. */ include("./include/include.php"); admin_header(); if( !in_array("news_view", $_SESSION['sess_functions']) ) { echoln("You are not authorized to see this page."); }else { echoln("

Information

"); if( in_array("news_edit", $_SESSION['sess_functions']) && isset($_REQUEST['cmd']) ) { $cmd = $_REQUEST['cmd']; }else { $cmd = ""; } if( $cmd=="new" ) { ########### ### New ### ########### $id = 0; $subject = ""; $message = ""; $access = "public"; }elseif( $cmd=="edit" ) { ################# ### Load data ### ################# $query = "SELECT `id`, `subject`, `message`, `access`, `dateadd`, `datemodify` FROM `info` WHERE `id`=".get_int("id"); if( @mysql_num_rows( $res=doquery($query) )==1 ) { $row = mysql_fetch_array($res); $id = $row['id']; $subject = $row['subject']; $message = $row['message']; $access = $row['access']; $dateadd = $row['dateadd']; $datemodify = $row['datemodify']; }else { echoln("Failed loading entry, item does not exist.

"); $cmd = ""; } }elseif( $cmd=="save" ) { ################### ### Error check ### ################### $id = get_int("id"); $error = false; $errors = ""; $subject = htmlentities(stripslashes($_POST['subject']), ENT_NOQUOTES, "UTF-8"); if( strlen($subject)<4 OR strlen($subject)>128 ) { $errors .= "

Please provide a subject of maximum 128 characters.

"; $error = true; } $message = htmlentities(stripslashes($_POST['message']), ENT_NOQUOTES, "UTF-8"); if( strlen($message)<4 ) { $errors .= "

Please provide a message.

"; $error = true; } $access = $_POST['access']; if( !in_array($access, array('public', 'aegee', 'draft')) ) { $errors .= "

Please select the access for this item.

"; $error = true; } if( $errors!="" ) { echoln("

".$errors.""); } if( !$error ) { ################# ### Save data ### ################# if( $id>0 ) { // Update $query = "UPDATE `info` SET `subject`='".addslashes($subject)."', `message`='".addslashes($message)."', `access`='".addslashes($access)."'"; if( $access=="public" OR $access=="aegee" ) { $query2 = "SELECT `access` FROM `info` WHERE `id`=".get_int("id"); if( @mysql_num_rows( $res2=doquery($query2) )==1 ) { $row2 = mysql_fetch_array($res2); if( $row2['access']=="draft" ) { // message goes from draft to published, mark as new $query .= ", `dateadd`='".addslashes(date("Y-m-d H:i:s"))."', `datemodify`=''"; }else { $query .= ", `datemodify`='".addslashes(date("Y-m-d H:i:s"))."'"; } }else { $query .= ", `datemodify`='".addslashes(date("Y-m-d H:i:s"))."'"; } }else { $query .= ", `datemodify`='".addslashes(date("Y-m-d H:i:s"))."'"; } $query.= " WHERE `id`=".addslashes($id); }else { // New $query = "INSERT INTO `info` (`subject`, `message`, `access`, `dateadd`) "; $query.= "VALUES ('".addslashes($subject)."', '".addslashes($message)."', '".addslashes($access)."', '".addslashes(date("Y-m-d H:i:s"))."')"; } if( doquery($query) ) { echoln("Entry saved successfully.

"); }else { echoln("Failed saving entry, please try again.

"); $cmd = "edit"; } }else { $cmd = "edit"; } }elseif( $cmd=="del" ) { ############## ### Delete ### ############## $query = "SELECT `id`, `subject` FROM `info` WHERE `id`=".addslashes(get_int("id")); if( @mysql_num_rows( $res=doquery($query) )==1 ) { $row = mysql_fetch_array($res); $query2 = "SELECT `id` FROM `files` WHERE `info_id`=".addslashes(get_int("id")); if( @mysql_num_rows( doquery($query2) )>0 ) { echoln("There are downloads linked to this item, delete the downloads first.

"); $cmd = "view"; }else { if( isset($_REQUEST['confirm']) ) { if( doquery("DELETE FROM `info` WHERE `id`=".addslashes($row['id'])) ) { echoln("Successfully removed '".$row['subject']."'.

"); }else { echoln("Failed removing '".$row['subject']."', please try again.

"); } }else { echoln("Are you sure you want to delete '".$row['subject']."'?"); echoln("

Yes No

"); $cmd = "nolist"; } } }else { echoln("Cannot delete entry, item does not exist.

"); } } if( $cmd=="new" OR $cmd=="edit" ) { ################# ### Show form ### ################# echoln("

Back

"); echoln(""); }elseif( $cmd!="nolist" ) { ################# ### Show list ### ################# echoln("

Add information

"); $query = "SELECT `id`, `subject`, `access`, `dateadd`, `datemodify` FROM `info` ORDER BY `dateadd` DESC"; if( @mysql_num_rows( $res=doquery($query) )>0 ) { echoln(""); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); $i = 0; while( $row=mysql_fetch_array($res) ) { $i++; if( ($i%2)==1 ) echoln(" "); else echoln(" "); if( $row['id']==get_int("id") AND $cmd=="view" ) echoln(" "); else echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); } echoln("

Subject	Access	Added	Changed
".$row['subject']."	".$row['subject']."	".$row['access']."	".get_date($row['dateadd'])."	".get_date($row['datemodify'])."	edit delete

"); if( $cmd=="view" ) { echoln("

Details

"); $query = "SELECT `id`, `subject`, `message`, `access`, `dateadd`, `datemodify` FROM `info` WHERE `id`=".addslashes(get_int("id")); if( @mysql_num_rows( $res=doquery($query) )==1 ) { $row = mysql_fetch_array($res); echoln(""); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln("

Subject:	".$row['subject']."
Access:	".$row['access']."
Date added:	".get_date($row['dateadd'])."
Date modified:	".get_date($row['datemodify'])."
Message:	".nl2br($row['message'])."

"); echoln("

Downloads

"); if( isset($_REQUEST['dl']) ) { $dl = $_REQUEST['dl']; }else { $dl = ""; } if( $dl=="new" ) { ## New ## $dlid = 0; $subject = ""; $filename = ""; $filetype = ""; }elseif( $dl=="edit" ) { ## Edit ## $query2 = "SELECT `id` AS `dlid`, `subject`, `filename`, `filetype` FROM `files` WHERE `id`=".get_int("dlid")." AND `info_id`=".get_int("id"); if( @mysql_num_rows( $res2=doquery($query2) )==1 ) { $row2 = mysql_fetch_array($res2); $dlid = $row2['dlid']; $subject = $row2['subject']; $filename = $row2['filename']; $filetype = $row2['filetype']; }else { echoln("Cannot load file, file does not exist.

"); $dl = ""; } }elseif( $dl=="del" ) { ## Delete ## $query2 = "SELECT `id` AS `dlid`, `subject`, `filename` FROM `files` WHERE `id`=".get_int("dlid")." AND `info_id`=".get_int("id"); if( @mysql_num_rows( $res2=doquery($query2) )==1 ) { $row2 = mysql_fetch_array($res2); if( isset($_GET['confirm']) ) { $query3 = "DELETE FROM `files` WHERE `id`=".get_int("dlid")." AND `info_id`=".get_int("id"); if( doquery($query3) ) { echoln("Successfully deleted '".$row2['subject']."' (".$row2['filename'].").

"); }else { echoln("Failed deleting '".$row2['subject']."' (".$row2['filename']."), please try again.

"); } }else { echoln("Are you sure you want to delete '".$row2['subject']."' (".$row2['filename'].")?"); echoln("

Yes "); echoln("No

"); $dl = "nolist"; } }else { echoln("Cannot delete file, file does not exist.

"); } }elseif( $dl=="save" ) { ## Error check $error = false; $errors = ""; $dlid = get_int("dlid"); $subject = $_POST['subject']; $filename = $_POST['filename']; $filetype = $_POST['filetype']; if( strlen($subject)<1 OR strlen($subject)>64 ) { $errors .= "

Please provide a subject of maximum 64 characters.

"; $error = true; } $data = ""; switch($_FILES['file']['error']) { case UPLOAD_ERR_OK: // There is no error, the file uploaded with success. if( strlen($filename)<3 ) $filename = $_FILES['file']['name']; if( strlen($filetype)<3 ) $filetype = $_FILES['file']['type']; if( is_uploaded_file($_FILES['file']['tmp_name']) ) { if( filesize($_FILES['file']['tmp_name'])>pow(2, 24) ) { // MySQL 'mediumblob' field length max $errors .= "

The file you uploaded exceeded the limit of ".get_bytesize(min(pow(2, 24), get_bytes(ini_get("upload_max_filesize")))).".

"; $error = true; }elseif( !($data = file_get_contents($_FILES['file']['tmp_name'])) ) { $errors .= "

Failed reading uploaded file.

"; $error = true; } }else { $errors .= "

Uploaded file not found on the system, please try again.

"; $error = true; } break; case UPLOAD_ERR_INI_SIZE: // The uploaded file exceeds the upload_max_filesize directive in php.ini. case UPLOAD_ERR_FORM_SIZE: // The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form. $errors .= "

The file you uploaded exceeded the limit of ".get_bytesize(min(pow(2, 24), get_bytes(ini_get("upload_max_filesize")))).".

"; $error = true; break; case UPLOAD_ERR_PARTIAL: // The uploaded file was only partially uploaded. $errors .= "

The file was only partially uploaded. Please try again.

"; $error = true; case UPLOAD_ERR_NO_FILE: // No file was uploaded. if( $dlid>0 ) { // User does not want to replace current file }else { $errors .= "

You did not upload a file.

"; $error = true; } break; case UPLOAD_ERR_NO_TMP_DIR: // Missing a temporary folder. case UPLOAD_ERR_CANT_WRITE: // Failed to write file to disk. default: $errors .= "

An unknown error occurred. Please try again. If this fails, contact the webmaster and report error code ".$_FILES['file']['error']. "while uploading a file.

"; $error = true; break; } if( strlen($filename)<3 OR strlen($filename)>64 ) { $errors .= "

Please provide a file name of maximum 64 characters.

"; $error = true; } if( array_key_exists($filetype, $FILETYPETRANS) ) $filetype = $FILETYPETRANS[$filetype]; // Translating to known value if( strlen($filetype)<3 OR strlen($filetype)>64 ) { $errors .= "

Please provide a file type of maximum 64 characters.

"; $error = true; } if( $errors!="" ) { echoln("

".$errors.""); } if( !$error ) { ## Save ## if( $dlid==0 ) { // New file $query2 = "INSERT INTO `files` (`info_id`, `subject`, `filename`, `filetype`, `data`) "; $query2.= "VALUES (".addslashes(get_int("id")).", '".addslashes($subject)."', '".addslashes($filename)."', '".addslashes($filetype)."', '".addslashes($data)."')"; }else { // Edit file $query2 = "UPDATE `files` SET `subject`='".addslashes($subject)."', `filename`='".addslashes($filename)."', `filetype`='".addslashes($filetype)."'"; if( strlen($data)>0 ) { // replace data as well $query2.= ", `data`='".addslashes($data)."'"; } $query2.=" WHERE `id`=".$dlid." AND `info_id`=".get_int("id"); } if( doquery($query2) ) { echoln("Saved file successfully.

"); }else { echoln("Failed saving file.

"); } }else { // $error $dl = "edit"; } } if( $dl=="new" OR $dl=="edit" ) { ## Form ## echoln("Back

"); echoln("

"); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln("

Subject:
File:	"); echoln(" "); echoln(" Note: the file cannot exceed ".get_bytesize(get_bytes(min(pow(2, 24), ini_get("upload_max_filesize"))))."."); if( $dl=="edit" ) echoln(" Do not select a file to keep the current, select one to overwrite the current file."); echoln("
File name:	"); echoln(" "); if( $dl=="new" ) echoln(" Leave empty to use the file name of the uploaded file."); echoln("
File type:	"); echoln(" "); echoln(" Do not change unless you know what you are doing!"); echoln("

"); echoln("

"); }elseif( $dl!="nolist" ) { ## List ## echoln("Add download

"); $query2 = "SELECT `id`, `subject`, `filename`, `filetype`, LENGTH(`data`) AS `size` FROM `files` WHERE `info_id`=".addslashes(get_int("id"))." ORDER BY `subject`"; if( @mysql_num_rows( $res2=doquery($query2) )>0 ) { echoln(""); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); echoln(" "); $j = 0; while( $row2=mysql_fetch_array($res2) ) { $j++; if( ($j%2)==1 ) echoln(" "); else echoln(" "); echoln(" "); echoln(" "); if( array_key_exists($row2['filetype'], $FILETYPE) ) echoln(" "); else echoln(" "); echoln(" "); echoln(" "); echoln(" "); } echoln("
Subject Filename Filetype Size
".$row2['subject']." ".$row2['filename']." ".$FILETYPE[ $row2['filetype'] ]['text']." Unknown (".$row2['filetype'].") ".get_bytesize($row2['size'])." "); echoln(" edit "); echoln(" delete"); echoln("
"); }else { echoln("There are no downloads linked to this item."); } } }else { echoln("Failed loading entry, item does not exist.

Subject	Filename	Filetype	Size
".$row2['subject']."	".$row2['filename']."	".$FILETYPE[ $row2['filetype'] ]['text']."	Unknown (".$row2['filetype'].")	".get_bytesize($row2['size'])."	"); echoln(" edit "); echoln(" delete"); echoln("

"); } } }else { echoln("There is no information to display at this moment."); } } } admin_footer(); ?>

Subject:
Message:	".$message."
Access:	"); echoln(" Public (no login required to read this item) "); echoln(" AEGEE members (login required to read this item, subject always visible) "); echoln(" Draft (not visible for anybody)"); echoln("