<?
/*========================================*\
| News Module for Exero CMS |
| Copyright © 2006 Jack Polgar |
| http://www.jackpolgar.com |
\*========================================*/
chdir("../");
require("global.php");
if(!checkadminsession()) {
print_no_permission();
exit;
}
if(!adminpermissions("useadminmodules")) {
print_no_permission();
exit;
}
function newsmenu() {
print_topmenu(array("news.php?do=submit"=>"Submit News","news.php?do=categories"=>"Categories","news.php?do=newcategory"=>"New Category"),'14','bold');
}
if($_REQUEST['do'] == "") {
print_cp_header("News Admin");
newsmenu();
print_table_header("News Articles","4","0","1","100%",'12');
$cols = array(
"Title[align:left]" => "",
"Author" => "60",
"Date Posted" => "200",
"Actions[align:right]" => "80"
);
print_multicol_row($cols,"thead");
$getnews = $db->query("SELECT * FROM ".TABLE_PREFIX."news ORDER BY id DESC");
while($newsinfo = $db->fetch_array($getnews)) {
$authorinfo = $db->query_first("SELECT uid,username FROM ".TABLE_PREFIX."users WHERE uid='".$newsinfo['poster']."'");
$cols = array(
"".$newsinfo['title'].""."[align:left]" => "",
$authorinfo['username'] => "60",
date($ecms->settings['dateformat'],$newsinfo['timestamp'])." at ".date($ecms->settings['timeformat'],$newsinfo['timestamp']) => "200",
"<a href=\"news.php?do=comments&newsid=".$newsinfo['id']."\">Comments</a><br /><a href=\"news.php?do=edit&id=".$newsinfo['id']."\">Edit</a>, <a href=\"news.php?do=delete&id=".$newsinfo['id']."\">Delete</a>[align:right]" => "80"
);
print_multicol_row($cols);
}
print_table_footer();
print_cp_footer();
} else if($_REQUEST['do'] == "submit") {
if($_POST['action'] == "submit") {
$db->query("INSERT INTO ".TABLE_PREFIX."news VALUES(
'',
'".$db->real_escape_string($_POST['title'])."',
'".$user->userinfo['uid']."',
'".$db->real_escape_string($_POST['category'])."',
'".addslashes($_POST['message'])."',
'".time()."',
'".$db->real_escape_string($_POST['allowcomments'])."')");
print_redirect("news.php","News Article Posted","News Article Posted.");
} else {
print_cp_header("Submit News");
print_form_header("news.php?do=submit","submit");
print_form_hiddenfield("action","submit");
print_table_header("Submit News","2");
print_form_textbox("Subject","title");
$cats = array();
$categories = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats");
while($catinfo = $db->fetch_array($categories)) {
$cats[$catinfo['id']] = $catinfo['title'];
}
print_form_select("Category","category",'',$cats,'','0');
print_form_yesno("Allow Comments","allowcomments","1");
print_table_optiontitle("Message",'',"2");
print_form_textarearow("message",'',"2","90","10","");
print_form_submit("Submit","2","0");
print_table_footer();
print_form_footer();
print_cp_footer();
}
} else if($_REQUEST['do'] == "edit") {
if($_POST['action'] == "save") {
$db->query("UPDATE ".TABLE_PREFIX."news SET
title='".$db->real_escape_string($_POST['title'])."',
catid='".$db->real_escape_string($_POST['category'])."',
message='".addslashes($_POST['message'])."',
allowcomments='".$db->real_escape_string($_POST['allowcomments'])."'
WHERE id='".$db->real_escape_string($_POST['id'])."'");
print_redirect("news.php","News Article Saved","News Article Saved.");
} else {
print_cp_header("Edit News");
$newsinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['id'])."' LIMIT 1");
print_form_header("news.php?do=edit","submit");
print_form_hiddenfield("action","save");
print_form_hiddenfield("id",$_REQUEST['id']);
print_table_header("Submit News","2");
print_form_textbox("Subject","title",$newsinfo['title']);
$categories = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats");
while($catinfo = $db->fetch_array($categories)) {
$cats[$catinfo['id']] = $catinfo['title'];
}
print_form_select("Category","category",'',$cats,$newsinfo['catid'],'0');
print_form_yesno("Allow Comments","allowcomments",$newsinfo['allowcomments']);
print_table_optiontitle("Message",'',"2");
print_form_textarearow("message",$newsinfo['message'],"2","90","10","");
print_form_submit("Save","2");
print_table_footer();
print_form_footer();
print_cp_footer();
}
} else if($_REQUEST['do'] == "delete") {
$db->query("DELETE FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
print_redirect("news.php","News Article Deleted","News Article Deleted.");
} else if($_REQUEST['do'] == "comments") {
print_cp_header("News Comments");
$newsinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news WHERE id='".$db->real_escape_string($_REQUEST['newsid'])."'");
newsmenu();
print_table_header("Comments on ".$newsinfo['title'],"4","","1");
print_multicol_row(array("Comment[align:left]"=>"","Poster"=>"70","Options[align:right]"=>"140"),"optiontitle");
$getcomments = $db->query("SELECT * FROM news_comments WHERE newsid='".$newsinfo['id']."'");
while($comment = $db->fetch_array($getcomments)) {
$posterinfo = $db->query_first("SELECT * FROM ".TABLE_PREFIX."users WHERE uid='".$db->real_escape_string($comment['posterid'])."'");
print_multicol_row(array($comment['message']."[align:left]"=>"",$posterinfo['username']=>"70","<a href=\"news.php?do=editcomment&id=".$comment['id']."\">Edit</a>, <a href=\"news.php?do=deletecomment&id=".$comment['id']."&newsid=".$_REQUEST['newsid']."\">Delete</a>[align:right]"=>"140"));
}
print_table_footer();
print_cp_footer();
} else if($_REQUEST['do'] == "editcomment") {
print_cp_header("Edit Comments");
$comment = $db->query_first("SELECT * FROM ".TABLE_PREFIX."news_comments WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
print_form_header("news.php?do=savecomment");
print_form_hiddenfield("commentid",$comment['id']);
print_form_hiddenfield("newsid",$comment['newsid']);
print_table_header("Edit Comment");
print_form_textarearow("message",$comment['message'],"2","90","10","");
print_form_submit("Submit");
print_table_footer();
print_form_footer();
print_cp_footer();
} else if($_REQUEST['do'] == "savecomment") {
$db->query("UPDATE ".TABLE_PREFIX."news_comments SET message='".$db->real_escape_string($_POST['message'])."' WHERE id='".$db->real_escape_string($_POST['commentid'])."'");
print_redirect("news.php?do=comments&newsid=".$_POST['newsid'],"Comment Saved","Comment Saved.");
} else if($_REQUEST['do'] == "deletecomment") {
$db->query("DELETE FROM ".TABLE_PREFIX."news_comments WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
print_redirect("news.php?do=comments&newsid=".$_REQUEST['newsid'],"Comment Deleted","Comment Deleted.");
} else if($_REQUEST['do'] == "categories") {
print_cp_header("News Categories");
newsmenu();
print_table_header("News Categories","2","0","1","100%",'12');
$cols = array(
"Title[align:left]" => "",
"Actions[align:right]" => "80"
);
print_multicol_row($cols,"thead");
$getcats = $db->query("SELECT * FROM ".TABLE_PREFIX."news_cats ORDER BY id DESC");
while($catinfo = $db->fetch_array($getcats)) {
$cols = array(
"".$catinfo['title'].""."[align:left]" => "",
"<a href=\"news.php?do=editcat&id=".$catinfo['id']."\">Edit</a>, <a href=\"news.php?do=deletecat&id=".$catinfo['id']."\">Delete</a>[align:right]" => "80"
);
print_multicol_row($cols);
}
print_table_footer();
print_cp_footer();
} else if($_REQUEST['do'] == "newcategory") {
$create = 0;
$error = array();
if($_POST['action'] == "submit") {
$create = 1;
if(empty($_POST['title'])) {
$error[] = "You must enter a Title";
$create = 0;
$showerror = 1;
} else {
$checkident = $db->num_rows($db->query("SELECT * FROM ".TABLE_PREFIX."news_cats WHERE title='".$db->real_escape_string($_POST['title'])."' LIMIT 1"));
if($checkident == "1") {
$error[] = "Title aleady in use";
$showerror = 1;
$create = 0;
}
}
}
if(!$create) {
print_cp_header("New Category");
if($showerror) {
print_error($error);
}
print_form_header("news.php?do=newcategory","create");
print_form_hiddenfield("action","submit");
print_table_header("New Category","2");
print_form_textbox("Title","title",$_POST['title']);
print_form_textbox("Picture<br>Enter the location of the picture(blank for none)","picture",$_POST['picture']);
print_form_submit("Submit","2","0");
print_table_footer();
print_form_footer();
print_cp_footer();
} else {
$db->query("INSERT INTO ".TABLE_PREFIX."news_cats VALUES('','".$db->real_escape_string($_POST['title'])."','".$db->real_escape_string($_POST['picture'])."')");
print_redirect("news.php?do=categories","Category Created","Category Created.");
}
} else if($_REQUEST['do'] == "editcat") {
$save = 0;
$error = array();
if($_POST['action'] == "submit") {
$save = 1;
if(empty($_POST['title'])) {
$error[] = "You must enter a Title";
$save = 0;
$showerror = 1;
} else {
$checkident = $db->num_rows($db->query("SELECT * FROM ".TABLE_PREFIX."news_cats WHERE title='".$db->real_escape_string($_POST['title'])."' AND id!='".$db->real_escape_string($_POST['catid'])."' LIMIT 1"));
if($checkident == "1") {
$error[] = "Title aleady in use";
$showerror = 1;
$save = 0;
}
}
}
if(!$save) {
print_cp_header("Edit Category");
if($showerror) {
print_error($error);
}
if(isset($_POST['catid'])) {
$id = $_POST['catid'];
} else {
$id = $_REQUEST['id'];
}
$catinfo = $db->query_first("SELECT * FROM news_cats WHERE id='".$db->real_escape_string($id)."'");
print_form_header("news.php?do=editcat","edit");
print_form_hiddenfield("action","submit");
print_form_hiddenfield("catid",$id);
print_table_header("Edit Category","2");
print_form_textbox("Title","title",$catinfo['title']);
print_form_textbox("Picture<br>Enter the location of the picture(blank for none)","picture",$catinfo['picture']);
print_form_submit("Submit","2","0");
print_table_footer();
print_form_footer();
print_cp_footer();
} else {
$db->query("UPDATE ".TABLE_PREFIX."news_cats SET title='".$db->real_escape_string($_POST['title'])."', picture='".$db->real_escape_string($_POST['picture'])."' WHERE id='".$db->real_escape_string($_POST['catid'])."'");
print_redirect("news.php?do=categories","Category Saved","Category Saved.");
}
} else if($_REQUEST['do'] == "deletecat") {
$db->query("DELETE FROM ".TABLE_PREFIX."news_cats WHERE id='".$db->real_escape_string($_REQUEST['id'])."'");
print_redirect("news.php?do=categories","Category Deleted","Category Deleted.");
}
?>