| 1 | <?php
|
|---|
| 2 | include '../includes/Global.php';
|
|---|
| 3 |
|
|---|
| 4 | TestLicence('1');
|
|---|
| 5 |
|
|---|
| 6 | if (array_key_exists('Mode', $_GET)) {
|
|---|
| 7 | $Mode = $_GET['Mode'];
|
|---|
| 8 | } else {
|
|---|
| 9 | $Mode = '';
|
|---|
| 10 | }
|
|---|
| 11 |
|
|---|
| 12 | If ($Mode == '') { // formuláø pøidání aktuality
|
|---|
| 13 | ?>
|
|---|
| 14 | <h4>Pøidání aktuality</h4>
|
|---|
| 15 | <form enctype="multipart/form-data" action="AddNews.php?Mode=AddNews" method="post">
|
|---|
| 16 | <table border="0">
|
|---|
| 17 | <tr><td>Nadpis Aktuality:</td><td><input type="text" name="Name"></td></tr>
|
|---|
| 18 | <tr><td>Uivatel: </td><td><input type="text" name="User" value="<?php echo $_SESSION['User']; ?>"></td></tr>
|
|---|
| 19 | <tr><td>Popis: </td><td><input type="text" name="Description"></td></tr>
|
|---|
| 20 | <tr><td>Text: </td><td><textarea cols="60" name="Text" rows="20"></textarea></td></tr>
|
|---|
| 21 | <tr><td><input type="submit" value="Odeslat"></td></tr>
|
|---|
| 22 | </table>
|
|---|
| 23 | </form>
|
|---|
| 24 |
|
|---|
| 25 | <?php
|
|---|
| 26 | }
|
|---|
| 27 |
|
|---|
| 28 | if ($Mode == 'AddNews') { //pøidání aktuality
|
|---|
| 29 | $Name = mysql_escape_string($_POST['Name']);
|
|---|
| 30 | $User = mysql_escape_string($_POST['User']);
|
|---|
| 31 | $Description = mysql_escape_string($_POST['Description']);
|
|---|
| 32 | $Text = mysql_escape_string($_POST['Text']);
|
|---|
| 33 | echo('Jméno: '.$Name.'<br>');
|
|---|
| 34 | echo('Uivatel: '.$User.'<br>');
|
|---|
| 35 | echo('Popis: '.$Description.'<br>');
|
|---|
| 36 | echo('Text: '.$Text.'<br>');
|
|---|
| 37 |
|
|---|
| 38 | $sql = "SELECT max(ID) FROM news";
|
|---|
| 39 | $ID = $db->SQLCommand($sql);
|
|---|
| 40 | $Line = mysql_fetch_row($ID);
|
|---|
| 41 | $ID = $Line[0]+1;
|
|---|
| 42 | $sql = "INSERT news VALUE('$ID','$Name',now(),'$Text','$Description', '1','$User')";
|
|---|
| 43 | $db->SQLCommand($sql);
|
|---|
| 44 | WriteLog('Aktualita byla uloena: '.$Name.' ID: '.$ID.' Popis: '.$Description.' User: '.$User,'2');
|
|---|
| 45 | echo 'Aktualita '.$Name.' byla uloena';
|
|---|
| 46 | }
|
|---|
| 47 |
|
|---|
| 48 | if ($Mode == '') { //editování aktuality
|
|---|
| 49 | echo '<h4>Editování aktualit</h4>';
|
|---|
| 50 | $sql = "SELECT * FROM news order by 3 DESC";
|
|---|
| 51 | $ID = $db->SQLCommand($sql);
|
|---|
| 52 | while($Line = mysql_fetch_array($ID)) {
|
|---|
| 53 | echo '<a href="AddNews.php?Mode=EditNewsForm&ID='.$Line['ID'].'">'.$Line['Name'].'</a><br />';
|
|---|
| 54 | }
|
|---|
| 55 | }
|
|---|
| 56 |
|
|---|
| 57 |
|
|---|
| 58 | If ($Mode == 'EditNewsForm') { // formuláø editování aktuality
|
|---|
| 59 |
|
|---|
| 60 | $ID = mysql_escape_string($_GET['ID']);
|
|---|
| 61 |
|
|---|
| 62 | $sql = "SELECT * FROM news WHERE ID = '$ID'";
|
|---|
| 63 | $ID = $db->SQLCommand($sql);
|
|---|
| 64 | $Line = mysql_fetch_array($ID);
|
|---|
| 65 | ?>
|
|---|
| 66 | <h4>Editování aktuality</h4>
|
|---|
| 67 | <form enctype="multipart/form-data" action="AddNews.php?Mode=EditNews" method="post">
|
|---|
| 68 | <input type="hidden" name="ID" value="<?php echo $Line['ID']; ?>">
|
|---|
| 69 | <table border="0">
|
|---|
| 70 | <tr><td>Nadpis Aktuality:</td><td><input type="text" name="Name" value="<?php echo $Line['Name']; ?>"></td></tr>
|
|---|
| 71 | <tr><td>Uivatel: </td><td><input type="text" name="User" value="<?php echo $Line['User']; ?>"></td></tr>
|
|---|
| 72 | <tr><td>Popis: </td><td><input type="text" name="Description" value="<?php echo $Line['Description']; ?>"></td></tr>
|
|---|
| 73 | <tr><td>Text: </td><td><textarea cols="60" name="Text" rows="20"><?php echo $Line['Text']; ?></textarea></td></tr>
|
|---|
| 74 | <tr><td><input Name="Action" type="submit" value="Editovat"></td></tr>
|
|---|
| 75 | </table>
|
|---|
| 76 | </form>
|
|---|
| 77 |
|
|---|
| 78 | <?php
|
|---|
| 79 | }
|
|---|
| 80 |
|
|---|
| 81 | if ($Mode == 'EditNews') { //editování aktuality
|
|---|
| 82 | $ID = mysql_escape_string($_POST['ID']);
|
|---|
| 83 | $Name = mysql_escape_string($_POST['Name']);
|
|---|
| 84 | $User = mysql_escape_string($_POST['User']);
|
|---|
| 85 | $Description = mysql_escape_string($_POST['Description']);
|
|---|
| 86 | $Text = mysql_escape_string($_POST['Text']);
|
|---|
| 87 | echo('Jméno: '.$Name.'<br>');
|
|---|
| 88 | echo('Uivatel: '.$User.'<br>');
|
|---|
| 89 | echo('Popis: '.$Description.'<br>');
|
|---|
| 90 | echo('Text: '.$Text.'<br>');
|
|---|
| 91 |
|
|---|
| 92 | $sql = "UPDATE news SET ID = '$ID', Name = '$Name', Text = '$Text', Description = '$Description', User = '$User' WHERE ID = '$ID'";
|
|---|
| 93 | $db->SQLCommand($sql);
|
|---|
| 94 | echo 'Aktualita '.$Name.' byla editována!';
|
|---|
| 95 | WriteLog('Aktualita byla editována: '.$Name.' ID: '.$ID.' Popis: '.$Description.' User: '.$User,'3');
|
|---|
| 96 | }
|
|---|
| 97 |
|
|---|
| 98 | if ($Mode == 'Del') { //smazání aktuality
|
|---|
| 99 | $ID = mysql_escape_string($_GET['ID']);
|
|---|
| 100 |
|
|---|
| 101 | $sql = "DELETE from news WHERE ID = '$ID'";
|
|---|
| 102 | $db->SQLCommand($sql);
|
|---|
| 103 | WriteLog('Aktualita byla smazána: ID='.$ID,'4');
|
|---|
| 104 | echo 'Aktualita '.$Name.' byla Smazána!';
|
|---|
| 105 | }
|
|---|
| 106 |
|
|---|
| 107 | ShowFooter()
|
|---|
| 108 | ?>
|
|---|
