View file dotwidgeta/admin/articles.php

File size: 13.21Kb
<?php

include("dotwidgeta_config.php"); // change if the config file is not in admin directory

include("connect_db.php"); 

$metatitle = $sitename . " - Manage Articles";

include($admin_header_file);



// -------------------------------------------------------------

//  Articles search

// -------------------------------------------------------------

if($action == "search" || $action == "") {



print "<blockquote><p class=\"PAGEHEADING\">Admin: Search for Articles";

?>



<P><A HREF="index.php">Main Menu</A> | <A HREF="articles.php?action=add">Add an Article</A>

<?php

  

$authors = mysql_query("SELECT id, name FROM article_authors;");

$cats    = mysql_query("SELECT id, name FROM article_cats ORDER BY name;");

?>



<FORM ACTION="articles.php?action=list" METHOD=POST>

<P><b>View articles satisfying the following criteria:</b><BR><br>

<table border=0 cellpadding=5>

<tr><td>

By Author:

</td><td>

<SELECT NAME="aid" SIZE=1>

  <OPTION SELECTED VALUE="">Any Author

<?php

  while ($author = mysql_fetch_array($authors)) {

    $aid = $author["id"];

    $aname = $author["name"];

    echo("<OPTION VALUE='$aid'>$aname\n"); 

  }

?>

</SELECT>

</td></tr><tr><td>

By Category:

</td><td>

<SELECT NAME="cid" SIZE=1>

  <OPTION SELECTED VALUE="">Any Category

<?php

  while ($cat = mysql_fetch_array($cats)) {

    $cid = $cat["id"];

    $cname = $cat["name"];

    echo("<OPTION VALUE='$cid'>$cname\n"); 

  }

?>

</SELECT>

</td></tr><tr><td>

Containing Text: 

</td><td><INPUT TYPE=TEXT NAME="searchtext">

</td></tr><tr><td> &nbsp; </td><td>

<INPUT TYPE=SUBMIT NAME="submit" VALUE="Search">

</td></tr></table>



<?php } 



// -------------------------------------------------------------

//  Articles listing

// -------------------------------------------------------------

if($action == "list") {



print "<blockquote><p class=\"PAGEHEADING\">Admin: Articles List";

?>



<P><A HREF="index.php">Main Menu</A> | <A HREF="articles.php?action=search">Search for Articles</A> | <A HREF="articles.php?action=add">Add an Article</A></P>

<?php



// The basic SELECT statement

$select = "SELECT id, title, content, datecreated";

$from   = " FROM articles";

$where  = " WHERE ID > 0";

$order  = " ORDER BY datecreated DESC;";



if ($aid != "") { // An author is selected

  $where .= " AND aid=$aid";

}



if ($cid != "") { // A category is selected

  $from  .= ", article_lookup";

  $where .= " AND id=JID AND CID=$cid";

}



if ($searchtext != "") { // Some search text was specified

  $where .= " AND content LIKE '%$searchtext%'";

}

?>



<TABLE BORDER=1 cellpadding="5">

<tr><td><b>Article Title</b></td><td><b>Date</b></td><td><b>Options</b></td></tr>



<?php

$articles = mysql_query($select . $from . $where . $order);

if (!$articles) {

  echo("</TABLE>");

  echo("<P>Error retrieving articles from database!<BR>".

       "Error: " . mysql_error());

  exit();

}



while ($article = mysql_fetch_array($articles)) {

  echo("<TR>\n");

  $id       = $article["id"];

  $title = $article["title"];

  $datecreated = $article["datecreated"];

  echo("<TD>$title</TD>\n");

  echo("<TD>$datecreated</TD>\n");

  echo("<TD><A HREF='articles.php?action=edit&id=$id'>Edit</A> | ".

       "<A HREF='articles.php?action=del&id=$id'>Delete</A></TD>\n");

  echo("</TR>\n");

}

  echo("</TABLE><br>\n");



}



// -------------------------------------------------------------

//  Add an article

// -------------------------------------------------------------

if($action == "add") {



print "<blockquote><p class=\"PAGEHEADING\">Admin: Add an Article";



print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A></P>";



if ($submit) {



  if ($aid == "") {

    echo("<P>You must choose an author " .

         "for this article. Click 'Back' " .

         "and try again.</P>");

    exit();

  }



  mysql_select_db("articles");



  $sql = "INSERT INTO articles SET " .

         "title='$title', " .

         "description='$description', " .

         "content='$content', " .

         "datecreated='$datecreated', " .

         "aid='$aid'";

  if (mysql_query($sql)) {

    echo("<P>New article added</P>");

  } else {

    echo("<P>Error adding new article: " .

         mysql_error() . "</P>");

  }



  $jid = mysql_insert_id();



  $cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");



  while ($cat = mysql_fetch_array($cats)) {

    $cid = $cat["id"];

    $cname = $cat["name"];

    $var = "cat$cid"; // The name of the variable

    if ($$var) { // The checkbox is checked

      $sql = "INSERT IGNORE INTO article_lookup " .

             "SET JID=$jid, CID=$cid";

      $ok = mysql_query($sql);

      if ($ok) {

        echo("<P>Article added to category: $cname</P>");

      } else {

        echo("<P>Error inserting article into category $cname:" .

             mysql_error() . "</P>");

      }

    } // end of if ($$var)

  } // end of while loop

?>



<P><A HREF="<?php echo($PHP_SELF."?action=add"); ?>">Add another Article</A></P><br>



<?php } else {



  mysql_select_db("articles");



  $authors = mysql_query("SELECT id, name FROM article_authors");

  $cats    = mysql_query("SELECT id, name FROM article_cats ORDER BY name");

?>



<FORM ACTION="<?php echo($PHP_SELF."?action=add"); ?>" METHOD=POST>

<P><b>Enter the new article:</b><BR><br>

<TABLE>

<TR VALIGN="TOP">

	<TD>Date Created:</TD>

	<TD><INPUT NAME="datecreated" TYPE="TEXT" SIZE=40 MAXLENGTH=200 VALUE="<? echo( date("Y-m-d")); ?>"

	</TD>

</TR>

<TR VALIGN="TOP">

	<TD>Title:</TD>

	<TD><INPUT NAME="title" TYPE="TEXT" SIZE=40 MAXLENGTH=200></TD>

</TR>

<TR VALIGN="TOP">

	<TD>Description:</TD>

	<TD><TEXTAREA NAME="description" ROWS=3 COLS=45 WRAP></TEXTAREA></TD>

</TR>

<TR VALIGN="TOP">

	<TD>Article Content: <br><br>&nbsp;<a href="markuptags.htm" target="_blank">Markup Tags</a></TD>

	<TD><TEXTAREA NAME="content" ROWS=15 COLS=45 WRAP></TEXTAREA>

	</TD>

</TR>

<TR VALIGN="TOP">

	<TD>Author:</TD>

	<TD>

	<SELECT NAME="aid" SIZE=1>

  <OPTION SELECTED VALUE="">Select One

  <OPTION VALUE="">---------

<?php

  while ($author = mysql_fetch_array($authors)) {

    $aid = $author["id"];

    $aname = $author["name"];

    echo("<OPTION VALUE='$aid'>$aname\n"); 

  }

?>

</SELECT>

	</TD>

</TR>

<TR VALIGN="TOP">

    <td>Place in categories:</td>

	<td>

	<?php

  while ($cat = mysql_fetch_array($cats)) {

    $cid = $cat["id"];

    $cname = $cat["name"];

    echo("<INPUT TYPE=CHECKBOX NAME='cat$cid'>$cname<BR>\n"); 

  }

?>

	</td>

</tr>

<TR VALIGN="TOP">

    <td>&nbsp;</td>

	<td><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT">

	</td>

</tr>

</TABLE><br>



</FORM>



<?php }



}



// -------------------------------------------------------------

//  Edit an article

// -------------------------------------------------------------

if($action == "edit") {



print "<blockquote><p class=\"PAGEHEADING\">Admin: Edit Article";



print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A> | <A HREF=\"articles.php?action=add\">Add an Article</A></P>";



  if ($submit) {



  $sql = "UPDATE articles SET " .

         "title='$title', " .

         "description='$description', " .

         "content='$content', " .

         "aid='$aid' " .

         "WHERE id=$id";

  if (mysql_query($sql)) {

    echo("<P>Article details updated.</P>");

  } else {

    echo("<P>Error updating article details: " .

         mysql_error() . "</P>");

  }



  // Delete all existing entries for this

  // article from the article_lookup table

  $ok = mysql_query("DELETE FROM article_lookup " .

                    "WHERE JID=$id");

  if ($ok) {

    echo("<P>Article removed from all categories.</P>");

  } else {

    echo("<P>Error removing article from all categories:" .

         mysql_error() . "</P>");

  }



  // List all categories in the database

  $cats = mysql_query("SELECT id, name FROM article_cats ORDER BY name");



  while ($cat = mysql_fetch_array($cats)) {

    $cid = $cat["id"];

    $cname = $cat["name"];

    $var = "cat$cid"; // The name of the variable

    if ($$var) { // The checkbox is checked

      $sql = "INSERT IGNORE INTO article_lookup " .

             "SET JID=$id, CID=$cid";

      $ok = mysql_query($sql);

      if ($ok) {

        echo("<P>Article added to category: $cname</P>");

      } else {

        echo("<P>Error inserting article into category $cname:" .

             mysql_error() . "</P>");

      }

    } // end of if ($$var)

  } // end of while loop



  } else {



  $articles=mysql_query("SELECT title, description, content, aid, datecreated " .

                    "FROM articles " .

                    "WHERE id=$id");

  if (!$articles) {

    echo("<P>Error fetching article details: " .

         mysql_error() . "</P>");

    exit();

  }



  $article = mysql_fetch_array($articles);



  $title = $article["title"];

  $description = $article["description"];

  $content = $article["content"];

  $authid = $article["aid"];

  $datecreated = $article["datecreated"];

  if ($datecreated > 0) {

	  $datecreated  = $article["datecreated"];

      } else {

	  $datecreated = date("Y-m-d");

	  }





  // Convert HTML special characters

  // in database value for use in

  // an HTML document.

if($use_markup != "Yes") {

  $title = htmlspecialchars($title);

  $content = htmlspecialchars($content);

  $byline = htmlspecialchars($byline);

}



  // Get lists of authors and categories for

  // the select box and checkboxes.

  $authors = mysql_query("SELECT id, name, byline FROM article_authors");

  $cats    = mysql_query("SELECT id, name FROM article_cats ORDER BY name");

?>



<FORM ACTION="<?php echo($PHP_SELF."?action=edit"); ?>" METHOD=POST>

<P><b>Edit the article:</b><BR><br>

<TABLE>

<TR VALIGN="TOP">

	<TD>Date Created:</TD>

	<TD><INPUT NAME="title" SIZE=40 MAXLENGTH=200 value="<?php

echo($datecreated); ?>"></TD>

</TR>

<TR VALIGN="TOP">

	<TD>Title:</TD>

	<TD><INPUT NAME="title" SIZE=40 MAXLENGTH=200 value="<?php

echo($title); ?>"></TD>

</TR>

<TR VALIGN="TOP">

	<TD>Description:</TD>

	<TD><TEXTAREA NAME="description" ROWS=3 COLS=65 WRAP><?php

echo($description);

?></TEXTAREA></TD>

</TR>

<TR VALIGN="TOP">

	<TD>Article Content: <br><br>&nbsp;<a href="markuptags.htm" target="_blank">Markup Tags</a></TD>

	<TD><TEXTAREA NAME="content" ROWS=15 COLS=65 WRAP><?php

echo($content);

?></TEXTAREA></TD>

</TR>



<TR VALIGN="TOP">

	<TD>Author:</TD>

	<TD><SELECT NAME="aid" SIZE=1>

<?php

  while ($author = mysql_fetch_array($authors)) {

    $aid = $author["id"];

    $aname = $author["name"];

	if ($aid == $authid) {

	    echo("<OPTION SELECTED VALUE='$aid'>$aname\n");

	} else {

	    echo("<OPTION VALUE='$aid'>$aname\n");

	}

  }

?>

</SELECT></TD>

</TR>

<TR VALIGN="TOP">

	<TD>In categories:</TD>

	<TD><?php

  while ($cat = mysql_fetch_array($cats)) {

    $cid = $cat["id"];

    $cname = $cat["name"];



	// Check if the article is in this category

	$result = mysql_query(

      "SELECT * FROM article_lookup " .

      "WHERE JID=$id AND CID=$cid");

	if (!$result) {

      echo("<P>Error fetching article details: " .

           mysql_error() . "</P>");

      exit();

	}



	// mysql_num_rows gives the number of entries

    // in a result set. In this case, if the result

    // contains one or more rows, the condition

    // below will evaluate to true to indicate that

    // the article does belong to the category, and the

    // checkbox should be checked.

	if (mysql_num_rows($result)) {

      echo("<INPUT TYPE=CHECKBOX CHECKED NAME='cat$cid'>$cname<BR>\n");

    } else {

      echo("<INPUT TYPE=CHECKBOX NAME='cat$cid'>$cname<BR>\n");

    }

  }

?></TD>

</TR>

<TR VALIGN="TOP">

    <td>&nbsp;</td>

    <td><INPUT TYPE=SUBMIT NAME="submit" VALUE="SUBMIT">

	</td>	

</tr>

</TABLE>



<INPUT TYPE=HIDDEN NAME="id" VALUE="<?php echo($id); ?>">

</FORM><br>



<?php }



}



// -------------------------------------------------------------

//  Delete an article

// -------------------------------------------------------------

if($action == "del") {



print "<blockquote><p class=\"PAGEHEADING\">Admin: Delete Article";



print "<P><A HREF=\"index.php\">Main Menu</A> | <A HREF=\"articles.php?action=search\">Search for Articles</A></P>";



// Delete all article lookup entries for the

// article along with the entry for the article.

$ok1 = mysql_query("DELETE FROM article_lookup WHERE JID=$id"); 

$ok2 = mysql_query("DELETE FROM articles WHERE id=$id");

if ($ok1 and $ok2) {

  echo("<P>Article deleted successfully!</P><br>");

} else {

  echo("<P>Error deleting article from database!<BR>".

       "Error: " . mysql_error() . "<br>");

}

}				



// -------------------------------------------------------------

//  Call the footer file

// -------------------------------------------------------------



include($admin_footer_file);?>