<?php
if(file_exists('handler/stay.php') == TRUE) {
require('handler/stay.php');
}else{
echo '<p class="red_span" align="center">Error - Fehler</p>';
exit;
}
?>
<?php define('INCLUDE_CHECK',1); define('MYSQL_CHECK',1); ?>
<?php require('../framework/config.php'); ?>
<?php require('../framework/mysql.php'); ?>
<?php require('../framework/constants.php'); ?>
<?php require('../framework/class/cache_class.php'); no_cache(); ?>
<?php require('../framework/security.php'); ?>
<?php require('handler/language.php'); ?>
<?php require('structure/header.inc.php'); ?>
<div class="menu">
<div class="menu_left">
<ul id="admin_navi">
<li><a href="index.php"><?php echo $lang['blank_admin_area']; ?></a></li>
<li><a href="members.php"><?php echo $lang['admin_members']; ?></a></li>
<li><a href="discussions.php"><?php echo $lang['discussions']; ?></a></li>
<li><a href="topics.php"><?php echo $lang['blank_topics']; ?></a></li>
<li class="active"><a href="news.php"><?php echo $lang['news']; ?></a></li>
<li><a href="events.php"><?php echo $lang['events']; ?></a></li>
<li><a href="newsletter.php"><?php echo $lang['newsletter']; ?></a></li>
<li><a href="statistic.php"><?php echo $lang['statistic']; ?></a></li>
</ul>
</div>
<div class="menu_right">
<?php
if(isset($_SESSION['admin']) && $_SESSION['admin'] == TRUE) {
echo '<div class="admin_settings">
<a class="admin_account"><span>' . $lang['blank_navigation'] . '</span></a>
<div class="admin_submenu" style="display: none;">
<ul class="root">
<li><a href="' . $url . '" target="_blank">' . $lang['goto_network'] . '</a></li>
<li><a href="signout.php">' . $lang['signout'] . '</a></li>
</ul>
</div>
</div>';
}
?>
</div>
</div>
</div>
<div class="clear"></div>
<div id="content_wrapper">
<div class="content">
<?php
echo '<h1 class="p_space">' . $lang['news'] . '</h1>';
$sql = "SELECT * FROM news";
$result = mysql_query($sql) OR die(mysql_error());
echo '<p class="p_space"><a href="news.php?action=new" class="buttons">' . $lang['create_news'] . '</a></p>';
echo '<div class="clear_long"></div><br>';
if(mysql_num_rows($result)) {
echo '<p><strong>' . mysql_num_rows($result) . ' ' . $lang['admin_news_available'] . '</strong></p>';
echo '<table width="100%" class="tables">
<td width="5%"><strong>ID</strong></td>
<td width="50%"><strong>' . $lang['title'] . '</strong></td>
<td width="20%"><strong>' . $lang['date'] . '</strong></td>
<td width="30%"><strong>' . $lang['management'] . '</strong></td>';
for($i = 0; $i < mysql_num_rows($result); $i++) {
$row = mysql_fetch_assoc($result);
$date = date('d.m.Y - H:i', strtotime($row['date']));
echo '<tr>
<td width="5%">' . (int)$row['id'] . '</td>
<td width="50%">' . $row['title'] . '</td>
<td width="20%">' . $date . '</td>
<td width="30%"><a href="news.php?action=edit&id=' . (int)$row['id'] . '">' . $lang['news_edit'] . '</a> |
<a href="news.php?action=delete&id=' . (int)$row['id'] . '">' . $lang['blank_delete'] . '</a> | ';
if($row['check'] == '1') {
echo '<a href="news.php?action=lock&id=' . (int)$row['id'] . '">' . $lang['admin_lock'] . '</a>';
}else{
echo '<a href="news.php?action=unlock&id=' . (int)$row['id'] . '">' . $lang['admin_unlock'] . '</a>';
}
echo '</td>
</tr>';
}
echo '</table>';
}else{
echo '<p class="false">' . $lang['no_articles'] . '</p>';
}
echo '<div class="clear_long"></div>';
if(isset($_GET['action'])) {
switch($_GET['action']) {
case "edit":
$sql = "SELECT id, title, author, text FROM news WHERE id = '" . (int)$_GET['id'] . "'";
$result = mysql_query($sql) OR die(mysql_error());
$row = mysql_fetch_assoc($result);
if(isset($_POST['sent']) && $_POST['sent'] == '1') {
$sql = "UPDATE
news
SET
author = '" . mysql_real_escape_string($_POST['author']) . "',
title = '" . mysql_real_escape_string($_POST['title']) . "',
text = '" . mysql_real_escape_string($_POST['text']) . "'
WHERE
id = '" . (int)$row['id'] . "'";
mysql_query($sql) OR die(mysql_error());
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
}else{
echo '<form action="news.php?action=edit&id=' . (int)$_GET['id'] . '" method="post">
<p><input name="title" type="input" class="textfields" size="40" value="' . $row['title'] . '"> ' . $lang['title'] . '</p>
<p><input name="author" type="input" class="textfields" size="40" value="' . $row['author'] . '"> ' . $lang['author'] . '</p>
<p><textarea cols="45" rows="8" name="text" class="textareas">' . $row['text'] . '</textarea><br>
<p><input name="sent" type="hidden" value="1" class="textfields"></p>
<p><input name="send" type="submit" value="' . $lang['news_edit'] . '" class="buttons"></p>
</form>';
}
break;
case "delete":
if(isset($_GET['check']) && $_GET['check']=='ok') {
$sql = "DELETE FROM news WHERE id = '" . (int)$_GET['id'] . "'";
mysql_query($sql) OR die(mysql_error());
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
}elseif(isset($_GET['check']) && $_GET['check'] == 'no') {
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
}else{
echo '<p><span class="red_span">' . $lang['admin_news_delete'] . '?</span></p>
<a href="news.php?action=delete&id=' . (int)$_GET['id'] . '&check=ok" class="buttons"> ' . $lang['yes'] . ' </a>
<a href="news.php?action=delete&id=' . (int)$_GET['id'] . '&check=no" class="buttons"> ' . $lang['no'] . ' </a>';
}
break;
case "lock":
$sql = "UPDATE news SET `check` = '-1' WHERE id = '" . (int)$_GET['id'] . "'";
mysql_query($sql) OR die(mysql_error());
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
break;
case "unlock":
$sql = "UPDATE news SET `check` = '1' WHERE id = '". (int)$_GET['id'] ."'";
mysql_query($sql) OR die(mysql_error());
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
break;
case "new":
if(isset($_POST['sent']) && $_POST['sent'] == '1') {
if(!$_POST['title'] OR !$_POST['text']) {
echo '<p class="false">' . $lang['enter_a_title'] . '.</p>';
}else{
$sql = "INSERT INTO news
(author, title, text)
VALUES
('". mysql_real_escape_string($_POST['author']) ."',
'". mysql_real_escape_string($_POST['title']) ."',
'". mysql_real_escape_string($_POST['text']) ."')
";
mysql_query($sql) OR die(mysql_error());
echo '<meta http-equiv="refresh" content="0; URL=news.php">';
}
}
echo '<form action="news.php?action=new" method="post">';
echo '<p><input type="input" name="title" id="title" class="textfields" required size="40"';
if(isset($_POST['title'])) {
echo ' value="' . mysql_real_escape_string($_POST['title']) . '" ';
}
echo '> ' . $lang['title'] . '</p>';
echo '<p><input type="input" name="author" id="author" class="textfields" required size="40"';
if(isset($_POST['author'])) {
echo ' value="' . mysql_real_escape_string($_POST['author']) . '" ';
}
echo '> ' . $lang['author'] . '</p>';
echo '<p>' . $lang['admin_create_news'] . ':<br>';
echo '<textarea cols="45" rows="8" name="text" class="textareas"></p>';
if(isset($_POST['text'])) {
echo mysql_real_escape_string($_POST['text']);
}
echo '</textarea><br>
<input name="sent" type="hidden" value="1" class="textfields"><br>
<input name="send" type="submit" value="' . $lang['create_news'] . '" class="buttons">';
echo '</form>';
break;
default:
break;
}
}
echo '<div class="clear"></div>';
?>
<?php require('structure/footer.inc.php'); ?>