Location: PHPKode > projects > MyPHPSchool > MyPHPSchool-0.3.1/html/newsadmin.php
<?
include("main.inc.php");
global $db, $base_url;
list($ulvl, $loggedin) = check_auth();

if($ulvl < 30)
{
	print_header("Sorry.");
	echo "Sorry You Do Not have a High Enough User Level to Edit the News.";
	print_footer();
	exit;
}

if($action == "update")
{
	$title = "MHS:News:Admin";
	print_header($title);

	$lead=str_replace("\n","<br>",$lead);
	$content=str_replace("\n","<br>",$content);

	$new_type="$main $athletics $clubs";

	$id = preg_replace("/\D*/","",$id);
	$new_lead = str_replace("'","\39",$new_lead);
	$sql = "UPDATE news SET subject = '$new_subject', lead = '$new_lead', content = '$new_content', type = '$new_type' WHERE id = '$id'";
	$result = mysql_query($sql, $db);  //Execute SQL
	$edit = $id;
	echo "'$new_subject' Was Updated.";
	print_footer();
	exit;
}

if($action == "Add")
{
	$title = "MHS:News:Admin";
	print_header($title);
	$time = time();

	$lead=str_replace("\n","<br>",$lead);
	$content=str_replace("\n","<br>",$content);

	$type="$main $athletics $clubs";

	$sql = "INSERT INTO news (id, username, subject, lead, content, time, type) VALUES ('', '$cookie_user', '$subject', '$lead', '$content', '$time', '$type')";
	$result = mysql_query($sql, $db);  //Execute SQL
	echo "Added '$subject' Successfull";
	print_footer();
	exit;
}

if(isset($delete))
{
	$title = "MHS:News:Admin";
	print_header($title);
	$sql = "DELETE FROM news WHERE id = '$delete'"; 
	$result = mysql_query($sql, $db);  //Execute SQL
	echo "Deleted '$subject' Successfull";
	print_footer();
	exit;
}

if(isset($edit))
{
	$edit = preg_replace("/\D*/","",$edit);
	$sql = "SELECT * FROM news WHERE id = '$edit'";
	$title = "MHS:News:Admin";
	print_header($title);
	$result = mysql_query($sql, $db);  //Execute SQL
	$myrow = mysql_fetch_array($result);
	$user = $myrow["username"];
	$id = $myrow["id"];
	$subject = $myrow["subject"];
	$lead = $myrow["lead"];
	$time = $myrow["time"];
	$content = $myrow["content"];
	$date = date("H:i m/d/y",$time);

echo <<<EndOfEcho
<font size=4> Editing $subject</font><br><a href=newsadmin.php>Back</a>
<form method=post>
<P><table width=400>
<tr><td width=150>Subject </td><td><input type=text name=new_subject value='$subject'></td></tr>
<tr><td width=150>Lead: </td><td><textarea wrap=virtual rows=5 cols=50 name=new_lead>$lead</textarea></td></tr>
<tr><td width=150>Content: </td><td><textarea wrap=virtual rows=5 cols=50 name=new_content>$content</textarea></td></tr>
<tr><td width=150>Main: </td><td><input type=checkbox name=main value=main></td></tr>
<tr><td width=150>Athletics: </td><td><input type=checkbox name=athletics value=athletics></td></tr>
<tr><td width=150>Activites: </td><td><input type=checkbox name=clubs value=clubs></td></tr>
<tr><td></td>
<td><input type=hidden name=action value=update><input type=hidden name=id value=$id><input type=submit value=Update></td></tr></table>
</table>
EndOfEcho;

print_footer();
} else {
$title = "MHS:News:Admin";
print_header($title);
	echo "<font size=4>News Admin Page</font><p>";
	$sql = "SELECT * FROM news ORDER BY time DESC";
	$result = mysql_query($sql, $db);  //Execute SQL
	while($myrow = mysql_fetch_array($result)){
	$user = $myrow["username"];
	$id = $myrow["id"];
	$subject = $myrow["subject"];
	$lead = $myrow["lead"];
	$time = $myrow["time"];
	$content = $myrow["content"];
$date = date("H:i m/d/y",$time);
echo <<<EndOfEcho
<br>
<a href="$base_url/newsadmin.php?edit=$id">EDIT</a>
<a href="$base_url/newsadmin.php?delete=$id">DELETE</a>
$subject - $date by $user<br>

EndOfEcho;
}

echo "<p>$echo<p>Add New News Item:<br>";
echo <<<EndOfEcho
<form method=post>
<P><table width=400>
<tr><td width=150>Subject </td><td><input type=text name=subject></td></tr>
<tr><td width=150>Lead: </td><td><textarea wrap=virtual rows=5 cols=50 name=lead></textarea></td></tr>
<tr><td width=150>Content: </td><td><textarea wrap=virtual rows=5 cols=50 name=content></textarea></td></tr>
<tr><td width=150>Main: </td><td><input type=checkbox name=main value=main></td></tr>
<tr><td width=150>Athletics: </td><td><input type=checkbox name=athletics value=athletics></td></tr>
<tr><td width=150>Activities: </td><td><input type=checkbox name=clubs value=clubs></td></tr>
<tr><td></td>
<td><input type=submit name=action value=Add></td></tr></table>
EndOfEcho;

print_footer();
}
?>
Return current item: MyPHPSchool