Просмотр файла admin_dfbdaba8c8508412d239e603506162f8/news.php

Размер файла: 4.5Kb
<?
include_once "../SYSTEM/include/functions.php";
include_once BASEDIR."SYSTEM/include/mysql.php";
include_once BASEDIR."SYSTEM/include/param.php";
include_once BASEDIR."SYSTEM/include/ban.php";
include_once BASEDIR."SYSTEM/include/sess.php";
include_once BASEDIR."SYSTEM/include/ban_2.php";
include_once BASEDIR."SYSTEM/include/theme.php";
$title='Новости';
$mesto='В админке';
head();
if (!isset($user) || $user['level']<3)
{
header ("Location: ../index.php?".SID."");
exit;
}


echo "<div class=\"h\">Новости</div><hr />\n";
if ($mail_in_new>0)echo "<div class=\"privat\"><img src=\"../SYSTEM/themes/$them/img/mail0.gif\" alt=\"\" /> <a href=\"../mail.php?act=in\">Приват</a> [$mail_in_new]</div><hr />\n";


if (isset($_GET['msg']))
{
$msg=$_GET['msg'];
echo "<span style=\"color:$color[msg]\"><b>";
if ($msg=='add'){echo "Новость добавлена";}
echo "</b></span><br />";
}


if (isset($_GET['act']) && $_GET['act']=='add' && isset($_POST['msg']))
{
$msg=$_POST['msg'];
$msg = iconv('utf-8', 'windows-1251', $msg);
$msg=substr($msg, 0, 512);


$name=mysql_escape_string($_POST['title']);
$name=stripslashes(htmlspecialchars($name));
$name=trim($name);
$name = iconv('utf-8', 'windows-1251', $name);
$name=substr($name, 0, 32);

if (strlen($name)<3){$name=substr($msg, 0, 32);$name.='...';}

$name = iconv('windows-1251', 'utf-8', $name);
$msg = iconv('windows-1251', 'utf-8', $msg);
$msg=stripslashes(htmlspecialchars($msg));
$msg=str_replace("\r\n","<br />",$msg);
$msg=str_replace("\r","<br />",$msg);
$msg=str_replace("\n","<br />",$msg);



if (isset($_POST['tr']))
{
$name=translit($name);
$msg=translit($msg);
}





$msg=eregi_replace("((https?|ftp)://[[:alnum:]_=/-]+(\\.[[:alnum:]_=/-]+)*(/[[:alnum:]+&amp;._=/~%#]*(\\?[[:alnum:]?+&amp;_=/%#]*)?)?)", "<a href='\\1'>\\1</a>", $msg);


if ($msg=='')
{
header("Location: index.php?".SID."");
exit;
}





if (isset($_POST['mail']))
{
$q = mysql_query("SELECT email FROM `$mysql[pref]users` WHERE `send_news` = '1';");
while ($ank = mysql_fetch_array($q))
{
$email=$ank['email'];

$subject = "Новости ($set[title])";
$regmail = "$name\n\n$msg\n\nC уважением, администрация сайта";
$adds = "From: <$set[mail]>\n";
$adds .= "X-sender: <$set[mail]>\n";
$adds .= "Content-Type: text/plain; charset=utf-8\n";
mail($email,$subject,$regmail,$adds);


}



}


$id_t=rand(1,999999999);

mysql_query("INSERT INTO `$mysql[pref]forum_t` (id, name, t_create, time_last, autor, id_r, id_us, id_f, crep)
values('$id_t', '$name', '$time', '$time', '$user[nickname]', '$id_news_razd', '$user[id]', '$id_news_forum', '1')");


mysql_query("INSERT INTO `$mysql[pref]forum_p` (id_f, id_r, id_t, nick, time, msg, ip, ua, id_us)
values('$id_news_forum', '$id_news_razd', '$id_t', '$user[nickname]', '$time', '$msg', '$ip_p', '$ua_p', '$user[id]')");

mysql_query("INSERT INTO `$mysql[pref]news` (nick, time, text, title, id_t)
values('$user[nickname]', '$time', '$msg', '$name', '$id_t')");
action("Добавление новости");


header("Location: news.php?".SID."msg=add");

exit;
}


$q = mysql_query("SELECT COUNT(id) FROM `$mysql[pref]news`;");
if (mysql_result($q, 0)>0)
{
$q = mysql_query("SELECT MAX(id) FROM `$mysql[pref]news`;");
$max_id_news=mysql_fetch_array($q);
$q = mysql_query("SELECT * FROM `$mysql[pref]news` WHERE `id` = '$max_id_news[0]';");
$news = mysql_fetch_array($q);
echo "<div class=\"mess\">\n";
echo "<b>$news[title]</b><br />\n";
echo "".vremja($news['time'])."";
echo "<br />\n";
echo "<span style=\"color:$color[post]\">".smiles($news['text'])."</span>";
echo "</div>\n";


echo "<br />\n";



}
else
{
echo "Нет новостей<br />\n";
}



echo "<form method=\"post\" action=\"news.php?act=add\">\n";

echo "Новая новость:<br />\n";
echo "Заголовок:<br />\n<input name=\"title\" class=\"form\" value=\"\" type=\"text\" /><br />\n";
echo "Новость: <br />\n<textarea name=\"msg\" class=\"form\" rows=\"3\"></textarea><br />\n";
echo "<input type=\"checkbox\" name=\"tr\" value=\"1\" /> Транслит<br />\n";
echo "<input type=\"checkbox\" name=\"mail\" value=\"1\" /> Рассылка<br />\n";
echo "<input value=\"Добавить\" class=\"form\" type=\"submit\" />\n";
echo "</form>";




echo "<hr /><a href=\"index.php\">&lt;&lt; Админка</a>\n";
echo "<br /><a href=\"../index.php\">&lt;&lt; На главную</a>\n";

foot();
?>