Gazelle/sections/tools/managers/news.php

<?
enforce_login();
if (!check_perms('admin_manage_news')) {
	error(403);
}

include(SERVER_ROOT.'/classes/text.class.php');
$Text = new TEXT;
View::show_header('Manage news','bbcode');

switch ($_GET['action']) {
	case 'takeeditnews':
		if (!check_perms('admin_manage_news')) {
			error(403);
		}
		if (is_number($_POST['newsid'])) {
			authorize();

			$DB->query("UPDATE news SET Title='".db_string($_POST['title'])."', Body='".db_string($_POST['body'])."' WHERE ID='".db_string($_POST['newsid'])."'");
			$Cache->delete_value('news');
			$Cache->delete_value('feed_news');
		}
		header('Location: index.php');
		break;
	case 'editnews':
		if (is_number($_GET['id'])) {
			$NewsID = $_GET['id'];
			$DB->query("SELECT Title, Body FROM news WHERE ID=$NewsID");
			list($Title, $Body) = $DB->next_record();
		}
}
?>
<div class="thin">
	<div class="header">
		<h2><?= ($_GET['action'] == 'news') ? 'Create a news post' : 'Edit news post';?></h2>
	</div>
	<form class="<?= ($_GET['action'] == 'news') ? 'create_form' : 'edit_form';?>" name="news_post" action="tools.php" method="post">
		<div class="box pad">
			<input type="hidden" name="action" value="<?= ($_GET['action'] == 'news') ? 'takenewnews' : 'takeeditnews';?>" />
			<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
<? if ($_GET['action'] == 'editnews') { ?>
			<input type="hidden" name="newsid" value="<?=$NewsID; ?>" />
<? } ?>
			<h3>Title</h3>
			<input type="text" name="title" size="95"<? if (!empty($Title)) { echo ' value="'.display_str($Title).'"'; } ?> />
<!-- Why did someone add this?	<input type="datetime" name="datetime" value="<?=sqltime()?>" /> -->
			<br />
			<h3>Body</h3>
			<textarea name="body" cols="95" rows="15"><? if (!empty($Body)) { echo display_str($Body); } ?></textarea> <br /><br />


			<div class="center">
				<input type="submit" value="<?= ($_GET['action'] == 'news') ? 'Create news post' : 'Edit news post';?>" />
			</div>
		</div>
	</form>

	<h2>News archive</h2>
<?
$DB->query('
	SELECT
		n.ID,
		n.Title,
		n.Body,
		n.Time
	FROM news AS n
	ORDER BY n.Time DESC');// LIMIT 20
while (list($NewsID, $Title, $Body, $NewsTime) = $DB->next_record()) {
?>
	<div class="box vertical_space">
		<div class="head">
			<strong><?=display_str($Title) ?></strong> - posted <?=time_diff($NewsTime) ?>
			- <a href="tools.php?action=editnews&amp;id=<?=$NewsID?>" class="brackets">Edit</a>
			<a href="tools.php?action=deletenews&amp;id=<?=$NewsID?>&amp;auth=<?=$LoggedUser['AuthKey']?>" class="brackets">Delete</a>
		</div>
		<div class="pad"><?=$Text->full_format($Body) ?></div>
	</div>
<? } ?>
</div>
<? View::show_footer();?>
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`
			`enforce_login();`
Empty commit 2013-04-24 08:00:23 +00:00			`if (!check_perms('admin_manage_news')) {`
			`error(403);`
			`}`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00
Empty commit 2013-05-27 08:00:58 +00:00			`include(SERVER_ROOT.'/classes/text.class.php');`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$Text = new TEXT;`
Empty commit 2012-10-11 08:00:15 +00:00			`View::show_header('Manage news','bbcode');`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00
Empty commit 2013-04-24 08:00:23 +00:00			`switch ($_GET['action']) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`case 'takeeditnews':`
Empty commit 2013-04-24 08:00:23 +00:00			`if (!check_perms('admin_manage_news')) {`
			`error(403);`
			`}`
			`if (is_number($_POST['newsid'])) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`authorize();`

			`$DB->query("UPDATE news SET Title='".db_string($_POST['title'])."', Body='".db_string($_POST['body'])."' WHERE ID='".db_string($_POST['newsid'])."'");`
			`$Cache->delete_value('news');`
			`$Cache->delete_value('feed_news');`
			`}`
			`header('Location: index.php');`
			`break;`
			`case 'editnews':`
Empty commit 2013-04-24 08:00:23 +00:00			`if (is_number($_GET['id'])) {`
			`$NewsID = $_GET['id'];`
			`$DB->query("SELECT Title, Body FROM news WHERE ID=$NewsID");`
			`list($Title, $Body) = $DB->next_record();`
			`}`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`}`
			`?>`
			`<div class="thin">`
Empty commit 2012-08-19 08:00:19 +00:00			`<div class="header">`
Empty commit 2013-04-24 08:00:23 +00:00			`<h2><?= ($_GET['action'] == 'news') ? 'Create a news post' : 'Edit news post';?></h2>`
Empty commit 2012-08-19 08:00:19 +00:00			`</div>`
Empty commit 2013-04-24 08:00:23 +00:00			`<form class="<?= ($_GET['action'] == 'news') ? 'create_form' : 'edit_form';?>" name="news_post" action="tools.php" method="post">`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<div class="box pad">`
Empty commit 2013-04-24 08:00:23 +00:00			`<input type="hidden" name="action" value="<?= ($_GET['action'] == 'news') ? 'takenewnews' : 'takeeditnews';?>" />`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />`
Empty commit 2013-04-24 08:00:23 +00:00			`<? if ($_GET['action'] == 'editnews') { ?>`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<input type="hidden" name="newsid" value="<?=$NewsID; ?>" />`
Empty commit 2013-04-24 08:00:23 +00:00			`<? } ?>`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<h3>Title</h3>`
Empty commit 2013-05-25 08:01:03 +00:00			`<input type="text" name="title" size="95"<? if (!empty($Title)) { echo ' value="'.display_str($Title).'"'; } ?> />`
Empty commit 2012-09-19 08:00:35 +00:00			`<!-- Why did someone add this? <input type="datetime" name="datetime" value="<?=sqltime()?>" /> -->`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<br />`
			`<h3>Body</h3>`
Empty commit 2013-04-24 08:00:23 +00:00			`<textarea name="body" cols="95" rows="15"><? if (!empty($Body)) { echo display_str($Body); } ?></textarea> <br /><br />`
Empty commit 2013-02-22 08:00:24 +00:00
Empty commit 2012-08-03 08:00:17 +00:00
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<div class="center">`
Empty commit 2013-04-24 08:00:23 +00:00			`<input type="submit" value="<?= ($_GET['action'] == 'news') ? 'Create news post' : 'Edit news post';?>" />`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`</div>`
			`</div>`
			`</form>`

			`<h2>News archive</h2>`
			`<?`
Empty commit 2013-05-25 08:01:03 +00:00			`$DB->query('`
			`SELECT`
			`n.ID,`
			`n.Title,`
			`n.Body,`
			`n.Time`
			`FROM news AS n`
			`ORDER BY n.Time DESC');// LIMIT 20`
Empty commit 2013-04-24 08:00:23 +00:00			`while (list($NewsID, $Title, $Body, $NewsTime) = $DB->next_record()) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`?>`
			`<div class="box vertical_space">`
			`<div class="head">`
			`<strong><?=display_str($Title) ?></strong> - posted <?=time_diff($NewsTime) ?>`
Empty commit 2013-02-09 08:01:01 +00:00			`- <a href="tools.php?action=editnews&id=<?=$NewsID?>" class="brackets">Edit</a>`
			`<a href="tools.php?action=deletenews&id=<?=$NewsID?>&auth=<?=$LoggedUser['AuthKey']?>" class="brackets">Delete</a>`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`</div>`
			`<div class="pad"><?=$Text->full_format($Body) ?></div>`
			`</div>`
			`<? } ?>`
			`</div>`
Empty commit 2012-10-11 08:00:15 +00:00			`<? View::show_footer();?>`