Your IP : 216.73.216.40
<?php
checkadmin($role);
$tbl = "announcements";
$id = $_REQUEST["id"];
$message = htmlsafe($_POST["message"]);
$description = htmlsafe($_POST["description"]);
$filename = htmlsafe($_POST["filename"]);
if (basename($_FILES['userfile']['name'])) {
//$filename = strtolower('documents/'.basename($_FILES['userfile']['name']));
$filename = strtolower(basename($_FILES['userfile']['name']));
upload_file();
}
$expiry = $_POST["expiry"];
if (!$expiry) $expiry = date("Y-m-d");
$submit = $_POST["submit"];
if ($submit == 'SAVE') {
if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
mysql_query("update $tbl set message='$message',filename='$filename',description='$description',expiry='$expiry',webmaster='$user' where id=$id");
} else {
mysql_query("insert into $tbl(message,filename,description,dated,expiry,webmaster,status) values('$message','$filename','$description',now(),'$expiry','$user','current')");
}
} else if ($submit == "DELETE") {
mysql_query("delete from $tbl where id=$id");
} else if ($action == "expired") {
mysql_query("update $tbl set status='expired' where id=$id");
} else if ($action == "current") {
mysql_query("update $tbl set status='current' where id=$id");
}
//noticefeed();
echo "<div align='right'>Upload pdf file linked to this notice <input type='file' name='userfile'></div>
<table class=normal width='90%'>";
if (!$id) {
echo "<tr><td nowrap>Subject</td>
<td><input type='text' name='message' value='' size='50'></td></tr>
<tr valign='top'><td>Description</td>
<td><textarea name='description' rows='2' cols='50'></textarea></td></tr>
<tr><td nowrap>Filename</td>
<td><input type='text' name='filename' value='' size='50'>
(if file is to be uploaded, leave it blank)</td></tr>
<tr><td nowrap>Expiry Date</td>
<td><input type='text' name='expiry' value='$expiry' size='15'>
<input type='submit' name='submit' value='SAVE' style='width:80px'></td></tr>";
} else {
echo "<tr><td>[ <a href='$PHP_SELF?conf=$conf&id='>New announcement</a> ]</td></tr>";
}
echo "</table>
<table class='normal' width='98%'>
<tr><th>No.</th><th width='95%'>Announcement</th></tr>";
$rs = mysql_query("select * from $tbl order by status,dated desc,id");
while ($o = mysql_fetch_object($rs)) {
$i++;
if ($id == $o->id) {
echo "<tr><td>$i</td><td>
<input type='hidden' name='id' value='$o->id'>
<table class=normal width='90%'>
<tr><td nowrap>Subject</td>
<td><input type='text' name='message' value='$o->message' size='50'></td></tr>
<tr valign='top'><td nowrap>Description</td>
<td><textarea name='description' rows='2' cols='50'>$o->description</textarea></td></tr>
<tr><td nowrap>Filename</td>
<td><input type='text' name='filename' value='$o->filename' size='50'></td></tr>
<tr><td nowrap>Expiry Date</td>
<td nowrap><input type='text' name='expiry' value='$o->expiry' size='15'>
<input type='submit' name='submit' value='SAVE' style='width:80px'>
<input type='submit' name='submit' value='DELETE' style='width:80px'></td></tr>
</table></td></tr>";
} else {
if ($i % 2) echo "<tr valign='top' bgcolor='$col1'>";
else echo "<tr valign='top' bgcolor='$col2'>";
echo "<td>$i</td><td width='80%'><a name='$o->id'></a>$o->message
[ <a href='$PHP_SELF?conf=$conf&id=$o->id#$o->id'>Edit</a> ] ";
if ($o->status == 'expired')
echo "[ <a href='$PHP_SELF?conf=$conf&action=current&id=$o->id'>Show</a> ]";
else
echo "[ <a href='$PHP_SELF?conf=$conf&action=expired&id=$o->id'>Hide</a> ]";
echo "<br>
>> $o->description<br>";
if ($o->filename) echo "Filename: <a href='$o->filename'>$o->filename</a> (Total downloads: $o->counter)";
echo "<div align='right'>By: $o->webmaster ($o->dated to $o->expiry)</div></td></tr>";
}
}
echo "</table>";
?>