1<?php 2 // CREATING ENVIRONMENT 3 require_once 'conf.php'; 4 5 // If the user hasn't the right to change news -> access denied. 6 if (!$LU->checkRight(RIGHT_NEWS_CHANGE)) { 7 $tpl->loadTemplatefile('news_notallowed.tpl.php', false, false); 8 include_once 'finish.inc.php'; 9 exit(); 10 } 11 12 // Read form data. 13 $action = array_key_exists('action', $_GET) ? $_GET['action'] : ''; 14 $action = array_key_exists('action', $_POST) ? $_POST['action'] : $action; 15 $news_id = array_key_exists('news_id', $_GET) ? (int)$_GET['news_id'] : 0; 16 $news_id = array_key_exists('news_id', $_POST) ? (int)$_POST['news_id'] : $news_id; 17 18 /** 19 * Page for changing news. 20 */ 21 if ($action == 'change' AND $news_id != 0) { 22 23 $newsRow = $db->queryRow('SELECT 24 news_id, 25 ROUND((TO_DAYS(valid_to)-TO_DAYS(created_at))/7) AS weeks, 26 UNIX_TIMESTAMP(created_at) AS created_at, 27 news, 28 owner_user_id, 29 owner_group_id 30 FROM 31 news 32 WHERE 33 news_id = ' . $news_id); 34 35 // Check whether the user is cheating. 36 if (!$LU->checkRightLevel(RIGHT_NEWS_CHANGE, (int)$newsRow['owner_user_id'], (int)$newsRow['owner_group_id'])) { 37 header('Location: news_change.php?logout=1'); 38 exit(); 39 } else { 40 41 // Read form data. 42 $news = array_key_exists('news', $_POST) ? $_POST['news'] : ''; 43 $valid_to = array_key_exists('valid_to', $_POST) ? (int)$_POST['valid_to'] : ''; 44 45 if (!empty($news)) { 46 47 if (!preg_match('/^[1-9][0-9]?$/', $valid_to)) { 48 $errorMsg = '<p><span style="color: red;">Only numbers between 1 and 99 are allowed here.</span></p>'; 49 } else { 50 // Form seems to be correct. Write data into the db. 51 $news = str_replace("\r\n",'<br />',$news); 52 53 $db->query('UPDATE 54 news 55 SET 56 valid_to = "' . date('Y.m.d H:i:s', $newsRow['created_at']+60*60*24*7*$valid_to) . '", 57 news = "' . addslashes( $news ) . '" 58 WHERE 59 news_id = "' . $news_id . '"'); 60 61 // Clear action. 62 $action = ''; 63 } 64 65 } 66 67 // Show page to change the news. 68 if (empty($news) OR isset($errorMsg)) { 69 $tpl->loadTemplatefile('news_new.tpl.php'); 70 71 $tpl->setVariable('form_action', 'news_change.php'); 72 $tpl->touchBlock('button_abort'); 73 74 if (!empty($news)) { 75 $tpl->setVariable('message', $news); 76 } else { 77 $tpl->setVariable('message', str_replace('<br />', "\r\n", stripslashes($newsRow['news']))); 78 } 79 80 if (!empty($valid_to)) { 81 $tpl->setVariable('valid', $valid_to); 82 } else { 83 $tpl->setVariable('valid', $newsRow['weeks']); 84 } 85 86 if (isset($errorMsg)) { 87 $tpl->setVariable('script_msg', $errorMsg); 88 } 89 90 $tpl->setVariable('news_id', $news_id); 91 $tpl->touchBlock('action'); 92 93 } 94 95 } 96 97 } // End $action == 'change' 98 99 100 /** 101 * Page to delete news. 102 */ 103 if ($action == 'delete' AND $news_id != 0) { 104 105 $rightInfo = $db->queryRow('SELECT 106 owner_user_id, 107 owner_group_id 108 FROM 109 news 110 WHERE 111 news_id = ' . (int)$news_id); 112 113 // Check whether the user is cheating. 114 if (!$LU->checkRightLevel(RIGHT_NEWS_DELETE, (int)$rightInfo['owner_user_id'], (int)$rightInfo['owner_group_id'])) { 115 header('Location: news_change.php?logout=1'); 116 } else { 117 $confirmed = array_key_exists('is_js_confirmed', $_GET) ? $_GET['is_js_confirmed'] : 0; 118 119 if ($confirmed) { 120 $db->query('DELETE FROM 121 news 122 WHERE 123 news_id = ' . (int)$news_id); 124 // Clear action. 125 $action = ''; 126 } 127 } 128 129 } // End $action == 'loeschen' 130 131 132 /** 133 * Show summary. 134 */ 135 if (empty($action)) { 136 137 $tpl->loadTemplatefile('news_change.tpl.php'); 138 139 // Get the last five news. 140 $res = $db->query('SELECT 141 N.news_id, 142 DATE_FORMAT(N.created_at,"%d.%m.%Y - %H:%i") AS date, 143 N.news, 144 N.owner_user_id, 145 N.owner_group_id, 146 U.handle 147 FROM 148 news AS N 149 INNER JOIN 150 liveuser_perm_peoples AS PU 151 ON 152 N.owner_user_id = PU.perm_user_id 153 INNER JOIN 154 liveuser_peoples AS U 155 ON 156 PU.auth_user_id = U.authUserId 157 ORDER BY 158 N.created_at DESC'); 159 160 $bgcolor = array('#DDDDDD', '#CCCCCC'); 161 $counter = 0; 162 163 while ($row = $res->fetchRow()) { 164 $tpl->setCurrentBlock('row'); 165 $tpl->setVariable(array('color_n' => $bgcolor[$counter++%2], 166 'color_h' => '#D3DCE3', 167 'time' => $row['date'] . ' Uhr', 168 'news' => substr(stripslashes($row['news']), 0, 20) . ' ...', 169 'author' => '<a href="mailto:' . $row['handle'] . '@your-company.com">' . $row['handle'] . '</a>')); 170 171 // Has the user the right to change the news? 172 if ($LU->checkRightLevel(RIGHT_NEWS_CHANGE, (int)$row['owner_user_id'], (int)$row['owner_group_id'])) { 173 $tpl->setVariable('link_change', 'news_change.php?action=change&news_id='.$row['news_id']); 174 } 175 176 // Has the user the right to delete the news? 177 if ($LU->checkRightLevel(RIGHT_NEWS_DELETE, (int)$row['owner_user_id'], (int)$row['owner_group_id'])) { 178 $tpl->setVariable('link_delete', 'news_change.php?action=delete&news_id='.$row['news_id'].'" onclick="return confirmLink(this, \'Shall I really delete \\\''.htmlentities(substr(str_replace('<br>', ' ', $row['news']), 0, 20), ENT_QUOTES).' ...\\\' ?\')'); 179 } 180 181 $tpl->parseCurrentBlock(); 182 } 183 184 } // End empty($action) 185 186 187 include_once 'finish.inc.php'; 188?> 189