<?php
// ----------------------------------------------------------------------
// MyNews
// Copyright (C) 2004 by Frank Mancuso Aka crash4o4
// https://sourceforge.net/projects/mynews/
// http://frankmancuso.ca
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: Frank Mancuso aka crash4o4
// Purpose of file:
// ----------------------------------------------------------------------
// MyNews Class
class MyNews{
function Create()
{?>
<h1>Submit News</h1>
<form action="admin.php?Action=Submit" method="POST">
<table width="600" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="250"><b>News Title</b></td>
<td width="350"><input name="News_Title" type="text" size="50"></td>
</tr>
<tr>
<td width="250"><b>News Body</b>
<br />[b]Bold[/b]<br />[i]Italics[/i]<br />[img]image.gif[/img] <br />
[code]code[/code]<br />[quote]quote[/quote]
<br /><a href="docs/bbcode.html" target="new">More BBCode</a>
</td>
<td width="350"><textarea name="News_Body" cols="50" rows="10"></textarea></td>
</tr>
<tr>
<td width="250"><b>News Body Extend</b>
<br />[b]Bold[/b]<br />[i]Italics[/i]<br />[img]image.gif[/img] <br />
[code]code[/code]<br />[quote]quote[/quote]
<br /><a href="docs/bbcode.html" target="new">More BBCode</a>
</td>
<td width="250"><textarea name="News_Body_Extend" cols="50" rows="10"></textarea></td>
</tr>
<tr>
<td width="250"> </td>
<td width="350"><input type="submit" name="Submit" value="Submit News"></td>
</tr>
</table>
</form>
<?php
} // end of function Create
function Submit($username,$News_Title,$News_Body,$News_Body_Extend)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$Post_Date = date("Y-m-d G:i:s");
$sql = "INSERT INTO mynews_news SET News_Title='$News_Title',News_Body='$News_Body',
News_Body_Extend='$News_Body_Extend',Post_Date='$Post_Date',Posted_By='$username' ";
$db2->query($sql);
echo "<h2>News Submited</h2>";
} // end of function Submit
function List_News()
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "SELECT * FROM mynews_news ";
$get = $db2->query($sql);
?>
<p> </p>
<table width="700" border="0" cellspacing="0" cellpadding="3" align="center">
<tr>
<td width="200"><b>News Title</b></td>
<td width="180"><b>Date Posted</b></td>
<td width="120"><b>Posted By</b></td>
<td width="100"><b>Active</b></td>
<td width="100"><b>Action</b></td>
</tr>
<?php
while ($row = mysql_fetch_array($get))
{
echo "<tr>"
."<td>$row[News_Title]</td>"
."<td>$row[Post_Date]</td>"
."<td>$row[Posted_By]</td>"
."<td>$row[Active]</td>"
."<td>[<a href=\"admin.php?Action=Edit&news_id=$row[news_id] \">E</a>] [<a href=\"admin.php?Action=Delete&news_id=$row[news_id]\">D</a>]</td>"
."</tr>";
} // end of while loop
echo "</table>";
} // end of function List_News
function Edit($news_id)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "SELECT * FROM mynews_news WHERE news_id='$news_id' ";
$get = $db2->query($sql);
while ($row = mysql_fetch_array($get))
{
?>
<form action="admin.php?Action=Update" method="post">
<input type="hidden" name="news_id" value="<?php echo $news_id; ?>">
<table width="600" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="250">News Title</td>
<td width="350"><input name="News_Title" type="text" size="50" value="<?php echo $row['News_Title']; ?>"></td>
</tr>
<tr>
<td width="250">
<b>News Body</b>
<br />[b]Bold[/b]<br />[i]Italics[/i]<br />[img]image.gif[/img] <br />
[code]code[/code]<br />[quote]quote[/quote]
<br /><a href="docs/bbcode.html" target="new">More BBCode</a>
</td>
<td width="350"><textarea name="News_Body" cols="50" rows="10"><?php echo $row['News_Body']; ?></textarea></td>
</tr>
<tr>
<td width="250">
<b>News Body Extend</b>
<br />[b]Bold[/b]<br />[i]Italics[/i]<br />[img]image.gif[/img] <br />
[code]code[/code]<br />[quote]quote[/quote]
<br /><a href="docs/bbcode.html" target="new">More BBCode</a>
</td>
<td width="350"><textarea name="News_Body_Extend" cols="50" rows="10"><?php echo $row['News_Body_Extend']; ?></textarea></td>
</tr>
<tr>
<td width="250">Status</td>
<td width="350">
<?php
if ($row['Active'] == 0 )
{?>
Active <input type="radio" name="Active" value="1"> Not Active <input type="radio" name="Active" checked value="0">
<?php
}
if ($row['Active'] == 1 )
{
?>
Active <input type="radio" name="Active" checked value="1"> Not Active <input type="radio" name="Active" value="0">
<?php
}
?>
</td>
</tr>
<tr>
<td width="250"> </td>
<td width="350">
<input type="submit" name="Submit" value="Update News">
</td>
</tr>
</table>
</form>
<?php
}
} // end of function Edit
function Update($news_id,$News_Title,$News_Body,$News_Body_Extend,$Active)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "UPDATE mynews_news SET News_Title='$News_Title',News_Body='$News_Body',
News_Body_Extend='$News_Body_Extend',Active='$Active'
WHERE news_id='$news_id' ";
$db2->query($sql);
echo "<h1>News Updated</h1>";
} // end of function Update
function Delete($news_id)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "DELETE FROM mynews_news WHERE news_id='$news_id' ";
$db2->query($sql);
echo "<h1>News Deleted.</h1>";
} // end of function Delete
function add_user()
{?>
<form action="admin.php?Action=create_user" method="post">
<table width="500" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="150">username</td>
<td width="350"><input name="user" type="text"></td>
</tr>
<tr>
<td width="150">password</td>
<td width="350"><input name="pass" type="text"></td>
</tr>
<tr>
<td>email</td>
<td><input name="email" type="text"></td>
</tr>
<tr>
<td>group</td>
<td>
<select name="group">
<option value="Writter">Writter</option>
<option value="Mod">Moderator</option>
<option value="Admin">Admin</option>
</select>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Add User"></td>
</tr>
</table>
</form>
<?php
} // end of function add_user
function create_user($user,$pass,$email,$group)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
// md5 user password.
$passwd = md5($pass);
$sql = "INSERT INTO users SET username='$user',password='$passwd',email='$email',group_id='$group'";
$db2->query($sql);
echo "<h1>User $user Added</h1>";
} // end of function create_user
function view_users()
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "SELECT * FROM users";
$get = $db2->query($sql);
?>
<table width="500" border="0" cellspacing="0" cellpadding="3" align="center">
<tr>
<td><b>User</b></td>
<td><b>Email</b></td>
<td><b>Group</b></td>
<td><b>Action</b></td>
</tr>
<?php
while ($row = mysql_fetch_array($get) )
{
echo "<tr>"
."<td>$row[username]</td>"
."<td>$row[email]</td>"
."<td>$row[group_id]</td>"
."<td><a href=\"admin.php?Action=edit_user&user_id=$row[user_id]\">[E]</a> <a href=\"admin.php?Action=delete_user&uid=$row[user_id]\">[D]</a></td>"
."</tr>";
}
echo "</table>";
} // end of function view_users
function edit_user($user_id)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "SELECT * FROM users WHERE user_id='$user_id' ";
$get = $db2->query($sql);
while($row = mysql_fetch_array($get) )
{?>
<p><b>Updated Account Information<b></p>
<form action="admin.php?Action=update_user" method="post">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<table width="500" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="150">username</td>
<td width="350"><input name="user" type="text" value="<?php echo "$row[username]"; ?>"></td>
</tr>
<tr>
<td>email</td>
<td><input name="email" type="text" value="<?php echo "$row[email]"; ?>"></td>
</tr>
<tr>
<td>group</td>
<td>
<?php
$group_id = $row['group_id'];
if ($group_id == "Admin")
{?>
<select name="group">
<option value="Writter">Writter</option>
<option value="Mod">Moderator</option>
<option value="Admin" selected>Admin</option>
</select>
<?php
}
if ($group_id == "Writter")
{?>
<select name="group">
<option value="Writter" selected>Writter</option>
<option value="Mod">Moderator</option>
<option value="Admin">Admin</option>
</select>
<?php
}
if ($group_id == "Mod")
{?>
<select name="group">
<option value="Writter">Writter</option>
<option value="Mod" selected>Moderator</option>
<option value="Admin">Admin</option>
</select>
<?php
}
?>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Update User"></td>
</tr>
</table>
</form>
<p> </p>
<p><b>Change Password</b></p>
<form action="admin.php?Action=update_pass" method="post">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<table width="500" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="150">Password</td>
<td width="350"><input type="password" name="pass1"></td>
</tr>
<tr>
<td width="150">Re-Enter<br />Password</td>
<td width="350"><input type="password" name="pass2"></td>
</tr>
<tr>
<td width="150"> </td>
<td width="350"><input type="submit" value="Updated Password"></td>
</tr>
</table>
</form>
<?php }
} // end edit_user
function update_user($user_id,$user,$email,$group_id)
{
include("config.php");
$db3 = new db;
$db3->info['sql_host'] = $conf['sql_host'];
$db3->info['sql_user'] = $conf['sql_user'];
$db3->info['sql_pass'] = $conf['sql_pass'];
$db3->info['sql_db'] = $conf['sql_db'];
$db3->connect();
$sql = "UPDATE users SET username='$user',email='$email',group_id='$group_id' WHERE user_id='$user_id' ";
$db3->query($sql);
echo "<h3>$username has been updated.</h3>";
} // end of function update_user
function delete_user($uid)
{
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "DELETE FROM users WHERE user_id='$uid' ";
$db2->query($sql);
echo "<h3>User deleted</h3>";
} // end of function delete_user
function update_pass($user_id,$pass1,$pass2)
{
if ($pass1 == $pass2)
{
$passwd = md5($pass1);
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "UPDATE users SET password='$passwd' WHERE user_id='$user_id' ";
$db2->query($sql);
echo "<h3>Password Updated</h3>";
}
if ($pass1 != $pass2)
{
echo "Password did not match";
}
} // end of function update_pass
function myaccount()
{?>
<h3>My Account</h3>
<form action="admin.php?Action=update_mypass" method="post">
<input type="hidden" name="user_id" value="<?php echo $user_id; ?>">
<table width="500" border="0" cellspacing="0" cellpadding="3">
<tr>
<td width="150">Password</td>
<td width="350"><input type="password" name="pass1"></td>
</tr>
<tr>
<td width="150">Re-Enter<br />Password</td>
<td width="350"><input type="password" name="pass2"></td>
</tr>
<tr>
<td width="150"> </td>
<td width="350"><input type="submit" value="Updated Password"></td>
</tr>
</table>
</form>
<?php
} // end of function myaccount
function update_mypass($username,$pass1,$pass2)
{
if ($pass1 == $pass2 )
{
$passwd = md5($pass1);
include("config.php");
$db2 = new db;
$db2->info['sql_host'] = $conf['sql_host'];
$db2->info['sql_user'] = $conf['sql_user'];
$db2->info['sql_pass'] = $conf['sql_pass'];
$db2->info['sql_db'] = $conf['sql_db'];
$db2->connect();
$sql = "UPDATE users SET password='$passwd' WHERE username='$username' ";
$db2->query($sql);
echo "<META HTTP-EQUIV=\"Refresh\" CONTENT=\"2;URL=logout.php\">";
echo "<h3>Password Updated</h3>";
echo "You will now be logged out so you can enter in your new password";
}
if ($pass1 != $pass2)
{
echo "Password did not match";
}
} // end of function update_pass
} // end of mynews class
?>