SOUHA BAAYOUN

Incorrect Login!!"; $id = $subaction = 0; $action = -1; } else { // Keep us logged in for an additional 10 minutes setcookie('user', $logged_user, time()+600); setcookie('pass', $logged_pass, time()+600); if( $action == -1 && $subaction == 1 ) $action = $subaction = $id = 0; } $id = (int)$id; $action = (int)$action; $subaction = (int)$subaction; $delme = (int)$delme; $new_sectionid = (int)$new_sectionid; // generic stuff .. function displayTOC( $secid ) { // dummy function... } function prepare4Display( $astring ) { // $astring just came from the DB so prep it for html display.. return stripslashes($astring); return BBCODE_2_HTML(stripslashes($astring)); } // If we got something to do.. if( $subaction ) { if( $action == 1 && $subaction == 1 ) { // The adding of a new Section.. // Makes these fields safe for SQL ... $sql_new_title = sql_safe($new_title); $sql_new_image = sql_safe($new_image); $sql_new_desc = sql_safe($new_desc); // Make sure correct values were entered.. $success = true; if( !strlen($sql_new_title) ) { $success = false; $Error[0] = " Please specify a section title.."; } // check to see if a new image is selected... if( !$_FILES['file']['error'] ) { // delete the existing file.. $new_image = $_FILES['file']['name']; $finalpath = 'secimages/' . $new_image; if (file_exists($finalpath)) unlink($finalpath); move_uploaded_file($_FILES['file']['tmp_name'], $finalpath); $sql_new_image = sql_safe($finalpath); } ExecQuery( "INSERT INTO `sections` (`id`, `title`, `image`, `desc`) VALUES ('', $sql_new_title, $sql_new_image, $sql_new_desc);" ); $action = $subaction = 0; } else if( $action == 2 && $id ) { // Editing a section... if( $subaction == 3 ) { // move the thing up $UQ = ExecQuery( "SELECT `id` FROM `sections` WHERE `id`<$id ORDER BY `id` DESC LIMIT 1" ); if( mysql_num_rows($UQ) ) { // Grab the id of the section before this // Swap IDs of the sections and all of their articles... $fetch = mysql_fetch_array($UQ); ExecQuery( "UPDATE `sections` SET `id`=0 WHERE `id`=$id LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=0 WHERE `sectionid`=$id;" ); ExecQuery( "UPDATE `sections` SET `id`=$id WHERE `id`=${fetch['id']} LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=$id WHERE `sectionid`=${fetch['id']};" ); ExecQuery( "UPDATE `sections` SET `id`=${fetch['id']} WHERE `id`=0 LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=${fetch['id']} WHERE `sectionid`=0;" ); } } else if( $subaction == 4 ) { // move the thing down $UQ = ExecQuery( "SELECT `id` FROM `sections` WHERE `id`>$id ORDER BY `id` ASC LIMIT 1" ); if( mysql_num_rows($UQ) ) { // Grab the id of the section before this // Swap IDs of the sections and all of their articles... $fetch = mysql_fetch_array($UQ); ExecQuery( "UPDATE `sections` SET `id`=0 WHERE `id`=$id LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=0 WHERE `sectionid`=$id;" ); ExecQuery( "UPDATE `sections` SET `id`=$id WHERE `id`=${fetch['id']} LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=$id WHERE `sectionid`=${fetch['id']};" ); ExecQuery( "UPDATE `sections` SET `id`=${fetch['id']} WHERE `id`=0 LIMIT 1;" ); ExecQuery( "UPDATE `articles` SET `sectionid`=${fetch['id']} WHERE `sectionid`=0;" ); } } else if( $subaction == 5 ) { // save the updates.. // Makes these fields safe for SQL ... $sql_new_title = sql_safe($new_title); $sql_new_image = sql_safe($new_image); $sql_new_desc = sql_safe($new_desc); // Make sure correct values were entered.. $success = true; if( !strlen($sql_new_title) ) { $success = false; $Error[0] = " Please specify a section title.."; } // check to see if a new image is selected... if( !$_FILES['file']['error'] ) { // delete the existing file.. $new_image = $_FILES['file']['name']; $finalpath = 'secimages/' . $new_image; if (file_exists($finalpath)) unlink($finalpath); move_uploaded_file($_FILES['file']['tmp_name'], $finalpath); $sql_new_image = sql_safe($finalpath); } if( $delme ) { // delete it.. ExecQuery( "DELETE FROM `sections` WHERE `id`=$id LIMIT 1;" ); // also delete all the articles in this section ExecQuery( "DELETE FROM `articles` WHERE `sectionid`=$id;" ); $action = $subaction = 0; } else if( $success ) { ExecQuery( "UPDATE `sections` SET `title`=$sql_new_title, `image`=$sql_new_image, `desc`=$sql_new_desc WHERE `id`=$id LIMIT 1;" ); $action = $subaction = 0; } else $subaction = 2; } else if( $subaction == 6 ) { // delete the section ExecQuery( "DELETE FROM `sections` WHERE `id`=$id LIMIT 1;" ); // also delete all the articles in this section ExecQuery( "DELETE FROM `articles` WHERE `sectionid`=$id;" ); $action = $subaction = 0; } } else if( $action == 3 ) { // Adding a new Article if( $subaction == 1 ) { $sql_new_sectionid = sql_safe((int)$new_sectionid); $sql_new_title = sql_safe($new_title); $sql_new_article = "'$new_article'"; // fckeditor handles formatting.. // Make sure correct values were entered.. $success = true; if( !strlen($sql_new_title) ) { $success = false; $Error[0] = " Please specify a article title.."; } if( $success ) { ExecQuery( "INSERT INTO `articles` (`id`, `sectionid`, `title`, `postdate`, `author`, `data`) VALUES ('', $sql_new_sectionid, $sql_new_title, NOW(), 'Souha', $sql_new_article);" ); $action = $subaction = 0; } else $subaction = 0; } } else if( $action == 4 ) { // Editing an Existing Article if( $subaction == 3 ) { // move the thing up $UQ = ExecQuery( "SELECT `id` FROM `articles` WHERE `sectionid`=(SELECT `sectionid` FROM `articles` WHERE `id`=$id) AND `id`<$id ORDER BY `id` DESC LIMIT 1" ); if( mysql_num_rows($UQ) ) { // Grab the id of the section before this // Swap IDs of the sections and all of their articles... $fetch = mysql_fetch_array($UQ); ExecQuery( "UPDATE `articles` SET `id`=0 WHERE `id`=$id;" ); ExecQuery( "UPDATE `articles` SET `id`=$id WHERE `id`=${fetch['id']};" ); ExecQuery( "UPDATE `articles` SET `id`=${fetch['id']} WHERE `id`=0;" ); } } else if( $subaction == 4 ) { // move the thing down $UQ = ExecQuery( "SELECT `id` FROM `articles` WHERE `sectionid`=(SELECT `sectionid` FROM `articles` WHERE `id`=$id) AND `id`>$id ORDER BY `id` ASC LIMIT 1" ); if( mysql_num_rows($UQ) ) { // Grab the id of the section before this // Swap IDs of the sections and all of their articles... $fetch = mysql_fetch_array($UQ); ExecQuery( "UPDATE `articles` SET `id`=0 WHERE `id`=$id;" ); ExecQuery( "UPDATE `articles` SET `id`=$id WHERE `id`=${fetch['id']};" ); ExecQuery( "UPDATE `articles` SET `id`=${fetch['id']} WHERE `id`=0;" ); } } else if( $subaction == 5 ) { // save the updates.. // Makes these fields safe for SQL ... $sql_new_sectionid = sql_safe((int)$new_sectionid); $sql_new_title = sql_safe($new_title); $sql_new_article = "'$new_article'"; // fckeditor handles formatting.. // Make sure correct values were entered.. $success = true; if( !strlen($sql_new_title) ) { $success = false; $Error[0] = " Please specify a section title.."; } if( $delme ) { // delete it ExecQuery( "DELETE FROM `articles` WHERE `id`=$id;" ); $action = $subaction = 0; } else if( $success ) { ExecQuery( "UPDATE `articles` SET `sectionid`=$sql_new_sectionid, `title`=$sql_new_title, `data`=$sql_new_article WHERE `id`=$id LIMIT 1;" ); $action = $subaction = 0; } else $subaction = 5; } else if( $subaction == 6 ) { // also delete all the articles in this section ExecQuery( "DELETE FROM `articles` WHERE `id`=$id;" ); $action = $subaction = 0; } } } ?> SOUHA BAAYOUN

نقلاً عن جريدة اللواء 14/11/2007

$this_title

\n"; echo "

". prepare4Display($this_data) .'

'; }?>