Файл: editnews.php
Строк: 60
<?php
require('includes/header.php');
require('includes/utils.php');
require('includes/db.php');
require('includes/auth.php');
if(isset($_GET['action']) && $_GET['action'] == 'rename')
{
mysql_query('UPDATE news SET text = "' . addslashes($_POST['text']) . '", date = CURRENT_TIMESTAMP WHERE id = "' . (int)$_GET['link_id'] . '"');
}
if(isset($_GET['action']) && $_GET['action'] == 'delete')
{
mysql_query('DELETE FROM news WHERE id = "' . (int)$_GET['link_id'] . '"');
?>
<wml>
<card id="added" title="added" ontimer="viewnews.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>"><timer value="15"/>
<p>
Новость удалена<br/>
</p>
</card>
</wml>
<?php
exit;
}
?>
<wml>
<head><meta http-equiv="Cache-Control" content="no-cache" forua="true"/></head>
<card id="links" title="Менеджер файлов">
<do type="options" name="main" label="Меню"><go href="main.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>"/></do>
<p>
<?php
$links_list = '';
$links = mysql_query('SELECT id, text, date FROM news WHERE user_id = "' . (int)($_GET['id']) . '" AND id = "' . (int)$_GET['link_id'] . '"');
if(($n = mysql_num_rows($links)) > 0)
{
$link = mysql_fetch_array($links, MYSQL_ASSOC);
}
?>
<br/>
Текст новости:<br/>
<input name="text" type="text" maxlength="255" value="<?php echo $link['text']; ?>" title="page"/><br/>
<anchor title="go">Ok<go href="editnews.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>&link_id=<?php echo $link['id']; ?>&action=rename" method="post">
<postfield name="text" value="$(text)"/>
</go></anchor><br/>
*********<br/>
<a href="editnews.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>&link_id=<?php echo $link['id']; ?>&action=delete">Удалить</a><br/>
*********<br/>
<a href="viewnews.php?id=<?php echo $id; ?>&p=<?php echo $login; ?>">К списку</a><br/>
</p>
</card>
</wml>