<?php
if (isset($_POST['submit'])) {
include 'functions/db_connection.php';
$catagory_name = $_POST['catagory_name'];
$catagory_desc = $_POST['catagory_desc'];
$status = $_POST['status'];
include 'functions/crud.php';
$sql = insertNews($catagory_name, $catagory_desc, $status);
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
$message = 'success';
header('Location: index.php?message=' . $message);
}
*/
require_once 'conf.php';
require_once 'liveuser_rights.php';
require_once 'HTML/Template/IT.php';
if (!$usr->isLoggedin() || !$usr->checkRight(EDITNEWS)) {
echo 'Sorry but you cannot access this page';
exit;
}
if (isset($_POST['news'])) {
if (!$usr->checkRight(MODIFYNEWS)) {
echo 'You are trying to modify a news but do not have the right to do so !';
exit;
}
if (isset($_POST['id'])) {
if ($_POST['id'] == 0) {
insertNews($db, $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id'));
} else {
updateNewsContent($db, $_POST['id'], $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id'));
}
}
}
$category = 'general';
if (isset($_GET['mode']) && $_GET['mode'] == "edit") {
if (!isset($_GET['id']) && !is_numeric($_GET['id'])) {
die('Missing news id');
}
$news = getNewsContent($db, $_GET['id']);
} elseif (isset($_GET['mode']) && $_GET['mode'] == "insert") {
$news = getNewsContent($db, 0);
} else {
$news = getNewsList($db, $category);
require_once 'HTML/Template/IT.php';
if (!$usr->isLoggedIn() || !$usr->checkRight(EDITNEWS)) {
echo 'Sorry but you cannot access this page';
exit;
}
if (array_key_exists('news', $_POST)) {
if (!$usr->checkRight(MODIFYNEWS)) {
echo 'You are trying to modify a news but do not have the right to do so !';
exit;
}
if (array_key_exists('id', $_POST)) {
$id = (int) $_POST['id'];
$title = htmlspecialchars(strip_tags($_POST['title']));
$newscontent = htmlspecialchars(strip_tags($_POST['newscontent']));
if ($id == 0) {
insertNews($db, $title, $newscontent, $usr->getProperty('perm_user_id'));
} else {
updateNewsContent($db, $id, $title, $newscontent, $usr->getProperty('perm_user_id'));
}
}
}
$category = 'general';
if (array_key_exists('mode', $_GET) && $_GET['mode'] == 'edit') {
if (!array_key_exists('id', $_GET) && !is_numeric($_GET['id'])) {
die('Missing news id');
}
$id = (int) $_GET['id'];
$news = getNewsContent($db, $id);
} elseif (array_key_exists('mode', $_GET) && $_GET['mode'] == 'insert') {
$news = getNewsContent($db);
} else {
<?php
if (isset($_POST['submit'])) {
include 'functions/db_connection.php';
$news_title = $_POST['news_title'];
$news_reporter = $_POST['reporter_name'];
$news_description = $_POST['news_description'];
$news_status = $_POST['news_publish_status'];
include 'functions/crud.php';
$sql = insertNews($news_title, $news_reporter, $news_description, $news_status);
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
$message = 'Insert';
header('Location: index.php?message=' . $message);
}
<?php
if (isset($_POST['submit'])) {
include 'functions/db_connection.php';
$name = $_POST['name'];
$product_desc = $_POST['product_desc'];
$price = $_POST['price'];
include 'functions/crud.php';
$sql = insertNews($name, $product_desc, $price);
if (mysqli_query($conn, $sql)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
$message = 'Insert';
header('Location: index.php?message=' . $message);
}
