phpBB2/admin/admin_words.php

   1 <?php
   2 /***************************************************************************
   3  *                              admin_words.php
   4  *                            -------------------
   5  *   begin                : Thursday, Jul 12, 2001
   6  *   copyright            : (C) 2001 The phpBB Group
   7  *   email                : support@phpbb.com
   8  *
   9  *   $Id: admin_words.php,v 1.10.2.6 2006/04/13 09:56:48 grahamje Exp $
  10  *
  11  *
  12  ***************************************************************************/
  13
  14 /***************************************************************************
  15  *
  16  *   This program is free software; you can redistribute it and/or modify
  17  *   it under the terms of the GNU General Public License as published by
  18  *   the Free Software Foundation; either version 2 of the License, or
  19  *   (at your option) any later version.
  20  *
  21  ***************************************************************************/
  22
  23 if( !empty($setmodules) )
  24 {
  25         $file = basename(__FILE__);
  26         $module['General']['Word_Censor'] = $file;
  27         return;
  28 }
  29
  30 define('IN_PHPBB', 1);
  31
  32 //
  33 // Load default header
  34 //
  35 $phpbb_root_path = "./../";
  36 require($phpbb_root_path . 'extension.inc');
  37
  38 $cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? true : false;
  39 $no_page_header = $cancel;
  40
  41 require('./pagestart.' . $phpEx);
  42
  43 if ($cancel)
  44 {
  45         redirect('admin/' . append_sid("admin_words.$phpEx", true));
  46 }
  47
  48 if( isset($HTTP_GET_VARS['mode']) || isset($HTTP_POST_VARS['mode']) )
  49 {
  50         $mode = (isset($HTTP_GET_VARS['mode'])) ? $HTTP_GET_VARS['mode'] : $HTTP_POST_VARS['mode'];
  51         $mode = htmlspecialchars($mode);
  52 }
  53 else
  54 {
  55         //
  56         // These could be entered via a form button
  57         //
  58         if( isset($HTTP_POST_VARS['add']) )
  59         {
  60                 $mode = "add";
  61         }
  62         else if( isset($HTTP_POST_VARS['save']) )
  63         {
  64                 $mode = "save";
  65         }
  66         else
  67         {
  68                 $mode = "";
  69         }
  70 }
  71
  72 // Restrict mode input to valid options
  73 $mode = ( in_array($mode, array('add', 'edit', 'save', 'delete')) ) ? $mode : '';
  74
  75 if( $mode != "" )
  76 {
  77         if( $mode == "edit" || $mode == "add" )
  78         {
  79                 $word_id = ( isset($HTTP_GET_VARS['id']) ) ? intval($HTTP_GET_VARS['id']) : 0;
  80
  81                 $template->set_filenames(array(
  82                         "body" => "admin/words_edit_body.tpl")
  83                 );
  84
  85                 $word_info = array('word' => '', 'replacement' => '');
  86                 $s_hidden_fields = '';
  87
  88                 if( $mode == "edit" )
  89                 {
  90                         if( $word_id )
  91                         {
  92                                 $sql = "SELECT *
  93                                         FROM " . WORDS_TABLE . "
  94                                         WHERE word_id = $word_id";
  95                                 if(!$result = $db->sql_query($sql))
  96                                 {
  97                                         message_die(GENERAL_ERROR, "Could not query words table", "Error", __LINE__, __FILE__, $sql);
  98                                 }
  99
 100                                 $word_info = $db->sql_fetchrow($result);
 101                                 $s_hidden_fields .= '<input type="hidden" name="id" value="' . $word_id . '" />';
 102                         }
 103                         else
 104                         {
 105                                 message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
 106                         }
 107                 }
 108
 109                 $template->assign_vars(array(
 110                         "WORD" => $word_info['word'],
 111                         "REPLACEMENT" => $word_info['replacement'],
 112
 113                         "L_WORDS_TITLE" => $lang['Words_title'],
 114                         "L_WORDS_TEXT" => $lang['Words_explain'],
 115                         "L_WORD_CENSOR" => $lang['Edit_word_censor'],
 116                         "L_WORD" => $lang['Word'],
 117                         "L_REPLACEMENT" => $lang['Replacement'],
 118                         "L_SUBMIT" => $lang['Submit'],
 119
 120                         "S_WORDS_ACTION" => append_sid("admin_words.$phpEx"),
 121                         "S_HIDDEN_FIELDS" => $s_hidden_fields)
 122                 );
 123
 124                 $template->pparse("body");
 125
 126                 include('./page_footer_admin.'.$phpEx);
 127         }
 128         else if( $mode == "save" )
 129         {
 130                 $word_id = ( isset($HTTP_POST_VARS['id']) ) ? intval($HTTP_POST_VARS['id']) : 0;
 131                 $word = ( isset($HTTP_POST_VARS['word']) ) ? trim($HTTP_POST_VARS['word']) : "";
 132                 $replacement = ( isset($HTTP_POST_VARS['replacement']) ) ? trim($HTTP_POST_VARS['replacement']) : "";
 133
 134                 if($word == "" || $replacement == "")
 135                 {
 136                         message_die(GENERAL_MESSAGE, $lang['Must_enter_word']);
 137                 }
 138
 139                 if( $word_id )
 140                 {
 141                         $sql = "UPDATE " . WORDS_TABLE . "
 142                                 SET word = '" . str_replace("\'", "''", $word) . "', replacement = '" . str_replace("\'", "''", $replacement) . "'
 143                                 WHERE word_id = $word_id";
 144                         $message = $lang['Word_updated'];
 145                 }
 146                 else
 147                 {
 148                         $sql = "INSERT INTO " . WORDS_TABLE . " (word, replacement)
 149                                 VALUES ('" . str_replace("\'", "''", $word) . "', '" . str_replace("\'", "''", $replacement) . "')";
 150                         $message = $lang['Word_added'];
 151                 }
 152
 153                 if(!$result = $db->sql_query($sql))
 154                 {
 155                         message_die(GENERAL_ERROR, "Could not insert data into words table", $lang['Error'], __LINE__, __FILE__, $sql);
 156                 }
 157
 158                 $message .= "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . append_sid("admin_words.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
 159
 160                 message_die(GENERAL_MESSAGE, $message);
 161         }
 162         else if( $mode == "delete" )
 163         {
 164                 if( isset($HTTP_POST_VARS['id']) ||  isset($HTTP_GET_VARS['id']) )
 165                 {
 166                         $word_id = ( isset($HTTP_POST_VARS['id']) ) ? $HTTP_POST_VARS['id'] : $HTTP_GET_VARS['id'];
 167                         $word_id = intval($word_id);
 168                 }
 169                 else
 170                 {
 171                         $word_id = 0;
 172                 }
 173
 174                 $confirm = isset($HTTP_POST_VARS['confirm']);
 175
 176                 if( $word_id && $confirm )
 177                 {
 178                         $sql = "DELETE FROM " . WORDS_TABLE . "
 179                                 WHERE word_id = $word_id";
 180
 181                         if(!$result = $db->sql_query($sql))
 182                         {
 183                                 message_die(GENERAL_ERROR, "Could not remove data from words table", $lang['Error'], __LINE__, __FILE__, $sql);
 184                         }
 185
 186                         $message = $lang['Word_removed'] . "<br /><br />" . sprintf($lang['Click_return_wordadmin'], "<a href=\"" . append_sid("admin_words.$phpEx") . "\">", "</a>") . "<br /><br />" . sprintf($lang['Click_return_admin_index'], "<a href=\"" . append_sid("index.$phpEx?pane=right") . "\">", "</a>");
 187
 188                         message_die(GENERAL_MESSAGE, $message);
 189                 }
 190                 elseif( $word_id && !$confirm)
 191                 {
 192                         // Present the confirmation screen to the user
 193                         $template->set_filenames(array(
 194                                 'body' => 'admin/confirm_body.tpl')
 195                         );
 196
 197                         $hidden_fields = '<input type="hidden" name="mode" value="delete" /><input type="hidden" name="id" value="' . $word_id . '" />';
 198
 199                         $template->assign_vars(array(
 200                                 'MESSAGE_TITLE' => $lang['Confirm'],
 201                                 'MESSAGE_TEXT' => $lang['Confirm_delete_word'],
 202
 203                                 'L_YES' => $lang['Yes'],
 204                                 'L_NO' => $lang['No'],
 205
 206                                 'S_CONFIRM_ACTION' => append_sid("admin_words.$phpEx"),
 207                                 'S_HIDDEN_FIELDS' => $hidden_fields)
 208                         );
 209                 }
 210                 else
 211                 {
 212                         message_die(GENERAL_MESSAGE, $lang['No_word_selected']);
 213                 }
 214         }
 215 }
 216 else
 217 {
 218         $template->set_filenames(array(
 219                 "body" => "admin/words_list_body.tpl")
 220         );
 221
 222         $sql = "SELECT *
 223                 FROM " . WORDS_TABLE . "
 224                 ORDER BY word";
 225         if( !$result = $db->sql_query($sql) )
 226         {
 227                 message_die(GENERAL_ERROR, "Could not query words table", $lang['Error'], __LINE__, __FILE__, $sql);
 228         }
 229
 230         $word_rows = $db->sql_fetchrowset($result);
 231         $db->sql_freeresult($result);
 232         $word_count = count($word_rows);
 233
 234         $template->assign_vars(array(
 235                 "L_WORDS_TITLE" => $lang['Words_title'],
 236                 "L_WORDS_TEXT" => $lang['Words_explain'],
 237                 "L_WORD" => $lang['Word'],
 238                 "L_REPLACEMENT" => $lang['Replacement'],
 239                 "L_EDIT" => $lang['Edit'],
 240                 "L_DELETE" => $lang['Delete'],
 241                 "L_ADD_WORD" => $lang['Add_new_word'],
 242                 "L_ACTION" => $lang['Action'],
 243
 244                 "S_WORDS_ACTION" => append_sid("admin_words.$phpEx"),
 245                 "S_HIDDEN_FIELDS" => '')
 246         );
 247
 248         for($i = 0; $i < $word_count; $i++)
 249         {
 250                 $word = $word_rows[$i]['word'];
 251                 $replacement = $word_rows[$i]['replacement'];
 252                 $word_id = $word_rows[$i]['word_id'];
 253
 254                 $row_color = ( !($i % 2) ) ? $theme['td_color1'] : $theme['td_color2'];
 255                 $row_class = ( !($i % 2) ) ? $theme['td_class1'] : $theme['td_class2'];
 256
 257                 $template->assign_block_vars("words", array(
 258                         "ROW_COLOR" => "#" . $row_color,
 259                         "ROW_CLASS" => $row_class,
 260                         "WORD" => $word,
 261                         "REPLACEMENT" => $replacement,
 262
 263                         "U_WORD_EDIT" => append_sid("admin_words.$phpEx?mode=edit&amp;id=$word_id"),
 264                         "U_WORD_DELETE" => append_sid("admin_words.$phpEx?mode=delete&amp;id=$word_id"))
 265                 );
 266         }
 267 }
 268
 269 $template->pparse("body");
 270
 271 include('./page_footer_admin.'.$phpEx);
 272
 273 ?>