Temp = $PhpGroup_style['def_style']; $tpl->Cache = "easycache"; //get the can name in the right page $selectc = @mysql_db_query("$dbName", "SELECT * FROM `cat` WHERE `cat_group` = '1' ORDER BY `cat_id` ASC ") ; while ($s = @mysql_fetch_assoc($selectc)){ $cat[] = $s ; } @mysql_free_result($selectc); //loginbox loginbox( $login ); //get the last new poem $selectnewdivan = mysql_db_query("$dbName", "SELECT * FROM `divan` WHERE `divan_group` = '1' ORDER BY `divan_id` DESC ") ; while ($ndivan = @mysql_fetch_assoc($selectnewdivan)){ $nd[] = $ndivan ; } @mysql_free_result($selectnewdivan); //statistics $selectcount= mysql_db_query("$dbName", "SELECT * FROM cat;") ; $totalcat = mysql_affected_rows(); @mysql_free_result($selectcount); $selectcount= mysql_db_query("$dbName", "SELECT * FROM divan;") ; $totaldivan = mysql_affected_rows(); @mysql_free_result($selectcount); $selectcount= mysql_db_query("$dbName", "SELECT * FROM users;") ; $totalusers = mysql_affected_rows(); @mysql_free_result($selectcount); echo $tpl->display("headerinclude.html"); //header echo $tpl->display("header.html"); //endheader echo $tpl->display("bodyinclude.html"); if (($close) == ('yes')){ echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); } //coment $username = $_COOKIE[traidusername]; $password = $_COOKIE[traiduserpassword]; if(($username)==('')){ $message = "من فضلك قم بتسجيل الدخول أولاً"; echo $tpl->display("message.html"); echo $tpl->display("footer.html"); exit(); }else{ $getuser = mysql_db_query("$dbName", "SELECT * FROM `users` WHERE `user_name` = '$username' and `user_password` = '$password' ;") ; $find = mysql_affected_rows(); if(($find)==('0')){ $message = "عفوا قم باعاده تسجيل الدخول"; @setcookie('traidusername',$username,time()-36000); }else{ //start addpoem rules $getcatid = $_GET[catid]; $cleanid = strip_tags($getcatid); $cnumber = is_numeric($cleanid); if(($cnumber)!=('1')){ $message = "عفوا لا تقم بتغير شيئ بعنوان المتصفح عد الي الخلف"; echo $tpl->display("message.html"); echo $tpl->display("footer.html"); exit(); }else{ $getcat = mysql_db_query("$dbName", "SELECT * FROM `cat` WHERE `cat_id` = '$cleanid'") ; $issetat = mysql_affected_rows(); while ($cinfo = @mysql_fetch_array($getcat)){ $allowtoaddpoem = $cinfo[cat_user]; } if (($issetat)==('0')){ $message = "عفوا القسم غير متوفر عد الي الخلف"; echo $tpl->display("message.html"); echo $tpl->display("footer.html"); exit(); }else{ if (($allowtoaddpoem)==('no')){ $message = "عفوا غير مسموح لك باضافة قصائد بهذا القسم"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); }else{ if(($_GET['do'])==('')){ echo $tpl->display("addpoem.html"); }elseif(($_GET['do'])==('preview')){ //this display after user send poem $poemname = trim($_POST[poemname]); $poemname = strip_tags($poemname); $poemmessage = trim($_POST['message']); $catid = trim($_POST['catid']); $format = $_POST[format]; $sound = trim($_POST[sound]); $sound = strip_tags($sound); if(eregi(">",$poemmessage)){ die("عفوا غير مسموح باضافه اكواد"); } if(eregi("script",$poemmessage)){ die("عفوا غير مسموح باضافه اكواد"); } if(eregi("html",$poemmessage)){ die("عفوا غير مسموح باضافه اكواد"); } function cheakpost ($poemname,$catid,$format){ if(($poemname)==('')){ $alert = "عفوا لم تقم بادخال اسم القصيدة"."
"; } if(($catid)==('')){ $alert = $alert."عفوا هناك خطأ بتصنيف القصيدة"."
"; } if(($format)==('')){ $alert = $alert."عفوا لم تقم باختيار نوع التنسيق"."
"; } return($alert); } $cheak = cheakpost ($poemname,$catid,$format); if(($cheak)!=('')){ $message = "$cheak"; echo $tpl->display("message.html"); }else{ $javacode = ""; $exp = $_SERVER['HTTP_USER_AGENT']; $exp = explode("Firefox",$exp); $exp = $exp[1]; if(($exp) == ('')){ $poemcode = ""; $poempreview = $poemmessage; $poempreview = nl2br($poempreview); $poempreview = "
"; echo $tpl->display("previewpoem.html"); }else{ $poemcode = ""; $poempreview= $poemmessage; $poempreview = nltobr($poempreview); $poempreview = str_replace("=","    ",$poempreview); $poempreview = "
$poempreview

التنسيق غير مفعل علي متصفح الفايرفوكس
"; echo $tpl->display("previewpoem.html"); } } }else{ //this display after user send poem $poemname = trim($_POST[poemname]); $poemname = strip_tags($poemname); $oemname = strip_tags($poemname); $poemmessage = trim($_POST['message']); $catid = trim($_POST['catid']); $format = $_POST[format]; $sound = trim($_POST[sound]); $sound = strip_tags($sound); function short_string(&$a,$h) { if(strlen($a)>$h ) { $a = "".substr($a,0,$h)." ..."; } return $a; } $shorttitle = short_string($oemname,20); if(($poemname)==('')){ $message = "من فضلك تاكد من كتابة عنوان القصيدة"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); }else{ if(eregi(">",$poemmessage)) { $message = "عفوا غير مسموح باضافه أكواد"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); }elseif(eregi(">",$poemname)){ $message = "عفوا غير مسموح باضافه أكواد"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); }else{ //add the poem to database $date = date('d-m-Y'); $add =@mysql_db_query("$dbName", " INSERT INTO `divan` ( `divan_id` , `divan_title` ,`divan_short`, `divan_containing` , `divan_author` , `divan_date` , `divan_count` , `divan_group` , `divan_back` , `cat_id` , `divan_sound` , `poem_format` ) VALUES (NULL , '$poemname','$shorttitle', '$poemmessage', '$username', '$date', '0', '3', '', '$catid', '$sound', '$format'); ") ; if($add){ $message = "تم اضافه القصيدة بنجاح
القصيدة الآن بنتظار موافقة الادارة"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); }else{ $message= "عفوا هناك مشكلة باضافه القصيدة"; echo $tpl->display("message.html"); traidntright(); echo $tpl->display("footer.html"); exit(); } } } } } } //end addpoem rules } } } //comet echo"
"; traidntright(); echo $tpl->display("footer.html"); //page footer ob_end_flush(); ?>