public/news.php

<?php
require "../include/bittorrent.php";
dbconn();
require_once(get_langfile_path());
loggedinorreturn();
user_can('newsmanage', true);

$action = htmlspecialchars($_GET["action"] ?? '');

//  Delete News Item    //////////////////////////////////////////////////////

if ($action == 'delete')
{
	$newsid = intval($_GET["newsid"] ?? 0);
	int_check($newsid,true);

	$returnto = !empty($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);

	$sure = intval($_GET["sure"] ?? 0);
	if (!$sure)
	stderr($lang_news['std_delete_news_item'], $lang_news['std_are_you_sure'] . "<a class=altlink href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>".$lang_news['std_here']."</a>".$lang_news['std_if_sure'],false);

	sql_query("DELETE FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);
	$Cache->delete_value('recent_news','true');
	if ($returnto != "")
	header("Location: $returnto");
	else
	header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");
}

//  Add News Item    /////////////////////////////////////////////////////////

if ($action == 'add')
{
	$body = htmlspecialchars($_POST['body'],ENT_QUOTES);
	if (!$body)
	stderr($lang_news['std_error'], $lang_news['std_news_body_empty']);

	$title = htmlspecialchars($_POST['subject']);
	if (!$title)
	stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);

	$added = intval($_POST["added"] ?? 0);
	if (!$added)
	$added = sqlesc(date("Y-m-d H:i:s"));
	$notify = $_POST['notify'] ?? '';
	if ($notify != 'yes')
		$notify = 'no';
	sql_query("INSERT INTO news (userid, added, body, title, notify) VALUES (".sqlesc($CURUSER['id']) . ", $added, " . sqlesc($body) . ", " . sqlesc($title) . ", " . sqlesc($notify).")") or sqlerr(__FILE__, __LINE__);
	$Cache->delete_value('recent_news',true);
	if (mysql_affected_rows() != 1) {
        stderr($lang_news['std_error'], $lang_news['std_something_weird_happened']);
    }
	fire_event("news_created", \App\Models\News::query()->find(mysql_insert_id()));
	header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");
}

//  Edit News Item    ////////////////////////////////////////////////////////

if ($action == 'edit')
{

	$newsid = intval($_GET["newsid"] ?? 0);
	int_check($newsid,true);

	$res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);

	if (mysql_num_rows($res) != 1)
	stderr($lang_news['std_error'], $lang_news['std_invalid_news_id'].$newsid);

	$arr = mysql_fetch_array($res);

	if ($_SERVER['REQUEST_METHOD'] == 'POST')
	{
		$body = htmlspecialchars($_POST['body'],ENT_QUOTES);

		if ($body == "")
		stderr($lang_news['std_error'], $lang_news['std_news_body_empty']);

		$title = htmlspecialchars($_POST['subject']);

		if ($title == "")
		stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);

		$body = sqlesc($body);

		$editdate = sqlesc(date("Y-m-d H:i:s"));
		$notify = $_POST['notify'] ?? '';
		if ($notify != 'yes')
			$notify = 'no';
		$notify = sqlesc($notify);
		$title = sqlesc($title);
		sql_query("UPDATE news SET body=$body, title=$title, notify=$notify WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);
		$Cache->delete_value('recent_news',true);
		header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");
	}
	else
	{
		stdhead($lang_news['head_edit_site_news']);
		begin_main_frame();
		$body = $arr["body"];
		$subject = htmlspecialchars($arr['title']);
		$title = $lang_news['text_edit_site_news'];
		print("<form id=\"compose\" name=\"compose\" method=\"post\" action=\"".htmlspecialchars("?action=edit&newsid=".$newsid)."\">");
		print("<input type=\"hidden\" name=\"returnto\" value=\"".($returnto ?? '')."\" />");
		begin_compose($title, "edit", $body, true, $subject);
		print("<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" ".($arr['notify'] == 'yes' ? " checked=\"checked\"" : "")." />".$lang_news['text_notify_users_of_this']."</td></tr>\n");
		end_compose();
		end_main_frame();
		stdfoot();
		die;
	}

}

//  Other Actions and followup    ////////////////////////////////////////////

stdhead($lang_news['head_site_news']);
begin_main_frame();
$title = $lang_news['text_submit_news_item'];
print("<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=add\">\n");
begin_compose($title, 'new');
print("<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" />".$lang_news['text_notify_users_of_this']."</td></tr>\n");
end_compose();
print("</form>");
end_main_frame();
stdfoot();
die;

?>
init 2020-12-26 01:42:23 +08:00			`<?php`
add composer 2021-01-13 19:32:26 +08:00			`require "../include/bittorrent.php";`
init 2020-12-26 01:42:23 +08:00			`dbconn();`
			`require_once(get_langfile_path());`
			`loggedinorreturn();`
Refactoring user permissions 2022-08-20 19:11:28 +08:00			`user_can('newsmanage', true);`
init 2020-12-26 01:42:23 +08:00
fix warning 2020-12-30 02:37:43 +08:00			`$action = htmlspecialchars($_GET["action"] ?? '');`
init 2020-12-26 01:42:23 +08:00
			`// Delete News Item //////////////////////////////////////////////////////`

			`if ($action == 'delete')`
			`{`
keep some default value be integer 2 2021-01-06 02:19:03 +08:00			`$newsid = intval($_GET["newsid"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`int_check($newsid,true);`

fix warning 2020-12-30 02:37:43 +08:00			`$returnto = !empty($_GET["returnto"]) ? htmlspecialchars($_GET["returnto"]) : htmlspecialchars($_SERVER["HTTP_REFERER"]);`
init 2020-12-26 01:42:23 +08:00
keep some default value be integer 2 2021-01-06 02:19:03 +08:00			`$sure = intval($_GET["sure"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`if (!$sure)`
			`stderr($lang_news['std_delete_news_item'], $lang_news['std_are_you_sure'] . "<a class=altlink href=?action=delete&newsid=$newsid&returnto=$returnto&sure=1>".$lang_news['std_here']."</a>".$lang_news['std_if_sure'],false);`

			`sql_query("DELETE FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);`
			`$Cache->delete_value('recent_news','true');`
			`if ($returnto != "")`
			`header("Location: $returnto");`
			`else`
			`header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");`
			`}`

			`// Add News Item /////////////////////////////////////////////////////////`

			`if ($action == 'add')`
			`{`
			`$body = htmlspecialchars($_POST['body'],ENT_QUOTES);`
			`if (!$body)`
			`stderr($lang_news['std_error'], $lang_news['std_news_body_empty']);`

			`$title = htmlspecialchars($_POST['subject']);`
			`if (!$title)`
			`stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);`

keep some default value be integer 2 2021-01-06 02:19:03 +08:00			`$added = intval($_POST["added"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`if (!$added)`
			`$added = sqlesc(date("Y-m-d H:i:s"));`
fix warning 2020-12-30 02:37:43 +08:00			`$notify = $_POST['notify'] ?? '';`
init 2020-12-26 01:42:23 +08:00			`if ($notify != 'yes')`
Refactoring user permissions 2022-08-20 19:11:28 +08:00			`$notify = 'no';`
init 2020-12-26 01:42:23 +08:00			`sql_query("INSERT INTO news (userid, added, body, title, notify) VALUES (".sqlesc($CURUSER['id']) . ", $added, " . sqlesc($body) . ", " . sqlesc($title) . ", " . sqlesc($notify).")") or sqlerr(__FILE__, __LINE__);`
			`$Cache->delete_value('recent_news',true);`
add event news_created 2024-04-03 04:05:04 +08:00			`if (mysql_affected_rows() != 1) {`
			`stderr($lang_news['std_error'], $lang_news['std_something_weird_happened']);`
			`}`
refactor model event again 2024-04-26 03:21:35 +08:00			`fire_event("news_created", \App\Models\News::query()->find(mysql_insert_id()));`
init 2020-12-26 01:42:23 +08:00			`header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");`
			`}`

			`// Edit News Item ////////////////////////////////////////////////////////`

			`if ($action == 'edit')`
			`{`

keep some default value be integer 2 2021-01-06 02:19:03 +08:00			`$newsid = intval($_GET["newsid"] ?? 0);`
init 2020-12-26 01:42:23 +08:00			`int_check($newsid,true);`

			`$res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);`

			`if (mysql_num_rows($res) != 1)`
			`stderr($lang_news['std_error'], $lang_news['std_invalid_news_id'].$newsid);`

			`$arr = mysql_fetch_array($res);`

			`if ($_SERVER['REQUEST_METHOD'] == 'POST')`
			`{`
			`$body = htmlspecialchars($_POST['body'],ENT_QUOTES);`

			`if ($body == "")`
			`stderr($lang_news['std_error'], $lang_news['std_news_body_empty']);`

			`$title = htmlspecialchars($_POST['subject']);`

			`if ($title == "")`
			`stderr($lang_news['std_error'], $lang_news['std_news_title_empty']);`

			`$body = sqlesc($body);`

			`$editdate = sqlesc(date("Y-m-d H:i:s"));`
fix warning 2020-12-30 02:37:43 +08:00			`$notify = $_POST['notify'] ?? '';`
init 2020-12-26 01:42:23 +08:00			`if ($notify != 'yes')`
			`$notify = 'no';`
			`$notify = sqlesc($notify);`
			`$title = sqlesc($title);`
			`sql_query("UPDATE news SET body=$body, title=$title, notify=$notify WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__);`
			`$Cache->delete_value('recent_news',true);`
			`header("Location: " . get_protocol_prefix() . "$BASEURL/index.php");`
			`}`
			`else`
			`{`
			`stdhead($lang_news['head_edit_site_news']);`
			`begin_main_frame();`
			`$body = $arr["body"];`
			`$subject = htmlspecialchars($arr['title']);`
			`$title = $lang_news['text_edit_site_news'];`
			`print("<form id=\"compose\" name=\"compose\" method=\"post\" action=\"".htmlspecialchars("?action=edit&newsid=".$newsid)."\">");`
fix warning 2020-12-30 02:37:43 +08:00			`print("<input type=\"hidden\" name=\"returnto\" value=\"".($returnto ?? '')."\" />");`
init 2020-12-26 01:42:23 +08:00			`begin_compose($title, "edit", $body, true, $subject);`
			`print("<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" ".($arr['notify'] == 'yes' ? " checked=\"checked\"" : "")." />".$lang_news['text_notify_users_of_this']."</td></tr>\n");`
			`end_compose();`
			`end_main_frame();`
			`stdfoot();`
			`die;`
			`}`

			`}`

			`// Other Actions and followup ////////////////////////////////////////////`

			`stdhead($lang_news['head_site_news']);`
			`begin_main_frame();`
			`$title = $lang_news['text_submit_news_item'];`
			`print("<form id=\"compose\" method=\"post\" name=\"compose\" action=\"?action=add\">\n");`
			`begin_compose($title, 'new');`
			`print("<tr><td class=\"toolbox\" align=\"center\" colspan=\"2\"><input type=\"checkbox\" name=\"notify\" value=\"yes\" />".$lang_news['text_notify_users_of_this']."</td></tr>\n");`
			`end_compose();`
			`print("</form>");`
			`end_main_frame();`
			`stdfoot();`
			`die;`

			`?>`