File size: 4.06Kb
<?php
// by mides (Mike O.), coolcms.mobi
require_once '../system/sys.php';
require_once '../system/auth_a.php';
require_once '../system/header.php';
if (!access(1)) {
redirect(HTTPHOME);
}
switch ($act) {
default:
tp($lang['news_management']);
note();
$total = mysql_result(mysql_query("SELECT COUNT(`id`) FROM `news`"), 0);
if ($total > 0) {
$pages = ceil($total / $config['onpage']);
if ($page > $pages or $page == 0) {
$page = 1;
}
$begin = ($page - 1) * $config['onpage'];
$news_r = mysql_query("SELECT * FROM `news` ORDER BY `time` DESC LIMIT $begin, $config[onpage]");
while ($news = mysql_fetch_assoc($news_r)) {
echo '<a href="../news.php?act=view&id='.$news['id'].'">'.$news['name'].'</a> ('.ccdate($news['time'], 0).') <a href="?act=edit&id='.$news['id'].'">'.$lang['edit'].'</a><br />';
}
navig($page, '?', $pages);
}
echo '<br /><a href="?act=add" class="button">'.$lang['add_news'].'</a></div>';
nav('./');
break;
case 'add':
if ($ok) {
$_SESSION['title'] = $_POST['title'];
$_SESSION['text'] = $_POST['text'];
if ($_POST['name'] and $_POST['text']) {
$name = check($_POST['name']);
$text = check($_POST['text']);
mysql_query("INSERT INTO `news`(`name`,`text`,`time`) VALUES('$name', '$text', '".TIME."')");
redirect('?');
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=add');
}
} else {
$ses_title = !empty($_SESSION['title']) ? $_SESSION['title'] : '';
$ses_text = !empty($_SESSION['text']) ? $_SESSION['text'] : '';
tp($lang['add_news']);
note();
echo '<form name="form" action="?act=add&ok=1" method="post" name="form">
'.$lang['title'].'(max50):<br/><input name="name" type="text" value="'.$ses_title.'" maxlength="50" /><br />
'.$lang['text'].':<br /><textarea name="text" rows="5">'.$ses_text.'</textarea><br />
<input name="submit" type="submit" value="Ok" /></form>
</div>';
nav('?');
}
break;
case 'edit':
if ($ok) {
if (empty($_POST['del'])) {
if ($_POST['name'] && $_POST['text']) {
$name = check($_POST['name']);
$text = check($_POST['text']);
mysql_query("UPDATE `news` SET `name` = '$name', `text` = '$text' WHERE `id` = '$id'");
$_SESSION['note'] = $lang['all_changes_saved'];
redirect(HTTPHOME.'/news.php?act=view&id='.$id);
} else {
$_SESSION['note'] = $lang['the_fields_cant_be_blank'];
redirect('?act=edit&id='.$id);
}
} else {
mysql_query("DELETE FROM `news` WHERE `id` = '$id'");
mysql_query("DELETE FROM `news_comm` WHERE `id_news` = '$id'");
$_SESSION['note'] = $lang['the_news_has_been_del'];
redirect('?');
}
} else {
$news = mysql_fetch_assoc(mysql_query("SELECT `name`, `text` FROM `news` WHERE `id` = '$id'"));
tp($lang['editing_news']);
note();
echo '<form name="form" action="?act=edit&id='.$id.'&ok=1" method="post" name="form">
'.$lang['title'].'(max50):<br /><input name="name" type="text" maxlength="50" value="'.$news['name'].'" /><br />
'.$lang['text'].':<br /><textarea name="text" rows="5">'.$news['text'].'</textarea><br />
<input name="del" type="checkbox" value="1" />'.$lang['delete'].'<br />
<input name="submit" type="submit" value="Ok" /></form>';
nav('?');
}
break;
}
require_once '../system/tail_p.php';
?>