Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tree: d7d2730f9d
Fetching contributors…

Cannot retrieve contributors at this time

executable file 219 lines (194 sloc) 5.336 kB
<?php
$location = "../";
require_once($location. "includes/framework.php");
if ($_GET['p'])
{
$page = $_GET['p'];
}
else if ($_GET['page'])
{
$page = $_GET['page'];
}
else
{
$page = get_short_url(0);
}
// Get category from URL.
if ($_GET['c'])
{
$cat = $_GET['c'];
}
else if ($_GET['category'])
{
$cat = $_GET['category'];
}
else
{
$cat = get_short_url(1);
}
// Get search from URL.
if ($_GET['s'])
{
$search = $_GET['s'];
}
else if ($_GET['search'])
{
$search = $_GET['search'];
}
//
// Determine which mode to select a query from.
if ($page != "" && $search == "" && $cat == "")
{
//
// Show a single page.
$mode = "single";
$mode_text = "Page";
// Query database (and check if $page is a number or something else).
if (is_numeric($page))
{
// Is a number
$query = "SELECT * FROM " .DB_PREFIX. "page WHERE page_id = '" .$db->escape($page). "''";
}
else
{
// Is a string (text)
$page = urldecode($page);
$query = "SELECT * FROM " .DB_PREFIX. "page WHERE page_url = '" .$db->escape($page). "'";
}
}
else if ($cat != "" && $search == "")
{
//
// Show listings of categories.
$mode = "category";
$mode_text = "Category";
// Query database (and check if $page is a number or something else).
if (is_numeric($cat))
{
// Is a number
$query = "SELECT * FROM " .DB_PREFIX. "page WHERE page_category = '" .$db->escape($cat). "' ORDER BY page_id DESC LIMIT 5";
}
else
{
// Is a string (text)
$cat = urldecode($cat);
$query = "SELECT * FROM " .DB_PREFIX. "category WHERE category_url = '" .$db->escape($cat). "'";
$result = $db->query($query);
$row_cat = $db->fetch_array($result);
$query = "SELECT * FROM " .DB_PREFIX. "page WHERE page_category = '" .$db->escape($row_cat['category_id']). "' ORDER BY page_id DESC LIMIT 5";
}
}
else if ($search != "")
{
//
// Show search results.
$mode = "search";
$mode_text = "Search";
$search = trim($search);
$query = "SELECT * FROM " .DB_PREFIX. "page WHERE page_text LIKE '%" .$db->escape($search). "%' ORDER BY page_id DESC LIMIT 5";
}
else if (is_numeric($_POST['comment']))
{
//
// Save a comment.
$id = $_POST['comment'];
$author = xss_protect($_POST['author']);
$email = xss_protect($_POST['email']);
$text = xss_protect($_POST['text']);
$verify = $_POST['verify'];
setcookie("author", $author, time()+3600*24*7);
setcookie("email", $email, time()+3600*24*7);
setcookie("text", $text, time()+3600*24*7); // Set a cookie to save author's content, temporary.
// Check for empty required fields.
$required_fields = array($id, $author, $email, $text, $verify);
required_fields_array($required_fields);
if (($_POST['rand1'] + $_POST['rand2']) != $verify)
{
report_error("E_MSG", "Incorrect anti-spam verification.");
}
else
{
// Remove temp cookie.
setcookie("text", $text, time()-3600*24*7);
}
$query = "INSERT INTO " .DB_PREFIX. "comment(comment_page, comment_author, comment_email, comment_text, comment_ip, comment_datetime)
VALUES('" .$db->escape($id). "', '" .$db->escape($author). "', '" .$db->escape($email). "', '" .$db->escape($text). "', '" .$_SERVER['REMOTE_ADDR']. "', '" .time(). "')";
$result = $db->query($query);
header("Location: ./?p=" .$id. "#comments");
exit();
}
else
{
//
// No attributes are defined (i.e. the front page), show a list of entries.
$mode = "index";
$mode_text = "Index";
$query = "SELECT * FROM " .DB_PREFIX. "page ORDER BY page_id DESC LIMIT 5";
}
//
// Handle the query (according to the mode).
$result = $db->query($query);
$num_rows = $db->num_rows($result);
if ($num_rows == 0)
{
if ($mode == "search")
{
$pg['header'] = "Search";
$pg['title'] = generateTitle($pg['header']);
$msg = "<p>No search results found.</p>";
$pg['content'] .= display_get($msg, "search.php");
}
else
{
$pg['header'] = "Error";
$pg['title'] = generateTitle($pg['header']);
$msg = "<p>Item not found.</p>";
$pg['content'] .= display_get($msg, "error.php");
}
display_template();
exit();
}
while ($row = $db->fetch_array($result))
{
extract($row);
// If it is a lone article, display the full title. Otherwise just display the title of the website.
if ($mode == "index")
{
$pg['title'] = generateTitle($mode_text);
}
else
{
$pg['title'] = generateTitle($page_title);
}
$pg['header'] = $page_title;
$pg['url'] = "./?p=" .$page_id;
$pg['id'] = $page_id;
$pg['author'] = $page_author;
$pg['date'] = $page_datetime;
// If it is a lone article, display
if ($mode == "single")
{
$pg['content'] .= display_get($page_text, "single.php");
}
else if ($mode == "search")
{
$pg['content'] .= display_get($page_text_short, "search_content.php");
}
else
{
$pg['content'] .= display_get($page_text_short, "index_content.php");
}
}
if ($mode == "single")
{
// Although we probably should, we aren't going to query comments here. We do that elsewhere.
$pg['content'] .= display_get("", "comment.php");
}
else if ($mode == "search")
{
$pg['header'] = "Search";
$pg['title'] = generateTitle($pg['header']);
$pg['content'] = display_get($pg['content'], "search.php");
}
display_template();
?>
Jump to Line
Something went wrong with that request. Please try again.