<?
########################################################################
# KBase Express                                                        #
# http://www.sensationdesigns.com/products/scripts/kbase_express       #
#                                                                      #
# Website: http://www.sensationdesigns.com                             #
# Contact: sales@sensationdesigns.com                                  #
# Support: support@sensationdesigns.com                                #
#                                                                      #
# KBase Express is NOT free software. It may NOT be redistributed in   #
# any way. Please see the license agreement for further information:   #
# http://www.sensationdesigns.com/policies/license.php                 #
#                                                                      #
# Copyright (c) 2005 Sensation Designs. All rights reserved.           #
########################################################################

require('data/config.php');
require('includes/functions.php');

dbConnect($cfg['db_host'], $cfg['db_user'], $cfg['db_pass'], $cfg['db_name']);

$action = $_GET['action'];
$paction = $_POST['paction'];
$userip = $_SERVER['REMOTE_ADDR'];
$id = $_GET['id'];

if ($action == 'view') {	
	$errmsg = '';
	
	if (!$id || !is_numeric($id)) {
		$errmsg = 'Invalid article Id specified!';
		require($cfg['tpl_dir'].'/error.php');
		die();
	}
	
	$article = getArticleInfo($id, $userip, true);

	if (!$article) {
		$errmsg = 'Invalid article Id specified!';
		require($cfg['tpl_dir'].'/error.php');
		die();
	}
	
	require($cfg['tpl_dir'].'/article_view.php');
}
elseif ($action == 'email') {
	$article['id'] = $id;
	$status = 'send';
	require($cfg['tpl_dir'].'/article_email.php');
}
elseif ($paction == 'rate') {
	$return_url =  $_POST['return_url'];
	$article_id = $_POST['article_id'];
	$rating = $_POST['rating'];
	$ipaddress = $_SERVER['REMOTE_ADDR'];
	$errmsg = '';
	
	if ($rating < 1 || $rating > 5)
		$errmsg = 'You entered an invalid rating. Ratings must be between 1 and 5 inclusively.';
	elseif ($article_id == '')
		$errmsg = 'No article Id was specified through the form. Please contact the knowledge base adminsitrator about this issue.';
	
	if ($errmsg) {
		require($cfg['tpl_dir'].'/error.php');
		die();
	}
	else {	
		dbQuery("INSERT INTO ratings(article_id, ipaddress, rating, ratedate) VALUES($article_id, '$ipaddress', $rating, NOW())");	
		dbQuery("UPDATE articles SET ratings_$rating=ratings_$rating + 1 WHERE id=$article_id");
	
		if ($return_url == '') { $return_url = $cfg['script_url']."/article.php?action=view&id=$article_id"; }
		header("Location: $return_url");
		die();
	}
}
elseif ($paction == 'email') {
	$article_id = $_POST['article_id'];
	$from_name = $_POST['from_name'];
	$from_email = $_POST['from_email'];
	$to_name = $_POST['to_name'];
	$to_email = $_POST['to_email'];
	$extra_comments = $_POST['extra_comments'];
	
	if ($from_name == '') {
		$status = 'failed';
		$errmsg = 'You did not enter your name';
	}
	elseif ($to_name == '') {
		$status = 'failed';
		$errmsg = 'You did not enter your friend\'s name';
	}
	elseif (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,4}$", $from_email)) {
		$status = 'failed';
		$errmsg = 'Your e-mail address appears to be invalid';
	}
	elseif (!eregi("^[_\\.0-9a-z-]+@([0-9a-z][0-9a-z-]+\\.)+[a-z]{2,4}$", $to_email)) {
		$status = 'failed';
		$errmsg = 'Your friend\'s e-mail address appears to be invalid';
	}
	
	if ($status != 'failed') {
		dbQuery("UPDATE articles SET email_count=email_count+1 WHERE id=$article_id");	

		$result = dbQuery("SELECT title FROM articles WHERE id=$article_id");

		if (mysql_num_rows($result) == 1) {
			while($row = mysql_fetch_object($result)){
				$article_title = $row->title;
			}
		}
		else { $status = 'failed'; $errmsg = 'Unable to find article'; }
		
		if ($status != 'failed') {
			$subject = $from_name.' wants you to look at this';
			$body = "$from_name has sent an article to you FROM the ".$cfg['sectionname']."\n\n";
			$body .= "Article title: $article_title\n\n";
			$body .= "You can view the article at the following URL\n";;
			$body .= $cfg['script_url'].'/article.php?action=view&id='.$article_id;
			if ($extra_comments != '') { $body .= "\n\nAdditional comments:\n".$extra_comments; }
			$body .= "\n\n--------------------\nPowered by KBase Express\nCopyright (c) 2004 Sensation Designs. All rights reserved.";
			$mailheaders = "From: $from_name <$from_email>\n";
			$mailheaders .= "Reply-To: $from_email";
			$status = @mail($to_email, $subject, $body, $mailheaders);
			if (!$status) { $status = 'failed'; $errmsg = 'Unable to delivery e-mail message'; }
			else { $status = 'sent'; }
		}
	}
	
	require($cfg['tpl_dir'].'/article_email.php');
}
elseif ($paction == 'comment') {
	$return_url = $_POST['return_url'];
	$article_id = $_POST['article_id'];
	$name = mysql_escape_string($_POST['name']);
	$comment = mysql_escape_string($_POST['comment']);
	$ipaddress = $_SERVER['REMOTE_ADDR'];
	
	if ($article_id == '') {
		$errmsg = 'No article Id was specified through the form. Please contact the knowledge base adminsitrator about this issue.';
		require($cfg['tpl_dir'].'/error.php');
		die();
	}
	elseif (strlen($name) == 0) {
		$status = 'failed';
		$errmsg = 'You did not enter your name';
	}
	elseif (strlen($comment) == 0) {
		$status = 'failed';
		$errmsg = 'You did not enter your comment';
	}
	
	if ($status != 'failed') {
		$name = strip_tags($name);
		if ($cfg['comments_allow_html'] == 0) { $comment = strip_tags($comment); }
		
		if ($cfg['approve_comments'] == 1) { $status = 0; }
		else { $status = 1; }
		
		$query = "INSERT INTO comments(article_id, ipaddress, name, comment, status, postdate) VALUES($article_id, '$ipaddress', '$name', '$comment', $status, NOW())";
		$result = mysql_query($query) or die('<b>Error in MySQL query!</b><BR><i style="color:#FF0000">'.$query.'</i><BR>Error #'.mysql_errno().': '.mysql_error());
		$status = 'success';
	}
	
	if ($return_url == '') {	
		$return_url = $cfg['script_url']."/article.php?action=view&id=$article_id&status=$status&errmsg=".urlencode($errmsg);
	}
	else {
		if (stristr($return_url, '?'))
			$return_url .= "&status=$status&errmsg=".urlencode($errmsg);
		else
			$return_url .= "?status=$status&errmsg=".urlencode($errmsg);
	}

	header("Location: $return_url");
	die();
}
else {
	$file = $_GET['file'];
	if ($action != '' && $file != '') {
		require($cfg['tpl_dir'].'/'.$file);
	}
}
displayCopyright();
?>
<script language="JavaScript">
<!--
document.title = document.title+' - Powered by KBase Express';
-->
</script>