<?php
  session_start();
  require_once 'conn.php';
  require_once 'http.php';
  
  if (isset($\_REQUEST[\text{'}action\text{'}]))\; \{\; switch\; ($_REQUEST['action']) {
      case 'Submit New Article':
        if (isset($\_POST[\text{'}title\text{'}])\; and\; isset($_POST['body'])
            and isset($\_SESSION[\text{'}user\_id\text{'}]))\; \{$sql = "INSERT INTO cms_articles " .
                 "(title,body, author_id, date_submitted) " .
                 "VALUES ('" . $\_POST[\text{'}title\text{'}]\; .\; "\text{'},\text{'}"\; .$_POST['body'] .
                 "'," . $\_SESSION[\text{'}user\_id\text{'}]\; .\; ",\text{'}"\; .\; date("Y-m-d\; H:i:s",\; time())\; .\; "\text{'})";\; mysql\_query($sql, _POST['article']);
        break;
  
      case 'Save Changes':
        if (isset($\_POST[\text{'}title\text{'}])\; and\; isset($_POST['body'])
            and isset($\_POST[\text{'}article\text{'}]))\; \{$sql = "UPDATE cms_articles " .
                 "SET title='" . $\_POST[\text{'}title\text{'}]\; .\; "\text{'},\; body=\text{'}"\; .$_POST['body'] . "', date_submitted='" .
                 date("Y-m-d H:i:s", time()) . "' " .
                 "WHERE article_id=" . $\_POST[\text{'}article\text{'}];\; if\; (isset($_POST['authorid'])) {
                   $sql\; .=\; "\; AND\; author\_id="\; .$_POST['authorid'];
                 }
  
          mysql_query($sql,$conn)
            or die('Could not update article; ' . mysql_error());
        }
  
        if (isset($\_POST[\text{'}authorid\text{'}]))\; \{\; redirect(\text{'}cpanel.php\text{'});\; \}\; else\; \{\; redirect(\text{'}pending.php\text{'});\; \}\; break;\; case\; \text{'}Publish\text{'}:\; if\; ($_POST['article']) {
          $sql\; =\; "UPDATE\; cms\_articles\; "\; .\; "SET\; is\_published=1,\; date\_published=\text{'}"\; .\; date("Y-m-d\; H:i:s",time())\; .\; "\text{'}\; "\; .\; "WHERE\; article\_id="\; .$_POST['article'];
          mysql_query($sql,$conn)
            or die('Could not publish article; ' . mysql_error());
        }
        redirect('pending.php');
        break;
  
      case 'Retract':
        if ($\_POST[\text{'}article\text{'}])\; \{$sql = "UPDATE cms_articles " .
                 "SET is_published=0, date_published='' " .
                 "WHERE article_id=" . $\_POST[\text{'}article\text{'}];\; mysql\_query($sql, $conn)\; or\; die(\text{'}Could\; not\; retract\; article;\; \text{'}\; .\; mysql\_error());\; \}\; redirect(\text{'}pending.php\text{'});\; break;\; case\; \text{'}Delete\text{'}:\; if\; ($_POST['article']) {
          $sql\; =\; "DELETE\; FROM\; cms\_articles\; "\; .\; "WHERE\; is\_published=0\; "\; .\; "AND\; article\_id="\; .$_POST['article'];
          mysql_query($sql,$conn)
            or die('Could not delete article; ' . mysql_error());
        }
        redirect('pending.php');
        break;
  
      case 'Submit Comment':
        if (isset($\_POST[\text{'}article\text{'}])\; and$_POST['article']
            and isset($\_POST[\text{'}comment\text{'}])\; and$_POST['comment'])
        {
          $sql\; =\; "INSERT\; INTO\; cms\_comments\; "\; .\; "(article\_id,comment\_date,comment\_user,comment)\; "\; .\; "VALUES\; ("\; .$_POST['article'] . ",'" .
                 date("Y-m-d H:i:s", time()) . 
                 "'," . $\_SESSION[\text{'}user\_id\text{'}]\; .\; ",\text{'}"\; .$_POST['comment'] . "')";
          mysql_query($sql,$conn)
            or die('Could add comment; ' . mysql_error());
        }
        redirect('viewarticle.php?article=' . $\_POST[\text{'}article\text{'}]);\; break;\; case\; \text{'}remove\text{'}:\; if\; (isset($_GET['article'])
            and isset($\_SESSION[\text{'}user\_id\text{'}]))\; \{$sql = "DELETE FROM cms_articles " .
                 "WHERE article_id=" . $\_GET[\text{'}article\text{'}]\; .\; "\; AND\; author\_id="\; .$_SESSION['user_id'];
          mysql_query($sql,$conn)
            or die('Could not remove article; ' . mysql_error());
        }
        redirect('cpanel.php');
        break;
    }
  } else {
    redirect('index.php');
  }
  ?>