From 0077cb99704fe863cf731fc5cab792af2ede96c2 Mon Sep 17 00:00:00 2001 From: Joseph Hunkeler Date: Sun, 17 Apr 2011 20:13:07 -0400 Subject: Backporting retarded amount of changes outside of version control --- modules/admin/admin_functions.php | 302 ++++++++++++------------ modules/admin/blocks/functions.php | 346 ++++++++++++++-------------- modules/admin/blocks/index.php | 116 +++++----- modules/admin/index.php | 144 ++++++------ modules/admin/operation.php | 104 ++++----- modules/admin/pages/functions.php | 454 ++++++++++++++++++------------------- modules/admin/pages/index.php | 136 +++++------ 7 files changed, 801 insertions(+), 801 deletions(-) (limited to 'modules/admin') diff --git a/modules/admin/admin_functions.php b/modules/admin/admin_functions.php index 6c2b394..d0d54a8 100644 --- a/modules/admin/admin_functions.php +++ b/modules/admin/admin_functions.php @@ -1,152 +1,152 @@ -. - */ - /* -if(!defined("ADMIN_FILE")) -{ - die("Access denied."); - return; -} - -function is_loggedin() -{ - $id = session_id(); - if($id == "") - { - header("location: index.php"); - return false; - } - return true; -} - -function login() -{ - global $db; - - if(isset($_SESSION['username']) || isset($_SESSION['password'])) - { - return true; - } - - if(isset($_POST['processed'])) - { - $username = addslashes($_POST['username']); - $password = addslashes($_POST['password']); - $password = crypt(md5($password),'iamnotadirtywhorebitch'); - $result = $db->Query("SELECT * FROM bayonet_users WHERE username = '$username' AND password = '$password'"); - $rows = $db->Rows($result); - - if($rows > 0) - { - $_SESSION['username'] = stripslashes($username); - $_SESSION['password'] = stripslashes($password); - return true; - } - else - { - ReportError("Login incorrect."); - return false; - } - - } - else - { - echo "
\n"; - OpenTable(); - echo "Administrative Login\n"; - - echo "\n - \n - \n - \n -
Username
Password
\n"; - CloseTable(); - echo "
\n"; - return false; - } -} - -function logout() -{ - session_unset(); - session_destroy(); -} -*/ -/** - * CompileAdmin() - * - * because we want to have a horizontal display of options, we need to have - * the data separated by arrays. the data is processed into single tables, and is - * echoed in realtime. we checked to make sure they were arrays, but there is no - * checking to make sure the data passed is not malicious in nature. - * - * @param mixed $head - * @param mixed $body - * @return - */ - /* -function CompileAdmin($head,$body) -{ - /*if we were not passed arrays, then say goodbye - if(!is_array($head) || !is_array($body)) - { - echo "must be array\n"; - return; - } - - echo ""; - echo ""; - - $num = 1; - foreach($body as $td) - { - echo "\n"; - if($num%4 == 0){ - echo ""; - } - $num++; - } - echo "
$td
\n"; -} - - - * OpenTable() - * - * The administration OpenTable() function requires an argument to define - * the header title. It may be wise to replace the standard OpenTable() function - * with this one... that's alot of code to unfuck though. - * - * @param mixed $title - * @return - -function OpenTable_Ex($title) -{ - echo "
{$title}
"; -} - - - * CloseTable() - * - * @return - -function CloseTable_Ex() -{ - echo "
"; -} - */ +. + */ + /* +if(!defined("ADMIN_FILE")) +{ + die("Access denied."); + return; +} + +function is_loggedin() +{ + $id = session_id(); + if($id == "") + { + header("location: index.php"); + return false; + } + return true; +} + +function login() +{ + global $db; + + if(isset($_SESSION['username']) || isset($_SESSION['password'])) + { + return true; + } + + if(isset($_POST['processed'])) + { + $username = addslashes($_POST['username']); + $password = addslashes($_POST['password']); + $password = crypt(md5($password),'iamnotadirtywhorebitch'); + $result = $db->Query("SELECT * FROM bayonet_users WHERE username = '$username' AND password = '$password'"); + $rows = $db->Rows($result); + + if($rows > 0) + { + $_SESSION['username'] = stripslashes($username); + $_SESSION['password'] = stripslashes($password); + return true; + } + else + { + ReportError("Login incorrect."); + return false; + } + + } + else + { + echo "
\n"; + OpenTable(); + echo "Administrative Login\n"; + + echo "\n + \n + \n + \n +
Username
Password
\n"; + CloseTable(); + echo "
\n"; + return false; + } +} + +function logout() +{ + session_unset(); + session_destroy(); +} +*/ +/** + * CompileAdmin() + * + * because we want to have a horizontal display of options, we need to have + * the data separated by arrays. the data is processed into single tables, and is + * echoed in realtime. we checked to make sure they were arrays, but there is no + * checking to make sure the data passed is not malicious in nature. + * + * @param mixed $head + * @param mixed $body + * @return + */ + /* +function CompileAdmin($head,$body) +{ + /*if we were not passed arrays, then say goodbye + if(!is_array($head) || !is_array($body)) + { + echo "must be array\n"; + return; + } + + echo ""; + echo ""; + + $num = 1; + foreach($body as $td) + { + echo "\n"; + if($num%4 == 0){ + echo ""; + } + $num++; + } + echo "
$td
\n"; +} + + + * OpenTable() + * + * The administration OpenTable() function requires an argument to define + * the header title. It may be wise to replace the standard OpenTable() function + * with this one... that's alot of code to unfuck though. + * + * @param mixed $title + * @return + +function OpenTable_Ex($title) +{ + echo "
{$title}
"; +} + + + * CloseTable() + * + * @return + +function CloseTable_Ex() +{ + echo "
"; +} + */ ?> \ No newline at end of file diff --git a/modules/admin/blocks/functions.php b/modules/admin/blocks/functions.php index 0138839..2c7b166 100644 --- a/modules/admin/blocks/functions.php +++ b/modules/admin/blocks/functions.php @@ -1,173 +1,173 @@ -. - */ - -function ListBlocks() -{ - global $db; - $result = $db->Query("SELECT * FROM bayonet_blocks"); - $blocks = $db->Fetch(); - - echo ""; - foreach($blocks as $block) - { - echo ""; - } - echo "
Existing Blocks
{$block['weight']} : {$block['dir_name']}EditDelete
"; -} - -function NewBlock() -{ - global $db; - if(isset($_POST['processed'])) - { - //Secure our data to prevent injection attacks. - $weight = addslashes($_POST['weight']); - $dir_name = addslashes($_POST['dir_name']); - $position = addslashes($_POST['position']); - $active = addslashes($_POST['active']); - - if(empty($weight) || empty($dir_name) || empty($position)) - { - echo "You must fill everything out before proceeding."; - return; - } - //Update the database with the new data. - $db->Query("INSERT INTO bayonet_blocks SET weight = '$weight', dir_name = '$dir_name', position = '$position', active = '$active'"); - //die, because we have completed what we wanted to do. - echo "New block, '$dir_name', at position '$weight' added.\n"; - return; - } - - ?> -
- - - - - - -
Weight
Position
Directory Name
Active -
-
- 'Yes',0 => 'No'); - foreach($options as $option => $value) - { - $selected = NULL; - if($active == $option) - { - $selected = "selected"; - } - echo "\n"; - } - - -} - -function EditBlock($block_id) -{ - global $db; - if(isset($_POST['processed'])) - { - //Secure our data to prevent injection attacks. - $weight = addslashes($_POST['weight']); - $dir_name = addslashes($_POST['dir_name']); - $position = addslashes($_POST['position']); - $active = addslashes($_POST['active']); - - if(empty($weight) || empty($dir_name) || empty($position)) - { - echo "You must fill everything out before proceeding."; - return; - } - - //Update the database with the new data. - $db->Query("UPDATE bayonet_blocks SET weight = '$weight', dir_name = '$dir_name', position = '$position', active = '$active' WHERE block_id = '$block_id'"); - //$isActive = $active ? "IS" : "IS NOT"; - echo "Block, '$dir_name', at position '$weight' has been edited.\n"; - //die, because we have completed what we wanted to do. - return; - } - - //Grab the page from the database according to the $page_id passed to the function. - // {{{ XXX: FIXME -- Re-write this - /* - $result = $db->Query("SELECT weight,dir_name,position,active FROM bayonet_blocks WHERE block_id = '$block_id'"); - while(($row = $db->Fetch($result))!=false) - { - //We only want one row, so we don't have to $block[]... No foreach necessary. - $block = $row; - } - */ - // }}} - ?> -
- - - - - - - -
Weight
Position
Directory Name
Active - -
-
- Query("SELECT dir_name FROM bayonet_blocks WHERE block_id = '$block_id'"); - $block = $db->Fetch($result); - - if(isset($_POST['proceed'])) - { - echo "Block '{$block['dir_name']}', was deleted."; - $db->Query("DELETE FROM bayonet_blocks WHERE block_id = '$block_id' LIMIT 1"); - return; - } - if(isset($_POST['cancel'])) - { - echo "User cancelled deletion of page: '{$block['dir_name']}'"; - return; - } - - ?> -
- - - -
Are you SURE you want to delete the block titled: ''?
   
-
- +. + */ + +function ListBlocks() +{ + global $db; + $result = $db->Query("SELECT * FROM bayonet_blocks"); + $blocks = $db->Fetch(); + + echo ""; + foreach($blocks as $block) + { + echo ""; + } + echo "
Existing Blocks
{$block['weight']} : {$block['dir_name']}EditDelete
"; +} + +function NewBlock() +{ + global $db; + if(isset($_POST['processed'])) + { + //Secure our data to prevent injection attacks. + $weight = addslashes($_POST['weight']); + $dir_name = addslashes($_POST['dir_name']); + $position = addslashes($_POST['position']); + $active = addslashes($_POST['active']); + + if(empty($weight) || empty($dir_name) || empty($position)) + { + echo "You must fill everything out before proceeding."; + return; + } + //Update the database with the new data. + $db->Query("INSERT INTO bayonet_blocks SET weight = '$weight', dir_name = '$dir_name', position = '$position', active = '$active'"); + //die, because we have completed what we wanted to do. + echo "New block, '$dir_name', at position '$weight' added.\n"; + return; + } + + ?> +
+ + + + + + +
Weight
Position
Directory Name
Active +
+
+ 'Yes',0 => 'No'); + foreach($options as $option => $value) + { + $selected = NULL; + if($active == $option) + { + $selected = "selected"; + } + echo "\n"; + } + + +} + +function EditBlock($block_id) +{ + global $db; + if(isset($_POST['processed'])) + { + //Secure our data to prevent injection attacks. + $weight = addslashes($_POST['weight']); + $dir_name = addslashes($_POST['dir_name']); + $position = addslashes($_POST['position']); + $active = addslashes($_POST['active']); + + if(empty($weight) || empty($dir_name) || empty($position)) + { + echo "You must fill everything out before proceeding."; + return; + } + + //Update the database with the new data. + $db->Query("UPDATE bayonet_blocks SET weight = '$weight', dir_name = '$dir_name', position = '$position', active = '$active' WHERE block_id = '$block_id'"); + //$isActive = $active ? "IS" : "IS NOT"; + echo "Block, '$dir_name', at position '$weight' has been edited.\n"; + //die, because we have completed what we wanted to do. + return; + } + + //Grab the page from the database according to the $page_id passed to the function. + // {{{ XXX: FIXME -- Re-write this + /* + $result = $db->Query("SELECT weight,dir_name,position,active FROM bayonet_blocks WHERE block_id = '$block_id'"); + while(($row = $db->Fetch($result))!=false) + { + //We only want one row, so we don't have to $block[]... No foreach necessary. + $block = $row; + } + */ + // }}} + ?> +
+ + + + + + + +
Weight
Position
Directory Name
Active + +
+
+ Query("SELECT dir_name FROM bayonet_blocks WHERE block_id = '$block_id'"); + $block = $db->Fetch($result); + + if(isset($_POST['proceed'])) + { + echo "Block '{$block['dir_name']}', was deleted."; + $db->Query("DELETE FROM bayonet_blocks WHERE block_id = '$block_id' LIMIT 1"); + return; + } + if(isset($_POST['cancel'])) + { + echo "User cancelled deletion of page: '{$block['dir_name']}'"; + return; + } + + ?> +
+ + + +
Are you SURE you want to delete the block titled: ''?
   
+
+ diff --git a/modules/admin/blocks/index.php b/modules/admin/blocks/index.php index 6dac3d2..8d63b6d 100644 --- a/modules/admin/blocks/index.php +++ b/modules/admin/blocks/index.php @@ -1,59 +1,59 @@ -. - */ - -/** - * This file administers the site blocks. - * - * -weight - * -directory name - */ - -if(!defined("ADMIN_FILE")) -{ - die("Access denied."); -} - - -include $basedir.'blocks/functions.php'; - -if(isset($_GET['edit'])) -{ - $block_id = $_GET['edit']; - EditBlock($block_id); - return; -} - -if(isset($_GET['delete'])) -{ - $block_id = $_GET['delete']; - DeleteBlock($block_id); - return; -} - -if(isset($_GET['create'])) -{ - NewBlock(); - return; -} - -echo "
".LinkInternal('Create a Block','?load=admin&op=blocks&create=true')."
"; - -ListBlocks(); - +. + */ + +/** + * This file administers the site blocks. + * + * -weight + * -directory name + */ + +if(!defined("ADMIN_FILE")) +{ + die("Access denied."); +} + + +include $basedir.'blocks/functions.php'; + +if(isset($_GET['edit'])) +{ + $block_id = $_GET['edit']; + EditBlock($block_id); + return; +} + +if(isset($_GET['delete'])) +{ + $block_id = $_GET['delete']; + DeleteBlock($block_id); + return; +} + +if(isset($_GET['create'])) +{ + NewBlock(); + return; +} + +echo "
".LinkInternal('Create a Block','?load=admin&op=blocks&create=true')."
"; + +ListBlocks(); + ?> \ No newline at end of file diff --git a/modules/admin/index.php b/modules/admin/index.php index fc379ea..667dc6e 100644 --- a/modules/admin/index.php +++ b/modules/admin/index.php @@ -1,73 +1,73 @@ -. - */ - /* - if(!defined("MODULE_FILE")) - { - die("Access denied."); - } - - define("ADMIN_FILE",'admin_file'); - include 'admin_functions.php'; - - if($_GET['op'] == 'logout') - { - logout(); - } - - if(login()) - { - //this is so dirty... sigh. - if(is_loggedin()) - { - ?> - - - - - - -
- -
-
- Administrative Tools: -
Manage Pages','?load=admin&op=pages'), - LinkInternal('
Edit Navigation','?load=admin'), - LinkInternal('
Edit Announcements','?load=admin'), - LinkInternal('
Manage Events','?load=admin'), - LinkInternal('
Manage Galleries', '?load=admin') - - ); - - //render administration table - CompileAdmin($th,$td); - ?> -
- -
- - . + */ + /* + if(!defined("MODULE_FILE")) + { + die("Access denied."); + } + + define("ADMIN_FILE",'admin_file'); + include 'admin_functions.php'; + + if($_GET['op'] == 'logout') + { + logout(); + } + + if(login()) + { + //this is so dirty... sigh. + if(is_loggedin()) + { + ?> + + + + + + +
+ +
+
+ Administrative Tools: +
Manage Pages','?load=admin&op=pages'), + LinkInternal('
Edit Navigation','?load=admin'), + LinkInternal('
Edit Announcements','?load=admin'), + LinkInternal('
Manage Events','?load=admin'), + LinkInternal('
Manage Galleries', '?load=admin') + + ); + + //render administration table + CompileAdmin($th,$td); + ?> +
+ +
+ + \ No newline at end of file diff --git a/modules/admin/operation.php b/modules/admin/operation.php index 2c66ff4..4fb687b 100644 --- a/modules/admin/operation.php +++ b/modules/admin/operation.php @@ -1,53 +1,53 @@ -. - */ - /* -if(!defined("ADMIN_FILE")) -{ - die("Access denied."); - return; -} - -if(!isset($_GET['op'])) -{ - echo "
No operation selected
\n"; - return; -} - -$op = $_GET['op']; -$basedir = 'modules/admin/'; - -if(file_exists($basedir)) -{ - if(file_exists($basedir . $op)) - { - include $basedir . $op . '/index.php'; - } - else - { - ReportError("Administrative operation '$op' does not exist."); - } -} -else -{ - ReportError("Administrative base directory path does not exist."); -} - - -*/ +. + */ + /* +if(!defined("ADMIN_FILE")) +{ + die("Access denied."); + return; +} + +if(!isset($_GET['op'])) +{ + echo "
No operation selected
\n"; + return; +} + +$op = $_GET['op']; +$basedir = 'modules/admin/'; + +if(file_exists($basedir)) +{ + if(file_exists($basedir . $op)) + { + include $basedir . $op . '/index.php'; + } + else + { + ReportError("Administrative operation '$op' does not exist."); + } +} +else +{ + ReportError("Administrative base directory path does not exist."); +} + + +*/ ?> \ No newline at end of file diff --git a/modules/admin/pages/functions.php b/modules/admin/pages/functions.php index fc97ffc..f71f90f 100644 --- a/modules/admin/pages/functions.php +++ b/modules/admin/pages/functions.php @@ -1,227 +1,227 @@ -. - */ - -/** - * Note to anyone feeling the need to edit this file... - * You MUST declare $db as global inside your functions in order access MySQL from here. - */ - -function ListArticles($pageid){ - - global $db; - $result = $db->Query("SELECT article_id,title FROM bayonet_articles WHERE `page_id` = $pageid ORDER BY `weight`"); - $articles = $db->Fetch($result); - - echo ""; - - if(count($articles)==0){ - echo "
There are no articles posted on this page.
"; - return; - } - foreach($articles as $article) - { - if($_GET['aid'] == $article['article_id']) - echo ''; - else - echo ''; - ?> - - ^ - - - - v - - - "; - - - -} - -function EditArticle($article_id){ - - global $db; - //Grab the page from the database according to the $article_id passed to the function. - // {{{ XXX: FIXME -- Needs to be re-written - /* - $result = $db->Query("SELECT title,text FROM bayonet_articles WHERE article_id = '$article_id'"); - while(($row = $db->Fetch($result))!=false) - { - //We only want one row, so we don't have to $article[]... No foreach necessary. - $article = $row; - } - */ - // }}} - ?> -
- - - -
- - -
-
- Query("SELECT page_id,title FROM bayonet_pages"); - - echo 'Select page: '; - // echo ""; -} - -function NewPage() -{ - global $db; - if(isset($_POST['processed'])) - { - //Secure our data to prevent injection attacks. - $title = addslashes($_POST['title']); - $text = addslashes($_POST['text']); - if(empty($title) || empty($text)) - { - echo "You must fill everything out before proceeding."; - return; - } - - //Update the database with the new data. - $db->Query("INSERT INTO bayonet_pages SET title = '$title', text = '$text'"); - echo "New page, '$title', has been added.\n"; - //die, because we have completed what we wanted to do. - return; - } - - ?> -

Add New Page

-
- - - - -
Title
Text
-
- Query("UPDATE bayonet_pages SET title = '$title', text = '$text' WHERE page_id = '$page_id'"); - echo "Page, '$title', has been edited.\n"; - //die, because we have completed what we wanted to do. - return; - } - - $aid = $_GET['aid']; -?> - - - - - - -
 View this Page','?load=page&id='.$page_id); ?> Delete this Page','?load=admin&op=pages&delete='.$page_id); ?>
-
- - - - - -
- - - 0){ - EditArticle($aid); - } - ?> -
- Query("SELECT title FROM bayonet_pages WHERE page_id = '$page_id'"); - $page = $db->Fetch($result); - - if(isset($_POST['proceed'])) - { - echo "Page '{$page['title']}', was deleted."; - $db->Query("DELETE FROM bayonet_pages WHERE page_id = '$page_id' LIMIT 1"); - return; - } - if(isset($_POST['cancel'])) - { - echo "User cancelled deletion of page: '{$page['title']}'"; - return; - } - if($page_id == 1){ - echo "You can not delete the home page."; - return; - } - - ?> -
- - - -
Are you SURE you want to delete the page titled: ''?
   
-
- +. + */ + +/** + * Note to anyone feeling the need to edit this file... + * You MUST declare $db as global inside your functions in order access MySQL from here. + */ + +function ListArticles($pageid){ + + global $db; + $result = $db->Query("SELECT article_id,title FROM bayonet_articles WHERE `page_id` = $pageid ORDER BY `weight`"); + $articles = $db->Fetch($result); + + echo ""; + + if(count($articles)==0){ + echo "
There are no articles posted on this page.
"; + return; + } + foreach($articles as $article) + { + if($_GET['aid'] == $article['article_id']) + echo ''; + else + echo ''; + ?> + + ^ + + + + v + + + "; + + + +} + +function EditArticle($article_id){ + + global $db; + //Grab the page from the database according to the $article_id passed to the function. + // {{{ XXX: FIXME -- Needs to be re-written + /* + $result = $db->Query("SELECT title,text FROM bayonet_articles WHERE article_id = '$article_id'"); + while(($row = $db->Fetch($result))!=false) + { + //We only want one row, so we don't have to $article[]... No foreach necessary. + $article = $row; + } + */ + // }}} + ?> +
+ + + +
+ + +
+
+ Query("SELECT page_id,title FROM bayonet_pages"); + + echo 'Select page: '; + // echo ""; +} + +function NewPage() +{ + global $db; + if(isset($_POST['processed'])) + { + //Secure our data to prevent injection attacks. + $title = addslashes($_POST['title']); + $text = addslashes($_POST['text']); + if(empty($title) || empty($text)) + { + echo "You must fill everything out before proceeding."; + return; + } + + //Update the database with the new data. + $db->Query("INSERT INTO bayonet_pages SET title = '$title', text = '$text'"); + echo "New page, '$title', has been added.\n"; + //die, because we have completed what we wanted to do. + return; + } + + ?> +

Add New Page

+
+ + + + +
Title
Text
+
+ Query("UPDATE bayonet_pages SET title = '$title', text = '$text' WHERE page_id = '$page_id'"); + echo "Page, '$title', has been edited.\n"; + //die, because we have completed what we wanted to do. + return; + } + + $aid = $_GET['aid']; +?> + + + + + + +
 View this Page','?load=page&id='.$page_id); ?> Delete this Page','?load=admin&op=pages&delete='.$page_id); ?>
+
+ + + + + +
+ + + 0){ + EditArticle($aid); + } + ?> +
+ Query("SELECT title FROM bayonet_pages WHERE page_id = '$page_id'"); + $page = $db->Fetch($result); + + if(isset($_POST['proceed'])) + { + echo "Page '{$page['title']}', was deleted."; + $db->Query("DELETE FROM bayonet_pages WHERE page_id = '$page_id' LIMIT 1"); + return; + } + if(isset($_POST['cancel'])) + { + echo "User cancelled deletion of page: '{$page['title']}'"; + return; + } + if($page_id == 1){ + echo "You can not delete the home page."; + return; + } + + ?> +
+ + + +
Are you SURE you want to delete the page titled: ''?
   
+
+ diff --git a/modules/admin/pages/index.php b/modules/admin/pages/index.php index 0fb6cff..cb36250 100644 --- a/modules/admin/pages/index.php +++ b/modules/admin/pages/index.php @@ -1,68 +1,68 @@ -. - */ - ?> - -
-
- Manage Pages: - - - - - - - - -
-  Create a Page','?load=admin&op=pages&create=true'); ?> -
-
-
+. + */ + ?> + +
+
+ Manage Pages: + + + + + + + + +
+  Create a Page','?load=admin&op=pages&create=true'); ?> +
+
+
-- cgit