Location: PHPKode > projects > iBWd News > news/admin/panel.php
<?

/*###############################################################*\
##                       iBWd News 1.1b                          ##
##                 http://bramstart.be/ibwds                     ##
##                                                               ##
*/###############################################################*\


require("config.php");
$query = "SELECT * FROM $table_users";
$result = mysql_query($query);
list($col1) = mysql_fetch_row($result);
if($col1==""){ 
	header("location: admin.php");
	exit;
 }
unset($query);
unset($result);


include("access.php");

$q = "SELECT addpost, modpost, delpost FROM $table_users where name = '$username'";
$q2 = mysql_query($q);
list($add,$mod,$del) = mysql_fetch_row($q2);


if($add == "Y"){ $addp = "<font color=\"#009933\">YES</font>"; } else{ $addp = "<font color=\"#FF0000\">NO</font>"; }
if($mod == "Y"){ $modp = "<font color=\"#009933\">YES</font>"; } else{ $modp = "<font color=\"#FF0000\">NO</font>"; }
if($del == "Y"){ $delp = "<font color=\"#009933\">YES</font>"; } else{ $delp = "<font color=\"#FF0000\">NO</font>"; }


?>
<html>
<head>
<style>
<?=$style;?>
.7{font-size:7pt; background-color: #FFFFFF; }
</style>
</head>
<body>
<center>
<table border="0" style="font-size: 7 pt; position: absolute; left: 9; top: 9" class="table_border" cellspacing="1" cellpadding="2" width="117" height="82">
<tr>
<td  class="7" width="100%" colspan="2" nowrap>Permissions for: <b><?=$username?></b></td>
</tr>
<tr>
<td class="7">Add posts</td>
<td class="7" align="center"><?=$addp?></td>
</tr>
<tr>
<td class="7">Modify posts</td>
<td class="7" align="center"><?=$modp?></td>
</tr>
<tr>
<td class="7">Delete posts</td>
<td class="7" align="center"><?=$delp?></td>
</tr>
<? if($status == "ADMIN"){ ?>
<tr>
<td class="7" colspan="2" nowrap>[you are the administrator]</td>
</tr>
<? } ?>
</table>
<?
$b = "<br><br><a href=\"panel.php\">Back</a>";

//DEFAULT PANEL VIEW

if(!isset($action)){
$query = mysql_query("Select * from $table order by date",$db);
		$p  = "<table align=\"center\" border=\"0\" cellspacing=\"1\" cellpadding=\"6\" class=\"table_border\">\n";
		$p .= "<tr class=\"header_cell\">";
		$p .= "<td>Date</td><td>Title</td><td>poster</td><td>modify</td><td>delete</td></tr>\n";
		echo $p;
	while(list($id,$title,$date,$poster,$mail,$news) = mysql_fetch_row($query)){
		$d = explode("-",$date);
		$thedate = "$d[2]/$d[1]/$d[0] - $d[3]:$d[4]";
		$print  = "\n<tr class=\"cells\">\n";
		$print .= "<td><li>$thedate</td><td><b>$title</b></td>\n";
		$print .= "<td>$poster</td>";
		$print .= "<td align=\"center\"><a href=\"panel.php?action=modify&PID=$id\">";
		$print .= "<img alt=\"Modify\" border=\"0\" src=\"modify.gif\"></a></td>\n";
		$print .= "<td align=\"center\"><a href=\"panel.php?action=remove&PID=$id\">";
		$print .= "<img alt=\"Delete\" border=\"0\" src=\"delete.gif\"></a></td>\n";
		$print .= "</tr>\n";
		echo $print;
	}
	echo"</table>";
}
// END DEFAULT PANEL VIEW



// DELETE NEWS
	// check permissions
	if($dedall == "1"){
		$query = mysql_query("SELECT * FROM $table WHERE ID='$PID' order by date");
		list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query);
	
		$query2 = mysql_query("SELECT * FROM $table_users WHERE name = '$uid'");
		list($ID, $password, $name, $addpost, $modpost, $delpost, $status) = mysql_fetch_row($query2);

			if($poster == $name){ $ok = 1; } else{ $nomsg = "<br>You can only delete your own posts!"; }
	}

	if($dedall == "0" || $status == "ADMIN"){ $ok = 1; }
	// end check permissions
if($action == "remove"){
	if($del == "Y" AND $ok =="1"){
	echo"<center>Are you sure you want to delete post " . $PID . " ?<br><a href=\"?action=delete&PID=$PID\">YES</a> | <a href=\"panel.php\">NO</a></center>";
	}
	else echo "" . $denied . "" . $nomsg . "" . $b . "";
}

if($action == "delete"){
	if($del == "Y" AND $ok == "1"){
	$query = "Delete from $table Where ID=$PID";
	mysql_query($query,$db);
	echo"<center>Post with ID " . $PID . " has been deleted!$b</center>";
	}
	else echo "" . $denied . "" . $nomsg . "" . $b . "";
}

unset($ok);

// END DELETE NEWS



// MODIFY NEWS

if($modall == "1"){
	$query = mysql_query("SELECT * FROM $table WHERE ID='$PID' order by date");
	list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query);

	$query2 = mysql_query("SELECT * FROM $table_users WHERE name = '$uid'");
	list($ID, $password, $name, $addpost, $modpost, $delpost, $status) = mysql_fetch_row($query2);

	if($poster == $name){ $ok = 1; } else{ $nomsg = "<br>You can only modify your own posts!"; }
}
if($modall == "0" || $status == "ADMIN"){ $ok = 1; }

if($action == "modify"){
 if($mod == "Y" AND $ok == "1"){
	if(!isset($modthis)){
		$query = mysql_query("Select * from $table where ID=$PID order by date");
		while(list($id,$title,$date,$poster,$email,$news) = mysql_fetch_row($query)){
		?>
		<form method="POST" action="<? echo"$PHP_SELF?action=modify&PID=$PID";?>">
		<input type="hidden" name="modthis" value="1">
		<div align="center">
		<center>
		<table border="0" cellspacing="1" cellpadding="3" class="table_border">
		<tr>
		<td colspan="2" class="header_cell">
		<p align="center">News admin panel</p>
		</td>
		</tr>
		<tr>
		<td align="right" class="cells">Name poster:</td>
		<td class="cells"><?=$poster;?></td>
		</tr>
		<tr>
		<td align="right" class="cells">E-mail:</td>
		<td class="cells"><?=$email;?></td>
		</tr>
		<tr>
		<td align="right" class="cells">Title:</td>
		<td class="cells"><input class="box" type="text" name="title1" size="30" value="<?=$title;?>"></td>
		</tr>
		<tr>
		<td align="right" valign="top" class="cells">News:</td>
		<td class="cells"><textarea class="input" rows="10" name="news1" cols="61"><?=$news;?></textarea></td>
		</tr>
		</center>
		<tr>
		<td colspan="2" class="header_cell">
		<p align="center"><input type="submit" name="submit"></td>
		</tr>
		</table>
		</center>
		</div>
		</form>
			<?
		}
	}
	if($modthis == "1"){
		$news1 = nl2br($news1);
		$thedate = date("Y-m-d-H-i-s");
		$query = "update $table set title='$title1', date='$thedate', news='$news1' where ID=$PID";
		mysql_query($query,$db);
		echo"<center>Post with ID $PID has been modified!$b</center>";
	}
	}
else echo "" . $denied . "" . $nomsg . "" . $b . "";
}
// END MODIFY NEWS




// ADD NEWS


if($action == "add"){
	if($add == "Y"){
	if(!isset($addsite)){ ?>

<form method="POST" action="<?=$PHP_SELF;?>?action=add">
<input type="hidden" name="addsite" value="1">
<input type="hidden" name="action" value="add">
<div align="center">
<center>
<table border="0" cellspacing="1" cellpadding="3" class="table_border">
<tr>
<td colspan="2" class="header_cell">
<p align="center">Submit news</p>
</td>
</tr>
<tr>
<td align="right" class="cells">Name poster:</td>
<td class="cells"><input disabled class="box" type="text" name="namem" size="30" value="<?=$username?>"></td>
</tr>
<tr>
<td align="right" class="cells">E-mail:</td>
<td class="cells"><input class="box" type="text" name="emailm" size="30"></td>
</tr>
<tr>
<td align="right" class="cells">Title:</td>
<td class="cells"><input class="box" type="text" name="titlem" size="30"></td>
</tr>
<tr>
<td align="right" valign="top" class="cells">Post:</td>
<td class="cells"><textarea class="input" rows="10" name="newsm" cols="61"></textarea></td>
</tr>
</center>
<tr>
<td colspan="2" class="header_cell">
<p align="center"><input type="submit" name="submit"></td>
</tr>
</table>
</center>
</div>
</form>

<? }
if($action == "add" && $addsite == "1"){
	
	if(!ereg("^.+@.+\\..+$", $emailm) || $newsm == "" || $titlem == ""){
		echo"<center>";
		echo"An error occured...";
		echo"<br>";
		if(!ereg("^.+@.+\\..+$", $emailm)){ echo"Error with e-mailadres \"$emailm\"<br>"; }
		if($titlem == ""){ echo"Please fill in a title<br>"; }
		if($newsm == ""){ echo"Think it would be nice when you fill in the news field...<br>"; }
		echo"<a href=\"javascript:history.back(-1);\">Back</a>";
		echo"</center><br>";	
	}
	else{
		$thedate = date("Y-m-d-H-i-s");
		$news = nl2br($news);
		$query = "INSERT INTO $table (ID, title, date, poster, email, news) VALUES ('', '$titlem', '$thedate', '$username', '$emailm', '$newsm')"; 
		mysql_query($query, $db);
		echo"<center>News has been submitted$b</center>";
	}


}

	}
else echo "" . $denied . "" . $b . "";
}

// END ADD NEWS
mysql_close($db);
?>



<? // please don't modify this line ?>
<br><p align="center"><a href="http://bramstart.be/ibwds"><font size="-2" face="Verdana">powered by iBWd scripts</font></a></p></center>
</body>
</html>
Return current item: iBWd News