1 |
<?php |
2 |
# ---KLUDGE-BEGIN--- |
3 |
function ss(&$i, $k) { |
4 |
if (is_array($i)) array_walk($i, "ss"); |
5 |
if (!is_string($i)) return; |
6 |
$i = stripslashes($i); |
7 |
if ($k) { global $$k; $$k = stripslashes($$k); } |
8 |
} |
9 |
$ss = array("HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_POST_FILES"); |
10 |
while (list($key, $val) = each($ss)) array_walk($$val, "ss"); |
11 |
# ---KLUDGE-END--- |
12 |
$phptmp = "^php"; |
13 |
function sql($sql) { |
14 |
# echo "<TT><B>[SQL]</B> $sql<BR>\n"; |
15 |
} |
16 |
function newsEdit($art, $trigger = "") { |
17 |
global $phptmp, $picdir, $syspicdir, $section, $dbh, $tpl; |
18 |
global $ed_id, $ed_cat; |
19 |
$i = 1; |
20 |
global $ed_delete_main, $ed_del_main; |
21 |
$delete_main = $ed_delete_main; |
22 |
$del_main = $ed_del_main; |
23 |
global $ed_clear_main, $ed_clr_main; |
24 |
$clear_main = $ed_clear_main; |
25 |
$clr_main = $ed_clr_main; |
26 |
global $ed_titlepic_url, $ed_titlepic_url2, $ed_titlepic_name; |
27 |
$titlepic_url = $ed_titlepic_url; |
28 |
$titlepic_url2 = $ed_titlepic_url2; |
29 |
$titlepic_name = $ed_titlepic_name; |
30 |
if ($titlepic_url == "none") $titlepic_url = ""; |
31 |
while (true) { |
32 |
global ${"ed_text_id_".$i}; |
33 |
if (!isset(${"ed_text_id_".$i})) break; |
34 |
global ${"ed_delete_".$i}, ${"ed_del_".$i}; |
35 |
${"delete_".$i} = ${"ed_delete_".$i}; |
36 |
${"del_".$i} = ${"ed_del_".$i}; |
37 |
global ${"ed_clear_".$i}, ${"ed_clr_".$i}; |
38 |
${"clear_".$i} = ${"ed_clear_".$i}; |
39 |
${"clr_".$i} = ${"ed_clr_".$i}; |
40 |
global ${"ed_textpic_url_".$i}, |
41 |
${"ed_textpic_url2_".$i}, ${"ed_textpic_name_".$i}; |
42 |
${"textpic_url_".$i} = ${"ed_textpic_url_".$i}; |
43 |
${"textpic_url2_".$i} = ${"ed_textpic_url2_".$i}; |
44 |
${"textpic_name_".$i} = ${"ed_textpic_name_".$i}; |
45 |
if (${"textpic_url_".$i} == "none") ${"textpic_url_".$i} = ""; |
46 |
$i++; |
47 |
} |
48 |
global $cancel, $save; |
49 |
if ($cancel || $save) { |
50 |
if ($save) { |
51 |
// Move temp pics & save article. |
52 |
if (ereg("$phptmp", $titlepic_url2) && $ed_id > 0) { |
53 |
$sql = "SELECT title_pic FROM news WHERE (news_id = $ed_id)"; |
54 |
sql($sql); |
55 |
$sth = $dbh->prepare($sql); |
56 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
57 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
58 |
$row = $sth->fetchrow_array(); |
59 |
$sth->finish(); |
60 |
$row = array_shift($row); |
61 |
if ($row) MyDelete($syspicdir."/".$row); |
62 |
} |
63 |
global $ed_title, $ed_lead, $ed_titlepic_alt, |
64 |
$ed_titlepic_pos, $ed_more, $ed_cat; |
65 |
$ed_title = MyQuote($ed_title); |
66 |
$ed_lead = MyQuote($ed_lead); |
67 |
$ed_titlepic_nm = MyQuote(basename($titlepic_name)); |
68 |
$ed_titlepic_alt = MyQuote($ed_titlepic_alt); |
69 |
$ed_more = MyQuote($ed_more); |
70 |
if (!$ed_titlepic_pos) $ed_titlepic_pos = 0; |
71 |
if ($ed_id > 0) { |
72 |
$sql = "UPDATE news SET category = '$ed_cat', title = $ed_title, lead = $ed_lead, title_pic = $ed_titlepic_nm, title_alt = $ed_titlepic_alt, title_pos = $ed_titlepic_pos, url = $ed_more, date = CURRENT_TIMESTAMP WHERE (news_id = $ed_id)"; |
73 |
sql($sql); |
74 |
$dbh->dbh_do($sql); |
75 |
} else { |
76 |
$sql = "INSERT INTO news (category, title, lead, title_pic, title_alt, title_pos, url, date) VALUES ('$ed_cat', $ed_title, $ed_lead, $ed_titlepic_nm, $ed_titlepic_alt, $ed_titlepic_pos, $ed_more, CURRENT_TIMESTAMP)"; |
77 |
sql($sql); |
78 |
$dbh->dbh_do($sql); |
79 |
$sql = "SELECT news_id FROM news WHERE (title = $ed_title)"; |
80 |
sql($sql); |
81 |
$sth = $dbh->prepare($sql); |
82 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
83 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
84 |
$rows = array(); |
85 |
while ($row = $sth->fetchrow_array()) array_push($rows, $row); |
86 |
$sth->finish(); |
87 |
$row = array_pop($rows); |
88 |
if (is_array($row)) $row = array_shift($row); |
89 |
if ($row) $ed_id = $row; |
90 |
} |
91 |
if ($titlepic_url2) MyMove("$syspicdir/$titlepic_url2", "$syspicdir/$titlepic_name"); |
92 |
$i = 1; |
93 |
while ($ed_id > 0 && isset(${"ed_text_id_".$i})) { |
94 |
global ${"ed_text_title_".$i}, ${"ed_text_".$i}, |
95 |
${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i}, |
96 |
${"ed_text_level_".$i}; |
97 |
list($id, $tit, $txt, $pic, $orig, $alt, $pos, $del, $lev) = array( |
98 |
${"ed_text_id_".$i}, ${"ed_text_title_".$i}, |
99 |
${"ed_text_".$i}, ${"textpic_url2_".$i}, ${"textpic_name_".$i}, |
100 |
${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i}, |
101 |
${"del_".$i}, ${"ed_text_level_".$i}); |
102 |
$tit = MyQuote($tit); |
103 |
$txt = MyQuote($txt); |
104 |
$orig = basename($orig); |
105 |
$org = MyQuote($orig); |
106 |
$alt = MyQuote($alt); |
107 |
if (!$pos) $pos = 0; |
108 |
if ($id && $id > 0) { |
109 |
if ($del || !$orig) { |
110 |
$sql = "SELECT pic FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)"; |
111 |
sql($sql); |
112 |
$sth = $dbh->prepare($sql); |
113 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
114 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
115 |
while ($row = $sth->fetchrow_array()) { |
116 |
list($pic) = $row; |
117 |
MyDelete($syspicdir."/".$pic); |
118 |
} |
119 |
$sth->finish(); |
120 |
} |
121 |
if ($del) $sql = "DELETE FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)"; |
122 |
else $sql = "UPDATE paragraphs SET title = $tit, level = $lev, text = $txt, pic = $org, alt = $alt, pos = $pos WHERE (news_id = $ed_id) AND (paragraph_id = $id)"; |
123 |
sql($sql); |
124 |
$dbh->dbh_do($sql); |
125 |
} else if (!$del) { |
126 |
$sql = "INSERT INTO paragraphs (news_id, title, level, text, pic, alt, pos) VALUES ($ed_id, $tit, $lev, $txt, $org, $alt, $pos)"; |
127 |
sql($sql); |
128 |
$dbh->dbh_do($sql); |
129 |
$sql = "SELECT paragraph_id FROM paragraphs WHERE (text = $txt)"; |
130 |
sql($sql); |
131 |
$sth = $dbh->prepare($sql); |
132 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
133 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
134 |
$rows = array(); |
135 |
while ($row = $sth->fetchrow_array()) array_push($rows, $row); |
136 |
$sth->finish(); |
137 |
$row = array_pop($rows); |
138 |
if (is_array($row)) $row = array_shift($row); |
139 |
$id = $row; |
140 |
} |
141 |
if ($pic) MyMove("$syspicdir/$pic", "$syspicdir/$orig"); |
142 |
$i++; |
143 |
} |
144 |
} else { |
145 |
// Delete temp pics. |
146 |
if (ereg("$phptmp", $titlepic_url2)) |
147 |
MyDelete($syspicdir."/".$titlepic_url2); |
148 |
$i = 1; |
149 |
while (isset(${"ed_textpic_id_".$i})) { |
150 |
$tmp = ${"textpic_url2_".$i}; |
151 |
if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); |
152 |
$i++; |
153 |
} |
154 |
} |
155 |
if (!isset($art["limit"])) $art["limit"] = 1; |
156 |
if (!isset($art["npar"])) $art["npar"] = 1; |
157 |
return array_shift(newsLoad($ed_id, $ed_cat, |
158 |
$art["limit"], $art["offset"], $art["npar"])); |
159 |
} |
160 |
// Handle temp pic upload. |
161 |
global $HTTP_POST_FILES; |
162 |
while (list($key, $val) = each($HTTP_POST_FILES)) { |
163 |
list($name, $type, $tname, $size) = array( |
164 |
$val["name"], $val["type"], |
165 |
$val["tmp_name"], $val["size"]); |
166 |
if ($size <= 0) continue; |
167 |
if (!$name) continue; |
168 |
if ($tname == "none") continue; |
169 |
$nm = basename($tname); |
170 |
$ext = ereg_replace('^.*(\..+)$', '\1', $name); |
171 |
move_uploaded_file($tname, $syspicdir."/".$nm.$ext); |
172 |
if ($key == "ed_titlepic_url") { |
173 |
$titlepic_url = $nm.$ext; |
174 |
$titlepic_name = $name; |
175 |
$u = $titlepic_url2; |
176 |
if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u); |
177 |
unset($clear_main, $clr_main); |
178 |
} else if (ereg("^ed_textpic_url_([1-9][0-9]*)$", $key, $regs)) { |
179 |
$n = $regs[1]; |
180 |
${"textpic_url_".$n} = $nm.$ext; |
181 |
${"textpic_name_".$n} = $name; |
182 |
$u = ${"textpic_url2_".$n}; |
183 |
if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u2); |
184 |
unset(${"clear_".$n}, ${"clr_".$n}); |
185 |
} else { |
186 |
// [?!?] |
187 |
} |
188 |
} |
189 |
// ----- |
190 |
$tp = new Smarty(); |
191 |
// ----- |
192 |
$categories = array(); |
193 |
$sql = "SELECT cat_id, text FROM news_categories ORDER BY text"; |
194 |
sql($sql); |
195 |
$sth = $dbh->prepare($sql); |
196 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
197 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
198 |
while ($row = $sth->fetchrow_array()) array_push($categories, array("id" => $row[0], "txt" => $row[1])); |
199 |
$sth->finish(); |
200 |
$tp->assign("categories", $categories); |
201 |
// ----- |
202 |
$levels = array(); |
203 |
$sql = "SELECT level_id, class, name FROM par_levels ORDER BY name"; |
204 |
sql($sql); |
205 |
$sth = $dbh->prepare($sql); |
206 |
if (!$sth) error("Cannot prepare query: \"$sql\""); |
207 |
if (!$sth->execute()) error("Cannot execute query: \"$sql\""); |
208 |
while ($row = $sth->fetchrow_array()) array_push($levels, array("id" => $row[0], "class" => $row[1], "name" => $row[2])); |
209 |
$sth->finish(); |
210 |
$tp->assign("levels", $levels); |
211 |
// ----- |
212 |
global $ed_id, $ed_title, $ed_lead, $ed_titlepic_pos, |
213 |
$ed_titlepic_alt, $ed_cat, $ed_more; |
214 |
global $ed_edit, $ed_preview, $preview, $add; |
215 |
if (!$ed_preview) $ed_preview = ($preview ? true : false); |
216 |
if ($ed_edit) $ed_preview = false; |
217 |
global $HTTP_POST_VARS, $HTTP_GET_VARS; |
218 |
$delete = count(preg_grep('/^ed_delete_[0-9]+$/', |
219 |
array_keys(array_merge($HTTP_GET_VARS, |
220 |
$HTTP_POST_VARS)))) > 0; |
221 |
$clear = (count(preg_grep('/^ed_clear_(main|[0-9]+)$/', |
222 |
array_keys(array_merge($HTTP_GET_VARS, |
223 |
$HTTP_POST_VARS)))) > 0); |
224 |
$ed_pgfs = array(); |
225 |
$ed_warning = 0; |
226 |
if ($ed_edit || $ed_preview || $add || $delete || $clear) { |
227 |
global $ed_title, $ed_lead, $ed_titlepic_pos, |
228 |
$ed_titlepic_alt, $ed_cat, $ed_more; |
229 |
if (!$HTTP_POST_FILES["ed_titlepic_url"]["name"]) $titlepic_url = ""; |
230 |
if (!$titlepic_url) $titlepic_url = $titlepic_url2; |
231 |
if (!$titlepic_url && !($clear_main || $clr_main)) |
232 |
$titlepic_url = $art["pic_url"]; |
233 |
list($width, $height) = PicSize($titlepic_url); |
234 |
global $ed_title_force; |
235 |
if ($titlepic_url && !$ed_titlepic_pos && !$ed_title_force) $ed_warning = 2; |
236 |
$i = 1; |
237 |
while (isset(${"ed_text_id_".$i})) { |
238 |
$id = ${"ed_text_id_".$i}; |
239 |
global ${"ed_text_".$i}, ${"ed_text_title_".$i}, |
240 |
${"ed_text_level_".$i}, ${"ed_textpic_alt_".$i}, |
241 |
${"ed_textpic_pos_".$i}; |
242 |
$pic_url = ($HTTP_POST_FILES["ed_textpic_url_".$i]["name"]) ? |
243 |
${"textpic_url_".$i} : ""; |
244 |
if (!$pic_url) $pic_url = ${"textpic_url2_".$i}; |
245 |
$tmp = ""; |
246 |
for ($j = 0; $j < count($art["text"]); $j++) |
247 |
if ($art["text"][$j]["id"] == $id) $tmp = $art["text"][$j]["pic"]; |
248 |
if (!$pic_url && $tmp && !(${"clear_".$i} || ${"clr_".$i})) $pic_url = $tmp; |
249 |
$level = ${"ed_text_level_".$i}; |
250 |
$class = ""; |
251 |
while (list($key, $val) = each($levels)) |
252 |
if ($val["id"] == $level) $class = $val["class"]; |
253 |
array_push($ed_pgfs, array($id, |
254 |
${"ed_text_".$i}, ${"ed_text_title_".$i}, |
255 |
$level, $class, $pic_url, ${"textpic_name_".$i}, |
256 |
${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i}, |
257 |
false)); |
258 |
$i++; |
259 |
} |
260 |
} else { |
261 |
list($ed_title, $ed_lead, $ed_titlepic_pos, $titlepic_url, |
262 |
$titlepic_url2, $titlepic_name, $ed_titlepic_alt, |
263 |
$ed_cat, $ed_more, $width, $height) = array($art["title"], |
264 |
$art["lead"], $art["pic_pos"], $art["pic_url"], |
265 |
$art["pic_url"], $art["pic_url"], $art["pic_alt"], |
266 |
$art["category"], $art["more"], $art["pic_w"], $art["pic_h"]); |
267 |
while ($art["text"] && list($id, $val) = each($art["text"])) { |
268 |
list($id, $txt, $title, $lev, $cls, $pic, $alt, $pos, $w, $h) = array( |
269 |
$val["id"], $val["text"], $val["title"], $val["level"], |
270 |
$val["class"], $val["pic"], $val["alt"], $val["pos"], |
271 |
$val["w"], $val["h"]); |
272 |
array_push($ed_pgfs, array($id, $txt, $title, $lev, $cls, $pic, $pic, $alt, |
273 |
$pos, $w, $h, false)); |
274 |
} |
275 |
$ed_id = $art["id"]; |
276 |
if (!$ed_id) $ed_id = -1; |
277 |
} |
278 |
if ($add) { |
279 |
global $add_num; |
280 |
for ($i = 0; $i < intval($add_num); $i++) |
281 |
array_push($ed_pgfs, array(-1, "", "", -1, "", "", "", "", 0, 0, 0, true)); |
282 |
} |
283 |
$ed_empty = ($ed_title || $ed_lead || $ed_titlepic_pos || $ed_more) ? false : true; |
284 |
$ed_text = array(); |
285 |
$ed_records = array(); |
286 |
$ed_warnings = ($ed_warning ? true : false); |
287 |
$i = 1; |
288 |
while (list($key, $val) = each($ed_pgfs)) { |
289 |
list($id, $txt, $tit, $lev, $cls, $pic, $name, $alt, $pos, $w, $h, $new) = $val; |
290 |
$del = ((${"delete_".$i} || ${"del_".$i}) ? true : false); |
291 |
array_push($ed_records, array("val" => $del, "id" => $id)); |
292 |
if ($del) { $i++; continue; } |
293 |
$picurl = ${"textpic_url_".$id}; |
294 |
if (!$picurl) $picurl = $pic; |
295 |
$class = ""; |
296 |
while (list($key, $val) = each($levels)) |
297 |
if ($val["id"] == $lev) $class = $val["class"]; |
298 |
if ((${"clear_".$i} || ${"clr_".$i}) && $ed_preview && (${"textpic_name_".$i} != ${"textpic_url2_".$i})) { |
299 |
$tmp = ${"textpic_url2_".$i}; |
300 |
if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp); |
301 |
$picurl = ${"textpic_url_".$i} = ${"textpic_url2_".$i} = $name = ""; |
302 |
} |
303 |
if (!$name) $name = $picurl; |
304 |
$txt = MyEscape(convert_html($txt)); |
305 |
$txt2 = ParseNewline($txt, true); |
306 |
global ${"ed_text_force_".$i}; |
307 |
$force = ${"ed_text_force_".$i}; |
308 |
$empty = (($ed_preview && !$txt && !$pos && !$new) ? true : false); |
309 |
$warning = 0; |
310 |
if ($empty && !$force) $warning = 1; |
311 |
if ($picurl && !$pos && !$force) $warning = 2; |
312 |
$ed_empty = $ed_empty && $empty; |
313 |
$ed_warnings = $ed_warnings || ($warning && !$force); |
314 |
array_push($ed_text, array( |
315 |
"id" => $id, |
316 |
"n" => $i, |
317 |
"txt" => $txt2, |
318 |
"txt2" => $txt, |
319 |
"title" => MyEscape(convert_html($tit)), |
320 |
"level" => $lev, |
321 |
"class" => MyEscape(convert_html($class)), |
322 |
"url" => MyEscape(convert_html($picurl)), |
323 |
"name" => MyEscape(convert_html($name)), |
324 |
"alt" => MyEscape(convert_html($alt)), |
325 |
"width" => $w, |
326 |
"height" => $h, |
327 |
"pos" => $pos, |
328 |
"warning" => $warning, |
329 |
"clr" => (${"clear_".$i} || ${"clr_".$i} || !$picurl) ? true : false |
330 |
)); |
331 |
$i++; |
332 |
} |
333 |
if ($ed_warnings) $ed_preview = false; |
334 |
$tp->assign("ed_id", $ed_id); |
335 |
$tp->assign("ed_cat", $ed_cat); |
336 |
$tp->assign("ed_preview", $ed_preview); |
337 |
$tp->assign("ed_trigger", $trigger); |
338 |
$tp->assign("ed_title", MyEscape(convert_html($ed_title))); |
339 |
$tp->assign("ed_lead", MyEscape(convert_html($ed_lead))); |
340 |
$tp->assign("ed_titlepic_pos", $ed_titlepic_pos); |
341 |
$tp->assign("ed_titlepic_url", MyEscape(convert_html($titlepic_url))); |
342 |
$tp->assign("ed_titlepic_url2", MyEscape(convert_html($titlepic_url2))); |
343 |
$tp->assign("ed_titlepic_name", MyEscape(convert_html($titlepic_name))); |
344 |
$tp->assign("ed_titlepic_alt", MyEscape(convert_html($ed_titlepic_alt))); |
345 |
$tp->assign("ed_titlepic_width", $width); |
346 |
$tp->assign("ed_titlepic_height", $height); |
347 |
$tp->assign("ed_more", MyEscape($ed_more)); |
348 |
$tp->assign("ed_clr_main", ($clear_main || $clr_main || !$titlepic_url) ? true : false); |
349 |
$tp->assign("ed_text", $ed_text); |
350 |
$tp->assign("ed_empty", $ed_empty); |
351 |
$tp->assign("ed_warning", $ed_warning); |
352 |
$tp->assign("ed_warnings", $ed_warnings); |
353 |
$tp->assign("ed_records", $ed_records); |
354 |
$tp->assign("newspicdir", "$picdir/"); |
355 |
$params = array(); |
356 |
if ($section) array_push($params, "section=$section"); |
357 |
if ($ed_id) array_push($params, "ed_id=$ed_id"); |
358 |
if ($ed_preview) array_push($params, "ed_preview=$ed_preview"); |
359 |
if ($trigger) array_push($params, "$trigger=1"); |
360 |
global $PHP_SELF; |
361 |
$tp->assign("FORM_ACTION", $PHP_SELF.HTMLSpecialChars("?".implode("&", $params))); |
362 |
global $onload; |
363 |
$onload .= "document.forms[0].elements[0].focus();"; |
364 |
return $tp->fetch("edit.tpl"); |
365 |
} |
366 |
?> |