, 2003-2007 // Raul Mateos , 2005-2007 // Load global vars if (comprueba_login() == 0) $id_user = $_SESSION["id_usuario"]; if (give_acl($id_user, 0, "PM")==1) { if (isset($_POST["create"])){ // If create $subject = entrada_limpia($_POST["subject"]); $text = entrada_limpia($_POST["text"]); $timestamp = $ahora=date("Y/m/d H:i:s"); $author = $id_user; $sql_insert="INSERT INTO tnews (subject, text, author, timestamp) VALUES ('$subject','$text', '$author', '$timestamp') "; $result=mysql_query($sql_insert); if (! $result) echo "

".$lang_label["create_no"]."

"; else { echo "

".$lang_label["create_ok"]."

"; $id_link = mysql_insert_id(); } } if (isset($_POST["update"])){ // if update $id_news = entrada_limpia($_POST["id_news"]); $subject = entrada_limpia($_POST["subject"]); $text = entrada_limpia($_POST["text"]); $timestamp = $ahora=date("Y/m/d H:i:s"); $sql_update ="UPDATE tnews SET subject = '".$subject."', text ='".$text."', timestamp = '$timestamp' WHERE id_news = '".$id_news."'"; $result=mysql_query($sql_update); if (! $result) echo "

".$lang_label["modify_no"]."

"; else echo "

".$lang_label["modify_ok"]."

"; } if (isset($_GET["borrar"])){ // if delete $id_news = entrada_limpia($_GET["borrar"]); $sql_delete= "DELETE FROM tnews WHERE id_news = ".$id_news; $result=mysql_query($sql_delete); if (! $result) echo "

".$lang_label["delete_no"]."

"; else echo "

".$lang_label["delete_ok"]."

"; } // Main form view for Links edit if ((isset($_GET["form_add"])) or (isset($_GET["form_edit"]))){ if (isset($_GET["form_edit"])){ $creation_mode = 0; $id_news = entrada_limpia($_GET["id_news"]); $sql1='SELECT * FROM tnews WHERE id_news = '.$id_news; $result=mysql_query($sql1); if ($row=mysql_fetch_array($result)){ $subject = $row["subject"]; $text = $row["text"]; $author = $row["author"]; $timestamp = $row["timestamp"]; } else echo "

".$lang_label["name_error"]."

"; } else { // form_add $creation_mode =1; $text = ""; $subject = ""; $author = $id_user; } // Create news echo "

".$lang_label["setup_screen"]." > "; echo $lang_label["site_news_management"]."

"; echo ''; echo ''; if ($creation_mode == 1) echo ""; else echo ""; echo ""; echo ''; echo ''; echo "

'.$lang_label["subject"].'	'; echo '
'.$lang_label["text"].'	'; echo $text; echo '

"; echo ""; echo "

"; echo '

'; } else { // Main list view for Links editor echo "

".$lang_label["setup_screen"]." > "; echo $lang_label["site_news_management"]."

"; echo ""; echo ""; echo ""; echo ""; echo ""; $sql1='SELECT * FROM tnews ORDER BY timestamp'; $result=mysql_query($sql1); $color=1; while ($row=mysql_fetch_array($result)){ if ($color == 1){ $tdcolor = "datos"; $color = 0; } else { $tdcolor = "datos2"; $color = 1; } echo ""; echo ""; echo ""; echo ''; } echo "

".$lang_label["subject"]."	".$lang_label["author"]."	".$lang_label["timestamp"]."	".$lang_label["delete"]."
".$row["subject"]."	".$row["author"]."	".$row["timestamp"]."

"; echo ""; echo "

"; echo "

"; } // Fin bloque else } else { audit_db($id_user,$REMOTE_ADDR, "ACL Violation","Trying to access Link Management"); require ("general/noaccess.php"); } ?>