Location: PHPKode > scripts > WH Social > wh_social/admin/news.php
<?php

    if(file_exists('handler/stay.php') == TRUE) {

        require('handler/stay.php');

        }else{

        echo '<p class="red_span" align="center">Error - Fehler</p>';
        exit;
        }

?>

<?php define('INCLUDE_CHECK',1); define('MYSQL_CHECK',1); ?>

<?php require('../framework/config.php'); ?>
<?php require('../framework/mysql.php'); ?>
<?php require('../framework/constants.php'); ?>
<?php require('../framework/class/cache_class.php'); no_cache(); ?>
<?php require('../framework/security.php'); ?>
<?php require('handler/language.php'); ?>

<?php require('structure/header.inc.php'); ?>

    <div class="menu">
        <div class="menu_left">
            <ul id="admin_navi">
                <li><a href="index.php"><?php echo $lang['blank_admin_area']; ?></a></li>
                <li><a href="members.php"><?php echo $lang['admin_members']; ?></a></li>
                <li><a href="discussions.php"><?php echo $lang['discussions']; ?></a></li>
                <li><a href="topics.php"><?php echo $lang['blank_topics']; ?></a></li>
                <li class="active"><a href="news.php"><?php echo $lang['news']; ?></a></li>
                <li><a href="events.php"><?php echo $lang['events']; ?></a></li>
                <li><a href="newsletter.php"><?php echo $lang['newsletter']; ?></a></li>
                <li><a href="statistic.php"><?php echo $lang['statistic']; ?></a></li>
            </ul>
        </div>
        <div class="menu_right">
            <?php

            if(isset($_SESSION['admin']) && $_SESSION['admin'] == TRUE) {

            echo '<div class="admin_settings">
            <a class="admin_account"><span>' . $lang['blank_navigation'] . '</span></a>
            <div class="admin_submenu" style="display: none;">
                <ul class="root">
                    <li><a href="' . $url . '" target="_blank">' . $lang['goto_network'] . '</a></li>
                    <li><a href="signout.php">' . $lang['signout'] . '</a></li>
                </ul>
            </div>
            </div>';
            }

            ?>
        </div>
    </div>
</div>

<div class="clear"></div>

<div id="content_wrapper">
    <div class="content">

    <?php

        echo '<h1 class="p_space">' . $lang['news'] . '</h1>';

        $sql = "SELECT * FROM news";

        $result = mysql_query($sql) OR die(mysql_error());

        echo '<p class="p_space"><a href="news.php?action=new" class="buttons">' . $lang['create_news'] . '</a></p>';

        echo '<div class="clear_long"></div><br>';

        if(mysql_num_rows($result)) {

        echo '<p><strong>' . mysql_num_rows($result) . ' ' . $lang['admin_news_available'] . '</strong></p>';

        echo '<table width="100%" class="tables">
        <td width="5%"><strong>ID</strong></td>
        <td width="50%"><strong>' . $lang['title'] . '</strong></td>
        <td width="20%"><strong>' . $lang['date'] . '</strong></td>
        <td width="30%"><strong>' . $lang['management'] . '</strong></td>';

        for($i = 0; $i < mysql_num_rows($result); $i++) {

            $row = mysql_fetch_assoc($result);
            $date = date('d.m.Y - H:i', strtotime($row['date']));

            echo '<tr>
            <td width="5%">' . (int)$row['id'] . '</td>
            <td width="50%">' . $row['title'] . '</td>
            <td width="20%">' . $date . '</td>
            <td width="30%"><a href="news.php?action=edit&id=' . (int)$row['id'] . '">' . $lang['news_edit'] . '</a> | 
            <a href="news.php?action=delete&id=' . (int)$row['id'] . '">' . $lang['blank_delete'] . '</a> | ';

            if($row['check'] == '1') {

            echo '<a href="news.php?action=lock&id=' . (int)$row['id'] . '">' . $lang['admin_lock'] . '</a>';

                }else{

                echo '<a href="news.php?action=unlock&id=' . (int)$row['id'] . '">' . $lang['admin_unlock'] . '</a>';
                }

            echo '</td>
            </tr>';
            }

        echo '</table>';

        }else{

        echo '<p class="false">' . $lang['no_articles'] . '</p>';
        }
        
        echo '<div class="clear_long"></div>';

        if(isset($_GET['action'])) {

        switch($_GET['action']) {

        case "edit":

        $sql = "SELECT id, title, author, text FROM news WHERE id = '" . (int)$_GET['id'] . "'";

        $result = mysql_query($sql) OR die(mysql_error());

        $row = mysql_fetch_assoc($result);

        if(isset($_POST['sent']) && $_POST['sent'] == '1') {

            $sql = "UPDATE
                        news
                    SET
                        author = '" . mysql_real_escape_string($_POST['author']) . "',
                        title = '" . mysql_real_escape_string($_POST['title']) . "',
                        text = '" . mysql_real_escape_string($_POST['text']) . "'
                    WHERE
                        id = '" . (int)$row['id'] . "'";

            mysql_query($sql) OR die(mysql_error());

            echo '<meta http-equiv="refresh" content="0; URL=news.php">';

        }else{

        echo '<form action="news.php?action=edit&id=' . (int)$_GET['id'] . '" method="post">
        <p><input name="title" type="input" class="textfields" size="40" value="' . $row['title'] . '"> ' . $lang['title'] . '</p>
        <p><input name="author" type="input" class="textfields" size="40" value="' . $row['author'] . '"> ' . $lang['author'] . '</p>
        <p><textarea cols="45" rows="8" name="text" class="textareas">' . $row['text'] . '</textarea><br>
        <p><input name="sent" type="hidden" value="1" class="textfields"></p>
        <p><input name="send" type="submit" value="' . $lang['news_edit'] . '" class="buttons"></p>
        </form>';
        }

        break;

        case "delete":

        if(isset($_GET['check']) && $_GET['check']=='ok') {

            $sql = "DELETE FROM news WHERE id = '" . (int)$_GET['id'] . "'";

            mysql_query($sql) OR die(mysql_error());

            echo '<meta http-equiv="refresh" content="0; URL=news.php">';

                }elseif(isset($_GET['check']) && $_GET['check'] == 'no') {
                echo '<meta http-equiv="refresh" content="0; URL=news.php">';

        }else{

        echo '<p><span class="red_span">' . $lang['admin_news_delete'] . '?</span></p>
        <a href="news.php?action=delete&id=' . (int)$_GET['id'] . '&check=ok" class="buttons">&nbsp;' . $lang['yes'] . '&nbsp;</a>&nbsp;&nbsp;
        <a href="news.php?action=delete&id=' . (int)$_GET['id'] . '&check=no" class="buttons">&nbsp;' . $lang['no'] . '&nbsp;</a>';
        }

        break;

        case "lock":

            $sql = "UPDATE news SET `check` = '-1' WHERE id = '" . (int)$_GET['id'] . "'";

            mysql_query($sql) OR die(mysql_error());

            echo '<meta http-equiv="refresh" content="0; URL=news.php">';

        break;

        case "unlock":

            $sql = "UPDATE news SET `check` = '1' WHERE id = '". (int)$_GET['id'] ."'";

            mysql_query($sql) OR die(mysql_error());

            echo '<meta http-equiv="refresh" content="0; URL=news.php">';

        break;

        case "new":

        if(isset($_POST['sent']) && $_POST['sent'] == '1') {

            if(!$_POST['title'] OR !$_POST['text']) {

            echo '<p class="false">' . $lang['enter_a_title'] . '.</p>';

            }else{

            $sql = "INSERT INTO news
                        (author, title, text)
                    VALUES
                        ('". mysql_real_escape_string($_POST['author']) ."',
                        '". mysql_real_escape_string($_POST['title']) ."',
                        '". mysql_real_escape_string($_POST['text']) ."')
                        ";

            mysql_query($sql) OR die(mysql_error());

            echo '<meta http-equiv="refresh" content="0; URL=news.php">';
            }
        }

        echo '<form action="news.php?action=new" method="post">';

        echo '<p><input type="input" name="title" id="title" class="textfields" required size="40"';
        if(isset($_POST['title'])) {
        echo ' value="' . mysql_real_escape_string($_POST['title']) . '" ';
        }
        echo '> ' . $lang['title'] . '</p>';

        echo '<p><input type="input" name="author" id="author" class="textfields" required size="40"';
        if(isset($_POST['author'])) {
        echo ' value="' . mysql_real_escape_string($_POST['author']) . '" ';
        }
        echo '> ' . $lang['author'] . '</p>';

        echo '<p>' . $lang['admin_create_news'] . ':<br>';
        echo '<textarea cols="45" rows="8" name="text" class="textareas"></p>';

        if(isset($_POST['text'])) {

            echo mysql_real_escape_string($_POST['text']);
            }

        echo '</textarea><br>
        <input name="sent" type="hidden" value="1" class="textfields"><br>
        <input name="send" type="submit" value="' . $lang['create_news'] . '" class="buttons">';

        echo '</form>';

        break;

        default:
        break;
        }
        }

    echo '<div class="clear"></div>';

    ?>

<?php require('structure/footer.inc.php'); ?>
Return current item: WH Social