26 |
26 |
27 $show_main_menu = true; |
27 $show_main_menu = true; |
28 |
28 |
29 if ( isset($_POST['act']) ) |
29 if ( isset($_POST['act']) ) |
30 { |
30 { |
31 switch ( $_POST['act'] ) |
31 $act = ( strpos($_POST['act'], ';') ) ? substr($_POST['act'], 0, strpos($_POST['act'], ';')) : $_POST['act']; |
|
32 if ( strpos($_POST['act'], ';') ) |
|
33 { |
|
34 $parms = substr($_POST['act'], strpos($_POST['act'], ';') + 1); |
|
35 preg_match_all('/([a-z0-9_]+)=([^;]*)/', $parms, $matches); |
|
36 $parms = array(); |
|
37 foreach ( $matches[2] as $id => $parmdata ) |
|
38 { |
|
39 if ( preg_match('/^[0-9]+$/', $parmdata) ) |
|
40 $parmdata = intval($parmdata); |
|
41 $parms[ $matches[1][$id] ] = $parmdata; |
|
42 } |
|
43 } |
|
44 switch ( $act ) |
32 { |
45 { |
33 case "create": |
46 case "create": |
34 case "create_finish": |
47 case "create_finish": |
35 |
48 |
36 // Do we have any categories yet? |
49 // Do we have any categories yet? |
71 } |
84 } |
72 if ( count($errors) > 0 ) |
85 if ( count($errors) > 0 ) |
73 { |
86 { |
74 // Errors encountered - bounce form back to the user |
87 // Errors encountered - bounce form back to the user |
75 $show_main_menu = false; |
88 $show_main_menu = false; |
|
89 echo '<div class="error-box">The forum could not be created.<ul><li>' . implode("</li>\n <li>", $errors) . '</li></ul></div>'; |
76 $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_CREATE); |
90 $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_CREATE); |
77 $form->forum_name = $forum_name; |
91 $form->forum_name = $forum_name; |
78 $form->forum_desc = $forum_desc; |
92 $form->forum_desc = $forum_desc; |
79 $form->forum_type = $forum_type; |
93 $form->forum_type = $forum_type; |
80 $form->need_category = $need_category; |
94 $form->need_category = $need_category; |
99 $show_main_menu = false; |
113 $show_main_menu = false; |
100 $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_CREATE); |
114 $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_CREATE); |
101 $form->need_category = $need_category; |
115 $form->need_category = $need_category; |
102 $form->category_list = $cats; |
116 $form->category_list = $cats; |
103 echo $form->html(); |
117 echo $form->html(); |
|
118 break; |
|
119 case 'edit': |
|
120 case 'edit_finish': |
|
121 |
|
122 if ( !isset($parms['fid']) || ( isset($parms['fid']) && !is_int($parms['fid']) ) ) |
|
123 { |
|
124 echo '<div class="error-box">Invalid forum ID passed to editor.</div>'; |
|
125 break; |
|
126 } |
|
127 |
|
128 // Fetch category list |
|
129 $q = $db->sql_query('SELECT forum_id, forum_name FROM ' . table_prefix . 'decir_forums WHERE forum_type = ' . FORUM_CATEGORY . ';'); |
|
130 if ( !$q ) |
|
131 $db->_die('Decir admin_forums.php retrieving category count'); |
|
132 $need_category = ( $db->numrows() < 1 ); |
|
133 $cats = array(); |
|
134 if ( !$need_category ) |
|
135 { |
|
136 while ( list($cat_id, $cat_name) = $db->fetchrow_num() ) |
|
137 { |
|
138 $cats[ $cat_id ] = $cat_name; |
|
139 } |
|
140 } |
|
141 |
|
142 $db->free_result(); |
|
143 |
|
144 // $fid is safe (validated as an integer). |
|
145 $fid =& $parms['fid']; |
|
146 $q = $db->sql_query('SELECT forum_id, forum_name, forum_desc, parent, forum_type FROM ' . table_prefix . 'decir_forums WHERE forum_id = ' . $fid . ';'); |
|
147 if ( !$q ) |
|
148 $db->_die('Decir admin_forums.php selecting forum data for edit'); |
|
149 |
|
150 $row = $db->fetchrow(); |
|
151 $db->free_result(); |
|
152 |
|
153 if ( $act == 'edit_finish' ) |
|
154 { |
|
155 $errors = array(); |
|
156 // Validate and update |
|
157 if ( $row['forum_type'] == FORUM_FORUM ) |
|
158 { |
|
159 $forum_name = trim($_POST['forum_name']); |
|
160 if ( empty($forum_name) ) |
|
161 $errors[] = 'Please enter a name for this forum.'; |
|
162 |
|
163 $forum_desc = trim($_POST['forum_desc']); |
|
164 if ( empty($forum_desc) ) |
|
165 $errors[] = 'Please enter a description for this forum.'; |
|
166 |
|
167 $forum_parent = intval($_POST['forum_parent']); |
|
168 if ( !isset($cats[$forum_parent]) ) |
|
169 $errors[] = 'Invalid parent category'; |
|
170 |
|
171 $forum_name_db = $db->escape($forum_name); |
|
172 $forum_desc_db = $db->escape($forum_desc); |
|
173 |
|
174 $sql = 'UPDATE ' . table_prefix . "decir_forums SET forum_name='$forum_name_db',forum_desc='$forum_desc_db',parent=$forum_parent WHERE forum_id = $fid;"; |
|
175 } |
|
176 else if ( $row['forum_type'] == FORUM_CATEGORY ) |
|
177 { |
|
178 $forum_name = trim($_POST['forum_name']); |
|
179 if ( empty($forum_name) ) |
|
180 $errors[] = 'Please enter a name for this forum.'; |
|
181 $forum_name_db = $db->escape($forum_name); |
|
182 |
|
183 $sql = 'UPDATE ' . table_prefix . "decir_forums SET forum_name='$forum_name_db' WHERE forum_id = $fid;"; |
|
184 } |
|
185 else |
|
186 { |
|
187 $db->_die('Mom, I feel sick. Can I lay down for a while? ' . __FILE__ . ':' . __LINE__); |
|
188 } |
|
189 if ( count($errors) < 1 ) |
|
190 { |
|
191 if ( $db->sql_query($sql) ) |
|
192 { |
|
193 $show_main_menu = true; |
|
194 echo '<div class="info-box">The forum or category was updated.</div>'; |
|
195 break; |
|
196 } |
|
197 else |
|
198 { |
|
199 $db->_die('Decir admin_forums.php update forum main SQL query'); |
|
200 } |
|
201 } |
|
202 else |
|
203 { |
|
204 echo '<div class="error-box">The forum was not updated because you entered something invalid.<ul><li>' . implode("</li>\n <li>", $errors) . '</li></ul></div>'; |
|
205 } |
|
206 } |
|
207 |
|
208 // This is the amazing part. We'll let the smart form do the work for us. |
|
209 $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_EDIT); |
|
210 $form->forum_name = $row['forum_name']; |
|
211 $form->forum_desc = $row['forum_desc']; |
|
212 $form->forum_type = $row['forum_type']; |
|
213 $form->forum_parent = $row['parent']; |
|
214 $form->forum_id = $row['forum_id']; |
|
215 $form->category_list = $cats; |
|
216 echo $form->html(); |
|
217 |
|
218 $show_main_menu = false; |
|
219 break; |
|
220 case 'save_order': |
|
221 $order = explode(',', $_POST['forum_order']); |
|
222 $i = 0; |
|
223 $sql = array(); |
|
224 foreach ( $order as $forum_id ) |
|
225 { |
|
226 $i++; |
|
227 if ( strval(intval($forum_id)) != $forum_id ) |
|
228 { |
|
229 echo '<p>Hacking attempt</p>'; |
|
230 break; |
|
231 } |
|
232 $sql[] = 'UPDATE ' . table_prefix . "decir_forums SET forum_order = $i WHERE forum_id = $forum_id;"; |
|
233 } |
|
234 foreach ( $sql as $s ) |
|
235 { |
|
236 if ( !$db->sql_query($s) ) |
|
237 $db->_die('Decir admin_forums.php updating forum order'); |
|
238 } |
|
239 echo '<div class="info-box">The forum order was updated.</div>'; |
104 break; |
240 break; |
105 } |
241 } |
106 } |
242 } |
107 |
243 |
108 if ( $show_main_menu ) |
244 if ( $show_main_menu ) |
114 <table border="0" cellspacing="1" cellpadding="4"> |
250 <table border="0" cellspacing="1" cellpadding="4"> |
115 <tr> |
251 <tr> |
116 <th colspan="4">Forum administration</th> |
252 <th colspan="4">Forum administration</th> |
117 </tr>'; |
253 </tr>'; |
118 // Select and display all forums |
254 // Select and display all forums |
119 $q = $db->sql_unbuffered_query('SELECT forum_id, forum_name, forum_type FROM ' . table_prefix . 'decir_forums ORDER BY ( forum_type = ' . FORUM_CATEGORY . ' ) DESC, forum_order;'); |
255 $q = $db->sql_unbuffered_query('SELECT forum_id, forum_name, forum_desc, forum_type, num_topics, num_posts FROM ' . table_prefix . 'decir_forums GROUP BY parent, forum_id ORDER BY forum_order;'); |
120 |
256 |
121 if ( !$q ) |
257 if ( !$q ) |
122 $db->_die('Decir admin_forums.php selecting main forum datum'); |
258 $db->_die('Decir admin_forums.php selecting main forum datum'); |
123 |
259 |
|
260 $order_forums = array(); |
|
261 $order_cats = array(); |
124 if ( $row = $db->fetchrow() ) |
262 if ( $row = $db->fetchrow() ) |
125 { |
263 { |
|
264 $cat_open = false; |
|
265 echo '<tr> |
|
266 <th class="subhead">Forum</th> |
|
267 <th class="subhead" style="max-width: 50px;">Topics</th> |
|
268 <th class="subhead" style="max-width: 50px;">Posts</th> |
|
269 <th class="subhead">Admin tasks</th> |
|
270 </tr>'; |
126 do |
271 do |
127 { |
272 { |
|
273 switch ( $row['forum_type'] ) |
|
274 { |
|
275 case FORUM_FORUM: |
|
276 // Forum |
|
277 echo '<tr> |
|
278 <td class="row2 decir_forum"><input type="hidden" value="' . $row['forum_id'] . '" /> |
|
279 <b><a href="' . makeUrlNS('DecirForum', $row['forum_id']) . '">' |
|
280 . $row['forum_name'] . '</a></b><br />' . $row['forum_desc'].' |
|
281 </td> |
|
282 <td class="row3" style="text-align: center;">' . $row['num_topics'] . '</td> |
|
283 <td class="row3" style="text-align: center;">' . $row['num_posts'] . '</td> |
|
284 <td class="row1" style="text-align: center;">'; |
|
285 |
|
286 echo '<button name="act" value="edit;fid=' . $row['forum_id'] . '">Edit</button> '; |
|
287 echo '<button name="act" value="delete;fid=' . $row['forum_id'] . '">Delete</button>'; |
|
288 |
|
289 echo '</td> |
|
290 </tr>'; |
|
291 $order_forums[] = $row['forum_id']; |
|
292 break; |
|
293 case FORUM_CATEGORY: |
|
294 // Category |
|
295 if ( $cat_open ) |
|
296 echo '</tbody>'; |
|
297 echo '<tr> |
|
298 <td class="row1 decir_category" colspan="1"><input type="hidden" value="' . $row['forum_id'] . '" /> |
|
299 <h3 style="margin: 0; padding: 0;">' . $row['forum_name'] . '</h3> |
|
300 </td> |
|
301 <td class="row2" colspan="2"></td>'; |
|
302 echo '<td class="row1" style="text-align: center;">'; |
|
303 echo '<button name="act" value="edit;fid=' . $row['forum_id'] . '">Edit</button> '; |
|
304 echo '<button name="act" value="delete;fid=' . $row['forum_id'] . '">Delete</button>'; |
|
305 echo '</td>'; |
|
306 echo '</tr> |
|
307 <tbody id="forum_cat_' . $row['forum_id'] . '">'; |
|
308 $cat_open = true; |
|
309 $order_cats[] = $row['forum_id']; |
|
310 break; |
|
311 } |
128 } |
312 } |
129 while ( $row = $db->fetchrow() ); |
313 while ( $row = $db->fetchrow($q) ); |
130 } |
314 } |
131 else |
315 else |
132 { |
316 { |
133 echo '<td colspan="4" class="row3">There are no forums on this board.</td>'; |
317 echo '<td colspan="4" class="row3">There are no forums on this board.</td>'; |
134 } |
318 } |
135 |
319 |
136 // Create forum button |
320 // Create forum button |
137 echo ' <tr> |
321 echo ' <tr> |
138 <th class="subhead"> |
322 <th class="subhead" colspan="4"> |
139 <button name="act" value="create">Create new forum</button> |
323 <button name="act" value="create">Create new forum</button> |
|
324 <button name="act" value="save_order">Save forum order</button> |
140 </th> |
325 </th> |
141 </tr>'; |
326 </tr>'; |
142 |
327 |
143 echo ' </table> |
328 echo ' </table> |
144 </div>'; |
329 </div>'; |
|
330 $order = /* implode(',', $order_cats) . ';' . */ implode(',', $order_forums); |
|
331 echo '<input type="text" name="forum_order" id="forum_order" value="' . $order . '" />'; |
145 echo "</form>"; |
332 echo "</form>"; |
146 } |
333 } |
147 } |
334 } |
148 |
335 |
149 /** |
336 /** |
269 set_form_type_category_{INSTANCE_ID}(); |
471 set_form_type_category_{INSTANCE_ID}(); |
270 } |
472 } |
271 } |
473 } |
272 |
474 |
273 addOnloadHook(set_form_type_auto_{INSTANCE_ID}); |
475 addOnloadHook(set_form_type_auto_{INSTANCE_ID}); |
274 |
|
275 </script> |
476 </script> |
|
477 <!-- END mode_is_create --> |
276 |
478 |
277 <form action="{FORM_ACTION}" name="decir_forum_smartform_{INSTANCE_ID}" method="post" enctype="multipart/form-data"> |
479 <form action="{FORM_ACTION}" name="decir_forum_smartform_{INSTANCE_ID}" method="post" enctype="multipart/form-data"> |
278 |
480 |
279 <div class="tblholder"> |
481 <div class="tblholder"> |
280 <table border="0" cellspacing="1" cellpadding="4"> |
482 <table border="0" cellspacing="1" cellpadding="4"> |
281 <tr> |
483 <tr> |
282 <th colspan="2"> |
484 <th colspan="2"> |
283 <!-- BEGIN mode_is_create --> |
485 <!-- BEGIN mode_is_create --> |
284 Create new forum |
486 Create new forum |
285 <!-- BEGINELSE mode_is_create --> |
487 <!-- BEGINELSE mode_is_create --> |
286 Edit forum {FORUM_NAME} |
488 Editing {FORUM_NAME} |
287 <!-- END mode_is_create --> |
489 <!-- END mode_is_create --> |
288 </th> |
490 </th> |
289 </tr> |
491 </tr> |
290 <!-- BEGIN mode_is_create --> |
492 <!-- BEGIN mode_is_create --> |
291 <tr> |
493 <tr> |
365 <input type="text" name="forum_desc" size="40" value="{FORUM_DESC}" /> |
579 <input type="text" name="forum_desc" size="40" value="{FORUM_DESC}" /> |
366 </td> |
580 </td> |
367 </tr> |
581 </tr> |
368 <tr> |
582 <tr> |
369 <td class="row2"> |
583 <td class="row2"> |
370 Create in category: |
584 <!-- BEGIN mode_is_create -->Create in category:<!-- BEGINELSE mode_is_create -->Parent category:<!-- END mode_is_create --> |
371 </td> |
585 </td> |
372 <td class="row1"> |
586 <td class="row1"> |
373 <select name="forum_parent"> |
587 <select name="forum_parent"> |
374 {CATEGORY_LIST}</select> |
588 {CATEGORY_LIST}</select> |
375 </td> |
589 </td> |
376 </tr> |
590 </tr> |
377 <tr> |
591 <tr> |
378 <th class="subhead" colspan="2"> |
592 <th class="subhead" colspan="2"> |
|
593 <!-- BEGIN mode_is_create --> |
379 <button name="act" value="create_finish"><b>Create forum</b></button> |
594 <button name="act" value="create_finish"><b>Create forum</b></button> |
|
595 <!-- BEGINELSE mode_is_create --> |
|
596 <button name="act" value="edit_finish;fid={FORUM_ID}"><b>Save changes</b></button> |
|
597 <!-- END mode_is_create --> |
380 <button name="act" value="noop" style="font-weight: normal;">Cancel</button> |
598 <button name="act" value="noop" style="font-weight: normal;">Cancel</button> |
381 </th> |
599 </th> |
382 </tr> |
600 </tr> |
383 </table> |
601 </table> |
384 </div> |
602 </div> |
397 $category_list = ''; |
615 $category_list = ''; |
398 foreach ( $this->category_list as $cat_id => $cat_name ) |
616 foreach ( $this->category_list as $cat_id => $cat_name ) |
399 { |
617 { |
400 $cat_id = intval($cat_id); |
618 $cat_id = intval($cat_id); |
401 $cat_name = htmlspecialchars($cat_name); |
619 $cat_name = htmlspecialchars($cat_name); |
402 $category_list .= "<option value=\"$cat_id\">$cat_name</option>\n "; |
620 $sel = ( $cat_id == $this->forum_parent ) ? ' selected="selected"' : ''; |
|
621 $category_list .= "<option {$sel}value=\"$cat_id\">$cat_name</option>\n "; |
403 } |
622 } |
404 |
623 |
405 // FIXME: these should really call addslashes and htmlspecialchars |
624 // FIXME: these should really call addslashes and htmlspecialchars |
406 |
625 |
407 $parser->assign_vars(array( |
626 $parser->assign_vars(array( |
408 'INSTANCE_ID' => $this->instance_id, |
627 'INSTANCE_ID' => $this->instance_id, |
409 'FORUM_NAME' => htmlspecialchars($this->forum_name), |
628 'FORUM_NAME' => htmlspecialchars($this->forum_name), |
410 'FORUM_DESC' => htmlspecialchars($this->forum_desc), |
629 'FORUM_DESC' => htmlspecialchars($this->forum_desc), |
|
630 'FORUM_ID' => $this->forum_id, |
411 'FORM_ACTION' => makeUrlNS('Special', 'DecirAdmin', 'module=' . $paths->nslist['Admin'] . 'DecirForums', true), |
631 'FORM_ACTION' => makeUrlNS('Special', 'DecirAdmin', 'module=' . $paths->nslist['Admin'] . 'DecirForums', true), |
412 'TYPE_FORUM' => FORUM_FORUM, |
632 'TYPE_FORUM' => FORUM_FORUM, |
413 'TYPE_CATEGORY' => FORUM_CATEGORY, |
633 'TYPE_CATEGORY' => FORUM_CATEGORY, |
414 'CATEGORY_LIST' => $category_list |
634 'CATEGORY_LIST' => $category_list |
415 )); |
635 )); |