'.mysqli_error($db));
}
mysqli_select_db($db, $mysql_database) or die('Failed to select database '.mysqli_error($db));
mysqli_set_charset($db, 'utf8');
mysqli_query($db, 'SET NAMES "UTF8"');
mysqli_query($db, "SET collation_connection='utf8_general_ci'");
mysqli_query($db, "SET collation_server='utf8_general_ci'");
mysqli_query($db, "SET character_set_client='utf8'");
mysqli_query($db, "SET character_set_connection='utf8'");
mysqli_query($db, "SET character_set_results='utf8'");
mysqli_query($db, "SET character_set_server='utf8'");
if ($authorized)
{
$sql = "CREATE TABLE IF NOT EXISTS $mysql_table (id INT UNSIGNED NOT NULL AUTO_INCREMENT,
wwb_index INT NOT NULL,
wwb_id VARCHAR(255) NOT NULL,
wwb_date TIMESTAMP NOT NULL,
wwb_title VARCHAR(255),
wwb_text TEXT NOT NULL,
wwb_reserved VARCHAR(255),
PRIMARY KEY(id));";
$result = mysqli_query($db, $sql);
if (!$result)
{
die('Invalid query: ' . mysqli_error($db));
}
if ($action == 'logout')
{
setcookie('NewsWriterPro', '');
unset($_COOKIE['NewsWriterPro'], $admin_password);
header("Location: ".basename(__FILE__));
exit;
}
else
if ($action == 'save')
{
$text = addslashes(trim($_POST['text']));
$text = str_replace("\\'", "'", $text);
$title = addslashes(trim($_POST['title']));
$title = str_replace("\\'", "'", $title);
if ($id >= 0)
{
$sql = "UPDATE $mysql_table SET `wwb_text` = '$text', `wwb_title` = '$title', `wwb_date` = '$timestamp' WHERE `id` = '$id'";
mysqli_query($db, $sql);
}
else
{
$sql = "SELECT * FROM $mysql_table WHERE `wwb_id` = 'NewsWriterPro'";
$result = mysqli_query($db, $sql);
$wwb_index = mysqli_num_rows($result);
$wwb_index = $wwb_index + 1;
$sql = "INSERT $mysql_table (`wwb_index`, `wwb_id`, `wwb_date`, `wwb_text`, `wwb_title`) VALUES ($wwb_index, 'NewsWriterPro', '$timestamp', '$text', '$title')";
mysqli_query($db, $sql);
}
}
else
if ($action == 'movedown' || $action == 'moveup')
{
$sql = "SELECT * FROM $mysql_table WHERE `id` = '$id'";
$result = mysqli_query($db, $sql);
if ($data = mysqli_fetch_array($result))
{
$wwb_index = $data['wwb_index'];
}
if ($action == 'moveup')
$new_index = $wwb_index - 1;
else
$new_index = $wwb_index + 1;
$sql = "UPDATE $mysql_table SET wwb_index = $wwb_index WHERE wwb_index = '$new_index' AND `wwb_id` = 'NewsWriterPro'";
mysqli_query($db, $sql);
$sql = "UPDATE $mysql_table SET wwb_index = $new_index WHERE id = '$id'";
mysqli_query($db, $sql);
}
else
if ($action == 'delete')
{
$sql = "SELECT * FROM $mysql_table WHERE `id` = '$id'";
$result = mysqli_query($db, $sql);
if ($data = mysqli_fetch_array($result))
{
$wwb_index = $data['wwb_index'];
}
$sql = "DELETE FROM $mysql_table WHERE `id` = '$id'";
mysqli_query($db, $sql);
$sql = "UPDATE $mysql_table SET wwb_index=wwb_index-1 WHERE wwb_index > '$wwb_index' AND `wwb_id` = 'NewsWriterPro'";
mysqli_query($db, $sql);
}
else
if ($action == 'imagelist')
{
$ext_to_show = array("gif","jpg","jpeg","jpe","pjpeg");
$files_to_show = array();
if ($handle = opendir($upload_folder))
{
while (false !== ($file = readdir($handle)))
{
if ($file != "." && $file != ".." && is_file($upload_folder.$file))
{
$ext = (pathinfo($upload_folder.$file));
if(in_array(strtolower($ext['extension']), $ext_to_show))
{
$files_to_show[] = $file;
}
}
}
closedir($handle);
}
echo ''."\n";
echo ''."\n";
echo ''."\n";
echo ''."\n";
echo 'Image list'."\n";
echo ''."\n";
echo ''."\n";
if (empty($files_to_show))
{
echo "No files to show.";
}
else
{
sort($files_to_show);
foreach ($files_to_show as $file)
{
echo ' '."\n";
echo ' '."\n";
}
}
echo ''."\n";
echo '';
exit;
}
}
?>
Naamloze pagina
\n";
echo "\n";
echo "\n";
echo "\n";
}
else
if ($action == 'image')
{
if ($authorized)
{
echo "\n";
echo " Back to overview\n";
}
}
else
if ($action == 'upload')
{
if ($authorized && isset($_FILES['filename']))
{
$name = $_FILES['filename']['name'];
$type = $_FILES['filename']['type'];
$tmp_name = $_FILES['filename']['tmp_name'];
$error = $_FILES['filename']['error'];
$size = $_FILES['filename']['size'];
switch ($error)
{
case 0:
if ($type == 'image/gif' || $type == 'image/jpeg' || $type == 'image/pjpeg')
{
if ($size <= $max_size)
{
if (!file_exists($upload_folder. $name))
{
if (move_uploaded_file($tmp_name, $upload_folder. $name))
{
echo "Image succesfully uploaded!
\n";
echo "Filename: ". $upload_folder. $name. " \n";
}
else
{
echo "Error: Upload failed, please verify the folder's permissions.\n";
}
}
else
{
echo "Error: The image already exists.\n";
}
}
else
{
echo "Error: The image is too big.\n";
}
}
else
{
echo "Error: Wrong file type, please only use jpg or gif images.\n";
}
break;
case 1:
echo "Error: The uploaded file exceeds the 'upload_max_filesize' directive.\n";
break;
case 2:
echo "Error: The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form.\n";
break;
case 3:
echo "Error: The uploaded file was only partially uploaded.\n";
break;
case 4:
echo "Error: No file was uploaded.\n";
break;
case 6:
echo "Error: Missing a temporary folder.\n";
break;
case 7:
echo "Error: Failed to write file to disk.\n";
break;
case 8:
echo "Error: File upload stopped by extension.\n";
break;
}
}
else
{
echo "Error: No filename specified! \n";
}
echo "
Back to overview\n";
exit;
}
else
if ($action == 'edit' || $action == 'new')
{
if ($authorized)
{
$text = '';
$title = '';
if ($id >= 0)
{
$sql = "SELECT * FROM $mysql_table WHERE id = '".$id."'";
$result = mysqli_query($db, $sql);
if ($data = mysqli_fetch_array($result))
{
$text = $data['wwb_text'];
$title = $data['wwb_title'];
}
}
echo "\n";
}
}
else
{
if ($authorized)
{
echo "Create new item ";
echo "Upload image ";
echo "Image list ";
echo "Logout
\n";
}
$sql = "SELECT * FROM $mysql_table WHERE `wwb_id` = 'NewsWriterPro' ORDER BY wwb_index ASC";
$result = mysqli_query($db, $sql);
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0)
{
while ($data = mysqli_fetch_array($result))
{
echo "" . $data['wwb_title'] . " \r\n";
echo $data['wwb_text'];
echo " ";
echo " \n";
if ($authorized)
{
echo "