FAQ Management actions | > Written by avataru | > Date started: 1/7/2005 | +-------------------------------------------------------------------------- */ require "include/bittorrent.php"; dbconn(); loggedinorreturn(); if (get_user_class() < UC_ADMINISTRATOR) { stderr("Error","Only Administrators and above can modify the FAQ, sorry."); } //stdhead("FAQ Management"); // ACTION: reorder - reorder sections and items if ($_GET[action] == "reorder") { foreach($_POST[order] as $id => $position) sql_query("UPDATE `faq` SET `order`=".sqlesc($position)." WHERE id=".sqlesc($id)) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // ACTION: edit - edit a section or item elseif ($_GET[action] == "edit" && isset($_GET[id])) { stdhead("FAQ Management"); begin_main_frame(); print("

Edit Section or Item

"); $res = sql_query("SELECT * FROM faq WHERE id=".sqlesc($_GET[id])." LIMIT 1"); while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) { $arr[question] = htmlspecialchars($arr[question]); $arr[answer] = htmlspecialchars($arr[answer]); if ($arr[type] == "item") { $lang_id = $arr['lang_id']; print("

"); print("\n"); print("\n"); print("\n"); print("\n"); if ($arr[flag] == "0") print(""); elseif ($arr[flag] == "2") print(""); elseif ($arr[flag] == "3") print(""); else print(""); print("\n"); print("\n"); print("

ID:	$arr[id]
Question:
Answer:	$arr[answer]
Status:
Status:
Status:
Status:
Category:

"); } elseif ($arr[type] == "categ") { $lang_res = sql_query("SELECT lang_name FROM language WHERE id=".sqlesc($arr[lang_id])." LIMIT 1"); if ($lang_arr = mysql_fetch_array($lang_res)) $lang_name = $lang_arr['lang_name']; print(""); print("\n"); print("\n"); print("\n"); print("\n"); if ($arr[flag] == "0") print(""); else print(""); print("\n"); print("

ID:	$arr[id]
Language:	$lang_name
Title:
Status:
Status:

"); } } end_main_frame(); stdfoot(); } // subACTION: edititem - edit an item elseif ($_GET[action] == "edititem" && $_POST[id] != NULL && $_POST[question] != NULL && $_POST[answer] != NULL && $_POST[flag] != NULL && $_POST[categ] != NULL) { $question = $_POST[question]; $answer = $_POST[answer]; sql_query("UPDATE `faq` SET `question`=".sqlesc($question).", `answer`=".sqlesc($answer).", `flag`=".sqlesc($_POST[flag]).", `categ`=".sqlesc($_POST[categ])." WHERE id=".sqlesc($_POST[id])) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // subACTION: editsect - edit a section elseif ($_GET[action] == "editsect" && $_POST[id] != NULL && $_POST[title] != NULL && $_POST[flag] != NULL) { $title = $_POST[title]; sql_query("UPDATE `faq` SET `question`=".sqlesc($title).", `answer`='', `flag`=".sqlesc($_POST[flag]).", `categ`='0' WHERE id=".sqlesc($_POST[id])) or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // ACTION: delete - delete a section or item elseif ($_GET[action] == "delete" && isset($_GET[id])) { if ($_GET[confirm] == "yes") { sql_query("DELETE FROM `faq` WHERE `id`=".sqlesc(0+$_GET[id])." LIMIT 1") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } else { stdhead("FAQ Management"); begin_main_frame(); print("

Confirmation required

"); print("\n\n

Please click here to confirm.

\n"); end_main_frame(); stdfoot(); } } // ACTION: additem - add a new item elseif ($_GET[action] == "additem" && $_GET[inid] && $_GET[langid]) { stdhead("FAQ Management"); begin_main_frame(); print("

Add Item

"); print(""); print("\n"); print("\n"); print("\n"); print(""); print(""); print(""); print("\n"); print("

Question:
Answer:
Status:

"); end_main_frame(); stdfoot(); } // ACTION: addsection - add a new section elseif ($_GET[action] == "addsection") { stdhead("FAQ Management"); begin_main_frame(); print("

Add Section

"); print("

"); print("\n"); print("\n"); $s = ""; print(""); print(""); print("\n"); print("

Title:
Language:	".$s."
Status:

"); end_main_frame(); stdfoot(); } // subACTION: addnewitem - add a new item to the db elseif ($_GET[action] == "addnewitem" && $_POST[question] != NULL && $_POST[answer] != NULL) { $question = $_POST[question]; $answer = $_POST[answer]; $categ = 0+$_POST[categ]; $langid = 0+$_POST[langid]; $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='item' AND `categ`=".sqlesc($categ)." AND lang_id=".sqlesc($langid)); while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) { $order = $arr['maxorder'] + 1; $link_id = $arr['maxlinkid']+1; } sql_query("INSERT INTO `faq` (`link_id`, `type`, `lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES ('$link_id', 'item', ".sqlesc($langid).", ".sqlesc($question).", ".sqlesc($answer).", " . sqlesc(0+$_POST[flag]) . ", ".sqlesc($categ).", ".sqlesc($order).")") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } // subACTION: addnewsect - add a new section to the db elseif ($_GET[action] == "addnewsect" && $_POST[title] != NULL && $_POST[flag] != NULL) { $title = $_POST[title]; $language = 0+$_POST['language']; $res = sql_query("SELECT MAX(`order`) AS maxorder, MAX(`link_id`) AS maxlinkid FROM `faq` WHERE `type`='categ' AND `lang_id` = ".sqlesc($language)); while ($arr = mysql_fetch_array($res, MYSQL_BOTH)) {$order = $arr['maxorder'] + 1;$link_id = $arr['maxlinkid']+1;} sql_query("INSERT INTO `faq` (`link_id`,`type`,`lang_id`, `question`, `answer`, `flag`, `categ`, `order`) VALUES (".sqlesc($link_id).",'categ', ".sqlesc($language).", ".sqlesc($title).", '', ".sqlesc($_POST[flag]).", '0', ".sqlesc($order).")") or sqlerr(); header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } else { header("Location: " . get_protocol_prefix() . "$BASEURL/faqmanage.php"); die; } ?>