$title = "Announcements";
include("../common/init.php");
include("../common/top.php");
include("../common/dbfunctions.php");
include("eventfunctions.php");
?>
# Delete any expired announcements
mysqli_query($db,"delete from UIUCPsychAnnounce where (expdate > 0) and (curdate() > expdate)");
# Deal with a submitted announcement (see form below)
# Only someone with at least basic priviledges (meaning that they've logged in)
# can post something.
if (array_key_exists("shortdesc", $_POST) && HasPriviledges("basic")) {
$dupq = sprintf("SELECT NULL FROM UIUCPsychAnnounce WHERE shortdesc = '%s'", AlterSQLText($_POST['shortdesc']));
# Check form validity
if (strlen($_POST["shortdesc"]) == 0)
{
# One of the fields is invalid
print "You must enter at least a Short Description for your announcement. Please correct this and re-submit your announcement.
";
}
else if (mysqli_num_rows(mysqli_query($db,$dupq)) > 0)
{
print "This announcement already exists!";
}
else
{
# If valid, submit proposed announcement with flag set
# so it doesn't show up until approved
# Strip "http://" from link if there
$_POST["link"] = FixLink($_POST["link"]);
if (array_key_exists("headline", $_POST))
$headline = 1;
else
$headline = 0;
// XXX strtotime will return the current time of day if given a blank string
$tmp = trim($_POST['expdate']);
if (!empty($tmp) && (strtotime($_POST["expdate"]) != -1)) {
$expdate_s = date("Y-m-d", strtotime(FixDate($_POST["expdate"])));
} else {
$expdate_s = 0;
}
$q = sprintf(
"INSERT INTO UIUCPsychAnnounce (approved, submitted, username, shortdesc, ".
" longdesc, weblink, weblinkdesc, headline, permanent, expdate) ".
"VALUES (0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0, '%s')",
date("YmdHis"), AlterSQLText(Username()), AlterSQLText($_POST['shortdesc']),
AlterSQLText($_POST['longdesc']), AlterSQLText($_POST['link']),
AlterSQLText($_POST['linkdesc']), AlterSQLText($headline), $expdate_s
);
mysqli_query($db,$q);
# Email administrators to say that a new announcement is pending
$emailSubject = "Website announcement submission";
$emailUsername = Username();
$emailShortDesc = $_POST["shortdesc"];
$emailLongDesc = $_POST["longdesc"];
$emailLink = $_POST["link"];
$emailLinkDesc = $_POST["linkdesc"];
if ($_POST["expdate"]) {
$emailExpdate = $_POST["expdate"];
} else {
$emailExpdate = "not specified";
}
if ($headline) {
$emailHeadline = "Marked as headline news";
} else {
$emailHeadline = "Not marked as headline news";
}
$emailBody = <<$emailLinkDesc
Expiration date: $emailExpdate
$emailHeadline
This submission must be approved before it is displayed on the website.
http://internal.psychology.illinois.edu/events/editannouncements.php
EOF;
AlertAdministrators("announcements", $emailSubject, $emailBody);
# Print a message noting that the announcement was submitted but won't
# show up until it's approved
print "Your announcement has been successfully submitted. Your submission will be reviewed by an administrator shortly.";
}
}
if (isset($_POST['MassApprove']) && HasPriviledges("events"))
{
#change all approvals
$query = mysqli_query($db,"SELECT * FROM UIUCPsychAnnounce");
while ($row = sanitize(@mysqli_fetch_array($db,$query)))
{
$newapp = 0;
if (array_key_exists("app_".$row["id"], $_POST))
$newapp = 1;
mysqli_query($db,
sprintf(
"UPDATE UIUCPsychAnnounce ".
"SET approved = %d ".
"WHERE id = %d",
$newapp, $row["id"]
)
);
}
}
# Obviously, the table below will have to be printed out dynamically
# showing all announcements with the "approved" flag set.
?>