Gazelle/sections/staffblog/index.php

158 lines
4.8 KiB
PHP
Raw Normal View History

2012-01-25 08:00:20 +00:00
<?
enforce_login();
2013-04-30 18:18:07 +00:00
if (!check_perms('users_mod')) {
2012-01-25 08:00:20 +00:00
error(403);
}
2013-07-10 00:08:53 +00:00
$DB->query("
INSERT INTO staff_blog_visits
(UserID, Time)
VALUES
(".$LoggedUser['ID'].", NOW())
2013-09-06 08:00:41 +00:00
ON DUPLICATE KEY UPDATE
Time = NOW()");
2013-02-15 08:00:35 +00:00
$Cache->delete_value('staff_blog_read_'.$LoggedUser['ID']);
2012-01-25 08:00:20 +00:00
define('ANNOUNCEMENT_FORUM_ID', 19);
2013-05-27 08:00:58 +00:00
require(SERVER_ROOT.'/classes/text.class.php');
2012-01-25 08:00:20 +00:00
$Text = new TEXT;
2013-04-30 18:18:07 +00:00
if (check_perms('admin_manage_blog')) {
if (!empty($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
2012-01-25 08:00:20 +00:00
case 'takeeditblog':
authorize();
if (empty($_POST['title'])) {
error("Please enter a title.");
}
2013-04-30 18:18:07 +00:00
if (is_number($_POST['blogid'])) {
2013-07-10 00:08:53 +00:00
$DB->query("
UPDATE staff_blog
SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
WHERE ID = '".db_string($_POST['blogid'])."'");
2012-01-25 08:00:20 +00:00
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_feed_blog');
}
header('Location: staffblog.php');
break;
case 'editblog':
2013-04-30 18:18:07 +00:00
if (is_number($_GET['id'])) {
2012-01-25 08:00:20 +00:00
$BlogID = $_GET['id'];
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT Title, Body
FROM staff_blog
WHERE ID = $BlogID");
2012-01-25 08:00:20 +00:00
list($Title, $Body, $ThreadID) = $DB->next_record();
}
break;
case 'deleteblog':
2013-04-30 18:18:07 +00:00
if (is_number($_GET['id'])) {
2012-01-25 08:00:20 +00:00
authorize();
2013-07-10 00:08:53 +00:00
$DB->query("
DELETE FROM staff_blog
WHERE ID = '".db_string($_GET['id'])."'");
2012-01-25 08:00:20 +00:00
$Cache->delete_value('staff_blog');
$Cache->delete_value('staff_feed_blog');
}
header('Location: staffblog.php');
break;
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
case 'takenewblog':
authorize();
if (empty($_POST['title'])) {
error("Please enter a title.");
}
$Title = db_string($_POST['title']);
$Body = db_string($_POST['body']);
2013-02-15 08:00:35 +00:00
2013-07-10 00:08:53 +00:00
$DB->query("
INSERT INTO staff_blog
(UserID, Title, Body, Time)
VALUES
('$LoggedUser[ID]', '".db_string($_POST['title'])."', '".db_string($_POST['body'])."', NOW())");
2012-01-25 08:00:20 +00:00
$Cache->delete_value('staff_blog');
2013-02-15 08:00:35 +00:00
$Cache->delete_value('staff_blog_latest_time');
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
send_irc("PRIVMSG ".ADMIN_CHAN." :!blog " . $_POST['title']);
2013-02-22 08:00:24 +00:00
2012-01-25 08:00:20 +00:00
header('Location: staffblog.php');
break;
}
}
2013-02-15 08:00:35 +00:00
View::show_header('Staff Blog','bbcode');
2012-01-25 08:00:20 +00:00
?>
2013-07-18 08:00:51 +00:00
<div class="box box2 thin">
2012-01-25 08:00:20 +00:00
<div class="head">
<?=((empty($_GET['action'])) ? 'Create a staff blog post' : 'Edit staff blog post')?>
2013-04-30 18:18:07 +00:00
<span style="float: right;">
2013-06-17 08:01:02 +00:00
<a href="#" onclick="$('#postform').gtoggle(); this.innerHTML = (this.innerHTML == 'Hide' ? 'Show' : 'Hide'); return false;" class="bracket"><?=(($_REQUEST['action'] != 'editblog') ? 'Show' : 'Hide')?></a>
2012-01-25 08:00:20 +00:00
</span>
</div>
2012-09-15 08:00:25 +00:00
<form class="<?=((empty($_GET['action'])) ? 'create_form' : 'edit_form')?>" name="blog_post" action="staffblog.php" method="post">
2013-04-30 18:18:07 +00:00
<div id="postform" class="pad<?=($_REQUEST['action'] != 'editblog') ? ' hidden' : '' ?>">
2012-01-25 08:00:20 +00:00
<input type="hidden" name="action" value="<?=((empty($_GET['action'])) ? 'takenewblog' : 'takeeditblog')?>" />
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
2013-04-30 18:18:07 +00:00
<? if (!empty($_GET['action']) && $_GET['action'] == 'editblog') { ?>
2012-01-25 08:00:20 +00:00
<input type="hidden" name="blogid" value="<?=$BlogID; ?>" />
2013-04-30 18:18:07 +00:00
<? } ?>
2013-07-18 08:00:51 +00:00
<div class="field_div">
<h3>Title</h3>
<input type="text" name="title" size="95"<? if (!empty($Title)) { echo ' value="'.display_str($Title).'"'; } ?> />
</div>
<div class="field_div">
<h3>Body</h3>
<textarea name="body" cols="95" rows="15"><? if (!empty($Body)) { echo display_str($Body); } ?></textarea> <br />
</div>
<div class="submit_div center">
2012-01-25 08:00:20 +00:00
<input type="submit" value="<?=((!isset($_GET['action'])) ? 'Create blog post' : 'Edit blog post') ?>" />
</div>
</div>
</form>
</div>
2013-02-22 08:00:24 +00:00
<?
2013-02-15 08:00:35 +00:00
} else {
View::show_header('Staff Blog','bbcode');
2012-01-25 08:00:20 +00:00
}
?>
<div class="thin">
<?
2013-02-15 08:00:35 +00:00
if (($Blog = $Cache->get_value('staff_blog')) === false) {
2013-07-10 00:08:53 +00:00
$DB->query("
SELECT
b.ID,
um.Username,
b.Title,
b.Body,
b.Time
FROM staff_blog AS b
LEFT JOIN users_main AS um ON b.UserID = um.ID
2012-11-09 08:00:18 +00:00
ORDER BY Time DESC");
2013-02-15 08:00:35 +00:00
$Blog = $DB->to_array(false, MYSQLI_NUM);
$Cache->cache_value('staff_blog', $Blog, 1209600);
2012-01-25 08:00:20 +00:00
}
foreach ($Blog as $BlogItem) {
list($BlogID, $Author, $Title, $Body, $BlogTime) = $BlogItem;
2013-02-15 08:00:35 +00:00
$BlogTime = strtotime($BlogTime);
2012-01-25 08:00:20 +00:00
?>
2013-07-18 08:00:51 +00:00
<div id="blog<?=$BlogID?>" class="box box2">
2012-01-25 08:00:20 +00:00
<div class="head">
<strong><?=$Title?></strong> - posted <?=time_diff($BlogTime);?> by <?=$Author?>
2013-04-30 18:18:07 +00:00
<? if (check_perms('admin_manage_blog')) { ?>
2013-02-09 08:01:01 +00:00
- <a href="staffblog.php?action=editblog&amp;id=<?=$BlogID?>" class="brackets">Edit</a>
2013-07-10 00:08:53 +00:00
<a href="staffblog.php?action=deleteblog&amp;id=<?=$BlogID?>&amp;auth=<?=$LoggedUser['AuthKey']?>" onclick="return confirm('Do you want to delete this?');" class="brackets">Delete</a>
2013-04-30 18:18:07 +00:00
<? } ?>
2012-01-25 08:00:20 +00:00
</div>
<div class="pad">
<?=$Text->full_format($Body)?>
</div>
</div>
2013-02-22 08:00:24 +00:00
<?
2012-01-25 08:00:20 +00:00
}
?>
</div>
<?
2012-10-11 08:00:15 +00:00
View::show_footer();
2012-01-25 08:00:20 +00:00
?>