این صفحه ایه که فرمم در اون قرار داره
<?php require_once('../Connections/connCompost.php'); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}
$MM_authorizedUsers = "1,2";
$MM_donotCheckaccess = "false";// *** Restrict Access To Page: Grant or deny access to this page
function isAuthorized($strUsers, $strGroups, $UserName, $UserGroup) {
// For security, start by assuming the visitor is NOT authorized.
$isValid = False; // When a visitor has logged into this site, the Session variable MM_Username set equal to their username.
// Therefore, we know that a user is NOT logged in if that Session variable is blank.
if (!empty($UserName)) {
// Besides being logged in, you may restrict access to only certain users based on an ID established when they login.
// Parse the strings into arrays.
$arrUsers = Explode(",", $strUsers);
$arrGroups = Explode(",", $strGroups);
if (in_array($UserName, $arrUsers)) {
$isValid = true;
}
// Or, you may restrict access to only certain users based on their username.
if (in_array($UserGroup, $arrGroups)) {
$isValid = true;
}
if (($strUsers == "") && false) {
$isValid = true;
}
}
return $isValid;
}$MM_restrictGoTo = "../login.php?access=denied";
if (!((isset($_SESSION['MM_Username'])) && (isAuthorized("",$MM_authorizedUsers, $_SESSION['MM_Username'], $_SESSION['MM_UserGroup'])))) {
$MM_qsChar = "?";
$MM_referrer = $_SERVER['PHP_SELF'];
if (strpos($MM_restrictGoTo, "?")) $MM_qsChar = "&";
if (isset($_SERVER['QUERY_STRING']) && strlen($_SERVER['QUERY_STRING']) > 0)
$MM_referrer .= "?" . $_SERVER['QUERY_STRING'];
$MM_restrictGoTo = $MM_restrictGoTo. $MM_qsChar . "accesscheck=" . urlencode($MM_referrer);
header("Location: ". $MM_restrictGoTo);
exit;
}
?>
<?php
#################################
##############Upload Image###################
##################################
if(((@$_FILES["file"]["type"] == "image/gif")|| (@$_FILES["file"]["type"] == "image/jpeg")|| (@$_FILES["file"]["type"] == "image/png")))
{
if ($_FILES["file"]["error"] > 0)
{
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
if (file_exists("http://forum.persianscript.ir/images/" . $_FILES["file"]["name"]))
{
echo "این عکس موجود است" . exit;
}
else
{
move_uploaded_file($_FILES["file"]["tmp_name"],
"http://forum.persianscript.ir/images/". $_FILES["file"]["name"]);
echo "Stored in: " . "http://forum.persianscript.ir/images/" . $_FILES["file"]["name"];
}
}
else
{
echo "";
}
if(isset($_POST['button']) && ($_FILES["file"]["size"] > 0)){ $FileName=$_FILES['file']['name'];
$FileSize=ceil(($_FILES['file']['size'])/1024);
$FileType=$_FILES['file']['type'];
$upload=move_uploaded_file($_FILES['file']['tmp_name'],"http://forum.persianscript.ir/images/" . $FileName );
}
#####################################
#######End Upload Image#################
#####################################
if (!function_exists("GetSQLValueString")) {
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
if (PHP_VERSION < 6) {
$theValue = get_magic_quotes_gpc() ? stripslashes($theValue) : $theValue;
} $theValue = function_exists("mysql_real_escape_string") ? mysql_real_escape_string($theValue) : mysql_escape_string($theValue); switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? doubleval($theValue) : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
}$currentPage = $_SERVER["PHP_SELF"];$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}if ((isset($_POST["MM_insert"])) && ($_POST["MM_insert"] == "frmAddPost")) {
$insertSQL = sprintf("INSERT INTO tbl_post (txtPostTitle, txtPostContent, txtPostImage, dtePostDate, intUserID, bitPostShow) VALUES (%s, %s, %s, %s, %s, %s)",
GetSQLValueString($_POST['txtPostTitle'], "text"),
GetSQLValueString($_POST['txtPostContent'], "text"),
GetSQLValueString($_FILES['file']['name'], "text"),
GetSQLValueString($_POST['hiddenPostDate'], "date"),
GetSQLValueString($_POST['hiddenUserID'], "int"),
GetSQLValueString(isset($_POST['bitPostShow']) ? "true" : "", "defined","1","0")); mysql_select_db($database_connCompost, $connCompost);
$Result1 = mysql_query($insertSQL, $connCompost) or die(mysql_error()); $insertGoTo = "welcome.php?add=ok";
if (isset($_SERVER['QUERY_STRING'])) {
$insertGoTo .= (strpos($insertGoTo, '?')) ? "&" : "?";
$insertGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $insertGoTo));
}$maxRows_rsPost = 10;
$pageNum_rsPost = 0;
if (isset($_GET['pageNum_rsPost'])) {
$pageNum_rsPost = $_GET['pageNum_rsPost'];
}
$startRow_rsPost = $pageNum_rsPost * $maxRows_rsPost;mysql_select_db($database_connCompost, $connCompost);
$query_rsPost = "SELECT tbl_users.intUserID, tbl_users.txtUserName, tbl_post.intPostID, tbl_post.txtPostTitle, tbl_post.txtPostContent, tbl_post.txtPostImage, tbl_post.dtePostDate, tbl_post.bitPostShow FROM compost.tbl_post INNER JOIN compost.tbl_users ON tbl_post.intUserID = tbl_users.intUserID ORDER BY intPostID DESC";
$query_limit_rsPost = sprintf("%s LIMIT %d, %d", $query_rsPost, $startRow_rsPost, $maxRows_rsPost);
$rsPost = mysql_query($query_limit_rsPost, $connCompost) or die(mysql_error());
$row_rsPost = mysql_fetch_assoc($rsPost);if (isset($_GET['totalRows_rsPost'])) {
$totalRows_rsPost = $_GET['totalRows_rsPost'];
} else {
$all_rsPost = mysql_query($query_rsPost);
$totalRows_rsPost = mysql_num_rows($all_rsPost);
}
$pageNum_rsPost = 0;
if (isset($_GET['pageNum_rsPost'])) {
$pageNum_rsPost = $_GET['pageNum_rsPost'];
}
$startRow_rsPost = $pageNum_rsPost * $maxRows_rsPost;mysql_select_db($database_connCompost, $connCompost);
$query_rsPost = "SELECT tbl_users.intUserID, tbl_users.txtUserName, tbl_post.intPostID, tbl_post.txtPostTitle, tbl_post.txtPostContent, tbl_post.txtPostImage, tbl_post.dtePostDate, tbl_post.bitPostShow FROM compost.tbl_post INNER JOIN compost.tbl_users ON tbl_post.intUserID = tbl_users.intUserID ORDER BY intPostID DESC";
$query_limit_rsPost = sprintf("%s LIMIT %d, %d", $query_rsPost, $startRow_rsPost, $maxRows_rsPost);
$rsPost = mysql_query($query_limit_rsPost, $connCompost) or die(mysql_error());
$row_rsPost = mysql_fetch_assoc($rsPost);if (isset($_GET['totalRows_rsPost'])) {
$totalRows_rsPost = $_GET['totalRows_rsPost'];
} else {
$all_rsPost = mysql_query($query_rsPost);
$totalRows_rsPost = mysql_num_rows($all_rsPost);
}
$totalPages_rsPost = ceil($totalRows_rsPost/$maxRows_rsPost)-1;$maxRows_rsPost = 10;
$pageNum_rsPost = 0;
if (isset($_GET['pageNum_rsPost'])) {
$pageNum_rsPost = $_GET['pageNum_rsPost'];
}
$startRow_rsPost = $pageNum_rsPost * $maxRows_rsPost;mysql_select_db($database_connCompost, $connCompost);
$query_rsPost = "SELECT * FROM tbl_post ORDER BY intPostID ASC";
$query_limit_rsPost = sprintf("%s LIMIT %d, %d", $query_rsPost, $startRow_rsPost, $maxRows_rsPost);
$rsPost = mysql_query($query_limit_rsPost, $connCompost) or die(mysql_error());
$row_rsPost = mysql_fetch_assoc($rsPost);if (isset($_GET['totalRows_rsPost'])) {
$totalRows_rsPost = $_GET['totalRows_rsPost'];
} else {
$all_rsPost = mysql_query($query_rsPost);
$totalRows_rsPost = mysql_num_rows($all_rsPost);
}
$row_rsPost = mysql_fetch_assoc($rsPost);
$totalRows_rsPost = mysql_num_rows($rsPost);mysql_select_db($database_connCompost, $connCompost);
$query_rsPost = "SELECT tbl_users.intUserID, tbl_users.txtUserName, tbl_post.intPostID, tbl_post.txtPostTitle, tbl_post.txtPostContent, tbl_post.txtPostImage, tbl_post.dtePostDate, tbl_post.bitPostShow FROM compost.tbl_post INNER JOIN compost.tbl_users ON tbl_post.intUserID = tbl_users.intUserID ORDER BY intPostID DESC";$queryString_rsPost = "";
if (!empty($_SERVER['QUERY_STRING'])) {
$params = explode("&", $_SERVER['QUERY_STRING']);
$newParams = array();
foreach ($params as $param) {
if (stristr($param, "pageNum_rsPost") == false &&
stristr($param, "totalRows_rsPost") == false) {
array_push($newParams, $param);
}
}
if (count($newParams) != 0) {
$queryString_rsPost = "&" . htmlentities(implode("&", $newParams));
}
}
$queryString_rsPost = sprintf("&totalRows_rsPost=%d%s", $totalRows_rsPost, $queryString_rsPost);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "
لینک ها تنها برای اعضای سایت قابل نمایش است.
">
<html xmlns="
لینک ها تنها برای اعضای سایت قابل نمایش است.
">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<link href="css/manager_css.css" rel="stylesheet" type="text/css" />
<link href="../SpryAssets/SpryValidationTextarea.css" rel="stylesheet" type="text/css" />
<script src="../SpryAssets/SpryValidationTextarea.js" type="text/javascript"></script>
</head><body dir="rtl">
<div id="main">
<div id="head"> محصولات گیاهی سالم و ارگانیک با ورمی کمپوست تی تی گل</div>
<div id="header"><ul>
<li><a href="#"> صفحه نخست </a></li>
<li><a href="#"> مقالات </a></li>
<li><a href="#"> گالری تصاویر </a></li>
<li><a href="#"> آنالیز </a></li>
<li><a href="#"> تماس با ما </a></li>
</ul>
</div>
<div id="banner"><a href="index.php"> <img src="../images/banner.jpg" alt="ttgol_compost" title="ورمی کمپوست تی تی گل" /></a></div>
<div id="content"><div id="menu"><h5> خوش آمدی <?php echo $_SESSION['MM_Username']; ?></h5>
<a href="#">پیام ها</a> | <a href="#" class="selectMenu">پست ها</a> | <a href="#">مقالات</a> | <a href="#">تصاویر</a> | <a href="../logout.php"> خروج </a></div>
<hr color="#FF6600" width="550px"/>
<h3><img src="../images/button_pm_new.gif" width="97" height="27" alt="NewPost" />افزودن پست جدید</h3> <br /><
form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="frmAddPost" id="frmAddPost">
<table width="700" class="post">
<tr>
<td width="87">عنوان پست :</td>
<td width="601"><input name="txtPostTitle" type="text" id="txtPostTitle" /></td>
</tr>
<tr>
<td valign="top">توضیحات :</td>
<td>
<textarea name="txtPostContent" id="txtPostContent" cols="65" rows="5"></textarea>
<span class="textareaRequiredMsg">متن را وارد نمایید .</span></span></td>
</tr>
<tr>
<td>نمایش :</td>
<td>
<label>
<input type="checkbox" name="bitPostShow" id="bitPostShow"<?php if($_SESSION['MM_UserGroup']<>1){echo "disabled='disabled'";}?> />
</label>
<br />
</td>
</tr>
<tr>
<td>افزودن تصویر :</td>
<td><input name="file" type="file" id="file" /></td>
</tr>
<tr><td> <input name="hiddenPostDate" type="hidden" value="<?php echo date("Y-m-d h:m:s")?>"/> <input name="hiddenUserID" type="hidden" id="hiddenUserID" value="<?php echo $_SESSION['MM_UserID']; ?>" /></td><td><input name="send" type="submit" class="button" value="ارسال"/> </td> </tr></table>
<input type="hidden" name="MM_insert" value="frmAddPost" />
</form><?php if(@$_GET["add"==ok]){
?> <div class="logout"> مطلب شما ارسال شد و پس از تایید مدیر سایت نمایش داده خواهد شد . </div>
<?php } ?>
<?php if ($totalRows_rsPost > 0) { // Show if recordset not empty ?>
<div id="rspaging">
<?php if ($pageNum_rsPost > 0) { // Show if not first page ?>
<a href="<?php printf("%s?pageNum_rsPost=%d%s", $currentPage, 0, $queryString_rsPost); ?>">ابتدا</a>
<?php } // Show if not first page ?>
<?php if ($pageNum_rsPost == 0) { // Show if first page ?>
ابتدا
<?php } // Show if first page ?>
|
<?php if ($pageNum_rsPost > 0) { // Show if not first page ?>
<a href="<?php printf("%s?pageNum_rsPost=%d%s", $currentPage, max(0, $pageNum_rsPost - 1), $queryString_rsPost); ?>">قبلی</a>
<?php } // Show if not first page ?>
<?php if ($pageNum_rsPost == 0) { // Show if first page ?>
قبلی
<?php } // Show if first page ?>
|
<?php if ($pageNum_rsPost > 0) { // Show if not first page ?>
<a href="<?php printf("%s?pageNum_rsPost=%d%s", $currentPage, min($totalPages_rsPost, $pageNum_rsPost + 1), $queryString_rsPost); ?>">بعدی</a>
<?php } // Show if not first page ?>
<?php if ($pageNum_rsPost >= $totalPages_rsPost) { // Show if last page ?>
بعدی
<?php } // Show if last page ?>
|
<?php if ($pageNum_rsPost < $totalPages_rsPost) { // Show if not last page ?>
<a href="<?php printf("%s?pageNum_rsPost=%d%s", $currentPage, $totalPages_rsPost, $queryString_rsPost); ?>">انتها</a>
<?php } // Show if not last page ?>
<?php if ($pageNum_rsPost >= $totalPages_rsPost) { // Show if last page ?>
انتها
<?php } // Show if last page ?>
<?php echo $totalRows_rsPost ?>
<?php do { ?></div>
<div id="Tpost">
<table>
<tr>
<th width="90"> عنوان پست :
</td>
<td colspan="5"><?php echo $row_rsPost['txtPostTitle']; ?></td>
</tr>
<tr>
<th>تصویر :
</td>
<td colspan="5"><?php echo $row_rsPost['txtPostImage']; ?></td>
</tr>
<tr>
<th>تاریخ : </th>
<td width="130"><?php echo $row_rsPost['txtPostImage']; ?></td>
<th width="59">کاربر :</th>
<td width="151"><?php echo $row_rsPost['txtUserName']; ?></td>
<th width="108"><a href="view.php"> مشاهده پست </a></th>
<th width="133"> نمایش :
<?php if($row_rsPost['bitPostShow']==1){
?>
<img src="../images/icon_true.jpg" />
<?php } else{ ?>
<img src="../images/icon_false.jpg" />
<?php }; ?></th>
<?php if($_SESSION['MM_UserGroup']==1){
?>
<td width="56"><a href="delet_post.php?pid=<?php echo $row_rsPost['intPostID']; ?>"><img src="../images/icon_TrashCanMedium.jpg" width="18" height="18" alt="delete" /></a></td>
</tr>
<?php }; ?>
</table>
</div>
<?php } while ($row_rsPost = mysql_fetch_assoc($rsPost)); ?>
<?php } // Show if recordset not empty ?>
<?php if ($totalRows_rsPost == 0) { // Show if recordset empty ?>
<div class="noPost"> پستی وجود ندارد ... </div>
<?php } // Show if recordset empty ?>
</div>
<div id="footer">
<img src="../images/footer.jpg" /><br />
<br />
<br /><br /><br />
<p>
تمامی حقوق این سایت متعلق به شرکت تی تی گل می باشد .<br /> design by <a href="
لینک ها تنها برای اعضای سایت قابل نمایش است.
"> z.badri </a> </p>
</div>
</div>
<script type="text/javascript">
var sprytextarea1 = new Spry.Widget.ValidationTextarea("sprytextarea1");
</script>
</body>
</html>
<?php
mysql_free_result($rsPost);
?>