<?php
// CREATING ENVIRONMENT
require_once 'conf.php';
// If the user hasn't the right to change news -> access denied.
if (!$LU->checkRight(RIGHT_NEWS_CHANGE)) {
$tpl->loadTemplatefile('news_notallowed.tpl.php', false, false);
include_once 'finish.inc.php';
exit();
}
// Read form data.
$action = array_key_exists('action', $_GET) ? $_GET['action'] : '';
$action = array_key_exists('action', $_POST) ? $_POST['action'] : $action;
$news_id = array_key_exists('news_id', $_GET) ? (int)$_GET['news_id'] : 0;
$news_id = array_key_exists('news_id', $_POST) ? (int)$_POST['news_id'] : $news_id;
/**
* Page for changing news.
*/
if ($action == 'change' AND $news_id != 0) {
$newsRow = $db->queryRow('SELECT
news_id,
ROUND((TO_DAYS(valid_to)-TO_DAYS(created_at))/7) AS weeks,
UNIX_TIMESTAMP(created_at) AS created_at,
news,
owner_user_id,
owner_group_id
FROM
news
WHERE
news_id = ' . $news_id);
// Check whether the user is cheating.
if (!$LU->checkRightLevel(RIGHT_NEWS_CHANGE, (int)$newsRow['owner_user_id'], (int)$newsRow['owner_group_id'])) {
header('Location: news_change.php?logout=1');
exit();
} else {
// Read form data.
$news = array_key_exists('news', $_POST) ? $_POST['news'] : '';
$valid_to = array_key_exists('valid_to', $_POST) ? (int)$_POST['valid_to'] : '';
if (!empty($news)) {
if (!ereg('^[1-9][0-9]?$', $valid_to)) {
$errorMsg = '<p><span style="color: red;">Only numbers between 1 and 99 are allowed here.</span></p>';
} else {
// Form seems to be correct. Write data into the db.
$news = str_replace("\r\n",'<br />',$news);
$db->query('UPDATE
news
SET
valid_to = "' . date('Y.m.d H:i:s', $newsRow['created_at']+60*60*24*7*$valid_to) . '",
news = "' . addslashes( $news ) . '"
WHERE
news_id = "' . $news_id . '"');
// Clear action.
$action = '';
}
}
// Show page to change the news.
if (empty($news) OR isset($errorMsg)) {
$tpl->loadTemplatefile('news_new.tpl.php');
$tpl->setVariable('form_action', 'news_change.php');
$tpl->touchBlock('button_abort');
if (!empty($news)) {
$tpl->setVariable('message', $news);
} else {
$tpl->setVariable('message', str_replace('<br />', "\r\n", stripslashes($newsRow['news'])));
}
if (!empty($valid_to)) {
$tpl->setVariable('valid', $valid_to);
} else {
$tpl->setVariable('valid', $newsRow['weeks']);
}
if (isset($errorMsg)) {
$tpl->setVariable('script_msg', $errorMsg);
}
$tpl->setVariable('news_id', $news_id);
$tpl->touchBlock('action');
}
}
} // End $action == 'change'
/**
* Page to delete news.
*/
if ($action == 'delete' AND $news_id != 0) {
$rightInfo = $db->queryRow('SELECT
owner_user_id,
owner_group_id
FROM
news
WHERE
news_id = ' . (int)$news_id);
// Check whether the user is cheating.
if (!$LU->checkRightLevel(RIGHT_NEWS_DELETE, (int)$rightInfo['owner_user_id'], (int)$rightInfo['owner_group_id'])) {
header('Location: news_change.php?logout=1');
} else {
$confirmed = array_key_exists('is_js_confirmed', $_GET) ? $_GET['is_js_confirmed'] : 0;
if ($confirmed) {
$db->query('DELETE FROM
news
WHERE
news_id = ' . (int)$news_id);
// Clear action.
$action = '';
}
}
} // End $action == 'loeschen'
/**
* Show summary.
*/
if (empty($action)) {
$tpl->loadTemplatefile('news_change.tpl.php');
// Get the last five news.
$res = $db->query('SELECT
N.news_id,
DATE_FORMAT(N.created_at,"%d.%m.%Y - %H:%i") AS date,
N.news,
N.owner_user_id,
N.owner_group_id,
U.handle
FROM
news AS N
INNER JOIN
liveuser_perm_peoples AS PU
ON
N.owner_user_id = PU.perm_user_id
INNER JOIN
liveuser_peoples AS U
ON
PU.auth_user_id = U.authUserId
ORDER BY
N.created_at DESC');
$bgcolor = array('#DDDDDD', '#CCCCCC');
$counter = 0;
while ($row = $res->fetchRow()) {
$tpl->setCurrentBlock('row');
$tpl->setVariable(array('color_n' => $bgcolor[$counter++%2],
'color_h' => '#D3DCE3',
'time' => $row['date'] . ' Uhr',
'news' => substr(stripslashes($row['news']), 0, 20) . ' ...',
'author' => '<a href="mailto:' . $row['handle'] . '@your-company.com">' . $row['handle'] . '</a>'));
// Has the user the right to change the news?
if ($LU->checkRightLevel(RIGHT_NEWS_CHANGE, (int)$row['owner_user_id'], (int)$row['owner_group_id'])) {
$tpl->setVariable('link_change', 'news_change.php?action=change&news_id='.$row['news_id']);
}
// Has the user the right to delete the news?
if ($LU->checkRightLevel(RIGHT_NEWS_DELETE, (int)$row['owner_user_id'], (int)$row['owner_group_id'])) {
$tpl->setVariable('link_delete', 'news_change.php?action=delete&news_id='.$row['news_id'].'" onclick="return confirmLink(this, \'Shall I really delete \\\''.htmlentities(substr(str_replace('<br>', ' ', $row['news']), 0, 20), ENT_QUOTES).' ...\\\' ?\')');
}
$tpl->parseCurrentBlock();
}
} // End empty($action)
include_once 'finish.inc.php';
?>
distrib
>
Mandriva
>
2010.0
>
i586
>
media
>
contrib-release
>
by-pkgid
>
99c7b4207008bf5019e51309ea55eafa
>
files
>
28
