Файл: new_fanland/cpan/library.php
Строк: 135
<?
include_once"../cfg.php";
include_once "../db.php";
function main()
{
echo"<div class="main"><div class="in">";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list">Просмотреть все статьи</a><br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Написать новую статью</a><br/>";
echo"--------<br/>";
echo"<a href="index.php?usr=$_GET[usr]&pwd=$_GET[pwd]">НАЗАД</a>";
}
function new_letter()
{
echo"<div class="main"><div class="in">";
echo"<form action="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=writing" method="post">";
echo"Название:<br/><input type="text" name="title"><br/>";
echo"Текст статьи:<br/><textarea name="text" cols="15" rows="5"></textarea><br/>";
echo"Автор статьи:<br/><input type="text" name="author"><br/>";
echo"<input type="submit" value="сохранить" class="ibutton"></form>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]">НАЗАД</a>";
}
function library_write()
{
if (empty($_POST[title]))
{
echo"<div class="main"><div class="in">";
echo"<b>Вы не ввели название статьи!</b><br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">НАЗАД</a>";
}
elseif (empty($_POST[text]))
{
echo"<div class="main"><div class="in">";
echo"<b>Вы не ввели текст статьи!</b><br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Назад</a>";
}
elseif (isset($_POST['title']) AND isset($_POST['text']))
{
$title = stripcslashes(htmlspecialchars($_POST['title']));
$text = stripcslashes(htmlspecialchars($_POST['text']));
$author = stripslashes(htmlspecialchars($_POST['author']));
$date = date("H:i d.m.Y");
$title = iconv("utf-8","windows-1251",$title);
$text = iconv("utf-8","windows-1251",$text);
$author = iconv("utf-8","windows-1251",$author);
$text = str_replace("n","<br/>",$text);
mysql_query("INSERT INTO library (title,text,author,time) VALUES ('$title','$text','$author','$date')");
echo"<div class="main"><div class="in">";
echo"<b>Вы успешно добавили статью!</b><br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Добавить еще одну</a><br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=">назад</a><br/>";
echo"<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">В игру</a><br/>";
}
}
function lists()
{
echo"<div class="main"><div class="in">";
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `library`"),0);
$whiel = mysql_query("SELECT id, title FROM `library`");
$lists = mysql_fetch_array($whiel);
if ($result == 0)
{ echo "--Статей нет--"; }
else{
do{
$lists['title'] = iconv("windows-1251","utf-8",$lists['title']);
printf("<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=%s&nw=list_library">%s</a><br/>",$lists[id],$lists[title]);
} while($lists = mysql_fetch_array($whiel));
}
echo"<br/>-----<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=">Назад</a>";
}
function list_library()
{
$whiel = mysql_query("SELECT * FROM library WHERE id='".mysql_real_escape_string($_GET['id'])."'");
$lists = mysql_fetch_array($whiel);
$lists[title] = iconv("windows-1251","utf-8",$lists[title]);
$lists[text] = iconv("windows-1251","utf-8",$lists[text]);
echo"<div class="main"><div class="in">";
echo"<form action="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=$_GET[id]&nw=change_library" method="post">";
echo"Название статьи:<br/><input type="text" name="title" value="$lists[title]"><br/>";
echo"Текст статьи:<br/><input type="text" name="text" value="$lists[text]"><br/>";
echo"<input type="submit" value="Изменить" class="ibutton"></form>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=$_GET[id]&nw=delete_library">Удалить статью</a><br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
function delete_library()
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `library` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1"), 0)==1)
{
mysql_query("DELETE FROM `library` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `library`");
echo"<div class="main"><div class="in">";
echo"Вы успешно удалили статью!<br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
} else
{
echo"<div class="main"><div class="in">";
echo"Ошибка!<br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
}
function change()
{
if (empty($_POST[title]))
{
echo"<div class="main"><div class="in">";
echo"Пустое поле названия статьи!<br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list_library">Назад</a>";
}
elseif (empty($_POST[text]))
{
echo"<div class="main"><div class="in">";
echo"Пустое поле текста статьи!<br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list_library">Назад</a>";
}
elseif (isset($_POST[title]) AND isset($_POST[text]))
{
$_POST[title] = iconv("utf-8","windows-1251",$_POST[title]);
$_POST[text] = iconv("utf-8","windows-1251",$_POST[text]);
mysql_query("UPDATE `library` SET `title` = '".mysql_real_escape_string($_POST['title'])."', `text` = '".mysql_real_escape_string($_POST['text'])."' WHERE `id` = '$_GET[id]' LIMIT 1");
echo"<div class="main"><div class="in">";
echo"Вы успешно изменили статью!<br/>";
echo"--------<br/>";
echo"<a href="library.php?usr=$_GET[usr]&pwd=$_GET[pwd]&">Назад</a>";
}
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
$db = mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$tikr = mysql_num_rows(mysql_query("SELECT usr, pwd FROM users WHERE usr = '".mysql_real_escape_string($_GET['usr'])."' AND pwd = '".mysql_real_escape_string($_GET['pwd'])."'"));
$q=mysql_query("SELECT * FROM users WHERE `usr` = '".mysql_real_escape_string($_GET['usr'])."' && `pwd` = '".mysql_real_escape_string($_GET['pwd'])."';");
$war=mysql_fetch_array($q);
$set['title']='Панель Библиотеки';
head();
title ();
if($tikr == 1 AND $war['adm'] >= 2)
{
if ($_GET[nw] == "new")
{ new_letter();}
elseif($_GET[nw] == "writing")
{library_write();}
elseif($_GET[nw] == "list")
{lists();}
elseif($_GET[nw] == "delete_library")
{delete_library();}
elseif($_GET[nw] == "list_library")
{list_library();}
elseif($_GET[nw] == "change_library")
{change();}
elseif ($_GET[nw] == "")
{main();}
} else {
echo "<div class="main"><div class="in">";
echo "Сдесь тебе находится нельзя, прошу выйти!";
echo "<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">[выйти]</a>";
}
foot();
?>