function sendcomment()
{
global $sqldbdb, $newsmessage, $editar, $prefix;
if (!is_intval(trim($_POST['newsid'])) || !is_intval(trim($_POST['secCode'])) || !is_intval($_SESSION[session_id()])) {
die("#1 - aha! Clever!");
}
$editar = true;
if ($_POST['commentname'] == "" || $_POST['commentmessage'] == "") {
$message = $newsmessage[101];
} else {
if ($_POST['secCode'] != $_SESSION[session_id()]) {
$message = $newsmessage[139];
} else {
$order = array("\r\n", "\n", "\r");
$commentmessage = str_replace($order, "<br />\n", sanitize(strip_tags($_POST['commentmessage'])));
$query = "INSERT INTO " . $prefix . "comments (newsid, poster, postermail, time, text) VALUES (" . $_POST['newsid'] . ",\" " . encode(sanitize(strip_tags($_POST['commentname']))) . "\", \"" . encode(sanitize(strip_tags($_POST['commentemail']))) . "\", " . time() . ", \"" . encode(stripslashes($commentmessage)) . "\")";
dbquery($query);
$registos = db_changes($sqldbdb);
if ($registos == 1) {
$message = $newsmessage[141];
$editar = false;
} else {
$message = $newsmessage[142];
}
}
}
unset($_GET['do']);
return $message;
}
function adminnews()
{
global $noticia_numero, $newsmessage, $message, $prefix, $out;
switch ($_GET['action']) {
case "deletec":
$noticia_numero = $_GET['id'];
$query = dbquery("DELETE FROM " . $prefix . "newscat WHERE id = {$noticia_numero}");
$registros = db_changes();
if ($registros == 1) {
$message = $newsmessage[126];
} else {
$message = $newsmessage[127];
}
break;
case "delete":
$noticia_numero = $_GET['id'];
$query = "DELETE FROM " . $prefix . "noticias WHERE reg = {$noticia_numero}";
dbquery($query);
$registros = db_changes();
if ($registros == 1) {
$message = $newsmessage[128];
} else {
$message = $newsmessage[129];
}
break;
case "edit":
$noticia_numero = $_GET["id"];
$query = dbquery("SELECT * FROM " . $prefix . "noticias WHERE reg = '{$noticia_numero}'");
$row = fetch_array($query);
break;
case "editc":
$categoria_id = $_GET["id"];
$query = dbquery("SELECT * FROM " . $prefix . "newscat WHERE id = '{$categoria_id}'");
$row = fetch_array($query);
break;
}
$out .= "<h2>{$newsmessage['1']}</h2>\n<hr />\n";
$out .= "<div align=\"center\">\n";
$out .= "<form name=\"adicionar\" method=\"post\" action=\"\">\n<fieldset style=\"border: 0;\">\n<table style=\"border: 0; width: 600px;\">\n";
$out .= "<tr><td>{$newsmessage['16']}:</td><td>";
$out .= "<input type='text' name='autor' value=\"";
if ($_GET['action'] == "edit") {
$out .= decode($row[1]);
}
$out .= "\" /></td></tr>\n<tr><td>{$newsmessage['73']}:</td><td><input type='text' name='email' value=\"";
if ($_GET['action'] == "edit") {
$out .= decode($row[2]);
}
$out .= "\" /></td></tr>\n<tr><td>{$newsmessage['12']}:</td><td><input type='text' name='titulo' value='" . decode($row[3]) . "' /></td></tr>\n";
$out .= "<tr><td>{$newsmessage['114']}:</td><td>";
if ($_GET['action'] == "edit") {
$date = date("YmdGi", $row[5]);
} else {
$date = date("YmdGi");
}
$ano = substr($date, 0, 4);
$mes = substr($date, 4, 2);
$dia = substr($date, 6, 2);
$hora = substr($date, 8, 2);
$minuto = substr($date, 10, 2);
$out .= "<select name=\"ano\">";
for ($i = 2000; $i < 2020; $i++) {
$out .= "<option value=\"{$i}\"";
if ($i == $ano) {
$out .= " SELECTED";
}
$out .= ">{$i}</option>\n";
}
$out .= "</select>\n";
$out .= "/<select name=\"mes\">";
for ($i = 1; $i < 13; $i++) {
$out .= "<option value=\"{$i}\"";
if ($i == $mes) {
$out .= " SELECTED";
}
$out .= ">{$i}</option>\n";
}
$out .= "</select>\n";
$out .= "/<select name=\"dia\">";
for ($i = 1; $i < 32; $i++) {
$out .= "<option value=\"{$i}\"";
if ($i == $dia) {
$out .= " SELECTED";
}
$out .= ">{$i}</option>\n";
}
$out .= "</select>\n";
$out .= " - <select name=\"hora\">";
for ($i = 0; $i < 24; $i++) {
$out .= "<option value=\"{$i}\"";
if ($i == $hora) {
$out .= " SELECTED";
}
$out .= ">{$i}</option>\n";
}
$out .= "</select>\n";
$out .= ":<select name=\"minuto\">";
for ($i = 0; $i < 60; $i++) {
$out .= "<option value=\"{$i}\"";
if ($i == $minuto) {
$out .= " SELECTED";
}
$out .= ">{$i}</option>\n";
}
$out .= "</select>\n";
$out .= "</td></tr>\n";
$out .= "<tr><td>{$newsmessage['52']}:</td><td><select name=\"cat\" >\n";
$result = dbquery("SELECT * FROM " . $prefix . "newscat");
$cats = fetch_all($result);
foreach ($cats as $catt) {
$out .= '<option value="' . $catt['id'] . '"';
if ($_GET['action'] == "edit" && strval($row[7]) == strval($catt['id'])) {
$out .= ' SELECTED';
}
$out .= '>' . decode($catt['nome']) . " </option>\n";
}
$out .= "</select></td></tr>\n";
$out .= "<tr><td colspan=\"2\" width=\"580\">";
print $out;
editor(stripslashes(decode($row[4])));
$out = "</td></tr></table>\n";
if ($_GET['action'] == "edit") {
$out .= "<input type='hidden' name='reg' value='" . $row[0] . "' />";
$out .= savereturn("Edit News");
} else {
$out .= savereturn("Add News");
}
$out .= "</fieldset></form>\n</div>\n";
$out .= "<hr />\n<h3>{$newsmessage['80']}</h3>\n<table>\n";
$query = dbquery("SELECT titulo, reg ,data,visto FROM " . $prefix . "noticias ORDER BY reg DESC");
while ($row_db = fetch_array($query)) {
$out .= "<tr><td><a href='" . $_SERVER["SCRIPT_NAME"] . "?do=news&action=edit&id=" . $row_db["1"] . "'><img src=\"images/edit.png\" alt=\"edit\" title=\"Edit news\" style=\"align: left; border: 0;\" /></a></td><td><a href='" . $_SERVER["SCRIPT_NAME"] . "?do=news&action=delete&id=" . $row_db["1"] . "'><img src=\"images/editdelete.png\" alt=\"delete\" title=\"Delete news\" style=\"align: left; border: 0;\" /></a></td><td><b>" . decode($row_db["0"]) . "</b></td><td>" . data_formatada($row_db["2"] + $fuso_s) . "</td><td>{$newsmessage['81']}: " . $row_db["3"] . "</td></tr>\n";
}
$out .= "</table>\n<hr />\n";
$out .= "<h3>{$newsmessage['78']}</h3>\n";
$out .= "<form name=\"form1\" method=\"post\" action=\"\"><fieldset style=\"border: 0;\">\n<table>\n";
$out .= "<tr><td>{$newsmessage['50']}</td><td>";
$out .= "<input type=\"text\" name=\"name\"";
if ($_GET['action'] == "editc") {
$out .= " value=\"" . $row[1] . "\"";
}
$out .= " /></td></tr>\n<tr><td>{$newsmessage['67']}</td><td><input type=\"text\" name=\"descr\"";
if ($_GET['action'] == "editc") {
$out .= " value=\"" . $row[2] . "\"";
}
$out .= " /></td></tr>\n";
if ($_GET['action'] == "editc") {
$out .= "<tr><td>{$newsmessage['79']}</td><td><input type=\"text\" name=\"newid\" value=\"" . $row[0] . "\" /></td></tr>\n";
}
$out .= "<tr><td></td><td><input type=\"hidden\" name=\"id\" value=\"" . $_GET['id'] . "\" />\n";
$out .= "<input type=\"hidden\" name=\"newscat\" ";
if ($_GET['action'] == "editc") {
$out .= "value=\"Edit Category\"";
} else {
$out .= "value=\"Add Category\"";
}
$out .= " />\n";
$out .= "<input type=\"submit\" name=\"\" ";
if ($_GET['action'] == "editc") {
$out .= "value=\"{$newsmessage['54']}\"";
} else {
$out .= "value=\"{$newsmessage['53']}\"";
}
$out .= " />\n";
$out .= "</td></tr>\n</table></fieldset></form>\n<table>\n";
$res = dbquery("SELECT * FROM " . $prefix . "newscat");
while ($roww = fetch_array($res)) {
$out .= "<tr><td><a href='" . $_SERVER["SCRIPT_NAME"] . "?do=news&action=editc&id=" . $roww["0"] . "'><img src=\"images/edit.png\" alt=\"edit\" style=\"align: left; border: 0;\" /></a></td><td><a href='" . $_SERVER["SCRIPT_NAME"] . "?do=news&action=deletec&id=" . $roww["0"] . "'><img src=\"images/editdelete.png\" alt=\"delete\" style=\"align: left; border: 0;\" /></a></td><td><b>" . decode($roww["1"]) . "</b></td><td>" . decode($roww["2"]) . "</td><td>Id: " . $roww["0"] . "</td></tr>\n";
}
$out .= "</table>\n<br />\n";
}
