Code: Select all
<?php
include("admins.php");
$time = date("g:ia");
$date = date("l, F j, Y");
$user = $_POST["user"];
$pass = $_POST["pass"];
$action = $_POST["action"];
$db_user="**";
$db_pass="**";
$db_host="**";
$db="**";
$auth = "<br><br><center><h2>Error!</h2><br>You are not authorized to view this page. You must <a href='index.php?id=admin&page=login'>login</a> first.</center>";
if (!$_POST["user"] || $_POST["user"] == "") {
echo $auth;
} elseif ($admins[$_POST["user"]] == $_POST["pass"] && $action == "") {
echo '<br><br><center><h2>News</h2>';
echo 'What would you like to do?<br><br>';
echo '<table align="center"><tr><td>';
echo '<form action="index.php">';
echo '<input type="submit" value="View News" class="input2" />';
echo '</form></td>';
echo '<td><form action="index.php?id=admin&page=news" method="post">';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="add" />';
echo '<input type="submit" value="Add News" class="input2" />';
echo '</form></td>';
echo '<td><form action="index.php?id=admin&page=news" method="post">';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="edit" />';
echo '<input type="submit" value="Edit News" class="input2" />';
echo '</form></td>';
echo '<td><form action="index.php?id=admin&page=news" method="post">';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="delete" />';
echo '<input type="submit" value="Delete News" class="input2" />';
echo '</form></td></tr></table></center>';
} elseif ($admins[$_POST["user"]] == $_POST["pass"] && $action == "add") {
echo "<br><br><center><h2>Add News</h2><br>";
echo '<form action="index.php?id=admin&page=news" method="post">
Title: <input type="text" name="title" class="input" /><br>
Body:<br> <textarea name="body" class="input" cols="30" rows="10">Put news in here</textarea><br>';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="addit" />';
echo '<input type="submit" value="Post News" class="input" /></form>';
echo '</center>';
} elseif ($admins[$_POST["user"]] == $_POST["pass"] && $action == "addit") {
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db($db) or die( "Unable to select database");
$query = "INSERT INTO news VALUES ('','$title','$body','$time','$date','$user')";
mysql_query($query);
mysql_close();
echo '<center><br><br><h2>Success!</h2><br>Your news has been added successfully!<br><a href="index.php">Go home</a></center>';
} elseif ($admins[$_POST["user"]] == $_POST["pass"] && $action == "edit") {
echo "<br><br><center><h2>Edit News</h2><br>";
mysql_connect($db_host,$db_user,$db_pass);
@mysql_select_db($db) or die( "Unable to select database");
$query="SELECT * FROM news order by id desc";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
$i=0;
while ($i < $num) {
$id=mysql_result($result,$i,"id");
$title=mysql_result($result,$i,"title");
$body=mysql_result($result,$i,"newsbody");
$time=mysql_result($result,$i,"time");
$date=mysql_result($result,$i,"date");
$user=mysql_result($result,$i,"username");
echo '<table align="center" style="width:350px"><tr><td><span class="shouth"><b>Subject:</b> ';
echo $title;
echo '</span></td></tr><tr><td><span class="shout">';
echo $body;
echo '</span></td></tr><tr><td><span class="shouth">Posted by <b>';
echo $user;
echo '</b> on ';
echo $date;
echo ' at ';
echo $time;
echo '</span></td></tr><tr><td>';
echo '<form action="index.php?id=admin&page=news&newsid=';
echo $id;
echo '" method="post">';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="editit" />';
echo '<input type="submit" value="Edit News" class="input2" />';
echo '</form>';
echo '</td></tr></table><br><br>';
$i++;
}
} elseif ($admins[$_POST["user"]] == $_POST["pass"] && $action == "editit") {
echo '<center><br><br><h2>Edit News</h2>';
$id=$_GET['newsid'];
mysql_connect($db_host,$db_user,$db_pass);
$result=mysql_query("SELECT * FROM news WHERE id='$id'");
$num=mysql_num_rows($result);
mysql_close();
$i=0;
while ($i < $num) {
$title2=mysql_result($result,$i,"first");
$newsbody=mysql_result($result,$i,"last");
echo '<form action="index.php?id=pages&page=news" method="post">
<input type="hidden" name="ud_id" value="';
echo $id;
echo '">Title: <input type="text" name="title" class="input" value="';
echo $title2;
echo ' /><br>Body:<br> <textarea name="body" class="input" cols="30" rows="10">';
echo $newsbody;
echo '</textarea><br>';
echo '<input type="hidden" name="user" value="';
echo $user;
echo '" />';
echo '<input type="hidden" name="pass" value="';
echo $pass;
echo '" />';
echo '<input type="hidden" name="action" value="edit_it" />';
echo '<input type="submit" value="Edit News" class="input" /></form>';
echo '</center>';
++$i;
}
} else {
echo $auth;
}
?>Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/www/jamper5.coconia.net/php/admin/news.php on line 128
Which is this line:
Code: Select all
$num=mysql_num_rows($result);