Location: PHPKode > projects > Spacemarc News > spacemarc-news/admin/modifica.php
<?php

/*****************************************************************
*  Spacemarc News
*  Version: 1.2.0
*  Author and copyright (C): Marcello Vitagliano
*  Web site: http://www.spacemarc.it
*  License: GNU General Public License
*
*  This program is free software: you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation, either version 3
*  of the License, or (at your option) any later version.
*
*  Current file: modifica.php
*****************************************************************/
session_start();
define('IN_NEWS', true);
header('Content-type: text/html; charset=ISO-8859-1');

//includo i file di configurazione
require_once (dirname(__FILE__) . '/../config.php');
require_once (dirname(__FILE__) . '/functions.php');
require_once (dirname(__FILE__) . '/../lang/lang.php');
$db = mysql_connect($db_host, $db_user, $db_password) or die("Impossibile connettersi a MySQL<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
mysql_select_db($db_name, $db) or die("Impossibile selezionare il database $db_name<br />Numero errore: " . mysql_errno() . "<br />Tipo di errore: " . mysql_error());
check_login();

//calcolo il tempo di generazione della pagina (1a parte)
$mtime1 = explode(" ", microtime());
$starttime = $mtime1[1] + $mtime1[0];

//la pagina edit deve essere richiamata solo con id via get

if (isset($_GET['id']) && preg_match('/^[0-9]{1,8}$/', $_GET['id'])) {
    $idnews = intval($_GET['id']);
}
else {
    header("Location: " . $dir_admin . "/gestione_news.php");
    exit();
}
$view_art = mysql_query("SELECT nu.user_id, nt.id, nt.titolo, nt.testo, nu.nome_cognome, nt.data_pubb, nt.letture, nt.stampe, nt.immagine, nt.nosmile, INET_NTOA(nt.ip) AS ip, nu.permessi FROM $tab_news nt JOIN $tab_utenti nu ON nt.user_id = nu.user_id WHERE nt.id=$idnews");
$q_riga = mysql_fetch_assoc($view_art);

//se NON sono un amministratore e voglio modificare le news di un altro, redirigo all'elenco news

if ($q_riga['user_id'] != $_SESSION['user_id'] && $_SESSION['livello_id'] != 1) {
    header("Location: " . $dir_admin . "/elenco_news.php");
    exit();
}

//se l'ID dell'articolo selezionato non esiste in tabella

if (mysql_num_rows($view_art) == 0) {
    die("Questa notizia non esiste");
}
$titolo_value = $q_riga['titolo'];
$testo_value = $q_riga['testo'];
$autore_value = ($q_riga['user_id'] == NULL) ? $q_riga['nome_cognome'] : "<a href=\"profilo_admin.php?user_id=" . $q_riga['user_id'] . "\" title=\"Visualizza il profilo\" class=\"piccolo\" target=\"_blank\">" . $q_riga['nome_cognome'] . "</a> <img src=\"$img_path/nw.gif\" alt=\"\" title=\"\" />";
$data_pubb = strftime("%a %d %b %Y %H:%M", $q_riga['data_pubb']);
$letture = (isset($_POST['letture'])) ? intval($_POST['letture']) : $q_riga['letture'];
$stampe = (isset($_POST['stampe'])) ? intval($_POST['stampe']) : $q_riga['stampe'];
$immagine = ($q_riga['immagine'] == '') ? NULL : $q_riga['immagine'];
$nosmile_checked = ($q_riga['nosmile'] == 0) ? NULL : 'checked="checked"';
$ip = $q_riga['ip'];
$link_autore = ($_SESSION['livello_id'] == 1) ? "<b>Autore</b> $autore_value " : NULL;
$div_preview = NULL;
$img_ap_checked = ($q_riga['immagine'] == '') ? NULL : 'checked="checked"';
$img_ap_status = ($q_riga['immagine'] == '') ? 'none' : 'inline';
$img_ap = NULL;
$upload_msg = NULL;
$insert_empty = NULL;
$insert_msg_ok = NULL;
$deleteok = NULL;
$q_user = mysql_query("SELECT permessi FROM $tab_utenti WHERE user_id=" . $_SESSION['user_id']);
$q_riga_perm = mysql_fetch_assoc($q_user);

//se ho cliccato sul bottone Anteprima

if (isset($_POST['preview'])) {
    immagine_apertura();
    sostituzione();

    //per l'anteprima deve essere compilato il campo Testo, altrimenti mostro il messaggio di campo obbligatorio
    
    if (trim($testo) == '') {
        $div_preview = "<div id=\"error\">" . $lang['anteprima'] . "</div><br />";
    }
    else {
        
        if (get_magic_quotes_gpc()) {
            $testo = stripslashes($testo);
        }
        $div_preview = "
        	<div align=\"center\" class=\"text2\"><b>" . $lang['preview'] . "</b><span id=\"preview_y\" style=\"display: none;\">
		<a href=\"javascript:void(0);\" onclick=\"ShowHide()\" class=\"piccolo\">mostra</a></span> <span id=\"preview_n\" style=\"display: inline;\">
		<a href=\"javascript:void(0);\" onclick=\"ShowHide()\" class=\"piccolo\">nascondi</a></span></div>
        	<table align=\"center\" id=\"preview\" style=\"display: block; border-style: solid; border-width: 1px; border-color: #DEE3E7; width: 100%;\">
        	<tr><td bgcolor=\"#FFFFFF\" class=\"text\">$img_ap " . $testo . "</td></tr></table><br />";
    }

    //ridefinisco la variabili per visualizzarne correttamente il contenuto nel form
    
    if (get_magic_quotes_gpc()) {
        $titolo_value = stripslashes(htmlspecialchars($_POST['titolo'], ENT_QUOTES));
        $testo_value = stripslashes(htmlspecialchars($_POST['testo'], ENT_QUOTES));
    }
    else {
        $titolo_value = htmlspecialchars($_POST['titolo'], ENT_QUOTES);
        $testo_value = htmlspecialchars($_POST['testo'], ENT_QUOTES);
    }
    $insert_empty = NULL;
    $insert_msg_ok = NULL;

    //richiamo la funzione per l'upload
    
    if ($q_riga_perm['permessi'] == 'tutto' || $q_riga_perm['permessi'] == 'upload') {
        upload();
    }

    //altrimenti, se ho cliccato sul bottone Modifica, mi connetto al db e faccio le opportune query
    
}
elseif (isset($_POST['submit'])) {
    
    if (isset($_POST['cbcancella'])) {
        
        if (mysql_query("DELETE FROM $tab_news WHERE id=$idnews")) {
            $deleteok = "<div id=\"success\">" . $lang['canc_news_ok'] . " <img src=\"$img_path/attendi.gif\" title=\"Attendi\" alt=\"Attendi...\" /></div>
								<script language=\"JavaScript\" type=\"text/javascript\">
								<!--
								function doRedirect() { location.href = \"inserisci.php\"; }
								window.setTimeout(\"doRedirect()\", 2000);
								//-->
								</script><br />";
        }
        else {
            $deleteok = "<div id=\"error\">" . $lang['canc_news_error'] . "</div><br /><span class=\"text2\">" . mysql_error() . "</span><br /><br />";
        }
    }
    else {

        //richiamo la funzione per l'upload
        
        if ($q_riga_perm['permessi'] == 'tutto' || $q_riga_perm['permessi'] == 'upload') {
            upload();
        }

        //inizio controllo immagine di apertura
        immagine_apertura();
        $div_preview = NULL;
        $titolo = htmlspecialchars(trim($_POST['titolo']) , ENT_QUOTES);
        $testo = htmlspecialchars($_POST['testo'], ENT_QUOTES);
        $letture = (isset($_POST['letture'])) ? intval($_POST['letture']) : 0;
        $stampe = (isset($_POST['stampe'])) ? intval($_POST['stampe']) : 0;
        $nosmile = (isset($_POST['nosmile'])) ? 1 : 0;
        
        if (trim($titolo) == '' || trim($testo) == '') {
            $insert_empty = "<div id=\"error\">" . $lang['tit_text_obbl'] . "</div><br />";
            $insert_msg_ok = NULL;
        }
        else {
            $insert_empty = NULL;

            //se magic_quotes_gpc è disattivata (Off) uso mysql_real_escape_string()
            
            if (!get_magic_quotes_gpc()) {
                $testo = mysql_real_escape_string($testo);
                $titolo = mysql_real_escape_string($titolo);
                $immagine = mysql_real_escape_string($immagine);
            }

            //in base ai permessi dell'utente, imposto la query con i campi che può modificare o meno
            
            switch ($q_riga_perm['permessi']) {
                case "letturestampe":
                    $query = "UPDATE $tab_news SET titolo='$titolo', testo='$testo', letture=$letture, stampe=$stampe, immagine='$immagine', nosmile=$nosmile WHERE id=$idnews";
                break;
                case "nessuno":
                    $query = "UPDATE $tab_news SET titolo='$titolo', testo='$testo', immagine='$immagine', nosmile=$nosmile WHERE id=$idnews";
                break;
                case "upload":
                    $query = "UPDATE $tab_news SET titolo='$titolo', testo='$testo', immagine='$immagine', nosmile=$nosmile WHERE id=$idnews";
                break;
                case "tutto":
                    $query = "UPDATE $tab_news SET titolo='$titolo', testo='$testo', letture=$letture, stampe=$stampe, immagine='$immagine', nosmile=$nosmile WHERE id=$idnews";
                break;
            }
            
            if (mysql_query($query)) {
                $insert_msg_ok = "<div id=\"success\">" . $lang['edit_news_ok'] . " <img src=\"$img_path/attendi.gif\" title=\"Attendi\" alt=\"Attendi...\" /></div>
        								<script language=\"JavaScript\" type=\"text/javascript\">
        								<!--
        								function doRedirect() { location.href = \"modifica.php?id=$idnews\"; }
        								window.setTimeout(\"doRedirect()\", 2000);
        								//-->
        								</script><br />";
            }
            else {
                $insert_msg_ok = "<div id=\"error\">" . $lang['edit_news_error'] . "</div><br /><span class=\"text2\">" . mysql_error() . "</span><br /><br />";
            }

            //dopo la modifica del'articolo svuoto i campi Titolo, Testo, Immagine
            $titolo = NULL;
            $testo = NULL;
            $immagine = NULL;
            $img_ap_checked = NULL;
            $img_ap_status = "none";
        }
    }
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">  
  <head>    
    <title>Amministrazione news - Modifica una notizia     
    </title>    
    <link rel="stylesheet" href="../style.css" type="text/css" />		
<script language="JavaScript" src="../javascript.js" type="text/JavaScript"></script>  
  </head>  
  <body>
<?php
include ("menu.php");

//visualizzo il div per l'anteprima o il messaggio di campi vuoti o di inserimento nel db
echo $div_preview;
echo $insert_empty;
echo $insert_msg_ok;
echo $deleteok;
?>    
    <form method="post" action="modifica.php?id=<?php echo $idnews; ?>" enctype="multipart/form-data" name="input_form">      
      <table width="100%" align="center" style="border: 3px solid #DDDDDD;" cellpadding="3" cellspacing="2">	          
        <tr>                   
          <td bgcolor="#DEE3E7" width="21%" align="center" class="text"><b>Titolo</b></td>                   
          <td bgcolor="#EEEEEE" align="left" class="text2">            
            <input type="text" size="77" maxlength="150" name="titolo" tabindex="1" value="<?php echo $titolo_value; ?>" /><br />            
            <img src="<?php echo $img_path; ?>/info2.gif" alt="Info" title="Info" />              
            <?php echo "$link_autore <b>data</b> $data_pubb <b>letture</b> " . $q_riga['letture'] . " <b>stampe</b> " . $q_riga['stampe'] . " <b>IP</b> $ip <a href=\"../view.php?id=$idnews\" target=\"_blank\" title=\"Leggila sul sito\" class=\"piccolo\">leggila</a> <img src=\"$img_path/nw.gif\" alt=\"\" title=\"\" />"; ?>         </td>               
        </tr>               
        <tr>          
          <td bgcolor="#DEE3E7" align="center" class="text2">            
            <?php echo $lang['codes']; ?></td>          
          <td align="left" bgcolor="#EEEEEE">            
            <!-- formattazione testo con BBcode-->            
            <input type="button" value="b" style="width: 28px; font-size: 0.8em;" onclick="addText(' [b][/b]'); return(false);" onmouseover="helpline('b')" />            
            <input type="button" value="i" style="width: 28px; font-size: 0.8em;" onclick="addText(' [i][/i]'); return(false);" onmouseover="helpline('i')" />            
            <input type="button" value="u" style="width: 28px; font-size: 0.8em;" onclick="addText(' [u][/u]'); return(false);" onmouseover="helpline('u')" />            
            <input type="button" value="Img" style="width: 38px; font-size: 0.8em;" onclick="addText(' [img][/img]'); return(false);" onmouseover="helpline('g')" />            
            <input type="button" value="Email" style="width: 45px; font-size: 0.8em;" onclick="addText(' [email][/email]'); return(false);" onmouseover="helpline('a')" />            
            <input type="button" value="URL" style="width: 38px; font-size: 0.8em;" onclick="addText(' [url][/url]'); return(false);" onmouseover="helpline('w')" />            
            <input type="button" value="Callto" style="width: 50px; font-size: 0.8em;" onclick="addText(' [callto][/callto]'); return(false);" onmouseover="helpline('v')" />            
            <input type="button" value="Video" style="width: 46px; font-size: 0.8em;" onclick="addText(' [yt][/yt]'); return(false);" onmouseover="helpline('y')" />            
            <input type="button" value="Lista" style="width: 40px; font-size: 0.8em;" onclick="addText('[ul]\n[li]uno[/li]\n[li]due[/li]\n[/ul]'); return(false);" onmouseover="helpline('l')" />            
            <input type="button" value="Quote" style="width: 50px; font-size: 0.8em;" onclick="addText(' [quote][/quote]'); return(false);" onmouseover="helpline('q')" />            
            <input type="button" value="Codice" style="width: 53px; font-size: 0.8em;" onclick="addText(' [code][/code]'); return(false);" onmouseover="helpline('c')" />            
            <select name="size" onchange="if(this.selectedIndex!=0)this.form.testo.value+=this.options[this.selectedIndex].value;" style="width: 90px; font-size: 0.7em;" onmouseover="helpline('s')">              
              <option selected="selected">Normale               
              </option>              
              <option value="[size=8][/size]">Piccolo               
              </option>              
              <option value="[size=12][/size]">Grande               
              </option>              
              <option value="[size=16][/size]">Molto grande               
              </option>            
            </select><br />            
            <input type="text" name="helpbox" readonly="readonly" style="width:100%; background-color:#EEEEEE; border-style: none; font-size: 0.7em; font-family: verdana;" maxlength="120" />            
            <!-- fine formattazione testo con BBcode--></td>           
        </tr>             
        <tr>                 
          <td bgcolor="#DEE3E7" valign="top" align="center" class="text"><b>Testo</b><br /><br />	      			             
            <!-- inserimento smilies -->                       
            <a href="#" onclick="addText(' :cool:'); return(false);">
              <img src="<?php echo $img_path; ?>/cool.gif" border="0" alt="Cool" title="Cool" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :)'); return(false);">
              <img src="<?php echo $img_path; ?>/smile.gif" border="0" alt="Smile" title="Smile" /></a> &nbsp;                      
            <a href="#" onclick="addText(' ):'); return(false);">
              <img src="<?php echo $img_path; ?>/mad.gif" border="0" alt="Mad" title="Mad" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :p'); return(false);">
              <img src="<?php echo $img_path; ?>/tongue.gif" border="0" alt="Rido" title="Rido" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :D'); return(false);">
              <img src="<?php echo $img_path; ?>/biggrin.gif" border="0" alt="Biggrin" title="Grin" /></a> <br /><br />                     
            <a href="#" onclick="addText(' ;)'); return(false);">
              <img src="<?php echo $img_path; ?>/wink.gif" border="0" alt="Wink" title="Wink" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :o'); return(false);">
              <img src="<?php echo $img_path; ?>/ohh.gif" border="0" alt="Ohh" title="Ohh" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :zizi:'); return(false);">
              <img src="<?php echo $img_path; ?>/zizi.gif" border="0" alt="zizi" title="Zi zi" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :('); return(false);">
              <img src="<?php echo $img_path; ?>/sad.gif" border="0" alt="Sad" title="Sad" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :green:'); return(false);">
              <img src="<?php echo $img_path; ?>/mrgren.gif" border="0" alt="Mr.Gren" title="Mr.Gren" /></a> <br /><br />                     
            <a href="#" onclick="addText(' :dotto:'); return(false);">
              <img src="<?php echo $img_path; ?>/dotto.gif" border="0" alt="dotto" title="Dotto" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :cry:'); return(false);">
              <img src="<?php echo $img_path; ?>/cry.gif" border="0" alt="Piango" title="Piango" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :parolaccia:'); return(false);">
              <img src="<?php echo $img_path; ?>/parolaccia.gif" border="0" alt="parolaccia" title="Parolaccia" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :incupito:'); return(false);">
              <img src="<?php echo $img_path; ?>/incupito.gif" border="0" alt="Incupito" title="Incupito" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :stordito:'); return(false);">
              <img src="<?php echo $img_path; ?>/stordito.gif" border="0" alt="Stordito" title="Stordito" /></a> <br /><br />                     
            <a href="#" onclick="addText(' :info:'); return(false);">
              <img src="<?php echo $img_path; ?>/info.png" border="0" alt="info" title="Info" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :star:'); return(false);">
              <img src="<?php echo $img_path; ?>/star.png" border="0" alt="star" title="Star" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :alert:'); return(false);">
              <img src="<?php echo $img_path; ?>/alert.png" border="0" alt="alert" title="Alert" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :???:'); return(false);">
              <img src="<?php echo $img_path; ?>/question.png" border="0" alt="question" title="Domanda" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :check:'); return(false);">
              <img src="<?php echo $img_path; ?>/check.png" border="0" alt="question" title="Check" /></a> <br /><br />                     
            <a href="#" onclick="addText(' :wiki:'); return(false);">
              <img src="<?php echo $img_path; ?>/wikipedia.png" border="0" alt="wiki" title="Wikipedia" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :chat:'); return(false);">
              <img src="<?php echo $img_path; ?>/chat.png" border="0" alt="chat" title="Chat" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :www:'); return(false);">
              <img src="<?php echo $img_path; ?>/www.png" border="0" alt="www" title="Www" /></a>&nbsp;                      
            <a href="#" onclick="addText(' :man:'); return(false);">
              <img src="<?php echo $img_path; ?>/man.png" border="0" alt="man" title="Profilo" /></a> &nbsp;                      
            <a href="#" onclick="addText(' :mail:'); return(false);">
              <img src="<?php echo $img_path; ?>/mail.png" border="0" alt="mail" title="Mail" /></a> <br /><br />                     
            <a href="#" onclick="addText(' :fb:'); return(false);">
              <img src="<?php echo $img_path; ?>/facebook.gif" border="0" alt="fb" title="Facebook" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :li:'); return(false);">
              <img src="<?php echo $img_path; ?>/linkedin.gif" border="0" alt="li" title="LinkedIn" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :ms:'); return(false);">
              <img src="<?php echo $img_path; ?>/myspace.gif" border="0" alt="my" title="MySpace" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :tw:'); return(false);">
              <img src="<?php echo $img_path; ?>/twitter.gif" border="0" alt="tw" title="Twitter" /></a> &nbsp;                       
            <a href="#" onclick="addText(' :gw:'); return(false);">
              <img src="<?php echo $img_path; ?>/gwave.png" border="0" alt="gw" title="Google Wave" /></a>		             
            <!-- fine inserimento smilies --></td>                   
          <td align="left" bgcolor="#EEEEEE">           
<textarea cols="88" rows="20" name="testo" id="testo" tabindex="2"><?php echo $testo_value; ?></textarea></td>               
        </tr>               
        <tr>                   
          <td bgcolor="#DEE3E7" align="center" class="text"><b>Immagine di apertura</b></td>                   
          <td bgcolor="#EEEEEE" align="left" height="30" class="text2">                     
            <input type="checkbox" onclick="showText();" name="cb" id="cb" <?php echo $img_ap_checked; ?> />            
            <input type="text" style="display: <?php echo $img_ap_status; ?>" id="immagine" size="50" maxlength="70" name="immagine" value="<?php echo $immagine; ?>" />              
            <label for="cb">
              <?php echo $lang['imgdimensions']; ?>
            </label></td>               
        </tr>               
        <?php echo permessi(); ?>                
        <tr>                   
          <td bgcolor="#DEE3E7" align="center" class="text"><b>Opzioni</b></td>                   
          <td bgcolor="#EEEEEE" align="left" height="30" class="text2">            
            <input type="checkbox" id="nosmile" name="nosmile" <?php echo $nosmile_checked; ?> />              
            <label for="nosmile">
              <?php echo $lang['nosmilies']; ?>
            </label> &nbsp;              
            <input type="checkbox" id="cbcancella" name="cbcancella" onclick="if (this.checked) { alert('ATTENZIONE: la notizia cancellata non potr&agrave; essere recuperata!'); }" />              
            <label for="cbcancella">
              <?php echo $lang['canc_news']; ?>
            </label></td>                  
        </tr>               
        <tr>                   
          <td bgcolor="#DEE3E7" align="center" colspan="2">              
            <input type="submit" value="Modifica" name="submit" style="font-weight: bold;" tabindex="3" />              
            <input type="submit" value="Anteprima" name="preview" />              
            <input type="reset" value="Ripristina" name="reset" />      </td>               
        </tr>          
      </table>    
    </form>
<script language="JavaScript" type="text/javascript"> document.input_form.titolo.focus(); </script><br />    
    <?php include ("footer.php"); ?>  
  </body>
</html>
Return current item: Spacemarc News