$page = $_REQUEST['page']; $story = intval($_REQUEST['story']); include_once 'db_fns.php'; include_once 'header.php'; $handle = db_connect(); if ($story) { $query = "select * from stories \n where id = '{$story}' and\n published is not null"; } else { $query = "select * from stories \n where page = '{$page}' and\n published is not null\n order by published desc"; } $result = $handle->query($query); while ($story = $result->fetch_assoc()) { // headline echo "<h2>{$story['headline']}</h2>"; //picture if ($story['picture']) { echo '<div style="float:right; margin:0px 0px 6px 6px;">'; echo '<img src="resize_image.php?image='; echo urlencode($story[picture]); echo '&max_width=200&max_height=120" align = right/></div>'; } // byline $w = get_writer_record($story['writer']); echo '<br /><p class="byline">'; echo $w[full_name] . ', '; echo date('M d, H:i', $story['modified']); echo '</p>'; // main text echo $story['story_text']; } include_once 'footer.php';
<table border="0"> <tr> <td>Username</td> <td><input size="16" name="username"></td> </tr> <tr> <td>Password</td> <td><input size="16" type="password" name="password"></td> </tr> </table> <input type="submit" value="Log in"> </form> <?php } else { $conn = db_connect(); $w = get_writer_record($HTTP_SESSION_VARS['auth_user']); print 'Welcome, ' . $w['full_name']; print ' (<a href="logout.php">Logout</a>)'; print '<p>'; $sql = 'select * from stories where writer = \'' . $HTTP_SESSION_VARS['auth_user'] . '\' order by created desc'; $result = mysql_query($sql, $conn); print 'Your stories: '; print mysql_num_rows($result); print ' (<a href="story.php">Add new</a>)'; print '</p><br /><br />'; if (mysql_num_rows($result)) { print '<table>'; print '<tr><th>Headline</th><th>Page</th>'; print '<th>Created</th><th>Last modified</th></tr>'; while ($qry = mysql_fetch_array($result)) { print '<tr>';
<?php include_once 'include_fns.php'; if (!check_auth_user()) { login_form(); } else { $handle = db_connect(); $writer = get_writer_record($_SESSION['auth_user']); echo '<p>Welcome, ' . $writer['full_name']; echo ' (<a href="logout.php">Logout</a>) (<a href="index.php">Menu</a>) (<a href="../">Public Site</a>) </p>'; $query = "select * from stories s, writer_permissions wp\n where wp.writer = '{$_SESSION['auth_user']}' and\n s.page = wp.page\n order by modified desc"; $result = $handle->query($query); echo '<h1>Editor admin</h1>'; echo '<table>'; echo '<tr><th>Headline</th><th>Last modified</th></tr>'; while ($story = $result->fetch_assoc()) { echo '<tr><td>'; echo $story['headline']; echo '</td><td>'; echo date('M d, H:i', $story['modified']); echo '</td><td>'; if ($story[published]) { echo '[<a href="unpublish_story.php?story=' . $story['id'] . '">unpublish</a>] '; } else { echo '[<a href="publish_story.php?story=' . $story['id'] . '">publish</a>] '; echo '[<a href="delete_story.php?story=' . $story['id'] . '">delete</a>] '; } echo '[<a href="story.php?story=' . $story['id'] . '">edit</a>] '; echo '</td></tr>'; } echo '</table>';