Location: PHPKode > projects > PHP Enter > editnews.php
<?php
/* * ********************************************************************
*  Copyright notice PHP Enter 4.1.6.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpenter[dot]net
*  All rights reserved
*
*  This script is part of the PHP Enter project. 
*  The PHP Enter project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
* ********************************************************************** */
include('admin/admheader.php');
?>
<div id="aforms">
<div id="cconfig">Edit News</div>
<?php
$id = $_GET['id'];
if(isset($_POST['submit'])) {
	$univer = $_POST['univer'];
	$btextyx = $_POST['btextyx'];
	$briefyx = $_POST['briefyx'];
	$bamessy = $_POST['bamessy'];
	$gruppe = $_POST['gruppe'];
	@$option = $_POST['option'];
	$current_image = $_FILES['image']['name'];
	$extension = substr(strrchr($current_image,'.'),1);
	$time = date("Yhis");
	if(get_magic_quotes_gpc()) {
		$univer = stripslashes($univer);
		$btextyx = stripslashes($btextyx);
		$briefyx = stripslashes($briefyx);
		$bamessy = stripslashes($bamessy);
		$gruppe = stripslashes($gruppe);
		$option = stripslashes($option);
	}
        $bamessy = htmlspecialchars($bamessy);
	$extension = substr(strrchr($current_image,'.'),1);
	$current_image = $_FILES['image']['name'];
	if($_FILES['image']['name'] == "") {
		$new_image = "";
	} else {
		if(($extension !== "jpg" && $extension !== "jpeg")) {
			die('Please Upload Valid .jpg or .jpeg File');
		}
		$blacklist = array(".msi",".exe",".php",".phtml",".php3",".php4",".js",".shtml",".pl",".py",".tpl");
		foreach($blacklist as $file) {
			if(preg_match("/$file\$/i",$_FILES['image']['name'])) {
				echo "ERROR: Uploading executable files Not Allowed\n";
				exit;
			}
		}
		$time = date("Yhis");
		$new_image = $time.".".$extension;
		$destination = "uploads/".$new_image;
		$action = copy($_FILES['image']['tmp_name'],$destination);
		/**
		 * ccthumb()
		 * 
		 * @param mixed $imgSrc
		 * @param mixed $filename
		 * @param mixed $thumbnail_width
		 * @param mixed $thumbnail_height
		 * @return
		 */
		function ccthumb($imgSrc,$filename,$thumbnail_width,$thumbnail_height) {
			list($width_orig,$height_orig) = getimagesize($imgSrc);
			if($width_orig > 1280 || $height_orig > 1280) {
				echo "<br>Maximum width and height exceeded. Please upload images below  1280 x 1280 px size";
				//exit();
			}
			$tag = explode('.',$imgSrc);
			if(preg_match('/jpg|jpeg/',$tag[1])) {
				if(@$cimage = imagecreatefromjpeg($imgSrc) == true) {
					$cimage = imagecreatefromjpeg($imgSrc);
				} else {
					die("wrong file");
				}
			}
			$ratio_orig = $width_orig / $height_orig;
			if($thumbnail_width / $thumbnail_height > $ratio_orig) {
				$new_height = $thumbnail_width / $ratio_orig;
				$new_width = $thumbnail_width;
			} else {
				$new_width = $thumbnail_height * $ratio_orig;
				$new_height = $thumbnail_height;
			}
			$x_mid = $new_width / 2;
			$y_mid = $new_height / 2;
			$process = imagecreatetruecolor(round($new_width),round($new_height));
			imagecopyresampled($process,$cimage,0,0,0,0,$new_width,$new_height,$width_orig,$height_orig);
			$thumb = imagecreatetruecolor($thumbnail_width,$thumbnail_height);
			imagecopyresampled($thumb,$process,0,0,($x_mid - ($thumbnail_width / 2)),0,$thumbnail_width,$thumbnail_height,
				$thumbnail_width,$thumbnail_height);
			imagejpeg($thumb,$filename,100);
			return $thumb;
		}
		ccthumb($destination,'maxthumb/'.$new_image,300,250);
		ccthumb($destination,'minthumb/'.$new_image,144,82);
	}
	if($option == 1) {
                $sql = $conn->Prepare('UPDATE newser SET idblog = ?, btexty = ?, brief = ?, images = ?, bamess = ? WHERE  `blogid` = ?');
                if($conn->Execute($sql,array($gruppe,$btextyx,$briefyx,$new_image,$bamessy,$id)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
                $bamessy = htmlspecialchars_decode($bamessy);
                $bamessy = strip_tags($bamessy);
                $sql2 = $conn->Prepare('UPDATE onewse SET  otexty = ?, omages = ?, oamess = ? WHERE  `oniver` = ?');
                if($conn->Execute($sql2,array($btextyx,$new_image,$bamessy,$univer)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}

	} else {
                $sql3 = $conn->Prepare('UPDATE newser SET idblog = ?, btexty = ?, brief = ?, bamess = ? WHERE  `blogid` = ?');
                if($conn->Execute($sql3,array($gruppe,$btextyx,$briefyx,$bamessy,$id)) === false) {
	        print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
                $bamessy = htmlspecialchars_decode($bamessy);
                $bamessy = strip_tags($bamessy);
                $sql4 = $conn->Prepare('UPDATE onewse SET  otexty = ?, oamess = ? WHERE  `oniver` = ?');
                if($conn->Execute($sql4,array($btextyx,$bamessy,$univer)) === false) {
		print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
	}
}
        $conn->Close();
	echo "Successfully!<br />";
    ?>
- <a href="admin/menage.php">Manage News</a><br />
- <a href="news.php?name=<?php echo $univer ?>"><?php echo stripslashes($btextyx) ?> [View]</a>
<?php } else {
	$id = $_GET['id'];
	$arecordSet = &$conn->Execute('SELECT * FROM newser WHERE blogid = ? LIMIT 1', array($id));
	if(!$arecordSet)
		print $conn->ErrorMsg();
	else
		while(!$arecordSet->EOF) {
			$univer = $arecordSet->fields['univer'];
			$idblog = $arecordSet->fields['idblog'];
			$images = $arecordSet->fields['images'];
			if($arecordSet->fields['editor'] == 1) { ?>
<script type="text/javascript" src="scripts/tiny_mce/tiny_mce.js" ></script >
<script type="text/javascript">
tinyMCE.init({
// General options
mode : "textareas",
height : '400',
theme : "advanced",
plugins : "autolink,style,advimage,advlink,insertdatetime,preview,media,contextmenu,paste,directionality,fullscreen,visualchars,xhtmlxtras,template",
// Theme options
theme_advanced_buttons1 : "newdocument,|,bold,italic,underline,strikethrough,|,justifyleft,justifycenter,justifyright,justifyfull,|,styleselect,formatselect,fontselect,fontsizeselect",
theme_advanced_buttons2 : "cut,copy,paste,pastetext,pasteword,|,outdent,indent,blockquote,|,undo,redo,|,link,unlink,anchor,image,cleanup,help,code,|,insertdate,inserttime,preview,|,forecolor,backcolor",
theme_advanced_buttons3 : "styleprops,|,cite,abbr,acronym,del,ins,attribs,|,visualchars,nonbreaking,template,blockquote,|,insertfile,insertimage,|,removeformat,visualaid,|,sub,sup,|,charmap,media,|,ltr,rtl,|,fullscreen",
theme_advanced_toolbar_location : "top",
theme_advanced_toolbar_align : "left",
theme_advanced_statusbar_location : "bottom",
theme_advanced_resizing : true,
// Skin options
skin : "o2k7",
skin_variant : "silver",
// Example content CSS (should be your site CSS)
content_css : "css/example.css",
// Drop lists for link/image/media/template dialogs
template_external_list_url : "js/template_list.js",
external_link_list_url : "js/link_list.js",
external_image_list_url : "js/image_list.js",
media_external_list_url : "js/media_list.js",
// Replace values for the template plugin
template_replace_values : {
username : "Some User",
staffid : "991234"
}
});
</script>
<?php } ?>
<script>
function goto(site) {
var msg = confirm("Are you sure you want to delete this entry? This action cannot be undone!")
if (msg) {window.location.href = site}
else (null)
}
</script>
<div style="width:615px;;height:52px">
<div style="float:left">
<h3>Edit Story [Admin Mode]</h3>
</div>
<div style="float:right">
&#187;&nbsp;<a href="javascript:goto('admin/deletenews.php?id=<?php echo $id ?>&comy=<?php echo $univer ?>')">Delete</a>
</div>
</div>
<form method="post" action="editnews.php?id=<?php echo $arecordSet->fields['blogid'] ?>" enctype="multipart/form-data" method="post">
<input name="univer" value = "<?php echo $arecordSet->fields['univer']; ?>" type="hidden" />
<?php
$firstfield = $arecordSet->fields['btexty'];
$firstfield = htmlspecialchars($firstfield);
?>
Title:<br /> <input id="incc" name="btextyx" value = "<?php echo $firstfield ?>" />
<br /><br />
<?php
$secondfield = $arecordSet->fields['brief'];
?>
Summary:<br /> <input id="incc" name="briefyx" value = "<?php echo $secondfield ?>" />
<br /><br />
Description:<br /><textarea style="width:444px;background:#ffffff;" name="bamessy"><?php echo stripslashes($arecordSet->fields['bamess']); ?></textarea>
<br /><br />
Category:<br />
<?php 			$result = "SELECT * FROM categori group by cord, catid ORDER by catid, cord ASC";
			$brecordSet = &$conn->Execute($result);
			echo "<select name='gruppe' onChange='Load_id()'>";
			echo "<option value>---</option>";
			if(!$brecordSet)
				print $conn->ErrorMsg();
			else
				while(!$brecordSet->EOF) {
					if($brecordSet->fields['catid'] == $idblog) {
						echo "<option value=\"".$brecordSet->fields['catid']."\" selected> - - ".$brecordSet->fields['name'].
							" </option>";
					} else {
						echo "<option value=\"".$brecordSet->fields['catid']."\" > - - ".$brecordSet->fields['name']."</option>";
					}
					$brecordSet->MoveNext();
				}
			echo '</select>'; ?>
<br /><br />
<?php if($images == true) { ?>
<img style="padding:2px;border:1px solid #ccc;" width="144" height="82" src="<?php echo 'minthumb/'.$images; ?>">
<br />
<?php } ?>
<br />Upload New Image<br />
<input style="float:left;width:28px;" type="checkbox" name="option" value="1">
<br /><br />
New Image:(only .jpg .jpeg formats);
<br /><br />
<input type="file" name="image" />
<br /><br />
<input type="submit" class="butons" name="submit" value="Edit News" />
</form>
<?php
$arecordSet->MoveNext();
		}
$arecordSet->Close();
$brecordSet->Close();
$conn->Close();
}
?>
</div>
<?php
include ('admin/admfooter.php');
######################################
##editnews.php                4.1.4.##
######################################
?>
Return current item: PHP Enter