Gazelle/sections/tools/managers/news.php

85 lines
2.5 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
enforce_login();
2013-04-24 08:00:23 +00:00
if (!check_perms('admin_manage_news')) {
error(403);
}
2011-03-28 14:21:28 +00:00
2013-07-04 08:00:56 +00:00
View::show_header('Manage news', 'bbcode');
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
switch ($_GET['action']) {
2011-03-28 14:21:28 +00:00
case 'takeeditnews':
2013-04-24 08:00:23 +00:00
if (!check_perms('admin_manage_news')) {
error(403);
}
if (is_number($_POST['newsid'])) {
2011-03-28 14:21:28 +00:00
authorize();
2013-07-04 08:00:56 +00:00
$DB->query("
UPDATE news
SET Title = '".db_string($_POST['title'])."', Body = '".db_string($_POST['body'])."'
WHERE ID = '".db_string($_POST['newsid'])."'");
2011-03-28 14:21:28 +00:00
$Cache->delete_value('news');
$Cache->delete_value('feed_news');
}
header('Location: index.php');
break;
case 'editnews':
2013-04-24 08:00:23 +00:00
if (is_number($_GET['id'])) {
$NewsID = $_GET['id'];
2013-07-04 08:00:56 +00:00
$DB->query("
SELECT Title, Body
FROM news
WHERE ID = $NewsID");
2013-04-24 08:00:23 +00:00
list($Title, $Body) = $DB->next_record();
}
2011-03-28 14:21:28 +00:00
}
?>
<div class="thin">
2012-08-19 08:00:19 +00:00
<div class="header">
2013-04-24 08:00:23 +00:00
<h2><?= ($_GET['action'] == 'news') ? 'Create a news post' : 'Edit news post';?></h2>
2012-08-19 08:00:19 +00:00
</div>
2013-04-24 08:00:23 +00:00
<form class="<?= ($_GET['action'] == 'news') ? 'create_form' : 'edit_form';?>" name="news_post" action="tools.php" method="post">
2011-03-28 14:21:28 +00:00
<div class="box pad">
2013-04-24 08:00:23 +00:00
<input type="hidden" name="action" value="<?= ($_GET['action'] == 'news') ? 'takenewnews' : 'takeeditnews';?>" />
2011-03-28 14:21:28 +00:00
<input type="hidden" name="auth" value="<?=$LoggedUser['AuthKey']?>" />
2013-04-24 08:00:23 +00:00
<? if ($_GET['action'] == 'editnews') { ?>
2011-03-28 14:21:28 +00:00
<input type="hidden" name="newsid" value="<?=$NewsID; ?>" />
2013-04-24 08:00:23 +00:00
<? } ?>
2011-03-28 14:21:28 +00:00
<h3>Title</h3>
2013-05-25 08:01:03 +00:00
<input type="text" name="title" size="95"<? if (!empty($Title)) { echo ' value="'.display_str($Title).'"'; } ?> />
2012-09-19 08:00:35 +00:00
<!-- Why did someone add this? <input type="datetime" name="datetime" value="<?=sqltime()?>" /> -->
2011-03-28 14:21:28 +00:00
<br />
<h3>Body</h3>
2013-04-24 08:00:23 +00:00
<textarea name="body" cols="95" rows="15"><? if (!empty($Body)) { echo display_str($Body); } ?></textarea> <br /><br />
2013-02-22 08:00:24 +00:00
2012-08-03 08:00:17 +00:00
2011-03-28 14:21:28 +00:00
<div class="center">
2013-04-24 08:00:23 +00:00
<input type="submit" value="<?= ($_GET['action'] == 'news') ? 'Create news post' : 'Edit news post';?>" />
2011-03-28 14:21:28 +00:00
</div>
</div>
</form>
<h2>News archive</h2>
<?
2013-05-25 08:01:03 +00:00
$DB->query('
SELECT
2013-11-17 08:00:47 +00:00
ID,
Title,
Body,
Time
FROM news
ORDER BY Time DESC');// LIMIT 20
2013-04-24 08:00:23 +00:00
while (list($NewsID, $Title, $Body, $NewsTime) = $DB->next_record()) {
2011-03-28 14:21:28 +00:00
?>
2013-11-10 08:00:49 +00:00
<div class="box vertical_space news_post">
2011-03-28 14:21:28 +00:00
<div class="head">
<strong><?=display_str($Title) ?></strong> - posted <?=time_diff($NewsTime) ?>
2013-02-09 08:01:01 +00:00
- <a href="tools.php?action=editnews&amp;id=<?=$NewsID?>" class="brackets">Edit</a>
<a href="tools.php?action=deletenews&amp;id=<?=$NewsID?>&amp;auth=<?=$LoggedUser['AuthKey']?>" class="brackets">Delete</a>
2011-03-28 14:21:28 +00:00
</div>
2013-12-12 08:01:01 +00:00
<div class="pad"><?=Text::full_format($Body) ?></div>
2011-03-28 14:21:28 +00:00
</div>
<? } ?>
</div>
2012-10-11 08:00:15 +00:00
<? View::show_footer();?>