require_once 'liveuser_rights.php'; require_once 'HTML/Template/IT.php'; if (!$usr->isLoggedin() || !$usr->checkRight(EDITNEWS)) { echo 'Sorry but you cannot access this page'; exit; } if (isset($_POST['news'])) { if (!$usr->checkRight(MODIFYNEWS)) { echo 'You are trying to modify a news but do not have the right to do so !'; exit; } if (isset($_POST['id'])) { if ($_POST['id'] == 0) { insertNews($db, $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id')); } else { updateNewsContent($db, $_POST['id'], $_POST['title'], $_POST['newscontent'], $usr->getProperty('user_id')); } } } $category = 'general'; if (isset($_GET['mode']) && $_GET['mode'] == "edit") { if (!isset($_GET['id']) && !is_numeric($_GET['id'])) { die('Missing news id'); } $news = getNewsContent($db, $_GET['id']); } elseif (isset($_GET['mode']) && $_GET['mode'] == "insert") { $news = getNewsContent($db, 0); } else { $news = getNewsList($db, $category); } $tpl =& new HTML_Template_IT('./');
echo 'Sorry but you cannot access this page'; exit; } if (array_key_exists('news', $_POST)) { if (!$usr->checkRight(MODIFYNEWS)) { echo 'You are trying to modify a news but do not have the right to do so !'; exit; } if (array_key_exists('id', $_POST)) { $id = (int) $_POST['id']; $title = htmlspecialchars(strip_tags($_POST['title'])); $newscontent = htmlspecialchars(strip_tags($_POST['newscontent'])); if ($id == 0) { insertNews($db, $title, $newscontent, $usr->getProperty('perm_user_id')); } else { updateNewsContent($db, $id, $title, $newscontent, $usr->getProperty('perm_user_id')); } } } $category = 'general'; if (array_key_exists('mode', $_GET) && $_GET['mode'] == 'edit') { if (!array_key_exists('id', $_GET) && !is_numeric($_GET['id'])) { die('Missing news id'); } $id = (int) $_GET['id']; $news = getNewsContent($db, $id); } elseif (array_key_exists('mode', $_GET) && $_GET['mode'] == 'insert') { $news = getNewsContent($db); } else { $news = getNewsList($db, $category); }