Файл: panel/news.php
Строк: 53
<?php
require('../core/start.php');
$data = array(
'title' => lang('title_home_panel')
);
head($data);
if (empty($_SESSION['admin_sid'])):
if (!empty($_POST)) {
if ($_POST['login'] == ADM_LOGIN && $_POST['password'] == ADM_PASS) {
$_SESSION['admin_sid'] = true;
redirect(HOME . "panel/index.php");
} else {
echo 'error';
}
}
?>
<form action="?" method="POST">
<label>
<p><?= lang('login') ?></p>
<input type="text" name="login"/>
</label>
<label>
<p><?= lang('password') ?></p>
<input type="password" name="password"/>
</label>
<div>
<input type="submit" value="<?= lang('sig_in') ?>"/>
</div>
</form>
<?php
else:
switch ($_GET['select']) {
default:
?>
<div class="link">
<a href="news.php?select=add"><?= lang('add') ?></a>
</div>
<?php
$query = "SELECT * FROM news ORDER BY id DESC";
$result = mysqli_query($db, $query);
while ($row = mysqli_fetch_array($result)) {
?>
<div class="menu">
<?= $row['text'] ?><br />
<a href="news.php?select=edit&id=<?= $row['id'] ?>">[Edit]</a> <a href="news.php?select=delete&id=<?= $row['id'] ?>">[Delete]</a>
</div>
<?php
}
break;
case 'delete':
$id = abs((int)$_GET['id']);
$query = "SELECT * FROM news WHERE id = '".$id."'";
$result = mysqli_query($db, $query);
$data = mysqli_fetch_array($result);
if (!empty($data)) {
$query = "DELETE FROM news WHERE id = '".$id."'";
mysqli_query($db, $query);
redirect(HOME . "panel/news.php");
}
break;
case 'edit':
$id = abs((int)$_GET['id']);
$query = "SELECT * FROM news WHERE id = '".$id."'";
$result = mysqli_query($db, $query);
$data = mysqli_fetch_array($result);
if (!empty($data)) {
if (!empty($_POST)) {
$text = mysqli_escape_string($db, htmlspecialchars($_POST['text']));
$query = "UPDATE news SET text = '".$text."' WHERE id = '".$id."'";
mysqli_query($db, $query);
redirect(HOME . "panel/news.php?select=edit&id=".$id);
}
?>
<form action="#" method="POST">
<label>
<?= lang('text') ?>:<br />
<textarea name="text" style="width: 100%; height: 100px;"><?= $data['text'] ?></textarea>
</label>
<div>
<input type="submit" value="<?= lang('update') ?>"/>
</div>
</form>
<?php
}
break;
case 'add':
if (!empty($_POST)) {
$text = mysqli_escape_string($db, htmlspecialchars($_POST['text']));
$query = "INSERT INTO news (text, date) VALUES ('".$text."', NOW())";
mysqli_query($db, $query);
redirect(HOME . "panel/news.php");
}
?>
<form action="#" method="POST">
<label>
<?= lang('text') ?>:<br />
<textarea name="text"></textarea>
</label>
<div>
<input type="submit" value="<?= lang('add') ?>"/>
</div>
</form>
<?php
break;
}
endif;
footer();
?>