Example #1
0
    }
    $hash = md5('the salt to' . $newsid . 'add' . 'mu55y');
    if (!$sure) {
        stderr("Confirm Delete", "Do you really want to delete this news entry? Click\n" . "<a href=?newsid={$newsid}&action=delete&sure=1&h={$hash}>here</a> if you are sure.", false);
    }
    if ($_GET['h'] != $hash) {
        stderr('Error', 'what are you doing?');
    }
    function deletenewsid($newsid)
    {
        global $CURUSER;
        mysql_query("DELETE FROM news WHERE id = {$newsid} AND userid = {$CURUSER['id']}");
        @unlink("cache/news.html");
        @unlink("cache/newsstaff.html");
    }
    deletenewsid($newsid);
    stdhead();
    echo '<h2>News entry deleted!</h2>';
    stdfoot();
    die;
}
// ////////////////Add news////////////////////////////////////////////////////////
if ($action == 'add') {
    $body = $_POST["body"];
    $sticky = $_POST["sticky"];
    if (!$body) {
        stderr("Error", "The news item cannot be empty!");
    }
    $title = htmlentities($_POST['title']);
    if (!$title) {
        stderr("Error", "The news title cannot be empty!");
Example #2
0
    $hash = md5('the@@saltto66??' . $newsid . 'add' . '@##mu55y==');
    $sure = '';
    $sure = isset($_GET['sure']) ? intval($_GET['sure']) : '';
    if (!$sure) {
        stderr($lang['news_del_confirm'], $lang['news_del_click'] . "<a href='staffpanel.php?tool=news&amp;mode=delete&amp;sure=1&amp;h={$hash}&amp;newsid={$newsid}'>{$lang['news_del_here']}</a> {$lang['news_del_if']}", false);
    }
    if ($_GET['h'] != $hash) {
        stderr($lang['news_error'], $lang['news_del_what']);
    }
    function deletenewsid($newsid)
    {
        global $CURUSER, $mc1;
        sql_query("DELETE FROM news WHERE id = " . sqlesc($newsid) . " AND userid = " . sqlesc($CURUSER['id'])) or sqlerr(__FILE__, __LINE__);
        $mc1->delete_value('latest_news_');
    }
    $HTMLOUT .= deletenewsid($newsid);
    header("Refresh: 3; url=staffpanel.php?tool=news&mode=news");
    stderr($lang['news_success'], "<h2>{$lang['news_del_redir']}</h2>");
    echo stdhead($lang['news_del_stdhead'], true, $stdhead) . $HTMLOUT . stdfoot();
    die;
}
//==Add news
if ($mode == 'add') {
    $body = isset($_POST['body']) ? htmlsafechars($_POST['body']) : '';
    $sticky = isset($_POST['sticky']) ? htmlsafechars($_POST['sticky']) : 'yes';
    $anonymous = isset($_POST['anonymous']) ? htmlsafechars($_POST['anonymous']) : 'no';
    if (!$body) {
        stderr($lang['news_error'], $lang['news_add_item']);
    }
    $title = htmlsafechars($_POST['title']);
    if (!$title) {