<?php
/* +--------------------------------------------------------------
| PHPFreeNews - News Headlines on your website |
| Developed by Jim Willsher. |
| http://www.phpfreenews.co.uk |
+-------------------------------------------------------------+
*/
if (! defined('IN_PHPFN'))
die('Illegal attempt to access script directly!');
require('Inc/PreviewFunctions.php');
// ==============================================================================================================================
function CategoriesFromForm($Categories)
{
$Cats = array();
// Convert the form array (e.g. key, value) to our own format (e.g. value, true)
if ($Categories != NULL)
while (list($key, $val) = each($Categories))
$Cats[$val] = TRUE;
return $Cats;
}
// ==============================================================================================================================
function CategoriesToDB($ArticleID, $Categories)
{
global $LoggedInUserId;
$CatWriteSuccess = TRUE;
// Remove any existing categories. Only remove from the categories to which the user is authorised
$UsersCategories = implode(",", UsersCategoriesFromDB());
$CatWriteSuccess = $CatWriteSuccess & mysql_query("DELETE FROM news_postcategories WHERE ArticleID = '$ArticleID' AND CatID IN ($UsersCategories)");
// Write the new categories
while (list($key, $val) = each($Categories))
$CatWriteSuccess = $CatWriteSuccess & mysql_query("INSERT INTO news_postcategories (ArticleID, CatID) VALUES('$ArticleID', '$key')");
return $CatWriteSuccess;
}
// ==============================================================================================================================
function CheckArticleSecurity($NewsData, $CheckLock)
{
global $LoggedInEditAnyPost, $LoggedInUserId;
// Illegal attempt to edit another user's post?
if ((! $LoggedInEditAnyPost) and ($NewsData['AuthorID'] != $LoggedInUserId))
{
$errormsg = "Illegal attempt to edit another user's post!";
DisplayError($errormsg, 0);
exit;
}
// Illegal attempt to edit a locked post?
if ($CheckLock && $NewsData['Locked'] == '1')
{
$errormsg = "Illegal attempt to edit a locked post!";
DisplayError($errormsg, 0);
exit;
}
}
// ==============================================================================================================================
function DisplayData($NewsID, $NewsDateTime, $OriginalPostDateTime, $ExpiryDateTime, $PostAuthor, $ImageID, $Categories, $TemplateID, $Headline, $ShortPost, $LongPost, $Sticky, $Priority, $Visible, $AllowComments, $Archived)
{
global $LoggedInUserId, $LoggedInFullName, $NewsDir, $TemplateDir, $AllowTimeStampUpdate, $ErrorText, $NewsDisplay_DateFormat,
$NewsDisplay_TimeFormat, $EnableSpellCheck, $EnableComments, $EnableArchive, $AdminScript, $AdminTextareaRows, $AdminTextareaColumns, $UseTinyMCE;
// Split the News Post Date and Time into elements
$DateTime = explode(' ', $NewsDateTime);
$Date = explode('-', $DateTime[0]);
$NewsYear = $Date['0'];
$NewsMonth = $Date['1'];
$NewsDay = $Date['2'];
$Time = explode(':', $DateTime[1]);
$NewsHour = $Time['0'];
$NewsMinute = $Time['1'];
// Split the News Expiry Date and Time into elements
$DateTime = explode(' ', $ExpiryDateTime);
$Date = explode('-', $DateTime[0]);
$ExpiryYear = $Date['0'];
$ExpiryMonth = $Date['1'];
$ExpiryDay = $Date['2'];
$Time = explode(':', $DateTime[1]);
$ExpiryHour = $Time['0'];
$ExpiryMinute = $Time['1'];
DisplayGroupHeading( ($NewsID != -1 ? 'Modify' : 'Create' ) . ' News Article');
?>
<table class="Admin">
<form name="NewsPostFrm" action="<?=$AdminScript?>?action=news&mode=post" method="post">
<?php
if ($ErrorText != '')
{
?>
<tr>
<td colspan="2" class="ErrorText">
<?= $ErrorText ?>
</td>
</tr>
<?php
}
?>
<tr>
<td colspan="2" class="C">
<input class="but" type="reset" name="reset" value="Reset" />
<input class="but" type="submit" name="PreviewShort" value="Preview(S)" />
<input class="but" type="submit" name="PreviewLong" value="Preview(L)" />
<?php
if ($EnableSpellCheck)
{
?>
<input class="but" type="submit" name="SpellShort" value="Spellcheck(S)" />
<input class="but" type="submit" name="SpellLong" value="Spellcheck(L)" />
<?php
}
?>
<input class="but" type="submit" name="submit" value="Post" />
<td>
</tr>
<tr>
<td class="FieldPrompt">
<input type="hidden" name="NewsID" value="<?= $NewsID ?>" />
<input type="hidden" name="OriginalPostDateTime" value="<?=$OriginalPostDateTime?>" />
Original Posting:
</td>
<td align="left" valign="top">
<?= date($NewsDisplay_DateFormat, strtotime($OriginalPostDateTime)) ?> <?= date($NewsDisplay_TimeFormat, strtotime($OriginalPostDateTime)) ?>
by <?= $PostAuthor ?>
</td>
</tr>
<?php
if ($AllowTimeStampUpdate == 1)
{
?>
<tr>
<td class="FieldPrompt">
Article Date & Time:
</td>
<td align="left" valign="top">
<?php BuildNumericDropdown('PostDay', $NewsDay, 1, 31) ?>
<?php BuildMonthDropdown('PostMonth', $NewsMonth) ?>
<?php BuildNumericDropdown('PostYear', $NewsYear, 2004, 2020) ?>
<?php BuildNumericDropdown('PostHour', $NewsHour, 0, 23, 2) ?>
<?php BuildNumericDropdown('PostMinute', $NewsMinute, 0, 59, 2) ?>
</td>
</tr>
<?php
}
else
{
?>
<input type="hidden" name="PostDay" value="<?=$NewsDay?>" />
<input type="hidden" name="PostMonth" value="<?=$NewsMonth?>" />
<input type="hidden" name="PostYear" value="<?=$NewsYear?>" />
<input type="hidden" name="PostHour" value="<?=$NewsHour?>" />
<input type="hidden" name="PostMinute" value="<?=$NewsMinute?>" />
<?php
}
?>
<tr>
<td class="FieldPrompt">
Expiry Date & Time:
</td>
<td align="left" valign="top">
<?php BuildNumericDropdown('ExpiryDay', $ExpiryDay, 1, 31) ?>
<?php BuildMonthDropdown('ExpiryMonth', $ExpiryMonth) ?>
<?php BuildNumericDropdown('ExpiryYear', $ExpiryYear, 2004, 2020) ?>
<?php BuildNumericDropdown('ExpiryHour', $ExpiryHour, 0, 23, 2) ?>
<?php BuildNumericDropdown('ExpiryMinute', $ExpiryMinute, 0, 59, 2) ?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Image:
</td>
<td align="left" valign="top">
<?php BuildImageDropdown('ImageID', $ImageID) ?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Categories:
</td>
<td align="left" valign="top">
<?php
// List all the categories, pre-selecting as appropriate
$sql = "SELECT * FROM news_categories, news_users_categories WHERE news_categories.ID = news_users_categories.CatID AND UserID = '$LoggedInUserId' ORDER BY CatDesc ASC";
$result = mysql_query($sql) or die('Query failed : ' . mysql_error());
while ($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$CatID = $row['ID'];
$CatDesc = $row['CatDesc'];
$Checked = (array_key_exists($CatID, $Categories) ? " CHECKED " : "");
?>
<input type="checkbox" name="CatID[]" value="<?= $CatID ?>" <?= $Checked ?> /><?= $CatDesc ?>
<?php
}
?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Template:
</td>
<td align="left" valign="top">
<?php BuildTemplateDropdown('TemplateID', $TemplateID) ?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Priority:
</td>
<td align="left" valign="top">
<?php BuildNumericDropdown('Priority', $Priority, 1, 10) ?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Headline:
</td>
<td align="left" valign="top">
<textarea name="Headline" id="Headline_news" rows="2" cols="<?=$AdminTextareaColumns?>"><?=$Headline?></textarea>
</td>
</tr>
<tr>
<td class="FieldPrompt">
User-Defined Codes:<br />
</td>
<td align="left" valign="top">
<?php
$rows = mysql_query("SELECT ID, UserCode FROM news_usercodes ORDER BY UserCode ASC");
while ($row = mysql_fetch_array($rows))
echo '<span>' . $row['UserCode'] . '</span> ';
?>
</td>
</tr>
<tr>
<td class="FieldPrompt">
BBCodes:<br /><strong>
</td>
<td valign="top" nowrap> Click <a href="<?=$NewsDir?>/Inc/BBCodes.php" target="_blank">here</a> to see the supported BB Codes (new window) </td>
</tr>
<tr>
<td class="FieldPrompt">
Short Post:
</td>
<td align="left" valign="top">
<textarea name="ShortPost" id="ShortPost_news" rows="<?=$AdminTextareaRows?>" cols="<?=$AdminTextareaColumns?>"><?=$ShortPost?></textarea>
</td>
</tr>
<tr>
<td class="FieldPrompt">
Long Post:
</td>
<td align="left" valign="top">
<textarea name="LongPost" id="LongPost_news" rows="<?=$AdminTextareaRows?>" cols="<?=$AdminTextareaColumns?>"><?=$LongPost?></textarea>
<br />
<br />
<input type="checkbox" name="Sticky" value="1" <?= ($Sticky == '1' ? 'checked' : '') ?> />Make this post sticky?
<input type="checkbox" name="Visible" value="1" <?= ($Visible == '1' ? 'checked' : '') ?> />Make this post visible?
<br />
<?
if ($EnableComments == 1)
{
?>
<input type="checkbox" name="AllowComments" value="1" <?= ($AllowComments == '1' ? 'checked' : '') ?> />Allow Comments?
<?
}
if ($EnableArchive == 1)
{
?>
<input type="checkbox" name="Archived" value="1" <?= ($Archived == '1' ? 'checked' : '') ?> />Archive this post
<?
}
?>
</td>
</tr>
<tr>
<input type="hidden" name="PostAuthor" value="<?=$LoggedInFullName?>" />
<td colspan="2" class="C">
<input class="but" type="reset" name="reset" value="Reset" />
<input class="but" type="submit" name="PreviewShort" value="Preview(S)" />
<input class="but" type="submit" name="PreviewLong" value="Preview(L)" />
<?php
if ($EnableSpellCheck)
{
?>
<input class="but" type="submit" name="SpellShort" value="Spellcheck(S)" />
<input class="but" type="submit" name="SpellLong" value="Spellcheck(L)" />
<?php
}
?>
<input class="but" type="submit" name="submit" value="Post" />
</td>
</tr>
</form>
</table>
<?
}
$Action = isset($_GET['action']) ? $_GET['action'] : '';
$Mode = isset($_GET['mode']) ? $_GET['mode'] : '';
$Confirm = isset($_GET['confirm']) ? $_GET['confirm'] : '';
$GetId = isset($_GET['id']) ? $_GET['id'] : '';
$ReturnText = ' Click <A href="' . $AdminScript . '?action=NewsList">here</A> to return to news maintenance';
// =============================================================================================
// Delete an existing post - confirmed
if ($Action == 'news' AND $Mode == 'delete' AND $Confirm == 'yes')
{
// Retrieve the post
$newsrow = mysql_query("SELECT news_posts. * , news_users.FullName FROM news_posts, ".
"news_users WHERE news_posts.ID = $GetId AND news_posts.AuthorID = news_users.ID");
$NewsData = mysql_fetch_array($newsrow);
// Check the article security
CheckArticleSecurity($NewsData, true);
// Get the news headline
$Headline = GetHeadline($GetId);
// Send notification, if required
if ($EmailAddressNotifyPostDeleted != "")
SendNewsNotificationEmail($EmailAddressNotifyPostDeleted, $GetId, 'deleted');
// Delete the article
$ok = DeleteNewsArticle($GetId);
if ($ok)
{
// Write audit, if required
if ($EnableAudit == 1)
WriteAuditEvent(AUDIT_TYPE_ARTICLE, 'D', $GetId, "News article deleted: " . $Headline);
$_SESSION['Info'] = 'The news post has been deleted successfully.';
header('location:' . $AdminScript . '?action=NewsList');
exit;
}
else
{
$errormsg = 'There was an error deleting the news post from the database.';
DisplayError($errormsg, 1);
}
}
// =============================================================================================
// Delete an existing post - seek confirmation
elseif ($Action == 'news' AND $Mode == 'delete' AND $Confirm == '')
{
// Request confirmation to delete
DisplayGroupHeading('Remove News Post');
?>
<table width="400" border="0" align="center">
<tr>
<td width="80">
<center>
<img src="Inc/Images/Question.gif">
</center>
</td>
<td>
Are you sure you want to remove this news post from the news system?
<br /><br />
<center>
<a href="<?=$AdminScript?>?action=news&mode=delete&confirm=yes&id=<?=$GetId?>">Yes</a> |
<a href="<?=$AdminScript?>?action=NewsList">No</a>
</center>
</td>
</tr>
</table>
<?php
}
// =============================================================================================
// Editing an existing post
elseif ($Action == 'news' AND $Mode == 'edit')
{
// Retrieve the post
$newsrow = mysql_query("SELECT news_posts. * , news_users.FullName FROM news_posts, ".
"news_users WHERE news_posts.ID = $GetId AND news_posts.AuthorID = news_users.ID");
$NewsData = mysql_fetch_array($newsrow);
// Check the article security
CheckArticleSecurity($NewsData, true);
$NewsDateTime = $NewsData['PostDateTime'];
$OriginalPostDateTime = $NewsData['OriginalPostDateTime'];
$ExpiryDateTime = $NewsData['ExpiryDateTime'];
// Automatically update the date-stamp? (but never the original stamp)
if ($AutoUpdateTimeStampUponEdit == 1)
$NewsDateTime = CurrentFormattedDateTime();
// Load the categories for this article
$Categories = CategoriesFromDB($GetId);
DisplayData($GetId, $NewsDateTime, $OriginalPostDateTime, $ExpiryDateTime, $NewsData['FullName'], $NewsData['ImageID'], $Categories, $NewsData['TemplateID'], $NewsData['Headline'], $NewsData['ShortPost'], $NewsData['LongPost'], $NewsData['Sticky'], $NewsData['Priority'], $NewsData['Visible'], $NewsData['AllowComments'], $NewsData['Archived']);
}
// =============================================================================================
// Copy an existing post
elseif ($Action == 'news' AND $Mode == 'copy')
{
// Retrieve the post
$newsrow = mysql_query("SELECT news_posts. * , news_users.FullName FROM news_posts, ".
"news_users WHERE news_posts.ID = $GetId AND news_posts.AuthorID = news_users.ID");
$NewsData = mysql_fetch_array($newsrow);
// Check the article security
CheckArticleSecurity($NewsData, false);
$NewsDateTime = $NewsData['PostDateTime'];
$OriginalPostDateTime = $NewsData['OriginalPostDateTime'];
$ExpiryDateTime = $NewsData['ExpiryDateTime'];
// Should copied posts be assigned the current time
if ($CopiedPostsRetainTime == 0)
$NewsDateTime = CurrentFormattedDateTime();
// Always update the "original date and time" on the copy, as it's a new post
$OriginalPostDateTime = CurrentFormattedDateTime();
// Load the categories for this article
$Categories = CategoriesFromDB($GetId);
DisplayData(-1, $NewsDateTime, $OriginalPostDateTime, $ExpiryDateTime, $NewsData['FullName'], $NewsData['ImageID'], $Categories, $NewsData['TemplateID'], $NewsData['Headline'], $NewsData['ShortPost'], $NewsData['LongPost'], $NewsData['Sticky'], $NewsData['Priority'], $NewsData['Visible'], $NewsData['AllowComments'], $NewsData['Archived']);
}
// =============================================================================================
// Form was submitted
elseif ( (isset($_POST['submit'])) || (isset($_POST['PreviewShort'])) || (isset($_POST['PreviewLong'])) || (isset($_POST['SpellShort'])) || (isset($_POST['SpellLong'])) )
{
// =============================================================================================
// Get the current date & time for this news post
$NewsID = $_POST['NewsID'];
$PostDay = $_POST['PostDay'];
$PostMonth = $_POST['PostMonth'];
$PostYear = $_POST['PostYear'];
$PostHour = $_POST['PostHour'];
$PostMinute = $_POST['PostMinute'];
$PostAuthor = $_POST['PostAuthor'];
$OriginalPostDateTime = $_POST['OriginalPostDateTime'];
$ExpiryDay = $_POST['ExpiryDay'];
$ExpiryMonth = $_POST['ExpiryMonth'];
$ExpiryYear = $_POST['ExpiryYear'];
$ExpiryHour = $_POST['ExpiryHour'];
$ExpiryMinute = $_POST['ExpiryMinute'];
$Headline = trim($_POST['Headline']);
$ShortPost = trim($_POST['ShortPost']);
$LongPost = trim($_POST['LongPost']);
$ImageID = $_POST['ImageID'];
$Categories = CategoriesFromForm(isset($_POST['CatID']) ? $_POST['CatID'] : "");
$CategoryCount = count($Categories);
$TemplateID = $_POST['TemplateID'];
$Priority = $_POST['Priority'];
$Sticky = (isset($_POST['Sticky']) ? '1' : '0');
$Visible = (isset($_POST['Visible']) ? '1' : '0');
$AllowComments = (isset($_POST['AllowComments']) ? '1' : '0');
$Archived = (isset($_POST['Archived']) ? '1' : '0');
// Convert the posting-date and expiry-date to database format
$PostingDateTimeDB = $PostYear . '-' . $PostMonth . '-' . $PostDay . " " . $PostHour . ':' . $PostMinute . ':00';
$ExpiryDateTimeDB = $ExpiryYear . '-' . $ExpiryMonth . '-' . $ExpiryDay . " " . $ExpiryHour . ':' . $ExpiryMinute . ':00';
// Display a short or long preview?
if ( (isset($_POST['PreviewShort'])) || (isset($_POST['PreviewLong'])) || (isset($_POST['SpellShort'])) || (isset($_POST['SpellLong'])) )
{
$TimesRead = 999;
// Incomplete data?
if ($TemplateID == "0")
{
// Display the form again with the data already entered
$ErrorText = 'You must choose a template in order to preview or spell-check.';
DisplayData($NewsID, $PostingDateTimeDB, $OriginalPostDateTime, $ExpiryDateTimeDB, $PostAuthor, $ImageID, $Categories, $TemplateID, $Headline, $ShortPost, $LongPost, $Sticky, $Priority, $Visible, $AllowComments, $Archived);
}
else
{
$SpellCheck = false;
if ( (isset($_POST['SpellShort'])) || (isset($_POST['SpellLong'])) )
$SpellCheck = true;
if ( (isset($_POST['PreviewShort'])) || (isset($_POST['SpellShort'])) )
PreviewArticleShort(-1, $Sticky, $Headline, $PostingDateTimeDB, $PostAuthor, $ShortPost, $LongPost, $ImageID, $TemplateID, $TimesRead, $SpellCheck, $AllowComments, $Categories);
else
PreviewArticleLong(-1, $Sticky, $Headline, $PostingDateTimeDB, $PostAuthor, $ShortPost, $LongPost, $ImageID, $TemplateID, $TimesRead, $SpellCheck, $AllowComments, $Categories);
echo ('<br /><br />');
// Display the form again with the data already entered
DisplayData($NewsID, $PostingDateTimeDB, $OriginalPostDateTime, $ExpiryDateTimeDB, $PostAuthor, $ImageID, $Categories, $TemplateID, $Headline, $ShortPost, $LongPost, $Sticky, $Priority, $Visible, $AllowComments, $Archived);
}
}
// =============================================================================================
// Store to the database
elseif (isset($_POST['submit']))
{
// Incomplete data?
if ($Headline == '' OR $ShortPost == '' OR $TemplateID == "0")
{
// Display the form again with the data already entered
$ErrorText = 'You must complete both the News Headline and the Short Post, and you must choose a template.';
DisplayData($NewsID, $PostingDateTimeDB, $OriginalPostDateTime, $ExpiryDateTimeDB, $PostAuthor, $ImageID, $Categories, $TemplateID, $Headline, $ShortPost, $LongPost, $Sticky, $Priority, $Visible, $AllowComments, $Archived);
}
else
{
// Update/insert
$dbAction = '';
$Success = TRUE;
// Do articles require approval?
$Approved = ($ArticlesRequireApproval) ? '0' : '1';
$Headline = addslashes(trim($_POST['Headline']));
$ShortPost = addslashes(trim($_POST['ShortPost']));
$LongPost = addslashes(trim($_POST['LongPost']));
if ($NewsID <> -1)
{
$sql = "UPDATE news_posts SET PostDateTime='$PostingDateTimeDB', ExpiryDateTime='$ExpiryDateTimeDB', Headline='$Headline', ShortPost='$ShortPost'," .
" LongPost='$LongPost', ImageID='$ImageID', TemplateID = '$TemplateID', Sticky='$Sticky', Priority='$Priority', Visible='$Visible', Approved='$Approved', AllowComments='$AllowComments', Archived='$Archived'" .
" WHERE ID='$NewsID'";
$Success = $Success & mysql_query($sql);
$dbAction = 'C';
// Update the categories
$Success &= CategoriesToDB($NewsID, $Categories);
}
else
{
$sql = "INSERT INTO news_posts SET
AuthorID='$LoggedInUserId', Headline='$Headline',
PostDateTime='$PostingDateTimeDB', OriginalPostDateTime='$PostingDateTimeDB', ExpiryDateTime='$ExpiryDateTimeDB',
TemplateID='$TemplateID', ShortPost='$ShortPost', LongPost='$LongPost', ImageID='$ImageID',
Sticky='$Sticky', Locked='0', Priority='$Priority', Visible='$Visible',
Approved='$Approved', AllowComments='$AllowComments', Archived='$Archived'";
$dbAction = 'A';
$Success = $Success & mysql_query($sql);
$NewsID = mysql_insert_id();
// Update the categories
$Success &= CategoriesToDB($NewsID, $Categories);
}
if ($Success)
{
// Send notification, if required
if (($dbAction == 'A') && ($EmailAddressNotifyPostAdded != ''))
SendNewsNotificationEmail($EmailAddressNotifyPostAdded, $NewsID, 'added');
if (($dbAction == 'C') && ($EmailAddressNotifyPostChanged != ''))
SendNewsNotificationEmail($EmailAddressNotifyPostChanged, $NewsID, 'changed');
// Write audit, if required
if ($EnableAudit == 1)
{
if ($dbAction == 'A')
WriteAuditEvent(AUDIT_TYPE_ARTICLE, 'A', $NewsID, "News article created: ". $Headline);
if ($dbAction == 'C')
WriteAuditEvent(AUDIT_TYPE_ARTICLE, 'C', $NewsID, "News article updated: ". $Headline);
}
$_SESSION['Info'] = "The news database has been updated successfully.";
if ($CategoryCount == 0)
$_SESSION['Info'] .= "<BR>WARNING - the article has not been assigned to any categories!";
header('location:' . $AdminScript . '?action=NewsList');
exit;
}
else
{
$errormsg = 'There was an error adding the news post to the database:';
DisplayError($errormsg, 1);
}
}
}
}
// =============================================================================================
// Display blank entry-form
else
{
$DateTime = CurrentFormattedDateTime();
$Categories = CategoriesFromDB(-1);
DisplayData(-1, $DateTime, $DateTime, '2020-12-31 00:00:00', $LoggedInFullName, '', $Categories, '1', '', '', '', '0', $NewArticleDefaultPriority, '1', '1', '0');
}
?>