website/news_add.php

<?	// Preamble
	$pageName = "Add News";
	$need = 'auth';
	require "parts/preamble.php";	// Load most of document

	function showPreview ($date, $user, $def)
	{?>
	<DIV class="newsBox">
		<DIV class="newsTitle"><H2>Add News (Preview)</H2></DIV>
		<DL>
			<DT><FONT size="-1"><EM>(Will be) posted on</EM> <?=$date?> <EM>by</EM> <STRONG><?=$user?></STRONG></FONT></DT>
			<DD>
				<FORM action="news_add.php" method="post">
					<TEXTAREA name="newsItem" rows="25" cols="64"><?=StripSlashes ($def)?></TEXTAREA><BR>
					<INPUT align="center" type="submit" name="mode" value="Post"></INPUT>
					<INPUT align="center" type="submit" name="mode" value="Preview"></INPUT>
				</FORM>
			</DD>
		</DL>
	</DIV>
	<?}

	$newsItem = $_REQUEST['newsItem'];
	$mode = $_REQUEST['mode'];

	if ($newsItem && $mode == "Post") {
		need ('sql');

		$user = ucfirst ($REMOTE_USER);
		$newsItem = AddSlashes ($newsItem);

		$conn = mysql_connect (sqlHost, sqlRWUser, sqlRWPass);
		if ($conn) {
			$query = 'INSERT into news_main (n_date, n_user, n_news) VALUES (' .
					" NOW(), '$user', '$newsItem')";
			$result = mysql_db_query (sqlDB, $query, $conn);
			if ($result) {
				$numRows = mysql_affected_rows ($conn);
				if ($numRows) {
					echo '<P>Your news item has been processed successfully.';
				} else {
					echo '<P>There was an error in your input. If you don\'t know what it is, I\'m not going to tell you.';
				}
			}
			mysql_close ($conn);
		} else {
			echo '<P>You suck, butthead.';
		}
	} else {
		$date = strftime ('%d %b %Y', time ());
		$user = ucfirst ($REMOTE_USER);

		if ($newsItem) {?>
			<DIV class="newsBox">
				<DIV class="newsTitle"><H2>Latest News</H2></DIV>
				<DL>
					<DT><FONT size="-1"><EM>Posted on</EM> <?=$date?> <EM>by</EM> <STRONG><?=$user?></STRONG></FONT></DT>
					<DD>
						<P><?=StripSlashes($newsItem)?></P>
					</DD>
				</DL>
			</DIV>
		<?}
		showPreview ($date, $user, $newsItem);
	}

	require siteHome . "/parts/postamble.php";	// Finish this sucker up
?>