Файл: rusikanlove/rusikanlove/admin/news.php
Строк: 99
<?php
require_once"".$_SERVER['DOCUMENT_ROOT']."/template/session.php";
require_once"".$_SERVER['DOCUMENT_ROOT']."/ini.php";
include_once"".$_SERVER['DOCUMENT_ROOT']."/funct/pages.ini.php";
$id = $_SESSION['id'];
$auth_u = mysql_query("SELECT id FROM user WHERE id='$id'");
if(mysql_num_rows($auth_u)=="0"){ session_destroy(); header('Location: /index.php');}
if($_SESSION['auth']=="1"){
//достаём логин и левел из таблицы
$zzz = mysql_query("SELECT login,level FROM user WHERE id='$id'");
$au = mysql_fetch_array($zzz);
$login = $au['login'];
$lev = $au['level'];
mysql_query("UPDATE user SET time='$time' WHERE id='$id'");
//проверка на админа
if($lev=="6"){
if(isset($_GET['m'])){ $m = $_GET['m']; } else { $m = "0"; }
//ВЫВОД НОВОСТЕЙ
if($m=="0"){
$url = "news.php?m=0&";
$wf = 5; //количество сообщений на страницу
$x = mysql_query("SELECT * FROM `news`");
$tp = mysql_num_rows($x);
$mp = ceil($tp/$wf);
$page = (int)$_GET['page'];
if($page < 1){ $page = 1; }
if($page > $mp){ $page = $mp; }
$start = $page * $wf - $wf;
if(!preg_match('#^[0-9]{1,3}$#i',$page)) $page=1;
if(mysql_num_rows($x)!="0"){
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/news.png" alt="." />Новости</b></div>';
$z = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT $start,$wf");
while($arr = mysql_fetch_array($z)){
echo'<img src="../image/icon/rec.png" alt="." /><b>'.$arr['title'].'</b>
<a href="?m=2&ids='.$arr['id'].'">[x]</a><br />
'.$arr['date'].'<br />
'.$arr['msg'].'<br />';
}
page($tp,$page,$wf,$url);
echo'<br /><form action="news.php?m=1&'.sid.'" method="post">
*Название:<br />
<input name="title" type="text" /><br />
*Текст новости:<br />
<input name="msg" type="text" maxlength="300" /><br />
<input type="submit" value="добавить">
</form><br />';
echo'<br />«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="" /><a href="../menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
} else {
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/news.png" alt="." />Новости</b></div>';
echo'На данный момент нету ни одной новости<br />
<br /><form action="news.php?m=1&'.sid.'" method="post">
*Название:<br />
<input name="title" type="text" /><br />
*Текст новости:<br />
<input name="msg" type="text" maxlength="300" /><br />
<input type="submit" value="добавить">
</form><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="." />
<a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
}
}
//ДОБАВЛЕНИЕ НОВОСТИ
if($m=="1"){
if($_POST['msg']!=""){
if($_POST['title']!=""){
$title = trim(htmlspecialchars(addslashes($_POST['title'])));
$msg = trim(htmlspecialchars(addslashes($_POST['msg'])));
mysql_query("INSERT INTO news SET date=CURRENT_TIMESTAMP(),title='$title',msg='$msg'");
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/news.png" alt="" />Новости</b></div>';
echo'Сообщение добавлено<br />
«<a href="news.php">Новости</a><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="." />
<a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
} else {header('Location: news.php?'.sid.'');}
} else {header('Location: news.php?'.sid.'');}
}
//УДАЛЕНИЕ НОВОСТИ
if($m=="2"){
if(preg_match('#^[d]{1,10}$#',$_GET['ids'])){
$ids = $_GET['ids'];
mysql_query("DELETE FROM news WHERE id='$ids'");
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/head.php";
echo'<div class="r"><img src="/image/icon/news.png" alt="." />Новости</b></div>';
echo'Сообщение удалено<br />
«<a href="news.php">Новости</a><br />
«<a href="index.php">Админка</a><br />
<img src="/image/icon/home.png" alt="." />
<a href="/menu.php">Меню</a><br />';
include_once"".$_SERVER['DOCUMENT_ROOT']."/template/foot.php";
} else {header('Location: news.php?'.sid.'');}
}
} else {header('Location: /menu.php?'.sid.'');}
} else { session_destroy(); header('Location: /index.php'); }
?>