<?php
// $Id$
//
// Links
// Copyright (C) 2002 Mike Little -- mike@zed1.com
//
// This is an add-on to b2 weblog / news publishing tool
// b2 is copyright (c)2001, 2002 by Michel Valdrighi - m@tidakada.com
//
// **********************************************************************
// Copyright (C) 2002 Mike Little
//
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 2 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful, but
// WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
// General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
//
// Mike Little (mike@zed1.com)
// *****************************************************************

include_once('../wp-links/links.config.php');
include_once("../wp-links/links.php");

$title = "Manage Links";

function add_magic_quotes($array) {
	foreach ($array as $k => $v) {
		if (is_array($v)) {
			$array[$k] = add_magic_quotes($v);
		} else {
			$array[$k] = addslashes($v);
		}
	}
	return $array;
} 

if (!get_magic_quotes_gpc()) {
	$HTTP_GET_VARS    = add_magic_quotes($HTTP_GET_VARS);
	$HTTP_POST_VARS   = add_magic_quotes($HTTP_POST_VARS);
	$HTTP_COOKIE_VARS = add_magic_quotes($HTTP_COOKIE_VARS);
}

$b2varstoreset = array('action','standalone','cat_id', 'linkurl', 'name', 'image',
                       'description', 'visible', 'target', 'category', 'link_id',
                       'submit', 'order_by', 'links_show_cat_id', 'rating', 'rel');
for ($i=0; $i<count($b2varstoreset); $i += 1) {
    $b2var = $b2varstoreset[$i];
    if (!isset($$b2var)) {
        if (empty($HTTP_POST_VARS["$b2var"])) {
            if (empty($HTTP_GET_VARS["$b2var"])) {
                $$b2var = '';
            } else {
                $$b2var = $HTTP_GET_VARS["$b2var"];
            }
        } else {
            $$b2var = $HTTP_POST_VARS["$b2var"];
        }
    }
}

$links_show_cat_id = $HTTP_COOKIE_VARS["links_show_cat_id"];

//error_log("start, links_show_cat_id=$links_show_cat_id");  

switch ($action) {
  case "Add":
  {
    $standalone = 1;
    include_once("./b2header.php");

    $link_url = $HTTP_POST_VARS["linkurl"];
    $link_name = $HTTP_POST_VARS["name"];
    $link_image = $HTTP_POST_VARS["image"];
    $link_target = $HTTP_POST_VARS["target"];
    $link_category = $HTTP_POST_VARS["category"];
    $link_description = $HTTP_POST_VARS["description"];
    $link_visible = $HTTP_POST_VARS["visible"];
    $link_rating = $HTTP_POST_VARS["rating"];
    $link_rel = $HTTP_POST_VARS["rel"];
    $auto_toggle = get_autotoggle($link_category);

    if ($user_level < $minadminlevel)
      die ("Cheatin' uh ?");

    // if we are in an auto toggle category and this one is visible then we
    // need to make the others invisible before we add this new one.
    if (($auto_toggle == 'Y') && ($link_visible == 'Y')) {
      $sql = "UPDATE $tablelinks set link_visible = 'N' WHERE link_category = $link_category";
      $sql_result = mysql_query($sql) or die("Couldn't execute query."."sql=[$sql]". mysql_error());
    }

    $sql = "INSERT INTO $tablelinks (link_url, link_name, link_image, link_target, link_category, link_description, link_visible, link_owner, link_rating, link_rel) " .
      " VALUES('" . addslashes($link_url) . "','"
           . addslashes($link_name) . "', '"
           . addslashes($link_image) . "', '$link_target', $link_category, '"
           . addslashes($link_description) . "', '$link_visible', $user_ID, $link_rating, '" . addslashes($link_rel) ."')";

    $sql_result = mysql_query($sql) or die("Couldn't execute query."."sql=[$sql]". mysql_error());

    header("Location: linkmanager.php");
    break;
  } // end Add

  case "editlink":
  {
    if (isset($submit) && ($submit == "Save")) {

      if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
        $cat_id = $links_show_cat_id;

      if (!isset($cat_id) || ($cat_id == '')) {
        if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
          $cat_id = 'All';
      }
      $links_show_cat_id = $cat_id;

      $standalone = 1;
      include_once("./b2header.php");

      $link_id = $HTTP_POST_VARS["link_id"];
      $link_url = $HTTP_POST_VARS["linkurl"];
      $link_name = $HTTP_POST_VARS["name"];
      $link_image = $HTTP_POST_VARS["image"];
      $link_target = $HTTP_POST_VARS["target"];
      $link_category = $HTTP_POST_VARS["category"];
      $link_description = $HTTP_POST_VARS["description"];
      $link_visible = $HTTP_POST_VARS["visible"];
      $link_rating = $HTTP_POST_VARS["rating"];
      $link_rel = $HTTP_POST_VARS["rel"];
      $auto_toggle = get_autotoggle($link_category);

      if ($user_level < $minadminlevel)
        die ("Cheatin' uh ?");

      // if we are in an auto toggle category and this one is visible then we
      // need to make the others invisible before we update this one.
      if (($auto_toggle == 'Y') && ($link_visible == 'Y')) {
        $sql = "UPDATE $tablelinks set link_visible = 'N' WHERE link_category = $link_category";
        $sql_result = mysql_query($sql) or die("Couldn't execute query."."sql=[$sql]". mysql_error());
      }

      $sql = "UPDATE $tablelinks SET link_url='" . addslashes($link_url) . "',\n " .
             " link_name='" . addslashes($link_name) . "',\n link_image='" . addslashes($link_image) . "',\n " .
             " link_target='$link_target',\n link_category=$link_category,\n " .
             " link_visible='$link_visible',\n link_description='" . addslashes($link_description) . "',\n " .
             " link_rating=$link_rating,\n" .
             " link_rel='" . addslashes($link_rel) . "'\n" .
             " WHERE link_id=$link_id";
      //error_log($sql);
      $sql_result = mysql_query($sql) or die("Couldn't execute query."."sql=[$sql]". mysql_error());

    } // end if save
    setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
    header("Location: linkmanager.php");
    break;
  } // end Save

  case "Delete":
  {
    $standalone = 1;
    include_once("./b2header.php");

    $link_id = $HTTP_POST_VARS["link_id"];

    if ($user_level < $minadminlevel)
      die ("Cheatin' uh ?");

    $sql = "DELETE FROM $tablelinks WHERE link_id = '$link_id'";
    $sql_result = mysql_query($sql) or die("Couldn't execute query.".mysql_error());

    if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
        $cat_id = $links_show_cat_id;
        
    if (!isset($cat_id) || ($cat_id == '')) {
        if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
        $cat_id = 'All';
    }
    $links_show_cat_id = $cat_id;
    setcookie("links_show_cat_id", $links_show_cat_id, time()+600);
    header("Location: linkmanager.php");
    break;
  } // end Delete
  case "linkedit":
  {
    $standalone=0;
    include_once ("./b2header.php");
    if ($user_level < $minadminlevel) {
      die("You have no right to edit the links for this blog.<br>Ask for a promotion to your <a href=\"mailto:$admin_email\">blog admin</a> :)");
    }

    $sql = "SELECT link_url, link_name, link_image, link_target, link_description, link_visible, link_category AS cat_id, link_rating, link_rel " .
      " FROM $tablelinks " .
      " WHERE link_id = $link_id";

    $result = mysql_query($sql) or die("Couldn't execute query.".mysql_error());
    if ($row = mysql_fetch_object($result)) {
      $link_url = $row->link_url;
      $link_name = stripslashes($row->link_name);
      $link_image = $row->link_image;
      $link_target = $row->link_target;
      $link_category = $row->cat_id;
      $link_description = stripslashes($row->link_description);
      $link_visible = $row->link_visible;
      $link_rating = $row->link_rating;
      $link_rel = stripslashes($row->link_rel);
    }

?>
    <?php echo $blankline ?>
    <?php echo $tabletop ?>
    <table width="95%" cellpadding="5" cellspacing="0" border="0">
    <form name="editlink" method="post">
    <input type="hidden" name="action" value="editlink" />
    <input type="hidden" name="link_id" value="<?php echo $link_id; ?>" />
    <input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
    <input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" />
    <tr><td colspan="2"><b>Edit</b> a link:</td></tr>
      <tr height="20">
        <td height="20" align="right">URL:</td>
        <td><input type="text" name="linkurl" size="80" value="<?php echo $link_url; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Display Name/Alt text:</td>
        <td><input type="text" name="name" size="80" value="<?php echo $link_name; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Image:</td>
        <td><input type="text" name="image" size="80" value="<?php echo $link_image; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Description:</td>
        <td><input type="text" name="description" size="80" value="<?php echo $link_description; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Rel:</td>
        <td><input type="text" name="rel" size="80" value="<?php echo $link_rel; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Rating:</td>
        <td>
          <select name="rating" size="1">
<?php
    for ($r = 0; $r < 10; $r++) {
      echo('            <option value="'.$r.'" ');
      if ($link_rating == $r)
        echo('selected');
      echo('>'.$r.'</option>');
    }
?>
            </select>&nbsp;(Leave at 0 for no rating.)
        </td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Target:</td>
        <td><input type="radio" name="target" <?php if ($link_target == '_blank') echo "checked"; ?> value="_blank">_blank&nbsp;<input type="radio" name="target" <?php if ($link_target == '_top') echo "checked"; ?> value="_top">_top</td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Visible:</td>
        <td><input type="radio" name="visible" <?php if ($link_visible == 'Y') echo "checked"; ?> value="Y">Y&nbsp;<input type="radio" name="visible" <?php if ($link_visible == 'N') echo "checked"; ?> value="N">N</td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Category:</td>
        <td>
<?php
    $query = "SELECT cat_id, cat_name, auto_toggle FROM $tablelinkcategories ORDER BY cat_id";
    $result = mysql_query($query) or die("Couldn't execute query. ".mysql_error());
    echo "        <select name=\"category\" size=\"1\">\n";
    while($row = mysql_fetch_object($result)) {
      echo "          <option value=\"".$row->cat_id."\"";
      if ($row->cat_id == $link_category)
        echo " selected";
        echo ">".$row->cat_id.": ".$row->cat_name;
        if ($row->auto_toggle == 'Y')
            echo ' (auto toggle)';
        echo "</option>\n";
    }
    echo "        </select>\n";
?>
        </td>
      </tr>
      <tr height="20">
        <td colspan="2" align="center">
          <input type="submit" name="submit" value="Save" class="search">&nbsp;<input type="submit" name="submit" value="Cancel" class="search"></a>
        </td>
      </tr>
    </table>

<?php
    break;
  } // end linkedit
  case "Show":
  {
    if (!isset($cat_id) || ($cat_id == '')) {
        if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
        $cat_id = 'All';
    }
    $links_show_cat_id = $cat_id;
    //break; fall through
  } // end Show
  case "popup":
  {
    $link_url = $HTTP_GET_VARS["linkurl"];
    $link_name = $HTTP_GET_VARS["name"];
    //break; fall through
  }
  default:
  {
    if (isset($links_show_cat_id) && ($links_show_cat_id != ''))
        $cat_id = $links_show_cat_id;
        
    if (!isset($cat_id) || ($cat_id == '')) {
        if (!isset($links_show_cat_id) || ($links_show_cat_id == ''))
        $cat_id = 'All';
    }
    $links_show_cat_id = $cat_id;
    if (!isset($order_by) || ($order_by == ''))
        $order_by = 'order_id';
    setcookie('links_show_cat_id', $links_show_cat_id, time()+600);
    $standalone=0;
    include_once ("./b2header.php");
    if ($user_level < $minadminlevel) {
      die("You have no right to edit the links for this blog.<br>Ask for a promotion to your <a href=\"mailto:$admin_email\">blog admin</a> :)");
    }

    switch ($order_by)
    {
        case 'order_name':   $sqlorderby = 'name';        break;
        case 'order_url':    $sqlorderby = 'url';         break;
        case 'order_desc':   $sqlorderby = 'description'; break;
        case 'order_owner':  $sqlorderby = 'owner';       break;
        case 'order_rating': $sqlorderby = 'rating';      break;
        case 'order_id':     //fall through
        default:             $sqlorderby = 'id';          break;
    }
    
  if ($action != "popup") {
?>
    <?php echo $blankline ?>
    <?php echo $tabletop ?>
    <form name="cats" method="post">
    <table width="50%" cellpadding="5" cellspacing="0" border="0">
      <tr><td><b>Link Categories:</b></td><td colspan="2"><a href="linkcategories.php">Manage Link Categories</a></td></tr>
      <tr>
        <td>
          <b>Show</b> links in category:<br />
        </td>
        <td>
          <b>Order</b> by:
        </td>
      </tr>
      <tr>
        <td>
<?php
    $query = "SELECT cat_id, cat_name, auto_toggle FROM $tablelinkcategories ORDER BY cat_id";
    $result = mysql_query($query) or die("Couldn't execute query. ".mysql_error());
    echo "        <select name=\"cat_id\">\n";
    echo "          <option value=\"All\"";
    if ($cat_id == 'All')
      echo " selected";
    echo "> All</option>\n";
    while($row = mysql_fetch_object($result)) {
      echo "          <option value=\"".$row->cat_id."\"";
      if ($row->cat_id == $cat_id)
        echo " selected";
        echo ">".$row->cat_id.": ".$row->cat_name;
        if ($row->auto_toggle == 'Y')
            echo ' (auto toggle)';
        echo "</option>\n";
    }
    echo "        </select>\n";
?>
        </td>
        <td>
          <select name="order_by">
            <option value="order_id"     <?php if ($order_by == 'order_id')     echo " selected";?>>Id</option>
            <option value="order_name"   <?php if ($order_by == 'order_name')   echo " selected";?>>Name</option>
            <option value="order_url"    <?php if ($order_by == 'order_url')    echo " selected";?>>URL</option>
            <option value="order_desc"   <?php if ($order_by == 'order_desc')   echo " selected";?>>Description</option>
            <option value="order_owner"  <?php if ($order_by == 'order_owner')  echo " selected";?>>Owner</option>
            <option value="order_rating" <?php if ($order_by == 'order_rating') echo " selected";?>>Rating</option>
          </select>
        </td>
        <td>
          <input type="submit" name="action" value="Show" class="search" />
        </td>
      </tr>
    </table>
    </form>

    <?php echo $tablebottom ?>
    <?php echo $blankline ?>
    <?php echo $tabletop ?>

    <table width="100%" cellpadding="1" cellspacing="0" border="0">
    <form name="links" method="post">
    <input type="hidden" name="link_id" value="" />
    <input type="hidden" name="action" value="" />
    <input type="hidden" name="order_by" value="<?php echo $order_by ?>" />
    <input type="hidden" name="cat_id" value="<?php echo $cat_id ?>" />
    <tr >
      <td style="border-bottom: 1px dotted #9C9A9C;"><b>URL</b></td>
      <td style="border-bottom: 1px dotted #9C9A9C;"><b>Name</b></td>
      <td style="border-bottom: 1px dotted #9C9A9C;"><b>Img?</b></td>
      <td style="border-bottom: 1px dotted #9C9A9C;"><b>Vis?</b></td>
      <td style="border-bottom: 1px dotted #9C9A9C;"><b>Category</b></td>
      <td style="border-bottom: 1px dotted #9C9A9C;">&nbsp;</td>
      <td style="border-bottom: 1px dotted #9C9A9C;">&nbsp;</td>
    </tr>
<?php
    $sql = "SELECT link_url, link_name, link_image, link_description, link_visible, link_category AS cat_id, cat_name AS category, $tableusers.user_login, link_id, link_rating, link_rel "
           . " FROM $tablelinks LEFT JOIN $tablelinkcategories ON $tablelinks.link_category = $tablelinkcategories.cat_id "
           . " LEFT JOIN $tableusers on $tableusers.ID = $tablelinks.link_owner ";
    // have we got a where clause?
    if (($use_adminlevels) || (isset($cat_id) && ($cat_id != 'All')) ) {
        $sql .= " WHERE ";
    }
    if ($use_adminlevels) {
        $sql .= " ($tableusers.user_level <= $user_level"
                . "   OR $tableusers.ID = $user_ID)";
    }
    if (isset($cat_id) && ($cat_id != 'All')) {
      // have we already started the where clause?
      if ($use_adminlevels) {
        $sql .= " AND ";
      }
      $sql .= " link_category = $cat_id ";
    }
    $sql .= " ORDER BY link_".$sqlorderby;

    //echo "$sql";
    $result = mysql_query($sql) or die("Couldn't execute query.".mysql_error());
    while ($row = mysql_fetch_object($result)) {
      $short_url = str_replace('http://', '', $row->link_url);
      if (strlen($short_url) > 35) {
        $short_url =  substr($short_url, 0, 32).'...';
      }
      echo("<tr>\n");
      echo("  <td ><a href=\"".$row->link_url."\">".$short_url."</a></td>\n");
      echo("  <td >".stripslashes($row->link_name)."</td>\n");
      if ($row->link_image != null) {
        echo("  <td align=\"center\">Y</td>\n");
      } else {
        echo("  <td align=\"center\">N</td>\n");
      }
      if ($row->link_visible == 'Y') {
        echo("  <td align=\"center\">Y</td>\n");
      } else {
        echo("  <td align=\"center\">N</td>\n");
      }
      echo("  <td>".stripslashes($row->category)."</td>\n");
      echo("  <td><input type=\"submit\" name=\"edit\" onclick=\"forms['links'].link_id.value='$row->link_id'; forms['links'].action.value='linkedit'; \" value=\"Edit\" class=\"search\" /></td>\n");
      echo("  <td><input type=\"submit\" name=\"delete\" onclick=\"forms['links'].link_id.value='$row->link_id'; forms['links'].action.value='Delete'; return confirm('You are about to delete this link.\\n  \'Cancel\' to stop, \'OK\' to delete.'); \" value=\"Delete\" class=\"search\" /></td>\n");
      echo("</tr>\n");

      echo("<tr>\n");
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" colspan=\"2\"><b>Desc:</b>&nbsp;".stripslashes($row->link_description)."</td>\n");
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" ><b>Rel:</b></td>\n");
      $my_rel = stripslashes($row->link_rel);
      if ($my_rel == '') {
          $my_rel = '&nbsp;';
      }
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" >$my_rel</td>\n");
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" ><b>Rating:</b>&nbsp;".$row->link_rating."</td>\n");
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" valign=\"top\"><b>Owner:</b></td>\n");
      echo("  <td style=\"border-bottom: 1px dotted #9C9A9C;\" valign=\"top\">".$row->user_login."</td>\n");
      echo("</tr>\n");
    }
?>
    </form>
    </table>
<?php
  } // end if !popup
?>
    <?php echo $tablebottom ?>
    <?php echo $blankline ?>

    <?php echo $tabletop ?>

    <table width="95%" cellpadding="5" cellspacing="0" border="0">
    <form name="addlink" method="post">
    <input type="hidden" name="action" value="Add" />
    <tr><td colspan="2"><b>Add</b> a link:</td></tr>
      <tr height="20">
        <td height="20" align="right">URL:</td>
        <td><input type="text" name="linkurl" size="80" value="http://<?php echo $link_url; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Display Name/Alt text:</td>
        <td><input type="text" name="name" size="80" value="<?php echo $name; ?>"></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Image:</td>
        <td><input type="text" name="image" size="80" value=""></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Description:</td>
        <td><input type="text" name="description" size="80" value=""></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Rel:</td>
        <td><input type="text" name="rel" size="80" value=""></td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Rating:</td>
        <td>
          <select name="rating" size="1">
<?php
    for ($r = 0; $r < 10; $r++) {
      echo('            <option value="'.$r.'">'.$r.'</option>');
    }
?>
            </select>&nbsp;(Leave at 0 for no rating.)
        </td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Target:</td>
        <td><input type="radio" name="target" checked="checked" value="_blank">_blank&nbsp;<input type="radio" name="target" value="_top">_top</td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Visible:</td>
        <td><input type="radio" name="visible" checked="checked" value="Y">Y&nbsp;<input type="radio" name="visible" value="N">N</td>
      </tr>
      <tr height="20">
        <td height="20" align="right">Category:</td>
        <td>
<?php
    $query = "SELECT cat_id, cat_name, auto_toggle FROM $tablelinkcategories ORDER BY cat_id";
    $result = mysql_query($query) or die("Couldn't execute query. ".mysql_error());
    echo "        <select name=\"category\" size=\"1\">\n";
    while($row = mysql_fetch_object($result)) {
      echo "          <option value=\"".$row->cat_id."\"";
      if ($row->cat_id == $cat_id)
        echo " selected";
        echo ">".$row->cat_id.": ".$row->cat_name;
        if ($row->auto_toggle == 'Y')
            echo ' (auto toggle)';
        echo "</option>\n";
    }
    echo "        </select>\n";
?>
        </td>
      </tr>
      <tr height="20">
        <td colspan="2" align="center">
          <input type="submit" name="submit" value="Add" class="search">
        </td>
      </tr>
    </table>

<?php
    break;
  } // end default
} // end case
?>

<?php echo $tablebottom ?>

<?php include("b2footer.php") ?>