<?phpsession_start();if ($_SESSION['loggedin'] == true){ if (isset($_POS

1. <?php
2. session_start();
3. if ($_SESSION['loggedin'] == true)
4. {
5.     if (isset($_POST['postnews']))
6.     {
7.         $content = htmlspecialchars($_POST['content']);
8.         $author = htmlspecialchars($_POST['author']);
9.         $date = htmlspecialchars($_POST['date']);
10.        
11.         $sql_host = '*********';
12.         $sql_user = '*********';
13.         $sql_pass = '*********';
14.         $sql_db   = '*********';
15.         $db = new mysqli($sql_host, $sql_user, $sql_pass, $sql_db);
16.        
17.         $query = "insert into kfs_news (content, author, date) values ($content, $author, $date);";
18.         if ($result = $db->query($query))
19.         {
20.             echo('Success! Newsitem posted.');
21.             echo('<br /><br /><p><a href="news.php" title="Go back">Go back to post more news</a></p><br />');
22.             echo('<p><a href="post.php?session=close" title="Log out">Press here to log out</a></p><br />');
23.         }
24.         else
25.         {
26.             echo('Error while inserting data into database. Please try again later. If the problem persists, contact webmaster.');
27.         }
28.     }
29.     elseif ($_GET['session'] == 'close')
30.     {
31.         session_destroy();
32.         echo('Successfully logged out!');
33.     }
34.     else
35.     {
36.         echo('Nothing to post... please use the admin page to specify a newsitem to be posted.');
37.     }
38. }
39. else
40. {
41.     echo('You\'re not logged in, please login before using this service.');
42. }