Файл: spuff.ru/panel/news.php
Строк: 95
<?php
require_once '../includes/sys.php';
require_once '../includes/auth_a.php';
require_once '../includes/header.php';
if (!access(2)) {
redirect(HTTPHOME);
}
switch ($act) {
default:
tp('<a href="./">АДМ</a>» Новости');
note();
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `news`"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$news_r = mysql_query("SELECT * FROM `news` ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($news = mysql_fetch_assoc($news_r)) {
echo '<div class="raz"><a href="/news/index.php?act=view&id='.$news['id'].'">'.$news['name'].'</a> ('.ccdate($news['time'], 0).') [<a href="?act=edit&id='.$news['id'].'">Изменить</a>]</div>';
}
}
echo '<div class="raz" style="text-align:center"><a href="?act=add">Добавить новость</a></div>';
navig($page, '?', $pages);
break;
case 'add':
if ($ok) {
$_SESSION['title'] = $_POST['title'];
$_SESSION['text'] = $_POST['text'];
if ($_POST['name'] and $_POST['text']) {
$name = check($_POST['name']);
$text = check($_POST['text']);
mysql_query("INSERT INTO `news`(`name`,`text`,`time`) VALUES('$name', '$text', '".TIME."')");
unset($_SESSION['title']);
unset($_SESSION['text']);
redirect('?');
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=add');
}
} else {
$ses_title = !empty($_SESSION['title']) ? $_SESSION['title'] : '';
$ses_text = !empty($_SESSION['text']) ? $_SESSION['text'] : '';
tp('<a href="?">Новости</a>» Добавить');
echo '<div class="body">';
note();
echo '<form name="form" action="?act=add&ok=1" method="post" name="form">
<b>Название(max50):</b><br/><input name="name" type="text" value="'.$ses_title.'" maxlength="50" /><br />
<b>Текст:</b><br /><textarea name="text" rows="5">'.$ses_text.'</textarea><br />
<input name="submit" type="submit" value="Ok" />
</form></div>';
}
break;
case 'edit':
if ($ok) {
if (empty($_POST['del'])) {
if ($_POST['name'] && $_POST['text']) {
$name = check($_POST['name']);
$text = check($_POST['text']);
mysql_query("UPDATE `news` SET `name` = '$name', `text` = '$text' WHERE `id` = '$id'");
$_SESSION['note'] = $lang['all_changes_saved'];
redirect(HTTPHOME.'/news/index.php?act=view&id='.$id);
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=edit&id='.$id);
}
} else {
mysql_query("DELETE FROM `news` WHERE `id` = '$id'");
mysql_query("DELETE FROM `news_comm` WHERE `id_news` = '$id'");
$_SESSION['note'] = 'Новость удалена';
redirect('?');
}
} else {
$news = mysql_fetch_assoc(mysql_query("SELECT `name`, `text` FROM `news` WHERE `id` = '$id'"));
tp('<a href="?">Новости</a>» Ред-е');
echo '<div class="body">';
note();
echo '<form name="form" action="?act=edit&id='.$id.'&ok=1" method="post" name="form">
<b>Название(max50):</b><br /><input name="name" type="text" maxlength="50" value="'.$news['name'].'" /><br />
<b>Текст:</b><br /><textarea name="text" rows="5">'.$news['text'].'</textarea><br />
<b>Удалить:<b> <input name="del" type="checkbox" value="1" /><br />
<input name="submit" type="submit" value="Ok" /></form></div>';
}
break;
}
require_once '../includes/tail.php';
?>