File size: 3.95Kb
<?php
// by Mike O. (mides), coolcms.org
$title = 'Блоги';
require_once '../includes/sys.php';
require_once '../includes/header.php';
$type = 'blogs';
switch ($act) {
default:
if ($u['id']) {
$cats_r = mysql_query("SELECT * FROM `blogs_cats` ORDER BY `name`");
if (mysql_num_rows($cats_r)) {
if ($ok) {
$cat = abs(intval($_POST['cat']));
$name = check($_POST['name']);
$text = check($_POST['text']);
$code = abs(intval($_POST['code']));
if ($cat and $name and $text and $code) {
if ($_SESSION['code'] == $code) {
mysql_query("INSERT INTO `blogs` SET `id_cat` = '$cat', `id_user` = '$u[id]', `name` = '$name', `text` = '$text', `time` = '".TIME."'");
$last_id = mysql_insert_id();
redirect('index.php?act=view&id='.$last_id);
} else {
error('Неверный код.');
nav('?act=note_add');
}
} else {
redirect('?act=note_add');
}
} else {
tp('<a href="index.php">Блоги</a>» '.$lang['compose']);
echo '<div class="body"><form name="form" action="?ok=1" method="post">
'.$lang['choose_a_category'].':<br /><select name="cat">';
$cat_r = mysql_query("SELECT * FROM `blogs_cats` ORDER BY `name`");
while ($cat = mysql_fetch_assoc($cat_r)) {
echo '<option value="'.$cat['id'].'">'.$cat['name'].'</option>';
}
echo '</select><br />
'.$lang['name'].'(max50):<br /><input name="name" type="text" maxlength="50" /><br />
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="5"></textarea><br />
Провер. код:<br />
<img src="../images/code.php" alt="" /><br />
<input name="code" maxlength="5" /><br />
<input name="submit" type="submit" value="Ok" />
</form><br />
<a href="index.php?">Блоги</a>» Написать
</div>';
}
} else {
redirect('index.php');
}
} else {
redirect('index.php');
}
break;
case 'note_edit':
if (access(2)) {
$blog = mysql_fetch_assoc(mysql_query("SELECT * FROM `blogs` WHERE `id` = '$id'"));
if ($blog['id']) {
if ($ok) {
$name = check($_POST['name']);
$text = check($_POST['text']);
if ($name and $text) {
mysql_query("UPDATE `blogs` SET `name` = '$name', `text` = '$text' WHERE `id` = '$id'");
redirect('index.php?act=view&id='.$id);
} else {
redirect('?act=note_edit&id='.$id);
}
} else {
tp('<a href="index.php?act=view&id='.$id.'">Просмотр</a>» Ред-ть');
echo '<div class="body">
<form name="form" action="?act=note_edit&id='.$id.'&ok=1" method="post">
'.$lang['name'].'(max50):<br /><input name="name" type="text" maxlength="50" value="'.$blog['name'].'" /><br />
'.bbpanel('form', 'text').'<textarea name="text" cols="" rows="5">'.$blog['text'].'</textarea><br />
<input name="submit" type="submit" value="Ok" />
</form><br />
<a href="index.php?act=view&id='.$id.'">Просмотр</a>» Ред-ть
</div>';
}
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
case 'note_del':
if (access(3)) {
$blog = mysql_fetch_assoc(mysql_query("SELECT * FROM `blogs` WHERE `id` = '$id'"));
if ($blog['id']) {
if ($ok) {
mysql_query("DELETE FROM `blogs` WHERE `id` = '$blog[id]'");
redirect('index.php?act=cat&id='.$blog['id_cat']);
} else {
tp('Подтвердите');
echo '<div class="body">'.$lang['are_you_sure_del'].' "'.$blog['name'].'"?<br />
<form name="form" action="?act=note_del&id='.$id.'&ok=1" method="post">
<input name="submit" type="submit" value="Yeah" />
</form>
</div>
';
}
} else {
redirect('?');
}
} else {
redirect('?');
}
break;
}
require_once '../includes/tail.php';
?>