View file wap-meet/admin/admin_news.php

File size: 4.03Kb
<?php
require_once('../system/config.php');
require_once('../system/functions.php');

	if ( ! $is_logged || $user_data['level'] != 100 ) {
		header('location: ' . $config['site']['home'], true, 302);
	}

$action = ! empty($_GET['action']) ? $_GET['action'] : '';
switch($action) {
default:

	echo head();
	$all = mysql_result(mysql_query('SELECT COUNT(*) FROM news'), 0);
		if ( $all < 1 ) {
			echo '<div class="menu">Новостей нет.</div>';
		} else {
			$pages = ceil($all / $config['site']['onpage']);
			if ($p > $pages) $p = $pages;
			if ($p < 1) $p = 1;
			$start = ($p - 1) * $config['site']['onpage'];
			$q = mysql_query("SELECT * FROM `news` ORDER BY `nid` DESC LIMIT $start, " . intval($config['site']['onpage']) . " ");
			while( $news = mysql_fetch_assoc($q) ) {
				echo '<div class="menu">' . htmlentities($news['news']) . '<br /><br />
				<b>Добавлено:</b> ' . date('d.m.y в H:i', $news['time']) . '<br/>
				<b>Разместил:</b> ' . htmlentities($news['author']) . '<br />
				&#187; <a href="?action=edit&amp;id=' . $news['nid'] . '">Редактировать</a> | <a href="?action=delete&amp;id=' . $news['nid'] . '">Удалить</a></div>';
			}
			echo navigation($p, $pages, $_SERVER['PHP_SELF'] . '?');
		}
	echo '<div class="menu2">Добавить новость</div>
	<div class="menu">
	<form action="?action=add" method="post" />
	Новость:<br />
	<textarea name="news" cols="40" rows="5"></textarea><br />
	<input type="submit" value="Добавить" /><br />
	</form>
	</div>';
	echo foot();
break;

case 'add':
	echo head();
		if ( empty($_POST['news']) ) {
			echo '<div class="menu">Введите текст новости.</div>';
		} elseif ( isset($_SESSION['news_timeout']) && ($_SESSION['news_timeout'] + 60 > $_SERVER['REQUEST_TIME']) ) {
			echo '<div class="menu">В течении минуты нельзя добавить более одной новости.</div>';
		} else {
			// Таймаут на создание новостей
			$_SESSION['news_timeout'] = $_SERVER['REQUEST_TIME'];
			mysql_query("INSERT INTO `news` SET
			`news` = '" . mysql_real_escape_string($_POST['news']) . "',
			`author` = '" . mysql_real_escape_string($user_data['login']) . "',
			`time` = '" . $_SERVER['REQUEST_TIME'] . "' ");
			echo '<div class="menu">Новость создана.</div>';
		}
	echo foot();
break;

case 'edit':
	echo head();
	if ( $id > 0) {
		$q = mysql_query("SELECT * FROM `news` WHERE `nid` = '" . $id . "' ");
			if ( mysql_num_rows($q) < 1) {
				echo '<div class="menu">Новость не найдена.</div>';
			} else {
				$news = mysql_fetch_assoc($q);
					if ( isset($_POST['action']) ) {
							if ( empty($_POST['news']) ) {
								echo '<div class="menu">Введите текст новости.</div>';
							} else {
								mysql_query("UPDATE `news` SET `news` = '" . mysql_real_escape_string($_POST['news']) . "' WHERE `nid` = '". $id . "' ");
								echo '<div class="menu">Новость отредактирована! <a href="' . $config['site']['home'] . 'admin/admin_news.php">К новостям</a></div>';
							}
					} else {
						echo '<div class="menu">
						<form action="?action=edit&amp;id=' . $id . '" method="post" />
						Новость:<br />
						<textarea name="news" cols="40" rows="5">' . htmlentities($news['news']) . '</textarea><br />
						<input type="submit" name="action" value="Изменить" />
						</form></div>';
					}
			}
	} else {
		echo '<div class="menu">Неверные параметры.</div>';
	}
	echo foot();
break;

case 'delete':
	echo head();
		if( $id > 0 ) {
			$q = mysql_query("SELECT * FROM `news` WHERE `nid` = '" . $id . "' ");
				if ( mysql_num_rows($q) < 1 ) {
					echo '<div class="menu">Новость не найдена.</div>';
				} else {
					mysql_query("DELETE FROM `news` WHERE `nid` = '" . $id . "' ");
					echo '<div class="menu">Новость удалена!</div>';
				}
		}
	echo foot();
break;
}