View file blogs/blog.php

File size: 3.95Kb
<?php
// by Mike O. (mides), coolcms.org

$title = 'Блоги';
require_once '../includes/sys.php';
require_once '../includes/header.php';

$type = 'blogs';

switch ($act) {
    default:
        if ($u['id']) {
			$cats_r = mysql_query("SELECT * FROM `blogs_cats` ORDER BY `name`");
			if (mysql_num_rows($cats_r)) {
				if ($ok) {
					$cat = abs(intval($_POST['cat']));
					$name = check($_POST['name']);
					$text = check($_POST['text']);
					$code = abs(intval($_POST['code']));
					if ($cat and $name and $text and $code) {
						if ($_SESSION['code'] == $code) {
							mysql_query("INSERT INTO `blogs` SET `id_cat` = '$cat', `id_user` = '$u[id]', `name` = '$name', `text` = '$text', `time` = '".TIME."'");
							$last_id = mysql_insert_id();
							redirect('index.php?act=view&id='.$last_id);
						} else {
							error('Неверный код.');
							nav('?act=note_add');
						}
					} else {
						redirect('?act=note_add');
					}
				} else {
					tp('<a href="index.php">Блоги</a>&raquo; '.$lang['compose']);
					echo '<div class="body"><form name="form" action="?ok=1" method="post">
					'.$lang['choose_a_category'].':<br /><select name="cat">';
					$cat_r = mysql_query("SELECT * FROM `blogs_cats` ORDER BY `name`");
					while ($cat = mysql_fetch_assoc($cat_r)) {
						echo '<option value="'.$cat['id'].'">'.$cat['name'].'</option>';
					}
					echo '</select><br />
					'.$lang['name'].'(max50):<br /><input name="name" type="text" maxlength="50" /><br />
					'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="5"></textarea><br />
					Провер. код:<br />
					<img src="../images/code.php" alt="" /><br />
					<input name="code" maxlength="5" /><br />
					<input name="submit" type="submit" value="Ok" />
					</form><br />
					<a href="index.php?">Блоги</a>&raquo; Написать
					</div>';
				}
			} else {
				redirect('index.php');
			}
        } else {
            redirect('index.php');
        }
    break;

    case 'note_edit':
		if (access(2)) {
			$blog = mysql_fetch_assoc(mysql_query("SELECT * FROM `blogs` WHERE `id` = '$id'"));
			if ($blog['id']) {
				if ($ok) {
					$name = check($_POST['name']);
					$text = check($_POST['text']);
					if ($name and $text) {
						mysql_query("UPDATE `blogs` SET `name` = '$name', `text` = '$text' WHERE `id` = '$id'");
						redirect('index.php?act=view&id='.$id);
					} else {
						redirect('?act=note_edit&id='.$id);
					}
				} else {
					tp('<a href="index.php?act=view&amp;id='.$id.'">Просмотр</a>&raquo; Ред-ть');
					echo '<div class="body">
					<form name="form" action="?act=note_edit&amp;id='.$id.'&amp;ok=1" method="post">
					'.$lang['name'].'(max50):<br /><input name="name" type="text" maxlength="50" value="'.$blog['name'].'" /><br />
					'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="5">'.$blog['text'].'</textarea><br />
					<input name="submit" type="submit" value="Ok" />
					</form><br />
					<a href="index.php?act=view&amp;id='.$id.'">Просмотр</a>&raquo; Ред-ть
					</div>';
				}
			} else {
				redirect('?');
			}
		} else {
			redirect('?');
		}
    break;

    case 'note_del':
		if (access(3)) {
			$blog = mysql_fetch_assoc(mysql_query("SELECT * FROM `blogs` WHERE `id` = '$id'"));
			if ($blog['id']) {
				if ($ok) {
					mysql_query("DELETE FROM `blogs` WHERE `id` = '$blog[id]'");
					redirect('index.php?act=cat&id='.$blog['id_cat']);
				} else {
					tp('Подтвердите');
					echo '<div class="body">'.$lang['are_you_sure_del'].' "'.$blog['name'].'"?<br />
					<form name="form" action="?act=note_del&amp;id='.$id.'&amp;ok=1" method="post">
					<input name="submit" type="submit" value="Yeah" />
					</form>
					</div>
					';
				}
			} else {
				redirect('?');
			}
		} else {
			redirect('?');
		}
    break;	
	
	
	
	
	
	
	
	
	
	
	
}

require_once '../includes/tail.php';
?>