* * * * This script displays the contents for the 'Forum Administration' page. * * Don't forget the 12 space indent for all content pages. * * * * Last modified : September 13th, 2002 (JJS) * \******************************************************************************/ /* Don't let people call this file directly */ $file_name = "forum_admin.php"; /* Get the negative length of $file_name */ $file_name_length = -(strlen($file_name)); /* Check if the values match, if so, redirect */ if (substr($_SERVER['SCRIPT_NAME'], $file_name_length) == $file_name) header("Location: ../index.php"); /* Grab the veriables held by superglobals */ $forum_name = GetVars("forum_name"); $forum_desc = GetVars("forum_desc"); $forum_order = GetVars("forum_order"); $old_name = GetVars("old_name"); $type = GetVars("type"); $action = GetVars("action"); $step = GetVars("step"); /* Parse any user input */ CheckVars(&$step, 1); CheckVars(&$forum_name, 64); CheckVars(&$forum_desc, 255); CheckVars(&$forum_order, 10); CheckVars(&$old_name, 64); /* Check that the user isn't trying to mess with the $step variable */ if ( $step == "" || ( $step != 1 && $step != 2 && $step != 3 && $step != 4 && $step != 5 && $step != 6 ) ) $step = 1; /* Make sure the user isn't feeding information via the query string, thwart all attempts!! */ if ( ( ( $forum_name == "" || $forum_desc == "" ) && ( $step == 3 || $step == 4 ) ) || ( ( $step == 1 && $QUERY_STRING != "pid=forum_admin" ) || ( $step == 2 && $QUERY_STRING != "pid=forum_admin&step=2" ) || ( $step == 3 && $QUERY_STRING != "pid=forum_admin&step=3" ) || ( $step == 4 && $QUERY_STRING != "pid=forum_admin" ) || ( $step == 5 && $QUERY_STRING != "pid=forum_admin" ) ) || ( ( $step != 1 && $step != 2 ) && ( strlen(trim($forum_name)) == 0 || strlen(trim($forum_desc)) == 0 ) ) ) { /* Give them an error if they are, and send them back to step 1 */ echo " Malformed request detected!
\n"; $step = 1; } /* There are different actions that can be performed, figure out which one */ if ($action == "Edit Forum") $step = 2; else if ($action == "Edit") { $step = 2; $type = "existing"; } else if ($action == "Submit Forum") $step = 4; else if ($action == "Delete") $step = 6; /* If the user is submitting an existing forum for editting, then do to step 5 */ if ( $step == 4 && $type != "" ) $step = 5; /* Strip out all escape characters */ if ( $step == 2 || $step == 3 ) { $forum_name = stripslashes(strip_tags($forum_name)); $forum_desc = stripslashes(strip_tags($forum_desc)); $old_name = stripslashes(strip_tags($old_name)); } /* Execute the requested step */ switch ($step) { /* Show the forum list */ default: case 1: ShowForums(); break; /* Display the new forum page */ case 2: ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); break; /* Show preview */ case 3: echo "

\n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . "

Forum Preview
Forum Name:	\n" . " $forum_name\n" . " \n" . "
Forum Description:	\n" . " $forum_desc\n" . " \n" . "
Forum Order:	\n" . " $forum_order\n" . " \n" . "

\n" . " \n" . " \n" . " \n" . " \n" . "
\n" . " \n" . "  \n" . " \n" . " \n" . "

\n"; break; /* Add the new forum to the database */ case 4: /* If the form was posted, then analyze it and add it */ if ( $REQUEST_METHOD == "POST" ) { /* Set the error to zero */ $no_err = 0; /* Pull the number of forums with the same name */ $SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';"; $results = ExeSQL($SQL); /* Grab the data, and tell the user if the forum already exists */ while ($row = mysql_fetch_array($results)) { if ($row["forum_exists"] != 0) { echo " A forum by that name already exists!
\n"; $no_err++; } } /* If there were no errors */ if ($no_err == 0) { /* Add the new forum to the database */ $SQL = "INSERT INTO " . TABLE_PREFIX . "forums (forum_name, forum_desc, forum_order) VALUES ('$forum_name', '$forum_desc', '$forum_order');"; $results = ExeSQL($SQL); /* Let the user know everything went fine, and show the forum list */ echo " The new forum has successfully been added!
\n"; ShowForums(); return; } else ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); } else { /* If it wasn't posted, then give the user an error, and send them back */ echo " Malformed request detected!
\n"; ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); } break; /* Update an existing forum */ case 5: /* Check if the form is posted */ if ( $REQUEST_METHOD == "POST" ) { /* Set the errors to zero */ $no_err = 0; /* If the old name and new name don't match then ... */ if ($forum_name != $old_name) { /* Pull the number of forums with the same name */ $SQL = "SELECT COUNT(*) as forum_exists FROM " . TABLE_PREFIX . "forums WHERE forum_name='$forum_name';"; $results = ExeSQL($SQL); /* Grab the data and sit an error if the forum exists */ while ($row = mysql_fetch_array($results)) { if ($row["forum_exists"] != 0) { echo " A forum by that name already exists!
\n"; $no_err++; } } } /* If there were no errors */ if ($no_err == 0) { /* Add the new forum to the database */ $SQL = "UPDATE " . TABLE_PREFIX . "forums SET forum_name='$forum_name', forum_desc='$forum_desc', forum_order='$forum_order' WHERE forum_id='$forum_id';"; $results = ExeSQL($SQL); /* Let the user know it went fine, and default to the forum list */ echo " The forum has successfully been updated!
\n"; ShowForums(); return; } else ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); } else { /* If it wasn't posted, then give an error, and show the forum form */ echo " Malformed request detected!
\n"; ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ); } break; /* Delete the forum, and all it's associated threads and replies */ case 6: /* The forum from the database */ $SQL = "DELETE FROM " . TABLE_PREFIX . "forums WHERE forum_id='$forum_id';"; $results = ExeSQL($SQL); /* Delete the threads associated with the forum */ $SQL = "DELETE FROM " . TABLE_PREFIX . "threads WHERE forum_id='$forum_id';"; $results = ExeSQL($SQL); /* Delete the replies associated with the forum */ $SQL = "DELETE FROM " . TABLE_PREFIX . "replies WHERE forum_id='$forum_id';"; $results = ExeSQL($SQL); /* Give the user feedback */ echo " The forum has successfully been removed!
\n"; ShowForums(); return; break; } /* * Show the current functions */ function ShowForums() { echo " \n" . " \n" . " \n" . " \n"; /* Set the active color */ $the_color = TABLE_COLOR_2; /* Pull the forums */ $SQL = "SELECT * FROM " . TABLE_PREFIX . "forums ORDER BY forum_order, forum_name;"; $results = ExeSQL($SQL); /* Grab the data, and display the stuff */ while ($row = mysql_fetch_array($results)) { /* Grab the specific columns */ $forum_id = $row["forum_id"]; $forum_name = $row["forum_name"]; $forum_order = $row["forum_order"]; $forum_desc = $row["forum_desc"]; /* Swap the color */ if ($the_color == TABLE_COLOR_2) $the_color = TABLE_COLOR_1; else $the_color = TABLE_COLOR_2; /* Display the data */ echo " \n" . " \n" . " \n"; } /* Close off the table */ echo "

\n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " Forum Administration \n" . " \n" . " [ Add New Forum ]\n" . " \n" . "

\n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " $forum_order. $forum_name \n" . " $forum_desc\n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . "

\n"; } /* * Display the form to add a forum */ function ShowForumForm( $forum_name, $forum_desc, $forum_order, $forum_id, $type ) { /* Display the stuff in the form! */ echo "

\n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . " \n" . "

Forum Administration
Forum Name:	\n" . " \n" . "
Forum Description:	\n" . " $forum_desc\n" . "
Forum Order:	\n" . " \n" . "

\n" . " \n" . " \n" . " \n" . "
\n" . "

\n"; } ?>