website/news_edit.php
Jeff Teunissen 9e6f75ccbd Update for PHP 7.x
PHP 7 doesn't like the old short tags we were using (it's possible to re-enable
them, but won't be for version 8, so we might as well switch now), and the old
MySQL APIs are now gone entirely, replaced with something different.

This should make everything work at least as well as it used to.

Also, one file used to be checked in with CRLF line endings. ??
2022-04-27 13:14:47 -04:00

113 lines
3.4 KiB
PHP

<?php // Preamble
$pageName = "Edit News";
$need = 'auth';
require 'parts/preamble.php'; // Load most of document
if (!$userInfo['u_admin']) // no access from non-admin yet
bailout ("<P>You don't have access to this page (yet?). Bug an admin to delete a news post.</P>");
need ('html sql');
function newsEntrySummary ($it)
{
need ('date html');
return
'<TR>'
.' <TD><A href="' . thisURL . '?newsID=' . $it['n_id'] . '">' . $it['n_id'] . '</A></TD>'
.' <TD>' . dateFromSQLDateTime ($it['n_date']) . '</TD>'
.' <TD>' . $it['n_user'] . '</TD>'
.' <TD>' . substr (convertFromHTML (stripSlashes ($it['n_news'])), 0, 50) . '&#8230;</TD>'
.'</TR>';
}
function newsEntryEditor ($array)
{
need ('boxes html date');
$id = $array['n_id'];
$usr = $array['n_user'];
$date = dateFromSQLDateTime ($array['n_date']);
$txt = convertFromHTML (stripSlashes ($array['n_news']));
newsBoxOpen ("Edit News Entry #$id");
?>
<FORM action="<?=thisURL?>?newsID=<?=$id?>" method="post">
<DL>
<DT><FONT size="-1"><EM>Posted on</EM> <?=$date?> <EM>by</EM>
<STRONG>
<INPUT type="text" name="newsUser" size="20" value="<?=$usr?>">
</STRONG>
<INPUT align="center" type="submit" value="Modify User / Text"></INPUT>
</FONT></DT>
<DD>
<TEXTAREA name="newsText" rows="25" cols="64"><?=$txt?></TEXTAREA>
</DD>
</DL>
</FORM>
<?
newsBoxClose ();
}
need ('boxes sql table');
$newsID = addSlashes ($_REQUEST['newsID']);
$newsText = addSlashes ($_REQUEST['newsText']);
$newsUser = addSlashes ($_REQUEST['newsUser']);
if ($newsID) {
if ($newsUser && $newsText) {
$query = 'UPDATE news_main SET'
." n_user='$newsUser', n_news='$newsText'"
." WHERE n_id='$newsID'";
$rows = sqlWriteQuery ($query);
if ($rows === null) {
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
} elseif ($rows === false) {
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
} elseif (!$rows) {
echo '<P>Your edit was correctly formed, but had no effect on the database. Go fig, huh?</P>';
} else {
echo '<P>Your edit was processed successfully. Congratulations on your revision of history.<STRONG>:)</STRONG></P>';
}
} else {
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
." WHERE n_id=$newsID";
$entries = sqlReadQuery ($query);
if ($entries === null) {
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
} elseif ($entries === false) {
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
} elseif (count ($entries) == 1) {
newsEntryEditor ($entries[0]);
} else {
echo "<P>This shouldn't even be possible, but there's more than one news entry with ID '$newsID'!</P>";
}
}
} else {
newsBoxOpen ("All News Postings");
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
.' ORDER BY n_date DESC';
$entries = sqlReadQuery ($query);
if ($entries && is_array ($entries) && count ($entries)) {
tableHeader ("100%");
?><TR>
<TH align="left">ID</TH>
<TH align="left">Date</TH>
<TH align="left">User</TH>
<TH align="left">Text</TH>
</TR><?
for ($i = 0; $i < count ($entries); $i++) {
echo newsEntrySummary ($entries[$i]);
}
tableFooter ();
} else {
echo "<P>No news available.";
}
newsBoxClose ();
}
?>