Файл: public_html/page/news.php
Строк: 31
<?php
if (!defined('BASE_DIR')) { exit(header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found', true)); }
$obEngine->addTitleHtml('Новости');
if (isset($_SESSION['user_id']) && $users_info['status'] == 1)
{
if (isset($_POST['title']))
{
$title = filter_var($_POST['title'], FILTER_SANITIZE_STRING);
$text = filter_var($_POST['text'], FILTER_SANITIZE_STRING);
$mysqli->query("INSERT INTO `".PREFIX."_news`
(
`time_add`,
`title`,
`text`
)
VALUES
(
NOW(),
'".$title."',
'".$text."'
)");
exit(header('Location: /news.php'));
}
}
?>
<div class="wrapper">
<div class="main">
<div class="m_left">
<div class="m_title">Новости</div>
<?php
$query = $mysqli->query("SELECT * FROM `".PREFIX."_news`");
if ($query->num_rows)
{
while ($res = $query->fetch_assoc())
{
?>
<div class="m_news">
<div class="m_news_title"><b> <?php echo $res['title']; ?></b> <div class="m_news_date"><?php echo date("d.m.Y", strtotime($res['time_add'])); ?></div></div>
<div class="m_news_text"><?php echo $res['text']; ?></div>
</div>
<?php
}
}
else
{
?>новостей нет<?php
}
if (isset($_SESSION['user_id']) && $users_info['status'] == 1)
{
?>
<form style="margin-top: 30px;" name="form1" action="?mode=add" method="post">
<div class="m_l">
<div class="m_name"><b style="color:red;">*</b> Заголовок:</div>
<div class="m_pole"><input type="text" name="title" maxlength="200" class="tt"></div>
</div>
<div class="m_l">
<div class="m_name"><b style="color:red;">*</b> Новость:</div>
<div class="m_pole"><textarea name="text" class="t_textarea" cols="40" rows="6" maxlength="1000"></textarea></div>
</div>
<div class="m_l"><button style="float:right;">Добавить</button></div>
</form>
<?php
}
?>
</div>
<?php include 'module/user_menu.php'; ?>
</div>
</div>