<?
/*###############################################################*\
## iBWd News 1.1b ##
## http://bramstart.be/ibwds ##
## ##
*/###############################################################*\
require("config.php");
$query = "SELECT * FROM $table_users";
$result = mysql_query($query);
list($col1) = mysql_fetch_row($result);
if($col1==""){
header("location: admin.php");
exit;
}
unset($query);
unset($result);
include("access.php");
$q = "SELECT addpost, modpost, delpost FROM $table_users where name = '$username'";
$q2 = mysql_query($q);
list($add,$mod,$del) = mysql_fetch_row($q2);
if($add == "Y"){ $addp = "<font color=\"#009933\">YES</font>"; } else{ $addp = "<font color=\"#FF0000\">NO</font>"; }
if($mod == "Y"){ $modp = "<font color=\"#009933\">YES</font>"; } else{ $modp = "<font color=\"#FF0000\">NO</font>"; }
if($del == "Y"){ $delp = "<font color=\"#009933\">YES</font>"; } else{ $delp = "<font color=\"#FF0000\">NO</font>"; }
?>
<html>
<head>
<style>
<?=$style;?>
.7{font-size:7pt; background-color: #FFFFFF; }
</style>
</head>
<body>
<center>
<table border="0" style="font-size: 7 pt; position: absolute; left: 9; top: 9" class="table_border" cellspacing="1" cellpadding="2" width="117" height="82">
<tr>
<td class="7" width="100%" colspan="2" nowrap>Permissions for: <b><?=$username?></b></td>
</tr>
<tr>
<td class="7">Add posts</td>
<td class="7" align="center"><?=$addp?></td>
</tr>
<tr>
<td class="7">Modify posts</td>
<td class="7" align="center"><?=$modp?></td>
</tr>
<tr>
<td class="7">Delete posts</td>
<td class="7" align="center"><?=$delp?></td>
</tr>
<? if($status == "ADMIN"){ ?>
<tr>
<td class="7" colspan="2" nowrap>[you are the administrator]</td>
</tr>
<? } ?>
</table>
<?
$b = "<br><br><a href=\"panel.php\">Back</a>";
//DEFAULT PANEL VIEW
if(!isset($action)){
$query = mysql_query("Select * from $table order by date",$db);
$p = "<table align=\"center\" border=\"0\" cellspacing=\"1\" cellpadding=\"6\" class=\"table_border\">\n";
$p .= "<tr class=\"header_cell\">";
$p .= "<td>Date</td><td>Title</td><td>poster</td><td>modify</td><td>delete</td></tr>\n";
echo $p;
while(list($id,$title,$date,$poster,$mail,$news) = mysql_fetch_row($query)){
$d = explode("-",$date);
$thedate = "$d[2]/$d[1]/$d[0] - $d[3]:$d[4]";
$print = "\n<tr class=\"cells\">\n";
$print .= "<td><li>$thedate</td><td><b>$title</b></td>\n";
$print .= "<td>$poster</td>";
$print .= "<td align=\"center\"><a href=\"panel.php?action=modify&PID=$id\">";
$print .= "<img alt=\"Modify\" border=\"0\" src=\"modify.gif\"></a></td>\n";
$print .= "<td align=\"center\"><a href=\"panel.php?action=remove&PID=$id\">";
$print .= "<img alt=\"Delete\" border=\"0\" src=\"delete.gif\"></a></td>\n";
$print .= "</tr>\n";
echo $print;
}
echo"</table>";
}
// END DEFAULT PANEL VIEW
// DELETE NEWS
// check permissions
if($dedall == "1"){
$query = mysql_query("SELECT * FROM $table WHERE ID='$PID' order by date");
list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query);
$query2 = mysql_query("SELECT * FROM $table_users WHERE name = '$uid'");
list($ID, $password, $name, $addpost, $modpost, $delpost, $status) = mysql_fetch_row($query2);
if($poster == $name){ $ok = 1; } else{ $nomsg = "<br>You can only delete your own posts!"; }
}
if($dedall == "0" || $status == "ADMIN"){ $ok = 1; }
// end check permissions
if($action == "remove"){
if($del == "Y" AND $ok =="1"){
echo"<center>Are you sure you want to delete post " . $PID . " ?<br><a href=\"?action=delete&PID=$PID\">YES</a> | <a href=\"panel.php\">NO</a></center>";
}
else echo "" . $denied . "" . $nomsg . "" . $b . "";
}
if($action == "delete"){
if($del == "Y" AND $ok == "1"){
$query = "Delete from $table Where ID=$PID";
mysql_query($query,$db);
echo"<center>Post with ID " . $PID . " has been deleted!$b</center>";
}
else echo "" . $denied . "" . $nomsg . "" . $b . "";
}
unset($ok);
// END DELETE NEWS
// MODIFY NEWS
if($modall == "1"){
$query = mysql_query("SELECT * FROM $table WHERE ID='$PID' order by date");
list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query);
$query2 = mysql_query("SELECT * FROM $table_users WHERE name = '$uid'");
list($ID, $password, $name, $addpost, $modpost, $delpost, $status) = mysql_fetch_row($query2);
if($poster == $name){ $ok = 1; } else{ $nomsg = "<br>You can only modify your own posts!"; }
}
if($modall == "0" || $status == "ADMIN"){ $ok = 1; }
if($action == "modify"){
if($mod == "Y" AND $ok == "1"){
if(!isset($modthis)){
$query = mysql_query("Select * from $table where ID=$PID order by date");
while(list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query)){
?>
<form method="POST" action="<? echo"$PHP_SELF?action=modify&PID=$PID";?>">
<input type="hidden" name="modthis" value="1">
<div align="center">
<center>
<table border="0" cellspacing="1" cellpadding="3" class="table_border">
<tr>
<td colspan="2" class="header_cell">
<p align="center">News admin panel</p>
</td>
</tr>
<tr>
<td align="right" class="cells">Name poster:</td>
<td class="cells"><?=$poster;?></td>
</tr>
<tr>
<td align="right" class="cells">E-mail:</td>
<td class="cells"><?=$email;?></td>
</tr>
<tr>
<td align="right" class="cells">Title:</td>
<td class="cells"><input class="box" type="text" name="title1" size="30" value="<?=$title;?>"></td>
</tr>
<tr>
<td align="right" valign="top" class="cells">News:</td>
<td class="cells"><textarea class="input" rows="10" name="news1" cols="61"><?=$news;?></textarea></td>
</tr>
</center>
<tr>
<td colspan="2" class="header_cell">
<p align="center"><input type="submit" name="submit"></td>
</tr>
</table>
</center>
</div>
</form>
<?
}
}
if($modthis == "1"){
$news1 = nl2br($news1);
$thedate = date("Y-m-d-H-i-s");
$query = "update $table set title='$title1', date='$thedate', news='$news1' where ID=$PID";
mysql_query($query,$db);
echo"<center>Post with ID $PID has been modified!$b</center>";
}
}
else echo "" . $denied . "" . $nomsg . "" . $b . "";
}
// END MODIFY NEWS
// ADD NEWS
if($action == "add"){
if($add == "Y"){
if(!isset($addsite)){ ?>
<form method="POST" action="<?=$PHP_SELF;?>?action=add">
<input type="hidden" name="addsite" value="1">
<input type="hidden" name="action" value="add">
<div align="center">
<center>
<table border="0" cellspacing="1" cellpadding="3" class="table_border">
<tr>
<td colspan="2" class="header_cell">
<p align="center">Submit news</p>
</td>
</tr>
<tr>
<td align="right" class="cells">Name poster:</td>
<td class="cells"><input disabled class="box" type="text" name="namem" size="30" value="<?=$username?>"></td>
</tr>
<tr>
<td align="right" class="cells">E-mail:</td>
<td class="cells"><input class="box" type="text" name="emailm" size="30"></td>
</tr>
<tr>
<td align="right" class="cells">Title:</td>
<td class="cells"><input class="box" type="text" name="titlem" size="30"></td>
</tr>
<tr>
<td align="right" valign="top" class="cells">Post:</td>
<td class="cells"><textarea class="input" rows="10" name="newsm" cols="61"></textarea></td>
</tr>
</center>
<tr>
<td colspan="2" class="header_cell">
<p align="center"><input type="submit" name="submit"></td>
</tr>
</table>
</center>
</div>
</form>
<? }
if($action == "add" && $addsite == "1"){
if(!ereg("^.+@.+\\..+$", $emailm) || $newsm == "" || $titlem == ""){
echo"<center>";
echo"An error occured...";
echo"<br>";
if(!ereg("^.+@.+\\..+$", $emailm)){ echo"Error with e-mailadres \"$emailm\"<br>"; }
if($titlem == ""){ echo"Please fill in a title<br>"; }
if($newsm == ""){ echo"Think it would be nice when you fill in the news field...<br>"; }
echo"<a href=\"javascript:history.back(-1);\">Back</a>";
echo"</center><br>";
}
else{
$thedate = date("Y-m-d-H-i-s");
$news = nl2br($news);
$query = "INSERT INTO $table (ID, title, date, poster, email, news) VALUES ('', '$titlem', '$thedate', '$username', '$emailm', '$newsm')";
mysql_query($query, $db);
echo"<center>News has been submitted$b</center>";
}
}
}
else echo "" . $denied . "" . $b . "";
}
// END ADD NEWS
mysql_close($db);
?>
<? // please don't modify this line ?>
<br><p align="center"><a href="http://bramstart.be/ibwds"><font size="-2" face="Verdana">powered by iBWd scripts</font></a></p></center>
</body>
</html>