news.php3 11.6 KB
Newer Older
Chad Barb's avatar
Chad Barb committed
1 2
<?php
#
3
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Chad Barb's avatar
Chad Barb committed
23 24 25 26
#
include("defs.php3");

#
27
# Standard Testbed Header is sent below.
Chad Barb's avatar
Chad Barb committed
28
#
29 30 31 32 33 34 35 36 37 38 39
$optargs = OptionalPageArguments("show_archived",   PAGEARG_BOOLEAN,
				 "archive",         PAGEARG_STRING,
				 "single",          PAGEARG_BOOLEAN,
				 "restore",         PAGEARG_STRING,
				 "delete" ,         PAGEARG_STRING,
				 "delete_confirm",  PAGEARG_STRING,
				 "add",             PAGEARG_STRING,
				 "addnew",          PAGEARG_STRING,
				 "edit",            PAGEARG_STRING,
				 "subject",         PAGEARG_STRING,
				 "author",          PAGEARG_STRING,
40
				 "author_idx",      PAGEARG_INTEGER,
41 42 43
				 "bodyfile",        PAGEARG_STRING,
				 "body",            PAGEARG_ANYTHING,
				 "msgid",           PAGEARG_STRING,
44 45
				 "date",            PAGEARG_STRING,
				 "protogeni",       PAGEARG_BOOLEAN);
46

Chad Barb's avatar
Chad Barb committed
47 48 49
#
# If user is an admin, present edit options.
#
50
$this_user = CheckLogin($check_status);
Chad Barb's avatar
Chad Barb committed
51

52 53 54
if (! isset($show_archived)) {
    $show_archived = 0;
}
55 56 57 58 59 60
if (! isset($protogeni) || !$protogeni) {
    $protogeni = 0;
}
else {
    $protogeni = 1;
}
61
$show_archived = ($show_archived ? 1 : 0);
62 63 64 65 66 67 68 69 70 71 72
$db_table = "webnews";

$view = NULL;
if ($protogeni) {
    $view['hide_banner']  = 1;
    $view['hide_sidebar'] = 1;
    $view['hide_title']   = 1;
    $view['hide_versioninfo'] = 1;
    $view['show_protogeni']   = 1;
    $db_table = "webnews_protogeni";
}
73

74 75
if ($this_user) {
    $uid     = $this_user->uid();
76
    $uid_idx = $this_user->uid_idx();
77 78 79
    $isadmin = ISADMIN();
}
else {
Chad Barb's avatar
Chad Barb committed
80 81 82 83
    $isadmin = 0;
}

if ($isadmin) {
84 85
    if (isset($delete_confirm)) {
	$safeid = addslashes($delete_confirm);
86

87
	DBQueryFatal("DELETE FROM $db_table WHERE msgid='$safeid'");
88

89 90
	header("Location: news.php3?show_archived=$show_archived".
	       "&protogeni=$protogeni");
91 92 93 94 95
	return;
    }
    if (isset($archive)) {
	$safeid = addslashes($archive);

96
	DBQueryFatal("update $db_table set archived=1,archived_date=now() ".
97 98
		     "where msgid='$safeid'");

99 100
	header("Location: news.php3?show_archived=$show_archived".
	       "&protogeni=$protogeni");
101 102 103 104 105
	return;
    }
    if (isset($restore)) {
	$safeid = addslashes($restore);

106
	DBQueryFatal("update $db_table set archived=0,archived_date=NULL ".
107 108
		     "where msgid='$safeid'");

109 110
	header("Location: news.php3?show_archived=$show_archived".
	       "&protogeni=$protogeni");
111 112 113
	return;
    }

114 115
    PAGEHEADER("News", $view,
	       ($protogeni ? $RSS_HEADER_PGENINEWS : $RSS_HEADER_NEWS));
116
    
Chad Barb's avatar
Chad Barb committed
117 118 119 120 121
    if (isset($delete)) {
	$delete = addslashes($delete);
	echo "<center>";
	echo "<h2>Are you sure you want to delete message #$delete?</h2>";
	echo "<form action='news.php3' method='post'>\n";
122
	echo "<input type='hidden' name=protogeni value='$protogeni'>";
123
	echo "<button name='delete_confirm' value='$delete'>Yes</button>\n";
Chad Barb's avatar
Chad Barb committed
124 125 126 127 128 129 130 131 132 133 134 135 136
	echo "&nbsp;&nbsp;";
	echo "<button name='nothin'>No</button>\n";
	echo "</form>";
	echo "</center>";
	PAGEFOOTER();
	die("");
    }

    if (isset($add)) {
	if (!isset($subject) || !strcmp($subject,"") ) {
	    # USERERROR("No subject!",1);
	    $subject = "Testbed News";
	} 
137 138
	if (!isset($author_idx) || !strcmp($author_idx,"") ) {
	    USERERROR("No author!",1);
Chad Barb's avatar
Chad Barb committed
139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
	} 

	if (isset($bodyfile) && 
	    strcmp($bodyfile,"") &&
	    strcmp($bodyfile,"none")) {
	    $bodyfile = addslashes($bodyfile);
	    $handle = @fopen($bodyfile,"r");
	    if ($handle) {
		$body = fread($handle, filesize($bodyfile));
		fclose($handle);
	    } else {
		USERERROR("Couldn't open uploaded file!",1);
	    }
	}

	if (!isset($body) || !strcmp($body,"")) {
	    USERERROR("No message body!",1);
	} 

158 159 160 161
	$subject    = addslashes($subject);
	$author     = addslashes($author);
	$author_idx = addslashes($author_idx);
	$body       = addslashes($body);
Chad Barb's avatar
Chad Barb committed
162 163 164 165 166 167 168

	if (isset($msgid)) {
	    $msgid = addslashes($msgid);
	    if (!isset($date) || !strcmp($date,"") ) {
		USERERROR("No date!",1);
	    }
	    $date = addslashes($date);
169
	    DBQueryFatal("UPDATE $db_table SET ".
Chad Barb's avatar
Chad Barb committed
170 171
			 "subject='$subject', ".
			 "author='$author', ".
172
			 "author_idx='$author_idx', ".
Chad Barb's avatar
Chad Barb committed
173 174 175
			 "date='$date', ".
			 "body='$body' ".			
			 "WHERE msgid='$msgid'");
176
	    echo "<h3>Updated message with subject '$subject'.</h3><br />";
Chad Barb's avatar
Chad Barb committed
177
	} else {	    
178 179 180 181
	    DBQueryFatal("INSERT INTO $db_table ".
			 "  (subject, date, author, author_idx, body) ".
			 "VALUES ('$subject', NOW(), ".
			 "        '$author', '$author_idx', '$body')");
182
	    echo "<h3>Posted message with subject '$subject'.</h3><br />";
Chad Barb's avatar
Chad Barb committed
183
	}
184 185
	flush();
	sleep(1);
186
	PAGEREPLACE("news.php3?protogeni=$protogeni");
Chad Barb's avatar
Chad Barb committed
187 188 189 190 191 192 193
	PAGEFOOTER();
	die("");
    }

    if (isset($edit)) {
	$edit = addslashes($edit);
	$query_result = 
194
	    DBQueryFatal("SELECT subject, author, author_idx, body,msgid,date ".
195
			 "FROM $db_table ".
Chad Barb's avatar
Chad Barb committed
196 197 198 199 200 201 202
		         "WHERE msgid='$edit'" );

	if (!mysql_num_rows($query_result)) {
	    USERERROR("No message with msgid '$edit'!",1);
	} 

	$row = mysql_fetch_array($query_result);
203 204 205
	$subject = htmlspecialchars($row["subject"], ENT_QUOTES);
	$date    = htmlspecialchars($row["date"],    ENT_QUOTES);
	$author  = htmlspecialchars($row["author"],  ENT_QUOTES);
206
	$author_idx = htmlspecialchars($row["author_idx"],  ENT_QUOTES);
207 208
	$body    = htmlspecialchars($row["body"],    ENT_QUOTES);
	$msgid   = htmlspecialchars($row["msgid"],   ENT_QUOTES);
Chad Barb's avatar
Chad Barb committed
209 210 211 212
    }

    if (isset($edit) || isset($addnew)) {	
	if (isset($addnew)) {
Chad Barb's avatar
Chad Barb committed
213
	    $author = $uid;
214
	    $author_idx = $uid_idx;
Chad Barb's avatar
Chad Barb committed
215 216 217 218 219 220 221 222 223 224 225 226
	    echo "<h3>Add new message:</h3>\n";
	} else {
	    echo "<h3>Edit message:</h3>\n";
	}

	echo "<form action='news.php3' ".
             "enctype='multipart/form-data' ".
             "method='post'>\n";

	if (isset($msgid)) {
	    echo "<input type='hidden' name='msgid' value='$msgid' />";
	}
227
	echo "<input type='hidden' name=protogeni value='$protogeni'>";
228
	echo "<input type='hidden' name=author_idx value='$author_idx'>";
Chad Barb's avatar
Chad Barb committed
229
	
230 231 232
	if (!isset($subject)) {
	    $subject = "";
	}
Chad Barb's avatar
Chad Barb committed
233 234 235 236 237 238 239 240 241 242
	
	echo "<b>Subject:</b><br />".
	     "<input type='text' name='subject' size='50' value='$subject'>".
	     "</input><br /><br />\n";
	if (isset($date)) {
	    echo "<b>Date:</b><br />".
	         "<input type='text' name='date' size='50' value='$date'>".
		 "</input><br /><br />\n";
	}
	echo "<b>Posted by:</b><br />". 
Chad Barb's avatar
Chad Barb committed
243
	     "<input type='text' name='author' size='50' value='$author'>".
Chad Barb's avatar
Chad Barb committed
244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270
	     "</input><br /><br />\n". 
	     "<b>Body (HTML):</b><br />".
       	     "<textarea cols='60' rows='25' name='body'>";

	if (isset($addnew)) {
	    echo "&lt;p&gt;\n&lt;!-- ".
		 "place message between 'p' elements ".
		 "--&gt;\n\n&lt;/p&gt;";
	} else {
	    echo $body;
	}
	echo "</textarea><br /><br />";
	echo "<b>or Upload Body File:</b><br />";
	echo "<input type='file' name='bodyfile' size='50'>";
	echo "</input>";
	echo "<br /><br />\n";
	if (isset($addnew)) {
	    echo "<button name='add'>Add</button>\n";
	} else {
	    echo "<button name='add'>Edit</button>\n";
	}
	echo "&nbsp;&nbsp;<button name='nothin'>Cancel</button>\n";
	echo "</form>";
	PAGEFOOTER();
	die("");
    } else {
	echo "<form action='news.php3' method='post'>\n";
271
	echo "<input type='hidden' name=protogeni value='$protogeni'>";
Chad Barb's avatar
Chad Barb committed
272 273 274
	echo "<button name='addnew'>Add a new message</button>\n";
	echo "</form>";
    }
275 276
}
else {
277 278
    PAGEHEADER("News", $view,
	       ($protogeni ? $RSS_HEADER_PGENINEWS : $RSS_HEADER_NEWS));
Chad Barb's avatar
Chad Barb committed
279 280 281 282 283 284
}

?>
<table align=center class=stealth border=0>
<tr><td class=stealth align=center><h1>News</h1></td></tr>
<?php
285
if ($TBMAINSITE && !$ISALTDOMAIN && ! (isset($single) && $single) && !$protogeni) {
286
    echo "<tr><td class=stealth align=center>
287
                  <a href = 'doc/changelog.php3'>
288 289
                     (Changelog/Technical Details)</a></td></tr>\n";
}
290
if (!isset($single) || !$single) {
291
    echo "<tr><td class=stealth align=center>
292
                  <a href = '$TBDOCBASE/news-rss.php3?protogeni=$protogeni'>
293 294 295 296
                  <img src='rss.png' width=27 height=14 border=0>
                  RSS Feed
                  </a></td></tr>";
}
297 298
echo "</table>
      <br />\n";
Chad Barb's avatar
Chad Barb committed
299

300
# Allow admin caller to flip the archive bit. 
301
$show_archive_clause = "archived=0";
302 303
if ($isadmin) {
    if ($show_archived) {
304
	$show_archive_clause = "1";
305 306
	echo "<a href='news.php3?show_archived=0&protogeni=$protogeni'>".
	    "Hide Archived Messages</a>\n";
307 308
    }
    else {
309 310
	echo "<a href='news.php3?show_archived=1&protogeni=$protogeni'>".
	    "Show Archived Messages</a>\n";
311 312 313
    }
}

314 315 316
# Allow users to view a single message
$which_msgid_clause = "1"; # MySQL will optimize this out
if (isset($single)) {
317
    $single = addslashes($single);    
318 319 320 321
    $which_msgid_clause = "msgid='$single'";
    $show_archive_clause = 1;
}

Chad Barb's avatar
Chad Barb committed
322
$query_result=
323
    DBQueryFatal("SELECT subject, author, author_idx, body, msgid, ".
Chad Barb's avatar
Chad Barb committed
324
		 "DATE_FORMAT(date,'%W, %M %e, %Y, %l:%i%p') as prettydate, ".
325 326 327 328
		 "(TO_DAYS(NOW()) - TO_DAYS(date)) as age, ".
		 "archived, ".
		 "DATE_FORMAT(archived_date,'%W, %M %e, %Y, %l:%i%p') as ".
		 "  archived_date ".
329
		 "FROM $db_table ".
330 331 332 333
                 "WHERE " .
                 "$show_archive_clause " .
                 "AND " .
		 "$which_msgid_clause ".
Chad Barb's avatar
Chad Barb committed
334 335 336 337 338 339 340 341
		 "ORDER BY date DESC" );

if (!mysql_num_rows($query_result)) {
    echo "<h4>No messages.</h4>";
} else {

    if ($isadmin) {
	echo "<form action='news.php3' method='post'>";
342
	echo "<input type='hidden' name=show_archived value='$show_archived'>";
Chad Barb's avatar
Chad Barb committed
343
    }
344
    echo "<input type='hidden' name=protogeni value='$protogeni'>";
Chad Barb's avatar
Chad Barb committed
345 346

    while ($row = mysql_fetch_array($query_result)) {
347 348 349
	$subject = $row["subject"];
	$date    = $row["prettydate"];
	$author  = $row["author"];
350
	$author_idx= $row["author_idx"];
351 352 353 354 355
	$body    = $row["body"];
	$msgid   = $row["msgid"];
	$age     = $row["age"];
	$archived = $row["archived"];
	$archived_date = $row["archived_date"];
Chad Barb's avatar
Chad Barb committed
356

357
	echo "<a name=\"$msgid\"></a>\n";
Chad Barb's avatar
Chad Barb committed
358 359 360 361 362 363 364 365 366 367 368 369 370
	echo "<table class='nogrid' 
                     cellpadding=0 
                     cellspacing=0 
                     border=0 width='100%'>";

	echo "<tr><th style='padding: 4px;'><font size=+1>$subject</font>";

	if ($age < 7) {
	    echo "&nbsp;<img border=0 src='new.gif' />";
	}

	echo "</th></tr>\n".
	     "<tr><td style='padding: 4px; padding-top: 2px;'><font size=-1>";
371
	echo "<b>$date</b>; posted by <b>$author ($author_idx)</b>.";
372 373 374
	if ($archived) {
	    echo "<font color=red> Archived on <b>$archived_date</b></font>.\n";
	}
Chad Barb's avatar
Chad Barb committed
375 376 377 378 379

	if ($isadmin) {
	    echo " (Message <b>#$msgid</b>)";
	}

Chad Barb's avatar
Chad Barb committed
380
	echo "</font></td></tr>";
Chad Barb's avatar
Chad Barb committed
381 382 383 384 385 386

	if ($isadmin) {
	    echo "<tr><td>";
	    echo "<button name='edit' value='$msgid'>".
		 "Edit</button>".
	         "<button name='delete' value='$msgid'>".
387 388 389 390 391 392 393 394
		 "Delete</button>";
	    if ($archived)
		echo "<button name='restore' value='$msgid'>".
		     "Restore</button>";
	    else
		echo "<button name='archive' value='$msgid'>".
		     "Archive</button>";
	    echo "</td></tr>\n";
Chad Barb's avatar
Chad Barb committed
395
	}
Chad Barb's avatar
Chad Barb committed
396 397 398 399 400 401 402 403 404 405 406

	echo "<tr><td style='padding: 4px; padding-top: 2px;'>".
	     "<div style='background-color: #FFFFF2; ".
	     "border: 1px solid #AAAAAA; ".
      	     "padding: 6px'>".
	     $body.
	     "</div>".
	     "</td></tr>\n";

	echo "<!-- ' \" > IF YOU CAN READ THIS, YOU FORGOT AN ENDQUOTE -->\n";

Chad Barb's avatar
Chad Barb committed
407 408 409 410 411 412 413 414 415 416 417
	echo "</table><br />";
    } 

    if ($isadmin) { 
	echo "</form>\n"; 
    }
}		  

PAGEFOOTER();
?>