Файл: adm_news.php
Строк: 116
<?
include 'inc/db_connect.php';
include 'inc/function.php';
include 'inc/set.php';
include 'inc/adm_head.php';
require 'inc/adm.php';
echo '<div class="title">Новости ЗЦ.</div>';
if (isset($_GET['del']) && is_numeric($_GET['del']) && mysql_result(mysql_query("SELECT COUNT(*) FROM `news` WHERE `id` = '" . valid_int($_GET['del']) . "' LIMIT 1", $db), 0) == 1)
{
mysql_query("DELETE FROM `news` WHERE `id` = '" . valid_int($_GET['del']) . "' LIMIT 1");
mysql_query("OPTIMIZE TABLE `news`");
echo ('<div>Новость удалена</div>');
}
if (isset($_POST['title']) && isset($_POST['msg']) && isset($_POST['link']))
{
$title = esc($_POST['title'], 1);
$link = esc($_POST['link'], 1);
if ($link != null && !eregi('^https?://', $link) && !eregi('^/', $link))
$link = '/' . $link;
$msg = esc($_POST['msg']);
if (strlen2($title) > 32)
{
$err = 'Слишком большой заголовок новости<br />';
}
if (strlen2($title) < 3)
{
$err = 'Короткий заголовок<br />';
}
if (strlen2($msg) > 1024)
{
$err = 'Содержиние новости слишком большое<br />';
}
if (strlen2($msg) < 2)
{
$err = 'Новость слишком короткая<br />';
}
$msg = mysql_real_escape_string($msg);
if (!isset($err))
{
$ch = intval($_POST['ch']);
$mn = intval($_POST['mn']);
$main_time = time() + $ch * $mn * 60 * 60 * 24;
mysql_query("INSERT INTO `news` (`time`, `msg`, `title`, `main_time`, `link`) values('$time', '$msg', '$title', '$main_time', '$link')");
mysql_query("OPTIMIZE TABLE `news`");
echo ('<div>Новость успешно добавлена</div>');
}
}
if (isset($err) && !empty($err))
{
echo '<br />' . $err;
}
$k_post = mysql_result(mysql_query("SELECT COUNT(*) FROM `news`"), 0);
$k_page = k_page($k_post, $step);
$page = page($k_page);
$start = $step * $page - $step;
$q = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT $start, $step");
echo "<table class='post'>n";
if ($k_post == 0)
{
echo " <tr>n";
echo " <td class='p_t'>n";
echo "Нет новостейn";
echo " </td>n";
echo " </tr>n";
}
while ($post = mysql_fetch_array($q))
{
echo " <tr>n";
echo " <td class='p_t'>n";
echo "$post[title]n";
echo "(" . vremja($post['time']) . ")n";
echo " </td>n";
echo " </tr>n";
echo " <tr>n";
echo " <td class='p_m'>n";
echo trim(br(bbcode(links(stripcslashes(htmlspecialchars($post['msg'])))))) . "<br />n";
if ($post['link'] != null)
echo "Ссылка $post[link]<br />n";
echo "<a href="adm_news.php?page=$page&del=$post[id]">Удалить новость</a><br />n";
echo " </td>n";
echo " </tr>n";
}
echo "</table>n";
if ($k_page > 1)
{
echo str('adm_news.php?', $k_page, $page);
}
echo "<form method="post" action="adm_news.php">n";
echo "Заголовок новости:<br />n<input name="title" size="16" maxlength="32" value="" type="text" /><br />n";
echo "Текст новости:<br />n<textarea name="msg" ></textarea><br />n";
echo "Ссылка:<br />n<input name="link" size="16" maxlength="64" value="" type="text" /><br />n";
echo "Показывать на главной:<br />n";
echo "<input type="text" name="ch" size='3' value="1" />n";
echo "<select name="mn">n";
echo " <option value="0" selected='selected'> </option>n";
echo " <option value="1">Дней</option>n";
echo " <option value="7">Недель</option>n";
echo " <option value="31">Месяцев</option>n";
echo "</select><br />n";
echo "<input value="Добавить" type="submit" />n";
echo "</form>n";
include 'inc/adm_foot.php';
?>