$_POST['txt'] = escape($_POST['txt'], 'string');
$_POST['name'] = escape($_POST['name'], 'string');
db_query("INSERT INTO `prefix_koms` (`uid`,`cat`,`name`,`text`) VALUES (" . $nid . ",'NEWS','" . $_POST['name'] . "','" . $_POST['txt'] . "')");
}
# kommentar add
# kommentar loeschen
if ($menu->getA(2) == 'd' and is_numeric($menu->getE(2)) and has_right(-7, 'news')) {
$kommentar_id = escape($menu->getE(2), 'integer');
db_query("DELETE FROM prefix_koms WHERE uid = " . $nid . " AND cat = 'NEWS' AND id = " . $kommentar_id);
}
# kommentar loeschen
$kategorie = news_find_kat($row->news_kat);
$textToShow = bbcode($row->news_text);
$textToShow = str_replace('[PREVIEWENDE]', '', $textToShow);
if (!empty($such)) {
$textToShow = markword($textToShow, $such);
}
$tpl = new tpl('news.htm');
$ar = array('TEXT' => $textToShow, 'KATE' => $kategorie, 'NID' => $nid, 'uname' => $_SESSION['authname'], 'ANTISPAM' => loggedin() ? '' : get_antispam('newskom', 0), 'NAME' => $row->news_title);
$tpl->set_ar_out($ar, 2);
if ($komsOK) {
$tpl->set_ar_out(array('NAME' => $row->news_title, 'NID' => $nid), 3);
}
$erg1 = db_query("SELECT text, name, id FROM `prefix_koms` WHERE uid = " . $nid . " AND cat = 'NEWS' ORDER BY id DESC");
$ergAnz1 = db_num_rows($erg1);
if ($ergAnz1 == 0) {
echo '<b>' . $lang['nocomments'] . '</b>';
} else {
$zahl = $ergAnz1;
while ($row1 = db_fetch_assoc($erg1)) {
$row1['text'] = bbcode(trim($row1['text']));
$row['sperre'] = '<br /><strong>gesperrt</strong>';
} else {
$row['sperre'] = '';
}
if (!is_numeric($row['geschlecht'])) {
$row['geschlecht'] = 0;
}
if (file_exists($row['avatar'])) {
$row['avatar'] = '<br /><br /><img src="' . $row['avatar'] . '" alt="User Pic" border="0" /><br />';
} elseif ($allgAr['forum_default_avatar']) {
$row['avatar'] = '<br /><br /><img src="include/images/avatars/' . $ges_ar[$row['geschlecht']] . '.jpg" alt="User Pic" border="0" /><br />';
} else {
$row['avatar'] = '';
}
$row['rang'] = userrang($row['posts'], $row['erstid']);
$row['txt'] = isset($_GET['such']) ? markword(bbcode($row['txt']), $_GET['such']) : bbcode($row['txt']);
$row['i'] = $i;
$row['page'] = $page;
if ($row['posts'] != 0) {
$row['erst'] = '<a href="index.php?user-details-' . $row['erstid'] . '"><b>' . $row['erst'] . '</b></a>';
} elseif ($row['erstid'] != 0) {
$row['rang'] = 'gelöschter User';
}
if ($forum_rights['mods'] == true and $i > 1) {
$row['delete'] = true;
}
if ($forum_rights['reply'] == true and loggedin() || $row["erstid"] == $_SESSION["authid"]) {
$row['change'] = true;
}
$row['posts'] = ($row['posts'] ? '<br />Posts: ' . $row['posts'] : '') . '<br />';
$row['NEW'] = post_is_new($row["time"], $tid, $fid) ? "true" : "false";
