$footer->file = "footer.php"; include_class('band_news'); include_class('band_members'); include_class('shows'); include_class('band_information'); $bn = new BandNewsList(); $view = 'overview'; $linkBrowse = "news.php?browse=1"; $linkLatest = "news.php"; $paging = new SectionTemplate(); $paging->file = "paging.php"; $paging->args['perPage'] = is_numeric($_GET['e']) ? $_GET['e'] : 10; $paging->args['start'] = is_numeric($_GET['s']) ? $_GET['s'] : ($paging->args['start'] = 1); if ($_GET['id']) { $view = 'detail'; $bnd = BandNews::get($_GET['id']); $st = new SectionTemplate(); $st->file = "news_detail.php"; $st->args['news'] = $bnd; } else { if ($_GET['browse']) { $view = 'browse'; $news = array(); $result = $bn->get_band_news($_GET['e'], $_GET['s'], 1); $paging->args['total'] = $bn->get_total(1); $paging->args['url'] = USE_MOD_REWRITE ? SITE_WEB_DIRECTORY . 'news/browse/' : 'news.php'; foreach ($result as $bnd) { $st = new SectionTemplate(); $st->file = "news_summary.php"; $st->args['news'] = $bnd; $news[] = $st;
<?php include 'base.php'; User::protect(); $section = 'band_news'; include_class('band_members'); include_class('band_news'); $no = BandNews::get($_GET['id']); if (!db::isError($no)) { switch ($_GET['task']) { case 'update': $res = $no->update($_POST); if (!db::isError($res)) { header('Location: band_news_edit.php?id=' . $_GET['id']); } break; case 'deactivate': $res = $no->deactivate(); if (!db::isError($res)) { header('Location: band_news_edit.php?id=' . $_GET['id']); } break; case 'activate': $res = $no->activate(); if (!db::isError($res)) { header('Location: band_news_edit.php?id=' . $_GET['id']); } break; case 'delete': $res = $no->remove(); if (!db::isError($res)) {
function update($postArray) { $db = new db(); $title = $db->sanitize_to_db($postArray['title']); $uo = User::getCurrent(); include_class('band_members'); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } $user_id = $uo->getID(); $_dt = strtotime($postArray['date']); $dt = date('Y-m-d', $_dt) . ' ' . $postArray['time']; $dateTime = date("Y-m-d H:i:s", strtotime($dt)); $description = $db->sanitize_to_db($postArray['description']); $body = $db->sanitize_to_db($postArray['body']); if (!$title) { $title = '(untitled)'; } if (!$this->canEdit()) { return Error::create("You may not edit this news posting."); } $r = @mysql_query("update Band_News set title='{$title}', user_id = {$user_id}, date_time='{$dateTime}', description='{$description}', body='{$body}' where ID = " . $this->ID); if ($r) { return BandNews::get($this->ID); } else { return Error::MySQL(); } }
$editors = array('description', 'body'); $page_title = 'Add/Edit Band News'; include 'layout/header.php'; ?> <div id="breadcrumb"> <a href="index.php">Audition ></a> <a href="band.php">Manage Band ></a> <a href="band_news.php">Band News ></a> Add News Entry </div> <?php $uo = User::getCurrent(); $bm = BandMember::getByUserID($uo->getID()); if (!db::isError($bm)) { $bmFirstName = $uo->getFirstName(); } if (!BandNews::canAdd()) { Error::outputDialog('Return to Band News', 'band_news.php', 'You are not an administrator, and you are not a band member. Therefore, you cannot add band news.'); } else { if (db::isError($bn)) { $bn->outputList(); } ?> <h1>add entry:</h1> <div class="inset"> <form id="edit_entry" action="<?php echo $PHP_SELF; ?> ?task=add" method="post"> <table border="0" class="edit-form" cellspacing="0" cellpadding="0"> <tr> <td colspan="3" valign="top">