".$lang_news['std_here']."".$lang_news['std_if_sure'],false); sql_query("DELETE FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('recent_news','true'); if ($returnto != "") header("Location: $returnto"); else header("Location: " . get_protocol_prefix() . "$BASEURL/index.php"); } // Add News Item ///////////////////////////////////////////////////////// if ($action == 'add') { $body = htmlspecialchars($_POST['body'],ENT_QUOTES); if (!$body) stderr($lang_news['std_error'], $lang_news['std_news_body_empty']); $title = htmlspecialchars($_POST['subject']); if (!$title) stderr($lang_news['std_error'], $lang_news['std_news_title_empty']); $added = intval($_POST["added"] ?? 0); if (!$added) $added = sqlesc(date("Y-m-d H:i:s")); $notify = $_POST['notify'] ?? ''; if ($notify != 'yes') $notify = 'no'; sql_query("INSERT INTO news (userid, added, body, title, notify) VALUES (".sqlesc($CURUSER['id']) . ", $added, " . sqlesc($body) . ", " . sqlesc($title) . ", " . sqlesc($notify).")") or sqlerr(__FILE__, __LINE__); $Cache->delete_value('recent_news',true); if (mysql_affected_rows() != 1) { stderr($lang_news['std_error'], $lang_news['std_something_weird_happened']); } fire_event("news_created", \App\Models\News::query()->find(mysql_insert_id())); header("Location: " . get_protocol_prefix() . "$BASEURL/index.php"); } // Edit News Item //////////////////////////////////////////////////////// if ($action == 'edit') { $newsid = intval($_GET["newsid"] ?? 0); int_check($newsid,true); $res = sql_query("SELECT * FROM news WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr($lang_news['std_error'], $lang_news['std_invalid_news_id'].$newsid); $arr = mysql_fetch_array($res); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = htmlspecialchars($_POST['body'],ENT_QUOTES); if ($body == "") stderr($lang_news['std_error'], $lang_news['std_news_body_empty']); $title = htmlspecialchars($_POST['subject']); if ($title == "") stderr($lang_news['std_error'], $lang_news['std_news_title_empty']); $body = sqlesc($body); $editdate = sqlesc(date("Y-m-d H:i:s")); $notify = $_POST['notify'] ?? ''; if ($notify != 'yes') $notify = 'no'; $notify = sqlesc($notify); $title = sqlesc($title); sql_query("UPDATE news SET body=$body, title=$title, notify=$notify WHERE id=".sqlesc($newsid)) or sqlerr(__FILE__, __LINE__); $Cache->delete_value('recent_news',true); header("Location: " . get_protocol_prefix() . "$BASEURL/index.php"); } else { stdhead($lang_news['head_edit_site_news']); begin_main_frame(); $body = $arr["body"]; $subject = htmlspecialchars($arr['title']); $title = $lang_news['text_edit_site_news']; print("

"); print(""); begin_compose($title, "edit", $body, true, $subject); print("".$lang_news['text_notify_users_of_this']."\n"); end_compose(); end_main_frame(); stdfoot(); die; } } // Other Actions and followup //////////////////////////////////////////// stdhead($lang_news['head_site_news']); begin_main_frame(); $title = $lang_news['text_submit_news_item']; print("\n"); begin_compose($title, 'new'); print("".$lang_news['text_notify_users_of_this']."\n"); end_compose(); print("

"); end_main_frame(); stdfoot(); die; ?>