';
$html .= '';
$html .= date("Y-m-d H:i",$news['Datum']) . ', ';
$html .= UID2Nick($news['UID']);
if ($p != "news_comments")
$html .= ', Kommentare (' . sql_num_query("SELECT * FROM `news_comments` WHERE `Refid`='" . sql_escape($news['ID']) . "'") . ') »';
$html .= ' ';
$html .= '
'.($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '
';
$html .= '' . ReplaceSmilies(nl2br($news['Text'])) . '
';
if (in_array("admin_news", $privileges))
$html .= "Edit \n";
$html .= '';
return $html;
}
function user_news_comments() {
global $user;
$html = "";
if (isset ($_REQUEST["nid"]) && preg_match("/^[0-9]{1,}$/", $_REQUEST['nid']) && sql_num_query("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1") > 0) {
$nid = $_REQUEST["nid"];
list ($news) = sql_select("SELECT * FROM `News` WHERE `ID`=" . sql_escape($_REQUEST['nid']) . " LIMIT 1");
if (isset ($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `news_comments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
$html .= success("Eintrag wurde gespeichert");
}
$html .= '« Back';
$html .= display_news($news);
$html .= 'Comments
';
$comments = sql_select("SELECT * FROM `news_comments` WHERE `Refid`='" . $nid . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$html .= '';
}
$html .= "";
$html .= '
Neuer Kommentar:
';
} else {
$html .= "Fehlerhafter Aufruf!";
}
return $html;
}
function user_news() {
global $DISPLAY_NEWS, $privileges, $user;
$html = "";
if (isset ($_POST["text"]) && isset ($_POST["betreff"])) {
if (!isset ($_POST["treffen"]) || !in_array("admin_news", $privileges))
$_POST["treffen"] = 0;
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " .
"VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) .
"', '" . sql_escape($_POST["treffen"]) . "');");
$html .= success(Get_Text(4));
}
if (isset ($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page']))
$page = $_REQUEST['page'];
else
$page = 0;
$news = sql_select("SELECT * FROM `News` ORDER BY `ID` DESC LIMIT " . ($page * $DISPLAY_NEWS) . ", " . $DISPLAY_NEWS);
foreach ($news as $entry)
$html .= display_news($entry);
$html .= "
' . Get_Text(6) . '
';
return $html;
}
?>