dtnet
Active Member |
admin.php
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
<?php
session_start();
$_username = "****"; //admin username to login
$_password = "******"; //admin password to login
print('<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>News</title>
<link rel="stylesheet" type="text/css" media="screen" title="Default" href="adminstyle.css" />
</head>
<body>');
if (isset($_POST['submit'])) {
//check if the username and password match
if ($_POST['username'] == $_username && $_POST['password'] == $_password) {
//set session variable
$_SESSION['logged_in'] = "true";
$_SESSION['username'] = $_username;
}
}
//if not logged in show the login form
if (!isset($_SESSION['logged_in'])) {
print('
<div id="login">
<h1>News Login</h1>
<form method="post" action="admin.php" class="login">
<label for="username">Username:</label> <input type="text" id="username" name="username" /><br/>
<label for="password">Password:</label> <input type="password" id="password" name="password" /><br/>
<input type="hidden" name="login" />
<label for="submit"> </label> <input type="submit" id="submit" name="submit" value="Login" /><br/>
<p style="font-size: 9px; text-align: center;">Created by <a href="http://d-webz.org">DylanM</a>.</p>
</div>
</form>');
//if logout is requested
} elseif (isset($_GET['do']) && $_GET['do'] == "logout") {
session_start();
$_SESSION = array();
session_destroy();
echo '<META HTTP-EQUIV="refresh" content="1"; URL="admin.php">';
} else {
print('<script type="text/javascript">
function preview(id1, id2){
var NewText = document.getElementById(id1).value;
splitText = NewText.split(/n/).join("");
var DivElement = document.getElementById(id2);
DivElement.innerHTML = splitText;
}
</script>
');
include '../config.php';
print('<div id="container"> <h1>Admin Panel</h1>
<p style="text-align: center;"><a href="?">Admin Home</a> | <a href="?action=new">New Entry</a> | <a href="?action=entries">Edit Entries</a> | <a href="?do=logout">Logout</a></p>');
if ($action == "") {
print("<p>Woot. This is your admin panel page. Use the above page to add, edit, and delete news. Created by DylanM (3xS). www.d-webz.org</p>");
}elseif ($action == "entries") {
//get pages from the database
$query = "SELECT * FROM entries ORDER BY id DESC";
$sql = mysql_query($query);
print('<form method="post" action="" class="table">
<table width="760">
<tr>
<th>Select</td>
<th>Category</td>
<th>Title</td>
<th>Date</td>
</tr>
');
while($row = mysql_fetch_array($sql)){
$id = $row['id'];
$category = stripslashes($row['category']);
$title = stripslashes($row['title']);
$date = $row['date'];
// show entries
print('<tr>
<td><input type="checkbox" name="selected[]" value="$id"></td>
<td>$category</td>
<td><a href="?action=edit&id=$id">$title</a></td>
<td>$date</td>
<td><a href="?action=showcomments&id=$id">$comnum</a></td>
</tr>
');
}
print('
</table>
<br/>
<label for="action">Action:</label>
<select name="action" id="action">
<option value="archive">Archive
<option value="delete">Delete
</select>
<input type="submit" id="submit" name="Submit">
</form>
');
}elseif($action == "new"){
print('<div class="input">
<form method="post" id="addentry" action="?action=addnewentry">
<label for="title">Title</label><input id="title" name="title" tabindex="1" type="text"><br/>
<label for="category">Category</label><input id="category" name="category" tabindex="2" type="text" value="home"><br/>
<label for="addshort">Short</label><textarea name="addshort" wrap="virtual" id="addshort" tabindex="3"></textarea><br/><br/>
<label for="addfull">Full</label><textarea name="addfull" wrap="virtual" id="addfull" tabindex="4"></textarea><br/>
<label for="submit">Submit</label><input id="submit" name="submit" value="Submit" tabindex="5" type="submit">
</div>
<div class="story">
<h1>Short Preview:</h1>
<div id="addpreview-short"></div><br/>
<h1>Full Preview:</h1>
<div id="addpreview-full"></div>
</div>
');
}elseif($action == "addnewentry"){
$title = mysql_real_escape_string($_POST['title']);
$category = mysql_real_escape_string($_POST['category']);
$short = mysql_real_escape_string($_POST['addshort']);
$full = mysql_real_escape_string($_POST['addfull']);
$query = "INSERT INTO entries (id, category, title, date, short, full)
VALUES (NULL, '$category', '$title', NOW(), '$short', '$full');";
mysql_query($query) or die("Add failed: " . mysql_error());
echo mysql_affected_rows() . ' record added.';
echo '<br/><a href="admin.php">Go back.</a>';
}elseif ($action == "delete"){
$selected = implode(",", $_POST['selected']);
$query = "DELETE FROM entries WHERE id IN ($selected)";
mysql_query($query) or die("Delete failed: " . mysql_error());
echo mysql_affected_rows() . ' record(s) deleted.';
echo '<br/><a href="admin.php">Go back.</a>';
}elseif($action == "archive"){
$selected = implode(",", $_POST['selected']);
$query = "UPDATE entries SET category='archive' WHERE id IN ($selected)";
mysql_query($query) or die("Archive failed: " . mysql_error());
echo mysql_affected_rows() . ' record(s) moved to the archives.';
echo '<br/><a href="admin.php">Go back.</a>';
}elseif($action == "edit"){
$id = mysql_real_escape_string($_GET['id']);
//get page from the database
$query = "SELECT * FROM entries WHERE id = '$id'";
$sql = mysql_query($query);
$row = mysql_fetch_array($sql);
$title = stripslashes($row['title']);
$category = stripslashes($row['category']);
$date = stripslashes($row['date']);
$short = stripslashes($row['short']);
$full = stripslashes($row['full']);
print('<div class="input">
<form method="post" id="editentry" action="?action=editentry&id=$id">
<label for="title">Title</label><input id="title" name="title" tabindex="1" value="$title" type="text"><br/>
<label for="category">Category</label><input id="category" name="category" value="$category" tabindex="2" type="text"><br/>
<label for="editshort">Short</label><textarea name="editshort" wrap="virtual" id="editshort" tabindex="3">$short</textarea><br/><br/>
<label for="editfull">Full</label><textarea name="editfull" wrap="virtual" id="editfull" tabindex="4">$full</textarea><br/>
<label for="submit">Submit</label><input id="submit" name="submit" value="Submit" tabindex="5" type="submit">
</div>
<div class="story">
<h1>Short Preview:</h1>
<div id="editpreview-short"></div><br/>
<h1>Full Preview:</h1>
<div id="editpreview-full"></div>
</div>
');
}elseif($action == "editentry"){
$id = mysql_real_escape_string($_GET['id']);
$title = mysql_real_escape_string($_POST['title']);
$title = htmlspecialchars("$title");
$category = "{$_POST['category']}";
$short = mysql_real_escape_string($_POST['editshort']);
$short = htmlspecialchars("$short");
$full = mysql_real_escape_string($_POST['editfull']);
$full = htmlspecialchars("$full");
$query = "UPDATE entries SET title = '$title', category = '$category', short = '$short', full = '$full' WHERE id = $id;";
mysql_query($query) or die("Edit failed: " . mysql_error());
echo mysql_affected_rows() . ' record modified.';
echo '<br/><a href="admin.php">Go back.</a>';
}else{
echo "There was an error";
echo '<br/><a href="admin.php">Go back.</a>';
}
print('<p style="font-size: 9px; text-align: center;">Created by <a href="http://d-webz.org">DylanM</a>.</p></div>');
}
?>
</body>
</html>
news.php
PHP Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
<?php
// Database Connection
include 'config.php';
function show(){
global $db;
//get page 1 if no page is requested
if(!isset($_GET['page'])){
$page = "1";
} else {
//get requested page
$page = $_GET['page'];
}
if(!isset($_GET['category'])){
$category = "home";
} else {
$category = mysql_real_escape_string($_GET['category']);
}
//max entries per page
$max_results = "4";
//figure out the result limit
$from = (($page * $max_results) - $max_results);
//get pages from the database
$query = "SELECT *, DATE_FORMAT(date, '%W, %M %e, %Y <br/> %r') AS date FROM entries WHERE category = '$category' ORDER BY id DESC LIMIT $from, $max_results";
$sql = mysql_query($query);
while($row = mysql_fetch_array($sql)){
$id = $row['id'];
//check for a full story
if( $row['full'] == ""){
$readmore = "";
}else{
$readmore = '| <a href="?id=$id">Read more...</a>';
}
$title = stripslashes($row['title']);
$date = "{$row['date']}";
$short = stripslashes($row['short']);
$short = nl2br($short);
// show emtries
print("<div class='story'>
<h1><a href='?id=$id'>$title</a></h1>
<h2>$date</h2>
<p>$short</p>
<p>$readmore</p>
");
}
//get total number of results
$total_results = mysql_result(mysql_query("SELECT COUNT(*) FROM entries"),0);
//round up
$total_pages = ceil($total_results / $max_results);
//show previous link
if($page > 1){
$prev = ($page - 1);
echo "<a href=\"" . $_SERVER['PHP_SELF'] . "?page=" . $prev . "\">Previous</a> - |";
}else{
echo "Previous - |";
}
for($i = 1; $i <= $total_pages; $i++){
if(($page) == $i){
echo "<strong>$i</strong>";
} else {
echo "<a href=\"" . $_SERVER['PHP_SELF'] . "?page=$i\"> $i </a>";
}
}
//show next link
if($page < $total_pages){
$next = ($page + 1);
echo "| - <a href=\"" . $_SERVER['PHP_SELF'] . "?page=$next\">Next</a>";
}else{
echo "| - Next";
}
}
function showfull($id){
global $db;
//get page from the database
$query = "SELECT *, DATE_FORMAT(date, '%W, %M %e, %Y <br/> %r') AS date FROM entries WHERE id = '$id'";
$sql = mysql_query($query);
$row = mysql_fetch_array($sql);
$title = stripslashes($row['title']);
$date = "{$row['date']}";
$short = stripslashes($row['short']);
$short = nl2br($short);
$full = stripslashes($row['full']);
$full = nl2br($full);
if( $full != ""){
$fulltext = "$full";
}else{
$fulltext = "$short";
}
// show entry
print('<div class="story">
<h1>$title</h1>
<h2>$date</h2>
<p>$fulltext</p>
</div>
');
//get entries from the database and sort them by year and month in reverse
$query = "SELECT *, DATE_FORMAT(date, '%Y%m') AS sort, DATE_FORMAT(date, '%M %Y') AS date FROM entries WHERE category = 'archive' GROUP BY sort ORDER BY sort DESC";
$sql = mysql_query($query);
while($row = mysql_fetch_array($sql)){
$date = $row['date'];
// show emtries
print('<h1>$date</h1>
');
$query = "SELECT *, DATE_FORMAT(date, '%W, %M %e | %r') AS date FROM entries WHERE category = 'archive' ORDER BY id DESC";
$sql = mysql_query($query);
while($row = mysql_fetch_array($sql)){
$id = $row['id'];
$title = stripslashes($row['title']);
$date = $row['date'];
// show emtries
print('<a href="?id=$id">$date - $title</a><br/>');
}
}
}
$id = "{$_GET['id']}";
$archive = "{$_GET['archive']}";
if($archive != ""){
showarchive();
}elseif($id != ""){
showfull($id);
}else{
show();
}
?>
|