here if you are sure."); do_mysql_query("DELETE FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); if ($returnto != "") header("Location: $returnto"); else $warning = _("News item was deleted successfully."); } // Add News Item ///////////////////////////////////////////////////////// if ($action == 'add') { $body = $_POST["body"]; if (!$body) stderr( _("Error"), _("The news item cannot be empty!")); $added = $_POST["added"]; if (!$added) $added = 'NOW()'; do_mysql_query("INSERT INTO news (userid, added, body) VALUES (". $CURUSER['id'] . ", $added, " . sqlesc($body) . ")") or sqlerr(__FILE__, __LINE__); if (mysql_affected_rows() == 1) $warning = _("News item was added successfully."); else stderr( _("Error"), _("Something weird just happened.")); } // Edit News Item //////////////////////////////////////////////////////// if ($action == 'edit') { $newsid = (int) $_GET["newsid"]; if (!is_valid_id($newsid)) stderr( _("Error"), _("Invalid news item ID")); $res = do_mysql_query("SELECT * FROM news WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) != 1) stderr( _("Error"), _("No news item with ID.")); $arr = mysql_fetch_assoc($res); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $body = $_POST['body']; if ($body == "") stderr( _("Error"), _("Body cannot be empty!")); $body = sqlesc($body); do_mysql_query("UPDATE news SET body=$body WHERE id=$newsid") or sqlerr(__FILE__, __LINE__); $returnto = $_POST['returnto']; if ($returnto != "") header("Location: $returnto"); else $warning = _("News item was edited successfully."); } else { $returnto = $_GET['returnto']; stdhead(); print("

Edit News Item

\n"); print("
\n"); print("\n"); print("\n"); print("\n"); print("\n"); print("
\n"); print("
\n"); stdfoot(); die; } } // Other Actions and followup //////////////////////////////////////////// stdhead( _("Site news") ); print("

"._('Submit News Item')."

\n"); if ($warning) print("

($warning)

"); print("
\n"); print("\n"); print("\n"); print("
\n"); print("



\n"); $res = do_mysql_query("SELECT news.*, UNIX_TIMESTAMP(news.added) as utadded, users.username, users.donor FROM news LEFT JOIN users on news.userid = users.id ORDER BY added DESC") or sqlerr(__FILE__, __LINE__); if (mysql_num_rows($res) > 0) { begin_main_frame(); begin_frame(); while ($arr = mysql_fetch_assoc($res)) { $newsid = $arr["id"]; $body = $arr["body"]; $userid = $arr["userid"]; $added = $arr["added"] . " GMT (" . (get_elapsed_time($arr["utadded"])) . " ago)"; //$res2 = do_mysql_query("SELECT username, donor FROM users WHERE id = $userid") or sqlerr(__FILE__, __LINE__); //$arr2 = mysql_fetch_array($res2); $postername = $arr["username"]; if ($postername == "") $by = "unknown[$userid]"; else $by = "$postername" . ($arr["donor"] == "yes" ? "Donor" : ""); print("

"); print("$added --- by $by"); print(" - [Edit]"); print(" - [Delete]"); print("

\n"); begin_table(true); print("$body\n"); end_table(); } end_frame(); end_main_frame(); } else stdmsg( _("Sorry"), _("No news available!")); stdfoot(); die; ?>