Copy the codeThe code is as follows:
<?php require_once('Connections/');
require_once('inc/');
require_once('inc/');?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$updateSQL = sprintf("UPDATE posts SET checked=1-checked WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
$deleteGoTo = "";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
Copy the codeThe code is as follows:
<?php
require_once('Connections/');
require_once('inc/');
require_once('inc/');
?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$deleteSQL = sprintf("DELETE FROM posts WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
Copy the codeThe code is as follows:
<?php require_once('Connections/');
require_once('inc/');
require_once('inc/');?>
<?php
if ((isset($_GET['postid'])) && ($_GET['postid'] != "")) {
$deleteSQL = sprintf("UPDATE posts SET replied=0, adminname='', replycontent='' WHERE postid=%s",
GetSQLValueString($_GET['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($deleteSQL, $conn) or die(mysql_error());
$deleteGoTo = "";
if (isset($_SERVER['QUERY_STRING'])) {
$deleteGoTo .= (strpos($deleteGoTo, '?')) ? "&" : "?";
$deleteGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $deleteGoTo));
}
?>
Copy the codeThe code is as follows:
<?php require_once('Connections/');
require_once('inc/');
require_once('inc/');?>
<?php
mysql_select_db($database_conn, $conn);
$query_rs = "SELECT * FROM posts ORDER BY postid DESC";
$rs = mysql_query($query_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
$totalRows_rs = mysql_num_rows($rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http:///TR/html4/">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
.style4 {font-size: 12px}
.style6 {font-size: 12px; font-weight: bold; }
--></style><style type="text/css" bogus="1">.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
.style4 {font-size: 12px}
.style6 {font-size: 12px; font-weight: bold; }</style>
</head>
<body>
<p align="center"><span class="style1">Message Board - Management Page</span></p>
<p align="center"><span class="style2"><a href="" href="">Browse messages</a> | <a href="" href="">Post a message</a> | <a href="" href="">Login</a></span></p>
<p align="center"> </p>
<table width="623" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="91"><span class="style6">Message username</span></td>
<td width="210"><span class="style6">Message title</span></td>
<td width="61"> </td>
<td width="61"> </td>
<td width="61"> </td>
<td width="62"> </td>
</tr>
<?php do { ?>
<tr>
<td><span class="style4"><?php echo $row_rs['username']; ?></span></td>
<td><span class="style4"><?php
echo $row_rs['topic'];
if($row_rs['checked']==1)
echo "(approved)";
if($row_rs['replied']==1)
echo "(replied)";
?></span></td>
<td><div align="center"><span class="style4"><a href="?postid=<?php echo $row_rs['postid']; ?>">Reply to comment</a></span></div></td>
<td><div align="center"><span class="style4"><a href="?postid=<?php echo $row_rs['postid']; ?>">Delete the message</a></span></div></td>
<td><div align="center"><span class="style4"><a href="?postid=<?php echo $row_rs['postid']; ?>">Delete reply</a></span></div></td>
<td><div align="center"><span class="style4"><a href="?postid=<?php echo $row_rs['postid']; ?>">Approval Message</a></span></div></td>
</tr>
<?php } while ($row_rs = mysql_fetch_assoc($rs)); ?>
</table>
<p align="center"> </p>
</body>
</html>
<?php
mysql_free_result($rs);
?>
Copy the codeThe code is as follows:
<?php require_once('Connections/');
require_once('inc/');
require_once('inc/');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
$updateSQL = sprintf("UPDATE posts SET replycontent=%s, replied=1, checked=1, adminname=%s WHERE postid=%s",
GetSQLValueString($_POST['replycontent'], "text"),
GetSQLValueString($_SESSION['MM_Username'], "text"),
GetSQLValueString($_POST['postid'], "int"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($updateSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('Reply published successfully');
// --></script>";
}
$colname_rs = "1";
if (isset($_GET['postid'])) {
$colname_rs = (get_magic_quotes_gpc()) ? $_GET['postid'] : addslashes($_GET['postid']);
}
mysql_select_db($database_conn, $conn);
$query_rs = sprintf("SELECT * FROM posts WHERE postid = %s", $colname_rs);
$rs = mysql_query($query_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
$totalRows_rs = mysql_num_rows($rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http:///TR/html4/">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 {font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<p align="center"><span class="style1">Message Board - Management Page - Reply to Message</span></p>
<p align="center"><span class="style2"><a href="" href="">Admin Page</a><a href="" href=""></a> | <a href="" href="">Login</a></span></p>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right" valign="top">Message title:</td>
<td><?php echo $row_rs['topic']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Message content:</td>
<td><?php echo $row_rs['content']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Reply content:</td>
<td>
<textarea name="replycontent" cols="50" rows="5"><?php echo $row_rs['replycontent']; ?>
Copy the codeThe code is as follows:
<?php
$logoutGoTo = "";
session_start();
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
if ($logoutGoTo != "") {header("Location: $logoutGoTo");
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
exit;
}
?>
<?php
$logoutGoTo = "";
session_start();
unset($_SESSION['MM_Username']);
unset($_SESSION['MM_UserGroup']);
if ($logoutGoTo != "") {header("Location: $logoutGoTo");
session_unregister('MM_Username');
session_unregister('MM_UserGroup');
exit;
}
?>
Copy the codeThe code is as follows:
<?php require_once('Connections/');
require_once('inc/');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['topic'], "text"),
GetSQLValueString($_POST['content'], "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('Leave a message successfully');
// --></script>";
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http:///TR/html4/">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<p align="center"><span class="style1">Message Board - Post a new message</span></p>
<p align="center"><span class="style2"><a href="" href="">Browse and leave a message</a> | <a href="" href="">Manage login</a></span></p>
<table align="center">
<tr valign="baseline">
<td nowrap align="right">Username:</td>
<td><input type="text" name="username" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Title:</td>
<td><input type="text" name="topic" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Message content:</td>
<td>
<textarea name="content" cols="50" rows="5">
<?php require_once('Connections/');
require_once('inc/');?>
<?php
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "form1")) {
$insertSQL = sprintf("INSERT INTO posts (username, topic, content) VALUES (%s, %s, %s)",
GetSQLValueString($_POST['username'], "text"),
GetSQLValueString($_POST['topic'], "text"),
GetSQLValueString($_POST['content'], "text"));
mysql_select_db($database_conn, $conn);
$Result1 = mysql_query($insertSQL, $conn) or die(mysql_error());
echo "<script type="text/javascript"><!--
alert('Leave a message successfully');
// --></script>";
}
?>
Copy the codeThe code is as follows:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http:///TR/html4/">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 { font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<p align="center"><span class="style1">Message Board - Post a new message</span></p>
<p align="center"><span class="style2"><a href="" href="">Browse and leave a message</a> | <a href="" href="">Manage login</a></span></p>
<table align="center">
<tr valign="baseline">
<td nowrap align="right">Username:</td>
<td><input type="text" name="username" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Title:</td>
<td><input type="text" name="topic" value="" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right" valign="top">Message content:</td>
<td>
<textarea name="content" cols="50" rows="5">
Copy the codeThe code is as follows:
<?php require_once('Connections/'); ?>
<?php
$currentPage = $_SERVER["PHP_SELF"];
$maxRows_rs = 10;
$pageNum_rs = 0;
if (isset($_GET['pageNum_rs'])) {
$pageNum_rs = $_GET['pageNum_rs'];
}
$startRow_rs = $pageNum_rs * $maxRows_rs;
mysql_select_db($database_conn, $conn);
$query_rs = "SELECT * FROM posts WHERE checked=1 ORDER BY postid DESC";
$query_limit_rs = sprintf("%s LIMIT %d, %d", $query_rs, $startRow_rs, $maxRows_rs);
$rs = mysql_query($query_limit_rs, $conn) or die(mysql_error());
$row_rs = mysql_fetch_assoc($rs);
if (isset($_GET['totalRows_rs'])) {
$totalRows_rs = $_GET['totalRows_rs'];
} else {
$all_rs = mysql_query($query_rs);
$totalRows_rs = mysql_num_rows($all_rs);
}
$totalPages_rs = ceil($totalRows_rs/$maxRows_rs)-1;
$queryString_rs = "";
if (!emptyempty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_rs") == false &&
stristr($param, "totalRows_rs") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_rs = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_rs = sprintf("&totalRows_rs=%d%s", $totalRows_rs, $queryString_rs);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http:///TR/html4/">
<html>
<head>
<title>Untitled Document</title>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<style type="text/css"><!--
.style1 {
font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}
--></style><style type="text/css" bogus="1">.style1 {
font-size: 18px;
font-weight: bold;
}
.style2 {font-size: 14px}</style>
</head>
<body>
<p align="center" class="style1">Message Board - Message Browsing</p>
<p align="center" class="style2"><a href="" href="">Leave a message</a> | <a href="" href="">Administrative login</a></p>
<?php do { ?>
<table width="500" border="1" align="center" cellpadding="0" cellspacing="0">
<tr>
<td width="116"><div align="right"><strong>Username:</strong></div></td>
<td width="378"><?php echo $row_rs['username']; ?></td>
</tr>
<tr>
<td><div align="right"><strong>Title:</strong></div></td>
<td><?php echo $row_rs['topic']; ?></td>
</tr>
<tr>
<td><div align="right"><strong>Message content:</strong></div></td>
<td><?php echo $row_rs['content']; ?></td>
</tr>
<?php if($row_rs['replied']==1) { ?>
<tr>
<td><div align="right"><strong>Reply:</strong></div></td>
<td><p><?php echo $row_rs['replycontent']; ?></p>
<p align="right"><strong>Reply to:</strong><?php echo $row_rs['adminname']; ?></p></td>
</tr>
<?php } ?>
</table>
<br>
<?php } while ($row_rs = mysql_fetch_assoc($rs)); ?>
<p align="center">
<table border="0" width="50%" align="center">
<tr>
<td width="23%" align="center">
<?php if ($pageNum_rs > 0) { // Show if not first page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, 0, $queryString_rs); ?>">Home</a>
<?php } // Show if not first page ?>
</td>
<td width="31%" align="center">
<?php if ($pageNum_rs > 0) { // Show if not first page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, max(0, $pageNum_rs - 1), $queryString_rs); ?>">Previous page</a>
<?php } // Show if not first page ?>
</td>
<td width="23%" align="center">
<?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, min($totalPages_rs, $pageNum_rs + 1), $queryString_rs); ?>">Next Page</a>
<?php } // Show if not last page ?>
</td>
<td width="23%" align="center">
<?php if ($pageNum_rs < $totalPages_rs) { // Show if not last page ?>
<a href="<?php printf(" href="<?php printf("%s?pageNum_rs=%d%s", $currentPage, $totalPages_rs, $queryString_rs); ?>">Last Page</a>
<?php } // Show if not last page ?>
</td>
</tr>
</table>
</p>
<p> </p>
</body>
</html>
<?php
mysql_free_result($rs);
?>