health_html/inc/newsEdit.php

<?php
        # ---KLUDGE-BEGIN---
        function ss(&$i, $k) {
                if (is_array($i)) array_walk($i, "ss");
                if (!is_string($i)) return;
                $i = stripslashes($i);
                if ($k) { global $$k; $$k = stripslashes($$k); }
        }
        $ss = array("HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_POST_FILES");
        while (list($key, $val) = each($ss)) array_walk($$val, "ss");
        # ---KLUDGE-END---
        $phptmp = "^php";
        function sql($sql) {
                # echo "<TT><B>[SQL]</B> $sql<BR>\n";
        }
        function newsEdit($art, $trigger = "") {
                global $phptmp, $picdir, $syspicdir, $section, $section_menu, $dbh, $tpl;
                global $ed_id, $ed_cat;
                $i = 1;
                global $ed_delete_main, $ed_del_main;
                $delete_main = $ed_delete_main;
                $del_main = $ed_del_main;
                global $ed_clear_main, $ed_clr_main;
                $clear_main = $ed_clear_main;
                $clr_main = $ed_clr_main;
                global $ed_titlepic_url, $ed_titlepic_url2, $ed_titlepic_name;
                $titlepic_url = $ed_titlepic_url;
                $titlepic_url2 = $ed_titlepic_url2;
                $titlepic_name = $ed_titlepic_name;
                if ($titlepic_url == "none") $titlepic_url = "";
                while (true) {
                        global ${"ed_text_id_".$i};
                        if (!isset(${"ed_text_id_".$i})) break;
                        global ${"ed_delete_".$i}, ${"ed_del_".$i};
                        ${"delete_".$i} = ${"ed_delete_".$i};
                        ${"del_".$i} = ${"ed_del_".$i};
                        global ${"ed_clear_".$i}, ${"ed_clr_".$i};
                        ${"clear_".$i} = ${"ed_clear_".$i};
                        ${"clr_".$i} = ${"ed_clr_".$i};
                        global ${"ed_textpic_url_".$i},
                                ${"ed_textpic_url2_".$i}, ${"ed_textpic_name_".$i};
                        ${"textpic_url_".$i} = ${"ed_textpic_url_".$i};
                        ${"textpic_url2_".$i} = ${"ed_textpic_url2_".$i};
                        ${"textpic_name_".$i} = ${"ed_textpic_name_".$i};
                        if (${"textpic_url_".$i} == "none") ${"textpic_url_".$i} = "";
                        $i++;
                }
                global $cancel, $save;
                if ($cancel || $save) {
                        if ($save) {
                                // Move temp pics & save article.
                                if (ereg("$phptmp", $titlepic_url2) && $ed_id > 0) {
                                        $sql = "SELECT title_pic FROM news WHERE (news_id = $ed_id)";
sql($sql);
                                        $sth = $dbh->prepare($sql);
                                        if (!$sth) error("Cannot prepare query: \"$sql\"");
                                        if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                                        $row = $sth->fetchrow_array();
                                        $sth->finish();
                                        $row = array_shift($row);
                                        if ($row) MyDelete($syspicdir."/".$row);
                                }
                                global $ed_title, $ed_lead, $ed_titlepic_alt,
                                        $ed_titlepic_pos, $ed_more, $ed_more_title,
                                        $ed_cat;
                                $ed_title = MyQuote($ed_title);
                                $ed_lead = MyQuote($ed_lead);
                                $ed_titlepic_nm = MyQuote(basename($titlepic_name));
                                $ed_titlepic_alt = MyQuote($ed_titlepic_alt);
                                $ed_more = MyQuote($ed_more);
                                $ed_more_title = MyQuote($ed_more_title);
                                if (!$ed_titlepic_pos) $ed_titlepic_pos = 0;
                                if ($ed_id > 0) {
                                        $sql = "UPDATE news SET category = '$ed_cat', title = $ed_title, lead = $ed_lead, title_pic = $ed_titlepic_nm, title_alt = $ed_titlepic_alt, title_pos = $ed_titlepic_pos, url = $ed_more, url_title = $ed_more_title, date = CURRENT_TIMESTAMP WHERE (news_id = $ed_id)";
sql($sql);
                                        $dbh->dbh_do($sql);
                                } else {
                                        $sql = "INSERT INTO news (category, title, lead, title_pic, title_alt, title_pos, url, url_title, date) VALUES ('$ed_cat', $ed_title, $ed_lead, $ed_titlepic_nm, $ed_titlepic_alt, $ed_titlepic_pos, $ed_more, $ed_more_title, CURRENT_TIMESTAMP)";
sql($sql);
                                        $dbh->dbh_do($sql);
                                        $sql = "SELECT news_id FROM news WHERE (title = $ed_title)";
sql($sql);
                                        $sth = $dbh->prepare($sql);
                                        if (!$sth) error("Cannot prepare query: \"$sql\"");
                                        if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                                        $rows = array();
                                        while ($row = $sth->fetchrow_array()) array_push($rows, $row);
                                        $sth->finish();
                                        $row = array_pop($rows);
                                        if (is_array($row)) $row = array_shift($row);
                                        if ($row) $ed_id = $row;
                                }
                                if ($titlepic_url2) MyMove("$syspicdir/$titlepic_url2", "$syspicdir/$titlepic_name");
                                $i = 1;
                                while ($ed_id > 0 && isset(${"ed_text_id_".$i})) {
                                        global ${"ed_text_title_".$i}, ${"ed_text_".$i},
                                                ${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
                                                ${"ed_text_level_".$i};
                                        list($id, $tit, $txt, $pic, $orig, $alt, $pos, $del, $lev) = array(
                                                ${"ed_text_id_".$i}, ${"ed_text_title_".$i},
                                                ${"ed_text_".$i}, ${"textpic_url2_".$i}, ${"textpic_name_".$i},
                                                ${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
                                                ${"del_".$i}, ${"ed_text_level_".$i});
                                        $tit = MyQuote($tit);
                                        $txt = MyQuote($txt);
                                        $orig = basename($orig);
                                        $org = MyQuote($orig);
                                        $alt = MyQuote($alt);
                                        if (!$pos) $pos = 0;
                                        if ($id && $id > 0) {
                                                if ($del || !$orig) {
                                                        $sql = "SELECT pic FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
sql($sql);
                                                        $sth = $dbh->prepare($sql);
                                                        if (!$sth) error("Cannot prepare query: \"$sql\"");
                                                        if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                                                        while ($row = $sth->fetchrow_array()) {
                                                                list($pic) = $row;
                                                                MyDelete($syspicdir."/".$pic);
                                                        }
                                                        $sth->finish();
                                                }
                                                if ($del) $sql = "DELETE FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
                                                        else $sql = "UPDATE paragraphs SET title = $tit, level = $lev, text = $txt, pic = $org, alt = $alt, pos = $pos WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
sql($sql);
                                                $dbh->dbh_do($sql);
                                        } else if (!$del) {
                                                $sql = "INSERT INTO paragraphs (news_id, title, level, text, pic, alt, pos) VALUES ($ed_id, $tit, $lev, $txt, $org, $alt, $pos)";
sql($sql);
                                                $dbh->dbh_do($sql);
                                                $sql = "SELECT paragraph_id FROM paragraphs WHERE (text = $txt)";
sql($sql);
                                                $sth = $dbh->prepare($sql);
                                                if (!$sth) error("Cannot prepare query: \"$sql\"");
                                                if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                                                $rows = array();
                                                while ($row = $sth->fetchrow_array()) array_push($rows, $row);
                                                $sth->finish();
                                                $row = array_pop($rows);
                                                if (is_array($row)) $row = array_shift($row);
                                                $id = $row;
                                        }
                                        if ($pic) MyMove("$syspicdir/$pic", "$syspicdir/$orig");
                                        $i++;
                                }
                        } else {
                                // Delete temp pics.
                                if (ereg("$phptmp", $titlepic_url2))
                                        MyDelete($syspicdir."/".$titlepic_url2);
                                $i = 1;
                                while (isset(${"ed_textpic_id_".$i})) {
                                        $tmp = ${"textpic_url2_".$i};
                                        if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
                                        $i++;
                                }
                        }
                        if (!isset($art["limit"])) $art["limit"] = 1;
                        if (!isset($art["npar"])) $art["npar"] = 1;
                        return array_shift(newsLoad($ed_id, $ed_cat,
                                $art["limit"], $art["offset"], $art["npar"]));
                }
                // Handle temp pic upload.
                global $HTTP_POST_FILES;
                while (list($key, $val) = each($HTTP_POST_FILES)) {
                        list($name, $type, $tname, $size) = array(
                                $val["name"], $val["type"],
                                $val["tmp_name"], $val["size"]);
                        if ($size <= 0) continue;
                        if (!$name) continue;
                        if ($tname == "none") continue;
                        $nm = basename($tname);
                        $ext = ereg_replace('^.*(\..+)$', '\1', $name);
                        move_uploaded_file($tname, $syspicdir."/".$nm.$ext);
                        if ($key == "ed_titlepic_url") {
                                $titlepic_url = $nm.$ext;
                                $titlepic_name = $name;
                                $u = $titlepic_url2;
                                if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u);
                                unset($clear_main, $clr_main);
                        } else if (ereg("^ed_textpic_url_([1-9][0-9]*)$", $key, $regs)) {
                                $n = $regs[1];
                                ${"textpic_url_".$n} = $nm.$ext;
                                ${"textpic_name_".$n} = $name;
                                $u = ${"textpic_url2_".$n};
                                if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u2);
                                unset(${"clear_".$n}, ${"clr_".$n});
                        } else {
                                // [?!?]
                        }
                }
                // -----
                $tp = new Smarty();
                // -----
                $categories = array();
                $sql = "SELECT cat_id, text FROM news_categories ORDER BY text";
sql($sql);
                $sth = $dbh->prepare($sql);
                if (!$sth) error("Cannot prepare query: \"$sql\"");
                if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                while ($row = $sth->fetchrow_array()) array_push($categories, array("id" => $row[0], "txt" => $row[1]));
                $sth->finish();
                $tp->assign("categories", $categories);
                // -----
                $levels = array();
                $sql = "SELECT level_id, class, name FROM par_levels ORDER BY name";
sql($sql);
                $sth = $dbh->prepare($sql);
                if (!$sth) error("Cannot prepare query: \"$sql\"");
                if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
                while ($row = $sth->fetchrow_array()) array_push($levels, array("id" => $row[0], "class" => $row[1], "name" => $row[2]));
                $sth->finish();
                $tp->assign("levels", $levels);
                // -----
                global $ed_id, $ed_title, $ed_lead, $ed_titlepic_pos,
                        $ed_titlepic_alt, $ed_cat, $ed_more,
                        $ed_more_title;
                global $ed_edit, $ed_preview, $preview, $add;
                if (!$ed_preview) $ed_preview = ($preview ? true : false);
                if ($ed_edit) $ed_preview = false;
                global $HTTP_POST_VARS, $HTTP_GET_VARS;
                $delete = count(preg_grep('/^ed_delete_[0-9]+$/',
                        array_keys(array_merge($HTTP_GET_VARS,
                        $HTTP_POST_VARS)))) > 0;
                $clear = (count(preg_grep('/^ed_clear_(main|[0-9]+)$/',
                        array_keys(array_merge($HTTP_GET_VARS,
                        $HTTP_POST_VARS)))) > 0);
                $ed_pgfs = array();
                $ed_warning = 0;
                if ($ed_edit || $ed_preview || $add || $delete || $clear) {
                        global $ed_title, $ed_lead, $ed_titlepic_pos,
                                $ed_titlepic_alt, $ed_cat, $ed_more,
                                $ed_more_title;
                        if (!$HTTP_POST_FILES["ed_titlepic_url"]["name"]) $titlepic_url = "";
                        if (!$titlepic_url) $titlepic_url = $titlepic_url2;
                        if (!$titlepic_url && !($clear_main || $clr_main))
                                $titlepic_url = $art["pic_url"];
                        list($width, $height) = PicSize($titlepic_url);
                        global $ed_title_force;
                        if ($titlepic_url && !$ed_titlepic_pos && !$ed_title_force) $ed_warning = 2;
                        $i = 1;
                        while (isset(${"ed_text_id_".$i})) {
                                $id = ${"ed_text_id_".$i};
                                global ${"ed_text_".$i}, ${"ed_text_title_".$i},
                                        ${"ed_text_level_".$i}, ${"ed_textpic_alt_".$i},
                                        ${"ed_textpic_pos_".$i};
                                $pic_url = ($HTTP_POST_FILES["ed_textpic_url_".$i]["name"]) ?
                                        ${"textpic_url_".$i} : "";
                                if (!$pic_url) $pic_url = ${"textpic_url2_".$i};
                                $tmp = "";
                                for ($j = 0; $j < count($art["text"]); $j++)
                                        if ($art["text"][$j]["id"] == $id) $tmp = $art["text"][$j]["pic"];
                                if (!$pic_url && $tmp && !(${"clear_".$i} || ${"clr_".$i})) $pic_url = $tmp;
                                $level = ${"ed_text_level_".$i};
                                $class = "";
                                while (list($key, $val) = each($levels))
                                        if ($val["id"] == $level) $class = $val["class"];
                                array_push($ed_pgfs, array($id,
                                        ${"ed_text_".$i}, ${"ed_text_title_".$i},
                                        $level, $class, $pic_url, ${"textpic_name_".$i},
                                        ${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
                                        false));
                                $i++;
                        }
                } else {
                        list($ed_title, $ed_lead, $ed_titlepic_pos, $titlepic_url,
                                $titlepic_url2, $titlepic_name, $ed_titlepic_alt,
                                $ed_cat, $ed_more, $ed_more_title, $width, $height) =
                                array($art["title"], $art["lead"], $art["pic_pos"],
                                $art["pic_url"], $art["pic_url"], $art["pic_url"],
                                $art["pic_alt"], $art["category"], $art["more"],
                                $art["more_title"], $art["pic_w"], $art["pic_h"]);
                        while ($art["text"] && list($id, $val) = each($art["text"])) {
                                list($id, $txt, $title, $lev, $cls, $pic, $alt, $pos, $w, $h) = array(
                                        $val["id"], $val["text"], $val["title"], $val["level"],
                                        $val["class"], $val["pic"], $val["alt"], $val["pos"],
                                        $val["w"], $val["h"]);
                                array_push($ed_pgfs, array($id, $txt, $title, $lev, $cls, $pic, $pic, $alt,
                                        $pos, $w, $h, false));
                        }
                        $ed_id = $art["id"];
                        if (!$ed_id) $ed_id = -1;
                }
                if ($add) {
                        global $add_num;
                        for ($i = 0; $i < intval($add_num); $i++)
                                array_push($ed_pgfs, array(-1, "", "", -1, "", "", "", "", 0, 0, 0, true));
                }
                $ed_empty = ($ed_title || $ed_lead || $ed_titlepic_pos || $ed_more) ? false : true;
                $ed_text = array();
                $ed_records = array();
                $ed_warnings = ($ed_warning ? true : false);
                $i = 1;
                while (list($key, $val) = each($ed_pgfs)) {
                        list($id, $txt, $tit, $lev, $cls, $pic, $name, $alt, $pos, $w, $h, $new) = $val;
                        $del = ((${"delete_".$i} || ${"del_".$i}) ? true : false);
                        array_push($ed_records, array("val" => $del, "id" => $id));
                        if ($del) { $i++; continue; }
                        $picurl = ${"textpic_url_".$id};
                        if (!$picurl) $picurl = $pic;
                        $class = "";
                        while (list($key, $val) = each($levels))
                                if ($val["id"] == $lev) $class = $val["class"];
                        if ((${"clear_".$i} || ${"clr_".$i}) && $ed_preview && (${"textpic_name_".$i} != ${"textpic_url2_".$i})) {
                                $tmp = ${"textpic_url2_".$i};
                                if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
                                $picurl = ${"textpic_url_".$i} = ${"textpic_url2_".$i} = $name = "";
                        }
                        if (!$name) $name = $picurl;
                        $txt = MyEscape(convert_html($txt));
                        $txt2 = ParseNewline($txt, true);
                        global ${"ed_text_force_".$i};
                        $force = ${"ed_text_force_".$i};
                        $empty = (($ed_preview && !$txt && !$pos && !$new) ? true : false);
                        $warning = 0;
                        if ($empty && !$force) $warning = 1;
                        if ($picurl && !$pos && !$force) $warning = 2;
                        $ed_empty = $ed_empty && $empty;
                        $ed_warnings = $ed_warnings || ($warning && !$force);
                        array_push($ed_text, array(
                                "id" => $id,
                                "n" => $i,
                                "txt" => $txt2,
                                "txt2" => $txt,
                                "title" => MyEscape(convert_html($tit)),
                                "level" => $lev,
                                "class" => MyEscape(convert_html($class)),
                                "url" => MyEscape(convert_html($picurl)),
                                "name" => MyEscape(convert_html($name)),
                                "alt" => MyEscape(convert_html($alt)),
                                "width" => $w,
                                "height" => $h,
                                "pos" => $pos,
                                "warning" => $warning,
                                "clr" => (${"clear_".$i} || ${"clr_".$i} || !$picurl) ? true : false
                        ));
                        $i++;
                }
                if ($ed_warnings) $ed_preview = false;
                $tp->assign("ed_id", $ed_id);
                $tp->assign("ed_cat", $ed_cat);
                $tp->assign("ed_preview", $ed_preview);
                $tp->assign("ed_trigger", $trigger);
                $tp->assign("ed_title", MyEscape(convert_html($ed_title)));
                $tp->assign("ed_lead", MyEscape(convert_html($ed_lead)));
                $tp->assign("ed_titlepic_pos", $ed_titlepic_pos);
                $tp->assign("ed_titlepic_url", MyEscape(convert_html($titlepic_url)));
                $tp->assign("ed_titlepic_url2", MyEscape(convert_html($titlepic_url2)));
                $tp->assign("ed_titlepic_name", MyEscape(convert_html($titlepic_name)));
                $tp->assign("ed_titlepic_alt", MyEscape(convert_html($ed_titlepic_alt)));
                $tp->assign("ed_titlepic_width", $width);
                $tp->assign("ed_titlepic_height", $height);
                $tp->assign("ed_more", MyEscape($ed_more));
                $tp->assign("ed_more_title", MyEscape($ed_more_title));
                $tp->assign("ed_clr_main", ($clear_main || $clr_main || !$titlepic_url) ? true : false);
                $tp->assign("ed_text", $ed_text);
                $tp->assign("ed_empty", $ed_empty);
                $tp->assign("ed_warning", $ed_warning);
                $tp->assign("ed_warnings", $ed_warnings);
                $tp->assign("ed_records", $ed_records);
                $tp->assign("newspicdir", "$picdir/");
                $params = array();
                if ($section) array_push($params, "section=$section");
                if ($section_menu) array_push($params, "section_menu=$section_menu");
                if ($ed_id) array_push($params, "ed_id=$ed_id");
                if ($ed_preview) array_push($params, "ed_preview=$ed_preview");
                if ($trigger) array_push($params, "$trigger=1");
                global $PHP_SELF;
                $tp->assign("FORM_ACTION", $PHP_SELF.HTMLSpecialChars("?".implode("&", $params)));
                global $onload;
                $onload .= "document.forms[0].elements[0].focus();";
                return $tp->fetch("edit.tpl");
        }
?>
1	<?php
2	# ---KLUDGE-BEGIN---
3	function ss(&$i, $k) {
4	if (is_array($i)) array_walk($i, "ss");
5	if (!is_string($i)) return;
6	$i = stripslashes($i);
7	if ($k) { global $$k; $$k = stripslashes($$k); }
8	}
9	$ss = array("HTTP_GET_VARS", "HTTP_POST_VARS", "HTTP_POST_FILES");
10	while (list($key, $val) = each($ss)) array_walk($$val, "ss");
11	# ---KLUDGE-END---
12	$phptmp = "^php";
13	function sql($sql) {
14	# echo "<TT><B>[SQL]</B> $sql<BR>\n";
15	}
16	function newsEdit($art, $trigger = "") {
17	global $phptmp, $picdir, $syspicdir, $section, $section_menu, $dbh, $tpl;
18	global $ed_id, $ed_cat;
19	$i = 1;
20	global $ed_delete_main, $ed_del_main;
21	$delete_main = $ed_delete_main;
22	$del_main = $ed_del_main;
23	global $ed_clear_main, $ed_clr_main;
24	$clear_main = $ed_clear_main;
25	$clr_main = $ed_clr_main;
26	global $ed_titlepic_url, $ed_titlepic_url2, $ed_titlepic_name;
27	$titlepic_url = $ed_titlepic_url;
28	$titlepic_url2 = $ed_titlepic_url2;
29	$titlepic_name = $ed_titlepic_name;
30	if ($titlepic_url == "none") $titlepic_url = "";
31	while (true) {
32	global ${"ed_text_id_".$i};
33	if (!isset(${"ed_text_id_".$i})) break;
34	global ${"ed_delete_".$i}, ${"ed_del_".$i};
35	${"delete_".$i} = ${"ed_delete_".$i};
36	${"del_".$i} = ${"ed_del_".$i};
37	global ${"ed_clear_".$i}, ${"ed_clr_".$i};
38	${"clear_".$i} = ${"ed_clear_".$i};
39	${"clr_".$i} = ${"ed_clr_".$i};
40	global ${"ed_textpic_url_".$i},
41	${"ed_textpic_url2_".$i}, ${"ed_textpic_name_".$i};
42	${"textpic_url_".$i} = ${"ed_textpic_url_".$i};
43	${"textpic_url2_".$i} = ${"ed_textpic_url2_".$i};
44	${"textpic_name_".$i} = ${"ed_textpic_name_".$i};
45	if (${"textpic_url_".$i} == "none") ${"textpic_url_".$i} = "";
46	$i++;
47	}
48	global $cancel, $save;
49	if ($cancel \|\| $save) {
50	if ($save) {
51	// Move temp pics & save article.
52	if (ereg("$phptmp", $titlepic_url2) && $ed_id > 0) {
53	$sql = "SELECT title_pic FROM news WHERE (news_id = $ed_id)";
54	sql($sql);
55	$sth = $dbh->prepare($sql);
56	if (!$sth) error("Cannot prepare query: \"$sql\"");
57	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
58	$row = $sth->fetchrow_array();
59	$sth->finish();
60	$row = array_shift($row);
61	if ($row) MyDelete($syspicdir."/".$row);
62	}
63	global $ed_title, $ed_lead, $ed_titlepic_alt,
64	$ed_titlepic_pos, $ed_more, $ed_more_title,
65	$ed_cat;
66	$ed_title = MyQuote($ed_title);
67	$ed_lead = MyQuote($ed_lead);
68	$ed_titlepic_nm = MyQuote(basename($titlepic_name));
69	$ed_titlepic_alt = MyQuote($ed_titlepic_alt);
70	$ed_more = MyQuote($ed_more);
71	$ed_more_title = MyQuote($ed_more_title);
72	if (!$ed_titlepic_pos) $ed_titlepic_pos = 0;
73	if ($ed_id > 0) {
74	$sql = "UPDATE news SET category = '$ed_cat', title = $ed_title, lead = $ed_lead, title_pic = $ed_titlepic_nm, title_alt = $ed_titlepic_alt, title_pos = $ed_titlepic_pos, url = $ed_more, url_title = $ed_more_title, date = CURRENT_TIMESTAMP WHERE (news_id = $ed_id)";
75	sql($sql);
76	$dbh->dbh_do($sql);
77	} else {
78	$sql = "INSERT INTO news (category, title, lead, title_pic, title_alt, title_pos, url, url_title, date) VALUES ('$ed_cat', $ed_title, $ed_lead, $ed_titlepic_nm, $ed_titlepic_alt, $ed_titlepic_pos, $ed_more, $ed_more_title, CURRENT_TIMESTAMP)";
79	sql($sql);
80	$dbh->dbh_do($sql);
81	$sql = "SELECT news_id FROM news WHERE (title = $ed_title)";
82	sql($sql);
83	$sth = $dbh->prepare($sql);
84	if (!$sth) error("Cannot prepare query: \"$sql\"");
85	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
86	$rows = array();
87	while ($row = $sth->fetchrow_array()) array_push($rows, $row);
88	$sth->finish();
89	$row = array_pop($rows);
90	if (is_array($row)) $row = array_shift($row);
91	if ($row) $ed_id = $row;
92	}
93	if ($titlepic_url2) MyMove("$syspicdir/$titlepic_url2", "$syspicdir/$titlepic_name");
94	$i = 1;
95	while ($ed_id > 0 && isset(${"ed_text_id_".$i})) {
96	global ${"ed_text_title_".$i}, ${"ed_text_".$i},
97	${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
98	${"ed_text_level_".$i};
99	list($id, $tit, $txt, $pic, $orig, $alt, $pos, $del, $lev) = array(
100	${"ed_text_id_".$i}, ${"ed_text_title_".$i},
101	${"ed_text_".$i}, ${"textpic_url2_".$i}, ${"textpic_name_".$i},
102	${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
103	${"del_".$i}, ${"ed_text_level_".$i});
104	$tit = MyQuote($tit);
105	$txt = MyQuote($txt);
106	$orig = basename($orig);
107	$org = MyQuote($orig);
108	$alt = MyQuote($alt);
109	if (!$pos) $pos = 0;
110	if ($id && $id > 0) {
111	if ($del \|\| !$orig) {
112	$sql = "SELECT pic FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
113	sql($sql);
114	$sth = $dbh->prepare($sql);
115	if (!$sth) error("Cannot prepare query: \"$sql\"");
116	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
117	while ($row = $sth->fetchrow_array()) {
118	list($pic) = $row;
119	MyDelete($syspicdir."/".$pic);
120	}
121	$sth->finish();
122	}
123	if ($del) $sql = "DELETE FROM paragraphs WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
124	else $sql = "UPDATE paragraphs SET title = $tit, level = $lev, text = $txt, pic = $org, alt = $alt, pos = $pos WHERE (news_id = $ed_id) AND (paragraph_id = $id)";
125	sql($sql);
126	$dbh->dbh_do($sql);
127	} else if (!$del) {
128	$sql = "INSERT INTO paragraphs (news_id, title, level, text, pic, alt, pos) VALUES ($ed_id, $tit, $lev, $txt, $org, $alt, $pos)";
129	sql($sql);
130	$dbh->dbh_do($sql);
131	$sql = "SELECT paragraph_id FROM paragraphs WHERE (text = $txt)";
132	sql($sql);
133	$sth = $dbh->prepare($sql);
134	if (!$sth) error("Cannot prepare query: \"$sql\"");
135	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
136	$rows = array();
137	while ($row = $sth->fetchrow_array()) array_push($rows, $row);
138	$sth->finish();
139	$row = array_pop($rows);
140	if (is_array($row)) $row = array_shift($row);
141	$id = $row;
142	}
143	if ($pic) MyMove("$syspicdir/$pic", "$syspicdir/$orig");
144	$i++;
145	}
146	} else {
147	// Delete temp pics.
148	if (ereg("$phptmp", $titlepic_url2))
149	MyDelete($syspicdir."/".$titlepic_url2);
150	$i = 1;
151	while (isset(${"ed_textpic_id_".$i})) {
152	$tmp = ${"textpic_url2_".$i};
153	if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
154	$i++;
155	}
156	}
157	if (!isset($art["limit"])) $art["limit"] = 1;
158	if (!isset($art["npar"])) $art["npar"] = 1;
159	return array_shift(newsLoad($ed_id, $ed_cat,
160	$art["limit"], $art["offset"], $art["npar"]));
161	}
162	// Handle temp pic upload.
163	global $HTTP_POST_FILES;
164	while (list($key, $val) = each($HTTP_POST_FILES)) {
165	list($name, $type, $tname, $size) = array(
166	$val["name"], $val["type"],
167	$val["tmp_name"], $val["size"]);
168	if ($size <= 0) continue;
169	if (!$name) continue;
170	if ($tname == "none") continue;
171	$nm = basename($tname);
172	$ext = ereg_replace('^.*(\..+)$', '\1', $name);
173	move_uploaded_file($tname, $syspicdir."/".$nm.$ext);
174	if ($key == "ed_titlepic_url") {
175	$titlepic_url = $nm.$ext;
176	$titlepic_name = $name;
177	$u = $titlepic_url2;
178	if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u);
179	unset($clear_main, $clr_main);
180	} else if (ereg("^ed_textpic_url_([1-9][0-9]*)$", $key, $regs)) {
181	$n = $regs[1];
182	${"textpic_url_".$n} = $nm.$ext;
183	${"textpic_name_".$n} = $name;
184	$u = ${"textpic_url2_".$n};
185	if (ereg("$phptmp", $u)) MyDelete($syspicdir."/".$u2);
186	unset(${"clear_".$n}, ${"clr_".$n});
187	} else {
188	// [?!?]
189	}
190	}
191	// -----
192	$tp = new Smarty();
193	// -----
194	$categories = array();
195	$sql = "SELECT cat_id, text FROM news_categories ORDER BY text";
196	sql($sql);
197	$sth = $dbh->prepare($sql);
198	if (!$sth) error("Cannot prepare query: \"$sql\"");
199	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
200	while ($row = $sth->fetchrow_array()) array_push($categories, array("id" => $row[0], "txt" => $row[1]));
201	$sth->finish();
202	$tp->assign("categories", $categories);
203	// -----
204	$levels = array();
205	$sql = "SELECT level_id, class, name FROM par_levels ORDER BY name";
206	sql($sql);
207	$sth = $dbh->prepare($sql);
208	if (!$sth) error("Cannot prepare query: \"$sql\"");
209	if (!$sth->execute()) error("Cannot execute query: \"$sql\"");
210	while ($row = $sth->fetchrow_array()) array_push($levels, array("id" => $row[0], "class" => $row[1], "name" => $row[2]));
211	$sth->finish();
212	$tp->assign("levels", $levels);
213	// -----
214	global $ed_id, $ed_title, $ed_lead, $ed_titlepic_pos,
215	$ed_titlepic_alt, $ed_cat, $ed_more,
216	$ed_more_title;
217	global $ed_edit, $ed_preview, $preview, $add;
218	if (!$ed_preview) $ed_preview = ($preview ? true : false);
219	if ($ed_edit) $ed_preview = false;
220	global $HTTP_POST_VARS, $HTTP_GET_VARS;
221	$delete = count(preg_grep('/^ed_delete_[0-9]+$/',
222	array_keys(array_merge($HTTP_GET_VARS,
223	$HTTP_POST_VARS)))) > 0;
224	$clear = (count(preg_grep('/^ed_clear_(main\|[0-9]+)$/',
225	array_keys(array_merge($HTTP_GET_VARS,
226	$HTTP_POST_VARS)))) > 0);
227	$ed_pgfs = array();
228	$ed_warning = 0;
229	if ($ed_edit \|\| $ed_preview \|\| $add \|\| $delete \|\| $clear) {
230	global $ed_title, $ed_lead, $ed_titlepic_pos,
231	$ed_titlepic_alt, $ed_cat, $ed_more,
232	$ed_more_title;
233	if (!$HTTP_POST_FILES["ed_titlepic_url"]["name"]) $titlepic_url = "";
234	if (!$titlepic_url) $titlepic_url = $titlepic_url2;
235	if (!$titlepic_url && !($clear_main \|\| $clr_main))
236	$titlepic_url = $art["pic_url"];
237	list($width, $height) = PicSize($titlepic_url);
238	global $ed_title_force;
239	if ($titlepic_url && !$ed_titlepic_pos && !$ed_title_force) $ed_warning = 2;
240	$i = 1;
241	while (isset(${"ed_text_id_".$i})) {
242	$id = ${"ed_text_id_".$i};
243	global ${"ed_text_".$i}, ${"ed_text_title_".$i},
244	${"ed_text_level_".$i}, ${"ed_textpic_alt_".$i},
245	${"ed_textpic_pos_".$i};
246	$pic_url = ($HTTP_POST_FILES["ed_textpic_url_".$i]["name"]) ?
247	${"textpic_url_".$i} : "";
248	if (!$pic_url) $pic_url = ${"textpic_url2_".$i};
249	$tmp = "";
250	for ($j = 0; $j < count($art["text"]); $j++)
251	if ($art["text"][$j]["id"] == $id) $tmp = $art["text"][$j]["pic"];
252	if (!$pic_url && $tmp && !(${"clear_".$i} \|\| ${"clr_".$i})) $pic_url = $tmp;
253	$level = ${"ed_text_level_".$i};
254	$class = "";
255	while (list($key, $val) = each($levels))
256	if ($val["id"] == $level) $class = $val["class"];
257	array_push($ed_pgfs, array($id,
258	${"ed_text_".$i}, ${"ed_text_title_".$i},
259	$level, $class, $pic_url, ${"textpic_name_".$i},
260	${"ed_textpic_alt_".$i}, ${"ed_textpic_pos_".$i},
261	false));
262	$i++;
263	}
264	} else {
265	list($ed_title, $ed_lead, $ed_titlepic_pos, $titlepic_url,
266	$titlepic_url2, $titlepic_name, $ed_titlepic_alt,
267	$ed_cat, $ed_more, $ed_more_title, $width, $height) =
268	array($art["title"], $art["lead"], $art["pic_pos"],
269	$art["pic_url"], $art["pic_url"], $art["pic_url"],
270	$art["pic_alt"], $art["category"], $art["more"],
271	$art["more_title"], $art["pic_w"], $art["pic_h"]);
272	while ($art["text"] && list($id, $val) = each($art["text"])) {
273	list($id, $txt, $title, $lev, $cls, $pic, $alt, $pos, $w, $h) = array(
274	$val["id"], $val["text"], $val["title"], $val["level"],
275	$val["class"], $val["pic"], $val["alt"], $val["pos"],
276	$val["w"], $val["h"]);
277	array_push($ed_pgfs, array($id, $txt, $title, $lev, $cls, $pic, $pic, $alt,
278	$pos, $w, $h, false));
279	}
280	$ed_id = $art["id"];
281	if (!$ed_id) $ed_id = -1;
282	}
283	if ($add) {
284	global $add_num;
285	for ($i = 0; $i < intval($add_num); $i++)
286	array_push($ed_pgfs, array(-1, "", "", -1, "", "", "", "", 0, 0, 0, true));
287	}
288	$ed_empty = ($ed_title \|\| $ed_lead \|\| $ed_titlepic_pos \|\| $ed_more) ? false : true;
289	$ed_text = array();
290	$ed_records = array();
291	$ed_warnings = ($ed_warning ? true : false);
292	$i = 1;
293	while (list($key, $val) = each($ed_pgfs)) {
294	list($id, $txt, $tit, $lev, $cls, $pic, $name, $alt, $pos, $w, $h, $new) = $val;
295	$del = ((${"delete_".$i} \|\| ${"del_".$i}) ? true : false);
296	array_push($ed_records, array("val" => $del, "id" => $id));
297	if ($del) { $i++; continue; }
298	$picurl = ${"textpic_url_".$id};
299	if (!$picurl) $picurl = $pic;
300	$class = "";
301	while (list($key, $val) = each($levels))
302	if ($val["id"] == $lev) $class = $val["class"];
303	if ((${"clear_".$i} \|\| ${"clr_".$i}) && $ed_preview && (${"textpic_name_".$i} != ${"textpic_url2_".$i})) {
304	$tmp = ${"textpic_url2_".$i};
305	if (ereg("$phptmp", $tmp)) MyDelete($syspicdir."/".$tmp);
306	$picurl = ${"textpic_url_".$i} = ${"textpic_url2_".$i} = $name = "";
307	}
308	if (!$name) $name = $picurl;
309	$txt = MyEscape(convert_html($txt));
310	$txt2 = ParseNewline($txt, true);
311	global ${"ed_text_force_".$i};
312	$force = ${"ed_text_force_".$i};
313	$empty = (($ed_preview && !$txt && !$pos && !$new) ? true : false);
314	$warning = 0;
315	if ($empty && !$force) $warning = 1;
316	if ($picurl && !$pos && !$force) $warning = 2;
317	$ed_empty = $ed_empty && $empty;
318	$ed_warnings = $ed_warnings \|\| ($warning && !$force);
319	array_push($ed_text, array(
320	"id" => $id,
321	"n" => $i,
322	"txt" => $txt2,
323	"txt2" => $txt,
324	"title" => MyEscape(convert_html($tit)),
325	"level" => $lev,
326	"class" => MyEscape(convert_html($class)),
327	"url" => MyEscape(convert_html($picurl)),
328	"name" => MyEscape(convert_html($name)),
329	"alt" => MyEscape(convert_html($alt)),
330	"width" => $w,
331	"height" => $h,
332	"pos" => $pos,
333	"warning" => $warning,
334	"clr" => (${"clear_".$i} \|\| ${"clr_".$i} \|\| !$picurl) ? true : false
335	));
336	$i++;
337	}
338	if ($ed_warnings) $ed_preview = false;
339	$tp->assign("ed_id", $ed_id);
340	$tp->assign("ed_cat", $ed_cat);
341	$tp->assign("ed_preview", $ed_preview);
342	$tp->assign("ed_trigger", $trigger);
343	$tp->assign("ed_title", MyEscape(convert_html($ed_title)));
344	$tp->assign("ed_lead", MyEscape(convert_html($ed_lead)));
345	$tp->assign("ed_titlepic_pos", $ed_titlepic_pos);
346	$tp->assign("ed_titlepic_url", MyEscape(convert_html($titlepic_url)));
347	$tp->assign("ed_titlepic_url2", MyEscape(convert_html($titlepic_url2)));
348	$tp->assign("ed_titlepic_name", MyEscape(convert_html($titlepic_name)));
349	$tp->assign("ed_titlepic_alt", MyEscape(convert_html($ed_titlepic_alt)));
350	$tp->assign("ed_titlepic_width", $width);
351	$tp->assign("ed_titlepic_height", $height);
352	$tp->assign("ed_more", MyEscape($ed_more));
353	$tp->assign("ed_more_title", MyEscape($ed_more_title));
354	$tp->assign("ed_clr_main", ($clear_main \|\| $clr_main \|\| !$titlepic_url) ? true : false);
355	$tp->assign("ed_text", $ed_text);
356	$tp->assign("ed_empty", $ed_empty);
357	$tp->assign("ed_warning", $ed_warning);
358	$tp->assign("ed_warnings", $ed_warnings);
359	$tp->assign("ed_records", $ed_records);
360	$tp->assign("newspicdir", "$picdir/");
361	$params = array();
362	if ($section) array_push($params, "section=$section");
363	if ($section_menu) array_push($params, "section_menu=$section_menu");
364	if ($ed_id) array_push($params, "ed_id=$ed_id");
365	if ($ed_preview) array_push($params, "ed_preview=$ed_preview");
366	if ($trigger) array_push($params, "$trigger=1");
367	global $PHP_SELF;
368	$tp->assign("FORM_ACTION", $PHP_SELF.HTMLSpecialChars("?".implode("&", $params)));
369	global $onload;
370	$onload .= "document.forms[0].elements[0].focus();";
371	return $tp->fetch("edit.tpl");
372	}
373	?>