technews.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: technews.php,v $
// | $Date: 2004/02/10 01:34:30 $
// | $Revision: 1.18 $
// +-------------------------------------------------------------+
// | File Details:
// | - Technician news maintenance.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);
include "./../global.php";

tech_nav('news');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "list";
}

############################################# ADD NEWS (2) ############################################# 

if ($_REQUEST['do'] == "new2") {

	if (!$_REQUEST['title']) {
		$error .= "<LI>You have not entered a title</LI>";
	}
	if (!$_REQUEST['details']) {
		$error .= "<LI>You have not entered details for the news</LI>";
	}
	if (!$error) {
		$checks = xss_check(array(
			$_REQUEST['title'],
			$_REQUEST['details']), 'tech');

		$db->query("INSERT INTO tech_news SET
			title = '" . mysql_escape_string($checks[0]) . "',
			details = '" . mysql_escape_string($checks[1]) . "',
			techid = '$user[id]',
			date = '" . mktime() . "'
		");

		jump('technews.php', 'News entry created');
	} else {
		$_REQUEST['do'] = "new";
	}
}

############################################# ADD NEWS (1) #############################################

if ($_REQUEST['do'] == "new") {

	if ($error) {
		echo "<UL>$error</UL><br />";
	}

	$table[] = array('<b>Title</b>', form_input('title', $_REQUEST['title']). ' ' . thelp('News', 'Adding Entries'));
	$table[] = array('<b>Details</b>', form_textarea('details', 70, 7, $_REQUEST['details']));

	table_header('Create Tech News Entry', 'technews.php', array('do' => 'new2'));
	table_content('', $table);
	table_footer('Create');
}

############################################# EDIT NEWS (2) ############################################# 

if ($_REQUEST['do'] == "edit2") {

	if (!$_REQUEST['title']) {
		$error .= "<LI>You have not entered a title</LI>";
	}
	if (!$_REQUEST['details']) {
		$error .= "<LI>You have not entered details for the news</LI>";
	}
	if (!$error) {
		$checks = xss_check(array(
			$_REQUEST['title'],
			$_REQUEST['details']), 'tech');

		$db->query("UPDATE tech_news SET
			title = '" . mysql_escape_string($checks[0]) . "',
			details = '" . mysql_escape_string($checks[1]) . "',
			techid = '$user[id]',
			date = '" . mktime() . "'
			WHERE id = '$_REQUEST[id]'
		");

		jump('technews.php', 'News entry updated');
	} else {
		$_REQUEST['do'] = "edit";
	}
}

############################################# EDIT NEWS (1) ############################################# 

if ($_REQUEST['do'] == "edit") {

	if ($error) {
		echo "<UL>$error</UL><br />";
	}

	$news = $db->query_return("SELECT * FROM tech_news WHERE id = '$_REQUEST[id]'");

	$table[] = array('<b>Title</b>', form_input('title', $news[title]). ' ' . thelp('News', 'Editing and Deleting Entries'));
	$table[] = array('<b>Details</b>', form_textarea('details', 70, 7, $news['details']));

	table_header('Edit Tech News Entry', 'technews.php', array('do' => 'edit2', 'id' => $_REQUEST['id']));
	table_content('', $table);
	table_footer('Edit');

}

############################################# DELETE NEWS ############################################# 

if ($_REQUEST['do'] == "delete") {

	$db->query("DELETE FROM tech_news WHERE id = '$_REQUEST[id]'");
	jump('technews.php', 'News article deleted');

}

############################################# LIST NEWS ############################################# 

if ($_REQUEST['do'] == "list") {	
	
	$db->query("SELECT tech_news.*, tech.username
				FROM tech_news 
				LEFT JOIN tech ON (tech_news.techid = tech.id)
				ORDER BY date
			");

	while ($news = $db->row_array()) {

		$table[] = array(
			our_date($news['date']),
			'<b>' . $news[title] . '</b>',
			$news[details],
			"<a href=\"technews.php?do=edit&id=$news[id]\">edit</a>",
			jprompt('Are you sure you want to delete this news entry', "technews.php?do=delete&id=$news[id]", 'delete')
		);
	}

	if (is_array($table)) {

		table_header('View Tech News');
		table_content('', $table);
		table_footer();

	} else {
		echo "<b>There is currently no technician news";
	}

}

if ($_REQUEST['do'] == 'view') {
	$news = $db->query_return("SELECT * FROM tech_news WHERE id = '$_REQUEST[id]'");

	$table[] = array($news[details]);

	table_header($news[title]);
	table_content('', $table);
	table_footer();
}
tech_footer();
?>