Absolut Engine PHP Cross Reference Web Portal Systems

Source: /admin/modify.php - 601 lines - 27738 bytes - Summary - Text - Print

   1  <?
   2  @include ("coreclass.php");
   3  $ae=new CEngine();
   4  $ae->RequestVariables(1);
   5  $ae->EngineInitialize();
   6  $ae->UserVerifySession();
   7  // if Search submit button is pressed, redirect to related articles screen

   8  if ($ae->command==15 AND $ae->submit==$ae->textbasic[112])
   9     {
  10     header("location: http://".$ae->server."/".$ae->path."admin/managerrelated.php?username=".$ae->username."&session=".$ae->session."&articleID=".$ae->articleID."&title=".$ae->title);
  11     exit;
  12     }
  13  // Imageset: if Edit submit button is pressed, redirect to edit imageset screen

  14  if ($ae->command==10 AND $ae->submit==$ae->textbasic[106])
  15     {
  16     if ($ae->imagesetID[0])
  17        {
  18        header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session."&imagesetID=".$ae->imagesetID[0]);
  19        exit;
  20        }
  21     else
  22        {
  23        header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session);
  24        exit;
  25        }
  26     }
  27  // Fileset: if Edit submit button is pressed, redirect to edit fileset screen

  28  if ($ae->command==6 AND $ae->submit==$ae->textbasic[106])
  29     {
  30     if ($ae->filesetID[0])
  31        {
  32        header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session."&filesetID=".$ae->filesetID[0]);
  33        exit;
  34        }
  35     else
  36        {
  37        header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session);
  38        exit;
  39        }
  40     }
  41  // User: if Edit submit button is pressed, redirect to edit user screen

  42  if ($ae->command==50 AND $ae->submit==$ae->textbasic[106])
  43     {
  44     header("location: http://".$ae->server."/".$ae->path."admin/edituser.php?username=".$ae->username."&session=".$ae->session."&userID=".$ae->userID);
  45     exit;
  46     }
  47  
  48  $ae->DateConversion($ae->adate);
  49  if ($ae->text) $ae->text=$ae->WYSIWYGtoXHTML($ae->text);
  50  
  51  
  52  
  53  
  54  /*---------------------------------------------------

  55  - EDITOR-LEVEL COMMANDS - starting from 1           -

  56  ---------------------------------------------------*/
  57  if ($ae->command==1) // deletes the article
  58     {
  59     if ($ae->cleanurls==2) $ae->DeleteRewriteRule($ae->articleID);
  60     $ae->DBQuery("DELETE FROM ".$ae->table[3]." WHERE ID='".$ae->articleID."'");
  61     $ae->DBQuery("DELETE FROM ".$ae->table[4]." WHERE articleID='".$ae->articleID."'"); // deletes stats for the article

  62     $ae->SetHook("delete_article-articleID");
  63     }
  64  if ($ae->command==2) // adds new article
  65     {
  66     $ae->CheckFormErrors("title","sectionID");
  67     $ae->filename=$ae->CreateCleanURL($ae->title);
  68     $exist=$ae->LookUpCleanURL($ae->filename);
  69     if ($exist)
  70        {
  71        $ae->AddFormError($ae->textwarning[17]);
  72        $ae->CheckFormErrors();
  73        }
  74     $ae->DBQuery("INSERT INTO ".$ae->table[3]." VALUES (NULL,'".$ae->title."','".$ae->beginning."','".$ae->text."','".$ae->authorID."','".$ae->adate."','".$ae->atime."','".$ae->imagesetID."','".$ae->filesetID."','".$ae->priority."','".$ae->status."','".$ae->filename."')");
  75     $ae->articleID=$ae->insertID;
  76     if (is_array($ae->sectionID))
  77        {
  78        foreach ($ae->sectionID as $key=>$value)
  79                {
  80                $ae->DBQuery("INSERT INTO ".$ae->table[9]." VALUES ('".$ae->articleID."','".$value."')");
  81                }
  82        }
  83     if ($ae->cleanurls==2) $ae->AddRewriteRule($ae->articleID);
  84     $ae->DBQuery("INSERT INTO ".$ae->table[4]." VALUES ('".$ae->articleID."',0)"); // creates stats for the article

  85     $ae->SetHook("add_article-articleID");
  86     }
  87  if ($ae->command==3) // updates the article
  88     {
  89     $ae->filename=$ae->CreateCleanURL($ae->title);
  90     $ae->DBQuery("SELECT filename FROM ".$ae->table[3]." WHERE ID='".$ae->articleID."'");
  91     $ae->DBGetRow();
  92     if ($ae->access["filename"]<>$ae->filename)
  93        {
  94        $exist=$ae->LookUpCleanURL($ae->filename);
  95        if ($exist)
  96           {
  97           $ae->AddFormError($ae->textwarning[17]);
  98           $ae->CheckFormErrors();
  99           }
 100        }
 101     if ($ae->cleanurls==2) $ae->DeleteRewriteRule($ae->articleID);
 102     $ae->DBQuery("UPDATE ".$ae->table[3]." SET title='".$ae->title."',beginning='".$ae->beginning."',text='".$ae->text."',authorID='".$ae->authorID."',adate='".$ae->adate."',atime='".$ae->atime."',imagesetID='".$ae->imagesetID."',filesetID='".$ae->filesetID."',priority='".$ae->priority."',status='".$ae->status."',filename='".$ae->filename."' WHERE ID='".$ae->articleID."'");
 103     $ae->DBQuery("DELETE FROM ".$ae->table[9]." WHERE articleID='".$ae->articleID."'");
 104     if (is_array($ae->sectionID))
 105        {
 106        foreach ($ae->sectionID as $key=>$value)
 107                {
 108                $ae->DBQuery("INSERT INTO ".$ae->table[9]." VALUES ('".$ae->articleID."','".$value."')");
 109                }
 110        }
 111     if ($ae->cleanurls==2) $ae->AddRewriteRule($ae->articleID);
 112     $ae->SetHook("update_article-articleID");
 113     }
 114  if ($ae->command==4) // updates user's own profile
 115     {
 116     if (!$ae->password) $ae->DisplayError(5);
 117     if ($ae->password<>$ae->password2) $ae->DisplayError(6);
 118     $ae->password=md5($ae->password);
 119     $ae->DBQuery("UPDATE ".$ae->table[5]." SET password='".$ae->password."',fullname='".$ae->fullname."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
 120     if ($ae->file["name"])
 121        {
 122        $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 123        $ae->DBGetRow();
 124        $delfile=$ae->access["photo"];
 125        if ($delfile) $ae->DeleteImage($delfile,$ae->pathimages);
 126        $photo=$ae->SubmitImage($ae->file["tmp_name"],$ae->file["type"],0);
 127        $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->userID."'");
 128        }
 129     if ($ae->delete)
 130        {
 131        $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 132        $ae->DBGetRow();
 133        $delfile=$ae->access["photo"];
 134        $ae->DeleteImage($delfile,$ae->pathimages);
 135        $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='' WHERE ID='".$ae->userID."'");
 136        }
 137     $ae->SetHook("update_user-userID");
 138     }
 139  
 140  // command=5 NOT USED

 141  
 142  if ($ae->command==6) // deletes the file set
 143     {
 144     if (is_array($ae->filesetID))
 145        {
 146        foreach ($ae->filesetID as $value)
 147            {
 148            $ae->DBQuery("SELECT * FROM ".$ae->table[2]." WHERE filesetID='".$value."'");
 149            while ($ae->DBGetRow())
 150                  {
 151                  $filename=$ae->access["filename"];
 152                  if ($filename) $ae->DeleteFile($filename);
 153                  }
 154            $ae->DBQuery("DELETE FROM ".$ae->table[12]." WHERE ID='".$value."'");
 155            }
 156        }
 157     $ae->SetHook("delete_fileset-filesetID");
 158     }
 159  if ($ae->command==7) // submits the file set
 160     {
 161     $ae->filename=$ae->file["name"][0];
 162     $ae->CheckFormErrors("description","filename");
 163     if (!$ae->filesetID)
 164        {
 165        $ae->DBQuery("INSERT INTO ".$ae->table[12]." VALUES (NULL,'".$ae->description."','".$ae->currentuserID."')");
 166        $ae->filesetID=$ae->insertID;
 167        }
 168     for ($i=0;$i<$ae->uploadnumber;$i++)
 169         {
 170         if (!empty($ae->file["name"][$i]))
 171            {
 172            $filename[$i]=$ae->SubmitFile($ae->file["name"][$i],$ae->file["tmp_name"][$i],$ae->file["size"][$i]);
 173            $ae->DBQuery("INSERT INTO ".$ae->table[2]." VALUES (NULL,'".$ae->filesetID."','".$filename[$i]."')");
 174            }
 175         }
 176     $ae->SetHook("add_fileset-filesetID");
 177     }
 178  if ($ae->command==10) // deletes the image set
 179     {
 180     if (is_array($ae->imagesetID))
 181        {
 182        foreach ($ae->imagesetID as $value)
 183            {
 184            $ae->DBQuery("SELECT * FROM ".$ae->table[1]." WHERE imagesetID='".$value."'");
 185            while ($ae->DBGetRow())
 186                  {
 187                  $filename=$ae->access["filename"];
 188                  if ($filename) $ae->DeleteImage($filename,$ae->pathimages);
 189                  }
 190            $ae->DBQuery("DELETE FROM ".$ae->table[13]." WHERE ID='".$value."'");
 191            }
 192        }
 193     $ae->SetHook("delete_imageset-imagesetID");
 194     }
 195  if ($ae->command==11) // submits the image set
 196     {
 197     $ae->filename=$ae->file["name"][0];
 198     $ae->CheckFormErrors("description","filename");
 199     $ae->DBQuery("INSERT INTO ".$ae->table[13]." VALUES (NULL,'".$ae->description."','".$ae->currentuserID."')");
 200     $ae->imagesetID=$ae->insertID;
 201     for ($i=0;$i<$ae->uploadnumber;$i++)
 202         {
 203         if (!empty($ae->file["name"][$i]))
 204            {
 205            $filename[$i]=$ae->SubmitImage($ae->file["name"][$i],$ae->file["tmp_name"][$i],$ae->file["type"][$i],$ae->file["size"][$i]);
 206            $ae->DBQuery("INSERT INTO ".$ae->table[1]." VALUES (NULL,'".$ae->imagesetID."','".$filename[$i]."','".$ae->filedescription[$i]."')");
 207            }
 208         }
 209     $ae->SetHook("add_imageset-imagesetID");
 210     }
 211  if ($ae->command==12) // edits the image set
 212     {
 213     $ae->CheckFormErrors("description");
 214     $filenumber=0;
 215     for ($i=0;$i<$ae->uploadnumber;$i++)
 216         {
 217         if (!empty($ae->filedescription[$i]))
 218            {
 219            $ae->DBQuery("SELECT ID FROM ".$ae->table[1]." WHERE imagesetID='".$ae->imagesetID."' ORDER BY filename LIMIT ".$i.",1");
 220            $ae->DBGetRow();
 221            $imageID=$ae->access["ID"];
 222            $ae->DBQuery("UPDATE ".$ae->table[1]." SET description='".$ae->filedescription[$i]."' WHERE ID='".$imageID."'");
 223            }
 224         if (!empty($ae->file["name"][$i]))
 225            {
 226            if ($i+1<=$filenumber)
 227               {
 228               $ae->DBQuery("SELECT ID,filename FROM ".$ae->table[1]." WHERE imagesetID='".$ae->imagesetID."' ORDER BY filename LIMIT ".$i.",1");
 229               $ae->DBGetRow();
 230               $delID=$ae->access["ID"];
 231               $delfile=$ae->access["filename"];
 232               if ($delfile)
 233                  {
 234                  $ae->DeleteImage($delfile,$ae->pathimages);
 235                  }
 236               $filename[$i]=$ae->SubmitImage($ae->file["name"][$i],$ae->file["tmp_name"][$i],$ae->file["type"][$i],$ae->file["size"][$i]);
 237               $ae->DBQuery("UPDATE ".$ae->table[1]." SET filename='".$filename[$i]."',description='".$ae->filedescription[$i]."' WHERE ID='".$delID."'");
 238               }
 239            else
 240               {
 241               if ($delfile)
 242                  {
 243                  $ae->DeleteImage($delfile,$ae->pathimages);
 244                  }
 245               $filename[$i]=$ae->SubmitImage($ae->file["name"][$i],$ae->file["tmp_name"][$i],$ae->file["type"][$i],$ae->file["size"][$i]);
 246               $ae->DBQuery("INSERT INTO ".$ae->table[1]." VALUES (NULL,'".$ae->imagesetID."','".$filename[$i]."','".$ae->filedescription[$i]."')");
 247               }
 248            }
 249         }
 250     for ($i=0;$i<$ae->uploadnumber;$i++)
 251         {
 252         if (empty($ae->file["name"][$i]) AND !empty($ae->delete[$i]))
 253                {
 254                $ae->DBQuery("SELECT filename FROM ".$ae->table[1]." WHERE ID='".$ae->delete[$i]."'");
 255                $ae->DBGetRow();
 256                $delfile=$ae->access["filename"];
 257                $ae->DeleteImage($delfile,$ae->pathimages);
 258                $ae->DBQuery("DELETE FROM ".$ae->table[1]." WHERE ID='".$ae->delete[$i]."'");
 259                $filenumber++;
 260                }
 261         }
 262     if ($ae->uploadnumber==$filenumber)
 263         {
 264         $ae->DBQuery("DELETE FROM ".$ae->table[13]." WHERE ID='".$ae->imagesetID."'");
 265         }
 266     $ae->SetHook("update_imageset-imagesetID");
 267     }
 268  if ($ae->command==13) // edits the file set
 269     {
 270     $ae->CheckFormErrors("description");
 271     $filenumber=0;
 272     for ($i=0;$i<$ae->uploadnumber;$i++)
 273         {
 274         if (!empty($ae->file["name"][$i]))
 275            {
 276            if ($i+1<=$filenumber)
 277               {
 278               $ae->DBQuery("SELECT ID,filename FROM ".$ae->table[2]." WHERE filesetID='".$ae->filesetID."' ORDER BY filename LIMIT ".$i.",1");
 279               $ae->DBGetRow();
 280               $delID=$ae->access["ID"];
 281               $delfile=$ae->access["filename"];
 282               if ($delfile)
 283                  {
 284                  $ae->DeleteFile($delfile);
 285                  $ae->DBQuery("DELETE FROM ".$ae->table[2]." WHERE filename='".$delfile."'");
 286                  }
 287               $filename[$i]=$ae->SubmitFile($ae->file["name"][$i],$ae->file["tmp_name"][$i],$i);
 288               $ae->DBQuery("UPDATE ".$ae->table[2]." filename='".$filename[$i]."' WHERE ID='".$delID."'");
 289               }
 290            else
 291               {
 292               if ($delfile)
 293                  {
 294                  $ae->DeleteFile($delfile);
 295                  }
 296               $filename[$i]=$ae->SubmitFile($ae->file["name"][$i],$ae->file["tmp_name"][$i],$i);
 297               $ae->DBQuery("INSERT INTO ".$ae->table[2]." VALUES (NULL,'".$ae->filesetID."','".$filename[$i]."')");
 298               }
 299            }
 300         }
 301     for ($i=0;$i<$ae->uploadnumber;$i++)
 302         {
 303         if (empty($ae->file["name"][$i]) AND !empty($ae->delete[$i]))
 304                {
 305                $ae->DBQuery("SELECT filename FROM ".$ae->table[2]." WHERE ID='".$ae->delete[$i]."'");
 306                $ae->DBGetRow();
 307                $delfile=$ae->access["filename"];
 308                $ae->DeleteFile($delfile);
 309                $ae->DBQuery("DELETE FROM ".$ae->table[2]." WHERE ID='".$ae->delete[$i]."'");
 310                $filenumber++;
 311                }
 312         }
 313     if ($ae->uploadnumber==$filenumber)
 314         {
 315         $ae->DBQuery("DELETE FROM ".$ae->table[12]." WHERE ID='".$ae->filesetID."'");
 316         }
 317     $ae->SetHook("update_fileset-filesetID");
 318     }
 319  if ($ae->command==14) // deletes related articles
 320     {
 321     if (is_array($ae->relatedID))
 322        {
 323        foreach ($ae->relatedID as $value)
 324                {
 325                $ae->DBQuery("DELETE FROM ".$ae->table[7]." WHERE articleID='".$ae->articleID."' AND relatedID='".$value."'");
 326                }
 327        }
 328     $ae->SetHook("delete_relatedarticle-relatedID");
 329     }
 330  if ($ae->command==15) // adds related articles
 331     {
 332     $ae->CheckFormErrors("articleID","relatedID");
 333     if (is_array($ae->relatedID))
 334        {
 335        foreach ($ae->relatedID as $value)
 336                {
 337                $ae->DBQuery("SELECT * FROM ".$ae->table[7]." WHERE articleID='".$ae->articleID."' AND relatedID='".$value."'");
 338                if (!$ae->rowsnumber AND $ae->articleID<>$value) $ae->DBQuery("INSERT INTO ".$ae->table[7]." VALUES ('".$ae->articleID."','".$value."')");
 339                }
 340        }
 341     $ae->SetHook("add_relatedarticle-articleID");
 342     }
 343  
 344  
 345  /*---------------------------------------------------

 346  - EDITOR-IN-CHIEF-LEVEL COMMANDS - starting from 30 -

 347  ---------------------------------------------------*/
 348  if ($ae->command==30) // deletes the section
 349     {
 350     if ($ae->cleanurls==2) $ae->DeleteRewriteRule($ae->sectionID,$ae->table[0],"showsection.php?sectionID");
 351     $ae->DBQuery("DELETE FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
 352     $ae->DBQuery("SELECT MIN(priority) FROM ".$ae->table[0]." WHERE parentsectionID='0'");
 353     $ae->DBGetRow();
 354     $priority=$ae->access["MIN(priority)"]-1;
 355     $ae->DBQuery("SELECT * FROM ".$ae->table[0]." WHERE parentsectionID='".$ae->sectionID."'");
 356     while ($ae->DBGetRow())
 357           {
 358           $temp=$ae->outcome;
 359           $sectionID=$ae->access["ID"];
 360           $ae->DBQuery("UPDATE ".$ae->table[0]." SET parentsectionID='0',priority='".$priority."' WHERE ID='".$sectionID."'");
 361           $priority--;
 362           $ae->outcome=$temp;
 363           }
 364     $ae->SetHook("delete_section-sectionID");
 365     }
 366  if ($ae->command==31) // adds new section
 367     {
 368     $ae->filename=$ae->CreateCleanURL($ae->section);
 369     $exist=$ae->LookUpCleanURL($ae->filename);
 370     if ($exist)
 371        {
 372        $ae->AddFormError($ae->textwarning[17]);
 373        $ae->CheckFormErrors();
 374        }
 375     $ae->DBQuery("SELECT MIN(priority) FROM ".$ae->table[0]." WHERE parentsectionID='".$ae->parentsectionID."'");
 376     $ae->DBGetRow();
 377     $ae->priority=$ae->access["MIN(priority)"]-1;
 378     $ae->DBQuery("INSERT INTO ".$ae->table[0]." VALUES(NULL,'".$ae->section."','".$ae->parentsectionID."','".$ae->articleID."','".$ae->priority."','".$ae->filename."')");
 379     $sectionID=$ae->insertID;
 380     if ($ae->cleanurls==2) $ae->AddRewriteRule($sectionID,"showsection.php?sectionID");
 381     $ae->SetHook("add_section-sectionID");
 382     }
 383  if ($ae->command==32) // changes position (priority) of section in a tree
 384     {
 385     $ae->DBQuery("SELECT * FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
 386     $ae->DBGetRow();
 387     $parentsectionID=$ae->access["parentsectionID"];
 388     // up and down

 389     if ($ae->direction==1 OR $ae->direction==2)
 390        {
 391        $ae->DBQuery("SELECT * FROM ".$ae->table[0]." WHERE parentsectionID='".$parentsectionID."' ORDER BY priority DESC");
 392        while ($ae->DBGetRow())
 393              {
 394              $sectionID=$ae->access["ID"];
 395              $priority=$ae->access["priority"];
 396              if ($ae->direction==1 AND $sectionID==$ae->sectionID)
 397                 {
 398                 $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$previouspriority."' WHERE ID='".$ae->sectionID."'");
 399                 $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$priority."' WHERE ID='".$previoussectionID."'");
 400                 break;
 401                 }
 402              if ($ae->direction==2 AND $previoussectionID==$ae->sectionID)
 403                 {
 404                 $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$priority."' WHERE ID='".$ae->sectionID."'");
 405                 $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$previouspriority."' WHERE ID='".$sectionID."'");
 406                 break;
 407                 }
 408              $previouspriority=$priority;
 409              $previoussectionID=$sectionID;
 410              }
 411        }
 412     // top

 413     if ($ae->direction==3)
 414        {
 415        $ae->DBQuery("SELECT MAX(priority) FROM ".$ae->table[0]." WHERE parentsectionID='".$parentsectionID."'");
 416        $ae->DBGetRow();
 417        $maxpriority=$ae->access["MAX(priority)"];
 418        $ae->DBQuery("SELECT priority FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
 419        $ae->DBGetRow();
 420        $priority=$ae->access["priority"];
 421        $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority=priority-1 WHERE parentsectionID='".$parentsectionID."' AND priority>'".$priority."'");
 422        $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$maxpriority."' WHERE ID='".$ae->sectionID."'");
 423        }
 424     // bottom

 425     if ($ae->direction==4)
 426        {
 427        $ae->DBQuery("SELECT MIN(priority) FROM ".$ae->table[0]." WHERE parentsectionID='".$parentsectionID."'");
 428        $ae->DBGetRow();
 429        $minpriority=$ae->access["MIN(priority)"];
 430        $ae->DBQuery("SELECT priority FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
 431        $ae->DBGetRow();
 432        $priority=$ae->access["priority"];
 433        $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority=priority+1 WHERE parentsectionID='".$parentsectionID."' AND priority<'".$priority."'");
 434        $ae->DBQuery("UPDATE ".$ae->table[0]." SET priority='".$minpriority."' WHERE ID='".$ae->sectionID."'");
 435        }
 436     $ae->SetHook("update_section-sectionID");
 437     }
 438  if ($ae->command==33) // modifies section
 439     {
 440     if ($ae->parentsectionID==$ae->sectionID) $ae->AddFormError($ae->textwarning[16]);
 441     $ae->filename=$ae->CreateCleanURL($ae->title);
 442     $ae->DBQuery("SELECT filename FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."'");
 443     $ae->DBGetRow();
 444     if ($ae->access["filename"]<>$ae->filename)
 445        {
 446        $exist=$ae->LookUpCleanURL($ae->filename);
 447        if ($exist)
 448           {
 449           $ae->AddFormError($ae->textwarning[17]);
 450           }
 451        }
 452     $ae->CheckFormErrors();
 453     if ($ae->cleanurls==2) $ae->DeleteRewriteRule($ae->sectionID,$ae->table[0],"showsection.php?sectionID");
 454     $ae->DBQuery("SELECT ID FROM ".$ae->table[0]." WHERE ID='".$ae->sectionID."' AND parentsectionID='".$ae->parentsectionID."'");
 455     if (!$ae->rowsnumber)
 456        {
 457        $ae->DBQuery("SELECT MIN(priority) FROM ".$ae->table[0]." WHERE parentsectionID='".$ae->parentsectionID."'");
 458        $ae->DBGetRow();
 459        $ae->priority=$ae->access["MIN(priority)"]-1;
 460        $ae->DBQuery("UPDATE ".$ae->table[0]." SET section='".$ae->section."',parentsectionID='".$ae->parentsectionID."',articleID='".$ae->articleID."',filename='".$ae->filename."',priority='".$ae->priority."' WHERE ID='".$ae->sectionID."'");
 461        }
 462     else
 463        {
 464        $ae->DBQuery("UPDATE ".$ae->table[0]." SET section='".$ae->section."',parentsectionID='".$ae->parentsectionID."',articleID='".$ae->articleID."',filename='".$ae->filename."' WHERE ID='".$ae->sectionID."'");
 465        }
 466     $result=$ae->AddRewriteRule($ae->sectionID,"showsection.php?sectionID");
 467     $ae->SetHook("update_section-sectionID");
 468     }
 469  if ($ae->command==35) // prioritize article
 470     {
 471     $ae->UserVerifyLevel(2);
 472     $ae->DBQuery("UPDATE ".$ae->table[3]." SET priority=1 WHERE ID='".$ae->articleID."'");
 473     }
 474  if ($ae->command==36) // deprioritize article
 475     {
 476     $ae->UserVerifyLevel(2);
 477     $ae->DBQuery("UPDATE ".$ae->table[3]." SET priority=0 WHERE ID='".$ae->articleID."'");
 478     }
 479  if ($ae->command==37) // publish article
 480     {
 481     $ae->UserVerifyLevel(2);
 482     $ae->DBQuery("UPDATE ".$ae->table[3]." SET status=1 WHERE ID='".$ae->articleID."'");
 483     $ae->SetHook("publish_article-articleID");
 484     }
 485  if ($ae->command==38) // put article on hold
 486     {
 487     $ae->UserVerifyLevel(2);
 488     $ae->DBQuery("UPDATE ".$ae->table[3]." SET status=0 WHERE ID='".$ae->articleID."'");
 489     $ae->SetHook("unpublish_article-articleID");
 490     }
 491  
 492  /*---------------------------------------------------

 493  - ADMIN-LEVEL COMMANDS - starting from 50           -

 494  ---------------------------------------------------*/
 495  if ($ae->command==50) // deletes a user
 496     {
 497     $ae->UserVerifyLevel();
 498     if ($ae->userID<>1)  // security feature - user admin cannot be deleted
 499        {
 500        $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 501        $ae->DBGetRow();
 502        $delfile=$ae->access["photo"];
 503        if ($delfile) $ae->DeleteImage($delfile,$ae->pathimages);
 504        $ae->DBQuery("DELETE FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 505        }
 506     $ae->SetHook("delete_user-userID");
 507     }
 508  if ($ae->command==51) // adds a new user
 509     {
 510     $ae->UserVerifyLevel();
 511     $ae->CheckFormErrors("user","password","password2");
 512     $ae->DBQuery("SELECT user FROM ".$ae->table[5]." WHERE user='".$ae->user."'");
 513     if ($ae->rowsnumber) $ae->AddFormError($ae->textwarning[4]);
 514     if ($ae->password<>$ae->password2) $ae->AddFormError($ae->textwarning[6]);
 515     $ae->CheckFormErrors();
 516     $ae->password=md5($ae->password);
 517     $ae->DBQuery("INSERT INTO ".$ae->table[5]." VALUES (NULL,'".$ae->user."','".$ae->password."','".$ae->fullname."','".$ae->position."','".$ae->email."','".$ae->language."','','".$ae->otherinfo."')");
 518     if ($ae->file["name"])
 519        {
 520        $photo=$ae->SubmitImage($ae->file["name"],$ae->file["tmp_name"],$ae->file["type"],$ae->file["size"]);
 521        $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->insertID."'");
 522        }
 523     $ae->SetHook("add_user-userID");
 524     }
 525  if ($ae->command==52) // updates user's profile including a position
 526     {
 527     $ae->UserVerifyLevel();
 528     if (!$ae->password AND !$ae->password2) // leaves password unchanged
 529        {
 530        $ae->DBQuery("UPDATE ".$ae->table[5]." SET fullname='".$ae->fullname."',position='".$ae->position."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
 531        }
 532     else // changes everything including password
 533        {
 534        if (!$ae->password) $ae->DisplayError(5);
 535        if ($ae->password<>$ae->password2) $ae->DisplayError(6);
 536        $ae->password=md5($ae->password);
 537        $ae->DBQuery("UPDATE ".$ae->table[5]." SET password='".$ae->password."',fullname='".$ae->fullname."',position='".$ae->position."',email='".$ae->email."',language='".$ae->language."',otherinfo='".$ae->otherinfo."' WHERE ID='".$ae->userID."'");
 538        }
 539     if ($ae->file["name"])
 540        {
 541        $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 542        $ae->DBGetRow();
 543        $delfile=$ae->access["photo"];
 544        if ($delfile) $ae->DeleteImage($delfile,$ae->pathimages);
 545        $photo=$ae->SubmitImage($ae->file["name"],$ae->file["tmp_name"],$ae->file["type"],$ae->file["size"]);
 546        $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='".$photo."' WHERE ID='".$ae->userID."'");
 547        }
 548     if ($ae->delete)
 549        {
 550        $ae->DBQuery("SELECT photo FROM ".$ae->table[5]." WHERE ID='".$ae->userID."'");
 551        $ae->DBGetRow();
 552        $delfile=$ae->access["photo"];
 553        $ae->DeleteImage($delfile,$ae->pathimages);
 554        $ae->DBQuery("UPDATE ".$ae->table[5]." SET photo='' WHERE ID='".$ae->userID."'");
 555        }
 556     $ae->SetHook("update_user-userID");
 557     }
 558  if ($ae->command==53) // uninstalls module
 559     {
 560     $ae->UserVerifyLevel();
 561     $modules=$ae->RetrieveModules($ae->modules);
 562     if (is_array($modules))
 563        {
 564        foreach ($modules as $value)
 565             {
 566             if (!$ae->leavedb) $ae->UninstallSQL($value["moduledir"]);
 567             $ae->UninstallHooks($value["moduledir"]);
 568             $ae->DBQuery("DELETE FROM ".$ae->table[8]." WHERE directory='".$value["moduledir"]."'");
 569             }
 570        }
 571     $ae->SetHook("delete_module-moduleID");
 572     }
 573  if ($ae->command==54) // installs module
 574     {
 575     $ae->UserVerifyLevel();
 576     $modules=$ae->RetrieveModules($ae->modules);
 577     if (is_array($modules))
 578        {
 579        foreach ($modules as $value)
 580                {
 581                if (!$ae->leavedb) $ae->InstallSQL($value["moduledir"]);
 582                $ae->InstallHooks($value["moduledir"]);
 583                $ae->DBQuery("DELETE FROM ".$ae->table[8]." WHERE directory='".$value["moduledir"]."'");
 584                $ae->DBQuery("INSERT INTO ".$ae->table[8]." VALUES (NULL,'".$value["name"]."','".$value["minversion"]."','".$value["author"]."','".$value["website"]."','".$value["description"]."','".$value["moduledir"]."','".$value["menu1"]."','".$value["menu2"]."','".$value["menu3"]."','".$value["menu4"]."','".$value["menu5"]."','".$value["guestmodify"]."')");
 585                }
 586        }
 587     $ae->SetHook("add_module-moduleID");
 588     }
 589  
 590  /*---------------------------------------------------

 591  - REDIRECTION PART                                  -

 592  ---------------------------------------------------*/
 593  $ae->ExecuteHook();
 594  header("location: http://".$ae->server."/".$ae->path."admin/admin.php?username=".$ae->username."&session=".$ae->session);
 595  if (($ae->command==2 OR $ae->command==3) AND $ae->action==2) header("location: http://".$ae->server."/".$ae->path."admin/editarticle.php?username=".$ae->username."&session=".$ae->session."&articleID=".$ae->articleID."&action=preview");
 596  if ($ae->command==6 OR $ae->command==7 OR $ae->command==13) header("location: http://".$ae->server."/".$ae->path."admin/managerfile.php?username=".$ae->username."&session=".$ae->session);
 597  if ($ae->command==30 OR $ae->command==31 OR $ae->command==32 OR $ae->command==33) header("location: http://".$ae->server."/".$ae->path."admin/managersection.php?username=".$ae->username."&session=".$ae->session);
 598  if ($ae->command>=10 AND $ae->command<=12) header("location: http://".$ae->server."/".$ae->path."admin/managerimage.php?username=".$ae->username."&session=".$ae->session);
 599  if ($ae->command==14 OR $ae->command==15) header("location: http://".$ae->server."/".$ae->path."admin/managerrelated.php?username=".$ae->username."&session=".$ae->session."&articleID=".$ae->articleID);
 600  if ($ae->command==53 OR $ae->command==54) header("location: http://".$ae->server."/".$ae->path."admin/managermodule.php?username=".$ae->username."&session=".$ae->session);
 601  ?>

title

Description

title

Description

title

Description

title

title

Body