public function actionAdd()
{
$NewsRecord = new News();
$NewsRecord->NewsHeader = isset($_POST['NewsHeader']) ? $_POST['NewsHeader'] : null;
$NewsRecord->NewsPreview = isset($_POST['NewsPreview']) ? $_POST['NewsPreview'] : null;
$NewsRecord->NewsText = isset($_POST['NewsText']) ? $_POST['NewsText'] : null;
$NewsRecord->NewsTags = isset($_POST['NewsTags']) ? $_POST['NewsTags'] : null;
$NewsRecord->publishdate = 'NOW()';
$NewsRecord->insert();
header('Location: ./index.php');
}
public function newsFormSubmited(NAppForm $form)
{
if ($form['addnews']->isSubmittedBy()) {
$values = $form->getValues();
$id = (int) $this->getParam('id');
$ref = new News(array('id' => $id));
if ($id > 0) {
$ref->update($id, $values);
} else {
$ref->insert($values);
}
$this->flashMessage('Novinka uložena.');
}
$this->redirect('News:default');
}
public function actionAdd()
{
if (!isset($_POST['NewsHeader']) || !isset($_POST['NewsPreview']) || !isset($_POST['NewsText']) || !isset($_POST['NewsTags'])) {
header("HTTP/1.0 404 Not Found");
throw new E404Exception('Required params can not be null');
}
$NewsRecord = new News();
$NewsRecord->NewsHeader = $_POST['NewsHeader'];
$NewsRecord->NewsPreview = $_POST['NewsPreview'];
$NewsRecord->NewsText = $_POST['NewsText'];
$NewsRecord->NewsTags = $_POST['NewsTags'];
$NewsRecord->publishdate = 'NOW()';
$NewsRecord->insert();
header('Location: ./index.php');
}
public function saveItem()
{
$cat_id = Input::get('cat_id');
$item_id = Input::get('id');
//获取表单
if ($cat_id == 0) {
//新闻编辑
$title = Input::get('title');
$content = Input::get('content');
$abstract = Input::get('abstract');
$item = News::find($item_id);
} else {
if ($cat_id == 1) {
//项目编辑
$title = Input::get('title');
$content = Input::get('content');
$abstract = Input::get('abstract');
$begin_time = Input::get('begin_time');
$end_time = Input::get('end_time');
$item = Researches::find($item_id);
} else {
if ($cat_id == 2) {
//通知编辑
//
$title = Input::get('title');
$content = Input::get('content');
$item = Notices::find($item_id);
} else {
if ($cat_id == 3) {
//课程编辑
$course_name = Input::get('course_name');
$course_info = Input::get('course_info');
$teacher_address = Input::get('teacher_address');
$teacher_mail = Input::get('teacher_mail');
$TA_name = Input::get('TA_name');
$TA_address = Input::get('TA_address');
$TA_mail = Input::get('TA_mail');
$item = Courses::find($item_id);
$homeworks = Courses::find($item_id)->homework;
$coursewares = Courses::find($item_id)->courseware;
$course_notices = Courses::find($item_id)->comments;
foreach ($course_notices as $notice) {
$update_notice = Comments::find($notice->id);
$update_notice->comment = Input::get('course_notice_content' . $notice->id);
$update_notice->updated_at = date("Y-m-d H:i:s");
$update_notice->save();
}
foreach ($homeworks as $homework) {
//对已有项进行编辑
$delete_or_not = Input::get('homework_delete' . $homework->id);
if ($delete_or_not) {
//如果标记为删除则将已有作业进行删除
$delete_item = Homework::find($homework->id);
$delete_item->delete();
} else {
$update_item = Homework::find($homework->id);
$update_item->homework_item = Input::get('homework_label' . $homework->id);
$update_item->submit_deadline = Input::get('homework_submit_time' . $homework->id);
$update_item->deliver_deadline = Input::get('homework_deliver_time' . $homework->id);
$update_item->updated_at = date("Y-m-d H:i:s");
$update_item->save();
}
}
foreach ($coursewares as $courseware) {
$update_item = Courseware::find($courseware->id);
$update_item->label = Input::get('courseware_label' . $courseware->id);
$update_file_source = 'courseware_ppt' . $courseware->id;
$new_source = HomeController::upload_course($item_id, $update_file_source);
if ($new_source != "") {
//跟新源的同时将旧的课件删除
HomeController::delete_file($update_item->source);
$update_item->source = $new_source;
} else {
}
$update_item->updated_at = date("Y-m-d H:i:s");
$update_item->save();
}
}
}
}
}
//保存数据
if ($item) {
//表中已经存在该条目
if ($cat_id == 0) {
//新闻编辑
$item->title = $title;
$item->content = $content;
$item->abstract = $abstract;
$item->save();
return Redirect::to(URL::to('/news-detail', [$item_id]));
} else {
if ($cat_id == 1) {
//项目编辑
$item->title = $title;
$item->content = $content;
$item->abstract = $abstract;
$item->begin_time = $begin_time;
$item->end_time = $end_time;
$item->save();
return Redirect::to(URL::to('/research-detail', [$item_id]));
} else {
if ($cat_id == 2) {
//通知编辑
$item->title = $title;
$item->content = $content;
$item->save();
return Redirect::to(URL::to('/notice-detail', [$item_id]));
} else {
if ($cat_id == 3) {
//课程编辑
$item->course_name = $course_name;
$item->course_info = $course_info;
$item->teacher_address = $teacher_address;
$item->teacher_mail = $teacher_mail;
$item->TA_name = $TA_name;
$item->TA_address = $TA_address;
$item->TA_mail = $TA_mail;
$item->save();
$course_notices_add_count = Input::get('course_notice_add_count');
if ($course_notices_add_count) {
//增加新的通知
for ($i = 1; $i <= $course_notices_add_count; $i++) {
$add_or_not = Input::get('course_notice_add_or_not' . $i);
if (!$add_or_not) {
$notice = new Comments();
$notice->course_id = $item_id;
$notice->comment = Input::get('course_notice_add_content' . $i);
$notice->created_at = date("Y-m-d H:i:s");
$notice->updated_at = date("Y-m-d H:i:s");
$notice->save();
}
}
}
$homework_add_count = Input::get('homework_add_count');
if ($homework_add_count) {
//当添加了新的作业,将其添加到homework数据库中
for ($i = 1; $i <= $homework_add_count; $i++) {
$add_or_not = Input::get('homework_add_or_not' . $i);
if (!$add_or_not) {
$homework = new Homework();
$homework->course_id = $item_id;
$homework->homework_item = Input::get('homework_add_item' . $i);
$homework->submit_deadline = Input::get('homework_add_submit_time' . $i);
$homework->deliver_deadline = Input::get('homework_add_deliver_time' . $i);
$homework->created_at = date("Y-m-d H:i:s");
$homework->updated_at = date("Y-m-d H:i:s");
$homework->save();
}
}
}
$courseware_add_count = Input::get('courseware_add_count');
if ($courseware_add_count) {
//当添加了新的课件,将其添加到courseware表中
for ($i = 1; $i <= $courseware_add_count; $i++) {
$courseware = new Courseware();
$courseware->course_id = $item_id;
$courseware->label = Input::get('courseware_add_label' . $i);
//先将课件上传到数据库中
$file_source = 'courseware_add_source' . $i;
$courseware->source = HomeController::upload_course($item_id, $file_source);
$courseware->created_at = date("Y-m-d H:i:s");
$courseware->updated_at = date("Y-m-d H:i:s");
$courseware->save();
}
}
return Redirect::to(URL::to('/course', [$item_id]));
}
}
}
}
} else {
//对已有条目进行更新
if ($cat_id == 0) {
//新闻条目
News::insert(['title' => $title, 'abstract' => $abstract, 'content' => $content]);
$item = News::all()->last();
return Redirect::to(URL::to('/news-detail', [$item->id]));
} else {
if ($cat_id == 1) {
//项目条目
Researches::insert(['title' => $title, 'abstract' => $abstract, 'content' => $content, 'begin_time' => $begin_time, 'end_time' => $end_time]);
$item = Researches::all()->last();
return Redirect::to(URL::to('/research-detail', [$item->id]));
} else {
if ($cat_id == 2) {
//通知编辑
Notices::insert(['title' => $title, 'content' => $content]);
$item = Notices::all()->last();
return Redirect::to(URL::to('/notice-detail', [$item->id]));
} else {
if ($cat_id == 3) {
Courses::insert(['course_name' => $course_name, 'course_info' => $course_info, 'teacher_address' => $teacher_address, 'TA_name' => $TA_name, 'TA_address' => $TA_address]);
$item = Courses::all()->last();
return Redirect::to(URL::to('/course', [$item->id]));
}
}
}
}
}
//return View::make('/news-detail',[$item_id]);
}
include_once "../config.inc.php";
include_once APP_INC_PATH . "class.template.php";
include_once APP_INC_PATH . "class.auth.php";
include_once APP_INC_PATH . "class.project.php";
include_once APP_INC_PATH . "class.news.php";
include_once APP_INC_PATH . "db_access.php";
$tpl = new Template_API();
$tpl->setTemplate("manage/index.tpl.html");
Auth::checkAuthentication(APP_COOKIE);
$tpl->assign("type", "news");
$role_id = Auth::getCurrentRole();
if ($role_id == User::getRoleID('administrator') || $role_id == User::getRoleID('manager')) {
if ($role_id == User::getRoleID('administrator')) {
$tpl->assign("show_setup_links", true);
}
if (@$HTTP_POST_VARS["cat"] == "new") {
$tpl->assign("result", News::insert());
} elseif (@$HTTP_POST_VARS["cat"] == "update") {
$tpl->assign("result", News::update());
} elseif (@$HTTP_POST_VARS["cat"] == "delete") {
News::remove();
}
if (@$HTTP_GET_VARS["cat"] == "edit") {
$tpl->assign("info", News::getAdminDetails($HTTP_GET_VARS["id"]));
}
$tpl->assign("list", News::getList());
$tpl->assign("project_list", Project::getAll());
} else {
$tpl->assign("show_not_allowed_msg", true);
}
$tpl->displayTemplate();
* @license GNU General Public License, version 2 or later (GPL-2+)
*
* For the full copyright and license information,
* please see the COPYING and AUTHORS files
* that were distributed with this source code.
*/
require_once __DIR__ . '/../../init.php';
$tpl = new Template_Helper();
$tpl->setTemplate('manage/news.tpl.html');
Auth::checkAuthentication();
$role_id = Auth::getCurrentRole();
if ($role_id < User::ROLE_MANAGER) {
Misc::setMessage(ev_gettext('Sorry, you are not allowed to access this page.'), Misc::MSG_ERROR);
$tpl->displayTemplate();
exit;
}
if (@$_POST['cat'] == 'new') {
$res = News::insert();
Misc::mapMessages($res, array(1 => array(ev_gettext('Thank you, the news entry was added successfully.'), Misc::MSG_INFO), -1 => array(ev_gettext('An error occurred while trying to add the news entry.'), Misc::MSG_ERROR), -2 => array(ev_gettext('Please enter the title for this news entry.'), Misc::MSG_ERROR), -3 => array(ev_gettext('Please enter the message for this news entry.'), Misc::MSG_ERROR)));
} elseif (@$_POST['cat'] == 'update') {
$res = News::update();
Misc::mapMessages($res, array(1 => array(ev_gettext('Thank you, the news entry was updated successfully.'), Misc::MSG_INFO), -1 => array(ev_gettext('An error occurred while trying to update the news entry.'), Misc::MSG_ERROR), -2 => array(ev_gettext('Please enter the title for this news entry.'), Misc::MSG_ERROR), -3 => array(ev_gettext('Please enter the message for this news entry.'), Misc::MSG_ERROR)));
} elseif (@$_POST['cat'] == 'delete') {
News::remove();
}
if (@$_GET['cat'] == 'edit') {
$tpl->assign('info', News::getAdminDetails($_GET['id']));
}
$tpl->assign('list', News::getList());
$tpl->assign('project_list', Project::getAll());
$tpl->displayTemplate();
<?php
session_start();
require_once __DIR__ . '/../function.php';
require_once __DIR__ . '/../autoload.php';
if (empty($_POST['title_news']) || empty($_POST['text_news'])) {
$_SESSION['error'] = 'На заполнены поля!';
header('Location: /logon.php');
exit;
}
$name = $_POST['title_news'];
$text = $_POST['text_news'];
$ispoln = $_POST['ispolnitel'];
$ispoln2 = $_POST['ispolnitel2'];
$ispoln3 = $_POST['ispolnitel3'];
$ispoln4 = $_POST['ispolnitel4'];
$ispoln5 = $_POST['ispolnitel5'];
$otvets = $_POST['otvets'];
$date = date("F j, Y, g:i a");
$avtor = getUser();
$img = new Login();
$avt = getUser();
$avtors = $img::findAll();
foreach ($avtors as $key) {
if ($key->login == $avt) {
$img_src = $key->login;
}
}
$b = new News();
$b->insert($name, $text, $avtor, $ispoln, $ispoln2, $ispoln3, $ispoln4, $ispoln5, $otvets);
header('location: /../views/logon.php');
public function commit()
{
if ($this->valid_origin) {
$nv = new NewsValidate(array('writer' => $this->writer, 'target' => $this->target, 'image' => $this->image, 'origin' => $this->origin, 'title' => $this->title, 'content' => $this->content, 'begin' => $this->begin, 'end' => $this->end, 'comment' => $this->comment));
$v = new Validate(array('writer' => $this->writer, 'group' => $this->target->group(), 'item' => $nv, 'type' => 'news'));
$v->insert();
} else {
$n = new News();
$n->insert();
$n->writer($this->writer);
$n->target($this->target);
$n->image($this->image);
$n->origin($this->origin);
$n->title($this->title);
$n->content($this->content);
$n->begin($this->begin);
$n->end($this->end);
$n->comment($this->comment);
$this->idIfValid = $n->id();
// This code is used to post news on a newsgroup server
//if ($this->target->rights()->isMe(Rights::everybody())) {
// $this->sendnewsgroupmail();
//}
}
return true;
}
public static function addNews()
{
$title = array();
$full = array();
$title['EN'] = Core::validate(self::getVar('titleEN'));
$title['RU'] = Core::validate(self::getVar('titleRU'));
$title['ES'] = Core::validate(self::getVar('titleES'));
$full['EN'] = Core::validate(self::getVar('fullEN'));
$full['RU'] = Core::validate(self::getVar('fullRU'));
$full['ES'] = Core::validate(self::getVar('fullES'));
$news = new News();
$date = new DateTime();
$news->setNewsid($news->getLastNewsId() + 1);
$news->setDate($date->format('Y-m-d H:i:s'));
// English
$news->setLang('EN');
$news->setTitle($title['EN']);
$news->setFull($full['EN']);
$news->insert();
// Russian
$news->setLang('RU');
$news->setTitle($title['RU']);
$news->setFull($full['RU']);
$news->insert();
// Spanish
$news->setLang('ES');
$news->setTitle($title['ES']);
$news->setFull($full['ES']);
$news->insert();
header('Location: /admin/news ');
}
<?php
session_start();
//require("../includes/checkPermission.php");
require "../../deny/connector.php";
require "class/class.News.php";
require "../includes/injection.php";
$newstitle = sqlInjection($_POST['NewsTitle']);
$newssummary = sqlInjection($_POST['NewsSummary']);
$newsimage = sqlInjection($_POST['NewsImage']);
$newscontent = mysql_real_escape_string($_POST['textContent']);
$newsdate = date("Y-m-d");
$continue = $_REQUEST['continue'];
//echo $newstitle."<br>".$newssummary."<br>".$newsimage."<br>".$newscontent."<br>".$newsdate;
$cate = new News();
$cate->insert($newstitle, $newssummary, $newsimage, $newscontent);
if ($continue == "OK") {
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=addnews'>";
//header("location: ../admincp.php?opt=addnews");
//exit();
} else {
echo "<meta http-equiv='refresh' content='0;url=../admincp.php?opt=listnews'>";
//header("location: ../admincp.php?opt=listnews");
//exit();
}
