Файл: new_fanland/cpan/news.php
Строк: 171
<?
include_once"../cfg.php";
include_once "../db.php";
function main()
{
echo"<div class="main"><div class="in">";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list">Просмотреть все новости</a><br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Создать новую новость</a><br/>";
echo"--------<br/>";
echo"<a href="index.php?usr=$_GET[usr]&pwd=$_GET[pwd]">НАЗАД</a>";
}
function new_letter()
{
echo"<div class="main"><div class="in">";
echo"<form action="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=writing" method="post">";
echo"Название:<br/><input type="text" name="title"><br/>";
echo"Текст новости:<br/><input type="text" name="text"><br/>";
echo"<input type="submit" value="сохранить" class="ibutton"></form>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]">НАЗАД</a>";
}
function news_write()
{
if (empty($_POST[title]))
{
echo"<div class="main"><div class="in">";
echo"<b>Вы не ввели название новости!</b><br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">НАЗАД</a>";
}
elseif (empty($_POST[text]))
{
echo"<div class="main"><div class="in">";
echo"<b>Вы не ввели текст новости!</b><br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Назад</a>";
}
elseif (isset($_POST[title]) AND isset($_POST[text]))
{
$title = stripslashes(htmlspecialchars($_POST[title]));
$text = stripslashes(htmlspecialchars($_POST[text]));
$date = time();
$nick = $_GET['usr'];
$title = iconv("utf-8","windows-1251",$title);
$text = iconv("utf-8","windows-1251",$text);
$nick = iconv("utf-8","windows-1251",$nick);
mysql_query("INSERT INTO news (title,text,nick,time) VALUES ('$title','$text','$nick','$date')");
echo"<div class="main"><div class="in">";
echo"<b>Вы успешно добавили новость!</b><br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=new">Добавить еще одну</a><br/>";
echo"<a href="../main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">На главную</a>";
}
}
function lists()
{
echo"<div class="main"><div class="in">";
$result = mysql_result(mysql_query("SELECT COUNT(*) FROM `news`"),0);
$whiel = mysql_query("SELECT id, title FROM news");
$lists = mysql_fetch_array($whiel);
if ($result == 0)
{ echo "--Новостей неТ--"; }
else{
do{
$lists[title] = iconv("windows-1251","utf-8",$lists[title]);
printf("<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=%s&nw=list_news">%s</a><br/>",$lists[id],$lists[title]);
} while($lists = mysql_fetch_array($whiel));
}
echo"<br/>-----<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=">Назад</a>";
}
function list_news()
{
$whiel = mysql_query("SELECT * FROM news WHERE id='$_GET[id]'");
$lists = mysql_fetch_array($whiel);
$lists[title] = iconv("windows-1251","utf-8",$lists[title]);
$lists[text] = iconv("windows-1251","utf-8",$lists[text]);
echo"<div class="main"><div class="in">";
echo"<form action="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=$_GET[id]&nw=change_news" method="post">";
echo"Название новости:<br/><input type="text" name="title" value="$lists[title]"><br/>";
echo"Текст новости:<br/><input type="text" name="text" value="$lists[text]"><br/>";
echo"<input type="submit" value="Изменить" class="ibutton"></form>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&id=$_GET[id]&nw=delete_news">Удалить новость</a><br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
function delete_news()
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1"), 0)==1)
{
mysql_query("DELETE FROM `news` WHERE `id` = '".intval($_GET['id'])."' LIMIT 1");
mysql_query("OPTIMIZE TABLE `news`");
echo"<div class="main"><div class="in">";
echo"Вы успешно удалили новость!<br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
} else
{
echo"<div class="main"><div class="in">";
echo"Ошибка!<br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]">Назад</a>";
}
}
function change()
{
if (empty($_POST[title]))
{
echo"<div class="main"><div class="in">";
echo"Пустое поле названия новости!<br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list_news">Назад</a>";
}
elseif (empty($_POST[text]))
{
echo"<div class="main"><div class="in">";
echo"Пустое поле текста новости!<br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&nw=list_news">Назад</a>";
}
elseif (isset($_POST[title]) AND isset($_POST[text]))
{
$_POST[title] = iconv("utf-8","windows-1251",$_POST[title]);
$_POST[text] = iconv("utf-8","windows-1251",$_POST[text]);
mysql_query("UPDATE `news` SET `title` = '".mysql_real_escape_string($_POST['title'])."', `text` = '".mysql_real_escape_string($_POST['text'])."' WHERE `id` = '$_GET[id]' LIMIT 1");
echo"<div class="main"><div class="in">";
echo"Вы успешно изменили новость!<br/>";
echo"--------<br/>";
echo"<a href="news.php?usr=$_GET[usr]&pwd=$_GET[pwd]&">Назад</a>";
}
}
$db_connection = mysql_connect($db_host, $db_user, $db_pass);
$db = mysql_select_db($db_table, $db_connection);
mysql_query('SET NAMES cp1251');
$tikr = mysql_num_rows(mysql_query("SELECT usr, pwd FROM users WHERE usr = '$_GET[usr]' AND pwd = '$_GET[pwd]'"));
$q=mysql_query("SELECT * FROM users WHERE `usr` = '$_GET[usr]' && `pwd` = '$_GET[pwd]';");
$war=mysql_fetch_array($q);
$set['title']='Новостная панель';
head();
title ();
if($tikr == 1 AND $war[adm] >= 2)
{
if ($_GET[nw] == "new")
{ new_letter();}
elseif($_GET[nw] == "writing")
{news_write();}
elseif($_GET[nw] == "list")
{lists();}
elseif($_GET[nw] == "delete_news")
{delete_news();}
elseif($_GET[nw] == "list_news")
{list_news();}
elseif($_GET[nw] == "change_news")
{change();}
elseif ($_GET[nw] == "")
{main();}
} else {
echo "<div class="main"><div class="in">";
echo "Сдесь тебе находится нельзя, прошу выйти!";
echo "<a href="/main.php?usr=$_GET[usr]&pwd=$_GET[pwd]">[выйти]</a>";
}
foot();
?>