X-Git-Url: https://jasonwoof.com/gitweb/?p=wfpl-cms.git;a=blobdiff_plain;f=admin_pages.php;h=3faba8258dbb1245842ff01cbd195c3e0da1a267;hp=8ac29d17f08ce37a7b8a1be4d2ff4a586035d6f2;hb=3b9b94e5e746542e8bacec485df87a265e7daeda;hpb=34d182fda5293ad42fc1157535080ba5a5d6d47f

diff --git a/admin_pages.php b/admin_pages.php
index 8ac29d1..3faba82 100644
--- a/admin_pages.php
+++ b/admin_pages.php
@@ -1,12 +1,12 @@
 <?php
 
-# This form requires wfpl. See: http://jasonwoof.org/wfpl
+# This form requires wfpl. See: http://sametwice.com/wfpl
 
 define('ADMIN_PAGES_DB_FIELDS', 'title,filename,navbar,nav_title,content,description,keywords');
 
 
-require_once('code/wfpl/format.php');
-require_once('code/wfpl/email.php');
+require_once(DOCROOT . 'inc/wfpl/format.php');
+require_once(DOCROOT . 'inc/wfpl/email.php');
 
 function format_cms_filename($str) {
 	$str = format_filename($str);
@@ -17,100 +17,91 @@ function format_cms_filename($str) {
 
 function admin_pages_get_fields() {
 	$data = array();
-	$data['title'] = format_oneline($_REQUEST['title']);
-	$data['filename'] = format_cms_filename($_REQUEST['filename']);
-	$data['navbar'] = format_oneline($_REQUEST['navbar'], 'navbar');
-	$data['nav_title'] = format_oneline($_REQUEST['nav_title']);
-	$data['content'] = format_unix($_REQUEST['content']);
-	$data['description'] = format_unix($_REQUEST['description']);
-	$data['keywords'] = format_unix($_REQUEST['keywords']);
+
+	$data['title'] = format_oneline(_REQUEST_cut('title'));
+	$data['filename'] = format_cms_filename(_REQUEST_cut('filename'));
+	$data['navbar'] = format_options(_REQUEST_cut('navbar'), 'navbar');
+	$data['nav_title'] = format_oneline(_REQUEST_cut('nav_title'));
+	$data['content'] = format_unix(_REQUEST_cut('content'));
+	$data['description'] = format_unix(_REQUEST_cut('description'));
+	$data['keywords'] = format_unix(_REQUEST_cut('keywords'));
 
 	return $data;
 }
 
 
-# You may pass a "where clause" for the db query.
-function admin_pages_display_listing($where = 'order by concat(nav_title,title)') {
-	$rows = db_get_assocs('cms_pages', 'id,filename,coalesce(nullif(nav_title,\'\'), title) as title', $where);
-	if($rows == false || count($rows) == 0) {
-		tem_set('listings', array('empty_listing' => true));
-		return;
+function admin_pages_main() {
+	session_auth_must('edit_page');
+
+	$id = _REQUEST_cut('edit_id');
+	if($id) {
+		return admin_pages_main_form($id);
 	}
 
-	# make sure there's something clickable
-	foreach($rows as &$row) {
-		if($row['filename'] == '') {
-			$row['filename'] = '-- offline --';
-		}
-		if($row['title'] == '') {
-			$row['title'] = '-- untitled --';
-		}
+	$id = _REQUEST_cut('admin_pages_delete_id');
+	if($id) {
+		return admin_pages_main_delete($id);
 	}
-	tem_set('listings', array(
-		'populated_listing' => true,
-		'rows' => $rows));
-	return true;
-}
 
-function admin_pages_main() {
-	if(!logged_in_as_admin()) {
-		$_REQUEST['url'] = this_url();
-		return 'admin_login';
+	if(_REQUEST_cut('new')) {
+		return admin_pages_main_form();
 	}
 
-	tem_set('this_host', this_host());
+	if(_REQUEST_cut('list')) {
+		return admin_pages_main_listing();
+	}
 
-	if(isset($_REQUEST['admin_pages_id'])) {
-		return admin_pages_display_main();
-	} else {
-		return admin_pages_edit_main();
+	$id = _REQUEST_cut('id');
+	if($id) {
+		return admin_pages_main_display($id);
 	}
+
+	if(isset($_POST['title'])) {
+		return admin_pages_main_form();
+	}
+
+	# default action:
+	return admin_pages_main_listing();
 }
 
 # admin-only access to view pages with no filename
-function admin_pages_display_main() {
-	$id = format_int($_REQUEST['admin_pages_id']);
-	unset($_REQUEST['admin_pages_id']);
-	if(!$id) {
-		message('Error: Broken link');
-		return './admin_pages';
-	}
+function admin_pages_main_display($id) {
 	cms_display_content($GLOBALS['wfpl_main_template'], 'where id=%i', $id);
 }
 
-function admin_pages_edit_main() {
-	$edit_id = format_int($_REQUEST['admin_pages_edit_id']);
-	unset($_REQUEST['admin_pages_edit_id']);
-	if($edit_id) {
-		# add hidden field for database id of row we're editing
-		tem_set('admin_pages_edit_id', $edit_id);
-		tem_set('editing', 'show');
-		tem_set('edit_msg', 'show');
-	}
-
-	$delete_id = format_int($_REQUEST['admin_pages_delete_id']);
-	unset($_REQUEST['admin_pages_delete_id']);
-	if($delete_id) {
-		db_delete('cms_pages', 'where id=%i', $delete_id);
-		message('Page deleted.');
+function admin_pages_main_delete($id) {
+	db_delete('cms_pages', 'where id=%i', $id);
+	message('Page deleted.');
+	return './admin_pages';
+}
 
-		return './admin_pages';
+function admin_pages_get_images() {
+	$images = db_get_assocs('cms_images', 'image,name,caption,sizes', 'order by name, caption, image');
+	$id = 0;
+	foreach($images as &$image) {
+		$image['id'] = '' . $id;
+		$id += 1;
 	}
+	return $images;
+}
 
-	if(!$edit_id) {
-		if(!isset($_REQUEST['admin_pages_new']) && !isset($_REQUEST['title'])) {
-			admin_pages_display_listing();
-			return;
-		}
+function admin_pages_main_listing() {
+	$listing_rows = db_get_assocs('cms_pages', 'id,filename,coalesce(nullif(nav_title,\'\'), title) as title', 'order by concat(nav_title,title)');
+	tem_set('listings', $listing_rows);
+}
 
-		tem_set('new_msg', 'show');
+function admin_pages_main_form($id = false) {
+	if($id) {
+		tem_set('id', $id);
 	}
 
+	tem_set('$basename', 'admin_pages');
+
 	$navbar_options = array(array('ignored', 'Not at all'), array('0', 'First'));
 	$rows = db_get_rows('cms_pages', 'id,coalesce(nullif(nav_title,\'\'), title) as title,navbar', 'where navbar != 0 order by navbar');
 	if($rows) for($i = 0; $i < count($rows); ++$i) {
 		list($other_id, $other_title, $other_ord) = $rows[$i];
-		if($other_id != $edit_id) { # don't display ourselves
+		if($other_id != $id) { # don't display ourselves
 			$navbar_options[] = array($i + 1, "After \"$other_title\"");
 		}
 	}
@@ -121,16 +112,16 @@ function admin_pages_edit_main() {
 
 		# We'll save anything (no required fields)
 
-		$data['navbar'] = db_reposition('cms_pages', $edit_id, $data['navbar'], 'navbar', 'page');
+		$data['navbar'] = db_reposition('cms_pages', $id, $data['navbar'], 'navbar', 'page');
 
 		if($data['navbar'] && $data['filename'] == '') {
 			message('This page was removed from the navigation column because it does not have a filename. (Pages without filenames are visible only to admins.)');
 			$data['navbar'] = 0;
 		}
 
-		if($edit_id) {
-			db_update_assoc('cms_pages', $data, 'where id=%i', $edit_id);
-			$id = $edit_id;
+		if($id) {
+			db_update_assoc('cms_pages', $data, 'where id=%i', $id);
+			$id = $id;
 			message('Page updated.');
 		} else {
 			db_insert_assoc('cms_pages', $data);
@@ -140,22 +131,22 @@ function admin_pages_edit_main() {
 		if($data['filename']) {
 			return "./$data[filename]";
 		} else {
-			return "./admin_pages?admin_pages_id=$id";
+			return "./admin_pages?id=$id";
 		}
-	} elseif($edit_id) {
+	} elseif($id) {
 		# we've recieved an edit id, but no data. So we grab the values to be edited from the database
-		$data = db_get_assoc('cms_pages', ADMIN_PAGES_DB_FIELDS, 'where id=%i', $edit_id);
+		$data = db_get_assoc('cms_pages', ADMIN_PAGES_DB_FIELDS, 'where id=%i', $id);
 		if($data['navbar']) {
 			$data['navbar'] = db_count('cms_pages', 'where navbar!=0 && navbar<%i', $data['navbar']);
 		} else {
 			$data['navbar'] = 'ignored';
 		}
 	} else {
-		# form not submitted, you can set default values like so:
-		#$data = array('title' => 'Yes');
+		# form not submitted, set default values:
 		$data = array('filename' => format_cms_filename($_REQUEST['new_filename']));
 	}
 
+	tem_set('wfpl_images', admin_pages_get_images());
 	tem_set('form', $data);
-	tem_set('$head', 'show'); # wysiwyg init goes in <head>
+	tem_set('$head'); # wysiwyg init goes in <head>
 }