Jump to content

admin user - code to move enteries.

mccdave

By mccdave
in PHP Coding Help

 Share

Recommended Posts

mccdave Member

mccdave

Posted
Posted

Hi all

A friend of mine has made the following website:

http://www.mickleovercommunitycentre.co.uk/TESTING/guestbooknodate/

 

you can login and change the text on the page (login passwork: admin). Its fine for what we need.

 

However it would be good to have the ability to move enteries up/down on the page.

 

EG:

Monday

entry 1

 

Tuesday

entry 1

 

Thursday          need buttons to move up/down (ie below the wed post)

entry 1

 

Wednesday

entry 1

The friend who has made this has gone travelling and I cannot get in touch with him.

 

I myself know nothing of writing php so if anyone would be kind enough to help I would be very grateful indeed!

 

Cheers for reading this post, hope you can help!

 

Dave

 

PS this is the code: (apologies it is the whole thing)

 

<?php ob_start(); header("Cache-Control: no-cache, must-revalidate"); ?> 
<style type="text/css">
<!--
#Layer1 {
position:absolute;
left:132px;
top:148px;
width:542px;
height:308px;
z-index:1;
}
-->
</style>
<link href="../testing.css" rel="stylesheet" type="text/css" />
<style type="text/css">
<!--
#Layer2 {
position:absolute;
left:429px;
top:34px;
width:243px;
height:224px;
z-index:2;
}
-->
</style>
<script language="JavaScript" type="text/JavaScript">
<!--
function MM_reloadPage(init) {  //reloads the window if Nav4 resized
  if (init==true) with (navigator) {if ((appName=="Netscape")&&(parseInt(appVersion)==4)) {
    document.MM_pgW=innerWidth; document.MM_pgH=innerHeight; onresize=MM_reloadPage; }}
  else if (innerWidth!=document.MM_pgW || innerHeight!=document.MM_pgH) location.reload();
}
MM_reloadPage(true);
//-->
</script>
<div id="Layer1" class="guestbooktext"> 
  <?php
define('ADMIN_USER',	'admin');
define('ADMIN_PASS',	'admin');

define('GB_FILE',	'gb.dat');
define('DATE_FORMAT',	'');
define('MAX_PER_PAGE',	5);

define('MAX_NAME_LEN',	32);
define('MIN_MESG_LEN',	3);
define('MAX_MESG_LEN',	60000);
define('POST_TIME',	5);

define('ALLOW_URLS',	false);

define('SELF',		$_SERVER['PHP_SELF']);
/*================================*\
  -- end user variables --
\*================================*/

define('FUNC', isset($_GET['func']) ? $_GET['func'] : NULL);
define('P', isset($_GET['p']) ? (int) $_GET['p'] : 1);

if (FUNC == 'logout') {
echo '<p>You are logged out.</p>';

setcookie ('password', '');
unset($_COOKIE['password'], $password);
}

if (isset($_POST['password'])) {
$password = md5($_POST['password']);

if ($password == md5(ADMIN_PASS)) {
	setcookie('password', $password);
}
} else {
$password = isset($_COOKIE['password']) ? $_COOKIE['password'] : NULL;
}

ob_end_flush();





switch (FUNC)
{
/*================================*\
	-- default --
\*================================*/

default:
if (!$fp = @fopen(GB_FILE, 'r')) {
	echo '<p>failed to open: '.GB_FILE.'</p>';
	break;
}

$i = 0;
$data = NULL;

$to_show = (P * MAX_PER_PAGE) - MAX_PER_PAGE;

if (P > 1) echo '<p><b>Page '.P.'</b></p>';

while (!feof($fp)) {
	$i++;

	if ($i > ($to_show + MAX_PER_PAGE)) break;

	$data = fgets($fp, 4096);

	if (empty($data)) break;

	if ($i > $to_show) {
		list ($date, $name, $mesg, $ip) = str_replace('\|', '|', preg_split('/(?<!\\\)(\|)/', $data));

		echo ("\n<p><b>$name</b>  ".date(DATE_FORMAT, $date)."<br />$mesg</p>");
	}
}

if ($i > MAX_PER_PAGE) {
	$line_count = substr_count(fread($fp, filesize(GB_FILE)), "\n") + $i;
	$line_count = ceil($line_count / MAX_PER_PAGE);

	$s = 1;
	$f = $line_count + 1;

	echo "\n".'<p>Page: # ';
	if ($line_count > MAX_PER_PAGE) {
		if (P < 6) {
			$s = 1;
			$f = 10;
		} elseif (($line_count-P) < 6) {
			$s = $line_count - 8;
			$f = $line_count;
		} else {
			$s = P -3;
			$f = $s + 8;
		}

		echo (P > 5) ? ' <a href="'.SELF.'">1</a>-' : NULL;
	}

	for ($k=$s; $k<$f; $k++) {
		echo ($k == P) ? "$k " : "<a href=\"".SELF."?p=$k\">$k</a> ";
	}

	echo ($k <= $line_count) ? "of <a href=\"".SELF."?p=$line_count\">$line_count</a></p>" : '</p>';

}

fclose($fp);
break;


/*================================*\
	 -- sign --
\*================================*/

case 'sign':

$name = (isset($_POST['name'])) ? strip_chars($_POST['name']) : NULL;
$mesg = (isset($_POST['mesg'])) ? strip_chars($_POST['mesg']) : NULL;

$naughty = array("fuck", "shit", "piss", "bollocks", "cunt", "asshole", "Fuck", "Shit", "Piss", "Bollocks", "Cunt", "Asshole", "FUCK", "SHIT", "PISS", "BOLLOCKS", "CUNT", "ASSHOLE",);
$mesg = str_replace($naughty, "*****", $mesg);

if (isset($_POST['submit'])) {
	$errors = NULL;
	$now = time();

	$name_len = strlen($name);
	$mesg_len = strlen($mesg);

	if ($name) {
		if ($name_len > MAX_NAME_LEN) {
			$errors = '- Name is too long, '.$name_len.' (Max: '.MAX_NAME_LEN.')<br />';
		}
	} else {
		$errors = '- Title field is empty<br />';
	}

	if ($mesg) {
		if ($mesg_len > MAX_MESG_LEN) {
			$errors.= '- Message is too long, '.$mesg_len.' (Max: '.MAX_MESG_LEN.')<br />';
		} elseif ($mesg_len < MIN_MESG_LEN) {
			$errors.= '- Message is too short  (Min: '.MIN_MESG_LEN.')<br />';
		}
	} else {
		$errors.= '- Text field is empty<br />';
	}

	if (!$fp = @fopen(GB_FILE, 'r')) {
		echo 'Unable to open guestbook file for reading, check location and file permissions.';
		break;
	}

	list($date, , , $ip) = fgetcsv($fp, 4096, '|');

	fclose($fp);

	if ($_SERVER['REMOTE_ADDR'] == $ip && $now < $date+POST_TIME) {
		$errors.= 'You are trying to post to soon after your last message';
	}

	if ($errors) {
		echo '<p>'.$errors.'</p>';
	} else {
		if ($name == ADMIN_USER) {
			if (@$_POST['pass'] != ADMIN_PASS && $password != md5(ADMIN_PASS)) {
				echo '<p>This username requires a password</p>';
				echo '<form method="post" action="'.SELF.'?func=sign"><p><input type="password" name="pass" size="20" /> <input type="submit" value="Add" name="submit" /><input type="hidden" name="name" value="'.$name.'" /><input type="hidden" name="mesg" value="'.$mesg.'" /></p></form>';
				break;
			}
		}

		$filesize = filesize(GB_FILE);
		$filesize = (empty($filesize)) ? 1024 : $filesize;

		if (!$fp = @fopen(GB_FILE, 'r+')) {
			echo 'Unable to open guestbook file for reading and writing, check location and file permissions.';
			break;
		}

		$data = fread($fp, $filesize);
		rewind($fp);

		fwrite($fp, "$now|".str_replace("\n", NULL, str_replace('|', '\|', $name)).' |'.str_replace("\n", '<br />', bbcode($mesg)).' |'.$_SERVER['REMOTE_ADDR'].'|');

		if (! empty($data)) fwrite($fp, "\n". $data);

		fclose($fp);

		echo '<p>Your message has been added<br />Go to the <a href="'.SELF.'">main</a> page to view it</p>';

		break;
	}

}

echo "\n".'<form method="post" action="'.SELF.'?func=sign"><p><label for="name">Title:</label><br /><input type="text" name="name" id="name" value="'.$name.'" size="24" /><br /><label for="mesg">Text:</label> <a href="'.SELF.'?func=bbcode"></a><br /><textarea name="mesg" id="mesg" cols="20" rows="4">'.$mesg.'</textarea><br /><input type="submit" name="submit" value="Add" /></p></form>';
break;
/*================================*\
	 -- admin --
\*================================*/

case 'admin':
if ($password == md5(ADMIN_PASS)) {
	if (isset($_GET['d'])) {
		/*================================*\
			 -- admin delete --
		\*================================*/

		if (isset($_GET['c'])) {
			if (!$fp = @fopen(GB_FILE, 'r')) {
				echo 'Unable to open guestbook file for reading , check location and file permissions.';
				break;
			}

			$output = '';

			while (!feof($fp)) {
				$line = fgets($fp, 4096);

				if (substr($line, 0, 10) == $_GET['d']) {
					$output .= fread($fp, filesize(GB_FILE));

					fclose($fp);

					if (!$fp = @fopen(GB_FILE, 'w')) {
						echo 'Unable to open guestbook file for writing, check location and file permissions.';
						break;
					}

					fwrite($fp, $output);
					fclose($fp);

					echo '<p>Text has been <b>deleted</b>.<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page<br /></p>';
					break 2;
				} else {
					$output .= $line;
				}
			}

			fclose($fp);

			echo '<p>There was an error deleting this post, it doesn\'t seem to exist<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page and try again</p>';
		}


		if (!$fp = @fopen(GB_FILE, 'r')) {
			echo 'Unable to open guestbook file for reading, check location and file permissions.';
			break;
		}

		while (!feof($fp)) {
			$line = fgets($fp, 4906);

			if (substr($line, 0, 10) == $_GET['d']) {
				list($date, $name, $mesg) = explode ('|', $line);

				echo '<p>Are you sure you want to delete this entry?</p>';
				echo '<p><b>'.$name.'</b> - on '.date(DATE_FORMAT, $date).'<br />'.$mesg.'</p>';
				echo '<p><a href="'.SELF.'?func=admin&d='.$_GET['d'].'&c=1">Yes</a> - <a href="'.SELF.'?func=admin">No</a></p>';

				break 2;
			}
		}

		fclose($fp);

		echo '<p>There was an error finding this post, it doesn\'t seem to exist<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page and try again</p>';
	} elseif (isset($_GET['e'])) {
		/*================================*\
			  -- admin edit --
		\*================================*/

		if (isset($_GET['c'])) {
			$name = (isset($_POST['name'])) ? strip_chars($_POST['name']) : NULL;
			$mesg = (isset($_POST['mesg'])) ? strip_chars($_POST['mesg']) : NULL;

			$errors = NULL;

			$name_len = strlen($name);
			$mesg_len = strlen($mesg);

			if ($name) {
				if ($name_len > MAX_NAME_LEN) {
					$errors = '- Name is too long, '.$name_len.' (Max: '.MAX_NAME_LEN.')<br />';
				}
			} else {

				$errors = '- Title field is empty<br />';
			}

			if ($mesg) {

				if ($mesg_len > MAX_MESG_LEN) {
					$errors.= '- Message is too long, '.$mesg_len.' (Max: '.MAX_MESG_LEN.')<br />';
				} elseif ($mesg_len < MIN_MESG_LEN) {
					$errors.= '- Message is too short  (Min: '.MIN_MESG_LEN.')<br />';
				}
			} else {
				$errors.= '- Text field is empty<br />';
			}

			if ($errors) {
				echo '<p>'.$errors.'</p>';
			} else {
				if (!$fp = @fopen(GB_FILE, 'r')) {
					echo 'Unable to open guestbook file for reading, check location and file permissions.';
					break;
				}

				$output = '';

				while (!feof($fp)) {
					$line = fgets($fp, 4096);

					if (substr($line, 0, 10) == $_GET['e']) {
						list($date, , , $ip) = str_replace('\|', '|', preg_split("/(?<!\\\)(\|)/", $line));

						$output .= $date.'|'.str_replace("\n", NULL, str_replace('|', '\|', $name)).' |'.str_replace("\n", '<br />', bbcode($mesg)).' |'.$ip."|\n".fread($fp, filesize(GB_FILE));

						fclose($fp);

						$fp = @fopen(GB_FILE, 'w');
							fwrite($fp, $output);
						fclose($fp);

						echo '<p>Text has been <b>edited</b>.<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page<br /></p>';

						break 2;
					} else {
						$output .= $line;
					}
				}

				fclose($fp);

				echo '<p>There was an error finding this post, it doesn\'t seem to exist<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page and try again</p>';
			}

		}

		if (isset($_POST['submit'])) {
			echo "\n".'<form method="post" action="'.SELF.'?func=admin&e='.$_GET['e'].'&c=1"><p><label for="name">Title:</label><br /><input type="text" name="name" id="name" value="'.$name.'" size="24" /><br /><label for="mesg">Text:</label> <a href="'.SELF.'?func=bbcode"></a><br /><textarea name="mesg" id="mesg" cols="20" rows="4">'.$mesg.'</textarea><br /><input type="submit" name="submit" value="Edit" /></p></form>';
			break;
		}


		if (!$fp = @fopen(GB_FILE, 'r')) {
			echo 'Unable to open guestbook file for reading, check location and file permissions.';
			break;
		}

		while (!feof($fp)) {
			$line = fgets($fp, 4906);

			if (substr($line, 0, 10) == $_GET['e']) {
				list(, $name, $mesg) = str_replace('\|', '|', preg_split("/(?<!\\\)(\|)/", $line));

				$mesg = preg_replace("(\<b\>(.+?)\<\/b>)is", "[b]$1[/b]", $mesg);
				$mesg = preg_replace("(\<i\>(.+?)\<\/i\>)is", "[i]$1[/i]", $mesg);
				$mesg = preg_replace("(\<u\>(.+?)\<\/u\>)is", "[u]$1[/u]", $mesg);
				$mesg = preg_replace("(\<del\>(.+?)\<\/del\>)is", "[s]$1[/s]", $mesg);

				$mesg = str_replace('<br />', "\n", $mesg);
				$mesg = strip_tags($mesg);

				echo "\n".'<form method="post" action="'.SELF.'?func=admin&e='.$_GET['e'].'&c=1"><p><label for="name">Title:</label><br /><input type="text" name="name" id="name" value="'.$name.'" size="24" /><br /><label for="mesg">Text:</label> <a href="'.SELF.'?func=bbcode"></a><br /><textarea name="mesg" id="mesg" cols="20" rows="4">'.$mesg.'</textarea><br /><input type="submit" name="submit" value="Edit" /></p></form>';

				break 2;
			}
		}

		fclose($fp);

		echo '<p>There was an error finding this post, it doesn\'t seem to exist<br />Go back to the <a href="'.SELF.'?func=admin">admin</a> page and try again</p>';
	}
	else
	{
		/*================================*\
			 -- admin default --
		\*================================*/

		$gb_size = filesize(GB_FILE);

		echo '<p>======================<br />';
		echo 'file size: '.round($gb_size / 1024, 1).'KB<br />';
		echo '<br />======================</p>';

		echo '<p><a href="'.SELF.'">View Text</a> - <a href="'.SELF.'?func=sign">Add Text</a></p>';

		if (!$fp = @fopen(GB_FILE, 'r')) {
			echo 'Unable to open guestbook file for reading and writing, check location and file permissions.';
			break;
		}

		$i = 0;
		$data = NULL;

		$to_show = (P * MAX_PER_PAGE) - MAX_PER_PAGE;

		if (P > 1) echo '<p><b>Page '.P.'</b></p>';

		while (!feof($fp)) {
			$i++;

			if ($i > ($to_show + MAX_PER_PAGE)) break;

			$data = fgets($fp, 4096);

			if (empty($data)) break;

			if ($i > $to_show) {
				list ($date, $name, $mesg, $ip) = str_replace('\|', '|', preg_split("/(?<!\\\)(\|)/", $data));
				echo ("\n<p><a href=\"".SELF."?func=admin&e=$date\">[edit]</a> <a href=\"".SELF."?func=admin&d=$date\">[delete]</a> <a href=\"http://whois.sc/$ip\">[whois]</a><br /><span><b>$name</b> on ".date(DATE_FORMAT, $date)."</span><br />$mesg</p>");
			}
		}

		if ($i > MAX_PER_PAGE) {
			$line_count = substr_count(fread($fp, $gb_size), "\n") + $i;
			$line_count = ceil($line_count / MAX_PER_PAGE);

			$s = 1;
			$f = $line_count + 1;

			echo "\n".'<p>Page: # ';

			if ($line_count > MAX_PER_PAGE) {
				if (P < 6) {
					$s = 1;
					$f = 10;
				} elseif (($line_count-P) < 6) {
					$s = $line_count - 8;
					$f = $line_count;
				} else {
					$s = P -3;
					$f = $s + 8;
				}

				echo (P > 5) ? ' <a href="'.SELF.'?func=admin">1</a>-' : NULL;
			}

			for ($k=$s; $k<=$f; $k++) {
				echo ($k == P) ? "$k " : "<a href=\"".SELF."?func=admin&p=$k\">$k</a> ";
			}

			echo ($k <= $line_count) ? "of <a href=\"".SELF."?func=admin&p=$line_count\">$line_count</a></p>" : '</p>';
		}

		fclose($fp);
	}
} else {
	if (isset($_POST['submit'])) echo '<p>Sorry wrong password</p>';

	echo "\n".'<form method="post" action="'.SELF.'?func=admin"><p><input type="password" name="password" size="20" /> <input type="submit" value="Login" name="submit" /></p></form>';
}
break;


/*================================*\
	 -- BBCode --
\*================================*/
case 'bbcode':
echo '
	<p>BBCode is a way of putting special effects into your text.  The allowed BBCode is:</p>
	<ul>
	<li>[b]<b>bold</b>[/b]</li>
	<li>[i]<i>italic</i>[/i]</li>
	<li>[u]<u>underline</u>[/u]</li>
	<li>[s]<del>strikethrough</del>[/s]</li>
	</ul>
	<p>For example: to make <b>this</b> bold.  when posting a message add the tags [b] and [/b] around the text (as seen above).</p>
';
break;
}


/*================================*\
   -- functions --
\*================================*/

function strip_chars($var) {
return trim(str_replace("\r", NULL, htmlspecialchars(stripslashes(strip_tags($var)), ENT_QUOTES)));
}

function bbcode($var) {
if (ALLOW_URLS == true)
	$var = preg_replace('/http:\/\/[\w]+(.[\w]+)([\w\-\.,@?^=%&:\/~\+#]*[\w\-\@?^=%&\/~\+#])?/i', '<a href="$0">$0</a>', $var);

$var = preg_replace('(\[b\](.+?)\[\/b\])is', '<b>$1</b>', $var);
$var = preg_replace('(\[i\](.+?)\[\/i\])is', '<i>$1</i>', $var);
$var = preg_replace('(\[u\](.+?)\[\/u\])is', '<u>$1</u>', $var);
$var = preg_replace('(\[s\](.+?)\[\/s\])is', '<del>$1</del>', $var);

return trim(str_replace('|', '\|', $var));
}

/*================================*\
 -- end functions --
\*================================*/


echo "\n".'<p><span><a href="'.SELF.'?func=admin">Admin Logon</a>';
if (!empty($password)) echo ' <a href="'.SELF.'?func=logout">Logout</a>';
echo '</span></p>';
?>
</div>


<div id="Layer2" style="position:absolute; left:34px; top:28px; width:207px; height:83px; z-index:2"><img src="../images/logo_03.jpg" width="544" height="119"></div>

 

Link to comment
https://forums.phpfreaks.com/topic/84306-admin-user-code-to-move-enteries/
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.