admin_news privilege for writing news too

2011-09-14 22:23:29 +02:00 · 2011-09-14 22:23:29 +02:00 · 3c33e23c3c
parent fc90174dd8
commit 3c33e23c3c
1 changed files with 43 additions and 41 deletions
--- a/includes/pages/user_news.php
+++ b/includes/pages/user_news.php
@ -80,22 +80,22 @@ function user_news_comments() {
 		$html .= "</table>";
 		$html .= '
-						<br />
+							<br />
-						<hr>
+							<hr>
-						<h2>Neuer Kommentar:</h2>
+							<h2>Neuer Kommentar:</h2>
-						<a name="Neu">&nbsp;</a>
+							<a name="Neu">&nbsp;</a>
-						<form action="' . page_link_to("news_comments") . '" method="post">
+							<form action="' . page_link_to("news_comments") . '" method="post">
-						<input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
+							<input type="hidden" name="nid" value="' . $_REQUEST["nid"] . '">
-						<table>
+							<table>
-						 <tr>
+							 <tr>
-						  <td align="right" valign="top">Text:</td>
+							  <td align="right" valign="top">Text:</td>
-						  <td><textarea name="text" cols="50" rows="10"></textarea></td>
+							  <td><textarea name="text" cols="50" rows="10"></textarea></td>
-						 </tr>
+							 </tr>
-						</table>
+							</table>
-						<br />
+							<br />
-						<input type="submit" value="sichern...">
+							<input type="submit" value="sichern...">
-						</form>';
+							</form>';
 	} else {
 		$html .= "Fehlerhafter Aufruf!";
 	}
@ -108,7 +108,7 @@ function user_news() {
 	$html = "";
-	if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
+	if (isset ($_POST["text"]) && isset ($_POST["betreff"]) && in_array("admin_news", $privileges)) {
 		if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
 			$_POST["treffen"] = 0;
 		sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
@ -137,32 +137,34 @@ function user_news() {
 		else
 			$html .= '<a href="' . page_link_to("news") . '&page=' . $i . '">' . ($i +1) . '</a>&nbsp; ';
 	}
-	$html .= '</div>
+	$html .= '</div>';
-			<br /><hr />
+	if (in_array("admin_news", $privileges)) {
-			<h2>' . Get_Text(6) . '</h2>
+		$html .= '<br /><hr />
-			<a name="Neu">&nbsp;</a>
+				<h2>' . Get_Text(6) . '</h2>
 				<a name="Neu">&nbsp;</a>
-			<form action="" method="post">
+				<form action="" method="post">
-			<table>
+				<table>
-			 <tr>
+				 <tr>
-			  <td align="right">' . Get_Text(7) . '</td>
+				  <td align="right">' . Get_Text(7) . '</td>
-			  <td><input type="text" name="betreff" size="60"></td>
+				  <td><input type="text" name="betreff" size="60"></td>
-			 </tr>
+				 </tr>
-			 <tr>
+				 <tr>
-			  <td align="right">' . Get_Text(8) . '</td>
+				  <td align="right">' . Get_Text(8) . '</td>
-			  <td><textarea name="text" cols="50" rows="10"></textarea></td>
+				  <td><textarea name="text" cols="50" rows="10"></textarea></td>
-			 </tr>';
+				 </tr>';
-	if (in_array('admin_news', $privileges)) {
+		if (in_array('admin_news', $privileges)) {
-		$html .= ' <tr>
+			$html .= ' <tr>
-			  <td align="right">' . Get_Text(9) . '</td>
+					  <td align="right">' . Get_Text(9) . '</td>
-			  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
+					  <td><input type="checkbox" name="treffen" size="1" value="1"></td>
-			 </tr>';
+					 </tr>';
 		}
 		$html .= '</table>
 			<br />
 			<input type="submit" value="' . Get_Text("save") . '">
 			</form>';
 	}
 	$html .= '</table>
 		<br />
 		<input type="submit" value="' . Get_Text("save") . '">
 		</form>';
 	return $html;
 }
 ?>