getdrafts = "SELECT * FROM drafts ORDER BY id ASC"; + $getdrafts2 = mysql_query($getdrafts); + $i=0; + while ($getdrafts3[$i] = mysql_fetch_array($getdrafts2)) + { + $template->adds_block('DRAFT', array( 'TITLE' => $getdrafts3[$i]['title'], + 'AUTHOR' => $getdrafts3[$i]['author'], + 'ID' => $getdrafts3[$i]['id'])); + $i++; + } + } else if ($_GET['page'] == 'editDraft') + { + $getdraft = "SELECT * FROM drafts WHERE id = " . $_GET['id']; + $getdraft2 = mysql_query($getdraft); + $getdraft3 = mysql_fetch_array($getdraft2); + + if ($getdraft3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/editDraft'); + $template->add('ID', $_GET['id']); + $template->add('TEXT', $getdraft3['text']); + $template->add('TAG1', $getdraft3['tag1']); + $template->add('TAG2', $getdraft3['tag2']); + $template->add('TAG3', $getdraft3['tag3']); + $template->add('TITLE', $getdraft3['title']); + } else { + if ($_POST['type'] == 'draft') + { + $setdraft = "UPDATE drafts SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; + $setdraft2 = mysql_query($setdraft); + + $template = new FITemplate('admin/draftSuccess'); + $template->add('ID', $_GET['id']); + } else if ($_POST['type'] == 'instant') + { + postBlogPost($_POST['title'], sess_get('uname'), $_POST['tag1'], $_POST['tag2'], $_POST['tag3'], $_POST['text']); + + $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; + $deldraft2 = mysql_query($deldraft); + + $getpost = "SELECT * FROM updates ORDER BY id DESC LIMIT 0,1"; + $getpost2 = mysql_query($getpost); + $getpost3 = mysql_fetch_array($getpost2); + + $template = new FITemplate('admin/postSuccess'); + $template->add('ID', $getpost3['id']); + $template->add('CODED', $getpost3['slug']); + } else { + if ($_POST['type'] == 'normal') + { + $getpending = "SELECT * FROM pending ORDER BY id DESC LIMIT 0,1"; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + if (isset($getpending3['id']) === FALSE) + { + $id = 50; + } else { + $id = $getpending3['id']+1; + } + } else if ($_POST['type'] == 'priority') + { + $getpending = "SELECT * FROM pending ORDER BY id ASC LIMIT 0,1"; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + if (isset($getpending3['id']) === FALSE) + { + $id = 50; + } else { + $id = $getpending3['id']-1; + } + } else { + generateError(404); + } + + $inspending = "INSERT INTO pending (id,title,author,text,tag1,tag2,tag3,slug) VALUES (" . $id . ",\"" . addslashes($_POST['title']) . "\",\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\",\"" . $_POST['tag1'] . "\",\"" . $_POST['tag2'] . "\",\"" . $_POST['tag3'] . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; + $inspending2 = mysql_query($inspending); + + $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; + $deldraft2 = mysql_query($deldraft); + + $template = new FITemplate('admin/pendingSuccess'); + $template->add('ID', $id); + } + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that draft doesn\'t exist.'); + } + } else if ($_GET['page'] == 'deleteDraft') + { + $getdraft = "SELECT * FROM drafts WHERE id = " . $_GET['id']; + $getdraft2 = mysql_query($getdraft); + $getdraft3 = mysql_fetch_array($getdraft2); + + if ($getdraft3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/deleteDraft'); + $template->add('ID', $_GET['id']); + } else { + $deldraft = "DELETE FROM drafts WHERE id = " . $_GET['id']; + $deldraft2 = mysql_query($deldraft); + + $template = new FITemplate('admin/deletedDraft'); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that draft doesn\'t exist.'); + } + } else if ($_GET['page'] == 'viewDraft') + { + $getdraft = "SELECT * FROM drafts WHERE id = " . $_GET['id']; + $getdraft2 = mysql_query($getdraft); + $getdraft3 = mysql_fetch_array($getdraft2); + + if ($getdraft3['id'] == $_GET['id']) + { + $template = new FITemplate('post'); + $template->adds_block('INTERNAL',array('exi'=>1)); + $template->adds_block('POST', array( 'ID' => $getdraft3['id'], + 'YEARID' => ((date('Y')-2006) % 4), + 'DATE' => date('F dS Y \a\\t g:i:s a'), + 'MONTH' => date('M'), + 'DAY' => date('d'), + 'CODED' => $getdraft3['slug'], + 'TITLE' => $getdraft3['title'], + 'AUTHOR' => $getdraft3['author'], + 'TAG1' => $getdraft3['tag1'], + 'TAG2' => $getdraft3['tag2'], + 'TAG3' => $getdraft3['tag3'], + 'RATING' => 0, + 'TEXT' => parseBBCode($getdraft3['text']))); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that draft doesn\'t exist.'); + } + } else if ($_GET['page'] == 'managePending') + { + $template = new FITemplate('admin/managePending'); + + $getpending = "SELECT * FROM pending ORDER BY id ASC"; + $getpending2 = mysql_query($getpending); + $i=0; + while ($getpending3[$i] = mysql_fetch_array($getpending2)) + { + $template->adds_block('PENDING', array( 'TITLE' => $getpending3[$i]['title'], + 'AUTHOR' => $getpending3[$i]['author'], + 'ID' => $getpending3[$i]['id'])); + $i++; + } + } else if ($_GET['page'] == 'editPending') + { + $getpending = "SELECT * FROM pending WHERE id = " . $_GET['id']; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + + if ($getpending3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/editPending'); + $template->add('ID', $_GET['id']); + $template->add('TEXT', $getpending3['text']); + $template->add('TAG1', $getpending3['tag1']); + $template->add('TAG2', $getpending3['tag2']); + $template->add('TAG3', $getpending3['tag3']); + $template->add('TITLE', $getpending3['title']); + } else { + $setpending = "UPDATE pending SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; + $setpending2 = mysql_query($setpending); + + $template = new FITemplate('admin/pendingSuccess'); + $template->add('ID', $_GET['id']); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that pending post doesn\'t exist.'); + } + } else if ($_GET['page'] == 'deletePending') + { + $getpending = "SELECT * FROM pending WHERE id = " . $_GET['id']; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + + if ($getpending3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/deletePending'); + $template->add('ID', $_GET['id']); + } else { + $delpending = "DELETE FROM pending WHERE id = " . $_GET['id']; + $delpending2 = mysql_query($delpending); + + $template = new FITemplate('admin/deletedPending'); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that pending post doesn\'t exist.'); + } + } else if ($_GET['page'] == 'viewPending') + { + $getpending = "SELECT * FROM pending WHERE id = " . $_GET['id']; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + + if ($getpending3['id'] == $_GET['id']) + { + $template = new FITemplate('post'); + $template->adds_block('INTERNAL',array('exi'=>1)); + $template->adds_block('POST', array( 'ID' => $getpending3['id'], + 'YEARID' => ((date('Y')-2006) % 4), + 'DATE' => date('F dS Y \a\\t g:i:s a'), + 'MONTH' => date('M'), + 'DAY' => date('d'), + 'CODED' => $getpending3['slug'], + 'TITLE' => $getpending3['title'], + 'AUTHOR' => $getpending3['author'], + 'TAG1' => $getpending3['tag1'], + 'TAG2' => $getpending3['tag2'], + 'TAG3' => $getpending3['tag3'], + 'RATING' => 0, + 'TEXT' => parseBBCode($getpending3['text']))); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that pending post doesn\'t exist.'); + } + } else if ($_GET['page'] == 'managePosts') + { + $template = new FITemplate('admin/managePosts'); + + $getposts = "SELECT * FROM updates ORDER BY id ASC"; + $getposts2 = mysql_query($getposts); + $i=0; + while ($getposts3[$i] = mysql_fetch_array($getposts2)) + { + $template->adds_block('POST', array( 'TITLE' => $getposts3[$i]['title'], + 'AUTHOR' => $getposts3[$i]['author'], + 'ID' => $getposts3[$i]['id'], + 'CODED' => $getposts3[$i]['slug'])); + $i++; + } + } else if ($_GET['page'] == 'editPost') + { + $getpost = "SELECT * FROM updates WHERE id = " . $_GET['id']; + $getpost2 = mysql_query($getpost); + $getpost3 = mysql_fetch_array($getpost2); + + if ($getpost3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/editPost'); + $template->add('ID', $_GET['id']); + $template->add('TEXT', $getpost3['text']); + $template->add('TAG1', $getpost3['tag1']); + $template->add('TAG2', $getpost3['tag2']); + $template->add('TAG3', $getpost3['tag3']); + $template->add('TITLE', $getpost3['title']); + } else { + $setpost = "UPDATE updates SET title = \"" . addslashes($_POST['title']) . "\", text = \"" . addslashes($_POST['text']) . "\", tag1 = \"" . $_POST['tag1'] . "\", tag2 = \"" . $_POST['tag2'] . "\", tag3 = \"" . $_POST['tag3'] . "\" WHERE id = " . $_GET['id']; + $setpost2 = mysql_query($setpost); + + $template = new FITemplate('admin/postSuccess'); + $template->add('ID', $_GET['id']); + $template->add('CODED', $getpost3['slug']); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that post doesn\'t exist.'); + } + } else if ($_GET['page'] == 'deletePost') + { + $getpost = "SELECT * FROM updates WHERE id = " . $_GET['id']; + $getpost2 = mysql_query($getpost); + $getpost3 = mysql_fetch_array($getpost2); + + if ($getpost3['id'] == $_GET['id']) + { + if (!isset($_GET['submit'])) + { + $template = new FITemplate('admin/deletePost'); + $template->add('ID', $_GET['id']); + } else { + $delpost = "DELETE FROM updates WHERE id = " . $_GET['id']; + $delpost2 = mysql_query($delpost); + + $template = new FITemplate('admin/deletedPost'); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that post doesn\'t exist.'); + } + } else if ($_GET['page'] == 'moderateComments') + { + $template = new FITemplate('admin/moderateComments'); + + $getcomments = "SELECT * FROM moderation ORDER BY id ASC"; + $getcomments2 = mysql_query($getcomments); + $i=0; + while ($getcomments3[$i] = mysql_fetch_array($getcomments2)) + { + $comType = substr($getcomments3[$i]['page_id'],0,strpos($getcomments3[$i]['page_id'],'-')); + $comID = substr($getcomments3[$i]['page_id'],strpos($getcomments3[$i]['page_id'],'-')+1); + + if ($comType == 'updates') + { + $getpost = "SELECT * FROM updates WHERE id = " . $comID; + $getpost2 = mysql_query($getpost); + $getpost3 = mysql_fetch_array($getpost2); + $title = $getpost3['title']; + } else if ($comType = 'polloftheweek') + { + $getpoll = "SELECT * FROM polloftheweek WHERE id = " . $comID; + $getpoll2 = mysql_query($getpoll); + $getpoll3 = mysql_fetch_array($getpoll2); + $title = $getpoll3['question']; + } else if ($comType = 'quotes') + { + $getquote = "SELECT * FROM rash_quotes WHERE id = " . $comID; + $getquote2 = mysql_query($getquote); + $getquote3 = mysql_fetch_array($getquote2); + $title = '#' . $getquote3['id']; + } + + $template->adds_block('COMMENT', array( 'TITLE' => $title, + 'AUTHOR' => $getcomments3[$i]['author'], + 'ID' => $getcomments3[$i]['id'])); + $i++; + } + } else if ($_GET['page'] == 'viewComment') + { + $getcomment = "SELECT * FROM moderation WHERE id = " . $_GET['id']; + $getcomment2 = mysql_query($getcomment); + $getcomment3 = mysql_fetch_array($getcomment2); + + if ($getcomment3['id'] == $_GET['id']) + { + $getuser = "SELECT * FROM users WHERE username = \"" . $getcomment3['author'] . "\""; + $getuser2 = mysql_query($getuser); + $getuser3 = mysql_fetch_array($getuser2); + + $template = new FITemplate('admin/viewComment'); + $template->add('ID', $_GET['id']); + $template->add('USERNAME', $getcomment3['author']); + $template->add('CODEDEMAIL', md5(strtolower($getuser3['email']))); + $template->add('TEXT', parseBBCode($getcomment3['comment'])); + $template->add('DATE', date("F dS Y \a\\t g:i:s a",strtotime($getcomment3['pubDate']))); + $template->add('CODEDDEF',urlencode('http://www.fourisland.com/images/error404.png')); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that comment doesn\'t exist.'); + } + } else if ($_GET['page'] == 'actionComment') + { + $getcomment = "SELECT * FROM moderation WHERE id = " . $_GET['id']; + $getcomment2 = mysql_query($getcomment); + $getcomment3 = mysql_fetch_array($getcomment2); + + if ($getcomment3['id'] == $_GET['id']) + { + if (isset($_GET['approve'])) + { + $insanon = "INSERT INTO anon_commenters (username,email,website) VALUES (\"" . $getcomment3['author'] . "\",\"" . $getcomment3['email'] . "\",\"" . $getcomment3['website'] . "\")"; + $insanon2 = mysql_query($insanon); + + $inscomment = "INSERT INTO comments (page_id,username,comment) VALUES (\"" . $getcomment3['page_id'] . "\",\"" . $getcomment3['author'] . "\",\"" . $getcomment3['comment'] . "\")"; + $inscomment2 = mysql_query($inscomment); + + $delcomment = "DELETE FROM moderation WHERE id = " . $getcomment3['id']; + $delcomment2 = mysql_query($delcomment); + + $template = new FITemplate('msg'); + $template->add('BACK', 'Comment Moderation'); + $template->add('MSG', 'You\'ve successfully approved this comment.'); + } else if (isset($_GET['deny'])) + { + $delcomment = "DELETE FROM moderation WHERE id = " . $getcomment3['id']; + $delcomment2 = mysql_query($delcomment); + + $template = new FITemplate('msg'); + $template->add('BACK', 'Comment Moderation'); + $template->add('MSG', 'You\'ve successfully denied this comment.'); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', "Um, what on earth are you doing?"); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, that comment doesn\'t exist.'); + } + } else if ($_GET['page'] == 'managePages') + { + $template = new FITemplate('admin/managePages'); + + $getpages = "SELECT wiki_pages.*, wiki_revisions.author FROM wiki_pages, wiki_revisions WHERE wiki_revisions.id = wiki_pages.revision ORDER BY id ASC"; + $getpages2 = mysql_query($getpages); + $i=0; $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, but this page doesn\'t exist.'); + while ($getpages3[$i] = mysql_fetch_array($getpages2)) + { + $template->adds_block('PAGE', array( 'TITLE' => $getpages3[$i]['title'], + 'AUTHOR' => $getpages3[$i]['author'], + 'ID' => $getpages3[$i]['id'], + 'CODED' => $getpages3[$i]['slug'])); + $i++; + } + } else if ($_GET['page'] == 'pageHistory') + { + $getpage = "SELECT * FROM wiki_pages WHERE id = " . $_GET['id'] . " ORDER BY id ASC"; + $getpage2 = mysql_query($getpage); + $getpage3 = mysql_fetch_array($getpage2); + + if ($getpage3['id'] == $_GET['id']) + { + $template = new FITemplate('admin/pageHistory'); + + $getrev = "SELECT * FROM wiki_revisions WHERE id = " . $getpage3['revision']; + $getrev2 = mysql_query($getrev); + $getrev3 = mysql_fetch_array($getrev2); + + $template->adds_block('REV', array( 'AUTHOR' => $getrev3['author'], + 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getrev3['pubDate'])), + 'ID' => $getrev3['id'])); + + while ($getrev3['previous'] != 0) + { + $getrev = "SELECT * FROM wiki_revisions WHERE id = " . $getrev3['previous']; + $getrev2 = mysql_query($getrev); + $getrev3 = mysql_fetch_array($getrev2); + + $template->adds_block('REV', array( 'AUTHOR' => $getrev3['author'], + 'DATE' => date("F dS Y \a\\t g:i:s a",strtotime($getrev3['pubDate'])), + 'ID' => $getrev3['id'])); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, but this page doesn\'t exist.'); + } + } else if ($_GET['page'] == 'viewRevision') + { + $getrev = "SELECT * FROM wiki_revisions WHERE id = " . $_GET['id']; + $getrev2 = mysql_query($getrev); + $getrev3 = mysql_fetch_array($getrev2); + + if ($getrev3['id'] == $_GET['id']) + { + $template = new FITemplate('admin/viewRevision'); + $template->add('TEXT', $getrev3['text']); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, but this revision doesn\'t exist.'); + } + } else if ($_GET['page'] == 'pollProcess') + { + if (!isset($_GET['step'])) + { + $template = new FITemplate('admin/pollrss'); + } else if ($_GET['step'] == 2) + { + $insrss = "INSERT INTO pollrss (author,rss) VALUES (\"" . sess_get('uname') . "\",\"" . addslashes($_POST['text']) . "\")"; + $insrss2 = mysql_query($insrss); + + $template = new FITemplate('admin/newPoll'); + } else if ($_GET['step'] == 3) + { + $inspoll = "INSERT INTO polloftheweek (question,option1,option2,option3,option4) VALUES (\"" . addslashes($_POST['question']) . "\",\"" . $_POST['option1'] . "\",\"" . $_POST['option2'] . "\",\"" . $_POST['option3'] . "\",\"" . $_POST['option4'] . "\")"; + $inspoll2 = mysql_query($inspoll); + + $cleardid = "TRUNCATE TABLE didpollalready"; + $cleardid2 = mysql_query($cleardid); + + $template = new FITemplate('msg2'); + $template->add('BACK', 'Back to the Admin Panel'); + $template->add('LINK', '/admin/'); + $template->add('MSG', "You've successfully created a poll!"); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', "Um, what on earth are you doing?"); + } + } else if ($_GET['page'] == 'managePendingQuotes') + { + $template = new FITemplate('admin/managePendingQuotes'); + + $getpending = "SELECT * FROM rash_queue ORDER BY id ASC"; + $getpending2 = mysql_query($getpending); + $i=0; + while ($getpending3[$i] = mysql_fetch_array($getpending2)) + { + $template->adds_block('QUOTE', array( 'ID' => $getpending3[$i]['id'], + 'TEXT' => $getpending3[$i]['quote'])); + $i++; + } + } else if ($_GET['page'] == 'actionPendingQuotes') + { + $getpending = "SELECT * FROM rash_queue WHERE id = " . $_GET['id']; + $getpending2 = mysql_query($getpending); + $getpending3 = mysql_fetch_array($getpending2); + + if ($getpending3['id'] == $_GET['id']) + { + if (isset($_GET['approve'])) + { + $insquote = "INSERT INTO rash_quotes (quote) VALUES (\"" . addslashes($getpending3['quote']) . "\")"; + $insquote2 = mysql_query($insquote); + + $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; + $delpending2 = mysql_query($delpending); + + $template = new FITemplate('msg2'); + $template->add('BACK', 'Back to the Admin Panel'); + $template->add('LINK', '/admin/'); + $template->add('MSG', "You've successfully approved this quote."); + } else if (isset($_GET['deny'])) + { + $delpending = "DELETE FROM rash_queue WHERE id = " . $_GET['id']; + $delpending2 = mysql_query($delpending); + + $template = new FITemplate('msg2'); + $template->add('BACK', 'Back to the Admin Panel'); + $template->add('LINK', '/admin/'); + $template->add('MSG', "You've successfully denied this quote."); + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', "Um, what on earth are you doing?"); + } + } else { + $template = new FITemplate('msg'); + $template->add('BACK', 'the previous page'); + $template->add('MSG', 'I\'m sorry, but this pending quote doesn\'t exist.'); + } + } else { + generateError(404); + } + @$template->display(); + } else { + generateError(404); + } +} else { + generateError(404); +} + +?> -- cgit 1.4.1