2012-01-25 08:00:20 +00:00
< ?
enforce_login ();
2013-04-30 18:18:07 +00:00
if ( ! check_perms ( 'users_mod' )) {
2012-01-25 08:00:20 +00:00
error ( 403 );
}
2013-07-10 00:08:53 +00:00
$DB -> query ( "
INSERT INTO staff_blog_visits
( UserID , Time )
VALUES
( " . $LoggedUser['ID'] . " , NOW ())
ON DUPLICATE KEY UPDATE Time = NOW () " );
2013-02-15 08:00:35 +00:00
$Cache -> delete_value ( 'staff_blog_read_' . $LoggedUser [ 'ID' ]);
2012-01-25 08:00:20 +00:00
define ( 'ANNOUNCEMENT_FORUM_ID' , 19 );
2013-05-27 08:00:58 +00:00
require ( SERVER_ROOT . '/classes/text.class.php' );
2012-01-25 08:00:20 +00:00
$Text = new TEXT ;
2013-04-30 18:18:07 +00:00
if ( check_perms ( 'admin_manage_blog' )) {
if ( ! empty ( $_REQUEST [ 'action' ])) {
switch ( $_REQUEST [ 'action' ]) {
2012-01-25 08:00:20 +00:00
case 'takeeditblog' :
authorize ();
if ( empty ( $_POST [ 'title' ])) {
error ( " Please enter a title. " );
}
2013-04-30 18:18:07 +00:00
if ( is_number ( $_POST [ 'blogid' ])) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
UPDATE staff_blog
SET Title = '".db_string($_POST[' title '])."' , Body = '".db_string($_POST[' body '])."'
WHERE ID = '".db_string($_POST[' blogid '])."' " );
2012-01-25 08:00:20 +00:00
$Cache -> delete_value ( 'staff_blog' );
$Cache -> delete_value ( 'staff_feed_blog' );
}
header ( 'Location: staffblog.php' );
break ;
case 'editblog' :
2013-04-30 18:18:07 +00:00
if ( is_number ( $_GET [ 'id' ])) {
2012-01-25 08:00:20 +00:00
$BlogID = $_GET [ 'id' ];
2013-07-10 00:08:53 +00:00
$DB -> query ( "
SELECT Title , Body
FROM staff_blog
WHERE ID = $BlogID " );
2012-01-25 08:00:20 +00:00
list ( $Title , $Body , $ThreadID ) = $DB -> next_record ();
}
break ;
case 'deleteblog' :
2013-04-30 18:18:07 +00:00
if ( is_number ( $_GET [ 'id' ])) {
2012-01-25 08:00:20 +00:00
authorize ();
2013-07-10 00:08:53 +00:00
$DB -> query ( "
DELETE FROM staff_blog
WHERE ID = '".db_string($_GET[' id '])."' " );
2012-01-25 08:00:20 +00:00
$Cache -> delete_value ( 'staff_blog' );
$Cache -> delete_value ( 'staff_feed_blog' );
}
header ( 'Location: staffblog.php' );
break ;
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
case 'takenewblog' :
authorize ();
if ( empty ( $_POST [ 'title' ])) {
error ( " Please enter a title. " );
}
$Title = db_string ( $_POST [ 'title' ]);
$Body = db_string ( $_POST [ 'body' ]);
2013-02-15 08:00:35 +00:00
2013-07-10 00:08:53 +00:00
$DB -> query ( "
INSERT INTO staff_blog
( UserID , Title , Body , Time )
VALUES
( '$LoggedUser[ID]' , '".db_string($_POST[' title '])."' , '".db_string($_POST[' body '])."' , NOW ()) " );
2012-01-25 08:00:20 +00:00
$Cache -> delete_value ( 'staff_blog' );
2013-02-15 08:00:35 +00:00
$Cache -> delete_value ( 'staff_blog_latest_time' );
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
send_irc ( " PRIVMSG " . ADMIN_CHAN . " :!blog " . $_POST [ 'title' ]);
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
header ( 'Location: staffblog.php' );
break ;
}
}
2013-02-15 08:00:35 +00:00
View :: show_header ( 'Staff Blog' , 'bbcode' );
2012-01-25 08:00:20 +00:00
?>
< div class = " box thin " >
< div class = " head " >
< ? = (( empty ( $_GET [ 'action' ])) ? 'Create a staff blog post' : 'Edit staff blog post' ) ?>
2013-04-30 18:18:07 +00:00
< span style = " float: right; " >
2013-06-17 08:01:02 +00:00
< a href = " # " onclick = " $ ('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false; " class = " bracket " >< ? = (( $_REQUEST [ 'action' ] != 'editblog' ) ? 'Show' : 'Hide' ) ?> </a>
2012-01-25 08:00:20 +00:00
</ span >
</ div >
2012-09-15 08:00:25 +00:00
< form class = " <?=((empty( $_GET['action'] )) ? 'create_form' : 'edit_form')?> " name = " blog_post " action = " staffblog.php " method = " post " >
2013-04-30 18:18:07 +00:00
< div id = " postform " class = " pad<?=( $_REQUEST['action'] != 'editblog') ? ' hidden' : '' ?> " >
2012-01-25 08:00:20 +00:00
< input type = " hidden " name = " action " value = " <?=((empty( $_GET['action'] )) ? 'takenewblog' : 'takeeditblog')?> " />
< input type = " hidden " name = " auth " value = " <?= $LoggedUser['AuthKey'] ?> " />
2013-04-30 18:18:07 +00:00
< ? if ( ! empty ( $_GET [ 'action' ]) && $_GET [ 'action' ] == 'editblog' ) { ?>
2012-01-25 08:00:20 +00:00
< input type = " hidden " name = " blogid " value = " <?= $BlogID ; ?> " />
2013-04-30 18:18:07 +00:00
< ? } ?>
2012-01-25 08:00:20 +00:00
< h3 > Title </ h3 >
2013-04-30 18:18:07 +00:00
< input type = " text " name = " title " size = " 95 " < ? if ( ! empty ( $Title )) { echo ' value="' . display_str ( $Title ) . '"' ; } ?> /><br />
2012-01-25 08:00:20 +00:00
< h3 > Body </ h3 >
2013-04-30 18:18:07 +00:00
< textarea name = " body " cols = " 95 " rows = " 15 " >< ? if ( ! empty ( $Body )) { echo display_str ( $Body ); } ?> </textarea> <br />
2012-01-25 08:00:20 +00:00
< br />< br />
< div class = " center " >
< input type = " submit " value = " <?=((!isset( $_GET['action'] )) ? 'Create blog post' : 'Edit blog post') ?> " />
</ div >
</ div >
</ form >
</ div >
< br />
2013-02-22 08:00:24 +00:00
< ?
2013-02-15 08:00:35 +00:00
} else {
View :: show_header ( 'Staff Blog' , 'bbcode' );
2012-01-25 08:00:20 +00:00
}
?>
< div class = " thin " >
< ?
2013-02-15 08:00:35 +00:00
if (( $Blog = $Cache -> get_value ( 'staff_blog' )) === false ) {
2013-07-10 00:08:53 +00:00
$DB -> query ( "
SELECT
b . ID ,
um . Username ,
b . Title ,
b . Body ,
b . Time
FROM staff_blog AS b
LEFT JOIN users_main AS um ON b . UserID = um . ID
2012-11-09 08:00:18 +00:00
ORDER BY Time DESC " );
2013-02-15 08:00:35 +00:00
$Blog = $DB -> to_array ( false , MYSQLI_NUM );
$Cache -> cache_value ( 'staff_blog' , $Blog , 1209600 );
2012-01-25 08:00:20 +00:00
}
foreach ( $Blog as $BlogItem ) {
list ( $BlogID , $Author , $Title , $Body , $BlogTime ) = $BlogItem ;
2013-02-15 08:00:35 +00:00
$BlogTime = strtotime ( $BlogTime );
2012-01-25 08:00:20 +00:00
?>
< div id = " blog<?= $BlogID ?> " class = " box " >
< div class = " head " >
< strong >< ? = $Title ?> </strong> - posted <?=time_diff($BlogTime);?> by <?=$Author?>
2013-04-30 18:18:07 +00:00
< ? if ( check_perms ( 'admin_manage_blog' )) { ?>
2013-02-09 08:01:01 +00:00
- < a href = " staffblog.php?action=editblog&id=<?= $BlogID ?> " class = " brackets " > Edit </ a >
2013-07-10 00:08:53 +00:00
< a href = " staffblog.php?action=deleteblog&id=<?= $BlogID ?>&auth=<?= $LoggedUser['AuthKey'] ?> " onclick = " return confirm('Do you want to delete this?'); " class = " brackets " > Delete </ a >
2013-04-30 18:18:07 +00:00
< ? } ?>
2012-01-25 08:00:20 +00:00
</ div >
< div class = " pad " >
< ? = $Text -> full_format ( $Body ) ?>
</ div >
</ div >
< br />
2013-02-22 08:00:24 +00:00
< ?
2012-01-25 08:00:20 +00:00
}
?>
</ div >
< ?
2012-10-11 08:00:15 +00:00
View :: show_footer ();
2012-01-25 08:00:20 +00:00
?>