mirror of
https://git.code.sf.net/p/quake/website
synced 2024-11-27 14:32:31 +00:00
Added a confirmation panel to the "delete news" page, made everything a little
safer.
This commit is contained in:
parent
a0a47c2b2c
commit
84bd320514
5 changed files with 82 additions and 66 deletions
|
@ -3,14 +3,13 @@
|
||||||
$need = 'auth';
|
$need = 'auth';
|
||||||
require "parts/preamble.php"; // Load most of document
|
require "parts/preamble.php"; // Load most of document
|
||||||
|
|
||||||
$newsText = $_REQUEST['newsText'];
|
$newsText = addSlashes ($_REQUEST['newsText']);
|
||||||
$mode = $_REQUEST['mode'];
|
$mode = $_REQUEST['mode'];
|
||||||
$user = $userInfo['u_displayname'];
|
$user = $userInfo['u_displayname'];
|
||||||
|
|
||||||
if ($newsText && $mode == "Post") {
|
if ($newsText && $mode == "Post") {
|
||||||
need ('sql');
|
need ('sql');
|
||||||
|
|
||||||
$newsText = addSlashes ($newsText);
|
|
||||||
$query = 'INSERT into news_main (n_date, n_user, n_news) VALUES ('
|
$query = 'INSERT into news_main (n_date, n_user, n_news) VALUES ('
|
||||||
."NOW(), '$user', '$newsText')";
|
."NOW(), '$user', '$newsText')";
|
||||||
|
|
||||||
|
|
105
news_del.php
105
news_del.php
|
@ -1,12 +1,12 @@
|
||||||
<? // Preamble
|
<? // Preamble
|
||||||
$pageName = "Delete News";
|
$pageName = "Delete News";
|
||||||
$need = 'auth';
|
$need = 'auth';
|
||||||
require "parts/preamble.php"; // Load most of document
|
require 'parts/preamble.php'; // Load most of document
|
||||||
|
|
||||||
if (!$userInfo['u_admin']) // no access from non-admin
|
if (!$userInfo['u_admin']) // no access from non-admin yet
|
||||||
bailout ('<P>You don\'t have access to this page. Bug an admin to delete a news post.</P>');
|
bailout ("<P>You don't have access to this page (yet?). Bug an admin to delete a news post.</P>");
|
||||||
|
|
||||||
need ('sql');
|
need ('boxes news sql');
|
||||||
|
|
||||||
function convertToHTML ($string)
|
function convertToHTML ($string)
|
||||||
{
|
{
|
||||||
|
@ -18,67 +18,88 @@
|
||||||
function convertFromHTML ($string)
|
function convertFromHTML ($string)
|
||||||
{
|
{
|
||||||
$table = get_html_translation_table (HTML_ENTITIES);
|
$table = get_html_translation_table (HTML_ENTITIES);
|
||||||
|
|
||||||
return strtr ($string, $table);
|
return strtr ($string, $table);
|
||||||
}
|
}
|
||||||
|
|
||||||
function newsEntry ($array)
|
function newsEntrySummary ($it)
|
||||||
{
|
{
|
||||||
need ('date');
|
need ("date");
|
||||||
|
|
||||||
return
|
return
|
||||||
'<TR>'
|
'<TR>'
|
||||||
.' <TD><A href="news_del.php?newsID=' . $array[n_id] . '">' . $array[n_id] . '</A></TD>'
|
.' <TD><A href="' . thisURL . '?newsID=' . $it['n_id'] . '">' . $it['n_id'] . '</A></TD>'
|
||||||
.' <TD>' . dateFromSQLDateTime ($array[n_date]) . '</TD>'
|
.' <TD>' . dateFromSQLDateTime ($it['n_date']) . '</TD>'
|
||||||
.' <TD>' . $array[n_user] . '</TD>'
|
.' <TD>' . $it['n_user'] . '</TD>'
|
||||||
.' <TD>' . substr (convertFromHTML (stripSlashes ($array[n_news])), 0, 50) . '…</TD>'
|
.' <TD>' . substr (convertFromHTML (stripSlashes ($it['n_news'])), 0, 50) . '…</TD>'
|
||||||
.'</TR>';
|
.'</TR>';
|
||||||
}
|
}
|
||||||
|
|
||||||
$newsID = $_REQUEST['newsID'];
|
function newsEntryConfirmation ($a)
|
||||||
|
{
|
||||||
|
need ("date");
|
||||||
|
|
||||||
|
$id = $a['n_id'];
|
||||||
|
|
||||||
|
newsBoxOpen ();
|
||||||
|
newsBoxTitle ("Confirmation: Delete #$id?", thisURL . "?newsID=$id&confirm=yes");
|
||||||
|
printNewsArray ($a);
|
||||||
|
newsBoxClose ();
|
||||||
|
}
|
||||||
|
|
||||||
|
$newsID = addSlashes ($_REQUEST['newsID']);
|
||||||
|
$confirm = $_REQUEST['confirm'];
|
||||||
|
|
||||||
if ($conn = mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass)) {
|
|
||||||
if ($newsID) {
|
if ($newsID) {
|
||||||
|
if ($confirm) {
|
||||||
$query = "DELETE FROM news_main WHERE n_id='$newsID'";
|
$query = "DELETE FROM news_main WHERE n_id='$newsID'";
|
||||||
if ($result = mysql_db_query (sqlDB, $query, $conn)) {
|
|
||||||
if ($numRows = mysql_affected_rows ($conn)) {
|
|
||||||
echo "<P>News entry $newsID has been deleted successfully.";
|
|
||||||
} else {
|
|
||||||
echo '<P>There was an error in your input. If you don\'t know what it is, I\'m not going to tell you.';
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
?>
|
$rows = sqlWriteQuery ($query);
|
||||||
<DIV class="newsBox">
|
if ($rows === null) {
|
||||||
<DIV class="newsTitle"><H2>Delete News</H2></DIV>
|
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
|
||||||
<TABLE width="100%">
|
} elseif ($rows === false) {
|
||||||
<?
|
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
|
||||||
|
} elseif (!$rows) {
|
||||||
|
echo "<P>News entry $newsID didn't exist.";
|
||||||
|
} else {
|
||||||
|
echo "<P>News entry $newsID has been deleted.";
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
|
||||||
|
." WHERE n_id='$newsID'";
|
||||||
|
$entries = sqlReadQuery ($query);
|
||||||
|
if ($entries === null) {
|
||||||
|
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
|
||||||
|
} elseif ($entries === false) {
|
||||||
|
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
|
||||||
|
} elseif (count ($entries) == 1) {
|
||||||
|
newsEntryConfirmation ($entries[0]);
|
||||||
|
} else {
|
||||||
|
echo "<P>This shouldn't even be possible, but there's more than one news entry with ID '$newsID'!</P>";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
newsBoxOpen ("All News Postings");
|
||||||
|
|
||||||
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
|
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
|
||||||
.' ORDER BY n_date DESC';
|
.' ORDER BY n_date DESC';
|
||||||
if ($result = mysql_db_query (sqlDB, $query, $conn)) {
|
|
||||||
if ($numRows = mysql_num_rows ($result)) {?>
|
$entries = sqlReadQuery ($query);
|
||||||
<TR>
|
if ($entries && is_array ($entries) && count ($entries)) {
|
||||||
|
tableHeader ("100%");
|
||||||
|
?><TR>
|
||||||
<TH align="left">ID</TH>
|
<TH align="left">ID</TH>
|
||||||
<TH align="left">Date</TH>
|
<TH align="left">Date</TH>
|
||||||
<TH align="left">User</TH>
|
<TH align="left">User</TH>
|
||||||
<TH align="left">Text</TH>
|
<TH align="left">Text</TH>
|
||||||
</TR><?
|
</TR><?
|
||||||
|
for ($i = 0; $i < count ($entries); $i++) {
|
||||||
for ($i = 0; $i < $numRows; $i++) {
|
echo newsEntrySummary ($entries[$i]);
|
||||||
$news[$i] = mysql_fetch_assoc ($result);
|
|
||||||
echo newsEntry ($news[$i]);
|
|
||||||
}
|
}
|
||||||
|
tableFooter ();
|
||||||
} else {
|
} else {
|
||||||
echo '<P>No matching news entries.</P>';
|
echo "<P>No news available.";
|
||||||
}
|
}
|
||||||
} else {
|
newsBoxClose ();
|
||||||
echo '<P>Somebody screwed up, and MySQL said "' . mysql_error() . '". Bug a project admin or somethin\' eh?</P>';
|
|
||||||
}
|
|
||||||
?>
|
|
||||||
</TABLE>
|
|
||||||
</DIV>
|
|
||||||
<?
|
|
||||||
} else {
|
|
||||||
echo '<P>Couldn\'t connect to the SQL server with the password you gave. <STRONG>("You suck, butthead.")</STRONG></P>';
|
|
||||||
}
|
}
|
||||||
?>
|
?>
|
|
@ -1,10 +1,10 @@
|
||||||
<? // Preamble
|
<? // Preamble
|
||||||
$pageName = "Edit News";
|
$pageName = "Edit News";
|
||||||
$need = 'auth';
|
$need = 'auth';
|
||||||
require "parts/preamble.php"; // Load most of document
|
require 'parts/preamble.php'; // Load most of document
|
||||||
|
|
||||||
if (!$userInfo['u_admin']) // no access from non-admin
|
if (!$userInfo['u_admin']) // no access from non-admin yet
|
||||||
bailout ('<P>You don\'t have access to this page (yet?). Bug an admin to delete a news post.</P>');
|
bailout ("<P>You don't have access to this page (yet?). Bug an admin to delete a news post.</P>");
|
||||||
|
|
||||||
need ('sql');
|
need ('sql');
|
||||||
|
|
||||||
|
@ -65,13 +65,12 @@
|
||||||
|
|
||||||
need ('boxes sql table');
|
need ('boxes sql table');
|
||||||
|
|
||||||
$newsID = $_GET['newsID'];
|
$newsID = addSlashes ($_REQUEST['newsID']);
|
||||||
$newsText = $_POST['newsText'];
|
$newsText = addSlashes ($_REQUEST['newsText']);
|
||||||
$newsUser = $_POST['newsUser'];
|
$newsUser = addSlashes ($_REQUEST['newsUser']);
|
||||||
|
|
||||||
if ($newsID) {
|
if ($newsID) {
|
||||||
if ($newsUser && $newsText) {
|
if ($newsUser && $newsText) {
|
||||||
$newsText = addSlashes ($newsText);
|
|
||||||
$query = 'UPDATE news_main SET'
|
$query = 'UPDATE news_main SET'
|
||||||
." n_user='$newsUser', n_news='$newsText'"
|
." n_user='$newsUser', n_news='$newsText'"
|
||||||
." WHERE n_id='$newsID'";
|
." WHERE n_id='$newsID'";
|
||||||
|
|
|
@ -7,13 +7,11 @@
|
||||||
|
|
||||||
// set up local vars
|
// set up local vars
|
||||||
$mode = $_REQUEST['mode'];
|
$mode = $_REQUEST['mode'];
|
||||||
$planSubj = $_REQUEST['planSubj'];
|
$planSubj = addSlashes ($_REQUEST['planSubj']);
|
||||||
$planText = $_REQUEST['planText'];
|
$planText = addSlashes ($_REQUEST['planText']);
|
||||||
$user = $userInfo['u_displayname'];
|
$user = $userInfo['u_displayname'];
|
||||||
|
|
||||||
if ($planText && $planSubj && $mode == "Post") {
|
if ($planText && $planSubj && $mode == "Post") {
|
||||||
$planSubj = addSlashes ($planSubj);
|
|
||||||
$planText = addSlashes ($planText);
|
|
||||||
$query = 'INSERT INTO plans (p_date, p_user, p_title, p_plan) VALUES ('
|
$query = 'INSERT INTO plans (p_date, p_user, p_title, p_plan) VALUES ('
|
||||||
."NOW(), '$user', '$planSubj', '$planText')";
|
."NOW(), '$user', '$planSubj', '$planText')";
|
||||||
|
|
||||||
|
|
|
@ -67,14 +67,13 @@
|
||||||
|
|
||||||
need ('boxes sql table');
|
need ('boxes sql table');
|
||||||
|
|
||||||
$planID = $_GET['planID'];
|
$planID = addSlashes ($_REQUEST['planID']);
|
||||||
$planSubj = $_POST['planSubj'];
|
$planSubj = addSlashes ($_REQUEST['planSubj']);
|
||||||
$planText = $_POST['planText'];
|
$planText = addSlashes ($_REQUEST['planText']);
|
||||||
$planUser = $_POST['planUser'];
|
$planUser = addSlashes ($_REQUEST['planUser']);
|
||||||
|
|
||||||
if ($planID) {
|
if ($planID) {
|
||||||
if ($planSubj && $planText && $planUser) {
|
if ($planSubj && $planText && $planUser) {
|
||||||
$planText = addSlashes ($planText);
|
|
||||||
$query = 'UPDATE plans SET'
|
$query = 'UPDATE plans SET'
|
||||||
." p_user='$planUser', p_title='$planSubj', p_plan='$planText'"
|
." p_user='$planUser', p_title='$planSubj', p_plan='$planText'"
|
||||||
." WHERE p_id='$planID'";
|
." WHERE p_id='$planID'";
|
||||||
|
|
Loading…
Reference in a new issue