Размер файла: 13.21Kb
<?php
include("dotwidgeta_config.php"); // change if the config file is not in admin directory
include("connect_db.php");
$metatitle = $sitename . " - Manage Articles";
include($admin_header_file);
// -------------------------------------------------------------
// Articles search
// -------------------------------------------------------------
if($action == "search" || $action == "") {
print "<blockquote><p class=\"PAGEHEADING\">Admin: Search for Articles";
?>
<P><A HREF="index.php">Main Menu</A> | <A HREF="articles.php?action=add">Add an Article</A>
<?php
$authors = mysql_query("SELECT id, name FROM article_authors;");
$cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name;");
?>
<FORM ACTION="articles.php?action=list" METHOD=POST>
<P><b>View articles satisfying the following criteria:</b><BR><br>
<table border=0 cellpadding=5>
<tr><td>
By Author:
</td><td>
<SELECT NAME="aid" SIZE=1>
<OPTION SELECTED VALUE="">Any Author
<?php
while ($author = mysql_fetch_array($authors)) {
$aid = $author["id"];
$aname = $author["name"];
echo("<OPTION VALUE='$aid'>$aname\n");
}
?>
</SELECT>
</td></tr><tr><td>
By Category:
</td><td>
<SELECT NAME="cid" SIZE=1>
<OPTION SELECTED VALUE="">Any Category
<?php
while ($cat = mysql_fetch_array($cats)) {
$cid = $cat["id"];
$cname = $cat["name"];
echo("<OPTION VALUE='$cid'>$cname\n");
}
?>
</SELECT>
</td></tr><tr><td>
Containing Text:
</td><td><INPUT TYPE=TEXT NAME="searchtext">
</td></tr><tr><td> </td><td>
<INPUT TYPE=SUBMIT NAME="submit" VALUE="Search">
</td></tr></table>
<?php }
// -------------------------------------------------------------
// Articles listing
// -------------------------------------------------------------
if($action == "list") {
print "<blockquote><p class=\"PAGEHEADING\">Admin: Articles List";
?>
<P><A HREF="index.php">Main Menu</A> | <A HREF="articles.php?action=search">Search for Articles</A> | <A HREF="articles.php?action=add">Add an Article</A></P>
<?php
// The basic SELECT statement
$select = "SELECT id, title, content, datecreated";
$from = " FROM articles";
$where = " WHERE ID > 0";
$order = " ORDER BY datecreated DESC;";
if ($aid != "") { // An author is selected
$where .= " AND aid=$aid";
}
if ($cid != "") { // A category is selected
$from .= ", article_lookup";
$where .= " AND id=JID AND CID=$cid";
}
if ($searchtext != "") { // Some search text was specified
$where .= " AND content LIKE '%$searchtext%'";
}
?>
<TABLE BORDER=1 cellpadding="5">
<tr><td><b>Article Title</b></td><td><b>Date</b></td><td><b>Options</b></td></tr>
<?php
$articles = mysql_query($select . $from . $where . $order);
if (!$articles) {
echo("</TABLE>");
echo("<P>Error retrieving articles from database!<BR>".
"Error: " . mysql_error());
exit();
}
while ($article = mysql_fetch_array($articles)) {
echo("<TR>\n");
$id = $article["id"];
$title = $article["title"];
$datecreated = $article["datecreated"];
echo("<TD>$title</TD>\n");
echo("<TD>$datecreated</TD>\n");
echo("<TD><A HREF='articles.php?action=edit&id=$id'>Edit</A> | ".
"<A HREF='articles.php?action=del&id=$id'>Delete</A></TD>\n");
echo("</TR>\n");
}
echo("</TABLE><br>\n");
}
// -------------------------------------------------------------
// Add an article
// -------------------------------------------------------------
if($action == "add") {
print "<blockquote><p class=\"PAGEHEADING\">Admin: Add an Article";
print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A></P>";
if ($submit) {
if ($aid == "") {
echo("<P>You must choose an author " .
"for this article. Click 'Back' " .
"and try again.</P>");
exit();
}
mysql_select_db("articles");
$sql = "INSERT INTO articles SET " .
"title='$title', " .
"description='$description', " .
"content='$content', " .
"datecreated='$datecreated', " .
"aid='$aid'";
if (mysql_query($sql)) {
echo("<P>New article added</P>");
} else {
echo("<P>Error adding new article: " .
mysql_error() . "</P>");
}
$jid = mysql_insert_id();
$cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");
while ($cat = mysql_fetch_array($cats)) {
$cid = $cat["id"];
$cname = $cat["name"];
$var = "cat$cid"; // The name of the variable
if ($$var) { // The checkbox is checked
$sql = "INSERT IGNORE INTO article_lookup " .
"SET JID=$jid, CID=$cid";
$ok = mysql_query($sql);
if ($ok) {
echo("<P>Article added to category: $cname</P>");
} else {
echo("<P>Error inserting article into category $cname:" .
mysql_error() . "</P>");
}
} // end of if ($$var)
} // end of while loop
?>
<P><A HREF="<?php echo($PHP_SELF."?action=add"); ?>">Add another Article</A></P><br>
<?php } else {
mysql_select_db("articles");
$authors = mysql_query("SELECT id, name FROM article_authors");
$cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");
?>
<FORM ACTION="<?php echo($PHP_SELF."?action=add"); ?>" METHOD=POST>
<P><b>Enter the new article:</b><BR><br>
<TABLE>
<TR VALIGN="TOP">
<TD>Date Created:</TD>
<TD><INPUT NAME="datecreated" TYPE="TEXT" SIZE=40 MAXLENGTH=200 VALUE="<? echo( date("Y-m-d")); ?>"
</TD>
</TR>
<TR VALIGN="TOP">
<TD>Title:</TD>
<TD><INPUT NAME="title" TYPE="TEXT" SIZE=40 MAXLENGTH=200></TD>
</TR>
<TR VALIGN="TOP">
<TD>Description:</TD>
<TD><TEXTAREA NAME="description" ROWS=3 COLS=45 WRAP></TEXTAREA></TD>
</TR>
<TR VALIGN="TOP">
<TD>Article Content: <br><br> <a href="markuptags.htm" target="_blank">Markup Tags</a></TD>
<TD><TEXTAREA NAME="content" ROWS=15 COLS=45 WRAP></TEXTAREA>
</TD>
</TR>
<TR VALIGN="TOP">
<TD>Author:</TD>
<TD>
<SELECT NAME="aid" SIZE=1>
<OPTION SELECTED VALUE="">Select One
<OPTION VALUE="">---------
<?php
while ($author = mysql_fetch_array($authors)) {
$aid = $author["id"];
$aname = $author["name"];
echo("<OPTION VALUE='$aid'>$aname\n");
}
?>
</SELECT>
</TD>
</TR>
<TR VALIGN="TOP">
<td>Place in categories:</td>
<td>
<?php
while ($cat = mysql_fetch_array($cats)) {
$cid = $cat["id"];
$cname = $cat["name"];
echo("<INPUT TYPE=CHECKBOX NAME='cat$cid'>$cname<BR>\n");
}
?>
</td>
</tr>
<TR VALIGN="TOP">
<td> </td>
<td><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT">
</td>
</tr>
</TABLE><br>
</FORM>
<?php }
}
// -------------------------------------------------------------
// Edit an article
// -------------------------------------------------------------
if($action == "edit") {
print "<blockquote><p class=\"PAGEHEADING\">Admin: Edit Article";
print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A> | <A HREF=\"articles.php?action=add\">Add an Article</A></P>";
if ($submit) {
$sql = "UPDATE articles SET " .
"title='$title', " .
"description='$description', " .
"content='$content', " .
"aid='$aid' " .
"WHERE id=$id";
if (mysql_query($sql)) {
echo("<P>Article details updated.</P>");
} else {
echo("<P>Error updating article details: " .
mysql_error() . "</P>");
}
// Delete all existing entries for this
// article from the article_lookup table
$ok = mysql_query("DELETE FROM article_lookup " .
"WHERE JID=$id");
if ($ok) {
echo("<P>Article removed from all categories.</P>");
} else {
echo("<P>Error removing article from all categories:" .
mysql_error() . "</P>");
}
// List all categories in the database
$cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");
while ($cat = mysql_fetch_array($cats)) {
$cid = $cat["id"];
$cname = $cat["name"];
$var = "cat$cid"; // The name of the variable
if ($$var) { // The checkbox is checked
$sql = "INSERT IGNORE INTO article_lookup " .
"SET JID=$id, CID=$cid";
$ok = mysql_query($sql);
if ($ok) {
echo("<P>Article added to category: $cname</P>");
} else {
echo("<P>Error inserting article into category $cname:" .
mysql_error() . "</P>");
}
} // end of if ($$var)
} // end of while loop
} else {
$articles=mysql_query("SELECT title, description, content, aid, datecreated " .
"FROM articles " .
"WHERE id=$id");
if (!$articles) {
echo("<P>Error fetching article details: " .
mysql_error() . "</P>");
exit();
}
$article = mysql_fetch_array($articles);
$title = $article["title"];
$description = $article["description"];
$content = $article["content"];
$authid = $article["aid"];
$datecreated = $article["datecreated"];
if ($datecreated > 0) {
$datecreated = $article["datecreated"];
} else {
$datecreated = date("Y-m-d");
}
// Convert HTML special characters
// in database value for use in
// an HTML document.
if($use_markup != "Yes") {
$title = htmlspecialchars($title);
$content = htmlspecialchars($content);
$byline = htmlspecialchars($byline);
}
// Get lists of authors and categories for
// the select box and checkboxes.
$authors = mysql_query("SELECT id, name, byline FROM article_authors");
$cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");
?>
<FORM ACTION="<?php echo($PHP_SELF."?action=edit"); ?>" METHOD=POST>
<P><b>Edit the article:</b><BR><br>
<TABLE>
<TR VALIGN="TOP">
<TD>Date Created:</TD>
<TD><INPUT NAME="title" SIZE=40 MAXLENGTH=200 value="<?php
echo($datecreated); ?>"></TD>
</TR>
<TR VALIGN="TOP">
<TD>Title:</TD>
<TD><INPUT NAME="title" SIZE=40 MAXLENGTH=200 value="<?php
echo($title); ?>"></TD>
</TR>
<TR VALIGN="TOP">
<TD>Description:</TD>
<TD><TEXTAREA NAME="description" ROWS=3 COLS=65 WRAP><?php
echo($description);
?></TEXTAREA></TD>
</TR>
<TR VALIGN="TOP">
<TD>Article Content: <br><br> <a href="markuptags.htm" target="_blank">Markup Tags</a></TD>
<TD><TEXTAREA NAME="content" ROWS=15 COLS=65 WRAP><?php
echo($content);
?></TEXTAREA></TD>
</TR>
<TR VALIGN="TOP">
<TD>Author:</TD>
<TD><SELECT NAME="aid" SIZE=1>
<?php
while ($author = mysql_fetch_array($authors)) {
$aid = $author["id"];
$aname = $author["name"];
if ($aid == $authid) {
echo("<OPTION SELECTED VALUE='$aid'>$aname\n");
} else {
echo("<OPTION VALUE='$aid'>$aname\n");
}
}
?>
</SELECT></TD>
</TR>
<TR VALIGN="TOP">
<TD>In categories:</TD>
<TD><?php
while ($cat = mysql_fetch_array($cats)) {
$cid = $cat["id"];
$cname = $cat["name"];
// Check if the article is in this category
$result = mysql_query(
"SELECT * FROM article_lookup " .
"WHERE JID=$id AND CID=$cid");
if (!$result) {
echo("<P>Error fetching article details: " .
mysql_error() . "</P>");
exit();
}
// mysql_num_rows gives the number of entries
// in a result set. In this case, if the result
// contains one or more rows, the condition
// below will evaluate to true to indicate that
// the article does belong to the category, and the
// checkbox should be checked.
if (mysql_num_rows($result)) {
echo("<INPUT TYPE=CHECKBOX CHECKED NAME='cat$cid'>$cname<BR>\n");
} else {
echo("<INPUT TYPE=CHECKBOX NAME='cat$cid'>$cname<BR>\n");
}
}
?></TD>
</TR>
<TR VALIGN="TOP">
<td> </td>
<td><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT">
</td>
</tr>
</TABLE>
<INPUT TYPE=HIDDEN NAME="id" VALUE="<?php echo($id); ?>">
</FORM><br>
<?php }
}
// -------------------------------------------------------------
// Delete an article
// -------------------------------------------------------------
if($action == "del") {
print "<blockquote><p class=\"PAGEHEADING\">Admin: Delete Article";
print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A></P>";
// Delete all article lookup entries for the
// article along with the entry for the article.
$ok1 = mysql_query("DELETE FROM article_lookup WHERE JID=$id");
$ok2 = mysql_query("DELETE FROM articles WHERE id=$id");
if ($ok1 and $ok2) {
echo("<P>Article deleted successfully!</P><br>");
} else {
echo("<P>Error deleting article from database!<BR>".
"Error: " . mysql_error() . "<br>");
}
}
// -------------------------------------------------------------
// Call the footer file
// -------------------------------------------------------------
include($admin_footer_file);?>