# HG changeset patch # User Dan # Date 1195010910 18000 # Node ID 37387f84fe25ebfe18be0f906d4cd4cbbff595ee # Parent 3f66ec435f087cc3ab1f1f510b3b6abdc350d356 Add edit functionality to forum management and implemented a sick drag-and-drop reordering system for forums diff -r 3f66ec435f08 -r 37387f84fe25 decir/admincp/admin_base.php --- a/decir/admincp/admin_base.php Tue Nov 13 19:39:50 2007 -0500 +++ b/decir/admincp/admin_base.php Tue Nov 13 22:28:30 2007 -0500 @@ -52,6 +52,8 @@ $GLOBALS['template'] = new template(); $template =& $GLOBALS['template']; + $template->add_header(''); + $template->header(); ?> Add or remove forums, control user permissions, and check forum statistics. diff -r 3f66ec435f08 -r 37387f84fe25 decir/admincp/admin_forums.php --- a/decir/admincp/admin_forums.php Tue Nov 13 19:39:50 2007 -0500 +++ b/decir/admincp/admin_forums.php Tue Nov 13 22:28:30 2007 -0500 @@ -28,7 +28,20 @@ if ( isset($_POST['act']) ) { - switch ( $_POST['act'] ) + $act = ( strpos($_POST['act'], ';') ) ? substr($_POST['act'], 0, strpos($_POST['act'], ';')) : $_POST['act']; + if ( strpos($_POST['act'], ';') ) + { + $parms = substr($_POST['act'], strpos($_POST['act'], ';') + 1); + preg_match_all('/([a-z0-9_]+)=([^;]*)/', $parms, $matches); + $parms = array(); + foreach ( $matches[2] as $id => $parmdata ) + { + if ( preg_match('/^[0-9]+$/', $parmdata) ) + $parmdata = intval($parmdata); + $parms[ $matches[1][$id] ] = $parmdata; + } + } + switch ( $act ) { case "create": case "create_finish": @@ -49,7 +62,7 @@ $db->free_result(); - if ( $_POST['act'] == 'create_finish' ) + if ( $act == 'create_finish' ) { $errors = array(); $forum_type = intval($_POST['forum_type']); @@ -73,6 +86,7 @@ { // Errors encountered - bounce form back to the user $show_main_menu = false; + echo '
The forum could not be created.
'; $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_CREATE); $form->forum_name = $forum_name; $form->forum_desc = $forum_desc; @@ -102,6 +116,128 @@ $form->category_list = $cats; echo $form->html(); break; + case 'edit': + case 'edit_finish': + + if ( !isset($parms['fid']) || ( isset($parms['fid']) && !is_int($parms['fid']) ) ) + { + echo '
Invalid forum ID passed to editor.
'; + break; + } + + // Fetch category list + $q = $db->sql_query('SELECT forum_id, forum_name FROM ' . table_prefix . 'decir_forums WHERE forum_type = ' . FORUM_CATEGORY . ';'); + if ( !$q ) + $db->_die('Decir admin_forums.php retrieving category count'); + $need_category = ( $db->numrows() < 1 ); + $cats = array(); + if ( !$need_category ) + { + while ( list($cat_id, $cat_name) = $db->fetchrow_num() ) + { + $cats[ $cat_id ] = $cat_name; + } + } + + $db->free_result(); + + // $fid is safe (validated as an integer). + $fid =& $parms['fid']; + $q = $db->sql_query('SELECT forum_id, forum_name, forum_desc, parent, forum_type FROM ' . table_prefix . 'decir_forums WHERE forum_id = ' . $fid . ';'); + if ( !$q ) + $db->_die('Decir admin_forums.php selecting forum data for edit'); + + $row = $db->fetchrow(); + $db->free_result(); + + if ( $act == 'edit_finish' ) + { + $errors = array(); + // Validate and update + if ( $row['forum_type'] == FORUM_FORUM ) + { + $forum_name = trim($_POST['forum_name']); + if ( empty($forum_name) ) + $errors[] = 'Please enter a name for this forum.'; + + $forum_desc = trim($_POST['forum_desc']); + if ( empty($forum_desc) ) + $errors[] = 'Please enter a description for this forum.'; + + $forum_parent = intval($_POST['forum_parent']); + if ( !isset($cats[$forum_parent]) ) + $errors[] = 'Invalid parent category'; + + $forum_name_db = $db->escape($forum_name); + $forum_desc_db = $db->escape($forum_desc); + + $sql = 'UPDATE ' . table_prefix . "decir_forums SET forum_name='$forum_name_db',forum_desc='$forum_desc_db',parent=$forum_parent WHERE forum_id = $fid;"; + } + else if ( $row['forum_type'] == FORUM_CATEGORY ) + { + $forum_name = trim($_POST['forum_name']); + if ( empty($forum_name) ) + $errors[] = 'Please enter a name for this forum.'; + $forum_name_db = $db->escape($forum_name); + + $sql = 'UPDATE ' . table_prefix . "decir_forums SET forum_name='$forum_name_db' WHERE forum_id = $fid;"; + } + else + { + $db->_die('Mom, I feel sick. Can I lay down for a while? ' . __FILE__ . ':' . __LINE__); + } + if ( count($errors) < 1 ) + { + if ( $db->sql_query($sql) ) + { + $show_main_menu = true; + echo '
The forum or category was updated.
'; + break; + } + else + { + $db->_die('Decir admin_forums.php update forum main SQL query'); + } + } + else + { + echo '
The forum was not updated because you entered something invalid.
'; + } + } + + // This is the amazing part. We'll let the smart form do the work for us. + $form = new Decir_Admin_SmartForm_Forum(DECIR_ADMIN_MODE_EDIT); + $form->forum_name = $row['forum_name']; + $form->forum_desc = $row['forum_desc']; + $form->forum_type = $row['forum_type']; + $form->forum_parent = $row['parent']; + $form->forum_id = $row['forum_id']; + $form->category_list = $cats; + echo $form->html(); + + $show_main_menu = false; + break; + case 'save_order': + $order = explode(',', $_POST['forum_order']); + $i = 0; + $sql = array(); + foreach ( $order as $forum_id ) + { + $i++; + if ( strval(intval($forum_id)) != $forum_id ) + { + echo '

Hacking attempt

'; + break; + } + $sql[] = 'UPDATE ' . table_prefix . "decir_forums SET forum_order = $i WHERE forum_id = $forum_id;"; + } + foreach ( $sql as $s ) + { + if ( !$db->sql_query($s) ) + $db->_die('Decir admin_forums.php updating forum order'); + } + echo '
The forum order was updated.
'; + break; } } @@ -116,17 +252,65 @@ Forum administration '; // Select and display all forums - $q = $db->sql_unbuffered_query('SELECT forum_id, forum_name, forum_type FROM ' . table_prefix . 'decir_forums ORDER BY ( forum_type = ' . FORUM_CATEGORY . ' ) DESC, forum_order;'); + $q = $db->sql_unbuffered_query('SELECT forum_id, forum_name, forum_desc, forum_type, num_topics, num_posts FROM ' . table_prefix . 'decir_forums GROUP BY parent, forum_id ORDER BY forum_order;'); if ( !$q ) $db->_die('Decir admin_forums.php selecting main forum datum'); + $order_forums = array(); + $order_cats = array(); if ( $row = $db->fetchrow() ) { + $cat_open = false; + echo ' + Forum + Topics + Posts + Admin tasks + '; do { + switch ( $row['forum_type'] ) + { + case FORUM_FORUM: + // Forum + echo ' + + ' + . $row['forum_name'] . '
' . $row['forum_desc'].' + + ' . $row['num_topics'] . ' + ' . $row['num_posts'] . ' + '; + + echo ' '; + echo ''; + + echo ' + '; + $order_forums[] = $row['forum_id']; + break; + case FORUM_CATEGORY: + // Category + if ( $cat_open ) + echo ''; + echo ' + +

' . $row['forum_name'] . '

+ + '; + echo ''; + echo ' '; + echo ''; + echo ''; + echo ' + '; + $cat_open = true; + $order_cats[] = $row['forum_id']; + break; + } } - while ( $row = $db->fetchrow() ); + while ( $row = $db->fetchrow($q) ); } else { @@ -135,13 +319,16 @@ // Create forum button echo ' - + + '; echo ' '; + $order = /* implode(',', $order_cats) . ';' . */ implode(',', $order_forums); + echo ''; echo ""; } } @@ -165,14 +352,21 @@ var $form_mode; /** - * The name of the forum - only used in edit mode. + * The unique ID of the forum - only used in edit mode. + * @var int + */ + + var $forum_id = 0; + + /** + * The name of the forum - only used in edit mode or if performing a bounceback from a failed form validation. * @var string */ var $forum_name = ''; /** - * The description of the forum - only used in edit mode. + * The description of the forum - only used in edit mode or if performing a bounceback from a failed form validation. * @var string */ @@ -200,6 +394,13 @@ var $category_list = array(); /** + * The parent category of the forum we're editing. + * @var int + */ + + var $forum_parent = -1; + + /** * Instance ID for javascripting * @var string */ @@ -245,6 +446,7 @@ $tpl_code = << + +
@@ -283,7 +485,7 @@ Create new forum - Edit forum {FORUM_NAME} + Editing {FORUM_NAME} @@ -304,7 +506,15 @@ - Forum description: + + + Category name: + + Forum name: + + + Forum name: + @@ -331,7 +541,11 @@ + + + + @@ -367,7 +581,7 @@ - Create in category: + Create in category:Parent category: