FAQ Management actions | > Written by avataru | > Date started: 1/7/2005 | +-------------------------------------------------------------------------- */ require "../include/bittorrent.php"; dbconn(); loggedinorreturn(); if (get_user_class() < UC_ADMINISTRATOR) { stderr("Error","Only Administrators and above can modify the FAQ, sorry."); } //stdhead("FAQ Management"); // ACTION: reorder - reorder sections and items if (isset($_GET['action']) && $_GET['action'] == "reorder") { foreach($_POST[order] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // ACTION: edit - edit a section or item elseif (isset($_GET['action']) && $_GET['action'] == "edit" && isset($_GET['id'])) { stdhead("FAQ Management"); begin_main_frame(); print("

Edit Section or Item

"); $res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET['id'])." LIMIT 1"); while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) { $arr['question'] = htmlspecialchars($arr['question']); $arr['answer'] = htmlspecialchars($arr['answer']); if ($arr['type'] == "item") { $lang_id = $arr['lang_id']; print("
"); print("\n"); print("\n"); print("\n"); print("\n"); if ($arr['flag'] == "0") print(""); elseif ($arr['flag'] == "2") print(""); elseif ($arr['flag'] == "3") print(""); else print(""); print("\n"); print("\n"); print("
ID:{$arr['id']}
Question:
Answer:
Status:
Status:
Status:
Status:
Category:
"); } elseif ($arr['type'] == "categ") { $lang_res = sql_query("SELECT lang_name FROM language WHERE id=".sqlesc($arr['lang_id'])." LIMIT 1"); if ($lang_arr = mysql_fetch_array($lang_res)) $lang_name = $lang_arr['lang_name']; print(""); print("\n"); print("\n"); print("\n"); print("\n"); if ($arr['flag'] == "0") print(""); else print(""); print("\n"); print("
ID:{$arr['id']}
Language:$lang_name
Title:
Status:
Status:
"); } } end_main_frame(); stdfoot(); } // subACTION: edititem - edit an item elseif (isset($_GET['action']) && $_GET['action'] == "edititem" && $_POST['id'] != NULL && $_POST['question'] != NULL && $_POST['answer'] != NULL && $_POST['flag'] != NULL && $_POST['categ'] != NULL) { $question = $_POST['question']; $answer = $_POST['answer']; sql_query("UPDATE `faq` SET `question`=".sqlesc($question).", `answer`=".sqlesc($answer).", `flag`=".sqlesc($_POST['flag']).", `categ`=".sqlesc($_POST['categ'])." WHERE id=".sqlesc($_POST['id'])) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // subACTION: editsect - edit a section elseif (isset($_GET['action']) && $_GET['action'] == "editsect" && $_POST['id'] != NULL && $_POST['title'] != NULL && $_POST['flag'] != NULL) { $title = $_POST['title']; sql_query("UPDATE `faq` SET `question`=".sqlesc($title).", `answer`='', `flag`=".sqlesc($_POST['flag']).", `categ`='0' WHERE id=".sqlesc($_POST['id'])) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // ACTION: delete - delete a section or item elseif (isset($_GET['action']) && $_GET['action'] == "delete" && isset($_GET['id'])) { if ($_GET[confirm] == "yes") { sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(intval($_GET['id'] ?? 0))." LIMIT 1") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } else { stdhead("FAQ Management"); begin_main_frame(); print("

Confirmation required

"); print("\n\n
Please click here to confirm.
\n"); end_main_frame(); stdfoot(); } } // ACTION: additem - add a new item elseif (isset($_GET['action']) && $_GET['action'] == "additem" && $_GET['inid'] && $_GET['langid']) { stdhead("FAQ Management"); begin_main_frame(); print("

Add Item

"); print(""); print("\n"); print("\n"); print("\n"); print(""); print(""); print(""); print("\n"); print("
Question:
Answer:
Status:
"); end_main_frame(); stdfoot(); } // ACTION: addsection - add a new section elseif (isset($_GET['action']) && $_GET['action'] == "addsection") { stdhead("FAQ Management"); begin_main_frame(); print("

Add Section

"); print("
"); print("\n"); print("\n"); $s = ""; print(""); print(""); print("\n"); print("
Title:
Language:".$s."
Status:
"); end_main_frame(); stdfoot(); } // subACTION: addnewitem - add a new item to the db elseif (isset($_GET['action']) && $_GET['action'] == "addnewitem" && $_POST['question'] != NULL && $_POST['answer'] != NULL) { $question = $_POST['question']; $answer = $_POST['answer']; $categ = intval($_POST['categ'] ?? 0); $langid = intval($_POST['langid'] ?? 0); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid)); while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) { $order = $arr['maxorder'] + 1; $link_id = $arr['maxlinkid']+1; } sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc(intval($_POST['flag'] ?? 0)) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // subACTION: addnewsect - add a new section to the db elseif (isset($_GET['action']) && $_GET['action'] == "addnewsect" && $_POST['title'] != NULL && $_POST['flag'] != NULL) { $title = $_POST['title']; $language = intval($_POST['language'] ?? 0); $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language)); while ($arr = mysql_fetch_array($res, MYSQLI_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;} sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST['flag']).", '0', ".sqlesc($order).")") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } else { header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } ?>