| author | Dan |
| Thu, 12 Jul 2007 01:04:01 -0400 | |
| changeset 2 | a8a21e1c7afa |
| parent 0 | f9ffdbd96607 |
| child 3 | c0c445d4a13e |
| permissions | -rw-r--r-- |
| 0 | 1 |
<?php |
2 |
/*********************************************************************** |
|
3 |
||
4 |
Copyright (C) 2002-2005 Rickard Andersson (rickard@punbb.org) |
|
5 |
||
6 |
This file is part of PunBB. |
|
7 |
||
8 |
PunBB is free software; you can redistribute it and/or modify it |
|
9 |
under the terms of the GNU General Public License as published |
|
10 |
by the Free Software Foundation; either version 2 of the License, |
|
11 |
or (at your option) any later version. |
|
12 |
||
13 |
PunBB is distributed in the hope that it will be useful, but |
|
14 |
WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15 |
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16 |
GNU General Public License for more details. |
|
17 |
||
18 |
You should have received a copy of the GNU General Public License |
|
19 |
along with this program; if not, write to the Free Software |
|
20 |
Foundation, Inc., 59 Temple Place, Suite 330, Boston, |
|
21 |
MA 02111-1307 USA |
|
22 |
||
23 |
************************************************************************/ |
|
24 |
||
25 |
||
26 |
// Tell header.php to use the admin template |
|
27 |
define('PUN_ADMIN_CONSOLE', 1);
|
|
28 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
29 |
//define('PUN_ROOT', './');
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
30 |
//require PUN_ROOT.'include/common.php'; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
31 |
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
32 |
global $pun_db, $pun_user, $pun_config, $lang_common; |
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
33 |
|
| 0 | 34 |
require PUN_ROOT.'include/common_admin.php'; |
35 |
||
36 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
37 |
if ($pun_user['g_id'] < PUN_ADMIN) |
| 0 | 38 |
message($lang_common['No permission']); |
39 |
||
40 |
||
41 |
// Add a new category |
|
42 |
if (isset($_POST['add_cat'])) |
|
43 |
{
|
|
44 |
confirm_referrer('admin_categories.php');
|
|
45 |
||
46 |
$new_cat_name = trim($_POST['new_cat_name']); |
|
47 |
if ($new_cat_name == '') |
|
48 |
message('You must enter a name for the category.');
|
|
49 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
50 |
$pun_db->query('INSERT INTO '.$pun_db->prefix.'categories (cat_name) VALUES(\''.$pun_db->escape($new_cat_name).'\')') or error('Unable to create category', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 51 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
52 |
pun_redirect('admin_categories.php', 'Category added. Redirecting …');
|
| 0 | 53 |
} |
54 |
||
55 |
||
56 |
// Delete a category |
|
57 |
else if (isset($_POST['del_cat']) || isset($_POST['del_cat_comply'])) |
|
58 |
{
|
|
59 |
confirm_referrer('admin_categories.php');
|
|
60 |
||
61 |
$cat_to_delete = intval($_POST['cat_to_delete']); |
|
62 |
if ($cat_to_delete < 1) |
|
63 |
message($lang_common['Bad request']); |
|
64 |
||
65 |
if (isset($_POST['del_cat_comply'])) // Delete a category with all forums and posts |
|
66 |
{
|
|
67 |
@set_time_limit(0); |
|
68 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
69 |
$result = $pun_db->query('SELECT id FROM '.$pun_db->prefix.'forums WHERE cat_id='.$cat_to_delete) or error('Unable to fetch forum list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
70 |
$num_forums = $pun_db->num_rows($result); |
| 0 | 71 |
|
72 |
for ($i = 0; $i < $num_forums; ++$i) |
|
73 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
74 |
$cur_forum = $pun_db->result($result, $i); |
| 0 | 75 |
|
76 |
// Prune all posts and topics |
|
77 |
prune($cur_forum, 1, -1); |
|
78 |
||
79 |
// Delete the forum |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
80 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'forums WHERE id='.$cur_forum) or error('Unable to delete forum', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 81 |
} |
82 |
||
83 |
// Locate any "orphaned redirect topics" and delete them |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
84 |
$result = $pun_db->query('SELECT t1.id FROM '.$pun_db->prefix.'topics AS t1 LEFT JOIN '.$pun_db->prefix.'topics AS t2 ON t1.moved_to=t2.id WHERE t2.id IS NULL AND t1.moved_to IS NOT NULL') or error('Unable to fetch redirect topics', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
85 |
$num_orphans = $pun_db->num_rows($result); |
| 0 | 86 |
|
87 |
if ($num_orphans) |
|
88 |
{
|
|
89 |
for ($i = 0; $i < $num_orphans; ++$i) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
90 |
$orphans[] = $pun_db->result($result, $i); |
| 0 | 91 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
92 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'topics WHERE id IN('.implode(',', $orphans).')') or error('Unable to delete redirect topics', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 93 |
} |
94 |
||
95 |
// Delete the category |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
96 |
$pun_db->query('DELETE FROM '.$pun_db->prefix.'categories WHERE id='.$cat_to_delete) or error('Unable to delete category', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 97 |
|
98 |
// Regenerate the quickjump cache |
|
99 |
require_once PUN_ROOT.'include/cache.php'; |
|
100 |
generate_quickjump_cache(); |
|
101 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
102 |
pun_redirect('admin_categories.php', 'Category deleted. Redirecting …');
|
| 0 | 103 |
} |
104 |
else // If the user hasn't comfirmed the delete |
|
105 |
{
|
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
106 |
$result = $pun_db->query('SELECT cat_name FROM '.$pun_db->prefix.'categories WHERE id='.$cat_to_delete) or error('Unable to fetch category info', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
107 |
$cat_name = $pun_db->result($result); |
| 0 | 108 |
|
109 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Categories'; |
|
110 |
require PUN_ROOT.'header.php'; |
|
111 |
||
112 |
generate_admin_menu('categories');
|
|
113 |
||
114 |
?> |
|
115 |
<div class="blockform"> |
|
116 |
<h2><span>Category delete</span></h2> |
|
117 |
<div class="box"> |
|
118 |
<form method="post" action="admin_categories.php"> |
|
119 |
<div class="inform"> |
|
120 |
<input type="hidden" name="cat_to_delete" value="<?php echo $cat_to_delete ?>" /> |
|
121 |
<fieldset> |
|
122 |
<legend>Confirm delete category</legend> |
|
123 |
<div class="infldset"> |
|
124 |
<p>Are you sure that you want to delete the category "<?php echo pun_htmlspecialchars($cat_name) ?>"?</p> |
|
125 |
<p>WARNING! Deleting a category will delete all forums and posts (if any) in that category!</p> |
|
126 |
</div> |
|
127 |
</fieldset> |
|
128 |
</div> |
|
129 |
<p><input type="submit" name="del_cat_comply" value="Delete" /><a href="javascript:history.go(-1)">Go back</a></p> |
|
130 |
</form> |
|
131 |
</div> |
|
132 |
</div> |
|
133 |
<div class="clearer"></div> |
|
134 |
</div> |
|
135 |
<?php |
|
136 |
||
137 |
require PUN_ROOT.'footer.php'; |
|
138 |
} |
|
139 |
} |
|
140 |
||
141 |
||
142 |
else if (isset($_POST['update'])) // Change position and name of the categories |
|
143 |
{
|
|
144 |
confirm_referrer('admin_categories.php');
|
|
145 |
||
146 |
$cat_order = $_POST['cat_order']; |
|
147 |
$cat_name = $_POST['cat_name']; |
|
148 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
149 |
$result = $pun_db->query('SELECT id, disp_position FROM '.$pun_db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
150 |
$num_cats = $pun_db->num_rows($result); |
| 0 | 151 |
|
152 |
for ($i = 0; $i < $num_cats; ++$i) |
|
153 |
{
|
|
154 |
if ($cat_name[$i] == '') |
|
155 |
message('You must enter a category name.');
|
|
156 |
||
157 |
if (!@preg_match('#^\d+$#', $cat_order[$i]))
|
|
158 |
message('Position must be an integer value.');
|
|
159 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
160 |
list($cat_id, $position) = $pun_db->fetch_row($result); |
| 0 | 161 |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
162 |
$pun_db->query('UPDATE '.$pun_db->prefix.'categories SET cat_name=\''.$pun_db->escape($cat_name[$i]).'\', disp_position='.$cat_order[$i].' WHERE id='.$cat_id) or error('Unable to update category', __FILE__, __LINE__, $pun_db->error());
|
| 0 | 163 |
} |
164 |
||
165 |
// Regenerate the quickjump cache |
|
166 |
require_once PUN_ROOT.'include/cache.php'; |
|
167 |
generate_quickjump_cache(); |
|
168 |
||
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
169 |
pun_redirect('admin_categories.php', 'Categories updated. Redirecting …');
|
| 0 | 170 |
} |
171 |
||
172 |
||
173 |
// Generate an array with all categories |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
174 |
$result = $pun_db->query('SELECT id, cat_name, disp_position FROM '.$pun_db->prefix.'categories ORDER BY disp_position') or error('Unable to fetch category list', __FILE__, __LINE__, $pun_db->error());
|
|
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
175 |
$num_cats = $pun_db->num_rows($result); |
| 0 | 176 |
|
177 |
for ($i = 0; $i < $num_cats; ++$i) |
|
|
2
a8a21e1c7afa
Let's just say that the API loads. While a decent part of PunBB works, we've still got a LONG way to go, mainly with form validation and security. At this point, Punano is NOT secure as far as privileges and user levels go.
Dan
parents:
0
diff
changeset
|
178 |
$cat_list[] = $pun_db->fetch_row($result); |
| 0 | 179 |
|
180 |
||
181 |
$page_title = pun_htmlspecialchars($pun_config['o_board_title']).' / Admin / Categories'; |
|
182 |
require PUN_ROOT.'header.php'; |
|
183 |
||
184 |
generate_admin_menu('categories');
|
|
185 |
||
186 |
?> |
|
187 |
<div class="blockform"> |
|
188 |
<h2><span>Add/remove/edit categories</span></h2> |
|
189 |
<div class="box"> |
|
190 |
<form method="post" action="admin_categories.php?action=foo"> |
|
191 |
<div class="inform"> |
|
192 |
<fieldset> |
|
193 |
<legend>Add/delete categories</legend> |
|
194 |
<div class="infldset"> |
|
195 |
<table class="aligntop" cellspacing="0"> |
|
196 |
<tr> |
|
197 |
<th scope="row">Add a new category<div><input type="submit" name="add_cat" value="Add New" tabindex="2" /></div></th> |
|
198 |
<td> |
|
199 |
<input type="text" name="new_cat_name" size="35" maxlength="80" tabindex="1" /> |
|
200 |
<span>The name of the new category you want to add. You can edit the name of the category later (see below).Go to <a href="admin_forums.php">Forums</a> to add forums to your new category.</span> |
|
201 |
</td> |
|
202 |
</tr> |
|
203 |
<?php if ($num_cats): ?> <tr> |
|
204 |
<th scope="row">Delete a category<div><input type="submit" name="del_cat" value="Delete" tabindex="4" /></div></th> |
|
205 |
<td> |
|
206 |
<select name="cat_to_delete" tabindex="3"> |
|
207 |
<?php |
|
208 |
||
209 |
while (list(, list($cat_id, $cat_name, ,)) = @each($cat_list)) |
|
210 |
echo "\t\t\t\t\t\t\t\t\t\t".'<option value="'.$cat_id.'">'.pun_htmlspecialchars($cat_name).'</option>'."\n"; |
|
211 |
||
212 |
?> |
|
213 |
</select> |
|
214 |
<span>Select the name of the category you want to delete. You will be asked to confirm your choice of category for deletion before it is deleted.</span> |
|
215 |
</td> |
|
216 |
</tr> |
|
217 |
<?php endif; ?> </table> |
|
218 |
</div> |
|
219 |
</fieldset> |
|
220 |
</div> |
|
221 |
<?php if ($num_cats): ?> <div class="inform"> |
|
222 |
<fieldset> |
|
223 |
<legend>Edit categories</legend> |
|
224 |
<div class="infldset"> |
|
225 |
<table id="categoryedit" cellspacing="0" > |
|
226 |
<thead> |
|
227 |
<tr> |
|
228 |
<th class="tcl" scope="col">Name</th> |
|
229 |
<th scope="col">Position</th> |
|
230 |
<th> </th> |
|
231 |
</tr> |
|
232 |
</thead> |
|
233 |
<tbody> |
|
234 |
<?php |
|
235 |
||
236 |
@reset($cat_list); |
|
237 |
for ($i = 0; $i < $num_cats; ++$i) |
|
238 |
{
|
|
239 |
list(, list($cat_id, $cat_name, $position)) = @each($cat_list); |
|
240 |
||
241 |
?> |
|
242 |
<tr><td><input type="text" name="cat_name[<?php echo $i ?>]" value="<?php echo pun_htmlspecialchars($cat_name) ?>" size="35" maxlength="80" /></td><td><input type="text" name="cat_order[<?php echo $i ?>]" value="<?php echo $position ?>" size="3" maxlength="3" /></td><td> </td></tr> |
|
243 |
<?php |
|
244 |
||
245 |
} |
|
246 |
||
247 |
?> |
|
248 |
</tbody> |
|
249 |
</table> |
|
250 |
<div class="fsetsubmit"><input type="submit" name="update" value="Update" /></div> |
|
251 |
</div> |
|
252 |
</fieldset> |
|
253 |
</div> |
|
254 |
<?php endif; ?> </form> |
|
255 |
</div> |
|
256 |
</div> |
|
257 |
<div class="clearer"></div> |
|
258 |
</div> |
|
259 |
<?php |
|
260 |
||
261 |
require PUN_ROOT.'footer.php'; |