Chapter 12 Code - Building a Content Management System
Try It Out 1
<?php
define('SQL_HOST','yourhost');
define('SQL_USER','joeuser');
define('SQL_PASS','yourpassword');
define('SQL_DB','yourdatabase');
$conn = mysql_connect(SQL_HOST,SQL_USER,SQL_PASS)
or die('Could not connect to the database; ' . mysql_error());
mysql_select_db(SQL_DB,$conn)
or die('Could not select database; ' . mysql_error());
?>
<?php
require_once 'conn.php';
$sql = <<<EOS
CREATE TABLE IF NOT EXISTS cms_access_levels (
access_lvl tinyint(4) NOT NULL auto_increment,
access_name varchar(50) NOT NULL default '',
PRIMARY KEY (access_lvl)
)
EOS;
$result = mysql_query($sql) or die(mysql_error());
$sql = "INSERT IGNORE INTO cms_access_levels
VALUES (1,'User')";
$result = mysql_query($sql) or die(mysql_error());
$sql = "INSERT IGNORE INTO cms_access_levels
VALUES (2,'Moderator')";
$result = mysql_query($sql) or die(mysql_error());
$sql = "INSERT IGNORE INTO cms_access_levels
VALUES (3,'Administrator')";
$result = mysql_query($sql) or die(mysql_error());
$sql = <<<EOS
CREATE TABLE IF NOT EXISTS cms_articles (
article_id int(11) NOT NULL auto_increment,
author_id int(11) NOT NULL default '0',
is_published tinyint(1) NOT NULL default '0',
date_submitted datetime NOT NULL default '0000-00-00 00:00:00',
date_published datetime NOT NULL default '0000-00-00 00:00:00',
title varchar(255) NOT NULL default '',
body mediumtext NOT NULL,
PRIMARY KEY (article_id),
KEY IdxArticle (author_id,date_submitted),
FULLTEXT KEY IdxText (title,body)
)
EOS;
$result = mysql_query($sql) or die(mysql_error());
$sql = <<<EOS
CREATE TABLE IF NOT EXISTS cms_comments (
comment_id int(11) NOT NULL auto_increment,
article_id int(11) NOT NULL default '0',
comment_date datetime NOT NULL default '0000-00-00 00:00:00',
comment_user int(11) NOT NULL default '0',
comment text NOT NULL,
PRIMARY KEY (comment_id),
KEY IdxComment (article_id)
)
EOS;
$result = mysql_query($sql) or die(mysql_error());
$sql = <<<EOS
CREATE TABLE IF NOT EXISTS cms_users (
user_id int(11) NOT NULL auto_increment,
e-mail varchar(255) NOT NULL default '',
passwd varchar(50) NOT NULL default '',
name varchar(100) NOT NULL default '',
access_lvl tinyint(4) NOT NULL default '1',
PRIMARY KEY (user_id),
UNIQUE KEY uniq_e-mail (e-mail)
)
EOS;
$result = mysql_query($sql) or die(mysql_error());
$admine-mail = "admin@yoursite.com";
$adminpass = "admin";
$adminname = "Admin";
$sql = "INSERT IGNORE INTO cms_users VALUES (NULL,
'$admine-mail', '$adminpass', '$adminname', 3)";
$result = mysql_query($sql) or die(mysql_error());
echo "<html><head><title>CMS Tables Created</title></head><body>";
echo "CMS Tables created. Here is your initial login information:\n";
echo "<ul><li><strong>login</strong>: " . $admine-mail . "</li>\n";
echo "<li><strong>password</strong>: " . $adminpass . "</li></ul>\n";
echo "<a href='login.php'>Login</a> to the site now.";
echo "</body></html>"
?>
<?php
function trimBody($theText, $lmt=500, $s_chr="\n", $s_cnt=2) {
$pos = 0;
$trimmed = FALSE;
for ($i = 1; $i <= $s_cnt; $i++) {
if ($tmp = strpos($theText,$s_chr,$pos)) {
$pos = $tmp;
$trimmed = TRUE;
} else {
$pos = strlen($theText) - 1;
$trimmed = FALSE;
break;
}
}
$theText = substr($theText,0,$pos);
if (strlen($theText) > $lmt) {
$theText = substr($theText,0,$lmt);
$theText = substr($theText,0,strrpos($theText,' '));
$trimmed = TRUE;
}
if ($trimmed) $theText .= '...';
return $theText;
}
function outputStory($article, $only_snippet=FALSE) {
global $conn;
if ($article) {
$sql = "SELECT ar.*,usr.name " .
"FROM cms_articles ar " .
"LEFT OUTER JOIN cms_users usr " .
"ON ar.author_id = usr.user_id " .
"WHERE ar.article_id = " . $article;
$result = mysql_query($sql,$conn);
if ($row = mysql_fetch_array($result)) {
echo '<h3>' . htmlspecialchars($row['title']) . "</h3>\n";
echo "<h5><div class='byline'>By: " .
htmlspecialchars($row['name']) .
"</div>";
echo "<div class='pubdate'>";
if ($row['is_published'] == 1) {
echo date("F j, Y",strtotime($row['date_published']));
} else {
echo "not yet published";
}
echo "</div></h5>\n";
if ($only_snippet) {
echo "<p>\n";
echo nl2br(htmlspecialchars(trimBody($row['body'])));
echo "</p>\n";
echo '<h4><a href="viewarticle.php?article=' .
$row['article_id'] . "\">Full Story...</a></h4><br />\n";
} else {
echo "<p>\n";
echo nl2br(htmlspecialchars($row['body']));
echo "</p>\n";
}
}
}
}
function showComments($article,$showLink=TRUE) {
global $conn;
if ($article) {
$sql = "SELECT is_published " .
"FROM cms_articles " .
"WHERE article_id=" . $article;
$result = mysql_query($sql,$conn)
or die('Could not look up comments; ' . mysql_error());
$row = mysql_fetch_array($result);
$is_published = $row['is_published'];
$sql = "SELECT co.*,usr.name,usr.e-mail " .
"FROM cms_comments co " .
"LEFT OUTER JOIN cms_users usr " .
"ON co.comment_user = usr.user_id " .
"WHERE co.article_id=" . $article .
" ORDER BY co.comment_date DESC";
$result = mysql_query($sql,$conn)
or die('Could not look up comments; ' . mysql_error());
if ($showLink) {
echo '<h4>' . mysql_num_rows($result) . 'Comments';
if (isset($_SESSION['user_id']) and $is_published) {
echo ' / <a href="comment.php?article=' . $_GET['article'] .
'">Add one</a>';
}
echo "</h4>\n";
}
if (mysql_num_rows($result)) {
echo "<div class=\"scroller\">\n";
while ($row = mysql_fetch_array($result)) {
echo "<span class='commentName'>" .
htmlspecialchars($row['name']) .
"</span><span class='commentDate'> (" .
date("l F j, Y H:i",strtotime($row['comment_date'])) .
")</span>\n";
echo "<p class='commentText'>\n" .
nl2br(htmlspecialchars($row['comment'])) .
"\n</p>\n";
}
echo "</div>\n";
}
echo "<br />\n";
}
}
?>
<?php session_start(); ?>
<html>
<head>
<title>BPAM CMS</title>
</head>
<body>
<div id="logobar">
<div id="logoblob">
<h1>Comic Book Appreciation</h1>
</div>
<?php
if (isset($_SESSION['name'])) {
echo ' <div id="logowelcome">';
echo ' Currently logged in as: '.$_SESSION['name'];
echo ' </div>';
}
?>
</div>
<div id="navright">
<form method="get" action="search.php">
<p class='head'>Search</p>
<p>
<input id="searchkeywords" type="text" name="keywords"
<?php
if (isset($_GET['keywords'])) {
echo ' value="' . htmlspecialchars($_GET['keywords']) . '" ';
}
?>
/>
<input id="searchbutton" class="submit" type="submit"
value="Search" />
</p>
</form>
</div>
<div id="maincolumn">
<div id='navigation'>
<?php
echo '<a href="index.php">Articles</a>';
if (!isset($_SESSION['user_id'])) {
echo ' | <a href="login.php">Login</a>';
} else {
echo ' | <a href="compose.php">Compose</a>';
if ($_SESSION['access_lvl'] > 1) {
echo ' | <a href="pending.php">Review</a>';
}
if ($_SESSION['access_lvl'] > 2) {
echo ' | <a href="admin.php">Admin</a>';
}
echo ' | <a href="cpanel.php">Control Panel</a>';
echo ' | <a href="transact-user.php?action=Logout">Logout</a>';
}
?>
</div>
<div id="articles">
</div>
</div>
</body>
</html>
<?php
function redirect($url) {
if (!headers_sent()) {
header('Location: http://' . $_SERVER['HTTP_HOST'] .
dirname($_SERVER['PHP_SELF']) . '/' . $url);
} else {
die('Could not redirect; Headers already sent (output).');
}
}
?>
<?php
require_once 'conn.php';
require_once 'http.php';
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'Login':
if (isset($_POST['e-mail'])
and isset($_POST['passwd']))
{
$sql = "SELECT user_id,access_lvl,name " .
"FROM cms_users " .
"WHERE e-mail='" . $_POST['e-mail'] . "' " .
"AND passwd='" . $_POST['passwd'] . "'";
$result = mysql_query($sql,$conn)
or die('Could not look up user information; ' . mysql_error());
if ($row = mysql_fetch_array($result)) {
session_start();
$_SESSION['user_id'] = $row['user_id'];
$_SESSION['access_lvl'] = $row['access_lvl'];
$_SESSION['name'] = $row['name'];
}
}
redirect('index.php');
break;
case 'Logout':
session_start();
session_unset();
session_destroy();
redirect('index.php');
break;
case 'Create Account':
if (isset($_POST['name'])
and isset($_POST['e-mail'])
and isset($_POST['passwd'])
and isset($_POST['passwd2'])
and $_POST['passwd'] == $_POST['passwd2'])
{
$sql = "INSERT INTO cms_users (e-mail,name,passwd) " .
"VALUES ('" . $_POST['e-mail'] . "','" .
$_POST['name'] . "','" . $_POST['passwd'] . "')";
mysql_query($sql,$conn)
or die('Could not create user account; ' . mysql_error());
session_start();
$_SESSION['user_id'] = mysql_insert_id($conn);
$_SESSION['access_lvl'] = 1;
$_SESSION['name'] = $_POST['name'];
}
redirect('index.php');
break;
case 'Modify Account':
if (isset($_POST['name'])
and isset($_POST['e-mail'])
and isset($_POST['accesslvl'])
and isset($_POST['userid']))
{
$sql = "UPDATE cms_users " .
"SET e-mail='" . $_POST['e-mail'] .
"', name='" . $_POST['name'] .
"', access_lvl=" . $_POST['accesslvl'] . " " .
" WHERE user_id=" . $_POST['userid'];
mysql_query($sql,$conn)
or die('Could not update user account; ' . mysql_error());
}
redirect('admin.php');
break;
case 'Send my reminder!':
if (isset($_POST['e-mail'])) {
$sql = "SELECT passwd FROM cms_users " .
"WHERE e-mail='" . $_POST['e-mail'] . "'";
$result = mysql_query($sql,$conn)
or die('Could not look up password; ' . mysql_error());
if (mysql_num_rows($result)) {
$row = mysql_fetch_array($result);
$subject = 'Comic site password reminder';
$body = "Just a reminder, your password for the " .
"Comic Book Appreciation site is: " . $row['passwd'] .
"\n\nYou can use this to log in at http://" .
$_SERVER['HTTP_HOST'] .
dirname($_SERVER['PHP_SELF']) . '/';
mail($_POST['e-mail'],$subject,$body)
or die('Could not send reminder e-mail.');
}
}
redirect('login.php');
break;
case 'Change my info':
session_start();
if (isset($_POST['name'])
and isset($_POST['e-mail'])
and isset($_SESSION['user_id']))
{
$sql = "UPDATE cms_users " .
"SET e-mail='" . $_POST['e-mail'] .
"', name='" . $_POST['name'] . "' " .
"WHERE user_id=" . $_SESSION['user_id'];
mysql_query($sql,$conn)
or die('Could not update user account; ' . mysql_error());
}
redirect('cpanel.php');
break;
}
}
?>
<?
session_start();
require_once 'conn.php';
require_once 'http.php';
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'Submit New Article':
if (isset($_POST['title'])
and isset($_POST['body'])
and isset($_SESSION['user_id']))
{
$sql = "INSERT INTO cms_articles " .
"(title,body,author_id,date_submitted) " .
"VALUES ('" . $_POST['title'] .
"','" . $_POST['body'] .
"'," . $_SESSION['user_id'] . ",'" .
date("Y-m-d H:i:s",time()) . "')";
mysql_query($sql,$conn)
or die('Could not submit article; ' . mysql_error());
}
redirect('index.php');
break;
case 'Edit':
redirect('compose.php?a=edit&article=' . $_POST['article']);
break;
case 'Save Changes':
if (isset($_POST['title'])
and isset($_POST['body'])
and isset($_POST['article']))
{
$sql = "UPDATE cms_articles " .
"SET title='" . $_POST['title'] .
"', body='" . $_POST['body'] . "', date_submitted='" .
date("Y-m-d H:i:s",time()) . "' " .
"WHERE article_id=" . $_POST['article'];
if (isset($_POST['authorid'])) {
$sql .= " AND author_id=" . $_POST['authorid'];
}
mysql_query($sql,$conn)
or die('Could not update article; ' . mysql_error());
}
if (isset($_POST['authorid'])) {
redirect('cpanel.php');
} else {
redirect('pending.php');
}
break;
case 'Publish':
if ($_POST['article']) {
$sql = "UPDATE cms_articles " .
"SET is_published=1,date_published='" .
date("Y-m-d H:i:s",time()) . "' " .
"WHERE article_id=" . $_POST['article'];
mysql_query($sql,$conn)
or die('Could not publish article; ' . mysql_error());
}
redirect('pending.php');
break;
case 'Retract':
if ($_POST['article']) {
$sql = "UPDATE cms_articles " .
"SET is_published=0,date_published='' " .
"WHERE article_id=" . $_POST['article'];
mysql_query($sql,$conn)
or die('Could not retract article; ' . mysql_error());
}
redirect('pending.php');
break;
case 'Delete':
if ($_POST['article']) {
$sql = "DELETE FROM cms_articles " .
"WHERE is_published=0 " .
"AND " . "article_id=" . $_POST['article'];
mysql_query($sql,$conn)
or die('Could not delete article; ' . mysql_error());
}
redirect('pending.php');
break;
case 'Submit Comment':
if (isset($_POST['article'])
and $_POST['article']
and isset($_POST['comment'])
and $_POST['comment'])
{
$sql = "INSERT INTO cms_comments " .
"(article_id,comment_date,comment_user,comment) " .
"VALUES (" . $_POST['article'] . ",'" .
date("Y-m-d H:i:s",time()) .
"'," . $_SESSION['user_id'] .
",'" . $_POST['comment'] . "');";
mysql_query($sql,$conn)
or die('Could add comment; ' . mysql_error());
}
redirect('viewarticle.php?article=' . $_POST['article']);
break;
case 'remove':
if (isset($_GET['article'])
and isset($_SESSION['user_id']))
{
$sql = "DELETE FROM cms_articles " .
"WHERE article_id=" . $_GET['article'] .
" AND author_id=" . $_SESSION['user_id'];
mysql_query($sql,$conn)
or die('Could not remove article; ' . mysql_error());
}
redirect('cpanel.php');
break;
}
} else {
redirect('index.php');
}
?>
<?php
require_once 'conn.php';
require_once 'header.php';
$sql = "SELECT name,e-mail " .
"FROM cms_users " .
"WHERE user_id=" . $_SESSION['user_id'];
$result = mysql_query($sql,$conn)
or die('Could not look up user data; ' . mysql_error());
$user = mysql_fetch_array($result);
?>
<form method="post" action="transact-user.php">
<p>Name:<br />
<input type="text" id="name" name="name"
value="<?php echo htmlspecialchars($user['name']); ?>" /></p>
<p>E-mail:<br />
<input type="text" id="e-mail" name="e-mail"
value="<?php echo htmlspecialchars($user['e-mail']); ?>" /></p>
<p><input type="submit" class="submit" name="action"
value="Change my info" /></p>
</form>
<h2>Pending Articles</h2>
<div class="scroller">
<table>
<?php
$sql = "SELECT article_id, title, date_submitted " .
"FROM cms_articles " .
"WHERE is_published=0 " .
"AND author_id=" . $_SESSION['user_id'] . " " .
"ORDER BY date_submitted";
$result = mysql_query($sql,$conn)
or die('Could not get list of pending articles; ' . mysql_error());
if (mysql_num_rows($result) == 0) {
echo " <em>No pending articles available</em>";
} else {
while ($row = mysql_fetch_array($result)) {
echo "<tr>\n";
echo '<td><a href="reviewarticle.php?article=' .
$row['article_id'] . '">' . htmlspecialchars($row['title']) .
"</a> (submitted " .
date("F j, Y",strtotime($row['date_submitted'])) .
")</td>\n";
echo "</tr>\n";
}
}
?>
</table>
</div>
<br />
<h2>Published Articles</h2>
<div class="scroller">
<table>
<?php
$sql = "SELECT article_id, title,date_published " .
"FROM cms_articles " .
"WHERE is_published=1 " .
"AND author_id=" . $_SESSION['user_id'] . " " .
"ORDER BY date_submitted";
$result = mysql_query($sql,$conn)
or die('Could not get list of pending articles; ' . mysql_error());
if (mysql_num_rows($result) == 0) {
echo " <em>No published articles available</em>";
} else {
while ($row = mysql_fetch_array($result)) {
echo "<tr>\n";
echo '<td><a href="viewarticle.php?article=' .
$row['article_id'] . '">' . htmlspecialchars($row['title']) .
"</a> (published " .
date("F j, Y",strtotime($row['date_published'])) .
")</td>\n";
echo "</tr>\n";
}
}
?>
</table>
</div>
<br />
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
$userid = '';
$name = '';
$e-mail = '';
$password = '';
$accesslvl = '';
if (isset($_GET['userid'])) {
$sql = "SELECT * FROM cms_users WHERE user_id=" . $_GET['userid'];
$result = mysql_query($sql,$conn)
or die('Could not look up user data; ' . mysql_error());
$row = mysql_fetch_array($result);
$userid = $_GET['userid'];
$name = $row['name'];
$e-mail = $row['e-mail'];
$accesslvl = $row['access_lvl'];
}
require_once 'header.php';
echo "<form method=\"post\" action=\"transact-user.php\">\n";
if ($userid) {
echo "<h1>Modify Account</h1>\n";
} else {
echo "<h1>Create Account</h1>\n";
}
?>
<p>
Full name:<br />
<input type="text" class="txtinput" name="name" maxlength="100"
value="<?php echo htmlspecialchars($name); ?>" />
</p>
<p>
E-mail Address:<br />
<input type="text" class="txtinput" name="e-mail" maxlength="255"
value="<?php echo htmlspecialchars($e-mail); ?>" />
</p>
<?php
if (isset($_SESSION['access_lvl'])
and $_SESSION['access_lvl'] == 3)
{
echo "<fieldset>\n";
echo " <legend>Access Level</legend>\n";
$sql = "SELECT * FROM cms_access_levels ORDER BY access_lvl DESC";
$result = mysql_query($sql,$conn)
or die('Could not list access levels; ' . mysql_error());
while ($row = mysql_fetch_array($result)) {
echo ' <input type="radio" class="radio" id="acl_' .
$row['access_lvl'] . '" name="accesslvl" value="' .
$row['access_lvl'] . '" ';
if ($row['access_lvl'] == $accesslvl) {
echo 'checked="checked" ';
}
echo '/>' . $row['access_name'] . "<br />\n";
}
?>
</fieldset>
<p>
<input type="hidden" name="userid" value="<?php echo $userid; ?>" />
<input type="submit" class="submit" name="action"
value="Modify Account" />
</p>
<?php } else { ?>
<p>
Password:<br />
<input type="password" id="passwd" name="passwd" maxlength="50" />
</p>
<p>
Password (again):<br />
<input type="password" id="passwd2" name="passwd2" maxlength="50" />
</p>
<p>
<input type="submit" class="submit" name="action"
value="Create Account" />
</p>
<?php } ?>
</form>
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
$title = '';
$body = '';
$article = '';
$authorid = '';
if (isset($_GET['a'])
and $_GET['a'] == 'edit'
and isset($_GET['article'])
and $_GET['article']) {
$sql = "SELECT title,body,author_id FROM cms_articles WHERE article_id=" .
$_GET['article'];
$result = mysql_query($sql,$conn)
or die('Could not retrieve article data; ' . mysql_error());
$row = mysql_fetch_array($result);
$title = $row['title'];
$body = $row['body'];
$article = $_GET['article'];
$authorid = $row['author_id'];
}
require_once 'header.php';
?>
<form method="post" action="transact-article.php">
<h2>Compose Article</h2>
<p>
Title:<br />
<input type="text" class="title" name="title" maxlength="255"
value="<?php echo htmlspecialchars($title); ?>" />
</p>
<p>
Body:<br />
<textarea class="body" name="body" rows="10" cols="60"><?php
echo htmlspecialchars($body); ?></textarea>
</p>
<p>
<?php
echo '<input type="hidden" name="article" value="' .
$article . "\" />\n";
if ($_SESSION['access_lvl'] < 2) {
echo '<input type="hidden" name="authorid" value="' .
$authorid . "\" />\n";
}
if ($article) {
echo '<input type="submit" class="submit" name="action" ' .
"value=\"Save Changes\" />\n";
} else {
echo '<input type="submit" class="submit" name="action" ' .
"value=\"Submit New Article\" />\n";
}
?>
</p>
</form>
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
require_once 'outputfunctions.php';
require_once 'header.php';
?>
<form method="post" action="transact-article.php">
<h2>Article Review</h2>
<?php
outputStory($_GET['article']);
$sql = "SELECT ar.*, usr.name, usr.access_lvl " .
"FROM cms_articles ar INNER JOIN cms_users usr " .
"ON ar.author_id = usr.user_id " .
"WHERE article_id=" . $_GET['article'];
$result = mysql_query($sql,$conn)
or die('Could not retrieve article info; ' . mysql_error());
$row = mysql_fetch_array($result);
if ($row['date_published'] and $row['is_published']) {
echo '<h4>Published: ' .
date("l F j, Y H:i",strtotime($row['date_published'])) .
"</h4>\n";
}
echo "<p><br />\n";
if ($row['is_published']) {
$buttonType = "Retract";
} else {
$buttonType = "Publish";
}
echo "<input type='submit' class='submit' " .
"name='action' value='Edit' /> ";
if (($row['access_lvl'] > 1) or ($_SESSION['access_lvl'] > 1)) {
echo "<input type='submit' class='submit' " .
"name='action' value='$buttonType' /> ";
}
echo "<input type='submit' class='submit' " .
"name='action' value='Delete' /> ";
?>
<input type="hidden" name="article"
value="<?php echo $_GET['article'] ?> " />
</p>
</form>
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
require_once 'header.php';
$a_artTypes = array(
"Pending" => "submitted",
"Published" => "published"
);
echo "<h2>Article Availability</h2>\n";
$i=-1;
foreach ($a_artTypes as $k => $v) {
$i++;
echo "<h3>" . $k . " Articles</h3>\n";
echo "<p>\n";
echo " <div class='scroller'>\n";
$sql = "SELECT article_id, title, date_".$v.
" FROM cms_articles " .
"WHERE is_published=" . $i .
" ORDER BY title";
$result = mysql_query($sql,$conn)
or die('Could not get list of pending articles; ' . mysql_error());
if (mysql_num_rows($result) == 0) {
echo " <em>No " . $k . " articles available</em>";
} else {
while ($row = mysql_fetch_array($result)) {
echo ' <a href="reviewarticle.php?article=' .
$row['article_id'] . '">' . htmlspecialchars($row['title']) .
"</a> ($v " .
date("F j, Y",strtotime($row['date_'.$v])) .
")<br />\n";
}
}
echo " </div>\n";
echo "</p>\n";
}
require_once 'footer.php';
?>
<?php
require_once 'conn.php';
require_once 'header.php';
$a_users = array(1 => "Users","Moderators","Admins");
function echoUserList($lvl) {
global $a_users;
$sql = "SELECT user_id, name, e-mail FROM cms_users " .
"WHERE access_lvl = $lvl ORDER BY name";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) == 0) {
echo "<em>No " . $a_users[$lvl] . " created.</em>";
} else {
while ($row = mysql_fetch_array($result)) {
if ($row['user_id'] == $_SESSION['user_id']) {
echo htmlspecialchars($row['name']) . "<br />\n";
} else {
echo '<a href="useraccount.php?userid=' . $row['user_id'] .
'" title="' . htmlspecialchars($row['e-mail']) . '">' .
htmlspecialchars($row['name']) . "</a><br />\n";
}
}
}
}
?>
<h2>User Administration</h2>
<?php
for($i=1;$i<=3;$i++) {
echo "<h3>". $a_users[$i] . "</h3>\n" .
"<div class='scroller'>\n";
echoUserList($i);
echo "\n</div>\n";
}
?>
<br />
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
require_once 'outputfunctions.php';
require_once 'header.php';
outputStory($_GET['article']);
?>
<h1>Add a comment</h1>
<form method="post" action="transact-article.php">
<p>
Comment:<br />
<textarea id="comment" name="comment" rows="10" cols="60"></textarea>
</p>
<p>
<input type="submit" class="submit" name="action"
value="Submit Comment" />
<input type="hidden" name="article"
value="<?php echo $_GET['article']; ?>" />
</p>
</form>
<?php
showComments($_GET['article'],FALSE);
require_once 'footer.php';
?>
<?php
require_once 'conn.php';
require_once 'outputfunctions.php';
require_once 'header.php';
$result = NULL;
if (isset($_GET['keywords'])) {
$sql = "SELECT article_id FROM cms_articles " .
"WHERE MATCH (title,body) " .
"AGAINST ('" . $_GET['keywords'] . "') " .
"ORDER BY MATCH (title,body) " .
"AGAINST ('" . $_GET['keywords'] . "') DESC";
$result = mysql_query($sql,$conn)
or die('Could not perform search; ' . mysql_error());
}
echo "<h1>Search Results</h1>\n";
if ($result and !mysql_num_rows($result)) {
echo "<p>No articles found that match the search terms.</p>\n";
} else {
while ($row = mysql_fetch_array($result)) {
outputStory($row['article_id'],TRUE);
}
}
require_once 'footer.php';
?>
<?php require_once 'header.php'; ?>
<form method="post" action="transact-user.php">
<h1>Member Login</h1>
<p>
E-mail Address:<br />
<input type="text" name="e-mail" maxlength="255" value="" />
</p>
<p>
Password:<br />
<input type="password" name="passwd" maxlength="50" />
</p>
<p>
<input type="submit" class="submit" name="action" value="Login" />
</p>
<p>
Not a member yet? <a href="useraccount.php">Create a new account!</a>
</p>
<p>
<a href="forgotpass.php">Forgot your password?</a>
</p>
</form>
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
require_once 'outputfunctions.php';
require_once 'header.php';
$sql = "SELECT article_id FROM cms_articles WHERE is_published=1 " .
"ORDER BY date_published DESC";
$result = mysql_query($sql,$conn);
if (mysql_num_rows($result) == 0) {
echo " <br />\n";
echo " There are currently no articles to view.\n";
} else {
while ($row = mysql_fetch_array($result)) {
outputStory($row['article_id'],TRUE);
}
}
require_once 'footer.php';
?>
<?php require_once 'header.php'; ?>
<form method="post" action="transact-user.php">
<h1>E-mail Password Reminder</h1>
<p>
Forgot your password? Just enter your e-mail address, and we'll e-mail
your password to you!
</p>
<p>
E-mail Address:<br />
<input type="text" id="e-mail" name="e-mail" />
</p>
<p>
<input type="submit" class="submit" name="action" value="Send my reminder!" />
</p>
</form>
<?php require_once 'footer.php'; ?>
<?php
require_once 'conn.php';
require_once 'outputfunctions.php';
require_once 'header.php';
outputStory($_GET['article']);
showComments($_GET['article'],TRUE);
require_once 'footer.php';
?>