' . '
';
return $html;
}
/**
* @param array $news
* @return string
*/
function display_news($news)
{
global $privileges, $page;
$html = '';
$html .= '';
$html .= '
';
$html .= '
' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '
';
$html .= '';
$html .= '
' . ReplaceSmilies(nl2br($news['Text'])) . '
';
$html .= '';
$html .= '
';
return $html;
}
/**
* @return string
*/
function user_news_comments()
{
global $user;
$html = '' . user_news_comments_title() . '
';
if (
isset($_REQUEST['nid'])
&& preg_match('/^[0-9]{1,}$/', $_REQUEST['nid'])
&& sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0
) {
$nid = $_REQUEST['nid'];
list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
if (isset($_REQUEST['text'])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("
INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`)
VALUES (
'" . sql_escape($nid) . "',
'" . date("Y-m-d H:i:s") . "',
'" . sql_escape($text) . "',
'" . sql_escape($user["UID"]) . "'
)
");
engelsystem_log('Created news_comment: ' . $text);
$html .= success(_('Entry saved.'), true);
}
$html .= display_news($news);
$comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$user_source = User($comment['UID']);
$html .= '
';
$html .= '
' . nl2br($comment['Text']) . '
';
$html .= '';
$html .= '
';
}
$html .= '
' . _('New Comment:') . '
';
$html .= form([
form_textarea('text', _('Message'), ''),
form_submit('submit', _('Save'))
], page_link_to('news_comments') . '&nid=' . $news['ID']);
} else {
$html .= _('Invalid request.');
}
return $html . '
';
}
/**
* @return string
*/
function user_news()
{
global $display_news, $privileges, $user;
$html = '' . news_title() . '
' . msg();
if (isset($_POST['text']) && isset($_POST['betreff']) && in_array('admin_news', $privileges)) {
if (!isset($_POST['treffen']) || !in_array('admin_news', $privileges)) {
$_POST['treffen'] = 0;
}
sql_query("
INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`)
VALUES (
'" . sql_escape(time()) . "',
'" . sql_escape($_POST["betreff"]) . "',
'" . sql_escape($_POST["text"]) . "',
'" . sql_escape($user['UID']) . "',
'" . sql_escape($_POST["treffen"]) . "'
)
");
engelsystem_log('Created news: ' . $_POST['betreff'] . ', treffen: ' . $_POST['treffen']);
success(_('Entry saved.'));
redirect(page_link_to('news'));
}
if (isset($_REQUEST['page']) && preg_match('/^[0-9]{1,}$/', $_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 0;
}
$news = sql_select("
SELECT *
FROM `News`
ORDER BY `Datum`
DESC LIMIT " . sql_escape($page * $display_news) . ", " . sql_escape($display_news)
);
foreach ($news as $entry) {
$html .= display_news($entry);
}
$dis_rows = ceil(sql_num_query('SELECT * FROM `News`') / $display_news);
$html .= '
' . '
';
if (in_array('admin_news', $privileges)) {
$html .= '
';
$html .= '
' . _('Create news:') . '
';
$html .= form([
form_text('betreff', _('Subject'), ''),
form_textarea('text', _('Message'), ''),
form_checkbox('treffen', _('Meeting'), false, 1),
form_submit('submit', _('Save'))
]);
}
return $html . '
';
}