Webspell news.php

1. <?php
2. /*
3. ##########################################################################
4. #                                                                        #
5. #           Version 4       /                        /   /               #
6. #          -----------__---/__---__------__----__---/---/-               #
7. #           | /| /  /___) /   ) (_ `   /   ) /___) /   /                 #
8. #          _|/_|/__(___ _(___/_(__)___/___/_(___ _/___/___               #
9. #                       Free Content / Management System                 #
10. #                                   /                                    #
11. #                                                                        #
12. #                                                                        #
13. #   Copyright 2005-2010 by webspell.org                                  #
14. #                                                                        #
15. #   visit webSPELL.org, webspell.info to get webSPELL for free           #
16. #   - Script runs under the GNU GENERAL PUBLIC LICENSE                   #
17. #   - It's NOT allowed to remove this copyright-tag                      #
18. #   -- http://www.fsf.org/licensing/licenses/gpl.html                    #
19. #                                                                        #
20. #   Code based on WebSPELL Clanpackage (Michael Gruber - webspell.at),   #
21. #   Far Development by Development Team - webspell.org                   #
22. #                                                                        #
23. #   visit webspell.org                                                   #
24. #                                                                        #
25. ##########################################################################
26. */
27.  
28. if(isset($_GET['action'])) $action = $_GET['action'];
29. else $action='';
30. if(isset($_REQUEST['quickactiontype'])) $quickactiontype = $_REQUEST['quickactiontype'];
31. else $quickactiontype='';
32.  
33. if($action=="new") {
34.     include("_mysql.php");
35.     include("_settings.php");
36.     include("_functions.php");
37.     $_language->read_module('news');
38.     $_language->read_module('bbcode', true);
39.     if(!isnewswriter($userID)) die($_language->module['no_access']);
40.  
41.     safe_query("INSERT INTO ".PREFIX."news (date, poster, saved) VALUES ('".time()."', '".$userID."', '0')");
42.     $newsID=mysql_insert_id();
43.  
44.     $rubrics='';
45.     $newsrubrics=safe_query("SELECT rubricID, rubric FROM ".PREFIX."news_rubrics ORDER BY rubric");
46.     while($dr=mysql_fetch_array($newsrubrics)) {
47.         $rubrics.='<option value="'.$dr['rubricID'].'">'.$dr['rubric'].'</option>';
48.     }
49.  
50.     if(isset($_POST['topnews'])) safe_query("UPDATE ".PREFIX."settings SET topnewsID='$newsID'");
51.  
52.     $count_langs = 0;
53.     $lang=safe_query("SELECT lang, language FROM ".PREFIX."news_languages ORDER BY language");
54.     $langs='';
55.     while($dl=mysql_fetch_array($lang)) {
56.         $langs.="news_languages[".$count_langs."] = new Array();\nnews_languages[".$count_langs."][0] = '".$dl['lang']."';\nnews_languages[".$count_langs."][1] = '".$dl['language']."';\n";
57.         $count_langs++;
58.     }
59.  
60.     $message_vars='';
61.     $headline_vars='';
62.     $langs_vars='';
63.     $langcount=1;
64.  
65.     $url1="http://";
66.     $url2="http://";
67.     $url3="http://";
68.     $url4="http://";
69.     $link1='';
70.     $link2='';
71.     $link3='';
72.     $link4='';
73.     $window1_new = 'checked="checked"';
74.     $window1_self = '';
75.     $window2_new = 'checked="checked"';
76.     $window2_self = '';
77.     $window3_new = 'checked="checked"';
78.     $window3_self = '';
79.     $window4_new = 'checked="checked"';
80.     $window4_self = '';
81.     $intern = '<option value="0" selected="selected">'.$_language->module['no'].'</option><option value="1">'.$_language->module['yes'].'</option>';
82.     $topnews = '<option value="0" selected="selected">'.$_language->module['no'].'</option><option value="1">'.$_language->module['yes'].'</option>';
83.  
84.     $bg1=BG_1;
85.  
86.     $selects='';
87.     for($i = 1; $i <= $count_langs; $i++) {
88.         $selects .= '<option value="'.$i.'">'.$i.'</option>';
89.     }
90.  
91.     $postform = '';
92.     $comments='<option value="0">'.$_language->module['no_comments'].'</option><option value="1">'.$_language->module['user_comments'].'</option><option value="2" selected="selected">'.$_language->module['visitor_comments'].'</option>';
93.    
94.     eval ("\$addbbcode = \"".gettemplate("addbbcode")."\";");
95.     eval ("\$addflags = \"".gettemplate("flags")."\";");
96.  
97.     eval ("\$news_post = \"".gettemplate("news_post")."\";");
98.     echo $news_post;
99. }
100. elseif($action=="save") {
101.     include("_mysql.php");
102.     include("_settings.php");
103.     include("_functions.php");
104.     $_language->read_module('news');
105.     $newsID = $_POST['newsID'];
106.  
107.     $ds=mysql_fetch_array(safe_query("SELECT poster FROM ".PREFIX."news WHERE newsID = '".$newsID."'"));
108.     if(($ds['poster'] != $userID or !isnewswriter($userID)) and !isnewsadmin($userID)) {
109.         die($_language->module['no_access']);
110.     }
111.  
112.     $save = isset($_POST['save']);
113.     $preview = isset($_POST['preview']);
114.  
115.     if(isset($_POST['rubric'])) $rubric = $_POST['rubric'];
116.     else $rubric = 0;
117.  
118.     $lang = $_POST['lang'];
119.     $headline = $_POST['headline'];
120.     $message = $_POST['message'];
121.     $message = str_replace('\r\n', "\n", $message);
122.  
123.     $link1 = strip_tags($_POST['link1']);
124.     $url1 = strip_tags($_POST['url1']);
125.     $window1 = $_POST['window1'];
126.  
127.     $link2 = strip_tags($_POST['link2']);
128.     $url2 = strip_tags($_POST['url2']);
129.     $window2 = $_POST['window2'];
130.  
131.     $link3 = strip_tags($_POST['link3']);
132.     $url3 = strip_tags($_POST['url3']);
133.     $window3 = $_POST['window3'];
134.  
135.     $link4 = strip_tags($_POST['link4']);
136.     $url4 = strip_tags($_POST['url4']);
137.     $window4 = $_POST['window4'];
138.  
139.     $intern = $_POST['intern'];
140.     $comments = $_POST['comments'];
141.  
142.     safe_query("UPDATE ".PREFIX."news SET rubric='".$rubric."',
143.                      link1='".$link1."',
144.                      url1='".$url1."',
145.                      window1='".$window1."',
146.                      link2='".$link2."',
147.                      url2='".$url2."',
148.                      window2='".$window2."',
149.                      link3='".$link3."',
150.                      url3='".$url3."',
151.                      window3='".$window3."',
152.                      link4='".$link4."',
153.                      url4='".$url4."',
154.                      window4='".$window4."',
155.                      saved='1',
156.                      intern='".$intern."',
157.                      comments='".$comments."' WHERE newsID='".$newsID."'");
158.  
159.     $update_langs = array();
160.     $query = safe_query("SELECT language FROM ".PREFIX."news_contents WHERE newsID = '".$newsID."'");
161.     while($qs = mysql_fetch_array($query)) {
162.         $update_langs[] = $qs['language'];
163.         if(in_array($qs['language'], $lang)) {
164.             $update_langs[] = $qs['language'];
165.         }
166.         else {
167.             safe_query("DELETE FROM ".PREFIX."news_contents WHERE newsID = '".$newsID."' and language = '".$qs['language']."'");
168.         }
169.     }
170.  
171.     for($i = 0; $i < count($message); $i++) {
172.         if(in_array($lang[$i], $update_langs)) {
173.             safe_query("UPDATE ".PREFIX."news_contents SET headline = '".$headline[$i]."', content = '".$message[$i]."' WHERE newsID = '".$newsID."' and language = '".$lang[$i]."'");
174.             unset($update_langs[$lang[$i]]);
175.         }
176.         else {
177.             safe_query("INSERT INTO ".PREFIX."news_contents (newsID, language, headline, content) VALUES ('".$newsID."', '".$lang[$i]."', '".$headline[$i]."', '".$message[$i]."')");
178.         }
179.     }
180.  
181.     // delete the entries that are older than 2 hour and contain no text
182.     safe_query("DELETE FROM `".PREFIX."news` WHERE `saved` = '0' and ".time()." - `date` > ".(2 * 60 * 60));
183.  
184.     if(isset($_POST['topnews'])) {
185.         if($_POST['topnews']) {
186.             safe_query("UPDATE ".PREFIX."settings SET topnewsID='".$newsID."'");
187.         }
188.         elseif(!$_POST['topnews'] and $newsID == $topnewsID) {
189.             safe_query("UPDATE ".PREFIX."settings SET topnewsID='0'");
190.         }
191.     }
192.   generate_rss2();
193.     if($save) echo'<body onload="window.close()"></body>';
194.     if($preview) header("Location: news.php?action=preview&newsID=".$newsID);
195.     if($languagecount) header("Location: news.php?action=edit&newsID=".$newsID);
196.  
197. }
198. elseif($action=="preview") {
199.     include("_mysql.php");
200.     include("_settings.php");
201.     include("_functions.php");
202.     $_language->read_module('news');
203.  
204.     $newsID = $_GET['newsID'];
205.  
206.     $result=safe_query("SELECT * FROM ".PREFIX."news WHERE newsID='$newsID'");
207.     $ds=mysql_fetch_array($result);
208.  
209.     if(($ds['poster'] != $userID or !isnewswriter($userID)) and !isnewsadmin($userID)) {
210.         die($_language->module['no_access']);
211.     }
212.  
213.     echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
214. <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
215. <head>
216.     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
217.     <meta name="description" content="Clanpage using webSPELL 4 CMS" />
218.     <meta name="author" content="webspell.org" />
219.     <meta name="keywords" content="webspell, webspell4, clan, cms" />
220.     <meta name="copyright" content="Copyright &copy; 2005 - 2009 by webspell.org" />
221.     <meta name="generator" content="webSPELL" />
222.  
223. <!-- Head & Title include -->
224.     <title>'.PAGETITLE.'; ?></title>
225.     <link href="_stylesheet.css" rel="stylesheet" type="text/css" />
226.     <script src="js/bbcode.js" language="jscript" type="text/javascript"></script>
227. <!-- end Head & Title include -->
228. </head>
229. <body>';
230.  
231.     $bg1=BG_1;
232.  
233.     eval ("\$title_news = \"".gettemplate("title_news")."\";");
234.     echo $title_news;
235.  
236.     $bgcolor=BG_1;
237.     $date = date("d.m.Y", $ds['date']);
238.     $time = date("H:i", $ds['date']);
239.     $rubrikname=getrubricname($ds['rubric']);
240.     $rubrikname_link = getinput(getrubricname($ds['rubric']));
241.     $rubricpic='<img src="images/news-rubrics/'.getrubricpic($ds['rubric']).'" alt="" />';
242.     if(!file_exists($rubricpic)) $rubricpic = '';
243.  
244.     $adminaction='';
245.  
246.     $message_array = array();
247.     $query=safe_query("SELECT * FROM ".PREFIX."news_contents WHERE newsID='".$newsID."'");
248.     while($qs = mysql_fetch_array($query)) {
249.         $message_array[] = array('lang' => $qs['language'], 'headline' => $qs['headline'], 'message' => $qs['content']);
250.     }
251.     $showlang = select_language($message_array);
252.  
253.     $langs='';
254.     $i=0;
255.     foreach($message_array as $val) {
256.         if($showlang!=$i)   $langs.='<a href="index.php?site=news_comments&amp;newsID='.$ds['newsID'].'&amp;lang='.$val['lang'].'">[flag]'.$val['lang'].'[/flag]</a>';
257.         $i++;
258.     }
259.     $langs = flags($langs);
260.  
261.     $headline=$message_array[$showlang]['headline'];
262.     $content=$message_array[$showlang]['message'];
263.    
264.     if($ds['intern'] == 1) $isintern = '('.$_language->module['intern'].')';
265.     else $isintern = '';
266.    
267.     $content = htmloutput($content);
268.     $content = toggle($content, $ds['newsID']);
269.     $poster='<a href="index.php?site=profile&amp;id='.$ds['poster'].'"><b>'.getnickname($ds['poster']).'</b></a>';
270.     $related='';
271.     $comments="";
272.     if($ds['link1'] && $ds['url1']!="http://" && $ds['window1']) $related.='&#8226; <a href="'.$ds['url1'].'" target="_blank">'.$ds['link1'].'</a> ';
273.     if($ds['link1'] && $ds['url1']!="http://" && !$ds['window1']) $related.='&#8226; <a href="'.$ds['url1'].'">'.$ds['link1'].'</a> ';
274.  
275.     if($ds['link2'] && $ds['url2']!="http://" && $ds['window2']) $related.='&#8226; <a href="'.$ds['url2'].'" target="_blank">'.$ds['link2'].'</a> ';
276.     if($ds['link2'] && $ds['url2']!="http://" && !$ds['window2']) $related.='&#8226; <a href="'.$ds['url2'].'">'.$ds['link2'].'</a> ';
277.  
278.     if($ds['link3'] && $ds['url3']!="http://" && $ds['window3']) $related.='&#8226; <a href="'.$ds['url3'].'" target="_blank">'.$ds['link3'].'</a> ';
279.     if($ds['link3'] && $ds['url3']!="http://" && !$ds['window3']) $related.='&#8226; <a href="'.$ds['url3'].'">'.$ds['link3'].'</a> ';
280.  
281.     if($ds['link4'] && $ds['url4']!="http://" && $ds['window4']) $related.='&#8226; <a href="'.$ds['url4'].'" target="_blank">'.$ds['link4'].'</a> ';
282.     if($ds['link4'] && $ds['url4']!="http://" && !$ds['window4']) $related.='&#8226; <a href="'.$ds['url4'].'">'.$ds['link4'].'</a> ';
283.  
284.     eval ("\$news = \"".gettemplate("news")."\";");
285.     echo $news;
286.  
287.     echo'<hr />
288.  <input type="button" onclick="MM_goToURL(\'parent\',\'news.php?action=edit&amp;newsID='.$newsID.'\');return document.MM_returnValue" value="'.$_language->module['edit'].'" />
289.  <input type="button" onclick="javascript:self.close()" value="'.$_language->module['save_news'].'" />
290.  <input type="button" onclick="MM_confirm(\''.$_language->module['really_delete'].'\', \'news.php?action=delete&amp;id='.$newsID.'&amp;close=true\')" value="'.$_language->module['delete'].'" /></body></html>';
291. }
292. elseif($quickactiontype=="publish") {
293.     include("_mysql.php");
294.     include("_settings.php");
295.     include("_functions.php");
296.     $_language->read_module('news');
297.     if(!isnewsadmin($userID)) die($_language->module['no_access']);
298.  
299.     if(isset($_POST['newsID'])){
300.         $newsID = $_POST['newsID'];
301.         if(is_array($newsID)) {
302.             foreach($newsID as $id) {
303.                 safe_query("UPDATE ".PREFIX."news SET published='1' WHERE newsID='".(int)$id."'");
304.             }
305.         } else safe_query("UPDATE ".PREFIX."news SET published='1' WHERE newsID='".(int)$newsID."'");
306.         generate_rss2();
307.         header("Location: index.php?site=news");
308.     }
309.     else{
310.         header("Location: index.php?site=news&action=unpublished");
311.     }
312. }
313. elseif($quickactiontype=="unpublish") {
314.     include("_mysql.php");
315.     include("_settings.php");
316.     include("_functions.php");
317.     $_language->read_module('news');
318.     if(!isnewsadmin($userID)) die($_language->module['no_access']);
319.    
320.     if(isset($_REQUEST['newsID'])){
321.         $newsID = $_REQUEST['newsID'];
322.         if(is_array($newsID)) {
323.             foreach($newsID as $id) {
324.                 safe_query("UPDATE ".PREFIX."news SET published='0' WHERE newsID='".(int)$id."'");
325.             }
326.         }  
327.         else safe_query("UPDATE ".PREFIX."news SET published='0' WHERE newsID='".(int)$newsID."'");
328.         generate_rss2();
329.     }
330.     header("Location: index.php?site=news");
331. }
332. elseif($quickactiontype=="delete") {
333.     include("_mysql.php");
334.     include("_settings.php");
335.     include("_functions.php");
336.     $_language->read_module('news');
337.   if(isset($_POST['newsID'])){
338.     $newsID = $_POST['newsID'];
339.    
340.         foreach($newsID as $id) {
341.             $ds=mysql_fetch_array(safe_query("SELECT screens, poster FROM ".PREFIX."news WHERE newsID='".$id."'"));
342.             if(($ds['poster'] != $userID or !isnewswriter($userID)) and !isnewsadmin($userID)) {
343.                 die($_language->module['no_access']);
344.             }
345.             if($ds['screens']) {
346.                 $screens=explode("|", $ds['screens']);
347.                 if(is_array($screens)) {
348.                     $filepath = "./images/news-pics/";
349.                     foreach($screens as $screen) {
350.                         if(file_exists($filepath.$screen)) @unlink($filepath.$screen);
351.                     }
352.                 }
353.             }
354.             safe_query("DELETE FROM ".PREFIX."news WHERE newsID='".$id."'");
355.             safe_query("DELETE FROM ".PREFIX."news_contents WHERE newsID='".$id."'");
356.             safe_query("DELETE FROM ".PREFIX."comments WHERE parentID='".$id."' AND type='ne'");
357.         }
358.         generate_rss2();
359.         header("Location: index.php?site=news&action=archive");
360.   }
361.   else{
362.     generate_rss2();
363.     header("Location: index.php?site=news&action=archive");
364.   }
365. }
366. elseif($action=="delete") {
367.     include("_mysql.php");
368.     include("_settings.php");
369.     include("_functions.php");
370.     $_language->read_module('news');
371.  
372.     $id = $_GET['id'];
373.  
374.     $ds=mysql_fetch_array(safe_query("SELECT screens, poster FROM ".PREFIX."news WHERE newsID='".$id."'"));
375.     if(($ds['poster'] != $userID or !isnewswriter($userID)) and !isnewsadmin($userID)) {
376.         die($_language->module['no_access']);
377.     }
378.     if($ds['screens']) {
379.         $screens=explode("|", $ds['screens']);
380.         if(is_array($screens)) {
381.             $filepath = "./images/news-pics/";
382.             foreach($screens as $screen) {
383.                 if(file_exists($filepath.$screen)) @unlink($filepath.$screen);
384.             }
385.         }
386.     }
387.  
388.     safe_query("DELETE FROM ".PREFIX."news WHERE newsID='".$id."'");
389.     safe_query("DELETE FROM ".PREFIX."news_contents WHERE newsID='".$id."'");
390.     safe_query("DELETE FROM ".PREFIX."comments WHERE parentID='".$id."' AND type='ne'");
391.  
392.     generate_rss2();
393.     if(isset($_GET['close'])) echo'<body onload="window.close()"></body>';
394.     else header("Location: index.php?site=news");
395. }
396. elseif($action=="edit") {
397.     include("_mysql.php");
398.     include("_settings.php");
399.     include("_functions.php");
400.     $_language->read_module('news');
401.  
402.     $newsID = $_GET['newsID'];
403.  
404.     $ds=mysql_fetch_array(safe_query("SELECT * FROM ".PREFIX."news WHERE newsID='".$newsID."'"));
405.     if(($ds['poster'] != $userID or !isnewswriter($userID)) and !isnewsadmin($userID)) {
406.         die($_language->module['no_access']);
407.     }
408.  
409.     $_language->read_module('bbcode', true);
410.  
411.  
412.     $message_array = array();
413.     $query=safe_query("SELECT * FROM ".PREFIX."news_contents WHERE newsID='".$newsID."'");
414.     while($qs = mysql_fetch_array($query)) {
415.         $message_array[] = array('lang' => $qs['language'], 'headline' => $qs['headline'], 'message' => $qs['content']);
416.     }
417.  
418.     $count_langs = 0;
419.     $lang=safe_query("SELECT lang, language FROM ".PREFIX."news_languages ORDER BY language");
420.     $langs='';
421.     while($dl=mysql_fetch_array($lang)) {
422.         $langs.="news_languages[".$count_langs."] = new Array();\nnews_languages[".$count_langs."][0] = '".$dl['lang']."';\nnews_languages[".$count_langs."][1] = '".$dl['language']."';\n";
423.         $count_langs++;
424.     }
425.  
426.     $message_vars='';
427.     $headline_vars='';
428.     $langs_vars='';
429.     $i=0;
430.     foreach($message_array as $val) {
431.         $message_vars .= "message[".$i."] = '".js_replace($val['message'])."';\n";
432.         $headline_vars .= "headline[".$i."] = '".js_replace(htmlspecialchars($val['headline']))."';\n";
433.         $langs_vars .= "langs[".$i."] = '".$val['lang']."';\n";
434.         $i++;
435.     }
436.     $langcount = $i;
437.  
438.     $newsrubrics=safe_query("SELECT * FROM ".PREFIX."news_rubrics ORDER BY rubric");
439.     $rubrics='';
440.     while($dr=mysql_fetch_array($newsrubrics)) {
441.         if($ds['rubric']==$dr['rubricID']) $rubrics.='<option value="'.$dr['rubricID'].'" selected="selected">'.getinput($dr['rubric']).'</option>';
442.         else $rubrics.='<option value="'.$dr['rubricID'].'">'.getinput($dr['rubric']).'</option>';
443.     }
444.  
445.     if($ds['intern']) $intern = '<option value="0">'.$_language->module['no'].'</option><option value="1" selected="selected">'.$_language->module['yes'].'</option>';
446.     else $intern = '<option value="0" selected="selected">'.$_language->module['no'].'</option><option value="1">'.$_language->module['yes'].'</option>';
447.     if($topnewsID == $newsID) $topnews = '<option value="0">'.$_language->module['no'].'</option><option value="1" selected="selected">'.$_language->module['yes'].'</option>';
448.     else $topnews = '<option value="0" selected="selected">'.$_language->module['no'].'</option><option value="1">'.$_language->module['yes'].'</option>';
449.  
450.     $selects='';
451.     for($i = 1; $i <= $count_langs; $i++) {
452.         if($i == $langcount) $selects .= '<option value="'.$i.'" selected="selected">'.$i.'</option>';
453.         else $selects .= '<option value="'.$i.'">'.$i.'</option>';
454.     }
455.  
456.     $link1=getinput($ds['link1']);
457.     $link2=getinput($ds['link2']);
458.     $link3=getinput($ds['link3']);
459.     $link4=getinput($ds['link4']);
460.  
461.     $url1="http://";
462.     $url2="http://";
463.     $url3="http://";
464.     $url4="http://";
465.  
466.     if($ds['url1']!="http://") $url1=$ds['url1'];
467.     if($ds['url2']!="http://") $url2=$ds['url2'];
468.     if($ds['url3']!="http://") $url3=$ds['url3'];
469.     if($ds['url4']!="http://") $url4=$ds['url4'];
470.  
471.     if($ds['window1']){
472.         $window1_new = 'checked="checked"';
473.         $window1_self = '';
474.     }
475.     else{
476.         $window1_new = '';
477.         $window1_self = 'checked="checked"';
478.     }
479.     if($ds['window2']){
480.         $window2_new = 'checked="checked"';
481.         $window2_self = '';
482.     }
483.     else{
484.         $window2_new = '';
485.         $window2_self = 'checked="checked"';
486.     }
487.     if($ds['window3']){
488.         $window3_new = 'checked="checked"';
489.         $window3_self = '';
490.     }
491.     else{
492.         $window3_new = '';
493.         $window3_self = 'checked="checked"';
494.     }
495.     if($ds['window4']){
496.         $window4_new = 'checked="checked"';
497.         $window4_self = '';
498.     }
499.     else{
500.         $window4_new = '';
501.         $window4_self = 'checked="checked"';
502.     }
503.  
504.     $comments='<option value="0">'.$_language->module['no_comments'].'</option><option value="1">'.$_language->module['user_comments'].'</option><option value="2">'.$_language->module['visitor_comments'].'</option>';
505.     $comments=str_replace('value="'.$ds['comments'].'"', 'value="'.$ds['comments'].'" selected="selected"', $comments);
506.  
507.     $bg1=BG_1;
508.  
509.     eval ("\$addbbcode = \"".gettemplate("addbbcode")."\";");
510.     eval ("\$addflags = \"".gettemplate("flags")."\";");
511.  
512.     eval ("\$news_post = \"".gettemplate("news_post")."\";");
513.     echo $news_post;
514. }
515. elseif(basename($_SERVER['PHP_SELF'])=="news.php"){
516.     generate_rss2();
517.     header("Location: index.php?site=news");
518. }
519. elseif($action=="unpublished") {
520.     $_language->read_module('news');
521.    
522.   eval ("\$title_news = \"".gettemplate("title_news")."\";");
523.     echo $title_news;
524.  
525.     if(isnewsadmin($userID)) $post='<input type="button" onclick="MM_openBrWindow(\'news.php?action=new\',\'News\',\'toolbar=no,status=no,scrollbars=yes,width=800,height=600\');" value="'.$_language->module['post_news'].'" />';
526.  
527.     echo $post.' <input type="button" onclick="MM_goToURL(\'parent\',\'index.php?site=news\');return document.MM_returnValue;" value="'.$_language->module['show_news'].'" /><hr />';
528.  
529.     $page='';
530.  
531.     // Not published News
532.     if(isnewsadmin($userID)) {
533.         $ergebnis=safe_query("SELECT * FROM ".PREFIX."news WHERE published='0' AND saved='1' ORDER BY date ASC");
534.         if(mysql_num_rows($ergebnis)) {
535.             echo $_language->module['title_unpublished_news'];
536.  
537.             echo '<form method="post" name="form" action="news.php">';
538.             eval ("\$news_unpublished_head = \"".gettemplate("news_unpublished_head")."\";");
539.             echo $news_unpublished_head;
540.  
541.             $i=1;
542.             while($ds=mysql_fetch_array($ergebnis)) {
543.                 if($i%2) {
544.                     $bg1=BG_1;
545.                     $bg2=BG_2;
546.                 }
547.                 else {
548.                     $bg1=BG_3;
549.                     $bg2=BG_4;
550.                 }
551.  
552.                 $date=date("d.m.Y", $ds['date']);
553.                 $rubric=getrubricname($ds['rubric']);
554.                 if(!isset($rubric)) $rubric='';
555.                 $comms = getanzcomments($ds['newsID'], 'ne');
556.                 $message_array = array();
557.                 $query=safe_query("SELECT * FROM ".PREFIX."news_contents WHERE newsID='".$ds['newsID']."'");
558.                 while($qs = mysql_fetch_array($query)) {
559.                     $message_array[] = array('lang' => $qs['language'], 'headline' => $qs['headline'], 'message' => $qs['content']);
560.                 }
561.  
562.                 $headlines='';
563.                
564.                 foreach($message_array as $val) {
565.                     $headlines.='<a href="index.php?site=news_comments&amp;newsID='.$ds['newsID'].'&amp;lang='.$val['lang'].'">'.flags('[flag]'.$val['lang'].'[/flag]').' '.clearfromtags($val['headline']).'</a><br />';
566.                 }
567.  
568.                 $poster='<a href="index.php?site=profile&amp;id='.$ds['poster'].'">'.getnickname($ds['poster']).'</a>';
569.  
570.                 $multiple='';
571.                 $admdel='';
572.                 if(isnewsadmin($userID)) {
573.                     $multiple='<input class="input" type="checkbox" name="newsID[]" value="'.$ds['newsID'].'" />';
574.                     $admdel='<table width="100%" border="0" cellspacing="0" cellpadding="2">
575.            <tr>
576.              <td><input class="input" type="checkbox" name="ALL" value="ALL" onclick="SelectAll(this.form);" /> '.$_language->module['select_all'].'</td>
577.              <td align="right"><select name="quickactiontype">
578.                <option value="publish">'.$_language->module['publish_selected'].'</option>
579.                <option value="delete">'.$_language->module['delete_selected'].'</option>
580.              </select>
581.              <input type="submit" name="quickaction" value="'.$_language->module['go'].'" /></td>
582.            </tr>
583.          </table>
584.          </form>';
585.  
586.                 }
587.                 eval ("\$news_archive_content = \"".gettemplate("news_archive_content")."\";");
588.                 echo $news_archive_content;
589.                 $i++;
590.             }
591.             eval ("\$news_archive_foot = \"".gettemplate("news_archive_foot")."\";");
592.             echo $news_archive_foot;
593.  
594.             unset($ds);
595.         }
596.     }
597. }
598. elseif($action=="archive") {
599.  
600.     $_language->read_module('news');
601.  
602.     eval ("\$title_news = \"".gettemplate("title_news")."\";");
603.     echo $title_news;
604.  
605.     if(isset($_GET['page'])) $page=(int)$_GET['page'];
606.     else $page = 1;
607.     $sort="date";
608.     if(isset($_GET['sort'])){
609.       if(($_GET['sort']=='date') || ($_GET['sort']=='poster') || ($_GET['sort']=='rubric')) $sort=$_GET['sort'];
610.     }
611.    
612.     $type="DESC";
613.     if(isset($_GET['type'])){
614.       if(($_GET['type']=='ASC') || ($_GET['type']=='DESC')) $type=$_GET['type'];
615.     }
616.    
617.     $post='';
618.     $publish='';
619.     if(isnewsadmin($userID)) {
620.         $post='<input type="button" onclick="MM_openBrWindow(\'news.php?action=new\',\'News\',\'toolbar=no,status=no,scrollbars=yes,width=800,height=600\')" value="'.$_language->module['post_news'].'" />';
621.         $unpublished=safe_query("SELECT newsID FROM ".PREFIX."news WHERE published='0' AND saved='1'");
622.         $unpublished=mysql_num_rows($unpublished);
623.         if($unpublished) $publish='<input type="button" onclick="MM_goToURL(\'parent\',\'index.php?site=news&amp;action=unpublished\');return document.MM_returnValue" value="'.$unpublished.' '.$_language->module['unpublished_news'].'" /> ';
624.     }
625.     echo $post.' '.$publish.' <input type="button" onclick="MM_goToURL(\'parent\',\'index.php?site=news\');return document.MM_returnValue" value="'.$_language->module['show_news'].'" /><hr />';
626.  
627.     $all=safe_query("SELECT newsID FROM ".PREFIX."news WHERE published='1' AND intern<=".isclanmember($userID));
628.     $gesamt=mysql_num_rows($all);
629.     $pages=1;
630.  
631.     $max = empty($maxnewsarchiv) ? 20 : $maxnewsarchiv;
632.     $pages = ceil($gesamt/$max);
633.  
634.     if($pages>1) $page_link = makepagelink("index.php?site=news&amp;action=archive&amp;sort=".$sort."&amp;type=".$type, $page, $pages);
635.     else $page_link='';
636.  
637.     if($page == "1") {
638.         $ergebnis = safe_query("SELECT * FROM ".PREFIX."news WHERE published='1' AND intern<=".isclanmember($userID)." ORDER BY ".$sort." ".$type." LIMIT 0,".$max);
639.         if($type=="DESC") $n=$gesamt;
640.         else $n=1;
641.     }
642.     else {
643.         $start=$page*$max-$max;
644.         $ergebnis = safe_query("SELECT * FROM ".PREFIX."news WHERE published='1' AND intern<=".isclanmember($userID)." ORDER BY ".$sort." ".$type." LIMIT ".$start.",".$max);
645.         if($type=="DESC") $n = ($gesamt)-$page*$max+$max;
646.         else $n = ($gesamt+1)-$page*$max+$max;
647.     }
648.     if($all) {
649.         if($type=="ASC")
650.         echo'<a href="index.php?site=news&amp;action=archive&amp;page='.$page.'&amp;sort='.$sort.'&amp;type=DESC">'.$_language->module['sort'].'</a> <img src="images/icons/asc.gif" width="9" height="7" border="0" alt="" />&nbsp;&nbsp;&nbsp;';
651.         else
652.         echo'<a href="index.php?site=news&amp;action=archive&amp;page='.$page.'&amp;sort='.$sort.'&amp;type=ASC">'.$_language->module['sort'].'</a> <img src="images/icons/desc.gif" width="9" height="7" border="0" alt="" />&nbsp;&nbsp;&nbsp;';
653.  
654.  
655.         if($pages>1) echo $page_link;
656.         if(isnewsadmin($userID)) echo'<form method="post" name="form" action="news.php">';
657.        
658.     eval ("\$news_archive_head = \"".gettemplate("news_archive_head")."\";");
659.         echo $news_archive_head;
660.    
661.         $i=1;
662.         while($ds=mysql_fetch_array($ergebnis)) {
663.             if($i%2) {
664.                 $bg1=BG_1;
665.                 $bg2=BG_2;
666.             }
667.             else {
668.                 $bg1=BG_3;
669.                 $bg2=BG_4;
670.             }
671.  
672.             $date=date("d.m.Y", $ds['date']);
673.             $rubric=getrubricname($ds['rubric']);
674.             $comms = getanzcomments($ds['newsID'], 'ne');
675.             if($ds['intern'] == 1) $isintern = '<small>('.$_language->module['intern'].')</small>';
676.             else $isintern = '';
677.      
678.       $message_array = array();
679.             $query=safe_query("SELECT * FROM ".PREFIX."news_contents WHERE newsID='".$ds['newsID']."'");
680.             while($qs = mysql_fetch_array($query)) {
681.                 $message_array[] = array('lang' => $qs['language'], 'headline' => $qs['headline'], 'message' => $qs['content']);
682.             }
683.  
684.             $headlines='';
685.  
686.             foreach($message_array as $val) {
687.                 $headlines.='<a href="index.php?site=news_comments&amp;newsID='.$ds['newsID'].'&amp;lang='.$val['lang'].'">'.flags('[flag]'.$val['lang'].'[/flag]').' '.clearfromtags($val['headline']).'</a> '.$isintern.'<br />';
688.             }
689.  
690.             $poster='<a href="index.php?site=profile&amp;id='.$ds['poster'].'">'.getnickname($ds['poster']).'</a>';
691.  
692.             $multiple='';
693.             $admdel='';
694.             if(isnewsadmin($userID)) $multiple='<input class="input" type="checkbox" name="newsID[]" value="'.$ds['newsID'].'" />';
695.  
696.             eval ("\$news_archive_content = \"".gettemplate("news_archive_content")."\";");
697.             echo $news_archive_content;
698.             $i++;
699.         }
700.        
701.     if(isnewsadmin($userID)) $admdel='<table width="100%" border="0" cellspacing="0" cellpadding="2">
702.           <tr>
703.        <td><input class="input" type="checkbox" name="ALL" value="ALL" onclick="SelectAll(this.form);" /> '.$_language->module['select_all'].'</td>
704.        <td align="right"><select name="quickactiontype">
705.          <option value="delete">'.$_language->module['delete_selected'].'</option>
706.          <option value="unpublish">'.$_language->module['unpublish_selected'].'</option>
707.        </select>
708.        <input type="submit" name="quickaction" value="'.$_language->module['go'].'" /></td>
709.      </tr>
710.    </table>
711.    </form>';
712.         else $admdel='';
713.  
714.         eval ("\$news_archive_foot = \"".gettemplate("news_archive_foot")."\";");
715.         echo $news_archive_foot;
716.         unset($ds);
717.  
718.     }
719.     else echo'no entries';
720. }
721. else {
722.     $_language->read_module('news');
723.  
724.     $post='';
725.     $publish='';
726.     if(isnewswriter($userID)) {
727.         $post='<input type="button" onclick="MM_openBrWindow(\'news.php?action=new\',\'News\',\'toolbar=no,status=no,scrollbars=yes,width=800,height=600\');" style="margin-bottom:1px;" value="'.$_language->module['post_news'].'" />';
728.     }
729.     if(isnewsadmin($userID)) {
730.         $unpublished=safe_query("SELECT newsID FROM ".PREFIX."news WHERE published='0' AND saved='1'");
731.         $unpublished=mysql_num_rows($unpublished);
732.         if($unpublished) $publish='<input type="button" onclick="MM_goToURL(\'parent\',\'index.php?site=news&amp;action=unpublished\');return document.MM_returnValue;" value="'.$unpublished.' '.$_language->module['unpublished_news'].'" /> ';
733.     }
734.     echo $post.' '.$publish.' ';
735.  
736.     if(isset($_GET['show'])) {
737.         $result=safe_query("SELECT rubricID FROM ".PREFIX."news_rubrics WHERE rubric='".$_GET['show']."' LIMIT 0,1");
738.         $dv=mysql_fetch_array($result);
739.         $showonly = "AND rubric='".$dv['rubricID']."'";
740.     }
741.     else $showonly = '';
742.  
743.     $result=safe_query("SELECT * FROM ".PREFIX."news WHERE published='1' AND intern<=".isclanmember($userID)." ".$showonly." ORDER BY date DESC LIMIT 0,".$maxshownnews);
744.  
745.     $i=1;
746.     while($ds=mysql_fetch_array($result)) {
747.         if($i%2) $bg1=BG_1;
748.         else $bg1=BG_2;
749.  
750.         $date = date("d.m.Y", $ds['date']);
751.         $time = date("H:i", $ds['date']);
752.         $rubrikname = getrubricname($ds['rubric']);
753.         $rubrikname_link = getinput($rubrikname);
754.         $rubricpic_path = "images/news-rubrics/".getrubricpic($ds['rubric']);
755.         $rubricpic='<img src="'.$rubricpic_path.'" border="0" alt="" />';
756.         if(!is_file($rubricpic_path)) $rubricpic='';
757.  
758.         $message_array = array();
759.         $query=safe_query("SELECT * FROM ".PREFIX."news_contents WHERE newsID='".$ds['newsID']."'");
760.         while($qs = mysql_fetch_array($query)) {
761.             $message_array[] = array('lang' => $qs['language'], 'headline' => $qs['headline'], 'message' => $qs['content']);
762.         }
763.  
764.         $showlang = select_language($message_array);
765.  
766.         $langs='';
767.         $i=0;
768.         foreach($message_array as $val) {
769.             if($showlang!=$i) $langs.='<span style="padding-left:2px"><a href="index.php?site=news_comments&amp;newsID='.$ds['newsID'].'&amp;lang='.$val['lang'].'">[flag]'.$val['lang'].'[/flag]</a></span>';
770.             $i++;
771.         }
772.         $langs = flags($langs);
773.  
774.         $headline=$message_array[$showlang]['headline'];
775.         $content=$message_array[$showlang]['message'];
776.         $newsID=$ds['newsID'];
777.     if($ds['intern'] == 1) $isintern = '('.$_language->module['intern'].')';
778.     else $isintern = '';
779.    
780.     $content = htmloutput($content);
781.         $content = toggle($content, $ds['newsID']);
782.         $headline = clearfromtags($headline);
783.         $poster='<a href="index.php?site=profile&amp;id='.$ds['poster'].'"><b>'.getnickname($ds['poster']).'</b></a>';
784.         $related="";
785.     if($ds['link1'] && $ds['url1']!="http://" && $ds['window1']) $related.='&#8226; <a href="'.$ds['url1'].'" target="_blank">'.$ds['link1'].'</a> ';
786.         if($ds['link1'] && $ds['url1']!="http://" && !$ds['window1']) $related.='&#8226; <a href="'.$ds['url1'].'">'.$ds['link1'].'</a> ';
787.  
788.         if($ds['link2'] && $ds['url2']!="http://" && $ds['window2']) $related.='&#8226; <a href="'.$ds['url2'].'" target="_blank">'.$ds['link2'].'</a> ';
789.         if($ds['link2'] && $ds['url2']!="http://" && !$ds['window2']) $related.='&#8226; <a href="'.$ds['url2'].'">'.$ds['link2'].'</a> ';
790.  
791.         if($ds['link3'] && $ds['url3']!="http://" && $ds['window3']) $related.='&#8226; <a href="'.$ds['url3'].'" target="_blank">'.$ds['link3'].'</a> ';
792.         if($ds['link3'] && $ds['url3']!="http://" && !$ds['window3']) $related.='&#8226; <a href="'.$ds['url3'].'">'.$ds['link3'].'</a> ';
793.  
794.         if($ds['link4'] && $ds['url4']!="http://" && $ds['window4']) $related.='&#8226; <a href="'.$ds['url4'].'" target="_blank">'.$ds['link4'].'</a> ';
795.         if($ds['link4'] && $ds['url4']!="http://" && !$ds['window4']) $related.='&#8226; <a href="'.$ds['url4'].'">'.$ds['link4'].'</a> ';
796.  
797.         if(empty($related)) $related="n/a";
798.  
799.         if($ds['comments']) {
800.             if($ds['cwID']) {  // CLANWAR-NEWS
801.                 $anzcomments = getanzcomments($ds['cwID'], 'cw');
802.                 $replace = Array('$anzcomments', '$url', '$lastposter', '$lastdate');
803.                 $vars = Array($anzcomments, 'index.php?site=clanwars_details&amp;cwID='.$ds['cwID'], clearfromtags(getlastcommentposter($ds['cwID'], 'cw')), date('d.m.Y - H:i', getlastcommentdate($ds['cwID'], 'cw')));
804.  
805.                 switch($anzcomments) {
806.                     case 0: $comments = str_replace($replace, $vars, $_language->module['no_comment']); break;
807.                     case 1: $comments = str_replace($replace, $vars, $_language->module['comment']); break;
808.                     default: $comments = str_replace($replace, $vars, $_language->module['comments']); break;
809.                 }
810.             }
811.             else {
812.                 $anzcomments = getanzcomments($ds['newsID'], 'ne');
813.                 $replace = Array('$anzcomments', '$url', '$lastposter', '$lastdate');
814.                 $vars = Array($anzcomments, 'index.php?site=news_comments&amp;newsID='.$ds['newsID'], clearfromtags(html_entity_decode(getlastcommentposter($ds['newsID'], 'ne'))), date('d.m.Y - H:i', getlastcommentdate($ds['newsID'], 'ne')));
815.  
816.                 switch($anzcomments) {
817.                     case 0: $comments = str_replace($replace, $vars, $_language->module['no_comment']); break;
818.                     case 1: $comments = str_replace($replace, $vars, $_language->module['comment']); break;
819.                     default: $comments = str_replace($replace, $vars, $_language->module['comments']); break;
820.                 }
821.             }
822.         }
823.         else $comments='';
824.  
825.         $adminaction = '';
826.         if(isnewsadmin($userID)) {
827.             $adminaction .= '<input type="button" onclick="MM_goToURL(\'parent\',\'news.php?quickactiontype=unpublish&amp;newsID='.$ds['newsID'].'\');return document.MM_returnValue;" value="'.$_language->module['unpublish'].'" /> ';
828.         }
829.         if((isnewswriter($userID) and $ds['poster'] == $userID) or isnewsadmin($userID)) {
830.             $adminaction .= '<input type="button" onclick="MM_openBrWindow(\'news.php?action=edit&amp;newsID='.$ds['newsID'].'\',\'News\',\'toolbar=no,status=no,scrollbars=yes,width=800,height=600\');" value="'.$_language->module['edit'].'" />
831.           <input type="button" onclick="MM_confirm(\''.$_language->module['really_delete'].'\', \'news.php?action=delete&amp;id='.$ds['newsID'].'\')" value="'.$_language->module['delete'].'" />';
832.         }
833.  
834.         eval ("\$news = \"".gettemplate("news")."\";");
835.         echo $news;
836.  
837.         $i++;
838.  
839.         unset($related);
840.         unset($comments);
841.         unset($lang);
842.         unset($ds);
843.     }
844. }
845. ?>