Your IP : 216.73.216.40
<span id='title'>TV News</span><br><br>
<?php
dbConnect();
$tbl = 'tvnews';
$submit = $_POST["submit"];
session_start();
if (isset($_SESSION["uid"]) && $pg == 'logout') {
session_destroy();
$uid = '';
} else if ($submit == 'LOGIN') {
if (authenticate($_REQUEST["loginid"], $_REQUEST["passwd"]) == "OK") {
$_SESSION["uid"] = $_REQUEST["loginid"];
session_register("uid");
echo "Hello " . $_SESSION["uid"] . "! Post current news as below:";
} else {
echo "<b id='alert'>Sorry</b> invalid login, try again with care.<br>";
}
}
if ($_REQUEST["signout"]) {
session_destroy();
$uid = '';
login($pg);
} else if (!isset($_SESSION["uid"])) {
login($pg);
} else {
$uid = $_SESSION["uid"];
$id = $_REQUEST["id"];
$subject = $_POST["subject"];
$description = $_POST["description"];
$ipaddr = $_SERVER["REMOTE_ADDR"];
if ($submit == 'SAVE' && $subject) {
if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
mysql_query("update $tbl set subject='$subject',description='$description',
sender='$uid',status='$status',dated=now(),ipaddr='$ipaddr' where id=$id");
} else {
mysql_query("insert into $tbl(subject,description,sender,status,dated,ipaddr)
values ('$subject','$description','$uid','online',now(),'$ipaddr')");
}
} if ($submit == 'DELETE') {
mysql_query("delete from $tbl where id=$id");
} if ($_REQUEST["action"] == 'hide') {
mysql_query("update $tbl set status='offline' where id=$id");
$id = 0; //don't open edit page
} if ($_REQUEST["action"] == 'show') {
mysql_query("update $tbl set status='online' where id=$id");
$id = 0; //don't open edit page
}
echo "<table width='98%'>";
if (!$id) {
echo "<tr><td>Subject</td><td><input type='text' name='subject' value='$subject' size='60'></td></tr>
<tr><td>Description</td>
<td><textarea name='description' rows='3' cols='50'>$description</textarea></td></tr>
<tr><td>New News</td><td><input type='submit' name='submit' value='SAVE'>
<input type='reset' name='reset' value='RESET'></td></tr>
";
} else {
echo "<tr><td colspan='2'><td>[ <a href='?pg=$pg&id='>New news</a> ]</td></tr>";
}
echo "</table><table width='98%'>
<tr><th>Current TV News</th></tr>";
$rs = mysql_query("select * from $tbl order by dated desc");
while ($o = mysql_fetch_object($rs)) {
$i++;
if ($id == $o->id) {
echo "<tr><td>$i) <input type='hidden' name='id' value='$o->id'><table>
<tr><td>Subject</td><td><input type='text' name='subject' value='$o->subject' size='60'></td></tr>
<tr><td>Description</td>
<td><textarea name='description' rows='3' cols='50'>$o->description</textarea></td></tr>
<tr><td></td><td><input type='submit' name='submit' value='SAVE'>
<input type='submit' name='submit' value='DELETE'></td></tr>
</table></td></tr>";
} else {
if ($i % 2) echo "<tr bgcolor='#ccbbaa'>";
else echo "<tr bgcolor='#aabbcc'>";
echo "<td>$i ) <b>$o->subject</b><dir>$o->description</dir>
<div align='right'>by $o->sender dated $o->dated
[ <a href='?pg=$pg&id=$o->id&action=edit'>Edit</a> ]";
if ($o->status == 'online') {
echo "[ <a href='?pg=$pg&id=$o->id&action=hide'>Hide</a> ]";
} else {
echo "[ <a href='?pg=$pg&id=$o->id&action=show'>Show</a> ]";
}
echo "</div></td></tr>";
}
}
echo "<input type='hidden' name='pg' value='$pg'></table>";
}
?>