Source for file news_change.php
Documentation is available at news_change.php
// If the user hasn't the right to change news -> access denied.
$tpl->loadTemplatefile ('news_notallowed.tpl.php');
include_once 'finish.inc.php';
$action = isset ($_GET['action']) ? $_GET['action'] : '';
$action = isset ($_POST['action']) ? $_POST['action'] : $action;
$news_id = isset ($_GET['news_id']) ? (int) $_GET['news_id'] : 0;
$news_id = isset ($_POST['news_id']) ? (int) $_POST['news_id'] : $news_id;
* Page for changing news.
if ($action == 'change' AND $news_id != 0 ) {
$newsRow = $db->getRow ('SELECT
ROUND((TO_DAYS(valid_to)-TO_DAYS(created_at))/7) AS weeks,
UNIX_TIMESTAMP(created_at) AS created_at,
// Check whether the user is cheating.
if (!$LU->checkRightLevel (RIGHT_NEWS_CHANGE, (int) $newsRow['owner_user_id'], (int) $newsRow['owner_group_id'])) {
header('Location: news_change.php?logout=1');
$news = isset ($_POST['news']) ? $_POST['news'] : '';
$valid_to = isset ($_POST['valid_to']) ? (int) $_POST['valid_to'] : '';
if (!ereg('^[1-9][0-9]?$', $valid_to)) {
$errorMsg = '<p><span style="color: red;">Only numbers between 1 and 99 are allowed here.</span></p>';
// Form seems to be correct. Write data into the db.
valid_to = "' . date('Y.m.d H:i:s', $newsRow['created_at']+60*60*24*7* $valid_to) . '",
news_id = "' . $news_id . '"');
// Show page to change the news.
if (empty ($news) OR isset ($errorMsg)) {
$tpl->loadTemplatefile ('news_new.tpl.php');
$tpl->setVariable ('form_action', 'news_change.php');
$tpl->touchBlock ('button_abort');
$tpl->setVariable ('message', $news);
$tpl->setVariable ('valid', $valid_to);
$tpl->setVariable ('valid', $newsRow['weeks']);
$tpl->setVariable ('script_msg', $errorMsg);
$tpl->setVariable ('news_id', $news_id);
$tpl->touchBlock ('action');
} // End $action == 'change'
if ($action == 'delete' AND $news_id != 0 ) {
$rightInfo = $db->getRow ('SELECT
news_id = ' . (int) $news_id);
// Check whether the user is cheating.
if (!$LU->checkRightLevel (RIGHT_NEWS_DELETE, (int) $rightInfo['owner_user_id'], (int) $rightInfo['owner_group_id'])) {
header('Location: news_change.php?logout=1');
$confirmed = isset ($_GET['is_js_confirmed']) ? $_GET['is_js_confirmed'] : 0;
news_id = ' . (int) $news_id);
} // End $action == 'loeschen'
$tpl->loadTemplatefile ('news_change.tpl.php');
// Get the last five news.
$res = $db->query ('SELECT
DATE_FORMAT(N.created_at,"%d.%m.%Y - %H:%i") AS date,
liveuser_perm_users AS PU
N.owner_user_id = PU.perm_user_id
PU.auth_user_id = U.auth_user_id
$bgcolor = array ('#DDDDDD', '#CCCCCC');
while ($row = $res->fetchRow ()) {
$tpl->setCurrentBlock ('row');
$tpl->setVariable (array ('color_n' => $bgcolor[$counter++%2 ],
'time' => $row['date'] . ' Uhr',
'author' => '<a href="mailto:' . $row['handle'] . '@your-company.com">' . $row['handle'] . '</a>'));
// Has the user the right to change the news?
if ($LU->checkRightLevel (RIGHT_NEWS_CHANGE, (int) $row['owner_user_id'], (int) $row['owner_group_id'])) {
$tpl->setVariable ('link_change', 'news_change.php?action=change&news_id='. $row['news_id']);
// Has the user the right to delete the news?
if ($LU->checkRightLevel (RIGHT_NEWS_DELETE, (int) $row['owner_user_id'], (int) $row['owner_group_id'])) {
$tpl->setVariable ('link_delete', 'news_change.php?action=delete&news_id='. $row['news_id']. '" onclick="return confirmLink(this, \'Shall I really delete \\\''. htmlentities(substr(str_replace('<br>', ' ', $row['news']), 0 , 20 ), ENT_QUOTES ). ' ...\\\' ?\')');
$tpl->parseCurrentBlock ();
include_once 'finish.inc.php';
Documentation generated on Mon, 11 Mar 2019 13:56:20 -0400 by phpDocumentor 1.4.4. PEAR Logo Copyright © PHP Group 2004.
|