<?php
if($user->get()->role < 1){
redirect('/');
exit;
}
if(isset($_GET['edit'])){
$news = $db->prepare('select * from news where id = ?');
$news -> execute([Clean :: int($_GET['edit'])]);
$news = $news -> fetch(PDO :: FETCH_OBJ);
if(!isset($news->id)){
redirect('/admin/news');
exit;
}
if(isset($_POST['name'])){
$name = Clean :: text($_POST['name']);
$text = Clean :: text($_POST['text']);
$sql = $db->prepare('update news set name = ?, text = ? where id = ?');
$sql -> execute([$name,$text,$news->id]);
redirect('/admin/news?edit='.$news->id);
exit;
}
echo $template->render('admin.news_edit', ['news'=>$news]);
exit;
}
if(isset($_GET['creat'])){
if(isset($_POST['name'])){
$name = Clean :: text($_POST['name']);
$text = Clean :: text($_POST['text']);
$sql = $db->prepare('insert into news (name,text,time) values (?,?,?)');
$sql -> execute([$name,$text,time()]);
redirect('/admin/news');
exit;
}
echo $template->render('admin.news_creat');
exit;
}
if(isset($_GET['del'])){
$news = $db->prepare('select * from news where id = ?');
$news -> execute([Clean :: int($_GET['del'])]);
$news = $news -> fetch(PDO :: FETCH_OBJ);
if(!isset($news->id)){
redirect('/admin/news');
exit;
}
$sql = $db->prepare('delete from news where id = ?');
$sql -> execute([$news->id]);
redirect('/admin/news');
exit;
}
$all = $db->prepare('select * from news order by id desc');
$all -> execute();
$all = $all -> fetchAll();
$peger = new ArrayPaginator('/admin/news', 10);
$items = $peger->getItems($all);
echo $template->render('admin.news', ['all'=>$items, 'peger' => $peger]);