0) and (curdate() > expdate)"); # Deal with a submitted announcement (see form below) # Only someone with at least basic priviledges (meaning that they've logged in) # can post something. if (array_key_exists("shortdesc", $_POST) && HasPriviledges("basic")) { $dupq = sprintf("SELECT NULL FROM UIUCPsychAnnounce WHERE shortdesc = '%s'", AlterSQLText($_POST['shortdesc'])); # Check form validity if (strlen($_POST["shortdesc"]) == 0) { # One of the fields is invalid print "You must enter at least a Short Description for your announcement. Please correct this and re-submit your announcement.
"; } else if (mysqli_num_rows(mysqli_query($db,$dupq)) > 0) { print "This announcement already exists!
"; } else { # If valid, submit proposed announcement with flag set # so it doesn't show up until approved # Strip "http://" from link if there $_POST["link"] = FixLink($_POST["link"]); if (array_key_exists("headline", $_POST)) $headline = 1; else $headline = 0; // XXX strtotime will return the current time of day if given a blank string $tmp = trim($_POST['expdate']); if (!empty($tmp) && (strtotime($_POST["expdate"]) != -1)) { $expdate_s = date("Y-m-d", strtotime(FixDate($_POST["expdate"]))); } else { $expdate_s = 0; } $q = sprintf( "INSERT INTO UIUCPsychAnnounce (approved, submitted, username, shortdesc, ". " longdesc, weblink, weblinkdesc, headline, permanent, expdate) ". "VALUES (0, '%s', '%s', '%s', '%s', '%s', '%s', '%s', 0, '%s')", date("YmdHis"), AlterSQLText(Username()), AlterSQLText($_POST['shortdesc']), AlterSQLText($_POST['longdesc']), AlterSQLText($_POST['link']), AlterSQLText($_POST['linkdesc']), AlterSQLText($headline), $expdate_s ); mysqli_query($db,$q); # Email administrators to say that a new announcement is pending $emailSubject = "Website announcement submission"; $emailUsername = Username(); $emailShortDesc = $_POST["shortdesc"]; $emailLongDesc = $_POST["longdesc"]; $emailLink = $_POST["link"]; $emailLinkDesc = $_POST["linkdesc"]; if ($_POST["expdate"]) { $emailExpdate = $_POST["expdate"]; } else { $emailExpdate = "not specified"; } if ($headline) { $emailHeadline = "Marked as headline news"; } else { $emailHeadline = "Not marked as headline news"; } $emailBody = <<$emailLinkDesc Expiration date: $emailExpdate $emailHeadline This submission must be approved before it is displayed on the website. http://internal.psychology.illinois.edu/events/editannouncements.php EOF; AlertAdministrators("announcements", $emailSubject, $emailBody); # Print a message noting that the announcement was submitted but won't # show up until it's approved print "Your announcement has been successfully submitted. Your submission will be reviewed by an administrator shortly.
"; } } if (isset($_POST['MassApprove']) && HasPriviledges("events")) { #change all approvals $query = mysqli_query($db,"SELECT * FROM UIUCPsychAnnounce"); while ($row = sanitize(@mysqli_fetch_array($db,$query))) { $newapp = 0; if (array_key_exists("app_".$row["id"], $_POST)) $newapp = 1; mysqli_query($db, sprintf( "UPDATE UIUCPsychAnnounce ". "SET approved = %d ". "WHERE id = %d", $newapp, $row["id"] ) ); } } # Obviously, the table below will have to be printed out dynamically # showing all announcements with the "approved" flag set. ?>