- 论坛徽章:
- 0
|
本帖最后由 wxlg1117 于 2010-07-04 07:07 编辑
- <?php
- require "include/bittorrent.php";
- dbconn();
- loggedinorreturn();
- if (get_user_class() < UC_ADMINISTRATOR)
- newerr($tracker_lang['error'], $tracker_lang['access_denied']);
- $action = $_GET["action"];
- // Delete News Item //////////////////////////////////////////////////////
- if ($action == 'delete')
- {
- $newsid = (int)$_GET["newsid"];
- if (!is_valid_id($newsid))
- newerr($tracker_lang['error'],"Invalid news item ID - Code 1.");
- $returnto = htmlentities($_GET["returnto"]);
- $sure = $_GET["sure"];
- if (!$sure)
- newerr("Delete News","Are you sure you want to delete this news? Click \n" .
- "<a href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>here</a> If you are sure.");
- sql_query("DELETE FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
- if ($returnto != "")
- header("Location: $returnto");
- else
- $warning = "News <b>successfully</b> deleted";
- }
- // Add News Item /////////////////////////////////////////////////////////
- if ($action == 'add')
- {
- $subject = $_POST["subject"];
- if (!$subject)
- newerr($tracker_lang['error'],"Topic news may not be empty!");
- $body = $_POST["body"];
- if (!$body)
- newerr($tracker_lang['error'],"Body news may not be empty!");
- $added = $_POST["added"];
- if (!$added)
- $added = TIMENOW;
- sql_query("INSERT INTO news (userid, added, body, subject) VALUES (".
- $CURUSER['id'] . ", $added, " . sqlesc($body) . ", " . sqlesc($subject) . ")") or sqlerr(__FILE__, __LINE__);
- if (mysql_affected_rows() == 1)
- $warning = "News <b>successfully added </b>";
- else
- newerr($tracker_lang['error'],"What just happened?.");
- }
- // Edit News Item ////////////////////////////////////////////////////////
- if ($action == 'edit')
- {
- $newsid = (int)$_GET["newsid"];
- if (!is_valid_id($newsid))
- newerr($tracker_lang['error'],"Invalid news item ID - Code 2.");
- $res = sql_query("SELECT * FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
- if (mysql_num_rows($res) != 1)
- newerr($tracker_lang['error'], "No news item with ID.");
- $arr = mysql_fetch_array($res);
- if ($_SERVER['REQUEST_METHOD'] == 'POST')
- {
- $body = $_POST['body'];
- $subject = $_POST['subject'];
- $subject = $_POST["subject"];
- if ($subject == "")
- newerr($tracker_lang['error'],"Topic news may not be empty");
- if ($body == "")
- newerr($tracker_lang['error'], "Body news may not be empty!");
- $body = sqlesc($body);
- $subject = sqlesc($subject);
- $editedat = sqlesc(TIMENOW);
- sql_query("UPDATE news SET body=$body, subject=$subject WHERE id=$newsid") or sqlerr(__FILE__, __LINE__);
- $returnto = htmlentities($_POST['returnto']);
- if ($returnto != "")
- header("Location: $returnto");
- else
- $warning = "News <b>successfully</b> edited";
- }
- else
- {
- $returnto = htmlentities($_GET['returnto']);
- stdhead("Editing News");
- print("<form method=post name=news action=?action=edit&newsid=$newsid>\n");
- print("<table border=1 cellspacing=0 cellpadding=5>\n");
- print("<tr><td class=colhead>Editing news<input type=hidden name=returnto value=$returnto></td></tr>\n");
- print("<tr><td>Subject: <input type=text name=subject maxlength=70 size=50 value=\"" . htmlspecialchars($arr["subject"]) . "\"/></td></tr>");
- print("<tr><td style='padding: 0px'>");
- textbbcode("news","body",htmlspecialchars($arr["body"]));
- //<textarea name=body cols=145 rows=5 style='border: 0px'>" . htmlspecialchars($arr["body"]) .
- print("</textarea></td></tr>\n");
- print("<tr><td align=center><input type=submit value='Edit News'></td></tr>\n");
- print("</table>\n");
- print("</form>\n");
- stdfoot();
- die;
- }
- }
- // Other Actions and followup ////////////////////////////////////////////
- stdhead("News");
- if ($warning)
- print("<p><font size=-3>($warning)</font></p>");
- print("<form method=post name=news action=?action=add>\n");
- print("<table border=1 cellspacing=0 cellpadding=5>\n");
- print("<tr><td class=colhead>Submit News</td></tr>\n");
- print("<tr><td>Subject: <input type=text name=subject maxlength=40 size=50 value=\"" . htmlspecialchars($arr["subject"]) . "\"/></td></tr>");
- print("<tr><td style='padding: 0px'>");
- textbbcode("news","body","");
- //<textarea name=body cols=145 rows=5 style='border: 0px'>
- print("</textarea></td></tr>\n");
- print("<tr><td align=center><input type=submit value='Add News' class=btn></td></tr>\n");
- print("</table></form><br /><br />\n");
- $res = sql_query("SELECT * FROM news ORDER BY added DESC") or sqlerr(__FILE__, __LINE__);
- if (mysql_num_rows($res) > 0)
- {
- begin_main_frame();
- begin_frame();
- while ($arr = mysql_fetch_array($res))
- {
- $newsid = $arr["id"];
- $body = $arr["body"];
- $subject = $arr["subject"];
- $userid = $arr["userid"];
- $added = get_date_time($arr["added"]) . " GMT (" . (get_elapsed_time($arr["added"])) . " Ago)";
- $res2 = sql_query("SELECT username, donor FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__);
- $arr2 = mysql_fetch_array($res2);
- $postername = $arr2["username"];
- if ($postername == "")
- $by = "Unknown [$userid]";
- else
- $by = "<a href=userdetails.php?id=$userid><b>$postername</b></a>" .
- ($arr2["donor"] == "yes" ? "<img src=pic/star.gif alt='Donor'>" : "");
- print("<p class=sub><table border=0 cellspacing=0 cellpadding=0><tr><td class=embedded>");
- print("Posted ".$added." - $by");
- print(" - [<a href=?action=edit&newsid=$newsid><b>Edit</b></a>]");
- print(" - [<a href=?action=delete&newsid=$newsid><b>Delete</b></a>]");
- print("</td></tr></table></p>\n");
- begin_table(true);
- print("<tr valign=top><td><b>".$subject."</b></td></tr>\n");
- print("<tr valign=top><td class=comment>".format_comment($body)."</td></tr>\n");
- end_table();
- }
- end_frame();
- end_main_frame();
- }
- else
- newerr("Sorry", "No News!",false,true);
- die;
- ?>
- $sure = $_GET["sure"];
- if (!$sure)
- newerr("Delete News","Are you sure you want to delete this news? Click \n .
- "<a href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>here</a> If you are sure.");
![]()
符号问题? |
|
免费注册
发表于 2010-07-04 06:25
