00001 <?php
00002 # This file is part of the Savane project
00003 # <http://gna.org/projects/savane/>
00004 #
00005 # $Id: approve.php 5440 2006-02-19 13:10:19Z toddy $
00006 #
00007 # Copyright 1999-2000 (c) The SourceForge Crew
00008 # Copyright 2000-2003 (c) Free Software Foundation
00009 # Mathieu Roy <yeupou--gnu.org>
00010 #
00011 # Copyright 2004-2006 (c) Mathieu Roy <yeupou--gnu.org>
00012 #
00013 # The Savane project is free software; you can redistribute it and/or
00014 # modify it under the terms of the GNU General Public License
00015 # as published by the Free Software Foundation; either version 2
00016 # of the License, or (at your option) any later version.
00017 #
00018 # The Savane project is distributed in the hope that it will be useful,
00019 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00020 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
00021 # GNU General Public License for more details.
00022 #
00023 # You should have received a copy of the GNU General Public License
00024 # along with the Savane project; if not, write to the Free Software
00025 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
00026
00027
00028 require '../include/pre.php';
00029
00030 # FIXME: should use register_globals_off() instead
00031 if ($_POST['group_id'])
00032 {
00033 $group_id= $_POST['group_id'];
00034 }
00035 elseif ($_GET['group_id'])
00036 {
00037 $group_id = $_GET['group_id'];
00038 }
00039
00040 if ($_POST['post_changes'])
00041 {
00042 $post_changes = $_POST['post_changes'];
00043 }
00044 elseif ($_GET['post_changes'])
00045 {
00046 $post_changes = $_GET['post_changes'];
00047 }
00048
00049 if ($_POST['summary'])
00050 {
00051 $summary = $_POST['summary'];
00052 }
00053 elseif ($_GET['summary'])
00054 {
00055 $summary = $_GET['summary'];
00056 }
00057
00058 if ($_POST['details'])
00059 {
00060 $details = $_POST['details'];
00061 }
00062 elseif ($_GET['details'])
00063 {
00064 $details = $_GET['details'];
00065 }
00066
00067 if ($_POST['status'])
00068 {
00069 $status = $_POST['status'];
00070 }
00071 elseif ($_GET['status'])
00072 {
00073 $status = $_GET['status'];
00074 }
00075
00076 if ($_POST['approve'])
00077 {
00078 $approve = $_POST['approve'];
00079 }
00080 elseif ($_GET['approve'])
00081 {
00082 $approve = $_GET['approve'];
00083 }
00084 if ($_POST['for_group_id'])
00085 {
00086 $for_group_id = $_POST['for_group_id'];
00087 }
00088 elseif ($_GET['for_group_id'])
00089 {
00090 $for_group_id = $_GET['for_group_id'];
00091 }
00092 if ($_POST['group'])
00093 {
00094 $group = $_POST['group'];
00095 }
00096 elseif ($_GET['group'])
00097 {
00098 $group = $_GET['group'];
00099 }
00100 if ($_POST['id'])
00101 {
00102 $id = $_POST['id'];
00103 }
00104 elseif ($_GET['id'])
00105 {
00106 $id = $_GET['id'];
00107 }
00108 # This page can be used to manage the whole news system for a server
00109 # or news for a project.
00110 # That's why, when required, we test if group_id = sys_group_id.
00111
00112 if ($group_id && member_check(0, $group_id,'N3'))
00113 {
00114
00115 # Modifications are made to the database
00116 # 0 = locally approved
00117 # 1 = front page approved
00118 if ($post_changes && $approve)
00119 {
00120 if ($group_id != $GLOBALS['sys_group_id'] &&
00121 $status != 0 && $status != 4)
00122 {
00123 # Make sure that an item accepted for front page is not modified
00124 $status=0;
00125 }
00126
00127 if (user_is_super_user() &&
00128 $group_id == $GLOBALS['sys_group_id'])
00129 {
00130 $sql="UPDATE news_bytes SET is_approved='".$status."', date='".time()."', ".
00131 "summary='".htmlspecialchars($summary)."',details='".htmlspecialchars($details)."' WHERE id='$id' AND group_id='$for_group_id'";
00132 }
00133 else
00134 {
00135 if ($status == 0)
00136 {
00137 $sql="UPDATE news_bytes SET is_approved='0', summary='".htmlspecialchars($summary)."', ".
00138 "details='".htmlspecialchars($details)."' WHERE id='$id' AND group_id='$group_id'";
00139 }
00140 elseif ($status == 4)
00141 {
00142 $sql="UPDATE news_bytes SET is_approved='4', summary='".htmlspecialchars($summary)."', ".
00143 "details='".htmlspecialchars($details)."' WHERE id='$id' AND group_id='$group_id'";
00144 }
00145 }
00146
00147 $result=db_query($sql);
00148
00149 if (!$result || db_affected_rows($result) < 1)
00150 {
00151 fb(_("Failed to update"),1);
00152 }
00153 else
00154 {
00155 fb(_("Project News Item Updated."));
00156 }
00157
00158 dbg("STATUS $status, group $group_id");
00159
00160 # send mails: does not care if it was already approved
00161 if (($status == 0 && $group_id != $GLOBALS['sys_group_id']) ||
00162 ($status == 1 && user_is_super_user() && $group_id == $GLOBALS['sys_group_id']))
00163
00164 {
00165 # get notification address and submitter id
00166 $to = db_result(db_query("SELECT new_news_address FROM groups WHERE group_id=$group_id"), 0, 'new_news_address');
00167 $from = user_getname(db_result(db_query("SELECT submitted_by FROM news_bytes WHERE id='$id' AND group_id='$for_group_id'"), 0, 'submitted_by'));
00168
00169
00170 # Run stripslashes to avoid slashes added by magic quotes and
00171 sendmail_mail($from, $to, $summary, stripslashes($details), $group_name, 'news');
00172 }
00173
00174 # Show the list_queue
00175 $approve='';
00176 $list_queue='y';
00177
00178 }
00179
00180 # Begin HTML
00181 site_project_header(array('title'=>_("Manage"),
00182 'group'=>$group_id,
00183 'context'=>'news'));
00184
00185
00186 # Form to make modifications to an existing item, to submit one
00187 if ($approve)
00188 {
00189
00190 if (user_is_super_user() &&
00191 $group_id == $GLOBALS['sys_group_id'])
00192 {
00193 $sql="SELECT groups.unix_group_name,news_bytes.*,news_bytes.submitted_by AS submitted_by ".
00194 "FROM news_bytes,groups WHERE id='$id' ".
00195 "AND news_bytes.group_id=groups.group_id ";
00196
00197 }
00198 else
00199 {
00200 $sql="SELECT *,news_bytes.submitted_by AS submitted_by FROM news_bytes WHERE id='$id' AND group_id='$group_id'";
00201 }
00202
00203 $result=db_query($sql);
00204 if (db_numrows($result) < 1)
00205 {
00206 print '<h2 class="error">'._("No pending news").'</h2>';
00207 site_project_footer(array());
00208 exit;
00209 }
00210
00211 if ($group_id == $GLOBALS['sys_group_id'] && !user_is_super_user())
00212 {
00213 print '<p class="warn">'._("If you want to approve/edit site news (shown on the front page), you must be logged as superuser.").'</p>';
00214 }
00215 elseif ($group_id == $GLOBALS['sys_group_id'] && user_is_super_user())
00216 {
00217 print '<p class="warn">'._("If you want to approve/edit news for the local administration project (not shown on the front page), you must end the superuser session.").'</p>';
00218 }
00219
00220 # Found out who is the submitter:
00221 if (db_result($result,0,'submitted_by') == 0)
00222 { $submitted_by = "None"; }
00223 else
00224 { $submitted_by = user_getname(db_result($result,0,'submitted_by')); }
00225
00226
00227 print '
00228 <form action="'.$PHP_SELF.'" method="post">
00229 <input type="hidden" name="id" value="'.db_result($result,0,'id').'" />';
00230
00231 print '<h3>'.sprintf(_("Approve a news item for %s submitted by %s"),'<a href="'.$GLOBALS['sys_home'].'projects/'.group_getunixname(db_result($result,0,'group_id')).'/">'.group_getname(db_result($result,0,'group_id')).'</a>',utils_user_link($submitted_by)).'</h3>';
00232 print '
00233 <input type="hidden" name="approve" value="y" />
00234 <input type="hidden" name="post_changes" value="y" />';
00235
00236 if (user_is_super_user() && $group_id == $GLOBALS['sys_group_id'])
00237 {
00238 print '<input type="radio" name="status" value="1" /> ';
00239 print '<span class="preinput">'.sprintf(_("Approve For %s' Front Page"),$GLOBALS['sys_name']).'</span><br />';
00240 print '<input type="radio" name="status" value="0" checked="checked" /> <span class="preinput">'._("Do Nothing").'</span><br />';
00241 print '<input type="radio" name="status" value="2" /> <span class="preinput">'._("Refuse").'</span><br />';
00242 print '<input type="hidden" name="for_group_id" value="'.db_result($result,0,'group_id').'" />';
00243 print '<input type="hidden" name="group_id" value="'.$GLOBALS['sys_group_id'].'" />';
00244 }
00245 else
00246 {
00247 print '<input type="radio" name="status" value="0" checked="checked" /> <span class="preinput">'._("Display").'</span><br />';
00248 print '<input type="radio" name="status" value="4" /> <span class="preinput">'._("Delete").'</span><br />';
00249 print '<input type="hidden" name="group_id" value="'.db_result($result,0,'group_id').'" />';
00250 }
00251
00252 print '<br /><span class="preinput">'
00253 ._("Subject:").'</span><br />
00254 <input type="text" name="summary" value="'.db_result($result,0,'summary').'" size="65" MAXLENGTH="80" /><br />
00255 <span class="preinput">'
00256 ._("Details:").'</span><br />
00257 <textarea name="details" ROWS="20" COLS="65" WRAP="SOFT">'.db_result($result,0,'details').'</textarea><p>';
00258 print '<p>'.sprintf (_("Note: If this item is on the %s home page and you edit it, it will be removed from the home page."),$GLOBALS['sys_name']).'</p>';
00259 print '<div class="center">
00260 <input type="submit" name="submit" value="'._("submit").'" /></div>
00261 </form>';
00262
00263 }
00264 else
00265 {
00266 # No item selected
00267 if ($group_id == $GLOBALS['sys_group_id'] && !user_is_super_user())
00268 {
00269 print '<p class="warn">'._("If you want to approve/edit site news (shown on the front page), you must be logged as superuser.").'</p>';
00270 }
00271 elseif ($group_id == $GLOBALS['sys_group_id'] && user_is_super_user())
00272 {
00273 print '<p class="warn">'._("If you want to approve/edit news for the local administration project (not shown on the front page), you must end the superuser session.").'</p>';
00274 }
00275
00276 $old_date=(time()-(86400*15));
00277
00278 # Firstly, we show item that require approval
00279 # - if site news: it has to be already approved projects (0)
00280 # or project submitted on the system site project
00281 # - if project news: it has to be proposed news (5)
00282 if (user_is_super_user() && $group_id == $GLOBALS['sys_group_id'])
00283 {
00284 $sql="SELECT * FROM news_bytes WHERE (is_approved=0 OR (is_approved=5 AND group_id='$group_id')) AND date > '$old_date'";
00285 }
00286 else
00287 {
00288 $sql="SELECT * FROM news_bytes WHERE is_approved=5 AND date > '$old_date' AND group_id='$group_id'";
00289 }
00290
00291 $result=db_query($sql);
00292 $rows=db_numrows($result);
00293
00294 if ($rows < 1)
00295 {
00296 print '<h3>'._("No queued items found").'</h3>';
00297 }
00298 else
00299 {
00300 print '<h3>'._("These news items were submitted and need approval").'</h3>
00301 <ul>';
00302 for ($i=0; $i<$rows; $i++)
00303 {
00304 print '<li';
00305 if (db_result($result,$i,'group_id') == $GLOBALS['sys_group_id']){ print ' class="boxhighlight"'; }
00306 print '><a href="'.$PHP_SELF.'?approve=1&id='.db_result($result,$i,'id');
00307
00308 if ($group_id == $GLOBALS['sys_group_id'])
00309 {
00310 print '&group='.$GLOBALS['sys_unix_group_name'];
00311 }
00312 else
00313 {
00314 print '&group_id='.db_result($result,$i,'group_id');
00315 }
00316
00317 print '">';
00318 if ($group_id == $GLOBALS['sys_group_id'])
00319 { print group_getname(db_result($result,$i,'group_id')).' - '; }
00320 print db_result($result,$i,'summary').'</a></li>';
00321 }
00322 print '</ul>';
00323 }
00324
00325 # Secondly, we show deleted items for this week
00326
00327 if (user_is_super_user() && $group_id == $GLOBALS['sys_group_id'])
00328 {
00329 $sql="SELECT * FROM news_bytes WHERE (is_approved=2 OR (is_approved=4 AND group_id='$group_id')) AND date > '$old_date'";
00330 }
00331 else
00332 {
00333 $sql="SELECT * FROM news_bytes WHERE is_approved=4 AND date > '$old_date' AND group_id='$group_id'";
00334 }
00335
00336 $result=db_query($sql);
00337 $rows=db_numrows($result);
00338
00339 if ($rows < 1)
00340 {
00341 print '<h3>'
00342 ._("No deleted items during these past two weeks").'</h3>';
00343 }
00344 else
00345 {
00346 if (user_is_super_user() && $group_id == $GLOBALS['sys_group_id'])
00347 {
00348 print '<h3>'
00349 ._("These items were refused these past two weeks:").'</h3>';
00350 }
00351 else
00352 {
00353 print '<h3>'
00354 ._("These items were deleted these past two weeks:").'</h3>';
00355 }
00356
00357 print '<ul>';
00358 for ($i=0; $i<$rows; $i++)
00359 {
00360 print '<li';
00361 if (db_result($result,$i,'group_id') == $GLOBALS['sys_group_id']){ print ' class="boxhighlight"'; }
00362 print '><a href="'.$PHP_SELF.'?approve=1&group='.$group_name.'&id='.db_result($result,$i,'id').'">';
00363
00364 if ($group_id == $GLOBALS['sys_group_id'])
00365 { print group_getname(db_result($result,$i,'group_id')).' - '; }
00366 print db_result($result,$i,'summary').'</a></li>';
00367 }
00368 print '</ul>';
00369 }
00370
00371 # We show all approved items.
00372 if (user_is_super_user() && $group_id == $GLOBALS['sys_group_id'])
00373 {
00374 $sql="SELECT * FROM news_bytes WHERE (is_approved=1 OR (is_approved=0 AND group_id='$group_id'))";
00375
00376 }
00377 else
00378 {
00379 $sql="SELECT * FROM news_bytes WHERE (is_approved=0 OR is_approved=1) AND date > '$old_date' AND group_id='$group_id'";
00380 }
00381
00382 $result=db_query($sql);
00383 $rows=db_numrows($result);
00384
00385 if ($rows < 1)
00386 {
00387 print '<h3>'
00388 ._("No news items approved").'</h3>';
00389 }
00390 else
00391 {
00392 print '<h3>'
00393 ._("These items were approved:").'</h3><ul>';
00394 for ($i=0; $i<$rows; $i++) {
00395 print '<li';
00396 if (db_result($result,$i,'group_id') == $GLOBALS['sys_group_id']){ print ' class="boxhighlight"'; }
00397 print '><a href="'.$PHP_SELF.'?approve=1&group='.$group_name.'&id='.db_result($result,$i,'id').'">';
00398
00399 if ($group_id == $GLOBALS['sys_group_id'])
00400 { print group_getname(db_result($result,$i,'group_id')).' - '; }
00401 print db_result($result,$i,'summary').'</a></li>';
00402 }
00403 print '</ul>';
00404 }
00405
00406 }
00407
00408 site_project_footer(array());
00409
00410 }
00411 else
00412 {
00413
00414 exit_error(_("Action unavailable: only news managers can approve news."));
00415
00416 }
00417
00418 ?>
