usernews.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: usernews.php,v $
// | $Date: 2004/02/10 01:34:30 $
// | $Revision: 1.15 $
// +-------------------------------------------------------------+
// | File Details:
// | - User news maintenance.
// +-------------------------------------------------------------+

error_reporting(E_ALL ^ E_NOTICE);
include "./../global.php";

tech_nav('news');

// default do
$_REQUEST['do'] = trim($_REQUEST['do']);
if (!isset($_REQUEST['do']) or $_REQUEST['do'] == "") {
	$_REQUEST['do'] = "list";
}

############################################# ADD NEWS (2) ############################################# 
if ($_REQUEST['do'] == "new2") {
	if (!$_REQUEST['title']) {
		$error .= "<LI>You have not entered a title</LI>";
	}
	if (!$_REQUEST['details']) {
		$error .= "<LI>You have not entered details for the news</LI>";
	}
	if (!$_REQUEST['logged_in'] AND !$_REQUEST['logged_out']) {
		$error .= "<LI>The news entry needs to be displayed to at least one type of users</LI>";
	}

	if (!$error) {
		$checks = xss_check(array(
			$_REQUEST['title'],
			$_REQUEST['details']), 'tech');

		$db->query("INSERT INTO news SET
			title = '" . mysql_escape_string($checks[0]) . "',
			details = '" . mysql_escape_string($checks[1]) . "',
			logged_in = '" . mysql_escape_string($_REQUEST['logged_in']) . "',
			logged_out = '" . mysql_escape_string($_REQUEST['logged_out']) . "',
			techid = $user[id],
			date = '" . mktime() . "'
		");

		jump('usernews.php', 'News entry created');
	} else {
		$_REQUEST['do'] = "new";
	}
}

############################################# ADD NEWS (1) ############################################# 
if ($_REQUEST['do'] == "new") {
	if ($error) {
		echo "<UL>$error</UL><br />";
	}

	$table[] = array('<b>Title</b>', form_input('title', $_REQUEST['title']) . ' ' . thelp('News', 'Adding Entries'));
	$table[] = array('<b>Details</b>', form_textarea('details', 70, 7, $_REQUEST['details']));
	$table[] = array('<b>Display to logged in users</b>', form_radio_yn('logged_in', '', $_REQUEST['logged_in']));
	$table[] = array('<b>Display to logged out users</b>', form_radio_yn('logged_out', '', $_REQUEST['logged_out']));

	table_header('Create User News Entry', 'usernews.php', array('do' => 'new2'));
	table_content('', $table);
	table_footer('Create');
}

############################################# EDIT NEWS (2) ############################################# 
if ($_REQUEST['do'] == "edit2") {
	if (!$_REQUEST['title']) {
		$error .= "<LI>You have not entered a title</LI>";
	}
	if (!$_REQUEST['details']) {
		$error .= "<LI>You have not entered details for the news</LI>";
	}
	if (!$_REQUEST['logged_in'] AND !$_REQUEST['logged_out']) {
		$error .= "<LI>The news entry needs to be displayed to at least one type of users</LI>";
	}

	if (!$error) {
		$checks = xss_check(array(
			$_REQUEST['title'],
			$_REQUEST['details']), 'tech');

		$db->query("UPDATE news SET
			title = '" . mysql_escape_string($checks[0]) . "',
			details = '" . mysql_escape_string($checks[1]) . "',
			logged_in = '" . mysql_escape_string($_REQUEST['logged_in']) . "',
			logged_out = '" . mysql_escape_string($_REQUEST['logged_out']) . "',
			techid = $user[id],
			date = '" . mktime() . "'
			WHERE id = '$_REQUEST[id]'
		");

		jump('usernews.php', 'News entry updated');
	} else {
		$_REQUEST['do'] = "edit";
	}
}

############################################# EDIT NEWS (1) ############################################# 
if ($_REQUEST['do'] == "edit") {
	if ($error) {
		echo "<UL>$error</UL><br />";
	}

	$news = $db->query_return("SELECT * FROM news WHERE id = '$_REQUEST[id]'");

	$table[] = array('<b>Title</b>', form_input('title', $news['title']) . ' ' . thelp('News', 'Editing and Deleting Entries'));
	$table[] = array('<b>Details</b>', form_textarea('details', 70, 7, $news['details']));
	$table[] = array('<b>Display to logged in users</b>', form_radio_yn('logged_in', '', $news['logged_in']));
	$table[] = array('<b>Display to logged out users</b>', form_radio_yn('logged_out', '', $news['logged_out']));

	table_header('Edit User News Entry', 'usernews.php', array('do' => 'edit2', 'id' => $_REQUEST[id]));
	table_content('', $table);
	table_footer('Edit');
}


############################################# DELETE NEWS ############################################# 
if ($_REQUEST['do'] == "delete") {
	$db->query("DELETE FROM news WHERE id = '$_REQUEST[id]'");
	jump('usernews.php', 'News article deleted');
}

############################################# LIST NEWS ############################################# 
if ($_REQUEST['do'] == "list") {	
	$db->query("SELECT * FROM news ORDER BY date");
	while ($news = $db->row_array()) {
		$table[] = array(
			$news['title'],
			ifynb($news['logged_in']),
			ifynb($news['logged_out']),
			our_date($news['date']),
			jprompt('Are you sure you want to delete this news entry', "usernews.php?do=delete&id=$news[id]", 'delete'),
			"<a href=\"usernews.php?do=edit&id=$news[id]\">edit</a>"
		);
	}

	$cols = array('Title', 'Display to logged in users', 'Display to logged out users', 'Date', 'Delete', 'Edit');
	table_header('Current News');
	table_content($cols, $table);
	table_footer();
}

tech_footer();
?>