Codice PHP:
<?php
if (!isset($_COOKIE['acclevel'])) {
echo "
E' necessario eseguire il Login per continuare.
";
return;
} else {
$auser = strtolower($_COOKIE['acclevel']);
if(check_access($auser, "concerts")) {
echo "
Sei loggato con lo stato di: $auser
";
echo "
Non si possiedono i privilegi necessari per continuare.
";
return;
}
}
?>
<TABLE width="100%" cellPadding=2 cellSpacing=2 boder=0>
<TR>
<TD height="23" colspan="3" valign="top">
[b]Content Manager: Concerts[/b]</p></TD>
</TR>
<tr>
<?php
if (isset($_GET['action'])) {
if (isset($_COOKIE['authuser'])) { $concert_author = $_COOKIE['authuser']; } else { $concert_author = "Anonymous"; }
switch ($_GET['action']) {
case 'add':
if (!empty($_POST['txtartist']) && !empty($_POST['txtgenre']) && !empty($_POST['txtdate']) && !empty($_POST['txtplace']) && !empty($_POST['txtticket'])) {
$concert_artist = $_POST['txtartist'];
$concert_genre = $_POST['txtgenre'];
$concert_date = $_POST['txtdate'];
$concert_place = $_POST['txtplace'];
$concert_ticket = $_POST['txtticket'];
$concert_pict = NULL;
if($_POST['txtinfo'] != '') { $concert_info = str_replace("\n", "
", $_POST['txtinfo']); } else { $concert_info = NULL; }
if(isset($_FILES['cpict'])) {
$uploadfile = $concertpicts . $HTTP_POST_FILES['cpict']['name'];
move_uploaded_file($_FILES['cpict']['tmp_name'], $uploadfile);
echo "Upload file: $uploadfile
";
if(empty($HTTP_POST_FILES['cpict']['name'])) { $concert_pict = NULL; } else { $concert_pict = $uploadfile; }
echo "Concert PICT: $concert_pict
";
} else {
echo "non e' stato rilevato nessun upload di file!
";
}
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
die ("Errore nella connessione al database MySQL.");
}
mysql_select_db($db_name, $db) or die ("Errore nella selezione del database MySQL.");
$query = "INSERT INTO concerts (artist, genre, date, place, ticket, info, pict) VALUES ('$concert_artist', '$concert_genre', '$concert_date', '$concert_place', '$concert_ticket', '$concert_info', '$concert_pict')";
echo "
Query:
$query
File:
$uploadfile
";
if (mysql_query($query, $db)) {
echo "Concert added successfully!
";
writelog("content", "Concert ($concert_artist - $concert_date) added successfully by $concert_author");
} else {
echo "MySQL Error: Sorry but i can't add your concert. Please contact the webmaster.
";
}
} else {
if (isset($_POST['Submit'])) { echo "You haven't filled all the fields!
"; }
}
break;
case 'del':
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
die ("Errore nella connessione al database MySQL.");
}
mysql_select_db($db_name, $db) or die ("Errore nella selezione del database MySQL.");
settype($_GET['id'], 'int');
$concert_id = $_GET['id'];
$query = "SELECT pict FROM concerts WHERE id=$concert_id";
$result = mysql_query($query, $db);
$sql_data = mysql_fetch_object($result);
$cfile_del = $concertpicts . $sql_data->pict;
if(unlink($cfile_del)) {
echo "
Deleted picture file: $c_filedel
";
}
$query = "DELETE FROM concerts WHERE id=$concert_id";
if (mysql_query($query, $db)) {
echo "Concert $concert_id deleted successfully!
";
writelog("content", "Concert (id: $concert_id) deleted successfully by $concert_author");
} else {
echo "MySQL Error: Sorry but i can't delete concert $concert_id. Please contact the webmaster.
";
}
mysql_close($db);
break;
case 'mod':
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
die ("Errore nella connessione al database MySQL.");
}
mysql_select_db($db_name, $db) or die ("Errore nella selezione del database MySQL.");
settype($_GET['id'], 'int');
$concert_id = $_GET['id'];
if (isset($_POST['Submit'])) {
/* Prende le variabili dal buffer POST */
if(isset($_FILES['pict'])) {
$uploadfile = $concertpicts . $HTTP_POST_FILES['pict']['name'];
move_uploaded_file($_FILES['pict']['tmp_name'], $uploadfile);
if(empty($HTTP_POST_FILES['pict']['name'])) { $concert_pict = NULL; } else { $concert_pict = $uploadfile; }
}
$concert_artist = $_POST['txtartist'];
$concert_genre = $_POST['txtgenre'];
$concert_date = $_POST['txtdate'];
$concert_place = $_POST['txtplace'];
$concert_ticket = $_POST['txtticket'];
$concert_info = str_replace("\n", "
", $_POST['txtinfo']);
/* Struttura query per l'aggiornamento */
$query = "UPDATE concerts SET artist='$concert_artist', genre='$concert_genre', date='$concert_date', place='$concert_place', ticket='$concert_ticket', info='$concert_info', pict='$concert_pict' WHERE id=$concert_id";
//echo "
Query:
$query
";
if (mysql_query($query, $db)) {
echo "Concert $concert_id modified successfully!
<hr>
";
writelog("content", "Concert ($concert_artist - $concert_date) modified successfully by $concert_author");
} else {
echo "MySQL Error: Sorry but i can't edit concert $concert_id. Please contact the webmaster.
";
echo "MySQL Error: " . mysql_error() . "
";
}
} else {
$query = "SELECT * FROM concerts WHERE id=$concert_id";
$result = mysql_query($query, $db);
$sql_data = mysql_fetch_object($result);
/* Prende le variabili dal db MySQL */
$concert_artist = $sql_data->artist;
$concert_genre = $sql_data->genre;
$concert_date = $sql_data->date;
$concert_place = $sql_data->place;
$concert_ticket = $sql_data->ticket;
$concert_info = str_replace("
", "\n", $sql_data->info);
echo("
</td>
</tr>
<tr>
<td width=\"1\" height=\"0\"></td>
<td width=\"495\"></td>
<td width=\"1\"></td>
</tr>
<tr>
<td height=\"181\"></td>
<td valign=\"top\"><table width=\"100%\" border=\"0\" cellpadding=\"0\" cellspacing=\"0\">
<tr>
<form action=\"index.php?page=content_concerts&action=mod&id=$concert_id\" method=\"post\">
<td width=\"94\" height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Artist:</font></td>
<td width=\"393\" valign=\"top\"><input name=\"txtartist\" type=\"text\" id=\"txtartist\" value=\"$concert_artist\" size=\"40\"></td>
<td width=\"2\"></td>
</tr>
<tr>
<td height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Genre:</font></td>
<td valign=\"top\"><input name=\"txtgenre\" type=\"text\" id=\"txtgenre\" value=\"$concert_genre\" size=\"40\"></td>
<td></td>
</tr>
<tr>
<td height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Date:</font></td>
<td valign=\"top\"><input type=\"text\" name=\"txtdate\" value=\"$concert_date\"></td>
<td></td>
</tr>
<tr>
<td height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Place:</font></td>
<td valign=\"top\"><input name=\"txtplace\" type=\"text\" id=\"txtplace\" value=\"$concert_place\" size=\"40\"></td>
<td></td>
</tr>
<tr>
<td height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Ticket:</font></td>
<td valign=\"top\"><input name=\"txtticket\" type=\"text\" id=\"txtticket\" value=\"$concert_ticket\" size=\"40\"></td>
<td></td>
</tr>
<tr>
<td height=\"22\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Pict:</font></td>
<td valign=\"top\"><input name=\"cpict\" type=\"file\" id=\"pictfile\" size=\"40\"></td>
<td></td>
</tr>
<tr>
<td height=\"150\" valign=\"top\"><font size=\"-1\" face=\"Verdana\">Info:</font></td>
<td colspan=\"2\" valign=\"top\"><textarea name=\"txtinfo\" cols=\"40\" rows=\"8\" id=\"txtinfo\">$concert_info</textarea></td>
</tr>
<tr>
<td height=\"27\"></td>
<td colspan=\"2\" valign=\"top\"><input type=\"submit\" name=\"Submit\" value=\"Modifica\">
<input type=\"reset\" name=\"Submit2\" value=\"Reset\"></td>
</form>
</tr>
<tr>
<td height=\"31\" colspan=\"3\"><hr></td>
<td></td>
<td></td>
</tr>
</table></tr></td></tr>
");
}
break;
}
}
?>
<td height="107" colspan="3" valign="top">
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="60" height="23" valign="top"><font size="-2" face="verdana">[b]id[/b]</font></td>
<td width="353" valign="top"><font size="-2" face="Verdana">[b]Artist[/b]</font></td>
<td colspan="2" valign="top"></td>
<td colspan="2" valign="top"></td>
</tr>
<?php
$db = mysql_connect($db_host, $db_user, $db_password);
if ($db == FALSE){
die ("Errore nella connessione al database MySQL.");
}
mysql_select_db($db_name, $db) or die ("Errore nella selezione del database MySQL.");
$query = "SELECT id, artist FROM concerts ORDER BY date";
$result = mysql_query($query, $db);
while ($sql_data = mysql_fetch_object($result)) {
if (strlen($sql_data->artist) > 35) {
$concert_artist = substr($sql_data->artist, 0, 35) . "..";
} else {
$concert_artist = $sql_data->artist;
}
echo "<tr><td>$sql_data->id</td><td>$concert_artist</td><td><a href=\"index.php?page=content_concerts&action=mod&id=$sql_data->id\"><img src=\"images/icons/icon_edit.png\" border=\"0\"></a></td><td><a href=\"index.php?page=content_concerts&action=del&id=$sql_data->id\"><img src=\"images/icons/icon_trash2.png\" border=\"0\"></a></td></tr>";
}
?>
</table>
</td>
</tr>
<tr>
<td width="1" height="0"></td>
<td width="495"></td>
<td width="1"></td>
</tr>
<tr>
<td height="181"></td>
<td valign="top"><table width="100%" border="0" cellpadding="0" cellspacing="0">
<tr>
<form action="index.php?page=content_concerts&action=add" method="post">
<td width="94" height="22" valign="top"><font size="-1" face="Verdana">Artist:</font></td>
<td width="393" valign="top"><input name="txtartist" type="text" id="txtartist" size="40"></td>
<td width="2"></td>
</tr>
<tr>
<td height="22" valign="top"><font size="-1" face="Verdana">Genre:</font></td>
<td valign="top"><input name="txtgenre" type="text" id="txtgenre" size="40"></td>
<td></td>
</tr>
<tr>
<td height="22" valign="top"><font size="-1" face="Verdana">Date:</font></td>
<td valign="top"><input type="text" name="txtdate"></td>
<td></td>
</tr>
<tr>
<td height="22" valign="top"><font size="-1" face="Verdana">Place:</font></td>
<td valign="top"><input name="txtplace" type="text" id="txtplace" size="40"></td>
<td></td>
</tr>
<tr>
<td height="22" valign="top"><font size="-1" face="Verdana">Ticket:</font></td>
<td valign="top"><input name="txtticket" type="text" id="txtticket" size="40"></td>
<td></td>
</tr>
<tr>
<td height="22" valign="top"><font size="-1" face="Verdana">Pict:</font></td>
<td valign="top"><input name="cpict" type="file" id="cpict"></td>
<td></td>
</tr>
<tr>
<td height="150" valign="top"><font size="-1" face="Verdana">Info:</font></td>
<td colspan="2" valign="top"><textarea name="txtinfo" cols="40" rows="8" id="txtinfo"></textarea></td>
</tr>
<tr>
<td height="27"></td>
<td colspan="2" valign="top"><input type="submit" name="Submit" value="Aggiungi">
<input type="reset" name="reset" value="Reset"></td>
</form>
</tr>
<tr>
<td height="31"></td>
<td></td>
<td></td>
</tr>
</table></td>
<td></td>
</tr>
<tr>
<td height="12"></td>
<td></td>
<td></td>
</tr>
</TABLE>
Rispondi quotando