function showNewsWComments() { require 'database.php'; $name = $_SESSION['userAccount']; //show posted stories $stmt = $mysqli->prepare("SELECT * FROM news WHERE poster=?"); if (!$stmt) { printf("Query Prep Failed: %s\n", $mysqli->error); exit; } $stmt->bind_param('s', $name); $stmt->execute(); $result = $stmt->get_result(); echo "<table>\n\t\t\t<tr>\n\t\t\t<th>Previously Posted:</th>\n\t\t\t<th>Delete and Edit:</th>\n\t\t\t<th>News Links:</th>\n\t\t\t</tr>"; while ($row = $result->fetch_assoc()) { $_SESSION['newsStory'] = $row['newsstory']; echo "<tr>"; echo "<td>" . htmlentities($row['title']) . "</td>"; echo "<td>" . htmlentities($row['newsstory']) . "</td>"; echo "<td>" . '<a href="' . "http://" . htmlentities($row['links']) . '">' . htmlentities($row['links']) . ' </a>' . "</td>"; echo "<td>"; deleteStory($row['id']); editStory($row['id']); echo "</td>"; echo "</tr>"; } $stmt->close(); echo "</table>"; showComments(); }
if (!isset($_GET['id']) || !isset($_GET['t']) || !isset($_GET['a']) || !isset($_GET['o'])) { header("Location: ../index.php"); exit; } $user = $_SESSION['username']; $uid = $_SESSION['uid']; $item_ID = $_GET['id']; $action = $_GET['a']; $target = $_GET['t']; $origin = $_GET['o']; $content = ''; if ($action == 'd') { if ($target == 's') { $story = getStory($item_ID); if ($uid == $story["poster_id"]) { deleteStory($item_ID); header("Location: ../index.php"); exit; } else { header("Location: ../index.php?error=1"); exit; } } else { if ($target == 'c') { $comment = getComment($item_ID); if ($uid == $comment["commenter_id"]) { deleteComment($item_ID); header("Location: ../story.php?id=" . $origin); exit; } else { header("Location: ../index.php?error=1");
function postStory($type_pub, $qid, $uid, $author, $subject, $hometext, $bodytext, $topic, $notes, $catid, $ihome, $members, $Mmembers, $date_debval, $date_finval, $epur) { global $NPDS_Prefix; global $aid, $ultramode; if ($uid == 1) { $author = ""; } if ($hometext == $bodytext) { $bodytext = ""; } $subject = stripslashes(FixQuotes(str_replace('"', '"', $subject))); $hometext = stripslashes(FixQuotes($hometext)); $bodytext = stripslashes(FixQuotes($bodytext)); $notes = stripslashes(FixQuotes($notes)); if ($members == 1 and $Mmembers == "") { $ihome = "-127"; } if ($members == 1 and ($Mmembers > 1 and $Mmembers <= 127)) { $ihome = $Mmembers; } if ($type_pub == 'pub_immediate') { $result = sql_query("INSERT INTO " . $NPDS_Prefix . "stories VALUES (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}','{$author}', '{$notes}', '{$ihome}', '0', '{$date_finval}','{$epur}')"); Ecr_Log("security", "postStory (pub_immediate, {$subject}) by AID : {$aid}", ""); } else { $result = sql_query("INSERT INTO " . $NPDS_Prefix . "autonews VALUES (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}','{$date_debval}','{$date_finval}','{$epur}')"); Ecr_Log("security", "postStory (autonews, {$subject}) by AID : {$aid}", ""); } if ($uid != 1 and $uid != '') { sql_query("UPDATE " . $NPDS_Prefix . "users SET counter=counter+1 WHERE uid='{$uid}'"); } sql_query("UPDATE " . $NPDS_Prefix . "authors SET counter=counter+1 WHERE aid='{$aid}'"); if ($ultramode) { ultramode(); } deleteStory($qid); if ($type_pub == 'pub_immediate') { global $subscribe; if ($subscribe) { subscribe_mail("topic", $topic, '', $subject, ''); } // Cluster Paradise if (file_exists("modules/cluster-paradise/cluster-activate.php")) { include "modules/cluster-paradise/cluster-activate.php"; } if (file_exists("modules/cluster-paradise/cluster-M.php")) { include "modules/cluster-paradise/cluster-M.php"; } // Cluster Paradise // Réseaux sociaux if (file_exists('modules/npds_twi/npds_to_twi.php')) { include 'modules/npds_twi/npds_to_twi.php'; } if (file_exists('modules/npds_fbk/npds_to_fbk.php')) { include 'modules/npds_twi/npds_to_fbk.php'; } // Réseaux sociaux } redirect_url("admin.php?op=submissions"); }
<?php session_start(); if (isset($_SESSION['admin_email'])) { include "dbconnection.php"; $story_id = mysql_real_escape_string($_REQUEST['id']); deleteStory($story_id); header("location:stories.php"); } else { header("location:index.php"); }
function postStory($automated, $year, $day, $month, $hour, $min, $qid, $uid, $author, $subject, $hometext, $bodytext, $topic, $notes, $catid, $ihome, $alanguage, $acomm, $pollTitle, $optionText, $assotop) { global $aid, $ultramode, $prefix, $db, $user_prefix; for ($i = 0; $i < sizeof($assotop); $i++) { $associated .= "{$assotop[$i]}-"; } if ($automated == 1) { if ($day < 10) { $day = "0{$day}"; } if ($month < 10) { $month = "0{$month}"; } $sec = "00"; $date = "{$year}-{$month}-{$day} {$hour}:{$min}:{$sec}"; if ($uid == 1) { $author = ""; } if ($hometext == $bodytext) { $bodytext = ""; } $subject = stripslashes(FixQuotes($subject)); $hometext = stripslashes(FixQuotes($hometext)); $bodytext = stripslashes(FixQuotes($bodytext)); $notes = stripslashes(FixQuotes($notes)); $result = $db->sql_query("insert into " . $prefix . "_autonews values (NULL, '{$catid}', '{$aid}', '{$subject}', '{$date}', '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$associated}')"); if (!$result) { return; } if ($uid != 1) { $db->sql_query("update " . $user_prefix . "_users set counter=counter+1 where user_id='{$uid}'"); $row = $db->sql_fetchrow($db->sql_query("SELECT points FROM " . $prefix . "_groups_points WHERE id='4'")); $db->sql_query("UPDATE " . $user_prefix . "_users SET points=points+{$row['points']} where user_id='{$uid}'"); } $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'"); if ($ultramode) { ultramode(); } $qid = intval($qid); $db->sql_query("delete from " . $prefix . "_queue where qid='{$qid}'"); Header("Location: admin.php?op=submissions"); } else { if ($uid == 1) { $author = ""; } if ($hometext == $bodytext) { $bodytext = ""; } $subject = stripslashes(FixQuotes($subject)); $hometext = stripslashes(FixQuotes($hometext)); $bodytext = stripslashes(FixQuotes($bodytext)); $notes = stripslashes(FixQuotes($notes)); if ($pollTitle != "" and $optionText[1] != "" and $optionText[2] != "") { $haspoll = 1; $timeStamp = time(); $pollTitle = FixQuotes($pollTitle); if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_desc VALUES (NULL, '{$pollTitle}', '{$timeStamp}', '0', '{$alanguage}', '0')")) { return; } $object = $db->sql_fetchrow($db->sql_query("SELECT pollID FROM " . $prefix . "_poll_desc WHERE pollTitle='{$pollTitle}'")); $id = $object['pollID']; $id = intval($id); for ($i = 1; $i <= sizeof($optionText); $i++) { if ($optionText[$i] != "") { $optionText[$i] = FixQuotes($optionText[$i]); } if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_data (pollID, optionText, optionCount, voteID) VALUES ('{$id}', '{$optionText[$i]}', '0', '{$i}')")) { return; } } } else { $haspoll = 0; $id = 0; } $result = $db->sql_query("insert into " . $prefix . "_stories values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$haspoll}', '{$id}', '0', '0', '{$associated}')"); $result = $db->sql_query("select sid from " . $prefix . "_stories WHERE title='{$subject}' order by time DESC limit 0,1"); list($artid) = $db->sql_fetchrow($result); $artid = intval($artid); $db->sql_query("UPDATE " . $prefix . "_poll_desc SET artid='{$artid}' WHERE pollID='{$id}'"); if (!$result) { return; } if ($uid != 1) { $row = $db->sql_fetchrow($db->sql_query("SELECT points FROM " . $prefix . "_groups_points WHERE id='4'")); $db->sql_query("UPDATE " . $user_prefix . "_users SET points=points+{$row['points']} where user_id='{$uid}'"); $db->sql_query("update " . $user_prefix . "_users set counter=counter+1 where user_id='{$uid}'"); } $db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'"); if ($ultramode) { ultramode(); } deleteStory($qid); } }