function showNewsWComments()
{
require 'database.php';
$name = $_SESSION['userAccount'];
//show posted stories
$stmt = $mysqli->prepare("SELECT * FROM news WHERE poster=?");
if (!$stmt) {
printf("Query Prep Failed: %s\n", $mysqli->error);
exit;
}
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
echo "<table>\n\t\t\t<tr>\n\t\t\t<th>Previously Posted:</th>\n\t\t\t<th>Delete and Edit:</th>\n\t\t\t<th>News Links:</th>\n\t\t\t</tr>";
while ($row = $result->fetch_assoc()) {
$_SESSION['newsStory'] = $row['newsstory'];
echo "<tr>";
echo "<td>" . htmlentities($row['title']) . "</td>";
echo "<td>" . htmlentities($row['newsstory']) . "</td>";
echo "<td>" . '<a href="' . "http://" . htmlentities($row['links']) . '">' . htmlentities($row['links']) . ' </a>' . "</td>";
echo "<td>";
deleteStory($row['id']);
editStory($row['id']);
echo "</td>";
echo "</tr>";
}
$stmt->close();
echo "</table>";
showComments();
}
if (!isset($_GET['id']) || !isset($_GET['t']) || !isset($_GET['a']) || !isset($_GET['o'])) {
header("Location: ../index.php");
exit;
}
$user = $_SESSION['username'];
$uid = $_SESSION['uid'];
$item_ID = $_GET['id'];
$action = $_GET['a'];
$target = $_GET['t'];
$origin = $_GET['o'];
$content = '';
if ($action == 'd') {
if ($target == 's') {
$story = getStory($item_ID);
if ($uid == $story["poster_id"]) {
deleteStory($item_ID);
header("Location: ../index.php");
exit;
} else {
header("Location: ../index.php?error=1");
exit;
}
} else {
if ($target == 'c') {
$comment = getComment($item_ID);
if ($uid == $comment["commenter_id"]) {
deleteComment($item_ID);
header("Location: ../story.php?id=" . $origin);
exit;
} else {
header("Location: ../index.php?error=1");
function postStory($type_pub, $qid, $uid, $author, $subject, $hometext, $bodytext, $topic, $notes, $catid, $ihome, $members, $Mmembers, $date_debval, $date_finval, $epur)
{
global $NPDS_Prefix;
global $aid, $ultramode;
if ($uid == 1) {
$author = "";
}
if ($hometext == $bodytext) {
$bodytext = "";
}
$subject = stripslashes(FixQuotes(str_replace('"', '"', $subject)));
$hometext = stripslashes(FixQuotes($hometext));
$bodytext = stripslashes(FixQuotes($bodytext));
$notes = stripslashes(FixQuotes($notes));
if ($members == 1 and $Mmembers == "") {
$ihome = "-127";
}
if ($members == 1 and ($Mmembers > 1 and $Mmembers <= 127)) {
$ihome = $Mmembers;
}
if ($type_pub == 'pub_immediate') {
$result = sql_query("INSERT INTO " . $NPDS_Prefix . "stories VALUES (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}','{$author}', '{$notes}', '{$ihome}', '0', '{$date_finval}','{$epur}')");
Ecr_Log("security", "postStory (pub_immediate, {$subject}) by AID : {$aid}", "");
} else {
$result = sql_query("INSERT INTO " . $NPDS_Prefix . "autonews VALUES (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}','{$date_debval}','{$date_finval}','{$epur}')");
Ecr_Log("security", "postStory (autonews, {$subject}) by AID : {$aid}", "");
}
if ($uid != 1 and $uid != '') {
sql_query("UPDATE " . $NPDS_Prefix . "users SET counter=counter+1 WHERE uid='{$uid}'");
}
sql_query("UPDATE " . $NPDS_Prefix . "authors SET counter=counter+1 WHERE aid='{$aid}'");
if ($ultramode) {
ultramode();
}
deleteStory($qid);
if ($type_pub == 'pub_immediate') {
global $subscribe;
if ($subscribe) {
subscribe_mail("topic", $topic, '', $subject, '');
}
// Cluster Paradise
if (file_exists("modules/cluster-paradise/cluster-activate.php")) {
include "modules/cluster-paradise/cluster-activate.php";
}
if (file_exists("modules/cluster-paradise/cluster-M.php")) {
include "modules/cluster-paradise/cluster-M.php";
}
// Cluster Paradise
// Réseaux sociaux
if (file_exists('modules/npds_twi/npds_to_twi.php')) {
include 'modules/npds_twi/npds_to_twi.php';
}
if (file_exists('modules/npds_fbk/npds_to_fbk.php')) {
include 'modules/npds_twi/npds_to_fbk.php';
}
// Réseaux sociaux
}
redirect_url("admin.php?op=submissions");
}
<?php
session_start();
if (isset($_SESSION['admin_email'])) {
include "dbconnection.php";
$story_id = mysql_real_escape_string($_REQUEST['id']);
deleteStory($story_id);
header("location:stories.php");
} else {
header("location:index.php");
}
function postStory($automated, $year, $day, $month, $hour, $min, $qid, $uid, $author, $subject, $hometext, $bodytext, $topic, $notes, $catid, $ihome, $alanguage, $acomm, $pollTitle, $optionText, $assotop)
{
global $aid, $ultramode, $prefix, $db, $user_prefix;
for ($i = 0; $i < sizeof($assotop); $i++) {
$associated .= "{$assotop[$i]}-";
}
if ($automated == 1) {
if ($day < 10) {
$day = "0{$day}";
}
if ($month < 10) {
$month = "0{$month}";
}
$sec = "00";
$date = "{$year}-{$month}-{$day} {$hour}:{$min}:{$sec}";
if ($uid == 1) {
$author = "";
}
if ($hometext == $bodytext) {
$bodytext = "";
}
$subject = stripslashes(FixQuotes($subject));
$hometext = stripslashes(FixQuotes($hometext));
$bodytext = stripslashes(FixQuotes($bodytext));
$notes = stripslashes(FixQuotes($notes));
$result = $db->sql_query("insert into " . $prefix . "_autonews values (NULL, '{$catid}', '{$aid}', '{$subject}', '{$date}', '{$hometext}', '{$bodytext}', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$associated}')");
if (!$result) {
return;
}
if ($uid != 1) {
$db->sql_query("update " . $user_prefix . "_users set counter=counter+1 where user_id='{$uid}'");
$row = $db->sql_fetchrow($db->sql_query("SELECT points FROM " . $prefix . "_groups_points WHERE id='4'"));
$db->sql_query("UPDATE " . $user_prefix . "_users SET points=points+{$row['points']} where user_id='{$uid}'");
}
$db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'");
if ($ultramode) {
ultramode();
}
$qid = intval($qid);
$db->sql_query("delete from " . $prefix . "_queue where qid='{$qid}'");
Header("Location: admin.php?op=submissions");
} else {
if ($uid == 1) {
$author = "";
}
if ($hometext == $bodytext) {
$bodytext = "";
}
$subject = stripslashes(FixQuotes($subject));
$hometext = stripslashes(FixQuotes($hometext));
$bodytext = stripslashes(FixQuotes($bodytext));
$notes = stripslashes(FixQuotes($notes));
if ($pollTitle != "" and $optionText[1] != "" and $optionText[2] != "") {
$haspoll = 1;
$timeStamp = time();
$pollTitle = FixQuotes($pollTitle);
if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_desc VALUES (NULL, '{$pollTitle}', '{$timeStamp}', '0', '{$alanguage}', '0')")) {
return;
}
$object = $db->sql_fetchrow($db->sql_query("SELECT pollID FROM " . $prefix . "_poll_desc WHERE pollTitle='{$pollTitle}'"));
$id = $object['pollID'];
$id = intval($id);
for ($i = 1; $i <= sizeof($optionText); $i++) {
if ($optionText[$i] != "") {
$optionText[$i] = FixQuotes($optionText[$i]);
}
if (!$db->sql_query("INSERT INTO " . $prefix . "_poll_data (pollID, optionText, optionCount, voteID) VALUES ('{$id}', '{$optionText[$i]}', '0', '{$i}')")) {
return;
}
}
} else {
$haspoll = 0;
$id = 0;
}
$result = $db->sql_query("insert into " . $prefix . "_stories values (NULL, '{$catid}', '{$aid}', '{$subject}', now(), '{$hometext}', '{$bodytext}', '0', '0', '{$topic}', '{$author}', '{$notes}', '{$ihome}', '{$alanguage}', '{$acomm}', '{$haspoll}', '{$id}', '0', '0', '{$associated}')");
$result = $db->sql_query("select sid from " . $prefix . "_stories WHERE title='{$subject}' order by time DESC limit 0,1");
list($artid) = $db->sql_fetchrow($result);
$artid = intval($artid);
$db->sql_query("UPDATE " . $prefix . "_poll_desc SET artid='{$artid}' WHERE pollID='{$id}'");
if (!$result) {
return;
}
if ($uid != 1) {
$row = $db->sql_fetchrow($db->sql_query("SELECT points FROM " . $prefix . "_groups_points WHERE id='4'"));
$db->sql_query("UPDATE " . $user_prefix . "_users SET points=points+{$row['points']} where user_id='{$uid}'");
$db->sql_query("update " . $user_prefix . "_users set counter=counter+1 where user_id='{$uid}'");
}
$db->sql_query("update " . $prefix . "_authors set counter=counter+1 where aid='{$aid}'");
if ($ultramode) {
ultramode();
}
deleteStory($qid);
}
}
