onokazu
onoka****@users*****
2005年 6月 11日 (土) 11:32:55 JST
Index: xoops2jp/html/modules/xoopsfaq/admin/index.php
diff -u xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2 xoops2jp/html/modules/xoopsfaq/admin/index.php:1.3
--- xoops2jp/html/modules/xoopsfaq/admin/index.php:1.2 Fri Mar 18 21:52:49 2005
+++ xoops2jp/html/modules/xoopsfaq/admin/index.php Sat Jun 11 11:32:55 2005
@@ -1,5 +1,5 @@
<?php
-// $Id: index.php,v 1.2 2005/03/18 12:52:49 onokazu Exp $
+// $Id: index.php,v 1.3 2005/06/11 02:32:55 onokazu Exp $
// ------------------------------------------------------------------------ //
// XOOPS - PHP Content Management System //
// Copyright (c) 2000 XOOPS.org //
@@ -27,270 +27,292 @@
include '../../../include/cp_header.php';
if ( file_exists("../language/".$xoopsConfig['language']."/main.php") ) {
- include "../language/".$xoopsConfig['language']."/main.php";
+ include "../language/".$xoopsConfig['language']."/main.php";
} else {
- include "../language/english/main.php";
+ include "../language/english/main.php";
}
$op = "listcat";
-if (isset($HTTP_GET_VARS)) {
- foreach ($HTTP_GET_VARS as $k => $v) {
- $$k = $v;
- }
-}
-
-if (isset($HTTP_POST_VARS)) {
- foreach ($HTTP_POST_VARS as $k => $v) {
- $$k = $v;
- }
-}
-
-if ( !empty($contents_preview) ) {
- $myts =& MyTextSanitizer::getInstance();
- xoops_cp_header();
-
- $html = empty($contents_nohtml) ? 1 : 0;
- $smiley = empty($contents_nosmiley) ? 1 : 0;
- $xcode = empty($contents_noxcode) ? 1 : 0;
- $p_title = $myts->makeTboxData4Preview($contents_title);
- $p_contents = $myts->makeTareaData4Preview($contents_contents, $html, $smiley, $xcode);
- echo"<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
- <table width='100%' border='0' cellpadding='4' cellspacing='1'>
- <tr class='bg3' align='center'><td align='left'>$p_title</td></tr><tr class='bg1'><td>$p_contents</td></tr></table></td></tr></table><br />";
- $contents_title = $myts->makeTboxData4PreviewInForm($contents_title);
- $contents_contents = $myts->makeTareaData4PreviewInForm($contents_contents);
- include "contentsform.php";
+if (!empty($_GET['op'])) {
+ $cat_id = !empty($_GET['cat_id']) ? intval($_GET['cat_id']) : 0;
+ $op = $_GET['op'];
+} elseif (!empty($_POST['op'])) {
+ $op = $_POST['op'];
+}
+
+if ( !empty($_POST['contents_preview']) ) {
+ $myts =& MyTextSanitizer::getInstance();
+ xoops_cp_header();
+
+ $contents_nohtml = !empty($_POST['contents_nohtml']) ? 1 : 0;
+ $contents_nosmiley = !empty($_POST['contents_nosmiley']) ? 1 : 0;
+ $contents_noxcode = !empty($_POST['contents_noxcode']) ? 1 : 0;
+ $html = empty($contents_nohtml) ? 1 : 0;
+ $smiley = empty($contents_nosmiley) ? 1 : 0;
+ $xcode = empty($contents_noxcode) ? 1 : 0;
+ $contents_visible = !empty($_POST['contents_visible']) ? 1 : 0;
+ $contents_order = !empty($_POST['contents_order']) ? intval($_POST['contents_order']) : 0;
+ $contents_id = !empty($_POST['contents_id']) ? intval($_POST['contents_id']) : 0;
+ $category_id = !empty($_POST['category_id']) ? intval($_POST['category_id']) : 0;
+ $p_title = $myts->makeTboxData4Preview($_POST['contents_title']);
+ $p_contents = $myts->makeTareaData4Preview($_POST['contents_contents'], $contents_nohtml, $contents_nosmiley, $contents_noxcode);
+ echo"<table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
+ <table width='100%' border='0' cellpadding='4' cellspacing='1'>
+ <tr class='bg3' align='center'><td align='left'>$p_title</td></tr><tr class='bg1'><td>$p_contents</td></tr></table></td></tr></table><br />";
+ $contents_title = $myts->makeTboxData4PreviewInForm($_POST['contents_title']);
+ $contents_contents = $myts->makeTareaData4PreviewInForm($_POST['contents_contents']);
+ include "contentsform.php";
- xoops_cp_footer();
- exit();
+ xoops_cp_footer();
+ exit();
}
if ($op == "listcat") {
- $myts =& MyTextSanitizer::getInstance();
- xoops_cp_header();
+ $myts =& MyTextSanitizer::getInstance();
+ xoops_cp_header();
- echo "
- <h4 style='text-align:left;'>"._XD_DOCS."</h4>
- <form action='index.php' method='post'>
- <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
- <table width='100%' border='0' cellpadding='4' cellspacing='1'>
- <tr class='bg3' align='center'><td align='left'>"._XD_CATEGORY."</td><td>"._XD_ORDER."</td><td>"._XD_CONTENTS."</td><td> </td></tr>";
- $result = $xoopsDB->query("SELECT c.category_id, c.category_title, c.category_order, COUNT(f.category_id) FROM ".$xoopsDB->prefix("xoopsfaq_categories")." c LEFT JOIN ".$xoopsDB->prefix("xoopsfaq_contents")." f ON f.category_id=c.category_id GROUP BY c.category_id ORDER BY c.category_order ASC");
- $count = 0;
- while ( list($cat_id, $category, $category_order, $faq_count) = $xoopsDB->fetchRow($result) ) {
- $category=$myts->makeTboxData4Edit($category);
- echo "<tr class='bg1'><td align='left'><input type='hidden' value='$cat_id' name='cat_id[]' /><input type='hidden' value='$category' name='oldcategory[]' /><input type='text' value='$category' name='newcategory[]' maxlength='255' size='20' /></td>
- <td align='center'><input type='hidden' value='$category_order' name='oldorder[]' /><input type='text' value='$category_order' name='neworder[]' maxlength='3' size='4' /></td>
- <td align='center'>$faq_count</td>
- <td align='right'><a href='index.php?op=listcontents&cat_id=".$cat_id."'>" ._XD_CONTENTS."</a> | <a href='index.php?op=delcat&cat_id=".$cat_id."&ok=0'>"._DELETE."</a></td></tr>";
- $count++;
- }
- if ($count > 0) {
- echo "<tr align='center' class='bg3'><td colspan='4'><input type='submit' value='"._SUBMIT."' /><input type='hidden' name='op' value='editcatgo' /></td></tr>";
- }
- echo "</table></td></tr></table></form>
- <br /><br />
- <h4 style='text-align:left;'>"._XD_ADDCAT."</h4>
- <form action='index.php' method='post'>
- <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'><table width='100%' border='0' cellpadding='4' cellspacing='1'><tr nowrap='nowrap'><td class='bg3'>"._XD_TITLE." </td><td class='bg1'><input type='text' name='category' size='30' maxlength='255' /></td></tr>
- <tr nowrap='nowrap'><td class='bg3'>"._XD_ORDER." </td><td class='bg1'><input type='text' name='order' size='4' maxlength='3' /></td></tr>
- <tr><td class='bg3'> </td><td class='bg1'><input type='hidden' name='op' value='addcatgo' /><input type='submit' value='"._SUBMIT."' /></td></tr>
- </table></td></tr></table></form>";
+ echo "
+ <h4 style='text-align:left;'>"._XD_DOCS."</h4>
+ <form action='index.php' method='post'>
+ <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
+ <table width='100%' border='0' cellpadding='4' cellspacing='1'>
+ <tr class='bg3' align='center'><td align='left'>"._XD_CATEGORY."</td><td>"._XD_ORDER."</td><td>"._XD_CONTENTS."</td><td> </td></tr>";
+ $result = $xoopsDB->query("SELECT c.category_id, c.category_title, c.category_order, COUNT(f.category_id) FROM ".$xoopsDB->prefix("xoopsfaq_categories")." c LEFT JOIN ".$xoopsDB->prefix("xoopsfaq_contents")." f ON f.category_id=c.category_id GROUP BY c.category_id ORDER BY c.category_order ASC");
+ $count = 0;
+ while ( list($cat_id, $category, $category_order, $faq_count) = $xoopsDB->fetchRow($result) ) {
+ $category=$myts->makeTboxData4Edit($category);
+ echo "<tr class='bg1'><td align='left'><input type='hidden' value='$cat_id' name='cat_id[]' /><input type='hidden' value='$category' name='oldcategory[]' /><input type='text' value='$category' name='newcategory[]' maxlength='255' size='20' /></td>
+ <td align='center'><input type='hidden' value='$category_order' name='oldorder[]' /><input type='text' value='$category_order' name='neworder[]' maxlength='3' size='4' /></td>
+ <td align='center'>$faq_count</td>
+ <td align='right'><a href='index.php?op=listcontents&cat_id=".$cat_id."'>" ._XD_CONTENTS."</a> | <a href='index.php?op=delcat&cat_id=".$cat_id."&ok=0'>"._DELETE."</a></td></tr>";
+ $count++;
+ }
+ if ($count > 0) {
+ echo "<tr align='center' class='bg3'><td colspan='4'><input type='submit' value='"._SUBMIT."' /><input type='hidden' name='op' value='editcatgo' /></td></tr>";
+ }
+ echo "</table></td></tr></table></form>
+ <br /><br />
+ <h4 style='text-align:left;'>"._XD_ADDCAT."</h4>
+ <form action='index.php' method='post'>
+ <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'><table width='100%' border='0' cellpadding='4' cellspacing='1'><tr nowrap='nowrap'><td class='bg3'>"._XD_TITLE." </td><td class='bg1'><input type='text' name='category' size='30' maxlength='255' /></td></tr>
+ <tr nowrap='nowrap'><td class='bg3'>"._XD_ORDER." </td><td class='bg1'><input type='text' name='order' size='4' maxlength='3' /></td></tr>
+ <tr><td class='bg3'> </td><td class='bg1'><input type='hidden' name='op' value='addcatgo' /><input type='submit' value='"._SUBMIT."' /></td></tr>
+ </table></td></tr></table></form>";
- xoops_cp_footer();
- exit();
+ xoops_cp_footer();
+ exit();
}
if ($op == "addcatgo") {
- $myts =& MyTextSanitizer::getInstance();
- $category = $myts->makeTboxData4Save($category);
- $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_categories")."_category_id_seq");
- $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_categories")." (category_id, category_title, category_order) VALUES ($newid, '".$category."', ".intval($order).")";
- if (!$xoopsDB->query($sql)) {
- xoops_cp_header();
- echo "Could not add category";
- xoops_cp_footer();
- } else {
- redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
- }
- exit();
+ $myts =& MyTextSanitizer::getInstance();
+ $category = $myts->stripSlashesGPC($_POST['category']);
+ $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_categories")."_category_id_seq");
+ $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_categories")." (category_id, category_title, category_order) VALUES ($newid, ".$xoopsDB->quoteString($category).", ".intval($_POST['order']).")";
+ if (!$xoopsDB->query($sql)) {
+ xoops_cp_header();
+ echo "Could not add category";
+ xoops_cp_footer();
+ } else {
+ redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
+ }
+ exit();
}
if ($op == "editcatgo") {
- $myts =& MyTextSanitizer::getInstance();
- $count = count($newcategory);
- for ($i = 0; $i < $count; $i++) {
- if ( $newcategory[$i] != $oldcategory[$i] || $neworder[$i] != $oldorder[$i] ) {
- $category = $myts->makeTboxData4Save($newcategory[$i]);
- $sql = "UPDATE ".$xoopsDB->prefix("xoopsfaq_categories")." SET category_title='".$category."', category_order=".intval($neworder[$i])." WHERE category_id=".$cat_id[$i]."";
- $xoopsDB->query($sql);
- }
- }
- redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
- exit();
+ $myts =& MyTextSanitizer::getInstance();
+ $count = count($_POST['newcategory']);
+ for ($i = 0; $i < $count; $i++) {
+ if ( $_POST['newcategory'][$i] != $_POST['oldcategory'][$i] || $_POST['neworder'][$i] != $_POST['oldorder'][$i] ) {
+ $category = $myts->stripSlashesGPC($_POST['newcategory'][$i]);
+ $sql = "UPDATE ".$xoopsDB->prefix("xoopsfaq_categories")." SET category_title=".$xoopsDB->quoteString($category).", category_order=".intval($_POST['neworder'][$i])." WHERE category_id=".intval($_POST['cat_id'][$i]);
+ $xoopsDB->query($sql);
+ }
+ }
+ redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
+ exit();
}
if ($op == "listcontents") {
- $myts =& MyTextSanitizer::getInstance();
- xoops_cp_header();
- $sql = "SELECT category_title FROM ".$xoopsDB->prefix("xoopsfaq_categories")." WHERE category_id='".$cat_id."'";
- $result = $xoopsDB->query($sql);
- list($category) = $xoopsDB->fetchRow($result);
- $category = $myts->makeTboxData4Show($category);
-
- echo "<a href='index.php'>" ._XD_MAIN."</a> <span style='font-weight:bold;'>»»</span> ".$category."<br /><br />
- <h4 style='text-align:left;'>"._XD_CONTENTS."</h4>
- <form action='index.php' method='post'>
- <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
- <table width='100%' border='0' cellpadding='4' cellspacing='1'>
- <tr class='bg3'><td>"._XD_TITLE."</td><td align='center'>"._XD_ORDER."</td><td align='center'>"._XD_DISPLAY."</td><td> </td></tr>";
- $result = $xoopsDB->query("SELECT contents_id, contents_title, contents_time, contents_order, contents_visible FROM ".$xoopsDB->prefix("xoopsfaq_contents")." WHERE category_id='".$cat_id."' ORDER BY contents_order");
- $count = 0;
- while(list($id, $title, $time, $order, $visible) = $xoopsDB->fetchRow($result)) {
- $title = $myts->makeTboxData4Show($title);
- echo "<tr class='bg1'><td><input type='hidden' value='$id' name='id[]' />".$title."</td>
- <td align='center'><input type='hidden' value='$order' name='oldorder[$id]' /><input type='text' value='$order' name='neworder[$id]' maxlength='3' size='4' /></td>";
- $checked = ($visible == 1) ? " checked='checked'" : "";
- echo "<td align='center'><input type='hidden' value='$visible' name='oldvisible[$id]' /><input type='checkbox' value='1' name='newvisible[$id]'".$checked." /></td>
- <td align='right'><a href='index.php?op=editcontents&id=".$id."&cat_id=".$cat_id."'>"._EDIT."</a> | <a href='index.php?op=delcontents&id=".$id."&ok=0&cat_id=".$cat_id."'>"._DELETE."</a></td></tr>";
- $count++;
- }
- if ($count > 0) {
- echo "<tr align='center' class='bg3'><td colspan='4'><input type='submit' value='"._SUBMIT."' /><input type='hidden' name='op' value='quickeditcontents' /><input type='hidden' name='cat_id' value='".$cat_id."' /></td></tr>";
- }
- echo "</table></td></tr></table></form>
- <br /><br />
- <h4 style='text-align:left;'>"._XD_ADDCONTENTS."</h4>";
- $contents_title = "";
- $contents_contents = "";
- $contents_order = 0;
- $contents_visible = 1;
- $contents_nohtml = 0;
- $contents_nosmiley = 0;
- $contents_noxcode = 0;
- $contents_id = 0;
- $category_id = $cat_id;
- $op = "addcontentsgo";
- include "contentsform.php";
+ $myts =& MyTextSanitizer::getInstance();
+ xoops_cp_header();
+ $sql = "SELECT category_title FROM ".$xoopsDB->prefix("xoopsfaq_categories")." WHERE category_id=".$cat_id;
+ $result = $xoopsDB->query($sql);
+ list($category) = $xoopsDB->fetchRow($result);
+ $category = $myts->makeTboxData4Show($category);
+
+ echo "<a href='index.php'>" ._XD_MAIN."</a> <span style='font-weight:bold;'>»»</span> ".$category."<br /><br />
+ <h4 style='text-align:left;'>"._XD_CONTENTS."</h4>
+ <form action='index.php' method='post'>
+ <table border='0' cellpadding='0' cellspacing='0' width='100%'><tr><td class='bg2'>
+ <table width='100%' border='0' cellpadding='4' cellspacing='1'>
+ <tr class='bg3'><td>"._XD_TITLE."</td><td align='center'>"._XD_ORDER."</td><td align='center'>"._XD_DISPLAY."</td><td> </td></tr>";
+ $result = $xoopsDB->query("SELECT contents_id, contents_title, contents_time, contents_order, contents_visible FROM ".$xoopsDB->prefix("xoopsfaq_contents")." WHERE category_id=".$cat_id." ORDER BY contents_order");
+ $count = 0;
+ while(list($id, $title, $time, $order, $visible) = $xoopsDB->fetchRow($result)) {
+ $title = $myts->makeTboxData4Show($title);
+ echo "<tr class='bg1'><td><input type='hidden' value='$id' name='id[]' />".$title."</td>
+ <td align='center'><input type='hidden' value='$order' name='oldorder[$id]' /><input type='text' value='$order' name='neworder[$id]' maxlength='3' size='4' /></td>";
+ $checked = ($visible == 1) ? " checked='checked'" : "";
+ echo "<td align='center'><input type='hidden' value='$visible' name='oldvisible[$id]' /><input type='checkbox' value='1' name='newvisible[$id]'".$checked." /></td>
+ <td align='right'><a href='index.php?op=editcontents&id=".$id."&cat_id=".$cat_id."'>"._EDIT."</a> | <a href='index.php?op=delcontents&id=".$id."&ok=0&cat_id=".$cat_id."'>"._DELETE."</a></td></tr>";
+ $count++;
+ }
+ if ($count > 0) {
+ echo "<tr align='center' class='bg3'><td colspan='4'><input type='submit' value='"._SUBMIT."' /><input type='hidden' name='op' value='quickeditcontents' /><input type='hidden' name='cat_id' value='".$cat_id."' /></td></tr>";
+ }
+ echo "</table></td></tr></table></form>
+ <br /><br />
+ <h4 style='text-align:left;'>"._XD_ADDCONTENTS."</h4>";
+ $contents_title = "";
+ $contents_contents = "";
+ $contents_order = 0;
+ $contents_visible = 1;
+ $contents_nohtml = 0;
+ $contents_nosmiley = 0;
+ $contents_noxcode = 0;
+ $contents_id = 0;
+ $category_id = $cat_id;
+ $op = "addcontentsgo";
+ include "contentsform.php";
- xoops_cp_footer();
- exit();
+ xoops_cp_footer();
+ exit();
}
if ($op == "quickeditcontents") {
- $myts =& MyTextSanitizer::getInstance();
- $count = count($id);
- for ($i = 0; $i < $count; $i++) {
- $index = $id[$i];
- if ( $neworder[$index] != $oldorder[$index] || $newvisible[$index] != $oldvisible[$index] ) {
- $xoopsDB->query("UPDATE ".$xoopsDB->prefix("xoopsfaq_contents")." SET contents_order=".intval($neworder[$index]).", contents_visible=".intval($newvisible[$index])." WHERE contents_id=".$index."");
- }
- }
- redirect_header("index.php?op=listcontents&cat_id=$cat_id",1,_XD_DBSUCCESS);
- exit();
+ $myts =& MyTextSanitizer::getInstance();
+ $cat_id = !empty($_POST['cat_id']) ? intval($_POST['cat_id']) : 0;
+ $count = count($_POST['id']);
+ for ($i = 0; $i < $count; $i++) {
+ $index = intval($_POST['id'][$i]);
+ if ( $_POST['neworder'][$index] != $_POST['oldorder'][$index] || $_POST['newvisible'][$index] != $_POST['oldvisible'][$index] ) {
+ $xoopsDB->query("UPDATE ".$xoopsDB->prefix("xoopsfaq_contents")." SET contents_order=".intval($_POST['neworder'][$index]).", contents_visible=".intval($_POST['newvisible'][$index])." WHERE contents_id=".$index);
+ }
+ }
+ redirect_header("index.php?op=listcontents&cat_id=$cat_id",1,_XD_DBSUCCESS);
+ exit();
}
if ($op == "addcontentsgo") {
- $myts =& MyTextSanitizer::getInstance();
- $title = $myts->makeTboxData4Save($contents_title);
- $contents = $myts->makeTareaData4Save($contents_contents);
- $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_contents")."_contents_id_seq");
- $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES (".$newid.", ".$category_id.", '".$title."', '".$contents."', ".time().", ".intval($contents_order).", ".intval($contents_visible).", ".intval($contents_nohtml).", ".intval($contents_nosmiley).", ".intval($contents_noxcode).")";
- if (!$xoopsDB->query($sql)) {
- xoops_cp_header();
- echo "Could not add contents";
- xoops_cp_footer();
- } else {
- redirect_header("index.php?op=listcontents&cat_id=$category_id",1,_XD_DBSUCCESS);
- }
- exit();
+ $category_id = !empty($_POST['category_id']) ? intval($_POST['category_id']) : 0;
+ if ($category_id > 0) {
+ $myts =& MyTextSanitizer::getInstance();
+ $title = $myts->stripSlashesGPC($_POST['contents_title']);
+ $contents = $myts->makeTareaData4Save($_POST['contents_contents']);
+ $newid = $xoopsDB->genId($xoopsDB->prefix("xoopsfaq_contents")."_contents_id_seq");
+ $sql = "INSERT INTO ".$xoopsDB->prefix("xoopsfaq_contents")." (contents_id, category_id, contents_title, contents_contents, contents_time, contents_order, contents_visible, contents_nohtml, contents_nosmiley, contents_noxcode) VALUES ($newid, $category_id, ".$xoopsDB->quoteString($title).", ".$xoopsDB->quoteString($contents).", ".time().", ".intval($_POST['contents_order']).", ".intval($_POST['contents_visible']).", ".intval($_POST['contents_nohtml']).", ".intval($_POST['contents_nosmiley']).", ".intval($_POST['contents_noxcode']).")";
+ if (!$xoopsDB->query($sql)) {
+ xoops_cp_header();
+ echo "Could not add contents";
+ xoops_cp_footer();
+ } else {
+ redirect_header("index.php?op=listcontents&cat_id=$category_id",1,_XD_DBSUCCESS);
+ }
+ }
+ exit();
}
if ($op == "editcontents") {
- $myts =& MyTextSanitizer::getInstance();
- xoops_cp_header();
- $sql = "SELECT category_title FROM ".$xoopsDB->prefix("xoopsfaq_categories")." WHERE category_id='".$cat_id."'";
- $result = $xoopsDB->query($sql);
- list($category) = $xoopsDB->fetchRow($result);
- $category = $myts->makeTboxData4Show($category);
- $result = $xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix("xoopsfaq_contents")." WHERE contents_id='$id'");
- $myrow = $xoopsDB->fetchArray($result);
- $contents_title = $myts->makeTboxData4Edit($myrow['contents_title']);
- $contents_contents = $myts->makeTareaData4Edit($myrow['contents_contents']);
- $contents_order = $myrow['contents_order'];
- $contents_visible = $myrow['contents_visible'];
- $contents_nohtml = $myrow['contents_nohtml'];
- $contents_nosmiley = $myrow['contents_nosmiley'];
- $contents_noxcode = $myrow['contents_noxcode'];
- $contents_id = $myrow['contents_id'];
- $category_id = $myrow['category_id'];
- $op = "editcontentsgo";
-
- echo "<a href='index.php'>" ._XD_MAIN."</a> <span style='font-weight:bold;'>»»</span> <a href='index.php?op=listcontents&cat_id=$cat_id'>".$category."</a> <span style='font-weight:bold;'>»»</span> "._XD_EDITCONTENTS."<br /><br />
- <h4 style='text-align:left;'>"._XD_EDITCONTENTS."</h4>";
- include "contentsform.php";
+ $id = !empty($_GET['id']) ? intval($_GET['id']) : 0;
+ if ($id <= 0 || $cat_id <= 0) {
+ exit();
+ }
+ $myts =& MyTextSanitizer::getInstance();
+ xoops_cp_header();
+ $sql = "SELECT category_title FROM ".$xoopsDB->prefix("xoopsfaq_categories")." WHERE category_id=".$cat_id;
+ $result = $xoopsDB->query($sql);
+ list($category) = $xoopsDB->fetchRow($result);
+ $category = $myts->makeTboxData4Show($category);
+ $result = $xoopsDB->query("SELECT * FROM ".$xoopsDB->prefix("xoopsfaq_contents")." WHERE contents_id=$id");
+ $myrow = $xoopsDB->fetchArray($result);
+ $contents_title = $myts->makeTboxData4Edit($myrow['contents_title']);
+ $contents_contents = $myts->makeTareaData4Edit($myrow['contents_contents']);
+ $contents_order = $myrow['contents_order'];
+ $contents_visible = $myrow['contents_visible'];
+ $contents_nohtml = $myrow['contents_nohtml'];
+ $contents_nosmiley = $myrow['contents_nosmiley'];
+ $contents_noxcode = $myrow['contents_noxcode'];
+ $contents_id = $myrow['contents_id'];
+ $category_id = $myrow['category_id'];
+ $op = "editcontentsgo";
+
+ echo "<a href='index.php'>" ._XD_MAIN."</a> <span style='font-weight:bold;'>»»</span> <a href='index.php?op=listcontents&cat_id=$cat_id'>".$category."</a> <span style='font-weight:bold;'>»»</span> "._XD_EDITCONTENTS."<br /><br />
+ <h4 style='text-align:left;'>"._XD_EDITCONTENTS."</h4>";
+ include "contentsform.php";
- xoops_cp_footer();
- exit();
+ xoops_cp_footer();
+ exit();
}
if ($op == "editcontentsgo") {
- $myts =& MyTextSanitizer::getInstance();
- $title = $myts->makeTboxData4Save($contents_title);
- $contents = $myts->makeTareaData4Save($contents_contents);
- $nohtml = empty($contents_nohtml) ? 0 : 1;
- $nosmiley = empty($contents_nosmiley) ? 0 : 1;
- $noxcode = empty($contents_noxcode) ? 0 : 1;
- $sql = "UPDATE ".$xoopsDB->prefix("xoopsfaq_contents")." set contents_title='".$title."', contents_contents='".$contents."', contents_time=".time().", contents_order=".intval($contents_order).", contents_visible=".intval($contents_visible).", contents_nohtml=".$nohtml.", contents_nosmiley=".$nosmiley.", contents_noxcode=".$noxcode." WHERE contents_id=".$contents_id."";
- if (!$xoopsDB->query($sql)) {
- xoops_cp_header();
- echo "Could not update contents";
- xoops_cp_footer();
- } else {
- redirect_header("index.php?op=listcontents&cat_id=$category_id",1,_XD_DBSUCCESS);
- }
- exit();
-}
-
-if ($op == "delcat") {
- if ($ok == 1) {
- $sql = sprintf("DELETE FROM %s WHERE category_id = %u", $xoopsDB->prefix("xoopsfaq_categories"), $cat_id);
- if (!$xoopsDB->query($sql)) {
- xoops_cp_header();
- echo "Could not delete category";
- xoops_cp_footer();
- } else {
- $sql = sprintf("DELETE FROM %s WHERE category_id = %u", $xoopsDB->prefix("xoopsfaq_contents"), $cat_id);
- $xoopsDB->query($sql);
- // delete comments
- xoops_comment_delete($xoopsModule->getVar('mid'), $cat_id);
- redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
- }
- exit();
- } else {
- xoops_cp_header();
- xoops_confirm(array('op' => 'delcat', 'cat_id' => $cat_id, 'ok' => 1), 'index.php', _XD_RUSURECAT);
- xoops_cp_footer();
- exit();
- }
+ $contents_id = !empty($_POST['contents_id']) ? intval($_POST['contents_id']) : 0;
+ $myts =& MyTextSanitizer::getInstance();
+ $title = !empty($_POST['contents_title']) ? $myts->stripSlashesGPC($_POST['contents_title']) : '';
+ $contents = !empty($_POST['contents_contents']) ? $myts->stripSlashesGPC($_POST['contents_contents']) : '';
+ $contents_nohtml = empty($_POST['contents_nohtml']) ? 0 : 1;
+ $contents_nosmiley = empty($_POST['contents_nosmiley']) ? 0 : 1;
+ $contents_noxcode = empty($_POST['contents_noxcode']) ? 0 : 1;
+ $contents_visible = !empty($_POST['contents_visible']) ? 1 : 0;
+ $contents_order = !empty($_POST['contents_order']) ? intval($_POST['contents_order']) : 0;
+ $sql = "UPDATE ".$xoopsDB->prefix("xoopsfaq_contents")." set contents_title=".$xoopsDB->quoteSTring($title).", contents_contents=".$xoopsDB->quoteSTring($contents).", contents_time=".time().", contents_order=".$contents_order.", contents_visible=".$contents_visible.", contents_nohtml=".$contents_nohtml.", contents_nosmiley=".$contents_nosmiley.", contents_noxcode=".$contents_noxcode." WHERE contents_id=".$contents_id;
+ if (!$xoopsDB->query($sql)) {
+ xoops_cp_header();
+ echo "Could not update contents";
+ xoops_cp_footer();
+ } else {
+ redirect_header("index.php?op=listcontents&cat_id=".intval($_POST['category_id']),1,_XD_DBSUCCESS);
+ }
+ exit();
+}
+
+if ($op == "delcatgo") {
+ $cat_id = !empty($_POST['cat_id']) ? intval($_POST['cat_id']) : 0;
+ if ($cat_id <= 0) {
+ exit();
+ }
+ $sql = sprintf("DELETE FROM %s WHERE category_id = %u", $xoopsDB->prefix("xoopsfaq_categories"), $cat_id);
+ if (!$xoopsDB->query($sql)) {
+ xoops_cp_header();
+ echo "Could not delete category";
+ xoops_cp_footer();
+ } else {
+ $sql = sprintf("DELETE FROM %s WHERE category_id = %u", $xoopsDB->prefix("xoopsfaq_contents"), $cat_id);
+ $xoopsDB->query($sql);
+ // delete comments
+ xoops_comment_delete($xoopsModule->getVar('mid'), $cat_id);
+ redirect_header("index.php?op=listcat",1,_XD_DBSUCCESS);
+ }
+ exit();
+}
+
+if ($op == 'delcat') {
+ xoops_cp_header();
+ xoops_confirm(array('op' => 'delcatgo', 'cat_id' => $cat_id), 'index.php', _XD_RUSURECAT);
+ xoops_cp_footer();
+ exit();
+}
+
+if ($op == "delcontentsgo") {
+ $id = !empty($_POST['id']) ? intval($_POST['id']) : 0;
+ if ($id <= 0) {
+ exit();
+ }
+ $sql = sprintf("DELETE FROM %s WHERE contents_id = %u", $xoopsDB->prefix("xoopsfaq_contents"), $id);
+ if (!$xoopsDB->query($sql)) {
+ xoops_cp_header();
+ echo "Could not delete contents";
+ xoops_cp_footer();
+ } else {
+ redirect_header("index.php?op=listcontents&cat_id=".intval($_POST['cat_id']),1,_XD_DBSUCCESS);
+ }
+ exit();
}
if ($op == "delcontents") {
- if ($ok == 1) {
- $sql = sprintf("DELETE FROM %s WHERE contents_id = %u", $xoopsDB->prefix("xoopsfaq_contents"), $id);
- if (!$xoopsDB->query($sql)) {
- xoops_cp_header();
- echo "Could not delete contents";
- xoops_cp_footer();
- } else {
- redirect_header("index.php?op=listcontents&cat_id=$cat_id",1,_XD_DBSUCCESS);
- }
- exit();
- } else {
- xoops_cp_header();
- xoops_confirm(array('op' => 'delcontents', 'id' => $id, 'ok' => 1), 'index.php', _XD_RUSURECAT);
- xoops_cp_footer();
- exit();
- }
+ $id = !empty($_GET['id']) ? intval($_GET['id']) : 0;
+ xoops_cp_header();
+ xoops_confirm(array('op' => 'delcontentsgo', 'id' => $id, 'cat_id' => $cat_id), 'index.php', _XD_RUSURECAT);
+ xoops_cp_footer();
+ exit();
}
?>
\ No newline at end of file