summaryrefslogtreecommitdiff
path: root/includes
diff options
context:
space:
mode:
Diffstat (limited to 'includes')
-rw-r--r--includes/pages/user_news.php197
-rw-r--r--includes/sys_user.php6
2 files changed, 117 insertions, 86 deletions
diff --git a/includes/pages/user_news.php b/includes/pages/user_news.php
index 56c5bb68..34c346dd 100644
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@@ -1,108 +1,139 @@
<?php
-function user_news() {
- return "<a href=\"#Neu\">" . Get_Text(3) . "</a>" . user_news_output();
+function display_news($news) {
+ global $privileges, $p;
+
+ $html .= "";
+ $html .= '<article class="news' . ($news['Treffen'] == 1 ? ' meeting' : '') . '">';
+ $html .= '<details>';
+ $html .= date("Y-m-d H:i",$news['Datum']) . ', ';
+ $html .= UID2Nick($news['UID']);
+ if ($p != "news_comments")
+ $html .= ', <a href="' . page_link_to("news_comments") . '&nid=' . $news['ID'] . '">Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') &raquo;</a>';
+ $html .= '</details>';
+ $html .= '<h3>'.($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '</h3>';
+ $html .= '<p>' . ReplaceSmilies(nl2br($news['Text'])) . '</p>';
+ if (in_array("admin_news", $privileges))
+ $html .= "<details><a href=\"" . page_link_to("admin_news") . "&action=edit&id=" . $news['ID'] . "\">Edit</a></details>\n";
+
+ $html .= '</article>';
+ return $html;
}
-function user_news_output() {
- global $DISPLAY_NEWS, $privileges;
-
+function user_news_comments() {
+ global $user;
+
$html = "";
+ if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
+ $nid = $_REQUEST["nid"];
+ list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
+ if (isset ($_REQUEST["text"])) {
+ $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+ sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
+ $html .= success("Eintrag wurde gespeichert");
+ }
- if (isset ($_POST["text"]) && isset ($_POST["betreff"]) && IsSet ($_POST["date"])) {
- if (!isset ($_POST["treffen"]))
- $_POST["treffen"] = 0;
- $SQL = "INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
- "VALUES ('" . sql_escape($_POST["date"]) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($_SESSION['uid']) .
- "', '" . sql_escape($_POST["treffen"]) . "');";
- $Erg = sql_query($SQL);
- if ($Erg == 1)
- $html .= Get_Text(4);
- }
+ $html .= '<a href="' . page_link_to("news") . '">&laquo; Back</a>';
+ $html .= display_news($news);
- if (!IsSet ($_GET["news_begin"]))
- $_GET["news_begin"] = 0;
+ $html .= '<h2>Comments</h2>';
+
+ $comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
+ foreach ($comments as $comment) {
+ $html .= '<article class="news_comment">';
+ $html .= DisplayAvatar($comment['UID']);
+ $html .= '<details>';
+ $html .= $comment['Datum'] . ', ';
+ $html .= UID2Nick($comment['UID']);
+ $html .= '</details>';
+ $html .= '<p>' . nl2br($comment['Text']) . '</p>';
+ $html .= '</article>';
+ }
- if (!IsSet ($_GET["DISPLAY_NEWS"]))
- $_GET["DISPLAY_NEWS"] = 5;
+ $html .= "</table>";
+ $html .= '
+ <br />
+ <hr>
+ <h2>Neuer Kommentar:</h2>
+ <a name="Neu">&nbsp;</a>
+
+ <form action="' . page_link_to("news_comments") . '" method="post">
+ <input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
+ <table>
+ <tr>
+ <td align="right" valign="top">Text:</td>
+ <td><textarea name="text" cols="50" rows="10"></textarea></td>
+ </tr>
+ </table>
+ <br />
+ <input type="submit" value="sichern...">
+ </form>';
+ } else {
+ $html .= "Fehlerhafter Aufruf!";
+ }
- $SQL = "SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . intval($_GET["news_begin"]) . ", " . intval($_GET["DISPLAY_NEWS"]);
- $Erg = sql_query($SQL);
+ return $html;
+}
- // anzahl zeilen
- $news_rows = mysql_num_rows($Erg);
+function user_news() {
+ global $DISPLAY_NEWS, $privileges, $user;
- for ($n = 0; $n < $news_rows; $n++) {
+ $html = "";
- if (mysql_result($Erg, $n, "Treffen") == 0)
- $html .= "<p class='question'>";
- else
- $html .= "<p class='engeltreffen'>";
-
- $html .= "<u>" . ReplaceSmilies(mysql_result($Erg, $n, "Betreff")) . "</u>\n";
-
- // Schow Admin Page
- if ($_SESSION['CVS']["admin/news.php"] == "Y")
- $html .= " <a href=\"./../admin/news.php?action=change&date=" . mysql_result($Erg, $n, "Datum") . "\">[edit]</a><br />\n\t\t";
-
- $html .= "<br />&nbsp; &nbsp;<font size=1>" . mysql_result($Erg, $n, "Datum") . ", ";
- $html .= UID2Nick(mysql_result($Erg, $n, "UID")) . "</font>";
- // avatar anzeigen?
- $html .= DisplayAvatar(mysql_result($Erg, $n, "UID"));
- $html .= "</p>\n";
- $html .= "<p class='answer'>" . ReplaceSmilies(nl2br(mysql_result($Erg, $n, "Text"))) . "</p>\n";
- $RefID = mysql_result($Erg, $n, "ID");
- $countSQL = "SELECT COUNT(*) FROM `news_comments` WHERE `Refid`='$RefID'";
- $countErg = sql_query($countSQL);
- $countcom = mysql_result($countErg, 0, "COUNT(*)");
- $html .= "<p class='comment' align='right'><a href=\"./news_comments.php?nid=$RefID\">$countcom comments</a></p>\n\n";
+ if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
+ if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
+ $_POST["treffen"] = 0;
+ sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
+ "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
+ "', '" . sql_escape($_POST["treffen"]) . "');");
+ $html .= success(Get_Text(4));
}
- $html .= "<div align=\"center\">\n\n";
- $rowerg = sql_query("SELECT * FROM `News`");
- $rows = mysql_num_rows($rowerg);
- $dis_rows = round(($rows / $DISPLAY_NEWS) + 0.5);
+ if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
+ $page = $_REQUEST['page'];
+ else
+ $page = 0;
+
+ $news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
+ foreach ($news as $entry)
+ $html .= display_news($entry);
+
+ $html .= "<div class=\"pagination\">\n\n";
+ $dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
$html .= Get_Text(5);
- for ($i = 1; $i <= $dis_rows; $i++) {
- if (!((($i * $DISPLAY_NEWS) - $_GET["news_begin"]) == $DISPLAY_NEWS)) {
- $html .= '<a href="' . page_link_to("news") . '&news_begin=' . (($i * $DISPLAY_NEWS) - $DISPLAY_NEWS -1) . '">' . $i . '</a>&nbsp; ';
- } else {
- $html .= "$i&nbsp; ";
- }
+ for ($i = 0; $i < $dis_rows; $i++) {
+ if ($i == $_REQUEST['page'])
+ $html .= ($i +1) . "&nbsp; ";
+ else
+ $html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
}
$html .= '</div>
- <br /><hr />
- <h2>' . Get_Text(6) . '</h2>
- <a name="Neu">&nbsp;</a>
-
- <form action="" method="post">
- <?PHP
-
- // Datum mit uebergeben, um doppelte Eintraege zu verhindern
- // (Reload nach dem Eintragen!)
- ?>
- <input type="hidden" name="date" value="' . date("Y-m-d H:i:s") . '">
- <table>
- <tr>
- <td align="right">' . Get_Text(7) . '</td>
- <td><input type="text" name="betreff" size="60"></td>
- </tr>
- <tr>
- <td align="right">' . Get_Text(8) . '</td>
- <td><textarea name="text" cols="50" rows="10"></textarea></td>
- </tr>';
- if (in_array('news_add_meeting', $privileges)) {
+ <br /><hr />
+ <h2>' . Get_Text(6) . '</h2>
+ <a name="Neu">&nbsp;</a>
+
+ <form action="" method="post">
+ <table>
+ <tr>
+ <td align="right">' . Get_Text(7) . '</td>
+ <td><input type="text" name="betreff" size="60"></td>
+ </tr>
+ <tr>
+ <td align="right">' . Get_Text(8) . '</td>
+ <td><textarea name="text" cols="50" rows="10"></textarea></td>
+ </tr>';
+ if (in_array('admin_news', $privileges)) {
$html .= ' <tr>
- <td align="right">' . Get_Text(9) . '</td>
- <td><input type="checkbox" name="treffen" size="1" value="1"></td>
- </tr>';
+ <td align="right">' . Get_Text(9) . '</td>
+ <td><input type="checkbox" name="treffen" size="1" value="1"></td>
+ </tr>';
}
$html .= '</table>
- <br />
- <input type="submit" value="' . Get_Text("save") . '">
- </form>';
+ <br />
+ <input type="submit" value="' . Get_Text("save") . '">
+ </form>';
return $html;
}
?> \ No newline at end of file
diff --git a/includes/sys_user.php b/includes/sys_user.php
index 6274003d..5dcf3f1f 100644
--- a/includes/sys_user.php
+++ b/includes/sys_user.php
@@ -75,9 +75,9 @@ function displayPictur($UID, $height = "30") {
global $url, $ENGEL_ROOT;
if ($height > 0)
- return ("<img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\">");
+ return ("<div class=\"avatar\"><img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" height=\"$height\" alt=\"picture of USER$UID\" class=\"photo\"></div>");
else
- return ("<img src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\">");
+ return ("<div class=\"avatar\"><img class=\"avatar\" src=\"" . $url . $ENGEL_ROOT . "ShowUserPicture.php?UID=$UID\" alt=\"picture of USER$UID\"></div>");
}
function displayavatar($UID, $height = "30") {
@@ -92,7 +92,7 @@ function displayavatar($UID, $height = "30") {
if (mysql_num_rows($aerg))
if (mysql_result($aerg, 0, "Avatar") > 0)
- return ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">");
+ return'<div class="avatar">'. ("&nbsp;<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . mysql_result($aerg, 0, "Avatar") . ".gif\">").'</div>';
}
function UIDgekommen($UID) {