Auth stuff, plus new addnews script.

cur_news.php

@@ -12,7 +12,7 @@
 			if ($numRows) {
 				for ($i = 0 ; $i < $numRows ; $i++) {
 					list ($n_date, $n_user, $n_news) = mysql_fetch_row ($result);
-					newsItem (dateFromSQLDateTime ($n_date), $n_user, $n_news);
+					newsItem (dateFromSQLDateTime ($n_date), $n_user, StripSlashes($n_news));
 				}
 			} else {
 				newsItem ('now', 'Web Server', '<P>No current news!');

lib/auth.php

@@ -119,7 +119,7 @@ CREATE TABLE members (
 		<?
 		tableFooter();
 		tableBoxFooter();
-		require("parts/postamble.php");
+		require (siteHome ."/parts/postamble.php");
 		die();
 	}
 
@@ -172,7 +172,7 @@ CREATE TABLE members (
 				" WHERE u_username='$cUserName'" .
 				" AND u_password='$cPassword'" .
 				" AND u_secret='$secret'";
-		$result = @mysql_fetch_array( @mysql_db_query (sqlDB, $query));
+		$result = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
 
 		if ( !($result[auth]) ) {
 			AuthenticateUser ($username, $password);
@@ -184,7 +184,7 @@ CREATE TABLE members (
 	// Initialization
 	$db = @mysql_connect (sqlHost, sqlUser, sqlPass);
 
-	global $userName, $password, $loginInfo;
+	global $userName, $password, $loginInfo, $userInfo;
 	
 	if ($loginInfo) {
 		$userName = authCookie ($loginInfo, $userName, $password);
@@ -195,6 +195,9 @@ CREATE TABLE members (
 			authLoginForm ('Login required');
 		}
 	}
+	$query = "SELECT * FROM members" .
+			" WHERE u_username='$userName'";
+	$userInfo = @mysql_fetch_array (@mysql_db_query (sqlDB, $query));
 	@mysql_close ($db);
-
+	
 ?>

members/addnews.php

@@ -0,0 +1,53 @@
+<?	// Preamble
+	$pageName = "Developers - Add News";
+	$focused = "home";					// Dock icon name to gets a border
+	$need = 'auth';
+	require("../parts/preamble.php");	// Load most of document
+?>	
+<?
+	if ($newsItem) {
+		need('sql');
+
+		$user = ucfirst($userInfo[u_username]) ;
+		$newsItem = AddSlashes($newsItem);
+
+		$conn = mysql_connect (sqlHost, sqlUser, sqlPass);
+		if ($conn) {
+			$query = 'INSERT into news_main (n_date, n_user, n_news) VALUES (' .
+					" NOW(), '$user', '$newsItem')";
+			$result = mysql_db_query (sqlDB, $query, $conn);
+			if ($result) {
+				$numRows = mysql_affected_rows ($conn);
+				if ($numRows) {
+					echo '<P>Your news item has been processed successfully.';
+				} else {
+					echo '<P>There was an error in your input.';
+				}
+			}
+			mysql_close ($conn);
+		} else {
+			echo 'You suck, butthead.';
+		}
+	} else {
+		tableBoxHeader(featureBgColor, tableHeadColor);
+		tableTitle("Add News", 1, tableHeadColor);
+
+		$date = strftime('%d %b %Y', time());
+		$user = ucfirst($userInfo[u_username]) ;
+		echo '<TR><TD><DL><DT><FONT SIZE=-1>Posted on ' . $date . ' by ' . $user . '</FONT></DT>' .
+			'	<DD> ';
+		?>
+			<FORM action="addnews.php" method="post">
+				<TEXTAREA name="newsItem" rows="25" cols="64"></TEXTAREA><BR>
+				<INPUT align="center" type="submit" value="Post"></INPUT>
+			</FORM>
+		<?	' . </DD>' .
+			'</DL></TD></TR>';
+		tableBoxFooter();
+	}
+?>
+<?
+?>
+<?
+	require (siteHome ."/parts/postamble.php");	// Finish this sucker up
+?>

members/index.php

@@ -0,0 +1,67 @@
+<?	// Preamble
+	$pageName = "Developer Central";
+	$focused = "home";					// Dock icon name to gets a border
+	$need = 'auth';
+	require("../parts/preamble.php");	// Load most of document
+?>	
+
+<?
+	function infoItem($url, $desc, $longdesc)
+	{
+		echo	'<DL>' .
+				'	<DT><A href="' . $url . '"><STRONG>' . $desc . '</STRONG></A></DT>' .
+				'	<DD><EM>' . $longdesc . '</EM></DD>' .
+				'</DL>';
+	}
+?>
+<H2>Welcome to Developer Central!</H2>
+
+<P>This is the area for developers to post news, edit your user information,
+and so on. Members with Admin-level access can modify news items and post
+State of the Code items here as well.
+
+<P>
+<?
+	tableHeader("100%", "black");
+?>
+	<TR vAlign="top">
+		<TD align="left">
+			<?
+				tableBoxHeader("100%", "black", tableHeadColor);
+				tableTitle("QuakeForge Developer Resources", 1, "black");
+			?>
+			<TR vAlign="top">
+				<TD>
+				<?
+					infoItem('addnews.php', 'Post News', 'Post new news items from here.');
+					infoItem('userinfo.php', 'User Info', 'Display or change your user information; Please use this when your email address, phone number, or snailmail address changes.');
+					infoItem('plan.php', 'Edit "plan"', 'Not used by the web site at the moment, this will provide something for users to see what the hell we\'re working on.');
+				?>
+				
+				</TD>
+			</TR>
+			<? tableBoxFooter() ?>
+		</TD>
+		<? if ($userInfo[u_admin] == 'Y') { ?>
+		<TD align="right">
+			<?
+				tableBoxHeader(featureBgColor, tableHeadColor);
+				tableTitle("Administration", 1, tableHeadColor);
+			?>
+			<TR>
+				<TD class="featureBox" align="right">
+					News [ <A href="addnews.php">Add</A> | <A href="editnews.php">Edit</A> | <A href="delnews.php">Delete</A> ]<BR>
+					SotC [ <A href="addsotc.php">Add</A> | <A href="editsotc.php">Edit</A> | <A href="delsotc.php">Delete</A> ]<BR>
+					User [ <A href="adduser.php">Add</A> | <A href="edituser.php">Edit</A> | <A href="deluser.php">Delete</A> ]<BR>
+				</TD>
+			</TR>
+			<?
+				tableBoxFooter();
+			?>
+		</TD>
+		<? } ?>
+	</TR>
+<? tableFooter(); ?>
+<?
+	require (siteHome ."/parts/postamble.php");	// Finish this sucker up
+?>

old_news.php

@@ -11,7 +11,7 @@
 			if ($numRows) {
 				for ($i = 0 ; $i < $numRows ; $i++) {
 					list ($n_date, $n_user, $n_news) = mysql_fetch_row ($result);
-					newsItem (dateFromSQLDateTime ($n_date), $n_user, $n_news);
+					newsItem (dateFromSQLDateTime ($n_date), $n_user, StripSlashes($n_news));
 				}
 			} else {
 				newsItem ('now', 'Web Server', '<P>No current news!');