$footer->file = "footer.php";
include_class('band_news');
include_class('band_members');
include_class('shows');
include_class('band_information');
$bn = new BandNewsList();
$view = 'overview';
$linkBrowse = "news.php?browse=1";
$linkLatest = "news.php";
$paging = new SectionTemplate();
$paging->file = "paging.php";
$paging->args['perPage'] = is_numeric($_GET['e']) ? $_GET['e'] : 10;
$paging->args['start'] = is_numeric($_GET['s']) ? $_GET['s'] : ($paging->args['start'] = 1);
if ($_GET['id']) {
$view = 'detail';
$bnd = BandNews::get($_GET['id']);
$st = new SectionTemplate();
$st->file = "news_detail.php";
$st->args['news'] = $bnd;
} else {
if ($_GET['browse']) {
$view = 'browse';
$news = array();
$result = $bn->get_band_news($_GET['e'], $_GET['s'], 1);
$paging->args['total'] = $bn->get_total(1);
$paging->args['url'] = USE_MOD_REWRITE ? SITE_WEB_DIRECTORY . 'news/browse/' : 'news.php';
foreach ($result as $bnd) {
$st = new SectionTemplate();
$st->file = "news_summary.php";
$st->args['news'] = $bnd;
$news[] = $st;
<?php
include 'base.php';
User::protect();
$section = 'band_news';
include_class('band_members');
include_class('band_news');
$no = BandNews::get($_GET['id']);
if (!db::isError($no)) {
switch ($_GET['task']) {
case 'update':
$res = $no->update($_POST);
if (!db::isError($res)) {
header('Location: band_news_edit.php?id=' . $_GET['id']);
}
break;
case 'deactivate':
$res = $no->deactivate();
if (!db::isError($res)) {
header('Location: band_news_edit.php?id=' . $_GET['id']);
}
break;
case 'activate':
$res = $no->activate();
if (!db::isError($res)) {
header('Location: band_news_edit.php?id=' . $_GET['id']);
}
break;
case 'delete':
$res = $no->remove();
if (!db::isError($res)) {
function update($postArray)
{
$db = new db();
$title = $db->sanitize_to_db($postArray['title']);
$uo = User::getCurrent();
include_class('band_members');
if (User::isAdmin()) {
$uo = User::get($postArray['user_id']);
if (db::isError($uo)) {
$e->add($uo);
} else {
if (!$uo->isAdmin() && $uo->isBandMember()) {
$e->add("Invalid user. User must be a band member or an administrator.");
}
}
} else {
$uo = User::getCurrent();
}
$user_id = $uo->getID();
$_dt = strtotime($postArray['date']);
$dt = date('Y-m-d', $_dt) . ' ' . $postArray['time'];
$dateTime = date("Y-m-d H:i:s", strtotime($dt));
$description = $db->sanitize_to_db($postArray['description']);
$body = $db->sanitize_to_db($postArray['body']);
if (!$title) {
$title = '(untitled)';
}
if (!$this->canEdit()) {
return Error::create("You may not edit this news posting.");
}
$r = @mysql_query("update Band_News set title='{$title}', user_id = {$user_id}, date_time='{$dateTime}', description='{$description}', body='{$body}' where ID = " . $this->ID);
if ($r) {
return BandNews::get($this->ID);
} else {
return Error::MySQL();
}
}
$editors = array('description', 'body');
$page_title = 'Add/Edit Band News';
include 'layout/header.php';
?>
<div id="breadcrumb">
<a href="index.php">Audition ></a> <a href="band.php">Manage Band ></a> <a href="band_news.php">Band News ></a> Add News Entry
</div>
<?php
$uo = User::getCurrent();
$bm = BandMember::getByUserID($uo->getID());
if (!db::isError($bm)) {
$bmFirstName = $uo->getFirstName();
}
if (!BandNews::canAdd()) {
Error::outputDialog('Return to Band News', 'band_news.php', 'You are not an administrator, and you are not a band member. Therefore, you cannot add band news.');
} else {
if (db::isError($bn)) {
$bn->outputList();
}
?>
<h1>add entry:</h1>
<div class="inset">
<form id="edit_entry" action="<?php
echo $PHP_SELF;
?>
?task=add" method="post">
<table border="0" class="edit-form" cellspacing="0" cellpadding="0">
<tr>
<td colspan="3" valign="top">
