website/news_edit.php

<?	// Preamble
	$pageName = "Edit News";
	$need = 'auth';
	require "parts/preamble.php";	// Load most of document

	if (!$userInfo['u_admin'])	// no access from non-admin
		bailout ('<P>You don\'t have access to this page. Bug an admin to delete a news post.</P>');

	need ('sql');

	function convertToHTML ($string)
	{
		$table = array_flip (get_html_translation_table (HTML_ENTITIES));

		return strtr ($string, $table);
	}

	function convertFromHTML ($string)
	{
		$table = get_html_translation_table (HTML_ENTITIES);
		return strtr ($string, $table);
	}

	function newsEntrySummary ($array)
	{
		need ("date");

		return
			'<TR>'
			.'	<TD><A href="news_edit.php?newsID=' . $array[n_id] . '">' . $array[n_id] . '</A></TD>'
			.'	<TD>' . dateFromSQLDateTime ($array[n_date]) . '</TD>'
			.'	<TD>' . $array[n_user] . '</TD>'
			.'	<TD>' . substr (convertFromHTML (StripSlashes ($array[n_news])), 0, 60) . '&#8230;</TD>'
			.'</TR>';
	}

	function newsEntryEditor ($array)
	{
		need ("date");

		$id = $array[n_id];
		$usr = $array[n_user];
		$txt = convertFromHTML(stripSlashes($array[n_news]));
		$date = dateFromSQLDateTime($array[n_date]);

		?>
			<FORM action="editnews.php?newsID=<?=$id?>" method="post">
			<DIV class="newsBox">
				<DIV class="newsTitle"><H2>Edit News Entry #<?=$id?></H2></DIV>
				<DL>
					<DT>
						<FONT size="-1">
							<EM>Posted on</EM>
							<?=$date?>
							<EM>by</EM>
							<STRONG>
								<INPUT type="text" name="newsUser" size="20" value="<?=$usr?>">
							</STRONG>
							<INPUT align="center" type="submit" value="Modify User / Text"></INPUT>
						</FONT>
					</DT>
					<DD>
						<TEXTAREA name="newsItem" rows="25" cols="64"><?=$txt?></TEXTAREA><BR>
					</DD>
				</DL>
			</DIV>
			</FORM>
		<?
	}

	need ('sql');

	global $newsID;
	global $newsUser;
	global $newsItem;

	$newsID = $_GET['newsID'];
	$newsItem = $_POST['newsItem'];
	$newsUser = $_POST['newsUser'];

	if ($conn = mysql_pconnect (sqlHost, sqlRWUser, sqlRWPass)) {
		if ($newsID) {
			if ($newsUser && $newsItem) {
				$newsItem = AddSlashes ($newsItem);
				$query = "UPDATE news_main SET n_user='$newsUser', n_news='$newsItem' WHERE n_id='$newsID'";
				if ($result = mysql_db_query (sqlDB, $query, $conn)) {
					if ($numRows = mysql_affected_rows ($conn)) {
						echo '<P>Your modifications have been processed successfully.';
					} else {
						echo '<P>Your modifications were correctly formed, but had no effect on the database.';
					}
				} else {
					echo "<P>There was an error in your input. If you don't know what it is, I'm not going to tell you.";
				}
			} else {
				$query = "SELECT n_id, n_date, n_user, n_news FROM news_main "
						. "WHERE n_id=$newsID";
				$result = mysql_db_query (sqlDB, $query, $conn);
				if ($result) {
					$numRows = mysql_num_rows ($result);
					if ($numRows == 1) {
						$news = mysql_fetch_array ($result);
						newsEntryEditor ($news);
					} else {
						echo "<P>MOOOOO! Rows = $numRows";
					}
				} else {
					echo "<P>MOOOOO! No result.";
				}
			}
		} else {?>
			<DIV class="newsBox">
				<DIV class="newsTitle"><H2>Edit News</H2></DIV>
				<TABLE width="100%">
					<?
			$query = 'SELECT n_id, n_date, n_user, n_news FROM news_main' .
					' ORDER BY n_date DESC';
			if ($result = mysql_db_query (sqlDB, $query, $conn)) {
				if ($numRows = mysql_num_rows ($result)) {?>
					<TR>
						<TH align="left">ID</TH>
						<TH align="left">Date</TH>
						<TH align="left">User</TH>
						<TH align="left">Text</TH>
					</TR><?

					for ($i = 0; $i < $numRows; $i++) {
						$news[$i] = mysql_fetch_array ($result);
						echo newsEntrySummary ($news[$i]);
					}
				} else {
				}
			} else {
			}

			tableFooter ();
			?>
			</DIV>
			<?
		}
	} else {
		echo '<P>You suck, butthead.';
	}
?>
<?
	require siteHome . "/parts/postamble.php";	// Finish this sucker up
?>