Location: PHPKode > projects > phpCAMALEO > NEWS_mngr.php
<?php
/***************************************************************************
 *	NEWS_mngr.php
 *
 *	begin		: December 2005
 *	version		: 24 October 2006
 *	copyright	: (C) 2005,2006 grandolini.net
 *
 *	NEWS manager
 *
 ***************************************************************************/
$defs='news_mngr';
include('Session.php');
check_access($USER_ID,$USER_PW,80);
#
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/includes/set_month_ary.php');
include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/fun2inc/form_validation.inc');
#
if($_POST[once]=='')		{ $_SESSION[news_mngr]=0; $_POST[once]=1; }
if($_SESSION[news_mngr]==0)	{ $file_list=set_news_list(); }
#
if(isset($_POST[submit]))
{
	switch($_POST[submit])
	{
		case B_NEWS_ACT:	set_main_switch(true); break;	#	Activate news
		case B_NEWS_DACT:	set_main_switch(false); break;	#	Deactivate news
		case B_BACKSCR:
			#
			#	Initial screen
			#
			$_SESSION[news_mngr]=0;
			$file_list=set_news_list();
			break;
		#
		case B_DELETE:
			#
			#	Delete news request
			#
			$sth=db_query("SELECT * FROM g_news WHERE RRN='$_POST[n_list]' AND news_skin='".$_SESSION[misc][skin]."'");
			$row=db_fetch($sth[0]);
			$message=str_replace('<br />','\n',$row[0][news_msg]); # note: in this case, '\n' is for js!
			$_SESSION[news2del]=$_POST[n_list];
			$pop='<script type="text/javascript">if(confirm(\''.CONFIRM_DELETE.'ID: '.$_POST[n_list].'\n'.$message.'\n\')==true) { window.location="'.$_SERVER[PHP_SELF].'?deleteconfirmed"; } else { window.location="'.$_SERVER[PHP_SELF].'"; }</script>';
			break;
		#
		case B_EDIT:
			#
			#	Load db record
			#
			$sth=db_query("SELECT * FROM g_news WHERE RRN='$_POST[n_list]' AND news_skin='".$_SESSION[misc][skin]."'");
			$row=db_fetch($sth[0]);
			#
			$RRN		=$row[0][RRN];
			$_POST[n_date_dd]=substr($row[0][news_date],8,2);
			$_POST[n_date_mm]=substr($row[0][news_date],5,2);
			$_POST[n_date_yy]=substr($row[0][news_date],0,4);
			$message	=str_replace('<br />',"\n",$row[0][news_msg]);
			$news_link	=$row[0][news_link];
			$target		=$row[0][news_target];
			$publish	=$row[0][news_publish];
			$_POST[e_date_dd]=substr($row[0][news_exp],8,2);
			$_POST[e_date_mm]=substr($row[0][news_exp],5,2);
			$_POST[e_date_yy]=substr($row[0][news_exp],0,4);
			#
			$_SESSION[news_mngr]=1;
			break;
		#
		case B_ADD:
			#
			#	Add news
			#
			$RRN='*INS*';
			$today=date('Y-m-d');
			$_POST[n_date_dd]=substr($today,8,2);
			$_POST[n_date_mm]=substr($today,5,2);
			$_POST[n_date_yy]=substr($today,0,4);
			$message='';
			$news_link='';
			$target='b';
			$publish=2;
			$exp_yy=date('Y'); $exp_mm=date('m')+1; if($exp_mm>12) { $exp_mm=1; $exp_yy++; }
			$_POST[e_date_dd]=$_POST[n_date_dd];
			$_POST[e_date_mm]=$exp_mm;
			$_POST[e_date_yy]=$exp_yy;
			#
			$_SESSION[news_mngr]=1;
			break;
		#
		case B_SAVE:
			#
			#	Strips unwanted chars in the message
			#
			#	$message=htmlspecialchars($_POST[message],ENT_QUOTES);
			#	$trans=get_html_translation_table(HTML_ENTITIES,ENT_QUOTES);
			#	$message=strtr($message,$trans);
			$message=str_replace("\r\n",'<br />',$message);
			$message=str_replace('\\','',$message);
			#
			$feedback=check_data();
			#
			#	Data is validated
			#
			if($feedback=='OKIDOKI')
			{
				#	Update news
				#
				$sth=db_query("SELECT * FROM g_news WHERE RRN='$_POST[RRN]' AND news_skin='".$_SESSION[misc][skin]."'");
				if($sth[1]>0)
				{
					$sth=db_query("UPDATE g_news SET news_date='$_POST[n_date_yy]-$_POST[n_date_mm]-$_POST[n_date_dd]',news_msg='$message',news_link='$_POST[news_link]',news_target='$_POST[r_target]',news_publish='$_POST[r_pub]',news_exp='$_POST[e_date_yy]-$_POST[e_date_mm]-$_POST[e_date_dd]' WHERE RRN='$_POST[RRN]' AND news_skin='".$_SESSION[misc][skin]."' LIMIT 1");
				}
				else
				{
					$sth=db_query("INSERT INTO g_news SET news_skin='".$_SESSION[misc][skin]."',news_date='$_POST[n_date_yy]-$_POST[n_date_mm]-$_POST[n_date_dd]',news_msg='$message',news_link='$_POST[news_link]',news_target='$_POST[r_target]',news_publish='$_POST[r_pub]',news_exp='$newsexp'");
					$RRN=db_last_id($dbh);
				}
				$feedback_str=BuildConfirmString($error_msg[2000]);
				$file_list=set_news_list();
				#
				$_SESSION[news_mngr]=0;
				$pop='<script type="text/javascript">pop(\''.NEWS_UPDATED.'\',\''.$_SERVER[PHP_SELF].'\');</script>';
			}
			else
			{
				list($feedback_str,$err_i)=explode('#@#',$feedback);
			}
		break;
		#
	}
}
#
if(isset($_GET[deleteconfirmed]) && isset($_SESSION[news2del]) && $_SESSION[news2del]!='')
{
	#======================
	#	Delete news
	#======================
	$sth=db_query("SELECT * FROM g_news WHERE RRN='$_SESSION[news2del]' AND news_skin='".$_SESSION[misc][skin]."'");
	if($sth[1]>0)
	{
		$sth=db_query("DELETE FROM g_news WHERE RRN='$_SESSION[news2del]' AND news_skin='".$_SESSION[misc][skin]."' LIMIT 1");
		#
		unset($_SESSION[news2del]);
		$_SESSION[news_mngr]=0;
		$pop='<script type="text/javascript">pop(\''.NEWS_DELETED.'\',\''.$_SERVER[PHP_SELF].'\');</script>';
	}
}
#
$PageNr='news_mngr';
$_SESSION[PageNr]=$PageNr;
$_SESSION[PageFile]=basename($_SERVER[PHP_SELF]);
include($_SESSION[skinf].'Layout.php');
#
#
#	functions
#
#
#=========================
# Validate input data
#
function check_data()
#=========================
{
	global $message;
	#
	$temp=validate_date($_POST[n_date_yy].'-'.$_POST[n_date_mm].'-'.$_POST[n_date_dd],'ymd');
	if($temp!='valid')			{ return ($temp.'#@#2'); }
	if($message=='')			{ return(BuildErrorString(1011).'#@#3'); }
	#
	if(strlen($message)>1024)	{ return(BuildErrorString(1022).'#@#3'); }
	if($_POST[e_date_yy]=='0000') { $_POST[e_date_mm]='01'; $_POST[e_date_dd]='01'; }
	else
	{
		$temp=validate_date($_POST[e_date_yy].'-'.$_POST[e_date_mm].'-'.$_POST[e_date_dd],'ymd');
		if($temp!='valid')		{ return($temp.'#@#4'); }
	}
	#
	if(strlen($_POST[news_link])>0)
	{
		if(substr($_POST[news_link],0,7)!='http://' && substr($_POST[news_link],0,8)!='https://')
								{ return(BuildErrorString(1037).'#@#5'); }
		include($_SERVER[DOCUMENT_ROOT].$_SESSION[misc][folder].'common/fun2inc/get_http_header.inc');
		$tmp=str_replace('http://','',$_POST[news_link]);
		$tmp=str_replace('https://','',$tmp);
		$host=explode('/',$tmp);
		#	$hostip=gethostbyname($host[0]);
		#	if($tmp==$hostip)		{ return(BuildErrorString(1038).'#@#5'); }
		$header=get_http_header($host[0],substr($tmp,strlen($host[0])));
		if(stristr($header,'Not Found'))
								{ return(BuildErrorString(1038).'#@#5'); }
	}
	#
	return('OKIDOKI');
}
#=========================
#	Set news main switch
#
function set_main_switch($val)
#=========================
{
	$sth=db_query("SELECT * FROM g_stat_misc WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*news_switch'");
	if($sth[1]==0)	{ $sth=db_query("INSERT INTO g_stat_misc SET stat_misc_skin='".$_SESSION[misc][skin]."',stat_misc_key='*news_switch',stat_misc_val='$val',stat_misc_date='".date('YmdHi')."'"); }
	else			{ $sth=db_query("UPDATE g_stat_misc SET stat_misc_val='$val',stat_misc_date='".date('YmdHi')."' WHERE stat_misc_skin='".$_SESSION[misc][skin]."' AND stat_misc_key='*news_switch'"); }
}
#=========================
#	Build the news list
#
function set_news_list()
#=========================
{
	$sth=db_query("SELECT news_date,LEFT(news_msg,30) AS msg,news_publish,RRN FROM g_news WHERE news_skin='".$_SESSION[misc][skin]."' ORDER BY news_date DESC,RRN DESC");
	$t=$sth[1];
	if($t>0)
	{
		$rows=db_fetch($sth[0]);
		$file_list=array();
		for($i=0;$i<$t;$i++)
		{
			$file_list[$i][news_date]=substr($rows[$i][news_date],8,2).'-'.substr($rows[$i][news_date],5,2).'-'.substr($rows[$i][news_date],0,4);
			$file_list[$i][news_msg]=$rows[$i][msg];
			$file_list[$i][news_publish]=$rows[$i][news_publish];
			$file_list[$i][RRN]=$rows[$i][RRN];
		}
	}
	else
	{
		#	File list is empty
		#
		$file_list[0][RRN]='Warning, No news available in the database!, 0';
	}
	return($file_list);
}
?>
Return current item: phpCAMALEO