Location: PHPKode > projects > Exero CMS > upload/admin/modules/news.php
<?
/*========================================*\
|        News Module for Exero CMS        |
|       Copyright © 2006 Jack Polgar       |
|        http://www.jackpolgar.com         |
\*========================================*/

chdir("../");
require("global.php");
if(!checkadminsession()) {
	print_no_permission();
	exit;
}

if(!adminpermissions("useadminmodules")) {
	print_no_permission();
	exit;
}

function newsmenu() {
	print_topmenu(array("news.php?do=submit"=>"Submit News","news.php?do=categories"=>"Categories","news.php?do=newcategory"=>"New Category"),'14','bold');
}

if($_REQUEST['do'] == "") {
	print_cp_header("News Admin");
	
	newsmenu();
	
	print_table_header("News Articles","4","0","1","100%",'12');
	$cols = array(
	"Title[align:left]" => "",
	"Author" => "60",
	"Date Posted" => "200",
	"Actions[align:right]" => "80"
	);
	print_multicol_row($cols,"thead");
	$getnews = $db->query("SELECT * FROM ".TABLE_PREFIX."news ORDER BY id DESC");
	while($newsinfo = $db->fetch_array($getnews)) {
		$authorinfo = $db->query_first("SELECT uid,username FROM ".TABLE_PREFIX."users WHERE uid='".$newsinfo['poster']."'");
		$cols = array(
		"".$newsinfo['title'].""."[align:left]" => "",
		$authorinfo['username'] => "60",
		date($ecms->settings['dateformat'],$newsinfo['timestamp'])." at ".date($ecms->settings['timeformat'],$newsinfo['timestamp']) => "200",
		"<a href=\"news.php?do=comments&newsid=".$newsinfo['id']."\">Comments</a><br /><a href=\"news.php?do=edit&id=".$newsinfo['id']."\">Edit</a>, <a href=\"news.php?do=delete&id=".$newsinfo['id']."\">Delete</a>[align:right]" => "80"
		);
		print_multicol_row($cols);
	}
	print_table_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "submit") {
	if($_POST['action'] == "submit") {
		$db->query("INSERT INTO ".TABLE_PREFIX."news VALUES(
		'',
		'".$db->real_escape_string($_POST['title'])."',
		'".$user->userinfo['uid']."',
		'".$db->real_escape_string($_POST['category'])."',
		'".addslashes($_POST['message'])."',
		'".time()."',
		'".$db->real_escape_string($_POST['allowcomments'])."')");
		print_redirect("news.php","News Article Posted","News Article Posted.");
	} else {
		print_cp_header("Submit News");
		
		print_form_header("news.php?do=submit","submit");
		print_form_hiddenfield("action","submit");
		print_table_header("Submit News","2");
		print_form_textbox("Subject","title");
		$cats = array();
		$categories = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats");
		while($catinfo = $db->fetch_array($categories)) {
			$cats[$catinfo['id']] = $catinfo['title'];
		}
		print_form_select("Category","category",'',$cats,'','0');
		print_form_yesno("Allow Comments","allowcomments","1");
		print_table_optiontitle("Message",'',"2");
		print_form_textarearow("message",'',"2","90","10","");
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();
		
		print_cp_footer();
	}
} else if($_REQUEST['do'] == "edit") {
	if($_POST['action'] == "save") {
		$db->query("UPDATE ".TABLE_PREFIX."news SET
		title='".$db->real_escape_string($_POST['title'])."',
		catid='".$db->real_escape_string($_POST['category'])."',
		message='".addslashes($_POST['message'])."',
		allowcomments='".$db->real_escape_string($_POST['allowcomments'])."'
		WHERE id='".$db->real_escape_string($_POST['id'])."'");
		print_redirect("news.php","News Article Saved","News Article Saved.");
	} else {
		print_cp_header("Edit News");
		
		$newsinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['id'])."' LIMIT 1");
		print_form_header("news.php?do=edit","submit");
		print_form_hiddenfield("action","save");
		print_form_hiddenfield("id",$_REQUEST['id']);
		print_table_header("Submit News","2");
		print_form_textbox("Subject","title",$newsinfo['title']);
		$categories = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats");
		while($catinfo = $db->fetch_array($categories)) {
			$cats[$catinfo['id']] = $catinfo['title'];
		}
		print_form_select("Category","category",'',$cats,$newsinfo['catid'],'0');
		print_form_yesno("Allow Comments","allowcomments",$newsinfo['allowcomments']);
		print_table_optiontitle("Message",'',"2");
		print_form_textarearow("message",$newsinfo['message'],"2","90","10","");
		print_form_submit("Save","2");
		print_table_footer();
		print_form_footer();
		
		print_cp_footer();
	}
} else if($_REQUEST['do'] == "delete") {
	$db->query("DELETE FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
	print_redirect("news.php","News Article Deleted","News Article Deleted.");
} else if($_REQUEST['do'] == "comments") {
	print_cp_header("News Comments");
	$newsinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['newsid'])."'");
	
	newsmenu();
	
	print_table_header("Comments on ".$newsinfo['title'],"4","","1");
	print_multicol_row(array("Comment[align:left]"=>"","Poster"=>"70","Options[align:right]"=>"140"),"optiontitle");
	$getcomments = $db->query("SELECT * FROM news_comments WHERE newsid='".$newsinfo['id']."'");
	while($comment = $db->fetch_array($getcomments)) {
		$posterinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='".$db->real_escape_string($comment['posterid'])."'");
		print_multicol_row(array($comment['message']."[align:left]"=>"",$posterinfo['username']=>"70","<a href=\"news.php?do=editcomment&id=".$comment['id']."\">Edit</a>, <a href=\"news.php?do=deletecomment&id=".$comment['id']."&newsid=".$_REQUEST['newsid']."\">Delete</a>[align:right]"=>"140"));
	}
	print_table_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "editcomment") {
	print_cp_header("Edit Comments");
	$comment = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news_comments WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
	
	print_form_header("news.php?do=savecomment");
	print_form_hiddenfield("commentid",$comment['id']);
	print_form_hiddenfield("newsid",$comment['newsid']);
	print_table_header("Edit Comment");
	print_form_textarearow("message",$comment['message'],"2","90","10","");
	print_form_submit("Submit");
	print_table_footer();
	print_form_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "savecomment") {
	$db->query("UPDATE ".TABLE_PREFIX."news_comments SET message='".$db->real_escape_string($_POST['message'])."' WHERE id='".$db->real_escape_string($_POST['commentid'])."'");
	print_redirect("news.php?do=comments&newsid=".$_POST['newsid'],"Comment Saved","Comment Saved.");
} else if($_REQUEST['do'] == "deletecomment") {
	$db->query("DELETE FROM ".TABLE_PREFIX."news_comments WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
	print_redirect("news.php?do=comments&newsid=".$_REQUEST['newsid'],"Comment Deleted","Comment Deleted.");
} else if($_REQUEST['do'] == "categories") {
	print_cp_header("News Categories");
	
	newsmenu();
	
	print_table_header("News Categories","2","0","1","100%",'12');
	$cols = array(
	"Title[align:left]" => "",
	"Actions[align:right]" => "80"
	);
	print_multicol_row($cols,"thead");
	$getcats = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats ORDER BY id DESC");
	while($catinfo = $db->fetch_array($getcats)) {
		$cols = array(
		"".$catinfo['title'].""."[align:left]" => "",
		"<a href=\"news.php?do=editcat&id=".$catinfo['id']."\">Edit</a>, <a href=\"news.php?do=deletecat&id=".$catinfo['id']."\">Delete</a>[align:right]" => "80"
		);
		print_multicol_row($cols);
	}
	print_table_footer();
	
	print_cp_footer();
} else if($_REQUEST['do'] == "newcategory") {
	$create = 0;
	$error = array();
	if($_POST['action'] == "submit") {
		$create = 1;
		if(empty($_POST['title'])) {
			$error[] = "You must enter a Title";
			$create = 0;
			$showerror = 1;
		} else {
			$checkident = $db->num_rows($db->query("SELECT * FROM ".TABLE_PREFIX."news_cats WHERE title='".$db->real_escape_string($_POST['title'])."' LIMIT 1"));
			if($checkident == "1") {
				$error[] = "Title aleady in use";
				$showerror = 1;
				$create = 0;
			}
		}
	}
	if(!$create) {
		print_cp_header("New Category");
		
		if($showerror) {
			print_error($error);
		}
		
		print_form_header("news.php?do=newcategory","create");
		print_form_hiddenfield("action","submit");
		print_table_header("New Category","2");
		print_form_textbox("Title","title",$_POST['title']);
		print_form_textbox("Picture<br>Enter the location of the picture(blank for none)","picture",$_POST['picture']);
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();
		
		print_cp_footer();
	} else {
		$db->query("INSERT INTO ".TABLE_PREFIX."news_cats VALUES('','".$db->real_escape_string($_POST['title'])."','".$db->real_escape_string($_POST['picture'])."')");
		print_redirect("news.php?do=categories","Category Created","Category Created.");
	}
} else if($_REQUEST['do'] == "editcat") {
	$save = 0;
	$error = array();
	if($_POST['action'] == "submit") {
		$save = 1;
		if(empty($_POST['title'])) {
			$error[] = "You must enter a Title";
			$save = 0;
			$showerror = 1;
		} else {
			$checkident = $db->num_rows($db->query("SELECT * FROM ".TABLE_PREFIX."news_cats WHERE title='".$db->real_escape_string($_POST['title'])."' AND id!='".$db->real_escape_string($_POST['catid'])."' LIMIT 1"));
			if($checkident == "1") {
				$error[] = "Title aleady in use";
				$showerror = 1;
				$save = 0;
			}
		}
	}
	if(!$save) {
		print_cp_header("Edit Category");
		
		if($showerror) {
			print_error($error);
		}
		
		if(isset($_POST['catid'])) {
			$id = $_POST['catid'];
		} else {
			$id = $_REQUEST['id'];
		}
		
		$catinfo = $db->query_first("SELECT * FROM news_cats WHERE id='".$db->real_escape_string($id)."'");
		
		print_form_header("news.php?do=editcat","edit");
		print_form_hiddenfield("action","submit");
		print_form_hiddenfield("catid",$id);
		print_table_header("Edit Category","2");
		print_form_textbox("Title","title",$catinfo['title']);
		print_form_textbox("Picture<br>Enter the location of the picture(blank for none)","picture",$catinfo['picture']);
		print_form_submit("Submit","2","0");
		print_table_footer();
		print_form_footer();
		
		print_cp_footer();
	} else {
		$db->query("UPDATE ".TABLE_PREFIX."news_cats SET title='".$db->real_escape_string($_POST['title'])."', picture='".$db->real_escape_string($_POST['picture'])."' WHERE id='".$db->real_escape_string($_POST['catid'])."'");
		print_redirect("news.php?do=categories","Category Saved","Category Saved.");
	}
} else if($_REQUEST['do'] == "deletecat") {
	$db->query("DELETE FROM ".TABLE_PREFIX."news_cats WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
	print_redirect("news.php?do=categories","Category Deleted","Category Deleted.");
}
?>
Return current item: Exero CMS