Old stuff/old_sites/www/include/perso/blog.php
(Deskargatu)
<?
$action = preg_replace("/[^a-zA-Z]/","",$_GET['action']);
if ($action == "ajouter")
{
if (empty($_POST['section']) or
empty($_POST['titre']) or
empty($_POST['contenu']))
{
echo "<form action=\"index.php?page=perso&id=blog&action=ajouter\" method=\"post\">
<dl>
<dt>Section</dt>
<dd><input type=\"text\" name=\"section\" value=\"".$_POST['section']."\" /></dd>
<dt>titre</dt>
<dd><input type=\"text\" name=\"titre\" value=\"".$_POST['titre']."\" /></dd>
<dt>Contenu</dt>
<dd><textarea cols=\"80\" rows=\"10\" name=\"contenu\">".$_POST['contenu']."</textarea></dd>
<dt>Validation</dt>
<dd><input type=\"submit\" value=\"Envoyer\" /></dd>
</dl>
</form>
";
}
else {
$query = "INSERT INTO mp_blog (section,titre,contenu,pseudo) VALUES
('".text2html($_POST['section'])."',
'".text2html($_POST['titre'])."',
'".text2html($_POST['contenu'])."',
'".$nick."'
)";
mysql_query($query) or die(mysql_error());
echo "<p>Changement effectuées.</p>";
}
}
elseif($action == "edit")
{
if (empty($_GET['article']))
{
echo "<h4>Liste des billets</h4>\n";
echo "<ul>";
$query = "SELECT id,titre FROM mp_blog WHERE pseudo='".$nick."' ORDER BY id DESC";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_assoc($result))
{
echo "<li><a href=\"index.php?page=perso&id=blog&action=edit&article=".$row{'id'}."\">".$row{'titre'}."</a></li>\n";
}
echo "</ul>\n";
}
else {
$id = preg_replace("/[\D]/","",$_GET['article']);
if (empty($_POST['titre']) or
empty($_POST['section']) or
empty($_POST['contenu']))
{
$id = $_GET['article'];
aide();
$query = "SELECT * FROM mp_blog WHERE pseudo='".$nick."' and id='".$id."'";
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_assoc($result);
echo "<form action=\"index.php?page=perso&id=blog&action=edit&article=$id\" method=\"post\">
<dl>
<dt>Section</dt>
<dd><input type=\"text\" name=\"section\" value=\"".$row['section']."\" /></dd>
<dt>titre</dt>
<dd><input type=\"text\" name=\"titre\" value=\"".$row['titre']."\" /></dd>
<dt>Contenu</dt>
<dd><textarea cols=\"80\" rows=\"10\" name=\"contenu\">".html2text($row['contenu'])."</textarea></dd>
<dt>Validation</dt>
<dd><input name=\"action\" type=\"submit\" value=\"editer\" />
<input name=\"action\" type=\"submit\" value=\"supprimer\" /></dd>
</dl>
</form>
";
}
else {
if ($_POST['action'] == "supprimer")
{
$query = "DELETE FROM mp_blog WHERE pseudo='".$nick."' and id='".$id."'";
}
else
{
$query = "UPDATE mp_blog set titre='".text2html($_POST['titre'])."',
section='".text2html($_POST['section'])."',
contenu='".text2html($_POST['contenu'])."'
WHERE pseudo='".$nick."' and id='".$id."'";
}
mysql_query($query) or die(mysql_error());
echo "<p>Modifications effectuées.</p>";
}
}
}