2008-08-20 20:25:42 +00:00
< ?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website : http :// www . sfiab . ca
Copyright ( C ) 2008 James Grant < james @ lightbox . org >
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation , version 2.
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; see the file COPYING . If not , write to
the Free Software Foundation , Inc . , 59 Temple Place - Suite 330 ,
Boston , MA 02111 - 1307 , USA .
*/
?>
< ?
require ( " ../common.inc.php " );
require_once ( " ../user.inc.php " );
2008-08-22 17:21:35 +00:00
user_auth_required ( 'committee' , 'admin' );
2008-08-20 20:25:42 +00:00
//make sure storage folder exists
if ( ! file_exists ( " ../data/userfiles " ))
mkdir ( " ../data/userfiles " );
send_header ( " Website Content Manager " ,
array ( 'Committee Main' => 'committee_main.php' ,
2008-08-22 20:50:38 +00:00
'Administration' => 'admin/index.php' ),
" website_content_management "
2008-08-20 20:25:42 +00:00
);
if ( $_POST [ 'action' ] == " save " )
{
2008-08-21 20:30:20 +00:00
$err = false ;
foreach ( $config [ 'languages' ] AS $lang => $langname ) {
$filename = stripslashes ( $_POST [ 'filename' ]);
// $filename=ereg_replace("[^A-Za-z0-9\.\_\/]","_",$_POST['filename']);
if ( substr ( $filename , - 5 ) != " .html " )
$filename = $filename . " .html " ;
$textname = " text_ $lang " ;
$titlename = " title_ $lang " ;
$showlogoname = " showlogo_ $lang " ;
//get the dt here to insert with ALL the languages, we cant rely on the INSERT NOW() always inserting multiple records with the same timestamp!
$insertdt = date ( " Y-m-d H:i:s " );
$text = stripslashes ( $_POST [ $textname ]);
mysql_query ( " INSERT INTO cms (filename,dt,lang,text,title,showlogo) VALUES (
'".mysql_escape_string($filename)."' ,
'$insertdt' ,
'$lang' ,
'".mysql_escape_string($text)."' ,
'".mysql_escape_string($_POST[$titlename])."' ,
'".$_POST[$showlogoname]."'
) " );
if ( mysql_error ()) {
echo error ( i18n ( " An error occurred saving %1 in %2 " , array ( $filename , $langname )));
$err = true ;
}
}
if ( ! $err )
echo happy ( i18n ( " %1 successfully saved " , array ( $_POST [ 'filename' ])));
2008-08-20 20:25:42 +00:00
}
2008-08-21 20:30:20 +00:00
if ( $_GET [ 'filename' ] || $_GET [ 'action' ] == " create " )
2008-08-20 20:25:42 +00:00
{
echo " <a href= \" cms.php \" ><< Back to file list</a><br /> \n " ;
echo " <form method= \" post \" action= \" cms.php \" > " ;
echo " <input type= \" hidden \" name= \" action \" value= \" save \" > \n " ;
if ( $_GET [ 'filename' ])
2008-08-21 20:30:20 +00:00
echo " <input type= \" hidden \" name= \" filename \" value= \" " . htmlspecialchars ( $_GET [ 'filename' ]) . " \" > \n " ;
2008-08-20 20:25:42 +00:00
else
echo " Choose filename to create: /web/<input type= \" text \" name= \" filename \" size= \" 15 \" >.html<hr /> " ;
echo " <table width= \" 100% \" cellpadding= \" 3 \" > " ;
2008-08-21 20:30:20 +00:00
echo " <tr><td valign= \" top \" > " ;
2008-08-20 20:25:42 +00:00
foreach ( $config [ 'languages' ] AS $lang => $langname ) {
echo " <table class= \" tableview \" width= \" 100% \" > " ;
2008-08-21 20:30:20 +00:00
echo " <tr><th colspan= \" 2 \" > " ;
2008-08-20 20:25:42 +00:00
$q = mysql_query ( " SELECT * FROM cms WHERE filename=' " . mysql_escape_string ( $_GET [ 'filename' ]) . " ' AND lang=' $lang ' ORDER BY dt DESC LIMIT 1 " );
if ( $r = mysql_fetch_object ( $q )) {
if ( $r -> dt == " 0000-00-00 00:00:00 " || ! $r -> dt ) $dt = " Never " ;
else $dt = $r -> dt ;
echo " <b> " . htmlspecialchars ( $_GET [ 'filename' ]) . " - $langname </b> " . i18n ( " Last updated " ) . " : $dt <br /> " ;
2008-08-21 20:30:20 +00:00
if ( $_GET [ 'dt' ]) {
$q2 = mysql_query ( " SELECT * FROM cms WHERE filename=' " . mysql_escape_string ( $_GET [ 'filename' ]) . " ' AND lang=' $lang ' AND dt<=' " . $_GET [ 'dt' ] . " ' ORDER BY dt DESC LIMIT 1 " );
$r2 = mysql_fetch_object ( $q2 );
if ( $r2 -> dt != $r -> dt )
{
echo " Displaying historical file. Date: $r->dt " ;
$r = $r2 ;
}
}
2008-08-20 20:25:42 +00:00
}
else
{
echo " <b> $langname </b><br /> " ; // ".i18n("Last updated").": $dt<br />";
}
echo " </th></tr> \n " ;
2008-08-21 20:30:20 +00:00
echo " <tr><td width= \" 100 \" > " . i18n ( " Page Title " ) . " :</td><td><input type= \" text \" name= \" title_ $lang\ " style = \ " width: 99%; \" value= \" " . htmlspecialchars ( $r -> title ) . " \" ></td></tr> \n " ;
echo " <tr><td width= \" 100 \" > " . i18n ( " Show Logo " ) . " :</td><td> " ;
if ( $r -> showlogo ) $ch = " checked= \" checked \" " ; else $ch = " " ;
echo " <input $ch type= \" radio \" name= \" showlogo_ $lang\ " value = \ " 1 \" > " . i18n ( " Yes " );
echo " " ;
if ( ! $r -> showlogo ) $ch = " checked= \" checked \" " ; else $ch = " " ;
echo " <input $ch type= \" radio \" name= \" showlogo_ $lang\ " value = \ " 0 \" > " . i18n ( " No " );
echo " </td></tr> \n " ;
echo " <tr><td colspan= \" 2 \" > " ;
2008-08-20 20:25:42 +00:00
require_once ( " ../fckeditor/fckeditor.php " );
$oFCKeditor = new FCKeditor ( " text_ $lang " ) ;
$oFCKeditor -> BasePath = " ../fckeditor/ " ;
$oFCKeditor -> Value = $r -> text ;
$oFCKeditor -> Width = " 100% " ;
$oFCKeditor -> Height = 400 ;
$oFCKeditor -> Create () ;
echo " </td></tr></table> \n " ;
2008-08-21 20:30:20 +00:00
echo " <br /> " ;
}
echo " </td><td width= \" 130 \" valign= \" top \" > " ;
echo " <table class= \" tableview \" width= \" 130 \" > " ;
2008-08-20 20:25:42 +00:00
2008-08-21 20:30:20 +00:00
if ( $_GET [ 'historylimit' ]) $historylimit = intval ( $_GET [ 'historylimit' ]);
else $historylimit = 30 ;
2008-08-20 20:25:42 +00:00
2008-08-21 20:30:20 +00:00
echo " <tr><th> " . i18n ( " File History " ) . " </th></tr> \n " ;
$q = mysql_query ( " SELECT DISTINCT(dt) FROM cms WHERE filename=' " . mysql_escape_string ( $_GET [ 'filename' ]) . " ' ORDER BY dt DESC LIMIT $historylimit " );
$first = true ;
if ( mysql_num_rows ( $q )) {
while ( $r = mysql_fetch_object ( $q ))
{
if ( $r -> dt == $_GET [ 'dt' ]) $style = " font-weight: bold; " ;
else $style = " font-weight: normal; " ;
2008-08-20 20:25:42 +00:00
2008-08-21 20:30:20 +00:00
if ( $first && ! $_GET [ 'dt' ]) $style = " font-weight: bold; " ;
echo " <tr><td><a href= \" cms.php?filename= " . rawurlencode ( $_GET [ 'filename' ]) . " &dt= " . rawurlencode ( $r -> dt ) . " \" style= \" font-size: 0.75em; $style\ " > $r -> dt </ a ></ td ></ tr > \n " ;
$first = false ;
2008-08-20 20:25:42 +00:00
}
2008-08-21 20:30:20 +00:00
2008-08-20 20:25:42 +00:00
}
2008-08-21 20:30:20 +00:00
else
echo " <tr><td><i>No History</i></td></tr> \n " ;
echo " </table> \n " ;
echo " </td></tr> \n " ;
echo " <tr><td colspan= \" 2 \" > " ;
2008-08-20 20:25:42 +00:00
echo " <table><tr><td> " ;
echo " <input type= \" submit \" value= \" " . i18n ( " Save Page " ) . " \" /> \n " ;
echo " </form> " ;
echo " </td><td> " ;
echo " <form method= \" get \" action= \" cms.php \" > " ;
echo " <input type= \" submit \" value= \" " . i18n ( " Cancel Changes " ) . " \" /> \n " ;
echo " </form> \n " ;
echo " </td></tr></table> \n " ;
echo " </td></tr></table> \n " ;
}
else
{
echo i18n ( " Choose a web page filename to edit " );
2008-08-21 20:30:20 +00:00
echo " " ;
echo " <a href= \" cms.php?action=create \" > " . i18n ( " or click here to create a new file " ) . " </a><br /> \n " ;
2008-08-20 20:25:42 +00:00
echo " <table class= \" summarytable \" > " ;
2008-08-21 20:30:20 +00:00
$q = mysql_query ( " SELECT DISTINCT(filename) AS filename FROM cms ORDER BY filename " );
2008-08-20 20:25:42 +00:00
echo " <tr><th> " . i18n ( " Filename " ) . " </th><th> " . i18n ( " Last Update " ) . " </th></tr> " ;
while ( $r = mysql_fetch_object ( $q ))
{
echo " <tr><td><a href= \" cms.php?filename= " . rawurlencode ( $r -> filename ) . " \" >/web/ $r->filename </a></td> " ;
2008-08-21 20:30:20 +00:00
$q2 = mysql_query ( " SELECT dt FROM cms WHERE filename=' " . mysql_escape_string ( $r -> filename ) . " ' ORDER BY dt DESC LIMIT 1 " );
$r2 = mysql_fetch_object ( $q2 );
if ( $r2 -> dt == " 0000-00-00 00:00:00 " ) $dt = " Never " ;
else $dt = $r2 -> dt ;
2008-08-20 20:25:42 +00:00
echo " <td> $dt </td> " ;
echo " </tr> " ;
}
echo " </table> " ;
}
send_footer ();
?>
