Your IP : 216.73.216.40

Current Path : /var/www/html/mmishra/indem/Parisarnews/
Upload File :
Current File : /var/www/html/mmishra/indem/Parisarnews/webedit.php

<?php
require("config.inc.php");
require("functions.inc.php");
dbConnect();

$id = $_REQUEST['id'];
$section = $_REQUEST['section'];
$title = $_POST['title'];
$imagetag = $_POST['imagetag'];
$source = htmlsafe($_POST['source']);
$source = str_replace('"', "'", $source);
$submit = $_POST['submit'];

$tbl = 'webpages';

switch ($submit) {
case "UP":
        if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$id"))) {
		$sr = mysql_query("select * from $tbl where status='online' and section='$section' and rowid<$id order by rowid desc limit 0,1");
		if (mysql_num_rows($sr)) {
			$o = mysql_fetch_object($sr);
			$pid = $o->rowid;
                	mysql_query("update $tbl set rowid=100000 where rowid=$pid");
                	mysql_query("update $tbl set rowid=$pid where rowid=$id");
                	mysql_query("update $tbl set rowid=$id where rowid=100000");
		}
	}
	$id = $pid;
	break;
case "DOWN":
        if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$id"))) {
		$sr = mysql_query("select * from $tbl where status='online' and section='$section' and rowid>$id order by rowid limit 0,1");
		if (mysql_num_rows($sr)) {
			$o = mysql_fetch_object($sr);
			$nid = $o->rowid;
                	mysql_query("update $tbl set rowid=100000 where rowid=$nid");
                	mysql_query("update $tbl set rowid=$nid where rowid=$id");
                	mysql_query("update $tbl set rowid=$id where rowid=100000");
		}
	}
	$id = $nid;
	break;

case "ONLINE":
        mysql_query("update $tbl set status='online', dateupdation=now() where rowid=$id");
        break;

case "OFFLINE":
        mysql_query("update $tbl set status='offline', dateupdation=now() where rowid=$id");
        break;

case "SAVE":
        $imagetag = basename($_FILES['imagetag']['name']);
	if ($imagetag) {
        	$tempfile = $_FILES['imagetag']['tmp_name'];
        	$imagetag = str_replace(" ","-",$imagetag);
        	$imagetag = str_replace("'","",$imagetag);
        	$imagetag = str_replace('"',"",$imagetag);
        	$imagetag = str_replace('(',"",$imagetag);
        	$imagetag = strtolower(str_replace(')',"",$imagetag));
                
		$filename = explode(".", $imagetag);
                $ext = $filename[count($filename)-1];
                if ($ext == 'jpg' || $ext == 'gif' || $ext == 'tif' || $ext == 'png') {
                	if (move_uploaded_file($tempfile, "images/$imagetag") ){ 
                        	shell_exec("chmod -R 755 images");
                	}
		}
	}
        if (mysql_num_rows(mysql_query("select * from $tbl where rowid=$id"))) {
                if ($imagetag) mysql_query("update $tbl set title='$title',imagetag='$imagetag',source='$source',dateupdation=now() where rowid=$id");
                else mysql_query("update $tbl set title='$title',source='$source',dateupdation=now() where rowid=$id");
        } else {
                mysql_query("insert into $tbl(section,title,imagetag,source,datecreation,dateupdation,dateexpiry,dateaccess,status) 
		values('$section','$title','$imagetag','$source',now(),now(),now(),now(),'online')");
        	$id = mysql_insert_id();
	}
        break;

case "DELETE":
        mysql_query("delete from $tbl where rowid=$id");
	$title = ''; $source = ''; $id = 0;
        break;
}

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parisar News</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<html xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Parisar News</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link href="css/styles.css" rel="stylesheet" type="text/css" />
<script type='text/javascript' src='js/mm.js'></script>
<script language='javascript' src='js/calendar.js'></script>
<?php
        //echo ajax();
        //include online editor api
        require_once('classes/editor.php');
        require_once('classes/tc_calendar.php');
?>

</head>
<body>
<form action='webedit.php' method='POST' enctype='multipart/form-data'>

<div id="container">
        <div align="center">
                <a href="https://www.facebook.cem/parisarnews"><img src="images/facebook_1.gif"></a>
                <a href="https://plus.google.com/parisarnews"><img src="images/google-plus.png"></a>
                <a href="http://twitter.com/parisarnews"><img src="images/twitter_1.gif"></a>
        </div>

        <div id="intro">
                <div id="pageHeader">
                        <h1><span>Parisar News</span></h1>
                        <h2><span>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;MY CAMPUS MY NEWS</span></h2>
                </div>

                <div id="lmenu">
                        <?php echo menu('online'); ?>
                </div>
        </div>

        <div id="quickintro">
                <div class="logo">
                        <img src="images/logo.jpg" width="300" height="170" />
                </div>

                <div class="imageMap" style="text-align: left;">
			<h2>Web Edit</h2>
                        Edit content of webpages here. 
			Familiarity with HTML tags is must to work at this advance level of content administration. 
			Admin/user pages will be accessible after proper authentication. <br><br>
                        <?php

			echo "<h3>Section: $section</h3><input type='hidden' name='id' value='$id'><input type='hidden' name='section' value='$section'>
			Links: [ <a href='webedit.php?section=$section&id='>NEW</a> ]";
			$rs = mysql_query("select * from $tbl where section='$section' order by rowid");
			while ($o = mysql_fetch_object($rs)) {
        			echo "[ <a href='webedit.php?section=$section&id=$o->rowid'>$o->title</a> ]";
				if ($o->rowid == $id) {
					$title = $o->title;
					$imagetag = htmlunsafe($o->imagetag);
                			$source = $o->source;
        			}
			}
			echo "
			<table cellpadding='5' width='95%'>
			<tr><td>Title<br><input type='text' name='title' style='width: 100%' value='$title'></td></tr>
			<tr><td>Image Tag<br><input type='file' name='imagetag' style='width: 100%' value='$imagetag'></td></tr>
			<tr><td>Source<br><textarea name='source' style='width: 100%'>$source</textarea></td></tr>
			<tr><th><input type='submit' name='submit' value='SAVE' style='width: 80px'> ";
			if ($id) {
				echo "<input type='submit' name='submit' value='DELETE' style='width: 80px'><br><br>
				Change Position <input type='submit' name='submit' value='UP' style='width: 80px'>
				<input type='submit' name='submit' value='DOWN' style='width: 80px'>";
				echo "Change Status <input type='submit' name='submit' value='ONLINE' style='width: 80px'>
				<input type='submit' name='submit' value='OFFLINE' style='width: 80px'>";
			}
			echo "</th></tr></table>

			URL of this page is http://www.parisarnews.com/inner.php?id=$id ";
			?>
			<br>All pages are stored in the database and is accessible through click of some link.
		</div>
	</div>
</div>
<div class="eduAlert">
        <b><u>Edu Alert</u></b><br><br>
        <marquee direction="up" behavior="scroll" scrollamount="1" style="height: 400pt;">
        <?php echo eduAlert('online'); ?>
        </marquee>
</div>

<div class="jobAlert">
        <b><u>Job Alert</u></b><br><br>
        <marquee direction="up" behavior="scroll" scrollamount="1" style="height: 400pt;">
        <?php echo jobAlert('online'); ?>
        </marquee>
</div>

</form>
</body>
</html>