Location: PHPKode > projects > WB News > admin/edit-news.php
<?php

/*========================================================*\
||########################################################||
||#                                                      #||
||#     WB News v2.0.0                                   #||
||# ---------------------------------------------------- #||
||#     Copyright (c) 2004-2007                          #||
||#     Created: 10th April 2007                         #||
||#     Filename: edit-news.php                          #||
||#                                                      #||
||########################################################||
/*========================================================*/

/**
 *  @author $Author: pmcilwaine $
 *	@version $Id: edit-news.php,v 1.1.2.5.2.1 2008/07/14 11:02:37 pmcilwaine Exp $
 */

require_once( "global.php" );
$auth->login_if( !isset($_GET["id"]) ? !$auth->has_perm( "addnews" ) : !$auth->has_perm( "modifynews" ) );

$myform = "edit-news";
if ( !isset($_SESSION["return_page"]) )
{
	$_SESSION["return_page"] = MAIN_SERVER . "/admin/news.php";
}

$page = new PageTemplateEngine( BuildPath("admin/main-page.ihtml") );
$tmpl->SetFilename( BuildPath("admin/edit-news.ihtml") );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => FALSE,
	"class_open" => "open",
	"links" => toolbarmenu()
	);
$toolbar = include( INCDIR . "/page-menu.php" );

$page->AddParam( "toolbar", $toolbar );
$page->AddParam( "userinfo", $userinfo );

$id = isset($_REQUEST["id"]) ? $DB->escape( $_REQUEST["id"] ) : NULL;

$DB->query( "SELECT n.id FROM " . TBL_NEWS . " n JOIN " . TBL_COMMENTS . " c ON c.newsid = n.id WHERE \"id\"='$id'" );
$deletable = !$DB->next_record();

$cond = array();
$cond[] = "id='$id'";
$cond = join( " AND ", $cond );

$formdata =& $tmpl->AddParam( "formdata", array() );

$DB->query( "SELECT * FROM " . TBL_NEWS . " WHERE $cond" );
$is_new = !$DB->next_record();

if ( $userinfo["userid"] != $DB->field( "userid") && !$auth->has_perm( "master" ) )
{
	Message( "You do not have permissions to edit another authors article" );
	redirect( $_SESSION["return_page"] );
	exit;
}

$formdata["title"] = htmlspecialchars( $DB->field("title") );
$formdata["category"] = htmlspecialchars( $DB->field("catid") );
$formdata["publish"] = htmlspecialchars( $DB->field("publish") );
$formdata["allow_comments"] = $DB->field("allowcomments");
$formdata["comments_logged_user"] = $DB->field("comments_logged_user");

$formdata["release_date"] = NULL;
if ( NULL != ($release_date = $DB->field("release_date")) )
{
	list( $y, $m, $d ) = split( "-", $release_date );
	$formdata["release_date"] = "$d/$m/$y";
}

$formdata["archive_date"] = NULL;
if ( NULL != ($archive_date = $DB->field("archive_date")) )
{
	list( $y, $m, $d ) = split( "-", $archive_date );
	$formdata["archive_date"] = "$d/$m/$y";
}

$formdata["message"] = sanitize_post_html( "news", "rte", $DB->current_record );
$formdata["summary"] = htmlspecialchars( $DB->field("summary") );

$fields = array(
	"c.id",
	"c.name"
	);
$cond = array();
$cond = join( " AND ", $cond );
$joins = array();
$joins["join"][] = TBL_CATPERMS . " p on c.id = p.catid and p.groupid = " . $userinfo["groupid"];
$cat_ids = $DB->ListByJoin( array( TBL_CATEGORY . " c"), $fields, $cond, $joins, "name DESC" );

if ( $_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["form"]) && $_POST["form"] == $myform )
{

	$err_msg = array();

	switch ( Submit() )
	{

	case "Create" :
	case "Ok" :

		$title = sanitize_post( "title" );
		$category = sanitize_post( "category" );
		$release_date = sanitize_post( "release_date" );
		$archive_date = sanitize_post( "archive_date" );
		$summary = sanitize_post( "summary", "multiline" );
		$archive_date = sanitize_post( "archive_date" );
		$comments_logged_user = array_key_exists( "comments_logged_user", $_POST );
		$allowcomments = array_key_exists( "allow_comments", $_POST );
		$message = sanitize_post( "message", "multiline" );
		$publish = array_key_exists( "publish", $_POST );
		
		if ( "" == $message && isset($_POST["page"]) && "preview" == $_POST["page"] )
		{
			$message = $_SESSION["message"];
		}
		
		if ( "" != $release_date )
		{
			list( $d, $m, $y ) = split( "/", $release_date );
			if ( !checkdate( intval($m), intval($d), intval($y) ) )
			{
				$err_msg["release_date"] = "You must enter the date in dd/mm/yyyy format";
			}
		}

		if ( "" != $archive_date )
		{
			list( $d, $m, $y ) = split( "/", $archive_date );
			if ( !checkdate( intval($m), intval($d), intval($y) ) )
			{
				$err_msg["archive_date"] = "You must enter the date in dd/mm/yyyy format";
			}
		}

		if ( "" != $release_date && "" != $archive_date )
		{
			list( $d, $m, $y ) = split( "/", $release_date );
			$rd = mktime( 0, 0, 0, intval($m), intval($d), intval($y) );
			
			list( $d, $m, $y ) = split( "/", $archive_date );
			$ad = mktime( 0, 0, 0, intval($m), intval($d), intval($y) );

			if ( $rd >= $ad )
			{
				$err_msg["archive_date"] = "Archive date must be after release date";
			}
			
		}

		if ( "" == $title )
		{
			$err_msg["title"] = "Title must not be empty";
		}

		if ( "" == $message )
		{
			$err_msg["message"] = "News body must not be empty";
		}

		if ( "-1" != $category )
		{
			$OK = FALSE;
			foreach ( $cat_ids as $cat )
			{
				if ( $cat["id"] == $category )
				{
					$OK=TRUE;
				}
			}

			if ( !$OK )
			{
				$err_msg["category"] = "Invalid Option";
			}
		}

		if ( count($err_msg) > 0 )
		{
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			redirect( make_url() );
			exit;
		}

		if ( NULL != $release_date )
		{
			list( $d, $m, $y ) = split( "/", $release_date );
			$release_date = "$y-$m-$d";
		}

		if ( NULL != $archive_date )
		{
			list( $d, $m, $y ) = split( "/", $archive_date );
			$archive_date = "$y-$m-$d";
		}

		$publish = $publish ? 1 : 0;
		$summary = $DB->escape( $summary );
		$message = $DB->escape( $message );
		$title = $DB->escape( $title );
		$release_date = $DB->escape( $release_date );
		$archive_date = $DB->escape( $archive_date );
		$allowcomments = $allowcomments ? 1 : 0;
		$comments_logged_user = $comments_logged_user ? 1 : 0;
		
		$query = array();
		if ( $is_new )
		{
			$release_date = ( NULL == $release_date ) ? "NULL" : "'$release_date'";
			$archive_date = ( NULL == $archive_date ) ? "NULL" : "'$archive_date'";

			$new_id = $DB->NewID( SEQ_PREFIX . "seq_news" );

			$userid = $userinfo["userid"];
			$query[] = "INSERT INTO " . TBL_NEWS;
			$query[] = "(id,catid,userid,title,summary,news,ts,allowcomments,release_date,archive_date,publish,comments_logged_user)";
			$query[] = "VALUES($new_id,$category,$userid,'$title','$summary','$message',NOW(),$allowcomments,$release_date,$archive_date,$publish,$comments_logged_user)";
		}
		else
		{
			$query[] = "UPDATE " . TBL_NEWS . " SET";
			$query[] = "catid='$category',";
			$query[] = "title='$title',";
			$query[] = "summary='$summary',";
			$query[] = "news='$message',";
			$query[] = "publish=$publish,";
			$query[] = "comments_logged_user=$comments_logged_user,";
			$query[] = "\"ts\"=\"ts\",";
			if ( NULL != $release_date )
			{
				$query[] = "release_date='$release_date',";
			}
			else
			{
				$query[] = "release_date=NULL,";
			}
			if ( NULL != $archive_date )
			{
				$query[] = "archive_date='$archive_date',";
			}
			else
			{
				$query[] = "archive_date=NULL,";
			}
			$query[] = "allowcomments=$allowcomments";
			$query[] = "WHERE id=$id";
		}

		if ( !$DB->query( join( " ", $query ) ) )
		{
			Message( "Couldn't commit data" );
			$_SESSION["formdata"] = $_POST;
			$_SESSION["err_msg"][$myform] = $err_msg;
			redirect( make_url() );
			exit;
		}

		switch ( Submit() )
		{
		case "Create":
			Message( "Created new news article" );
			break;
		case "Ok":
			Message( "Updated news article \"$title\"" );
			break;
		default:
			Message( "Unknown action" );
			break;
		}

		redirect( $_SESSION["return_page"] );
		exit;
	case "Edit":
		$_SESSION["formdata"] = $_POST;
		$_SESSION["formdata"]["message"] = $_SESSION["message"];
		redirect( make_url() );
		exit;
	case "Preview" :
		
		$_SESSION["message"] = $_POST["message"];
		
		$tmpl->SetFilename( BuildPath("admin/preview-news.ihtml" ) );
		$formdata =& $tmpl->AddParam( "formdata", array() );
		
		$formdata["hidden"] = array(
			"form" => $myform,
			"id" => $id,
			"page" => "preview",
			"title" => sanitize_post( "title" ),
			"category" => sanitize_post( "category" ),
			"release_date" => sanitize_post( "release_date" ),
			"archive_date" => sanitize_post( "archive_date" ),
			"summary" => sanitize_post( "summary", "multiline" ),
			"allow_comments" => array_key_exists( "allow_comments", $_POST ),
			"publish" => array_key_exists( "publish", $_POST )
			);
		
		$tmpl->AddParam( "title", htmlspecialchars( $_POST["title"] ) );
		$tmpl->AddParam( "release_date", htmlspecialchars( $_POST["release_date"] ) );
		$tmpl->AddParam( "message", $_POST["message"] );
		
		$tmpl->AddParam( "buttons", "Cancel,Edit,Ok" );
		
		$page->AddParam( "pagemenu", NULL );
		$page->ParseContent( $tmpl->GetHTML() );
		$page->ShowPage();
		exit;
	case "Delete" :
		$auth->login_if( !$auth->has_perm( "deletenews" ) );
		$DB->query( "DELETE FROM " . TBL_NEWS . " WHERE id='$id'");
		Message( "Deleted news article " . htmlspecialchars( $_POST["title"] ) );
		redirect( $_SESSION["return_page"] );
		exit;
	case "Cancel" :
		if ( $is_new )
		{
			Message( "Cancelled creating news article" );
		}
		else
		{
			Message( "Cancelled updating \"" . htmlspecialchars( $_POST["title"] ) . "\"" );
		}
		redirect( $_SESSION["return_page"] );
		exit;
	}
	
}

$tmpl->AddParam( "caption", $DB->affectedrows() ? "Edit News" : "Create News" );
$options =& $tmpl->AddParam( "options", array() );

$formdata["hidden"] = array(
	"form" => $myform,
	"id" => $id
	);

$options["category"] = array( "-1" => "No Category" );
if ( is_array($cat_ids) && count($cat_ids) != 0 )
{
	foreach ( $cat_ids as $cat )
	{
		$options["category"][htmlspecialchars($cat["id"])] = htmlspecialchars($cat["name"]);
	}
}

if ( $is_new )
{
	$tmpl->AddParam( "buttons", "Cancel,Preview,Create" );
}
else if ( !$deletable )
{
	$tmpl->AddParam( "buttons", "Cancel,Preview,Ok" );
}
else
{
	$tmpl->AddParam( "buttons", "Cancel,Delete,Preview,Ok" );
}

if ( isset($_SESSION["formdata"]) )
{
	if ( isset($_SESSION["err_msg"][$myform]) )
	{
		$tmpl->AddParam( "msg", $_SESSION["err_msg"][$myform] );
	}

	$formdata["title"] = sanitize_post_html( "title", NULL , $_SESSION["formdata"] );
	$formdata["category"] = sanitize_post_html( "category", NULL , $_SESSION["formdata"] );
	$formdata["archive_date"] = sanitize_post_html( "archive_date", NULL , $_SESSION["formdata"] );
	$formdata["release_date"] = sanitize_post_html( "release_date", NULL , $_SESSION["formdata"] );
	$formdata["summary"] = sanitize_post_html( "summary", NULL , $_SESSION["formdata"] );
	$formdata["message"] = sanitize_post_html( "message", "rte" , $_SESSION["formdata"] );
	$formdata["comments_logged_user"] = array_key_exists( "comments_logged_user", $_SESSION["formdata"] );
	$formdata["allow_comments"] = array_key_exists( "allow_comments", $_SESSION["formdata"] );
	$formdata["publish"] = array_key_exists( "publish", $_SESSION["formdata"] );
	
	unset( $_SESSION["formdata"], $_SESSION["err_msg"][$myform] );
}

$pagemenu =& $tmpl->AddParam( "pagemenu", array() );
$page->BindParam( "pagemenu", $tmpl );

$params = array(
	"entry" => "\t<li>%s</li>\n\t",
	"separator" => "\t<li>|</li>\n\t",
	"links" => buildmenu( $theme_info["pagemenu_build"] )
	);
$params = array_merge( $params, $theme_info["pagemenu"] );
$pagemenu = include( INCDIR . "/page-menu.php" );

$page->ParseContent( $tmpl->GetHTML() );
$page->ShowPage();

?>
Return current item: WB News