Просмотр файла news.php

Размер файла: 7.2Kb
<?
session_start();

include "file/db.php";
include "file/config.php";
if ($autorize)
{
include "style/".$autorize['skin']."/head.php";
}
else
{
include "style/".$wap_skin."/head.php";
}
$date=date("Ymd");
echo "</center><div class='menu'><center>Новости<br/></center></div><div class='hr'></div><div class='tab'>";
if($autorize['id']<=2 && $autorize['id']>0)
{
print "<img src=\"style/".$autorize['skin']."/icon.png\" alt=\"*\"/><a href='?page=".$page."&amp;adm=add&amp;newsid=".$news[0]."&amp;".session_name()."=".session_id()."'>Добавить новость</a><div class='hr'></div>";
}
else
{
print "";
}
if($autorize['id']<=2 && $autorize['id']>0 && isset($_GET['adm']) && isset($_GET['newsid']))
{
switch ($_GET['adm'])
{
case 'add':
echo "<p align='center'><a class=\"main\" href=\"smile.php?".session_name()."=".session_id()."\">Смайлы</a>";
echo "<a class=\"main\" href=\"bb.php?".session_name()."=".session_id()."\">BB-Коды</a><div class='hr'></div>";
print '<form method="post" action="?page='.$page.'&amp;adm=newsadd&amp;newsid='.mysql_escape_string($_GET['newsid']).'&amp;'.session_name().'='.session_id().'">';
print "Текст новостей:<br/>";
print "<textarea name='msg' class='main' cols='32' rows='3'></textarea><br/>";
print "<input type='submit' class='main' value='Добавить'/>";
print "</form></p><div class='hr'></div>";
break;
case 'newsadd':

$error='';
if(empty($_POST['msg'])) $error.='Отсутствует сообщение<br/>';
if(preg_match("/^[\s]+[\s]+$/",$_POST['msg']))$error.='Отсутствует сообщение<br/>';
if(!empty($error))
{
print "<center><b>Ошибка!!!&nbsp;";
print "Причина:".$error."</b></center><div class='hr'></div>";

}

if(empty($error))
{

$q_msg = mysql_query("select * from `news` where (`id`='".mysql_escape_string($_GET['newsid'])."');");
$row_msg=mysql_fetch_array($q_msg);
$msg=$row_msg['msg'];

$msg=iconv_substr($_POST['msg'],0,20000,'utf-8');
$msg=str_replace("'","`",$msg);
$msg=mysql_escape_string($msg);
$msg=trim(htmlspecialchars($msg));
$smile_arr=scandir('smile');
$smile_arr[1]=natsort($smile_arr);
$fr=array();
$n=1;
foreach($smile_arr as $key => $value)
{
if(preg_match("/[gif]+$/",$value))
{
array_push($fr,':'.$n.':');
$n++;
}
}
$sm=array();
for($i=1; $i<=sizeof($fr); $i++)
{
array_push($sm,'<img src="smile/'.$i.'.gif" alt="smile"/>');}
$msg = str_replace($fr,$sm,$msg);
function links_preg1($arr)
{
return '<a href="'.$arr[2].'">'.$arr[2].'</a>';
}
function links_preg2($arr)
{
return $arr[1].'<a href="'.$arr[2].'">'.$arr[3].'</a>'.$arr[4];
}
  $msg = str_replace("[small]","<small>",$msg );
  $msg = str_replace("[/small]","</small>",$msg);
  $msg = str_replace("[black]","<font color = \"black\">",$msg );
  $msg = str_replace("[/black]","</font>",$msg);
  $msg = str_replace("[blue]","<font color = \"blue\">",$msg );
  $msg = str_replace("[/blue]","</font>",$msg);
  $msg = str_replace("[white]","<font color = \"white\">",$msg );
  $msg = str_replace("[/white]","</font>",$msg);
  $msg = str_replace("[green]","<font color = \"green\">",$msg );
  $msg = str_replace("[/green]","</font>",$msg);
  $msg = str_replace("[red]","<font color = \"red\">",$msg );
  $msg = str_replace("[/red]","</font>",$msg);
  $msg = str_replace("[big]","<big>",$msg );
  $msg = str_replace("[/big]","</big>",$msg);
  $msg = str_replace("[b]","<b>",$msg );
  $msg = str_replace("[/b]","</b>",$msg);
  $msg = str_replace("[i]","<i>",$msg);
  $msg = str_replace("[/i]","</i>",$msg);
  $msg = str_replace("[s]","<s>",$msg);
  $msg = str_replace("[/s]","</s>",$msg);
  $msg = str_replace("[u]","<u>",$msg);
  $msg = str_replace("[/u]","</u>",$msg);
  $msg=preg_replace_callback('~\[url=([a-z]+://[^ \r\n\t`\'"]+)\](.*?)\[/url\]~iu', 'links_preg1', $msg);
  $msg=preg_replace_callback('~(^|\s)([a-z]+://([^ \r\n\t`\'"]+))(\s|$)~iu', 'links_preg2', $msg);



$login = $autorize['log'];
$time="14400"; // Смещение в секундах от Гринвича
$date=gmdate('d.m.Y H:i',time()+$time);
$avatar=$autorize['avatar'];
$status=$autorize['id'];
$newsadd = mysql_query("INSERT INTO `news` SET `date` = '".$date."',`status` = '".$status."',`avatar` = '".$avatar."',`msg` = '".base64_encode($msg)."',`login` = '".$login."';");
print '<center><b>Новость успешно добавлена!!!</b></center><div class="hr"></div>';
}
break;

case 'del':


$del = mysql_query("SELECT `id` FROM `news` WHERE `id`='".mysql_escape_string($_GET['newsid'])."';");
if(mysql_num_rows($del) !== FALSE){mysql_query("DELETE FROM `news` WHERE `id` = '".mysql_escape_string($_GET['newsid'])."';");}
break;

exit;
}

}

if ($autorize)
{
$num = $autorize['kol_news'];
}
else
{
$num = 5;
}
if(empty($_GET['page']) || $_GET['page']<0)$_GET['page']=1;
$page = intval($_GET['page']);
$results = mysql_query('SELECT * FROM `news`');
$posts = mysql_num_rows($results);
$total = intval(($posts-1)/$num)+1;
if($page>$total) $page = $total;
$start = $page*$num-$num;

$result = mysql_query("SELECT * FROM `news` ORDER BY `id` DESC LIMIT $start, $num;");

if(mysql_affected_rows()==0)
{
 echo "<b>Новостей пока нет...</b><br/>";
}
else
{
while($news = mysql_fetch_array($result))
{
$r = mysql_query("SELECT * FROM `news` WHERE `avatar`= ".$news[5].";");
if(mysql_fetch_array($r))
{
echo "<img src=\"avatar/".$news[5].".gif\" height=\"32\" width=\"32\" alt=\"Аватар\" />\n";
}
else
{
echo "<img src=\"no.gif\" height=\"32\" width=\"32\" alt=\"Аватар\" />\n";
}
print '<b><a href="anketa.php?id='.$news[4].'&amp;'.session_name()."=".session_id().'">'.$news[3].'</a> '.$news[1].'</b><br />';
print "<div class='msg'>".base64_decode($news[2])."</div>";

if ($autorize['ban']==1)
{
print "";
}
else
{

$d=$news[0];
$q=mysql_query("SELECT * FROM `news_com` WHERE `nid`= '$d'");
$xx=mysql_num_rows($q);
echo '<a href="news_comm.php?nid='.$news[0].'&amp;'.session_name()."=".session_id().'">Комментарии</a><b> [';
echo $xx;
echo "]</b><br/>";
print '<div class="hr"></div>';
}
if($autorize['id']<=2 && $autorize['id']>0)
{
print '<b>[<a href="?page='.$page.'&amp;adm=del&amp;newsid='.$news[0].'&amp;'.session_name().'='.session_id().'">Удалить</a>]</b><br/>';
}
}



print '<div class="str"><b>Стр:</b>';

$num_pages=ceil($posts/$num);
if($page>$num_pages || $page<1)
{
$page=1;
$start=0;
}
for($pr='', $i=1; $i<=$num_pages; $i++)
{
print $pr=(($i == 1 || $i == $num_pages || abs($i-$page) < 2) ? ($i == $page ? " <b>$i</b> " :
' <a href="'.$_SERVER['SCRIPT_NAME'].'?page='.$i.'&amp;'.session_name().'='.session_id().'">'.$i.'</a> ') : (($pr == ' ... ' || $pr == '')? '' : ' ... '));
}
print "</div>";
}
if ($autorize)
{
 echo "<img src=\"style/".$autorize['skin']."/home.png\" alt=\"*\"/>";echo "<a href=\"enter.php?".session_name()."=".session_id()."\">Панель</a><br/>\n";
}
else
{
echo "<img src=\"style/".$wap_skin."/home.png\" alt=\"*\"/>";echo "<a href=\"index.php?".session_name()."=".session_id()."\">Главная</a><br/><div class='hr'></div>";
}
print "</div>";
if ($autorize)
{
include "style/".$autorize['skin']."/foot2.php";
}
else
{
include "style/".$wap_skin."/foot2.php";
}
?>