Location: PHPKode > projects > PSlash > pslash-0.70/html/admin/news.php
<?
###############################################################################
# Copyright (C) 2000  Derek Leung
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# You may modify your copy or copies of this Program or any portion of it,
# but you must cause the modified files to carry prominent notices stating 
# that you changed the files and the date of any change.  And you are required 
# to keep a copy of this License along with this Program.
#
# You are not required to accept this License, since you have not signed it. 
# However, nothing else grants you permission to modify or distribute this 
# Program or its derivative works. These actions are prohibited by law if 
# you do not accept this License. Therefore, by modifying or distributing 
# this Program (or any work based on this Program), you indicate your 
# acceptance of this License to do so, and all its terms and conditions 
# for copying, distributing or modifying this Program or works based on it.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
# See the GNU General Public License for more details.
# http://www.opensource.org/licenses/gpl-license.html
###############################################################################

global $config;

// kick out anyone try to access this file directly
if (eregi("admin/", $PHP_SELF)) {
    die ("Access Deny!");
}

/*********************************************************/
/* Queue News functions                                     */
/*********************************************************/
function deleteQueueNews($qid) {
	
// function to delete news in queue

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("1",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	$result = mysql_query("delete from ps_queue where qid=$qid");
	if (!$result) {
		echo mysql_errno(). ": ".mysql_error(). "<br>";
	} else {
		$mesg = translate("Operation+Successful!");
		unset($qid,$rightArray,$result);
		Header("Location: admin.php?mesg=$mesg");
	}
	
}

function queueNews ($qid,$uid,$author,$subject,$fulltext,$topic,$ip) {

// display the news in queue and let user to modify it.
	global $config;
	

	if (!$qid) {
		errorPage("You have to choose an article!",$config[def_theme]);
	}

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("1",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}


	// if no variables passed in, we will get the info from database.  Else, he must be passing in variables, dont' read from DB.
	if ($uid == "" || $author == "" || $subject == "" || $fulltext == "" || $topic =="" || $ip == "") {
		$result = mysql_query("SELECT qid, uid, uname, subject, story, topic,ip FROM ps_queue where qid=$qid");
		list($qid, $uid, $author, $subject, $fulltext, $topic,$ip) = mysql_fetch_row($result);
		mysql_free_result($result);
	}

	// anonymous fix
	if ($uid ==0) {
		$author = "Anonymous";
	}

	// check if he has right to edit this topic
	$topics = getTopicRights();
	if (!in_array($topic,$topics)) {
		errorPage("Access Deny! $topic",$config[def_theme]);
	}

	$fulltext = check_html($fulltext);
	$subject = check_html($subject);
	
	// now we display the page
	ps_header("");
	?>
	<h3><?PHP echo translate("Moderate News")." #$qid"; ?></h3>
	<h4><a href="admin.php"><?PHP echo translate("Back to main menu"); ?></a></h4>

	<p><hr>
	<b><? echo translate("Subject") . ": " . $subject;?></b>
	<br><br>
	<?=myNl2Br($fulltext)?>
	<hr>
	<form action="admin.php" method="post">
		<p><b><? echo translate("IP Address"); ?></b><br>
		<?=$ip?>
		<p><b><?php echo translate("Name"); ?></b><br>
		<input type="text" NAME="author" SIZE=50 value="<?PHP echo "$author"; ?>">
		<p><b><?php echo translate("Subject"); ?></b><br>
		<textarea wrap=virtual cols=40 rows=1 name=subject><?= $subject ?></textarea>

		<p><b><?=translate("Topic");?></b><Br> 
		<select name=topic>
			<?
	
			$topics = getTopicRights();
			$size = sizeof($topics);
			for ($i = 0; $i < $size; $i++) {
				echo "<option value=\"$topics[$i]\" ";
				if ($topic == $topics[$i]) echo "selected";
				echo ">$topics[$i]\n";
			}
			?>
		</select>
	
		<p><b><?php echo translate("Full Text"); ?></b><br>
		<textarea wrap=virtual cols=80 rows=8 name=fulltext><?PHP echo "$fulltext"; ?></textarea><BR>
		<input type="hidden" NAME="ip" value="<?PHP echo "$ip"; ?>">
		<input type="hidden" NAME="qid" value="<?PHP echo "$qid"; ?>">
		<input type="hidden" NAME="uid" value="<?PHP echo "$uid"; ?>">
		<select name="op">
			<option value="deleteQueueNews"><?php echo translate("Delete News"); ?></option>
			<option value="queueNews" SELECTED><?php echo translate("PreviewAgain"); ?></option>
			<option value="postQueueNews"><?php echo translate("Post News"); ?></option>
		</select>
		<INPUT type="submit" value="<? echo translate("Go!"); ?>">
	</FORM>

	<?	
	echo "<br><small>".translate("Allowed HTML").":<br>";
	while (list($key,)= each($config[AllowableHTML])) echo " &lt;".$key."&gt;";
	echo "</small>";
	unset($qid,$uid,$author,$subject,$fulltext,$topic,$ip,$rightArray,$topics,$result,$size,$i,$key);
	ps_footer("");
}


function editNews ($sid, $author, $subject, $fulltext, $topic,$ip) {

// Edit news which is already posted.
	global $config;
	
	if (!$sid) {
		errorPage("You have to choose an article!",$config[def_theme]);
	}

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("2",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	
	if ($author == "" || $subject == "" || $fulltext == "" || $topic =="" || $ip == "") {
		$result = mysql_query("SELECT sid, aid, title, full_text, topic,ip FROM ps_stories where sid=$sid");
		list($sid, $author, $subject, $fulltext, $topic,$ip) = mysql_fetch_row($result);
		mysql_free_result($result);
	}

	// check if he has right to edit this topic
	$topics = getTopicRights();
	if (!in_array($topic,$topics)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	if ($subject =="") {
		errorPage("No such news!",$config[def_theme]);
	}
	
	$fulltext = check_html($fulltext);
	$subject = check_html($subject);
	ps_header("");

	// now we display the page
	?>
	<h3><?PHP echo translate("Edit News")." #$sid"; ?></h3>
	<h4><a href="admin.php"><?PHP echo translate("Back to main menu"); ?></a></h4>

	<p><hr>
	<b><? echo translate("Subject") . ": " . $subject;?></b>
	<br><br>
	<?=myNl2Br(auto_link($fulltext))?>
	<hr>
	<form action="admin.php" method="post">
		<p><b><? echo translate("IP Address"); ?></b><br>
		<?=$ip?>
		<p><b><?php echo translate("Name"); ?></b><br>
		<input type="text" NAME="author" SIZE=50 value="<?PHP echo "$author"; ?>">
		<p><b><?php echo translate("Subject"); ?></b><br>
		<textarea wrap=virtual cols=80 rows=1 name=subject><?= $subject ?></textarea>
		<p><b><?=translate("Topic");?></b><Br> 
		<select name=topic>
			<?
			$topics = getTopicRights();
			$size = sizeof($topics);
			for ($i = 0; $i < $size; $i++) {
				echo "<option value=\"$topics[$i]\" ";
				if ($topic == $topics[$i]) echo "selected";
				echo ">$topics[$i]\n";
			}
			?>
		</select>
	
		<p><b><?php echo translate("Full Text"); ?></b><br>
		<textarea wrap=virtual cols=80 rows=8 name=fulltext><?PHP echo "$fulltext"; ?></textarea><BR>
		<input type="hidden" NAME="ip" value="<?PHP echo "$ip"; ?>">
		<input type="hidden" NAME="sid" value="<?PHP echo "$sid"; ?>">
		
		<select name="op">
			<option value="removeNews"><?php echo translate("Delete News"); ?></option>
			<option value="editNews" SELECTED><?php echo translate("PreviewAgain"); ?></option>
			<option value="updateNews"><?php echo translate("Update News"); ?></option>
		</select>
		<INPUT type="submit" value="<? echo translate("Go!"); ?>">
	</form>


	<?	
	echo "<br><small>".translate("Allowed HTML").":<br>";	
	while (list($key,)= each($config[AllowableHTML])) echo " &lt;".$key."&gt;";
	echo "</small>";
	unset($sid, $author, $subject, $fulltext, $topic,$ip,$rightArray,$result,$topics,$size,$i,$key);
	ps_footer("");
}


function postQueueNews($qid, $uid, $author, $subject, $fulltext, $topic, $ip) {

// post the news in queue
	global $config;

	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("1",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// check if he has right to edit this topic
	$topics = getTopicRights();
	if (!in_array($topic,$topics)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	if ($uid == 0) $author = "Anonymous";
	$fulltext = fixquotes(check_html($fulltext));
	$subject = fixquotes(check_html($subject));
	$author = fixquotes($author);

	$result = mysql_query("insert into ps_stories values (NULL, '$author', '$subject', now(), '$fulltext', '0', '$topic','$ip')");
	if (!$result) {
		echo mysql_errno(). ": ".mysql_error(). "<br>";
		return;
	}
	$result = mysql_query("update ps_users set newsPostNum=newsPostNum+1 where uid=$uid");
	unset($uid, $author, $subject, $fulltext, $topic, $ip,$rightArray,$topics,$result);
	deleteQueueNews($qid);
}



function removeNews ($sid, $ok=0) {

// remove existing news
	global $config;
	
	// check if he has right to use this function
	$rightArray = getAdminRights();
	if (!in_array("2",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// no $sid input, throw error message
	if ($sid == "") {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// if $ok is passed in, we are ready to delete it.
	if($ok) {
		$result = mysql_query("select topic from ps_stories where sid=$sid");
		list($topic) = mysql_fetch_row($result);
		mysql_free_result($result);

		// check if he has right to edit this topic
		$topics = getTopicRights();
		if (in_array($topic,$topics)) {
			mysql_query("DELETE FROM ps_stories where sid=$sid");
			mysql_query("DELETE FROM ps_comments where sid=$sid");
			$mesg = translate("News+is+deleted!");
			Header("Location: admin.php?mesg=$mesg");

		} else {
			errorPage("Access Denied",$config[def_theme]);
		}
	} else {
		// No $ok is passed in, we will show the confirmation mesg.
		ps_header("");
		echo "<h3>".translate("Delete News")."</h3>";
		printf ( translate("Are you sure you want to remove news ID #%s AND it's comments?"), $sid);
		echo " [ <a href=\"admin.php\">".translate("No")."</a> | <a href=\"admin.php?op=removeNews&sid=$sid&ok=1\">".translate("Yes")."</a> ]";

		$result = mysql_query("SELECT title, topic, aid FROM ps_stories WHERE sid=$sid");
		list($title, $topic, $author) = mysql_fetch_row($result);
		mysql_free_result($result);
		list($count) = mysql_fetch_row(mysql_query("SELECT count(sid) FROM ps_comments where sid=$sid"));
		?>
		<BR>
		<P><?php echo translate("News details"); ?>:</P>

		<TABLE CELLPADDING=0 CELLSPACING=0 BORDER=0>
			<TR><TH align=left><?php echo translate("Topic"); ?>:&nbsp;&nbsp;&nbsp;</TH><TD><?php echo "$topic"; ?></TD>
			<TR><TH align=left><?php echo translate("Title"); ?>:&nbsp;&nbsp;&nbsp;</TH><TD><?php echo "$title"; ?></TD>
			<TR><TH align=left><?php echo translate("Author"); ?>:&nbsp;&nbsp;&nbsp;</TH><TD><?php echo "$author"; ?></TD>
			<TR><TH align=left><?php echo translate("Number of Comments"); ?>:&nbsp;&nbsp;&nbsp;</TH><TD><?php echo "$count"; ?></TD>
		</TABLE>
		<BR>
		<?
		unset($sid, $ok,$result,$topic,$topics,$mesg,$result,$title,$author,$count);
		ps_footer("");
	}
}


function selectNews($page) {

// show a list of News
	global $config;
	
	$rightArray = getAdminRights();
	if (!in_array("2",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	ps_header("");
	
	// restrict one page show only 10 news.
	$topics = getTopicRights();
	if ($page == ""){
		$num = 0;
	} else {
		$num = ($page * 10) + 1;
	}

	$result = mysql_query("SELECT sid FROM ps_stories");
	if ($result) {
		$numRow = mysql_num_rows($result);
		mysql_free_result($result);
	}

	$result = mysql_query("SELECT sid, title, topic, time,aid FROM ps_stories ORDER BY time desc,topic limit $num,10");
	$numRow2 = mysql_num_rows($result);

	if (!$result) {
		echo "<BR>". translate("No articles found in index") ."<BR>\n";
	} else {
		// show the news
		echo "<h3>".translate("Select news to Edit/Delete") . "</h3>";
		echo "<table border=1><tr><td><B>".translate("Topic")."</B></td><td><b>".translate("Author")."</b></td><td><B>".translate("Edit")."</B></td><td><B>".translate("Delete")."</B></td><td><B>".translate("Subject")."</B></td><td><B>".translate("Date of post")."</B></td></tr>";
		while (list($sid,$title,$topic,$datetime,$author) = mysql_fetch_row($result)) {
			// show only the topic that the user can see
			if (in_array($topic,$topics)) {
			echo "<tr><td>$topic</td>";
			echo "<td>$author</td>";
			echo "<td><a href=\"admin.php?op=editNews&sid=$sid\">".translate("Edit")."</a></td>";
			echo "<td><a href=\"admin.php?op=removeNews&sid=$sid\">".translate("Delete")."</a></td>";
			echo "<td>$title</td>";
			echo "<td>".formatTimestamp($datetime)."</td></tr>";
			}
		}
		echo "</table>";

		// make the next page link
		if ($page == "") {
			$page = 1;
		} else {
			$page++;
		}
		
		if ($numRow > ($num + $numRow2)) { 
			echo "<br><a href=\"admin.php?op=selectNews&page=$page\">Next page---></a>";
		}
		mysql_free_result($result);
	}
	
	unset($page,$topics,$rightArray,$page,$num,$result,$numRow,$numRow2,$sid,$title,$topic,$datetime,$author);
	ps_footer("");
}



function updateNews($sid, $author, $subject, $fulltext, $topic,$ip) {

// Update the news that is just edited.
	global $config;
	
	// check if he has right use this function
	$rightArray = getAdminRights();
	if (!in_array("2",$rightArray)) {
		errorPage("Access Deny!",$config[def_theme]);
	}

	// check if he has right to edit this topic
	$topics = getTopicRights();
	if (!in_array($topic,$topics) || $sid== "") {
		errorPage("Access Deny!",$config[def_theme]);
	}

	$subject = check_html($subject);
	$fulltext= check_html($fulltext);
	$subject = fixquotes($subject);
	$fulltext = fixquotes($fulltext);
	mysql_query("update ps_stories set title='$subject', full_text='$fulltext', aid='$author', topic='$topic' where sid=$sid");
	$mesg = translate("News+is+updated!");
	
	unset($sid, $author, $subject, $fulltext, $topic,$ip,$topics,$rightArray);
	Header("Location: admin.php?mesg=$mesg");
}

?>
Return current item: PSlash