Location: PHPKode > projects > news-tnk > news-tnk/php3/news_admin.php3
<?
//news-tnk v1.2.3 php3
//Thierry Nkaoua hide@address.com
// http://www.linux-sottises.net


// Config
include ("include/config_news.php3");

// store password in cookie, and reset it to "" if logout
if($np){
$login_password=$np;
}else{
        if(isset($login_password)){
         $login_password=crypt($login_password,"tn");
                if($login_password==$admin_password){
                setcookie("np",$login_password, time() + $time_cookie);
                }
         }
}

if($admin=="logout"){
        $login_password="";
        setcookie("np","", time()-3600);
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<?
include("include/head_news-tnk.inc");
?>
<title><? print("$talk[19]"); ?></title>
</head>

<body>
<center>
<h2><? print("$talk[19]"); ?></h2>
<br>
<?
// Authentification
$auth=($login_password==$admin_password);

// Check URL manipulation!
$arg=$HTTP_GET_VARS;
$nbr=sizeof($arg);

if($nbr!=0){
print("$talk[48]");

}else{

// check password
if(!$auth){

//  bad authentification
        if($login==$talk[22]){
        print("<b>$talk[49]</b>");
        }

//  login screen
?>
<form action="<? print("$PHP_SELF"); ?>" method="post">
<input type="hidden" name="admin" value="0">
<table border="1" cellspacing="5" cellpadding="5">
        <tr class="head">
        <td><? print("$talk[50]"); ?>:</td>
        <td><input type="password" name="login_password" size="25" maxlength="25"></td>
        </tr>
        <tr class="row1">
        <td colspan="2" align="center"><input type="submit" name="login" value="<? print("$talk[22]"); ?>"></td>
        </tr>
</table>
</form>

<?
// password OK
}else{
?>

<table cellspacing="5" cellpadding="5">
<tr>
<td valign="top" align="center">

<form action=<?  print("$PHP_SELF"); ?> method="post">
<input type="hidden" name="admin" value="logout">
<b><input type="submit" value="<? print("$talk[81]"); ?>"></b>
</form>

<?

// News Home Page
if($admin=="0"){

if (!isset($all)){$all="0";}
?>


<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="hidden" name="admin" value="0">
<? if($all=="1"){ ?>
 <input type="submit" value="<? print("$talk[20]"); ?>">
<? }else{ ?>
<input type="hidden" name="all" value="1">
<input type="submit" value="<? print("$talk[2]"); ?>">
<? } ?>
</form>

</td>

<td align="center">

<?
mysql_connect ($dbhost, $username, $password);
mysql_select_db ($database);
$result=mysql_query("SELECT * FROM news_list order by id desc");
while($news=mysql_fetch_array($result)){
$valid=$news["valid"];
$id=$news["id"];
if($valid=="0" || $all=="1"){
$namex= $news["name"];
$msgx= $news["msg"];
$titlex=$news["title"];
$datex=strftime("%d %B %Y à  %H:%M", $news["date"]);
$emailx=$news["email"];
$webx=$news["web"];
$webx=strip_tags($webx);
$msg_modx=$news["msg_mod"];
$date_modx=strftime("%d %B %Y à  %H:%M", $news["date_mod"]);

?>

<table border="1" cellspacing="5" cellpadding="5" width="600">
<tr class="row">
<td>
<?
print("$talk[4]: $titlex<br>\n");
print("$talk[5]: <a href=\"mailto:$emailx\">$namex</a>&nbsp;&nbsp;\n");
if($webx!=""){
print("<a href=\"http://$webx\">$webx</a>\n");
}
print("<br>$datex <hr>\n");
?>
</td>
</tr>
<tr class="row1">
<td>
<?
print("$msgx <hr>\n");

?>
</td>
</tr>
<tr class="row2">
<td>
<? if($valid=="1"){
print("$talk[6] $date_modx");
if($msg_modx!=""){
?>
<hr>
<b><? print("$talk[7]"); ?></b>
<br>
<?
print("$msg_modx");
}
}else{ ?>
<b><? print("$talk[27]"); ?></b>
<? } ?>
<br><br>
<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="submit" value="<? print("$talk[28]"); ?>">
<input type="hidden" name="admin" value="1">
<input type="hidden" name="id" value="<? print("$id"); ?>">
</form>
</td>
</tr>
</table>

<br>

<?
//end if valid!=0
}

// end while fetch_array
}
mysql_free_result($result);
?>
</td>
</tr>
</table>
<?

// end admin=0
}elseif($admin=="1"){

?>

</td>

<td align="center">
<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="hidden" name="id" value="<? print("$id"); ?>">
<input type="hidden" name="admin"  value="2">

<?
mysql_connect ($dbhost, $username, $password);
mysql_select_db ($database);
$result=mysql_query("SELECT * FROM news_list WHERE id=$id");
while($news=mysql_fetch_array($result)){
$valid=$news["valid"];
$name= $news["name"];
$msg= $news["msg"];
$title=$news["title"];
$date= $news["date"];
$datex=strftime("%d %B %Y ,  %H:%M", $news["date"]);
$email=$news["email"];
$web=$news["web"];
$web=strip_tags($web);
$msg_mod=$news["msg_mod"];
$date_mod=strftime("%d %B %Y ,  %H:%M", $news["date_mod"]);

// Html to text for corrections
$msg=backhtmlfilt($msg,$nb_icons);
$msg_mod=backhtmlfilt($msg_mod,$nb_icons);
?>

<table border="1" cellspacing="5" cellpadding="5" width="600">
<tr class="row">
<td>
<table>
<tr>
<td>
<? print("$talk[4]"); ?>:
</td>
<td>
<input type="text" name="title" size="50" maxlength="50" value="<? print("$title"); ?>">
</td>
</tr>
<tr>
<td>
<? print("$talk[5]"); ?>:
</td>
<td>
<input type="text" name="name" size="25" maxlength="25" value="<? print("$name"); ?>">
</td>
</tr>
<tr>
<td>
<? print("$talk[18]"); ?>:
</td>
<td>
<input type="text" name="email" size="50" maxlength="50" value="<? print("$email"); ?>">
</td>
</tr>
<?
if($web!=""){
?>
<tr>
<td>
<? print("$talk[13]"); ?>:
</td>
<td>
<input type="text" name="web" size="50" maxlength="50" value="<? print("$web"); ?>">
</td>
</tr>
<? } ?>
</table>
<?
print("<br>$datex \n");
?>
</td>
</tr>
<tr class="row1">
<td align="center">
<b><? print("$talk[11]"); ?></b>
<br><br>
<textarea name="msg" rows="15" cols="50" wrap="virtual"><? print("$msg");?></textarea>
<br><br>
</td>
</tr>
<tr class="row2">
<td align="center">
<?
$checked="checked";
$unchecked="";
if($valid=="0"){
$unchecked="checked";
$checked="";
}
?>
<br>
<input type="radio" name="valid" value="1" <? print("$checked"); ?> > &nbsp;<? print("$talk[22]"); ?>
&nbsp;&nbsp;&nbsp;
<input type="radio" name="valid" value="0" <? print("$unchecked"); ?> > &nbsp;<? print("$talk[40]"); ?>
&nbsp; &nbsp;&nbsp;
<input type="radio" name="valid" value="rm"> &nbsp;<? print("$talk[42]"); ?>
<hr>
<b><? print("$talk[7]"); ?></b>
<br><br>
<textarea name="msg_mod" rows="15" cols="50" wrap="virtual"><? print("$msg_mod");?></textarea>
<br><br>
</td>
</table>

<br>
<input type="hidden" name="date" value="<? print("$date");?>">
<input type="submit" value="<? print("$talk[43]"); ?>">
<?

// end while fetch_array
}


?>
</form>
</td>
</tr>
</table>
<?
mysql_free_result($result);


// end admin=1
}elseif($admin=="2"){

if($valid=="rm"){
?>
</td>

<td align="center">

<table border="1" cellpadding="5" cellspacing="5" width="600">
<tr class="head">
<td align="center">
<b><? print("$talk[46]"); ?></b>
</td>
</tr>
<tr class="row">
<td>
<b><? print("$talk[5]"); ?>:</b> <? print("$name"); ?>
<br>
<b><? print("$talk[18]"); ?>:</b> <? print("$email"); ?>
<br>
<b><? print("$talk[11]"); ?></b>
<br>
<? print("$msg"); ?>
</td>
</tr>
</table>
<br>
<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="hidden" name="admin" value="3">
<input type="hidden" name="id" value="<? print("$id"); ?>">
<input type="submit" value="<? print("$talk[47]"); ?>">
</form>

</tr>
</td>
</table>

<?
//end delete confirm, save modified news
}else{
$title = (ereg_replace("<", "&lt;", $title));
$title = (ereg_replace(">", "&gt;", $title));
$name= (ereg_replace(">", "&gt;", $name));
$name = (ereg_replace("<", "&lt;", $name));
$msg = htmlfilt($msg,$nb_icons);
$now = time();
$msg_mod=htmlfilt($msg_mod,$nb_icons);
$date_mod=$now;
mysql_connect ($dbhost, $username, $password);
mysql_select_db ($database);
mysql_query ("replace into news_list values ('$id','$name','$msg','$title','$date','$email','$web','$msg_mod','$date_mod','$valid')");

?>
</td>

<td align=center>
<b><? print("$talk[51]"); ?></b>
<br>
<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="hidden" name="admin" value="0">
<input type="submit" value="<? print("$talk[80]"); ?>">
</form>


</tr>
</td>
</table>

<?
//end admin=2
}


}elseif($admin=="3"){

mysql_connect ($dbhost, $username, $password);
mysql_select_db ($database);
mysql_query ("DELETE FROM news_list WHERE id=$id");
?>
</td>

<td align=center>
<b><? print("$talk[52]"); ?></b>
<br>
<form method="post" action="<? print("$PHP_SELF"); ?>">
<input type="hidden" name="admin" value="0">
<input type="submit" value="<? print("$talk[80]"); ?>">
</form>


</tr>
</td>
</table>

<?

// end admin
}

// end auth OK
}

// end argv OK
}
?>

</center>
</body>
</html>
Return current item: news-tnk