2012-01-25 08:00:20 +00:00
< ?
enforce_login ();
2013-04-30 18:18:07 +00:00
if ( ! check_perms ( 'users_mod' )) {
2012-01-25 08:00:20 +00:00
error ( 403 );
}
2013-02-15 08:00:35 +00:00
$DB -> query ( " INSERT INTO staff_blog_visits (UserID, Time) VALUES ( " . $LoggedUser [ 'ID' ] . " , NOW()) ON DUPLICATE KEY UPDATE Time=NOW() " );
$Cache -> delete_value ( 'staff_blog_read_' . $LoggedUser [ 'ID' ]);
2012-01-25 08:00:20 +00:00
define ( 'ANNOUNCEMENT_FORUM_ID' , 19 );
2013-05-27 08:00:58 +00:00
require ( SERVER_ROOT . '/classes/text.class.php' );
2012-01-25 08:00:20 +00:00
$Text = new TEXT ;
2013-04-30 18:18:07 +00:00
if ( check_perms ( 'admin_manage_blog' )) {
if ( ! empty ( $_REQUEST [ 'action' ])) {
switch ( $_REQUEST [ 'action' ]) {
2012-01-25 08:00:20 +00:00
case 'takeeditblog' :
authorize ();
if ( empty ( $_POST [ 'title' ])) {
error ( " Please enter a title. " );
}
2013-04-30 18:18:07 +00:00
if ( is_number ( $_POST [ 'blogid' ])) {
2012-01-25 08:00:20 +00:00
$DB -> query ( " UPDATE staff_blog SET Title=' " . db_string ( $_POST [ 'title' ]) . " ', Body=' " . db_string ( $_POST [ 'body' ]) . " ' WHERE ID=' " . db_string ( $_POST [ 'blogid' ]) . " ' " );
$Cache -> delete_value ( 'staff_blog' );
$Cache -> delete_value ( 'staff_feed_blog' );
}
header ( 'Location: staffblog.php' );
break ;
case 'editblog' :
2013-04-30 18:18:07 +00:00
if ( is_number ( $_GET [ 'id' ])) {
2012-01-25 08:00:20 +00:00
$BlogID = $_GET [ 'id' ];
$DB -> query ( " SELECT Title, Body FROM staff_blog WHERE ID= $BlogID " );
list ( $Title , $Body , $ThreadID ) = $DB -> next_record ();
}
break ;
case 'deleteblog' :
2013-04-30 18:18:07 +00:00
if ( is_number ( $_GET [ 'id' ])) {
2012-01-25 08:00:20 +00:00
authorize ();
$DB -> query ( " DELETE FROM staff_blog WHERE ID=' " . db_string ( $_GET [ 'id' ]) . " ' " );
$Cache -> delete_value ( 'staff_blog' );
$Cache -> delete_value ( 'staff_feed_blog' );
}
header ( 'Location: staffblog.php' );
break ;
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
case 'takenewblog' :
authorize ();
if ( empty ( $_POST [ 'title' ])) {
error ( " Please enter a title. " );
}
$Title = db_string ( $_POST [ 'title' ]);
$Body = db_string ( $_POST [ 'body' ]);
2013-02-15 08:00:35 +00:00
$DB -> query ( " INSERT INTO staff_blog (UserID, Title, Body, Time) VALUES (' $LoggedUser[ID] ', ' " . db_string ( $_POST [ 'title' ]) . " ', ' " . db_string ( $_POST [ 'body' ]) . " ', NOW()) " );
2012-01-25 08:00:20 +00:00
$Cache -> delete_value ( 'staff_blog' );
2013-02-15 08:00:35 +00:00
$Cache -> delete_value ( 'staff_blog_latest_time' );
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
send_irc ( " PRIVMSG " . ADMIN_CHAN . " :!blog " . $_POST [ 'title' ]);
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
header ( 'Location: staffblog.php' );
break ;
}
}
2013-02-15 08:00:35 +00:00
View :: show_header ( 'Staff Blog' , 'bbcode' );
2012-01-25 08:00:20 +00:00
?>
< div class = " box thin " >
< div class = " head " >
< ? = (( empty ( $_GET [ 'action' ])) ? 'Create a staff blog post' : 'Edit staff blog post' ) ?>
2013-04-30 18:18:07 +00:00
< span style = " float: right; " >
2013-06-17 08:01:02 +00:00
< a href = " # " onclick = " $ ('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false; " class = " bracket " >< ? = (( $_REQUEST [ 'action' ] != 'editblog' ) ? 'Show' : 'Hide' ) ?> </a>
2012-01-25 08:00:20 +00:00
</ span >
</ div >
2012-09-15 08:00:25 +00:00
< form class = " <?=((empty( $_GET['action'] )) ? 'create_form' : 'edit_form')?> " name = " blog_post " action = " staffblog.php " method = " post " >
2013-04-30 18:18:07 +00:00
< div id = " postform " class = " pad<?=( $_REQUEST['action'] != 'editblog') ? ' hidden' : '' ?> " >
2012-01-25 08:00:20 +00:00
< input type = " hidden " name = " action " value = " <?=((empty( $_GET['action'] )) ? 'takenewblog' : 'takeeditblog')?> " />
< input type = " hidden " name = " auth " value = " <?= $LoggedUser['AuthKey'] ?> " />
2013-04-30 18:18:07 +00:00
< ? if ( ! empty ( $_GET [ 'action' ]) && $_GET [ 'action' ] == 'editblog' ) { ?>
2012-01-25 08:00:20 +00:00
< input type = " hidden " name = " blogid " value = " <?= $BlogID ; ?> " />
2013-04-30 18:18:07 +00:00
< ? } ?>
2012-01-25 08:00:20 +00:00
< h3 > Title </ h3 >
2013-04-30 18:18:07 +00:00
< input type = " text " name = " title " size = " 95 " < ? if ( ! empty ( $Title )) { echo ' value="' . display_str ( $Title ) . '"' ; } ?> /><br />
2012-01-25 08:00:20 +00:00
< h3 > Body </ h3 >
2013-04-30 18:18:07 +00:00
< textarea name = " body " cols = " 95 " rows = " 15 " >< ? if ( ! empty ( $Body )) { echo display_str ( $Body ); } ?> </textarea> <br />
2012-01-25 08:00:20 +00:00
< br />< br />
< div class = " center " >
< input type = " submit " value = " <?=((!isset( $_GET['action'] )) ? 'Create blog post' : 'Edit blog post') ?> " />
</ div >
</ div >
</ form >
</ div >
< br />
2013-02-22 08:00:24 +00:00
< ?
2013-02-15 08:00:35 +00:00
} else {
View :: show_header ( 'Staff Blog' , 'bbcode' );
2012-01-25 08:00:20 +00:00
}
?>
< div class = " thin " >
< ?
2013-02-15 08:00:35 +00:00
if (( $Blog = $Cache -> get_value ( 'staff_blog' )) === false ) {
2012-01-25 08:00:20 +00:00
$DB -> query ( " SELECT
b . ID ,
um . Username ,
b . Title ,
b . Body ,
b . Time
FROM staff_blog AS b LEFT JOIN users_main AS um ON b . UserID = um . ID
2012-11-09 08:00:18 +00:00
ORDER BY Time DESC " );
2013-02-15 08:00:35 +00:00
$Blog = $DB -> to_array ( false , MYSQLI_NUM );
$Cache -> cache_value ( 'staff_blog' , $Blog , 1209600 );
2012-01-25 08:00:20 +00:00
}
foreach ( $Blog as $BlogItem ) {
list ( $BlogID , $Author , $Title , $Body , $BlogTime ) = $BlogItem ;
2013-02-15 08:00:35 +00:00
$BlogTime = strtotime ( $BlogTime );
2012-01-25 08:00:20 +00:00
?>
< div id = " blog<?= $BlogID ?> " class = " box " >
< div class = " head " >
< strong >< ? = $Title ?> </strong> - posted <?=time_diff($BlogTime);?> by <?=$Author?>
2013-04-30 18:18:07 +00:00
< ? if ( check_perms ( 'admin_manage_blog' )) { ?>
2013-02-09 08:01:01 +00:00
- < a href = " staffblog.php?action=editblog&id=<?= $BlogID ?> " class = " brackets " > Edit </ a >
< a href = " staffblog.php?action=deleteblog&id=<?= $BlogID ?>&auth=<?= $LoggedUser['AuthKey'] ?> " onclick = " return confirm('Do you want to delete this?') " class = " brackets " > Delete </ a >
2013-04-30 18:18:07 +00:00
< ? } ?>
2012-01-25 08:00:20 +00:00
</ div >
< div class = " pad " >
< ? = $Text -> full_format ( $Body ) ?>
</ div >
</ div >
< br />
2013-02-22 08:00:24 +00:00
< ?
2012-01-25 08:00:20 +00:00
}
?>
</ div >
< ?
2012-10-11 08:00:15 +00:00
View :: show_footer ();
2012-01-25 08:00:20 +00:00
?>