creylopez
/
phpsqlitecms
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
16 Commits
1 Branch
1.5 MiB
 
 
 
 
Tree: 2351d68eba
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '2351d68eba'
${ noResults }
phpsqlitecms/cms/includes/notes.inc.php

341 lines
13 KiB
Raw Blame History

<?php
if(!defined('IN_INDEX')) exit;
if (isset($_SESSION[$settings['session_prefix'].'user_id']))
{
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : 'main';
if(isset($_GET['edit']))
{
$dbr = Database::$content->prepare("SELECT id, title, text, text_formatting, link, linkname FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence ASC");
$dbr->bindParam(':note_section', $_GET['edit'], PDO::PARAM_STR);
$dbr->execute();
$i=0;
while($data = $dbr->fetch())
{
$notes[$i]['id'] = $data['id'];
$notes[$i]['title'] = $data['title'];
#$notes[$i]['teaser'] = $data['teaser'];
if($data['text_formatting']==1)
{
$notes[$i]['text'] = auto_html($data['text']);
}
else
{
$notes[$i]['text'] = $data['text'];
}
if(substr($data['link'],0,7) != 'http://' && substr($data['link'],0,8) != 'https://')
{
$notes[$i]['link'] = '../'.$data['link'];
}
else
{
$notes[$i]['link'] = $data['link'];
}
#$notes[$i]['link'] = htmlspecialchars(stripslashes($data['link']));
$notes[$i]['linkname'] = $data['linkname'];
++$i;
}
if(isset($notes))
{
$template->assign('notes', $notes);
}
#$note_section = htmlspecialchars(stripslashes($_GET['edit']));
$template->assign('note_section', htmlspecialchars($_GET['edit']));
$action = 'edit';
}
if(isset($_REQUEST['delete']))
{
if(isset($_REQUEST['confirmed']))
{
$dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section");
$dbr->bindParam(':note_section', $_REQUEST['delete'], PDO::PARAM_STR);
$dbr->execute();
if(isset($cache) && $cache->autoClear) $cache->clear();
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes');
exit;
}
else
{
$template->assign('note_section', htmlspecialchars($_REQUEST['delete']));
$action = 'delete';
}
}
if(isset($_GET['add_note']))
{
$note['note_section'] = htmlspecialchars($_GET['add_note']);
$note['time'] = date("Y-m-d H:i:s");
#$note['text_formatting'] = $settings['default_formatting'];
$note['text_formatting'] = 1;
$template->assign('note',$note);
$action = 'edit_note';
}
if(isset($_POST['new_note_section']))
{
$new_note_section = isset($_POST['new_note_section']) ? trim($_POST['new_note_section']) : '';
if(!preg_match('/^[a-zA-Z0-9_\-]+$/', $new_note_section))
{
$errors[] = 'error_note_sect_name_invalid';
}
if(empty($errors))
{
$dbr = Database::$content->prepare("SELECT COUNT(*) FROM ".Database::$db_settings['notes_table']." WHERE lower(note_section)=:note_section");
$dbr->bindValue(':note_section', mb_strtolower($new_note_section,CHARSET), PDO::PARAM_STR);
$dbr->execute();
if($dbr->fetchColumn()!=0)
{
$errors[] = 'note_section_already_ex';
}
}
if(empty($errors))
{
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$new_note_section);
}
else
{
$template->assign('errors',$errors);
$template->assign('new_note_section',htmlspecialchars($new_note_section));
$action = 'new';
}
}
if(isset($_GET['edit_note']))
{
$dbr = Database::$content->prepare("SELECT id, note_section, time, title, text, text_formatting, link, linkname FROM ".Database::$db_settings['notes_table']." WHERE id=:id LIMIT 1");
$dbr->bindParam(':id', $_GET['edit_note'], PDO::PARAM_STR);
$dbr->execute();
$data = $dbr->fetch();
if(isset($data['id']))
{
$note['note_section'] = htmlspecialchars($data['note_section']);
$note['id'] = $data['id'];
$note['title'] = htmlspecialchars($data['title']);
#$note['teaser'] = htmlspecialchars($data['teaser']);
$note['text'] = $data['text'];
$note['text_formatting'] = $data['text_formatting'];
$note['link'] = htmlspecialchars($data['link']);
$note['linkname'] = htmlspecialchars($data['linkname']);
$note['time'] = date("Y-m-d H:i:s", $data['time']);
$headline = $note['title'];
$template->assign('note',$note);
$action = 'edit_note';
}
else
{
$action = 'invalid_request';
}
}
if(isset($_GET['move_up']))
{
if($note_section = move_up($_GET['move_up'], 'note_section', Database::$db_settings['notes_table']))
{
if(isset($cache) && $cache->autoClear) $cache->clear();
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
exit;
}
else
{
$action = 'invalid_request';
}
}
if(isset($_GET['move_down']))
{
if($note_section = move_down($_GET['move_down'], 'note_section', Database::$db_settings['notes_table']))
{
if(isset($cache) && $cache->autoClear) $cache->clear();
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
exit;
}
else
{
$action = 'invalid_request';
}
}
if(isset($_REQUEST['reorder_notes']) && isset($_REQUEST['item']))
{
$dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET sequence=:sequence WHERE id=:id");
$dbr->bindParam(':id', $id, PDO::PARAM_INT);
$dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
Database::$content->beginTransaction();
$sequence = 1;
foreach($_REQUEST['item'] as $id)
{
$dbr->execute();
++$sequence;
}
Database::$content->commit();
if(isset($cache) && $cache->autoClear) $cache->clear();
exit;
}
if(isset($_POST['edit_note_submit']))
{
$title = isset($_POST['title']) ? trim($_POST['title']) : '';
#$teaser = isset($_POST['teaser']) ? trim($_POST['teaser']) : '';
$text = isset($_POST['text']) ? trim($_POST['text']) : '';
$text_formatting = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
$link = isset($_POST['link']) ? trim($_POST['link']) : '';
$linkname = isset($_POST['linkname']) ? trim($_POST['linkname']) : '';
$time = isset($_POST['time']) ? trim($_POST['time']) : date("Y-m-d H:i:s");
$note_section = isset($_POST['note_section']) ? trim($_POST['note_section']) : '';
if(empty($title))
{
$errors[] = 'error_notes_no_title';
}
if(empty($text))
{
$errors[] = 'error_notes_no_text';
}
if(($time = strtotime($time))===false)
{
$errors[] = 'error_notes_time_invalid';
}
if(!preg_match('/^[a-zA-Z0-9_\-]+$/', $note_section))
{
$errors[] = 'error_note_sect_name_invalid';
}
if(empty($errors))
{
if(isset($_POST['id']))
{
$dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET time=:time, title=:title, text=:text, text_formatting=:text_formatting, link=:link, linkname=:linkname WHERE id=:id");
$dbr->bindParam(':id', $_POST['id'], PDO::PARAM_INT);
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
$dbr->bindParam(':title', $title, PDO::PARAM_STR);
#$dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
$dbr->bindParam(':text', $text, PDO::PARAM_STR);
$dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
$dbr->bindParam(':link', $link, PDO::PARAM_STR);
$dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
$dbr->execute();
}
else
{
$dbr = Database::$content->prepare("SELECT sequence FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence DESC LIMIT 1");
$dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
$dbr->execute();
$sequence = intval($dbr->fetchColumn())+1;
$dbr = Database::$content->prepare("INSERT INTO ".Database::$db_settings['notes_table']." (note_section,sequence,time,title,text,text_formatting,link,linkname) VALUES (:note_section,:sequence,:time,:title,:text,:text_formatting,:link,:linkname)");
$dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
$dbr->bindParam(':sequence', $sequence, PDO::PARAM_INT);
$dbr->bindParam(':time', $time, PDO::PARAM_INT);
$dbr->bindParam(':title', $title, PDO::PARAM_STR);
#$dbr->bindParam(':teaser', $teaser, PDO::PARAM_STR);
$dbr->bindParam(':text', $text, PDO::PARAM_STR);
$dbr->bindParam(':text_formatting', $text_formatting, PDO::PARAM_INT);
$dbr->bindParam(':link', $link, PDO::PARAM_STR);
$dbr->bindParam(':linkname', $linkname, PDO::PARAM_STR);
$dbr->execute();
}
if(isset($cache) && $cache->autoClear) $cache->clear();
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
exit;
}
else
{
if(isset($_POST['id'])) $note['id'] = intval($_POST['id']);
$note['title'] = isset($_POST['title']) ? htmlspecialchars($_POST['title']) : '';
#$note['teaser'] = isset($_POST['teaser']) ? htmlspecialchars($_POST['teaser']) : '';
$note['text'] = isset($_POST['text']) ? htmlspecialchars($_POST['text']) : '';
$note['text_formatting'] = isset($_POST['text_formatting']) && $_POST['text_formatting']==1 ? 1 : 0;
$note['link'] = isset($_POST['link']) ? htmlspecialchars($_POST['link']) : '';
$note['linkname'] = isset($_POST['linkname']) ? htmlspecialchars($_POST['linkname']) : '';
$note['time'] = isset($_POST['time']) ? htmlspecialchars($_POST['time']) : date("Y-m-d H:i:s");
$note['note_section'] = isset($_POST['note_section']) ? htmlspecialchars($_POST['note_section']) : '';
$template->assign('note', $note);
$template->assign('errors', $errors);
$action = 'edit_note';
}
}
if(isset($_GET['delete_note']))
{
// get note section:
$dbr = Database::$content->prepare("SELECT note_section FROM ".Database::$db_settings['notes_table']." WHERE id=:id LIMIT 1");
$dbr->bindParam(':id', $_GET['delete_note'], PDO::PARAM_INT);
$dbr->execute();
$note_section = $dbr->fetchColumn();
// delete note:
$dbr = Database::$content->prepare("DELETE FROM ".Database::$db_settings['notes_table']." WHERE id=:id");
$dbr->bindParam(':id', $_GET['delete_note'], PDO::PARAM_INT);
$dbr->execute();
// reorder items:
$dbr = Database::$content->prepare("SELECT id FROM ".Database::$db_settings['notes_table']." WHERE note_section=:note_section ORDER BY sequence ASC");
$dbr->bindParam(':note_section', $note_section, PDO::PARAM_STR);
$dbr->execute();
while($data = $dbr->fetch())
{
$ids[] = $data['id'];
}
if(isset($ids))
{
$new_sequence = 1;
Database::$content->beginTransaction();
$dbr = Database::$content->prepare("UPDATE ".Database::$db_settings['notes_table']." SET sequence=:sequence WHERE id=:id");
$dbr->bindParam(':sequence', $new_sequence, PDO::PARAM_INT);
$dbr->bindParam(':id', $id, PDO::PARAM_INT);
foreach($ids as $id)
{
$dbr->execute();
++$new_sequence;
}
Database::$content->commit();
}
if(isset($cache) && $cache->autoClear) $cache->clear();
header('Location: '.BASE_URL.ADMIN_DIR.'index.php?mode=notes&edit='.$note_section);
exit;
}
switch($action)
{
case 'main':
$dbr = Database::$content->query("SELECT DISTINCT note_section FROM ".Database::$db_settings['notes_table']." ORDER BY note_section ASC");
while($notes_data = $dbr->fetch())
{
$note_sections[] = htmlspecialchars($notes_data['note_section']);
}
if(isset($note_sections))
{
$template->assign('note_sections', $note_sections);
}
$template->assign('subtitle', Localization::$lang['notes']);
$template->assign('subtemplate', 'notes.inc.tpl');
break;
case 'edit':
$template->assign('subtitle', htmlspecialchars($_GET['edit']));
$template->assign('subtemplate', 'notes_edit_section.inc.tpl');
break;
case 'edit_note':
if(isset($note['id']))
{
$template->assign('subtitle', Localization::$lang['edit_note']);
}
else
{
$template->assign('subtitle', Localization::$lang['add_note']);
}
$template->assign('subtemplate', 'notes_edit_note.inc.tpl');
break;
case 'delete':
$template->assign('subtitle', Localization::$lang['delete_note_section']);
$template->assign('subtemplate', 'notes_delete_section.inc.tpl');
break;
case 'new':
$template->assign('subtitle', Localization::$lang['create_note_section']);
$template->assign('subtemplate', 'notes_new_section.inc.tpl');
break;
}
}