here if you are sure."); do_mysql_query("DELETE FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); if ($returnto != "") header("Location: $returnto"); else $warning = _("News item was deleted successfully."); } // Add News Item ///////////////////////////////////////////////////////// if ($action == 'add') { $body = $_POST["body"]; if (!$body) stderr( _("Error"), _("The news item cannot be empty!")); $added = $_POST["added"]; if (!$added) $added = 'NOW()'; do_mysql_query("INSERT INTO news (userid, added, body) VALUES (". $CURUSER['id'] . ", $added, " . sqlesc($body) . ")") or sqlerr(__FILE__, __LINE__); if (mysql_affected_rows() == 1) $warning = _("News item was added successfully."); else stderr( _("Error"), _("Something weird just happened.")); } // Edit News Item //////////////////////////////////////////////////////// if ($action == 'edit') { $newsid = (int) $_GET["newsid"]; if (!is_valid_id($newsid)) stderr( _("Error"), _("Invalid news item ID")); $res = do_mysql_query("SELECT * FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), _("No news item with ID.")); $arr = mysql_fetch_assoc($res); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = $_POST['body']; if ($body == "") stderr( _("Error"), _("Body cannot be empty!")); $body = sqlesc($body); do_mysql_query("UPDATE news SET body=$body WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); $returnto = $_POST['returnto']; if ($returnto != "") header("Location: $returnto"); else $warning = _("News item was edited successfully."); } else { $returnto = $_GET['returnto']; stdhead(); print("
($warning)
"); print(""); print("$added --- by $by"); print(" - [Edit]"); print(" - [Delete]"); print(" |