diff options
author | msquare <msquare@notrademark.de> | 2017-11-28 15:43:51 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-11-28 15:43:51 +0100 |
commit | 599f2fd264bfc7b1b6826fe206442806e317340f (patch) | |
tree | 50cf84d7d07d11bd65b45c2c17f37632f6cd8eff /includes/pages/admin_news.php | |
parent | a5fc5bd0979e8de1fce8a8addd351a6e7bd6aeb8 (diff) | |
parent | eda7f7788ea8012bd8be46405c56a666c11f3fa5 (diff) |
Merge pull request #365 from engelsystem/feature-igel-rewrite
Feature igel rewrite
Diffstat (limited to 'includes/pages/admin_news.php')
-rw-r--r-- | includes/pages/admin_news.php | 153 |
1 files changed, 89 insertions, 64 deletions
diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index 789fc728..eb3a250e 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -1,67 +1,92 @@ <?php -function admin_news() { - global $user; - - if (! isset($_GET["action"])) { - redirect(page_link_to("news")); - } - - $html = '<div class="col-md-12"><h1>' . _("Edit news entry") . '</h1>' . msg(); - if (isset($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) { - $news_id = $_REQUEST['id']; - } else { - return error("Incomplete call, missing News ID.", true); - } - - $news = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - if (empty($news)) { - return error("No News found.", true); - } - switch ($_REQUEST["action"]) { - default: - redirect(page_link_to('news')); - case 'edit': - list($news) = $news; - - $user_source = User($news['UID']); - - $html .= form([ - form_info(_("Date"), date("Y-m-d H:i", $news['Datum'])), - form_info(_("Author"), User_Nick_render($user_source)), - form_text('eBetreff', _("Subject"), $news['Betreff']), - form_textarea('eText', _("Message"), $news['Text']), - form_checkbox('eTreffen', _("Meeting"), $news['Treffen'] == 1, 1), - form_submit('submit', _("Save")) - ], page_link_to('admin_news&action=save&id=' . $news_id)); - - $html .= '<a class="btn btn-danger" href="' . page_link_to('admin_news&action=delete&id=' . $news_id) . '"><span class="glyphicon glyphicon-trash"></span> ' . _("Delete") . '</a>'; - break; - - case 'save': - list($news) = $news; - - sql_query("UPDATE `News` SET - `Datum`='" . sql_escape(time()) . "', - `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', - `Text`='" . sql_escape($_POST["eText"]) . "', - `UID`='" . sql_escape($user['UID']) . "', - `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' - WHERE `ID`='" . sql_escape($news_id) . "'"); - engelsystem_log("News updated: " . $_POST["eBetreff"]); - success(_("News entry updated.")); - redirect(page_link_to("news")); - break; - - case 'delete': - list($news) = $news; - - sql_query("DELETE FROM `News` WHERE `ID`='" . sql_escape($news_id) . "' LIMIT 1"); - engelsystem_log("News deleted: " . $news['Betreff']); - success(_("News entry deleted.")); - redirect(page_link_to("news")); - break; - } - return $html . '</div>'; +use Engelsystem\Database\DB; + +/** + * @return string + */ +function admin_news() +{ + global $user, $privileges; + $request = request(); + + if (!$request->has('action')) { + redirect(page_link_to('news')); + } + + $html = '<div class="col-md-12"><h1>' . _('Edit news entry') . '</h1>' . msg(); + if ($request->has('id') && preg_match('/^\d{1,11}$/', $request->input('id'))) { + $news_id = $request->input('id'); + } else { + return error('Incomplete call, missing News ID.', true); + } + + $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]); + if (empty($news)) { + return error('No News found.', true); + } + + switch ($request->input('action')) { + case 'edit': + $user_source = User($news['UID']); + + $html .= form( + [ + form_info(_('Date'), date('Y-m-d H:i', $news['Datum'])), + form_info(_('Author'), User_Nick_render($user_source)), + form_text('eBetreff', _('Subject'), $news['Betreff']), + form_textarea('eText', _('Message'), $news['Text']), + form_checkbox('eTreffen', _('Meeting'), $news['Treffen'] == 1, 1), + form_submit('submit', _('Save')) + ], + page_link_to('admin_news', ['action' => 'save', 'id' => $news_id]) + ); + + $html .= '<a class="btn btn-danger" href="' + . page_link_to('admin_news', ['action' => 'delete', 'id' => $news_id]) + . '">' + . '<span class="glyphicon glyphicon-trash"></span> ' . _('Delete') + . '</a>'; + break; + + case 'save': + $text = $request->postData('eText'); + if (!in_array('admin_news_html', $privileges)) { + $text = strip_tags($text); + } + + DB::update(' + UPDATE `News` SET + `Datum`=?, + `Betreff`=?, + `Text`=?, + `UID`=?, + `Treffen`=? + WHERE `ID`=? + ', + [ + time(), + strip_tags($request->postData('eBetreff')), + $text, + $user['UID'], + $request->has('eTreffen') ? 1 : 0, + $news_id + ] + ); + + engelsystem_log('News updated: ' . $request->postData('eBetreff')); + success(_('News entry updated.')); + redirect(page_link_to('news')); + break; + + case 'delete': + DB::delete('DELETE FROM `News` WHERE `ID`=? LIMIT 1', [$news_id]); + engelsystem_log('News deleted: ' . $news['Betreff']); + success(_('News entry deleted.')); + redirect(page_link_to('news')); + break; + default: + redirect(page_link_to('news')); + } + return $html . '</div>'; } -?>
\ No newline at end of file |