<?php
///////////////////////////////////////////////////////////////////////////////////
// //
// BlueBoy Whats New Admin //
// //
// by Mike Norton //
// http://www.blueboymultimedia.com //
// //
//-------------------------------------------------------------------------------//
// //
// First we check to see if this is the actualle add to database routeen. //
// If it is not it will display the input form. Feel free to rearange the form //
// as you wish. //
// //
// Once you input entries in the add form it submits the data to itself with the //
// flag $action="add" set, which causes the database insert to happen. //
// //
//-------------------------------------------------------------------------------//
// //
// Future features: //
// 1. Filter illegal characters so they add to database without errors. //
// 2. Add a edit and delete option. //
// 3. Possibly add non directory security. //
// 4. What ever else needs to be added. I figure this out as I go. //
// //
///////////////////////////////////////////////////////////////////////////////////
/////////////////////////////////////////////////
//
// Are we posting data from the form?
//
if ($action== "add"){
/////////////////////////////////////////////////
//
// If we are then insert the data into the database
// Get database info from config.inc ///
require ("../bb_news_config.inc");
// protect sql syntax
$author = addslashes($author);
$news = addslashes($news);
$link = addslashes($link);
$subject = addslashes($subject);
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die ("Problem connecting to DataBase");
$query = "insert into news values ('$id','$subject','$news',now(),'$author','$link')";
$result = mysql_db_query($bb_news_db, $query);
print "query result: \n <pre>$result</pre>\n";
if($result != "1")
{
$error = mysql_errno().": ".mysql_error();
print "There was an error inserting the data: <pre>$error</pre>\n";
print "use your back button and try again.\n";
}
else
{
echo "Data inserted. new table:<br>";
?><a href="bb_news_admin.php3">Press here to go back to the input page</a>"<?
}
}
else if($action == "del")
{
if($id == "")
{
?>
<h1>error</h1>
Invlid ID
<?
exit;
}
require ("../bb_news_config.inc");
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die("Unable to connect to SQL server"); // We do this to handle the errors
$query = "delete from news where id = '$id'";
$news = mysql_db_query($bb_news_db, $query) or die("Delete Failed!");
print "news item $id deleted\n";
}
else if($action == "view")
{
if($id == "")
{
?>
<h1>error</h1>
Invlid ID
<?
exit;
}
require ("../bb_news_config.inc");
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die("Unable to connect to SQL server"); // We do this to handle the errors
$query = "select id, subject, news, date_format(date, '%Y/%m/%d') as date, author, link from news
where id = '$id'";
$news = mysql_db_query($bb_news_db, $query) or die("Select Failed!");
$row = mysql_fetch_array($news);
?>
<font face="Arial, Helvetica, sans-serif" size="2">
<font color="<? echo $bb_news_date_fn; ?> "><? echo $row['date']; ?></font> by <font color="<? echo $bb_news_author_fn; ?>"><? echo $row['author']; ?></font><br>
<b><font color="<? echo $bb_news_subject_fn; ?>"><? echo $row['subject']; ?></font></b><br>
<font color="<? echo $bb_news_text_fn; ?>">
<? echo $row['news']; ?><br></font>
<a href="<? echo $row['link']; ?>"><? echo $row['link']; ?></a></font>
</font><font face="Arial, Helvetica, sans-serif" size="2">
<hr>
<?
}
else if($action == "viewedit")
{
require ("../bb_news_config.inc");
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die("Unable to connect to SQL server"); // We do this to handle the errors
$query = "select id, subject, news, date_format(date, '%Y/%m/%d') as date, author, link from news
where id = '$id'";
$news = mysql_db_query($bb_news_db, $query) or die("Select Failed!");
$row = mysql_fetch_array($news);
$subject = htmlentities($row['subject']);
$news = htmlentities($row['news']);
$author = htmlentities($row['author']);
$link = htmlentities($row['link']);
?>
<font face="Arial, Helvetica, sans-serif" size="4"><b><font color="#0066FF">
News Edit Form</font></b></font></p>
<form method="post" name="form1" action="bb_news_admin.php3">
<INPUT NAME="id" TYPE=Hidden Value="<? echo $id ?>" Size="">
<INPUT NAME="date" TYPE=Hidden Value=" " Size="">
<INPUT NAME="action" TYPE=Hidden Value="edit" Size="">
<font face="Arial, Helvetica, sans-serif">Subject:
<input type="text" name="subject" value="<? echo $subject ?>">
by:
<input type="text" name="author" value="<? echo $author ?>"><br>
News:<br>
<textarea name="news" rows=30 cols=85><? echo $news ?></textarea><br>
Link
<input type="text" name="link" size="30" value="<? echo $link ?>"></font><br>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form><P>
<?
}
else if($action == "edit")
{
require ("../bb_news_config.inc");
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die ("Problem connecting to DataBase");
// protect sql syntax
$subject = addslashes($subject);
$news = addslashes($news);
$author = addslashes($author);
$link = addslashes($link);
$query = "update news set subject = '$subject', news = '$news', author = '$author',
link = '$link' where id = '$id'";
$result = mysql_db_query($bb_news_db, $query);
print "query result: \n <pre>$result</pre>\n";
echo "Data updated. new table:<br>";
?><a href="bb_news_admin.php3">Press here to go back to the input page</a>"<?
}
//////////////////////////////////////////////////
//
// If not add then display the input form.
//
else
{
echo '
<font face="Arial, Helvetica, sans-serif" size="4"><b><font color="#0066FF">
News Entry Form</font></b></font>
<form method="post" name="form1" action="bb_news_admin.php3">
<INPUT NAME="id" TYPE=Hidden Value="0000" Size="">
<INPUT NAME="date" TYPE=Hidden Value=" " Size="">
<INPUT NAME="action" TYPE=Hidden Value="add" Size="">
<font face="Arial, Helvetica, sans-serif">Subject:
<input type="text" name="subject">
by:
<input type="text" name="author"><br>
News:<br>
<textarea name="news" rows=5 cols=75></textarea><br>
Link
<input type="text" name="link" size="30" ></font><br>
<input type="submit" name="Submit" value="Submit">
<input type="reset" name="Submit2" value="Reset">
</form><P>
';
// calculate the page offset
if($page_number == "") { $page_number = 0; }
$page_offset = $page_number * $max_hits;
$prev_page_number = $page_number - 1;
$next_page_number = $page_number + 1;
require ("../bb_news_config.inc");
mysql_connect($bb_news_hostname,$bb_news_mysqluser,$bb_news_mysqlpassword)
or die("Unable to connect to SQL server"); // We do this to handle the errors
$query = "select id, subject, news, date_format(date, '%Y/%m/%d') as date, author, link from news
order by id desc limit $page_offset,$max_hits";
$news = mysql_db_query($bb_news_db, $query) or die("Select Failed!");
$human_pnum = $page_number + 1;
print "Page $human_pnum of News<br>\n";
echo "<hr>\n";
while ($row = mysql_fetch_array($news)) {
?>
<font face="Arial, Helvetica, sans-serif" size="2">
<font color="<? echo $bb_news_date_fn; ?> ">
<? echo $row['date']; ?></font> by <font color="<? echo $bb_news_author_fn; ?>">
<? echo $row['author']; ?></font><br>
<b><font color="<? echo $bb_news_subject_fn; ?>"><? echo $row['subject']; ?></font></b><br>
<a href=bb_news_admin.php3?action=view&id=<? echo $row['id'] ?>>view</a>
<a href=bb_news_admin.php3?action=viewedit&id=<? echo $row['id'] ?>>edit</a>
<a href=bb_news_admin.php3?action=del&id=<? echo $row['id'] ?>>delete</a></font>
<font face="Arial, Helvetica, sans-serif" size="2">
<hr>
<?
}
print "<font size=+1>\n";
$qs = ereg_replace('\&page_number=[^&]*', '', $QUERY_STRING);
if($prev_page_number > -1)
{
print "<a href=\"$SCRIPT_NAME?$qs&page_number=$prev_page_number\">prev</a> \n";
}
else
{
print "prev\n";
}
if(mysql_num_rows($news) == $max_hits)
{
print "<a href=\"$SCRIPT_NAME?$qs&page_number=$next_page_number\">next</a> \n";
}
else
{
print "next\n";
}
print "</font>\n";
?>
<p>
view the real <a href=../>news</a> page
</p>
<?
}
?>