Your IP : 216.73.216.40

Current Path : /var/www/html/mmishra/indem/Parisarnews/
Upload File :
Current File : /var/www/html/mmishra/indem/Parisarnews/sharing.php

<?php
if ($role == 'guest') {
	die("You must be a valid user.");
}
$rowid = $_REQUEST["rowid"];
$subject = 'Sharing';//htmlsafe($_POST["subject"]);
$title = htmlsafe($_POST["title"]);
$description = htmlsafe($_POST["description"]);
$filename = $_POST["filename"];
$submit = $_POST["submit"];

$tbl = 'webpages';
$rs = mysql_query("select * from $tbl where webid='$webid' and parentid='99992' and status='online' order by pagecontent");
$str = "<select name='filename'>";
while ($q = mysql_fetch_object($rs)) {
	$str .= "<option value='$q->rowid'";
	if ($filename == $q->rowid) $str .= " selected";
	$str .= ">$q->pagecontent ($q->pagetitle)</option>";
}
$str .= "</select";

mysql_select_db("air");

$tbl = "downloads";

if ($submit == 'SAVE') {
	if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$rowid"))) {
		mysql_query("update $tbl set subject='$subject',title='$title',description='$description',filename='$filename'
		where rowid=$rowid");
	} else {
		mysql_query("insert into $tbl(subject,title,description,filename,datecreation,status) 
		values('$subject','$title','$description','$filename',now(),'online')");
                $rowid = mysql_insert_id();
	}
} else if ($action == "del") {
    	mysql_query("delete from $tbl where rowid=$rowid");
}

if ($role == 'admin' || $role == 'webmaster') {
	echo "<table width='98%'>";
	if (!$rowid) {
		echo "
	  	<tr><td nowrap>Title<br>
		<input type='text' name='title' value='$title' size='40'></td></tr>
	  	<tr valign='top'><td>Description (in 100 words)<br>
		<textarea name='description' rows='3' cols='40'>$description</textarea></td></tr>
		<tr><td>Filename</br>$str</td></tr>
	  	<tr><td><input type='submit' name='submit' value='SAVE'><td></tr>";
	} else {
  		echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&rowid='>New title</a> ]</td></tr>";
	}
	echo "</table>";
}
mysql_select_db("air");
$tbl = 'downloads';
//$rs = mysql_query("select SQL_CALC_FOUND_ROWS * from $tbl where status='online'");

$rs = mysql_query("select * from $tbl where subject='Sharing' and status='online' order by datecreation desc");
echo "<table width='90%'>
<tr><th>No</th><th>Title</th><th>Description</th><th>Dated</th><th></th></tr>";
while($o = mysql_fetch_object($rs)) {
	$no++;
       	if (($role == 'admin' || $role == 'webmaster') && $rowid == $o->rowid) {
		echo "<tr valign='top'><td>$no</td>
		<td colspan='4'><table width='100%'>
	  	<tr><td nowrap>Title<br>
		<input type='text' name='title' value='$o->title' size='40'></td></tr>
	  	<tr valign='top'><td>Description (in 100 words)<br>
		<textarea name='description' rows='3' cols='40'>$o->description</textarea></td></tr>
		<tr><td>Filename</br>$str</td></tr>
		<tr><td>Filename</br>
		<select name='status'>";
		foreach ($statuss as $st) {
			echo "<option value='$st'";
			if ($o->status == $st) echo " selected";
			echo ">$st</option>";
		}
	  	echo "</select></td></tr>
		<tr><td><input type='submit' name='submit' value='SAVE'><td></tr>
		</table> <input type='hidden' name='rowid' value='$o->rowid'></td></tr>";
	} else {
		echo "<tr><td><a href='$PHP_SELF?conf=$conf&rowid=$o->rowid'>$no</a></td>
		<td>$o->title</td><td>$o->description</td><td>$o->datecreation</td>
		<td><a href='inner.php?conf=$o->filename'>Download</a></td></tr>";
	}
}
echo "</table>";
mysql_select_db("icdp");

?>