summaryrefslogtreecommitdiff
path: root/includes/pages/user_news.php
diff options
context:
space:
mode:
authormsquare <msquare@notrademark.de>2017-11-28 15:43:51 +0100
committerGitHub <noreply@github.com>2017-11-28 15:43:51 +0100
commit599f2fd264bfc7b1b6826fe206442806e317340f (patch)
tree50cf84d7d07d11bd65b45c2c17f37632f6cd8eff /includes/pages/user_news.php
parenta5fc5bd0979e8de1fce8a8addd351a6e7bd6aeb8 (diff)
parenteda7f7788ea8012bd8be46405c56a666c11f3fa5 (diff)
Merge pull request #365 from engelsystem/feature-igel-rewrite
Feature igel rewrite
Diffstat (limited to 'includes/pages/user_news.php')
-rw-r--r--includes/pages/user_news.php388
1 files changed, 240 insertions, 148 deletions
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 97f7ec83..b51b0a4c 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -1,169 +1,261 @@
<?php
-function user_news_comments_title() {
- return _("News comments");
+use Engelsystem\Database\DB;
+
+/**
+ * @return string
+ */
+function user_news_comments_title()
+{
+ return _('News comments');
}
-function news_title() {
- return _("News");
+/**
+ * @return string
+ */
+function news_title()
+{
+ return _('News');
}
-function meetings_title() {
- return _("Meetings");
+/**
+ * @return string
+ */
+function meetings_title()
+{
+ return _('Meetings');
}
-function user_meetings() {
- global $DISPLAY_NEWS;
-
- $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
-
- if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) {
- $page = $_REQUEST['page'];
- } else {
- $page = 0;
- }
-
- $news = sql_select("SELECT * FROM `News` WHERE `Treffen`=1 ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
- foreach ($news as $entry) {
- $html .= display_news($entry);
- }
-
- $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
- $html .= '<div class="text-center">' . '<ul class="pagination">';
- for ($i = 0; $i < $dis_rows; $i ++) {
- if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
- $html .= '<li class="active">';
- } elseif (! isset($_REQUEST['page']) && $i == 0) {
- $html .= '<li class="active">';
+/**
+ * @return string
+ */
+function user_meetings()
+{
+ $display_news = config('display_news');
+ $html = '<div class="col-md-12"><h1>' . meetings_title() . '</h1>' . msg();
+ $request = request();
+
+ if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
+ $page = $request->input('page', 0);
} else {
- $html .= '<li>';
+ $page = 0;
+ }
+
+ $news = DB::select(sprintf('
+ SELECT *
+ FROM `News`
+ WHERE `Treffen`=1
+ ORDER BY `Datum`DESC
+ LIMIT %u, %u',
+ $page * $display_news,
+ $display_news
+ ));
+ foreach ($news as $entry) {
+ $html .= display_news($entry);
}
- $html .= '<a href="' . page_link_to("user_meetings") . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
- }
- $html .= '</ul></div></div>';
-
- return $html;
-}
-function display_news($news) {
- global $privileges, $page;
-
- $html = '';
- $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
- $html .= '<div class="panel-heading">';
- $html .= '<h3 class="panel-title">' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
- $html .= '</div>';
- $html .= '<div class="panel-body">' . ReplaceSmilies(nl2br($news['Text'])) . '</div>';
-
- $html .= '<div class="panel-footer text-muted">';
- if (in_array("admin_news", $privileges)) {
- $html .= '<div class="pull-right">' . button_glyph(page_link_to("admin_news") . '&action=edit&id=' . $news['ID'], 'edit', 'btn-xs') . '</div>';
- }
- $html .= '<span class="glyphicon glyphicon-time"></span> ' . date("Y-m-d H:i", $news['Datum']) . '&emsp;';
-
- $user_source = User($news['UID']);
-
- $html .= User_Nick_render($user_source);
- if ($page != "news_comments") {
- $html .= '&emsp;<a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '"><span class="glyphicon glyphicon-comment"></span> ' . _("Comments") . ' &raquo;</a> <span class="badge">' . sql_num_query("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . '</span>';
- }
- $html .= '</div>';
- $html .= '</div>';
- return $html;
+ $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
+ $html .= '<div class="text-center">' . '<ul class="pagination">';
+ for ($i = 0; $i < $dis_rows; $i++) {
+ if ($request->has('page') && $i == $request->input('page', 0)) {
+ $html .= '<li class="active">';
+ } elseif (!$request->has('page') && $i == 0) {
+ $html .= '<li class="active">';
+ } else {
+ $html .= '<li>';
+ }
+ $html .= '<a href="' . page_link_to('user_meetings', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
+ }
+ $html .= '</ul></div></div>';
+
+ return $html;
}
-function user_news_comments() {
- global $user;
-
- $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>';
- if (isset($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0) {
- $nid = $_REQUEST["nid"];
- list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
- if (isset($_REQUEST["text"])) {
- $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
- sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
- engelsystem_log("Created news_comment: " . $text);
- $html .= success(_("Entry saved."), true);
+/**
+ * @param array $news
+ * @return string
+ */
+function display_news($news)
+{
+ global $privileges, $page;
+
+ $html = '';
+ $html .= '<div class="panel' . ($news['Treffen'] == 1 ? ' panel-info' : ' panel-default') . '">';
+ $html .= '<div class="panel-heading">';
+ $html .= '<h3 class="panel-title">' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
+ $html .= '</div>';
+ $html .= '<div class="panel-body">' . ReplaceSmilies(nl2br($news['Text'])) . '</div>';
+
+ $html .= '<div class="panel-footer text-muted">';
+ if (in_array('admin_news', $privileges)) {
+ $html .= '<div class="pull-right">'
+ . button_glyph(page_link_to('admin_news', ['action' => 'edit', 'id' => $news['ID']]), 'edit', 'btn-xs')
+ . '</div>';
}
-
- $html .= display_news($news);
-
- $comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
- foreach ($comments as $comment) {
- $user_source = User($comment['UID']);
-
- $html .= '<div class="panel panel-default">';
- $html .= '<div class="panel-body">' . nl2br($comment['Text']) . '</div>';
- $html .= '<div class="panel-footer text-muted">';
- $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
- $html .= User_Nick_render($user_source);
- $html .= '</div>';
- $html .= '</div>';
+ $html .= '<span class="glyphicon glyphicon-time"></span> ' . date('Y-m-d H:i', $news['Datum']) . '&emsp;';
+
+ $user_source = User($news['UID']);
+
+ $html .= User_Nick_render($user_source);
+ if ($page != 'news_comments') {
+ $html .= '&emsp;<a href="' . page_link_to('news_comments', ['nid' => $news['ID']]) . '">'
+ . '<span class="glyphicon glyphicon-comment"></span> '
+ . _('Comments') . ' &raquo;</a> '
+ . '<span class="badge">'
+ . count(DB::select('SELECT `ID` FROM `NewsComments` WHERE `Refid`=?', [$news['ID']]))
+ . '</span>';
+ }
+ $html .= '</div>';
+ $html .= '</div>';
+ return $html;
+}
+
+/**
+ * @return string
+ */
+function user_news_comments()
+{
+ global $user;
+
+ $request = request();
+
+ $html = '<div class="col-md-12"><h1>' . user_news_comments_title() . '</h1>';
+ if (
+ $request->has('nid')
+ && preg_match('/^\d{1,}$/', $request->input('nid'))
+ && count(DB::select('SELECT `ID` FROM `News` WHERE `ID`=? LIMIT 1', [$request->input('nid')])) > 0
+ ) {
+ $nid = $request->input('nid');
+ $news = DB::selectOne('SELECT * FROM `News` WHERE `ID`=? LIMIT 1', [$nid]);
+ if ($request->has('text')) {
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($request->input('text')));
+ DB::insert('
+ INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
+ VALUES (?, ?, ?, ?)
+ ',
+ [
+ $nid,
+ date('Y-m-d H:i:s'),
+ $text,
+ $user["UID"],
+ ]
+ );
+ engelsystem_log('Created news_comment: ' . $text);
+ $html .= success(_('Entry saved.'), true);
+ }
+
+ $html .= display_news($news);
+
+ $comments = DB::select(
+ 'SELECT * FROM `NewsComments` WHERE `Refid`=? ORDER BY \'ID\'',
+ [$nid]
+ );
+ foreach ($comments as $comment) {
+ $user_source = User($comment['UID']);
+
+ $html .= '<div class="panel panel-default">';
+ $html .= '<div class="panel-body">' . nl2br(htmlspecialchars($comment['Text'])) . '</div>';
+ $html .= '<div class="panel-footer text-muted">';
+ $html .= '<span class="glyphicon glyphicon-time"></span> ' . $comment['Datum'] . '&emsp;';
+ $html .= User_Nick_render($user_source);
+ $html .= '</div>';
+ $html .= '</div>';
+ }
+
+ $html .= '<hr /><h2>' . _('New Comment:') . '</h2>';
+ $html .= form([
+ form_textarea('text', _('Message'), ''),
+ form_submit('submit', _('Save'))
+ ], page_link_to('news_comments', ['nid' => $news['ID']]));
+ } else {
+ $html .= _('Invalid request.');
}
-
- $html .= '<hr /><h2>' . _("New Comment:") . '</h2>';
- $html .= form([
- form_textarea('text', _("Message"), ''),
- form_submit('submit', _("Save"))
- ], page_link_to('news_comments') . '&nid=' . $news['ID']);
- } else {
- $html .= _("Invalid request.");
- }
-
- return $html . '</div>';
+
+ return $html . '</div>';
}
-function user_news() {
- global $DISPLAY_NEWS, $privileges, $user;
-
- $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
-
- if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) {
- if (! isset($_POST["treffen"]) || ! in_array("admin_news", $privileges)) {
- $_POST["treffen"] = 0;
+/**
+ * @return string
+ */
+function user_news()
+{
+ global $privileges, $user;
+ $display_news = config('display_news');
+ $request = request();
+
+ $html = '<div class="col-md-12"><h1>' . news_title() . '</h1>' . msg();
+
+ $isMeeting = $request->postData('treffen');
+ if ($request->has('text') && $request->has('betreff') && in_array('admin_news', $privileges)) {
+ if (!$request->has('treffen')) {
+ $isMeeting = 0;
+ }
+
+ $text = $request->postData('text');
+ if (!in_array('admin_news_html', $privileges)) {
+ $text = strip_tags($text);
+ }
+
+ DB::insert('
+ INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
+ VALUES (?, ?, ?, ?, ?)
+ ',
+ [
+ time(),
+ strip_tags($request->postData('betreff')),
+ $text,
+ $user['UID'],
+ $isMeeting,
+ ]
+ );
+ engelsystem_log('Created news: ' . $request->postData('betreff') . ', treffen: ' . $isMeeting);
+ success(_('Entry saved.'));
+ redirect(page_link_to('news'));
}
- sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');");
- engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]);
- success(_("Entry saved."));
- redirect(page_link_to('news'));
- }
-
- if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) {
- $page = $_REQUEST['page'];
- } else {
- $page = 0;
- }
-
- $news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
- foreach ($news as $entry) {
- $html .= display_news($entry);
- }
-
- $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
- $html .= '<div class="text-center">' . '<ul class="pagination">';
- for ($i = 0; $i < $dis_rows; $i ++) {
- if (isset($_REQUEST['page']) && $i == $_REQUEST['page']) {
- $html .= '<li class="active">';
- } elseif (! isset($_REQUEST['page']) && $i == 0) {
- $html .= '<li class="active">';
+
+ if (preg_match('/^\d{1,}$/', $request->input('page', 0))) {
+ $page = $request->input('page', 0);
} else {
- $html .= '<li>';
+ $page = 0;
+ }
+
+ $news = DB::select(sprintf('
+ SELECT *
+ FROM `News`
+ ORDER BY `Datum`
+ DESC LIMIT %u, %u
+ ',
+ $page * $display_news,
+ $display_news
+ ));
+ foreach ($news as $entry) {
+ $html .= display_news($entry);
+ }
+
+ $dis_rows = ceil(count(DB::select('SELECT `ID` FROM `News`')) / $display_news);
+ $html .= '<div class="text-center">' . '<ul class="pagination">';
+ for ($i = 0; $i < $dis_rows; $i++) {
+ if ($request->has('page') && $i == $request->input('page', 0)) {
+ $html .= '<li class="active">';
+ } elseif (!$request->has('page') && $i == 0) {
+ $html .= '<li class="active">';
+ } else {
+ $html .= '<li>';
+ }
+ $html .= '<a href="' . page_link_to('news', ['page' => $i]) . '">' . ($i + 1) . '</a></li>';
+ }
+ $html .= '</ul></div>';
+
+ if (in_array('admin_news', $privileges)) {
+ $html .= '<hr />';
+ $html .= '<h2>' . _('Create news:') . '</h2>';
+
+ $html .= form([
+ form_text('betreff', _('Subject'), ''),
+ form_textarea('text', _('Message'), ''),
+ form_checkbox('treffen', _('Meeting'), false, 1),
+ form_submit('submit', _('Save'))
+ ]);
}
- $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i + 1) . '</a></li>';
- }
- $html .= '</ul></div>';
-
- if (in_array("admin_news", $privileges)) {
- $html .= '<hr />';
- $html .= '<h2>' . _("Create news:") . '</h2>';
-
- $html .= form([
- form_text('betreff', _("Subject"), ''),
- form_textarea('text', _("Message"), ''),
- form_checkbox('treffen', _("Meeting"), false, 1),
- form_submit('submit', _("Save"))
- ]);
- }
- return $html . '</div>';
+ return $html . '</div>';
}
-?>