Bad command '$op'!\n"); html_footer(); exit(); } if (($op == 'D' || $op == 'M') && !$id) { html_header("Article Error"); print("

Command '$op' requires an ID!\n"); html_footer(); exit(); } if ($op == 'B' && $LOGIN_LEVEL < AUTH_DEVEL) { html_header("Article Error"); print("

You don't have permission to use command '$op'!\n"); html_footer(); exit(); } if (($op == 'D' || $op == 'M') && $LOGIN_LEVEL < AUTH_DEVEL) { $result = db_query("SELECT * FROM article WHERE id = $id"); if (db_count($result) != 1) { db_free($result); html_header("Article Error"); print("

Article #$id does not exist!\n"); html_footer(); exit(); } $row = db_next($result); if ($row['create_user'] != $LOGIN_USER && $row['create_user'] != $LOGIN_EMAIL) { db_free($result); html_header("Article Error"); print("

You don't have permission to use command '$op'!\n"); html_footer(); exit(); } db_free($result); } if ($op == 'N' && $id) { html_header("Article Error"); print("

Command '$op' may not have an ID!\n"); html_footer(); exit(); } for ($i = 1; $i < $argc; $i ++) { $option = substr($argv[$i], 1); switch ($argv[$i][0]) { case 'Q' : // Set search text $search = $option; $i ++; while ($i < $argc) { $search .= " $argv[$i]"; $i ++; } break; case 'I' : // Set first STR $index = (int)$option; if ($index < 0) $index = 0; break; default : html_header("Article Error"); print("

Bad option '$argv[$i]'!

\n"); html_footer(); exit(); break; } } } else { $op = 'L'; $id = 0; } if ($REQUEST_METHOD == "POST") { if (array_key_exists("SEARCH", $_POST)) $search = $_POST["SEARCH"]; } $options = "+I$index+Q" . urlencode($search); switch ($op) { case 'B' : // Batch update selected articles if ($REQUEST_METHOD != "POST") { header("Location: $PHP_SELF?L$options"); break; } if (array_key_exists("IS_PUBLISHED", $_POST) && $_POST["IS_PUBLISHED"] != "") { $modify_date = time(); $modify_user = db_escape($LOGIN_USER); $is_published = (int)$_POST["IS_PUBLISHED"]; $query = "is_published = $is_published, modify_date = $modify_date, " ."modify_user = '$modify_user'"; db_query("BEGIN TRANSACTION"); reset($_POST); while (list($key, $val) = each($_POST)) if (substr($key, 0, 3) == "ID_") { $id = (int)substr($key, 3); db_query("UPDATE article SET $query WHERE id = $id"); } db_query("COMMIT TRANSACTION"); } header("Location: $PHP_SELF?L$options"); break; case 'D' : // Delete Article if ($REQUEST_METHOD == "POST") { db_query("DELETE FROM article WHERE id = $id"); header("Location: $PHP_SELF?L$options"); } else { $result = db_query("SELECT * FROM article WHERE id = $id"); if (db_count($result) != 1) { print("

Error: Article #$id was not found!

\n"); html_footer(); exit(); } $row = db_next($result); html_header("Delete Article #$id"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_link("View Article #$id", "$PHP_SELF?L$id$options"); html_link("Modify Article #$id", "$PHP_SELF?M$id$options"); html_end_links(); print("

Delete Article #$id

\n"); print("
" ."

\n"); if (!$row['is_published']) print("\n"); $temp = htmlspecialchars($row["title"]); print("\n"); $temp = htmlspecialchars($row["abstract"]); print("\n"); $temp = fomat_text($row["contents"]); print("\n"); print("\n"); print("
This article is " ."currently hidden from public view.
Title:$temp
Abstract:$temp
Contents:$temp
" ."

\n"); html_footer(); } break; case 'L' : // List (all) Article(s) if ($id) { $result = db_query("SELECT * FROM article WHERE id = $id"); if (db_count($result) != 1) { html_header("Article Error"); print("

Error: Article #$id was not found!

\n"); html_footer(); exit(); } $row = db_next($result); $title = htmlspecialchars($row['title']); $abstract = htmlspecialchars($row['abstract']); $contents = format_text($row['contents']); $create_user = sanitize_email($row['create_user']); $date = date("H:i M d, Y", $row['modify_date']); html_header("Article #$id: $title"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_link("Show Comments", "#_USER_COMMENTS"); html_link("Submit Comment", "comment.php?r0+particles.php_L$id"); if ($LOGIN_LEVEL >= AUTH_DEVEL || $row['create_user'] == $LOGIN_USER) { html_link("Modify Article", "$PHP_SELF?M$id$options"); html_link("Delete Article", "$PHP_SELF?D$id$options"); } html_end_links(); if (!$row['is_published']) print("

This article is currently hidden from " ."public view.

\n"); print("

Article #$id: $title

\n" ."

$date by $create_user
$abstract

\n" ."
\n" ."$contents\n" ."
\n" ."

Comments

\n"); html_start_links(); html_link("Submit Comment", "comment.php?r0+particles.php_L$id"); html_end_links(); show_comments("articles.php_L$id"); db_free($result); } else { html_header("Articles"); html_start_links(1); html_link("Submit Article", "$PHP_SELF?N$options"); html_end_links(); print("

Articles

\n"); print("

" ."Search Words:  " ."

\n"); print("
\n"); $query = ""; $prefix = "WHERE "; if ($LOGIN_LEVEL < AUTH_DEVEL) { $query .= "${prefix}(is_published = 1 OR create_user = '" . db_escape($LOGIN_USER) . "')"; $prefix = " AND "; } if ($search) { $search_string = str_replace("'", " ", $search); $search_string = str_replace("\"", " ", $search_string); $search_string = str_replace("\\", " ", $search_string); $search_string = str_replace("%20", " ", $search_string); $search_string = str_replace("%27", " ", $search_string); $search_string = str_replace(" ", " ", $search_string); $search_words = explode(' ', $search_string); // Loop through the array of words, adding them to the $query .= "${prefix}("; $prefix = ""; $next = " OR"; $logic = ""; reset($search_words); while ($keyword = current($search_words)) { next($search_words); $keyword = db_escape(ltrim(rtrim($keyword))); if (strcasecmp($keyword, 'or') == 0) { $next = ' OR'; if ($prefix != '') $prefix = ' OR'; } else if (strcasecmp($keyword, 'and') == 0) { $next = ' AND'; if ($prefix != '') $prefix = ' AND'; } else if (strcasecmp($keyword, 'not') == 0) { $logic = ' NOT'; } else { if ($keyword == (int)$keyword) $idsearch = " OR id = " . (int)$keyword; else $idsearch = ""; $query .= "$prefix$logic (title LIKE \"%$keyword%\"$idsearch" ." OR abstract LIKE \"%$keyword%\"" ." OR contents LIKE \"%$keyword%\")"; $prefix = $next; $logic = ''; } } $query .= ")"; } $result = db_query("SELECT * FROM article $query " ."ORDER BY modify_date DESC"); $count = db_count($result); if ($count == 0) { print("

No Articles found.

\n"); html_footer(); exit(); } if ($index >= $count) $index = $count - ($count % $PAGE_MAX); if ($index < 0) $index = 0; $start = $index + 1; $end = $index + $PAGE_MAX; if ($end > $count) $end = $count; $prev = $index - $PAGE_MAX; if ($prev < 0) $prev = 0; $next = $index + $PAGE_MAX; print("

$count article(s) found, showing $start to $end:

\n"); if ($LOGIN_LEVEL >= AUTH_DEVEL) print("
\n"); if ($count > $PAGE_MAX) { print("

\n"); print("\n"); print("
"); if ($index > 0) print("[ Previous $PAGE_MAX ]"); print(""); if ($end < $count) { $next_count = min($PAGE_MAX, $count - $end); print("[ Next $next_count ]"); } print("

\n"); } html_start_table(array("ID","Title","Last Modified", "Comment(s)")); db_seek($result, $index); for ($i = 0; $i < $PAGE_MAX && $row = db_next($result); $i ++) { html_start_row(); $id = $row['id']; $link = ""; print(""); if ($LOGIN_LEVEL >= AUTH_DEVEL) print(""); print("$link$id"); $temp = htmlspecialchars($row['title']); if ($row['is_published'] == 0) $temp .= " Private"; print("$link$temp"); $temp = date("M d, Y", $row['modify_date']); print("$link$temp"); $ccount = count_comments("articles.php_L$id"); print("$link$ccount"); html_end_row(); html_start_row(); $temp = htmlspecialchars($row['abstract']); print("$temp"); html_end_row(); } if ($LOGIN_LEVEL > 0) { html_start_row("header"); print(" 
Published: "); select_is_published(); print("\n"); html_end_row(); } html_end_table(); if ($count > $PAGE_MAX) { print("

\n"); print("\n"); print("
"); if ($index > 0) print("[ Previous $PAGE_MAX ]"); print(""); if ($end < $count) { $next_count = min($PAGE_MAX, $count - $end); print("[ Next $next_count ]"); } print("

\n"); } print("

private = hidden from public view

\n"); } html_footer(); break; case 'M' : // Modify Article if ($REQUEST_METHOD == "POST") { if ($LOGIN_LEVEL < AUTH_DEVEL) $is_published = 0; else if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 0; if (array_key_exists("TITLE", $_POST)) $title = $_POST["TITLE"]; else $title = ""; if (array_key_exists("ABSTRACT", $_POST)) $abstract = $_POST["ABSTRACT"]; else $abstract = ""; if (array_key_exists("CONTENTS", $_POST)) $contents = $_POST["CONTENTS"]; else $contents = ""; if (($is_published == 0 || $LOGIN_LEVEL >= AUTH_DEVEL) && $title != "" && $abstract != "" && $contents != "") $havedata = 1; else $havedata = 0; } else { $result = db_query("SELECT * FROM article WHERE id = $id"); if (db_count($result) != 1) { print("

Error: Article #$id was not found!

\n"); html_footer(); exit(); } $row = db_next($result); $is_published = $row["is_published"]; $title = $row["title"]; $abstract = $row["abstract"]; $contents = $row["contents"]; db_free($row); $havedata = 0; } if ($havedata) { $title = db_escape($title); $abstract = db_escape($abstract); $contents = db_escape($contents); $modify_date = time(); db_query("UPDATE article SET " ."is_published = $is_published, " ."title = '$title', " ."abstract = '$abstract', " ."contents = '$contents', " ."modify_date = $modify_date, " ."modify_user = '$LOGIN_USER' " ."WHERE id = $id"); if (!$is_published) notify_users($id, "modified"); header("Location: $PHP_SELF?L$id$options"); } else { html_header("Modify Article #$id"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_link("Article #$id", "$PHP_SELF?L$id$options"); html_end_links(); print("

Modify Article #$id

\n"); if ($REQUEST_METHOD == "POST") { print("

Error: Please fill in the fields marked in " ."bold red below and resubmit " ."your article.

\n"); $hstart = ""; $hend = ""; } else { $hstart = ""; $hend = ""; } print("" ."

\n"); if ($LOGIN_LEVEL >= AUTH_DEVEL) { print("\n"); } else print("\n"); $title = htmlspecialchars($title, ENT_QUOTES); if ($title == "") print(""); else print(""); print("\n"); $abstract = htmlspecialchars($abstract, ENT_QUOTES); if ($abstract == "") print(""); else print(""); print("\n"); $contents = htmlspecialchars($contents, ENT_QUOTES); if ($contents == "") print(""); else print(""); print("\n"); print("\n"); print("
Published:"); select_is_published($is_published); print("
${hstart}Title:${hend}
Title:
${hstart}Abstract:${hend}
Abstract:
${hstart}Contents:${hend}
Contents:\n" ."

The contents of the article may contain the following " ."HTML elements: A, B, BLOCKQUOTE, " ."CODE, EM, H1, H2, " ."H3, H4, H5, H6, I, " ."IMG, LI, OL, P, PRE, " ."TT, U, UL

" ."

\n"); html_footer(); } break; case 'N' : // Post new Article if ($REQUEST_METHOD == "POST") { if ($LOGIN_LEVEL < AUTH_DEVEL) $is_published = 0; else if (array_key_exists("IS_PUBLISHED", $_POST)) $is_published = (int)$_POST["IS_PUBLISHED"]; else $is_published = 0; if (array_key_exists("TITLE", $_POST)) $title = $_POST["TITLE"]; else $title = ""; if (array_key_exists("ABSTRACT", $_POST)) $abstract = $_POST["ABSTRACT"]; else $abstract = ""; if (array_key_exists("CONTENTS", $_POST)) $contents = $_POST["CONTENTS"]; else $contents = ""; if ($LOGIN_USER != "" && $LOGIN_LEVEL < AUTH_DEVEL) $create_user = $LOGIN_USER; else if (array_key_exists("CREATE_USER", $_POST)) $create_user = $_POST["CREATE_USER"]; else $create_user = ""; if (($is_published == 0 || $LOGIN_LEVEL >= AUTH_DEVEL) && $title != "" && $abstract != "" && $contents != "" && $create_user != "") $havedata = 1; else $havedata = 0; } else { $is_published = 0; $title = ""; $abstract = ""; $contents = ""; if ($LOGIN_USER != "") $create_user = $LOGIN_USER; else if (array_key_exists("FROM", $_COOKIE)) $create_user = $_COOKIE["FROM"]; else $create_user = ""; $havedata = 0; } if ($havedata) { $title = db_escape($title); $abstract = db_escape($abstract); $contents = db_escape($contents); $create_date = time(); $create_user = db_escape($create_user); db_query("INSERT INTO article VALUES(NULL," ."$is_published,'$title','$abstract','$contents'," ."$create_date,'$create_user',$create_date,'$create_user')"); $id = db_insert_id(); if (!$is_published) notify_users($id); header("Location: $PHP_SELF?L$id$options"); break; } html_header("Submit Article"); html_start_links(1); html_link("Return to Articles", "$PHP_SELF?L$options"); html_end_links(); print("

Submit Article

\n"); if ($REQUEST_METHOD == "POST") { print("

Error: Please fill in the fields marked in " ."bold red below and resubmit " ."your article.

\n"); $hstart = ""; $hend = ""; } else { print("

Please use this form to post announcements, how-to's, " ."examples, and case studies showing how you use $PROJECT_NAME. " ."We will proofread your article, and if we determine it is " ."appropriate for the site, we will make the article public " ."on the site. Thank you for supporting $PROJECT_NAME!

\n" ."
\n"); $hstart = ""; $hend = ""; } print("
" ."

\n"); if ($LOGIN_LEVEL >= AUTH_DEVEL) { print("\n"); } else print("\n"); $title = htmlspecialchars($title, ENT_QUOTES); if ($title == "") print(""); else print(""); print("\n"); $abstract = htmlspecialchars($abstract, ENT_QUOTES); if ($abstract == "") print(""); else print(""); print("\n"); $create_user = htmlspecialchars($create_user, ENT_QUOTES); if ($create_user == "") print(""); else print(""); if ($LOGIN_USER != "" && $LOGIN_LEVEL < AUTH_DEVEL) print("\n"); else print("\n"); $contents = htmlspecialchars($contents, ENT_QUOTES); if ($contents == "") print(""); else print(""); print("\n"); print("\n"); print("
Published:"); select_is_published($is_published); print("
${hstart}Title:${hend}
Title:
${hstart}Abstract:${hend}
Abstract:
${hstart}Author:${hend}
Author:$create_user
${hstart}Contents:${hend}
Contents:\n" ."

The contents of the article may contain the following " ."HTML elements: A, B, BLOCKQUOTE, " ."CODE, EM, H1, H2, " ."H3, H4, H5, H6, I, " ."IMG, LI, OL, P, PRE, " ."TT, U, UL

" ."

\n"); html_footer(); break; } // // End of "$Id: articles.php,v 1.11 2004/05/20 21:37:57 mike Exp $". // ?>