Your IP : 216.73.216.40
<?php
if (!$user) {
echo "<br><div class=notice>You must be a Site Administrator to access this page</div>";
exit;
}
$id = $_REQUEST["id"];
$hyperText = $_REQUEST["hyperText"];
$hyperLink = $_REQUEST["hyperLink"];
$description = $_REQUEST["description"];
$expiry = $_REQUEST["expiry"];
if (!$expiry) $expiry = date("Y-m-d");
$status = $_REQUEST["status"];
$submit = $_REQUEST["submit"];
$tbl = "news";
$r = 3;
$status_array = array('current','expired');
$file_types_array = array("txt", "doc", "pdf", "jpg", "png", "gif");
$max_file_size = 1048576;
$upload_dir = "/srv/www/websites/ada/";
if ($_FILES["file"] > ""){
foreach($_FILES["file"]["error"] as $key => $value){
if($_FILES["file"]["name"][$key] != ""){
if($value == UPLOAD_ERR_OK){
$origfilename = $_FILES["file"]["name"][$key];
$filename = explode(".", $_FILES["file"]["name"][$key]);
$filenameext = $filename[count($filename)-1];
unset($filename[count($filename)-1]);
$filename = implode(".", $filename);
$filename = substr($filename, 0, 50) . "." . $filenameext;
$file_ext_allow = FALSE;
for($x=0; $x<count($file_types_array); $x++){
if($filenameext == $file_types_array[$x]){
$file_ext_allow = TRUE;
}
}
if($file_ext_allow){
if($_FILES["file"]["size"][$key]<$max_file_size){
if(move_uploaded_file($_FILES["file"]["tmp_name"][$key], $upload_dir.$filename)){
$hyperLink = $filename;
//$error = "";
} else {
$error = $filename." was not successfully uploaded";
}
} else {
$error = $filename." was too big, not uploaded";
}
} else {
$error = $filename." had an invalid file extension, not uploaded";
}
} else {
$error = $filename." was not successfully uploaded";
}
}
}
}
if ($submit == 'SAVE') {
if (mysql_num_rows(mysql_query("select * from $tbl where id=$id"))) {
mysql_query("update $tbl set hyperText='$hyperText',hyperLink='$hyperLink',description='$description',expiry='$expiry',userID='$user',status='$status' where id=$id");
} else {
mysql_query("insert into $tbl(hyperText,hyperLink,description,dated,expiry,userID,status) values('$hyperText','$hyperLink','$description',curdate(),'$expiry','$user','$status')");
}
generate_xml();
} else if ($action == "del") {
mysql_query("delete from $tbl where id=$id");
} else if ($action == "expired") {
mysql_query("update $tbl set status='expired' where id=$id");
generate_xml();
}else if ($action == "current") {
mysql_query("update $tbl set status='current' where id=$id");
generate_xml();
}
$form .= "<form method='post' action='$PHP_SELF?conf=newspost' enctype='multipart/form-data'>
<div align='right'>Upload pdf file linked to news <input type='file' name='file[]'></div>$error";
if (!$id){
$form .= "<table class=normal width='90%'>
<tr><td nowrap>HyperText</td>
<td><input type='text' name='hyperText' value='' size='50'></td></tr>
<tr><td nowrap>HyperLink</td>
<td><input type='text' name='hyperLink' value='' size='50'>
(if file is to be uploaded, leave it blank)</td></tr>
<tr valign='top'><td>Description</td>
<td><textarea name='description' rows='2' cols='50'></textarea></td></tr>
<tr><td nowrap>Expiry Date</td>
<td><input type='text' name='expiry' value='$expiry' size='15'></td></tr>
<tr><td nowrap>Status</td><td><select name='status'>";
foreach ($status_array as $s){
$form .= "<option value='$s'";
if ($s == $status) $form .= " selected";
$form .= ">$s</option>";
}
$form .= "</select> Shows or hides the news on the home page</td>
<tr><td colspan='2'><input type='submit' name='submit' value='SAVE'></td></tr>";
} else {
$form .= "<tr><td><a href='$PHP_SELF?conf=newspost&id='>New news</a></td></tr>";
}
$form .= "</table><table class='search' width='98%'>
<tr bgcolor='FFEECA'><th nowrap>HyperText</th><th nowrap>HyperLink</th><th nowrap>Description</th></tr>";
$arr = mysql_query("select * from $tbl order by status,dated desc,id");
if ($arr) {
while($o = mysql_fetch_object($arr)){
$i++;
$rid = $o->id;
$hyperText = $o->hyperText;
$hyperLink = $o->hyperLink;
$description = $o->description;
$dated = $o->dated;
$expiry = $o->expiry;
$userID = $o->userID;
$status = $o->status;
if ($id == $rid){
$form .= "<tr><td colspan='$r' align='center'>
<input type='hidden' name='id' value='$rid'>
<table class=normal width='90%'><tr bgcolor='FFE5CA'>
<th><font color='black'>Edit</font></th></tr>
<tr><td nowrap>HyperText</td>
<td><input type='text' name='hyperText' value='$hyperText' size='50'></td></tr>
<tr><td nowrap>HyperLink</td>
<td><input type='text' name='hyperLink' value='$hyperLink' size='50'></td></tr>
<tr valign='top'><td nowrap>Description</td>
<td><textarea name='description' rows='2' cols='50'>$description</textarea></td></tr>
<tr><td nowrap>ExpiryDate</td>
<td nowrap><input type='text' name='expiry' value='$expiry' size='15'></td></tr>
<tr><td nowrap>Status</td><td><select name='status'>";
foreach ($status_array as $s){
$form .= "<option value='$s'";
if ($s == $status) $form .= " selected";
$form .= ">$s</option>";
}
$form .= "</select> Shows or hides the news on the home page</td></tr>
<tr><td></td>
<td><input type='submit' class=btn name='submit' value='SAVE'></td></tr>
</table></td></tr>";
} else {
if ($i % 2) $form .= "<tr valign='top'>";
else $form .= "<tr valign='top' bgcolor='F1EDC2'>";
$form .= "<td width='30%'><a name='$rid'></a><font size='-1'>$hyperText<br>
[<a href='$PHP_SELF?conf=newspost&id=$rid#$rid'>Edit</a>] ";
if ($status == 'expired')
$form .= "[<a href='$PHP_SELF?conf=newspost&action=current&id=$rid'>Show</a>]";
else
$form .= "[<a href='$PHP_SELF?conf=newspost&action=expired&id=$rid'>Hide</a>]";
$form .= "</font></td><td><a href='$hyperLink'><font size='-1'>$hyperLink</font></a><br>
<font size=-1>Dated: $dated (by $userID)<br>Expiry: $expiry</font></td>
<td><font size='-1'>$description</font></td></tr>";
}
}
}
$form .= "</table></center></form>";
echo $form;
function generate_xml(){
//to select only those which are to be shown
$result = mysql_query("SELECT * FROM news where status='current' order by dated desc, id desc");
$num = mysql_num_rows($result);
$i=0;
$pg = '<? xml version=\"1.0\" ?> <rss version=\"2.0\"><channel>';
while ($i < $num) {
$hypertext = @mysql_result($result,$i,"hyperText");
$hyperlink = @mysql_result($result,$i,"hyperLink");
$desc = @mysql_result($result,$i,"description");
$dated = @mysql_result($result,$i,"dated");
$expiry = @mysql_result($result,$i,"expiry");
$i++;
if (strpos($hyperlink,"http:")==0 || strpos($hyperlink,"inner.php")==0){
$hyperlink = 'pub/' . $hyperlink;
}
$pg .= "<item>
<title>$hypertext</title>
<link>$hyperlink</link>
<description>$desc</description>
<pubDate>$dated</pubDate>
<category>Achievement</category>
</item>";
}
$pg .= "</channel></rss>";
$xmlfile = "rss.xml";
if (!$fp = fopen($xmlfile, "w")){
echo "Cannot open file ($xmlfile)";
exit;
} else if (is_writable($xmlfile)) {
if (fwrite($fp, $pg) === FALSE) {
echo "Cannot write to file ($xmlfile)";
exit;
}
}
$cmd = "chmod 757 $xmlfile";
$output = shell_exec($cmd);
}
?>