1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
|
<?
$module = array("help" => "box_help",
"block" => "box_block",
"admin" => "box_admin");
function box_help() {
?>
<P>The content of the site can be almost entirely altered through <I>boxes</I>. Simply put, boxes are small bits of text, HTML or PHP code which will get plugged into the site just like any other block. Boxes are typically used to add custom blocks to the site.</P>
<P>Each box consists of a subject and an associated block of text, HTML or PHP code that can be as long as you wish and that will 'render' the content of the box.</P>
<H3>PHP boxes</H3>
<P>If you know how to script in PHP, PHP boxes are easy to create. Don't worry if you're no PHP-wizard: simply use ASCII or HTML boxes instead.</P>
<P>You can use any piece of PHP code to make up the content of a PHP box: this implies that you can declare and use functions, consult the SQL database, access configuration settings and much more. A PHP box's code is stored in the database and the engine will dynamically embed the PHP code just-in-time for execution.</P>
<P>There are however some factors to keep in mind when using and creating PHP boxes: PHP boxes can be extremely useful and flexible, yet they can be dangerous and insecure if not properly used. If you are not familiar with PHP, SQL or with the site engine, avoid experimenting with PHP boxes because you can - and probably will - corrupt your database or render your site unusable! If you don't plan to do fancy stuff with boxes then you're probably better off with ASCII or HTML boxes.</P>
<P>Remember that the code within each PHP box must be valid PHP code -- including things like correctly terminating statements with a semicolon so that the parser won't die. It is highly recommended that you develop your boxes separately using a simple test script on top of a test database before migrating to your production environment.</P>
<P>Note that you can use global variables such as configuration parameters within the scope of a PHP box. Also keep in mind that variables which have been given values in a PHP box will retain these values in the engine or module afterwards.</P>
<P>You can use the <CODE>return</CODE> statement to return the actual content for your block as well.</P>
<P><U>A basic example:</U></P>
<P>Given the box with subject "Welcome", used to create a "<I>Welcome</I>" box. The content for this box could be created by using:</P>
<PRE>
return "Welcome visitor, ... welcome message goes here ...";
</PRE>
<P>If we are however dealing with a registered user, we can customize the message by using:</P>
<PRE>
if ($user->userid) {
return "Welcome $user->userid, ... welcome message goes here ...";
}
else {
return "Welcome visitor, ... welcome message goes here ...";
}
</PRE>
<P>For more in-depth examples, we recommend that you check the existing boxes and use them as a starting point.</P>
<?
}
function box_block() {
$result = db_query("SELECT * FROM boxes");
$i = 0;
while ($block = db_fetch_object($result)) {
$blocks[$i]["subject"] = check_output($block->subject);
$blocks[$i]["content"] = ($block->type == 2) ? eval($block->content) : $block->content;
$blocks[$i]["info"] = check_output($block->info);
$blocks[$i]["link"] = check_output($block->link);
$i++;
}
return $blocks;
}
function box_admin_display() {
$type = array(0 => "ASCII", 1 => "HTML", 2 => "PHP");
$result = db_query("SELECT * FROM boxes");
while ($block = db_fetch_object($result)) {
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>Subject:</TH><TD>". check_output($block->subject) ."</TD></TR>\n";
$output .= " <TR><TH>Content:</TH><TD>". nl2br(htmlentities($block->content)) ."</TD></TR>\n";
$output .= " <TR><TH>Type:</TH><TD>". $type[$block->type] ."</TD></TR>\n";
$output .= " <TR><TH>Description:</TH><TD>". check_output($block->info) ."</TD></TR>\n";
$output .= " <TR><TH>Link:</TH><TD>". format_url($block->link) ."</TD></TR>\n";
$output .= " <TR><TH>Operations:</TH><TD><A HREF=\"admin.php?mod=box&op=edit&id=$block->id\">edit</A>, <A HREF=\"admin.php?mod=box&op=delete&id=$block->id\">delete</A></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "<BR><BR>\n";
}
print $output;
}
function box_admin_new() {
$type = array(0 => "ASCII", 1 => "HTML", 2 => "PHP");
foreach ($type as $key=>$value) {
$selection .= " <OPTION VALUE=\"$key\">$value</OPTION>\n";
}
$output .= "<FORM ACTION=\"admin.php?mod=box\" METHOD=\"post\">\n";
$output .= "<TABLE BORDER=\"1\" CELLPADDING=\"3\" CELLSPACING=\"0\">\n";
$output .= " <TR><TH>Subject:</TH><TD><INPUT TYPE=\"text\" NAME=\"subject\" SIZE=\"35\"></TD></TR>\n";
$output .= " <TR><TH>Content:</TH><TD><TEXTAREA NAME=\"content\" COLS=\"50\" ROWS=\"5\"></TEXTAREA></TD></TR>\n";
$output .= " <TR><TH>Type:</TH><TD><SELECT NAME=\"type\">\n$selection</SELECT></TD></TR>\n";
$output .= " <TR><TH>Description:</TH><TD><INPUT TYPE=\"text\" NAME=\"info\" SIZE=\"35\"></TD></TR>\n";
$output .= " <TR><TH>Link:</TH><TD><INPUT TYPE=\"text\" NAME=\"link\" SIZE=\"35\"></TD></TR>\n";
$output .= " <TR><TH>Operations:</TH><TD><INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Add box\"></TD></TR>\n";
$output .= "</TABLE>\n";
$output .= "</FORM>\n";
print $output;
}
function box_admin_add($subject, $content, $info, $link, $type) {
db_query("INSERT INTO boxes (subject, content, info, link, type) VALUES ('$subject', '$content', '$info', '$link', '$type')");
}
function box_admin_delete($id) {
db_query("DELETE FROM boxes WHERE id = $id");
}
function box_admin_rehash() {
global $repository;
module_rehash_blocks("box", $repository["box"]);
}
function box_admin_edit($id) {
$type = array(0 => "ASCII", 1 => "HTML", 2 => "PHP");
$result = db_query("SELECT * FROM boxes WHERE id = $id");
if ($block = db_fetch_object($result)) {
$output .= "<FORM ACTION=\"admin.php?mod=box\" METHOD=\"post\">\n";
$output .= "<P>\n";
$output .= " <B>Subject:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"subject\" VALUE=\"". check_textfield($block->subject) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Content:</B><BR>\n";
$output .= " <TEXTAREA NAME=\"content\" COLS=\"50\" ROWS=\"5\">$block->content</TEXTAREA>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Type:</B><BR>\n";
$output .= " <SELECT NAME=\"type\">\n";
foreach ($type as $key=>$value) {
$output .= " <OPTION VALUE=\"$key\"". (($block->type == $key) ? " SELECTED" : "") .">$value</OPTION>\n";
}
$output .= " </SELECT>\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Description:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"info\" VALUE=\"". check_textfield($block->info) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <B>Link:</B><BR>\n";
$output .= " <INPUT TYPE=\"text\" NAME=\"link\" VALUE=\"". check_textfield($block->link) ."\">\n";
$output .= "</P>\n";
$output .= "<P>\n";
$output .= " <INPUT TYPE=\"hidden\" NAME=\"id\" VALUE=\"$id\">\n";
$output .= " <INPUT TYPE=\"submit\" NAME=\"op\" VALUE=\"Save box\"><BR>\n";
$output .= "</P>\n";
$output .= "</FORM>\n";
}
print $output;
}
function box_admin_save($id, $subject, $content, $info, $link, $type) {
db_query("UPDATE boxes SET subject = '$subject', content = '$content', info = '$info', link = '$link', type = '$type' WHERE id = '$id'");
watchdog("message", "modified box `$subject'");
}
function box_admin() {
global $op, $id, $subject, $content, $info, $link, $type;
print "<SMALL><A HREF=\"admin.php?mod=box&op=add\">add new box</A> | <A HREF=\"admin.php?mod=box\">overview</A> | <A HREF=\"admin.php?mod=box&op=help\">help</A></SMALL><HR>\n";
switch ($op) {
case "Add box":
box_admin_add(check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "Save box":
box_admin_save(check_input($id), check_input($subject), check_code($content), check_input($info), check_input($link), check_input($type));
box_admin_display();
box_admin_rehash();
break;
case "help":
box_help();
break;
case "add":
box_admin_new();
break;
case "edit":
box_admin_edit(check_input($id));
break;
case "delete":
box_admin_delete(check_input($id));
box_admin_rehash();
// fall through
default:
box_admin_display();
}
}
?>
|
