website/news_edit.php
2007-03-18 04:37:46 +00:00

132 lines
3.7 KiB
PHP

<? // Preamble
$pageName = "Edit News";
$need = 'auth';
require "parts/preamble.php"; // Load most of document
if (!$userInfo['u_admin']) // no access from non-admin
bailout ('<P>You don\'t have access to this page (yet?). Bug an admin to delete a news post.</P>');
need ('sql');
function convertToHTML ($string)
{
$table = array_flip (get_html_translation_table (HTML_ENTITIES));
return strtr ($string, $table);
}
function convertFromHTML ($string)
{
$table = get_html_translation_table (HTML_ENTITIES);
return strtr ($string, $table);
}
function newsEntrySummary ($it)
{
need ("date");
return
'<TR>'
.' <TD><A href="' . thisURL . '?newsID=' . $it['n_id'] . '">' . $it['n_id'] . '</A></TD>'
.' <TD>' . dateFromSQLDateTime ($it['n_date']) . '</TD>'
.' <TD>' . $it['n_user'] . '</TD>'
.' <TD>' . substr (convertFromHTML (StripSlashes ($it['n_news'])), 0, 50) . '&#8230;</TD>'
.'</TR>';
}
function newsEntryEditor ($array)
{
need ("boxes date news");
$id = $array['n_id'];
$usr = $array['n_user'];
$txt = convertFromHTML (stripSlashes ($array['n_news']));
$date = dateFromSQLDateTime ($array['n_date']);
newsBoxOpen ("Edit News Entry #$id");
?>
<FORM action="<?=thisURL?>?newsID=<?=$id?>" method="post">
<DL>
<DT><FONT size="-1"><EM>Posted on</EM> <?=$date?> <EM>by</EM>
<STRONG>
<INPUT type="text" name="newsUser" size="20" value="<?=$usr?>">
</STRONG>
<INPUT align="center" type="submit" value="Modify User / Text"></INPUT>
</FONT></DT>
<DD>
<TEXTAREA name="newsText" rows="25" cols="64"><?=$txt?></TEXTAREA>
</DD>
</DL>
</FORM>
<?
newsBoxClose ();
}
need ('boxes sql table');
global $newsID;
global $newsText = $_POST['newsText'];
global $newsUser = $_POST['newsUser'];
$newsID = $_GET['newsID'];
$newsText = $_POST['newsText'];
$newsUser = $_POST['newsUser'];
if ($newsID) {
if ($newsUser && $newsText) {
$newsText = addSlashes ($newsText);
$query = 'UPDATE news_main SET'
." n_user='$newsUser', n_news='$newsText'"
." WHERE n_id='$newsID'";
$rows = sqlWriteQuery ($query);
if ($rows === null) {
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
} elseif ($rows === false) {
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
} elseif (!$rows) {
echo '<P>Your edit was correctly formed, but had no effect on the database. Go fig, huh?</P>';
} else {
echo '<P>Your edit was processed successfully. Congratulations on your revision of history.<STRONG>:)</STRONG></P>';
}
} else {
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
." WHERE n_id=$newsID";
$entries = sqlReadQuery ($query);
if ($entries === null) {
echo "<P>Bad mojo, man. I couldn't talk to the SQL server. It said '$sqlError'.</P>";
} elseif ($entries === false) {
echo "<P>Something bad happened, and MySQL said '$sqlError'. Bug an admin.</P>";
} elseif (count ($entries) == 1) {
newsEntryEditor ($entries[0]);
} else {
echo "<P>This shouldn't even be possible, but there's more than one news entry with ID '$newsID'!</P>";
}
}
} else {
newsBoxOpen ("All News Postings");
$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main'
.' ORDER BY n_date DESC';
$entries = sqlReadQuery ($query);
if ($entries && is_array ($entries) && count ($entries)) {
tableHeader ("100%");
?><TR>
<TH align="left">ID</TH>
<TH align="left">Date</TH>
<TH align="left">User</TH>
<TH align="left">Text</TH>
</TR><?
for ($i = 0; $i < count ($entries); $i++) {
echo newsEntrySummary ($entries[$i]);
}
tableFooter ();
} else {
echo "<P>No news available.";
}
newsBoxClose ();
}
?>