From 9941d2a7a799ad45b8e54c528c2161f880ab159e Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 3 Jun 2011 05:49:56 +0200 Subject: admin news --- includes/pages/admin_news.php | 87 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 includes/pages/admin_news.php (limited to 'includes/pages') diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php new file mode 100644 index 00000000..2c6e1f45 --- /dev/null +++ b/includes/pages/admin_news.php @@ -0,0 +1,87 @@ + 0) { + list ($news) = $news; + + $html .= '« Back'; + + $html .= "
\n"; + + $html .= "\n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= " \n"; + $html .= "
Datum" . + date("Y-m-d H:i", $news['Datum']) . "
Betreff
Text
Engel" . + UID2Nick($news["UID"]) . "
Treffen" . html_select_key('eTreffen', array ( + '1' => "Ja", + '0' => "Nein" + ), $news['Treffen']) . "
"; + + $html .= "\n"; + $html .= "\n"; + $html .= "
"; + + $html .= "
\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "
"; + } else + return error("No News found."); + break; + + case 'save' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("UPDATE `News` SET `Datum`='" . sql_escape(time()) . "', `Betreff`='" . sql_escape($_POST["eBetreff"]) . "', `Text`='" . sql_escape($_POST["eText"]) . "', `UID`='" . sql_escape($user['UID']) . + "', `Treffen`='" . sql_escape($_POST["eTreffen"]) . "' WHERE `ID`=".sql_escape($id)." LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + + case 'delete' : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing News ID."); + + $news = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + if (count($news) > 0) { + list ($news) = $news; + + sql_query("DELETE FROM `news` WHERE `ID`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("news")); + } else + return error("No News found."); + break; + } + } + return $html; +} +?> \ No newline at end of file -- cgit v1.2.3-70-g09d2