-
Notifications
You must be signed in to change notification settings - Fork 0
/
news.php
152 lines (138 loc) · 7.47 KB
/
news.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
<?php
// ----------------------------------------------------------------------
// Copyright (c) 2007 by Tammy Keefer
// Based on eFiction 1.1
// Copyright (C) 2003 by Rebecca Smallwood.
// http://efiction.sourceforge.net/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
$current = "news";
include ("header.php");
if(file_exists("$skindir/default.tpl")) $tpl = new TemplatePower( "$skindir/default.tpl" );
else $tpl = new TemplatePower("default_tpls/default.tpl");
include("includes/pagesetup.php");
if(isset($_REQUEST['nid'])) $nid = $_REQUEST['nid'];
if(!isset($nid) || !isNumber($nid)) $nid = false;
$cid = isset($_REQUEST['cid']) && isNumber($_REQUEST['cid']) ? $_REQUEST['cid'] : false;
if($nid) {
$output .= "<div id=\"pagetitle\">"._NEWS."</div>";
if(isset($_POST['submit']))
{
$comment = escapestring(format_story(replace_naughty(strip_tags($_POST['comment'], $allowed_tags))));
if(!$cid && USERUID) {
$insert = dbquery("INSERT INTO ".TABLEPREFIX."fanfiction_comments (nid, uid, comment, time) VALUES ('$nid', '".(USERUID ? USERUID : 0)."', '$comment', '" . time() . "')");
if($insert) dbquery("UPDATE ".TABLEPREFIX."fanfiction_news SET comments = comments + 1 WHERE nid = '$nid' LIMIT 1");
}
else if($cid) {
dbquery("UPDATE ".TABLEPREFIX."fanfiction_comments SET comment = '$comment' WHERE cid = '$cid'");
}
unset($comment);
}
if(isset($_GET['del']) && isADMIN && uLEVEL < 4 && !empty($cid)) {
$insert = dbquery("DELETE FROM ".TABLEPREFIX."fanfiction_comments WHERE cid = '$cid'");
if($insert) dbquery("UPDATE ".TABLEPREFIX."fanfiction_news SET comments = comments - 1 WHERE nid = '$nid' LIMIT 1");
}
$newsquery = dbquery("SELECT n.*, n.time as date FROM ".TABLEPREFIX."fanfiction_news as n WHERE n.nid = '$nid' LIMIT 1");
$stories = dbassoc($newsquery);
if(file_exists("./$skindir/newsbox.tpl"))
$news = new TemplatePower( "./$skindir/newsbox.tpl" );
else $news = new TemplatePower( "./default_tpls/newsbox.tpl" );
$news->prepare( );
//create a new number_row block
$news->newBlock("newsbox");
//assign values
$news->assign("newstitle" , stripslashes($stories['title']) );
$news->assign("newsstory" , format_story($stories['story']) );
$news->assign("newsauthor", stripslashes($stories['author']) );
$news->assign("newsid", $stories['nid']);
$news->assign("oddeven", "odd");
$news->assign("skindir", $skindir);
$news->assign("newsdate", date("$dateformat $timeformat", $stories['date']) );
if($newscomments)
$news->assign("newscomments", "<a href=\"news.php?action=newsstory&nid=".$stories['nid']."\">".$stories['comments']." "._COMMENTS."</a>");
if(isADMIN && uLEVEL < 4)
$news->assign("adminoptions", "<a href=\"admin.php?action=news&form=".$stories['nid']."\">"._EDIT."</a> | <a href=\"admin.php?action=news&delete=".$stories['nid']."\">"._DELETE."</a>");
$output .= $news->getOutputContent( );
$cquery = dbquery("SELECT COUNT(cid) FROM ".TABLEPREFIX."fanfiction_comments WHERE nid = '$nid'");
list($ccount) = dbrow($cquery);
if($ccount) {
$query2 = dbquery("SELECT c.*, "._PENNAMEFIELD." as penname, c.time as date FROM ".TABLEPREFIX."fanfiction_comments as c LEFT JOIN "._AUTHORTABLE." ON c.uid = "._UIDFIELD." WHERE c.nid = '$nid' ORDER BY time LIMIT $offset, $itemsperpage");
$output .= "<div class=\"sectionheader\">"._COMMENTS."</div>";
if(file_exists("$skindir/comments.tpl")) $c = new TemplatePower( "$skindir/comments.tpl" );
else $c = new TemplatePower( "default_tpls/comments.tpl" );
$c->prepare( );
$count = 0;
while($comments = dbassoc($query2)) {
$c->newBlock("commentbox");
$c->assign("comment", format_story($comments['comment']));
$c->assign("uname", $comments['penname']);
$c->assign("date", date("$dateformat $timeformat", $comments['date']));
if(isADMIN && uLEVEL < 4)
$c->assign("adminoptions", "<div class='adminoptions'><span class='label'>"._ADMINOPTIONS.":</span> [<a href=\"news.php?action=newsstory&edit=".$comments['cid']."&nid=$nid\">"._EDIT."</a>] [<a href=\"news.php?action=newsstory&cid=".$comments['cid']."&del=1&nid=$nid\">"._DELETE."</a>]</div>");
$c->assign("oddeven", ($count % 2 ? "odd" : "even"));
$count++;
}
$output .= $c->getOutputContent( );
if($ccount > $itemsperpage) $output .= build_pagelinks("news.php?nid=$nid&", $ccount, $offset);
}
if(isMEMBER) {
$output .= "<form method=\"POST\" enctype=\"multipart/form-data\" action=\"news.php?action=newsstory&nid=$nid\">";
if(isset($_GET['edit']) && isNumber($_GET['edit'])) {
$select = dbquery("SELECT * FROM ".TABLEPREFIX."fanfiction_comments WHERE cid = '".$_GET['edit']."' LIMIT 1");
list($cid, $nid, $uname, $comment, $time) = dbrow($select);
$output .= "<input type=\"hidden\" name=\"cid\" value=\"$cid\">";
}
else $comment = "";
$output .= "<table align=\"center\"><tr><td><strong>"._PENNAME.":</strong></td><td>".USERPENNAME."<INPUT type=\"hidden\" name=\"uname\" value=\"".USERPENNAME."\"></td></tr>
<tr><td><b>"._COMMENTS.":</b></td><td><TEXTAREA name=\"comment\" cols=\"35\" rows=\"6\">$comment</TEXTAREA></td></tr>
<tr><td><INPUT type=\"hidden\" name=\"nid\" value=\"$nid\"><INPUT name=\"submit\" id=\"submit\" type=\"submit\" value=\""._SUBMIT."\"></td></tr></table></form>";
}
$tpl->assign("output", $output);
}
else {
$output .= "<div id=\"pagetitle\">"._NEWS."</div>";
if(file_exists("./$skindir/newsbox.tpl"))
$news = new TemplatePower( "./$skindir/newsbox.tpl" );
else $news = new TemplatePower( "./default_tpls/newsbox.tpl" );
$news->prepare( );
$cquery = dbquery("SELECT count(nid) FROM ".TABLEPREFIX."fanfiction_news");
list($count) = dbrow($cquery);
$newsquery = dbquery("SELECT n.*, n.time as date FROM ".TABLEPREFIX."fanfiction_news as n ORDER BY n.time DESC LIMIT $offset, $itemsperpage");
$counter = 0;
while($stories = dbassoc($newsquery)) {
//create a new number_row block
$news->newBlock("newsbox");
//assign values
$news->assign("newstitle" , $stories['title']);
$news->assign("newsstory" , nl2br($stories['story']) );
$news->assign("newsauthor", $stories['author']);
$news->assign("newsdate", date("$dateformat $timeformat", $stories['date']) );
$news->assign("newsid", $stories['nid']);
$news->assign("skindir", $skindir);
if($newscomments)
$news->assign("newscomments", "<a href=\"news.php?action=newsstory&nid=".$stories['nid']."\">".$stories['comments']." "._COMMENTS."</a>");
if(isADMIN && uLEVEL < 4)
$news->assign("adminoptions", "<a href=\"admin.php?action=news&form=".$stories['nid']."\">"._EDIT."</a> | <a href=\"admin.php?action=news&delete=".$stories['nid']."\">"._DELETE."</a>");
$news->assign("oddeven", ($counter % 2 ? "even" : "odd"));
$counter++;
}
$output .= $news->getOutputContent( );
if ($count > $itemsperpage) $output .= build_pagelinks("news.php?", $count, $offset);
$tpl->assign("output", $output);
}
$tpl->printToScreen();
dbclose( );
?>