' . '
';
return $html;
}
function display_news($news)
{
global $privileges, $page;
$html = '';
$html .= '';
$html .= '
';
$html .= '
' . ($news['Treffen'] == 1 ? '[Meeting] ' : '') . ReplaceSmilies($news['Betreff']) . '
';
$html .= '';
$html .= '
' . ReplaceSmilies(nl2br($news['Text'])) . '
';
$html .= '';
$html .= '
';
return $html;
}
function user_news_comments()
{
global $user;
$html = '' . user_news_comments_title() . '
';
if (
isset($_REQUEST["nid"])
&& preg_match("/^[0-9]{1,}$/", $_REQUEST['nid'])
&& sql_num_query("SELECT * FROM `News` WHERE `ID`='" . sql_escape($_REQUEST['nid']) . "' LIMIT 1") > 0
) {
$nid = $_REQUEST["nid"];
list($news) = sql_select("SELECT * FROM `News` WHERE `ID`='" . sql_escape($nid) . "' LIMIT 1");
if (isset($_REQUEST["text"])) {
$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
sql_query("INSERT INTO `NewsComments` (`Refid`, `Datum`, `Text`, `UID`) VALUES ('" . sql_escape($nid) . "', '" . date("Y-m-d H:i:s") . "', '" . sql_escape($text) . "', '" . sql_escape($user["UID"]) . "')");
engelsystem_log("Created news_comment: " . $text);
$html .= success(_("Entry saved."), true);
}
$html .= display_news($news);
$comments = sql_select("SELECT * FROM `NewsComments` WHERE `Refid`='" . sql_escape($nid) . "' ORDER BY 'ID'");
foreach ($comments as $comment) {
$user_source = User($comment['UID']);
$html .= '
';
$html .= '
' . nl2br($comment['Text']) . '
';
$html .= '';
$html .= '
';
}
$html .= '
' . _("New Comment:") . '
';
$html .= form([
form_textarea('text', _("Message"), ''),
form_submit('submit', _("Save"))
], page_link_to('news_comments') . '&nid=' . $news['ID']);
} else {
$html .= _("Invalid request.");
}
return $html . '
';
}
function user_news()
{
global $DISPLAY_NEWS, $privileges, $user;
$html = '' . news_title() . '
' . msg();
if (isset($_POST["text"]) && isset($_POST["betreff"]) && in_array("admin_news", $privileges)) {
if (!isset($_POST["treffen"]) || !in_array("admin_news", $privileges)) {
$_POST["treffen"] = 0;
}
sql_query("INSERT INTO `News` (`Datum`, `Betreff`, `Text`, `UID`, `Treffen`) " . "VALUES ('" . sql_escape(time()) . "', '" . sql_escape($_POST["betreff"]) . "', '" . sql_escape($_POST["text"]) . "', '" . sql_escape($user['UID']) . "', '" . sql_escape($_POST["treffen"]) . "');");
engelsystem_log("Created news: " . $_POST["betreff"] . ", treffen: " . $_POST["treffen"]);
success(_("Entry saved."));
redirect(page_link_to('news'));
}
if (isset($_REQUEST['page']) && preg_match("/^[0-9]{1,}$/", $_REQUEST['page'])) {
$page = $_REQUEST['page'];
} else {
$page = 0;
}
$news = sql_select("SELECT * FROM `News` ORDER BY `Datum` DESC LIMIT " . sql_escape($page * $DISPLAY_NEWS) . ", " . sql_escape($DISPLAY_NEWS));
foreach ($news as $entry) {
$html .= display_news($entry);
}
$dis_rows = ceil(sql_num_query("SELECT * FROM `News`") / $DISPLAY_NEWS);
$html .= '
' . '
';
if (in_array("admin_news", $privileges)) {
$html .= '
';
$html .= '
' . _("Create news:") . '
';
$html .= form([
form_text('betreff', _("Subject"), ''),
form_textarea('text', _("Message"), ''),
form_checkbox('treffen', _("Meeting"), false, 1),
form_submit('submit', _("Save"))
]);
}
return $html . '
';
}