Trying to create a simple news function but stuck?

zigvt85 · September 16, 2014, 11:47pm

HTML/PHP Add News
[php]<?php
$pagetitle = “Upload”;

include “config.php”;
include “header.php”;

if(isset($_POST[‘name’]) && $steam->isLoggedin()) {
$result = $steam->addNewsData();
echo $result[‘message’];
}
?>

<strong>Title:</strong> <input name="name" type="text" id="name" />
<br />
<strong>Category:</strong>
<select name="type" id="type" />
    <option value="Updates">Updates</option>
	<option value="Steam Update">Steam Update</option>
</select>
<br />
<br />
<strong>Description:</strong>
<br />
<textarea cols="50" rows="5" id="description" name="description"></textarea>	
<br />
<input type="submit" name="submit" value="Send">

<?php include "sidebar.php"; ?> <?php include "footer.php"; ?>[/php]

HTML/PHP Edit News
[php]<?php
$pagetitle = “Updating News”;
include “config.php”;
include “header.php”;

if(isset($_POST[‘name’]) && $steam->isLoggedin()) {
$result = $steam->editNewsData($_GET[‘edit’]);
echo $result[‘message’];
}

if(isset($_GET[‘edit’]) && is_numeric($_GET[‘edit’])) {
$screenshot = $DB->getNewsById($_GET[‘edit’]);
if(isset($screenshot[‘uid’]) && $screenshot[‘uid’] == $steam->user[‘steamid’]) {
?>

Edit Title:
Edit Category: <?= h($screenshot['type']); ?>

Edit Description:
<?= h($screenshot['description']); ?>

<? } else { echo 'You do not have access to update this news post.'; } } ?> <?php include "sidebar.php"; ?> <?php include "footer.php"; ?>[/php]

PHP Add News Data
[php] function addNewsData() {
global $DB;

    $status = 'error';
    $message = 'You are not authorized to post news!';
    
    
    if($this->isLoggedin()) {
        //$id = 454;
        // Verify the screenshot belongs to us
        //$news = $DB->addNewsDataById($id);
        $name = $_POST['name'];
        $type = $_POST['type'];
        $data = $_POST['description'];
        
        
        if(empty($_POST['name']) || empty($_POST['type']) || $_POST['name'] == '' || $_POST['type'] == ''){
            $message = "You Forgot To Fill the required Field Please Fix The Error";
        } else {
        
            $values = array(
                'name' => $name,
                'type' => $type,
                'description' => $data
            );
            $id = $DB->insert('news', $values);
            
            $status = 'success';
            $message = 'You have successfully posted news.';
        }
    }
    return array('status' => $status, 'message' => $message);		
}[/php]

PHP Edit News Data
[php] function editNewsData($id) {
global $DB;

    $status = 'error';
    $message = 'You are not authorized to edit this news post.';
    
    
    if($this->isLoggedin()) {
        //$id = 454;
        // Verify that this news post belongs to us
        $news = $DB->getNewsById($id);
        $name = $_POST['name'];
        $type = $_POST['type'];
        $description = $_POST['description'];
        
        
        if(empty($_POST['name']) || empty($_POST['type']) || $_POST['name'] == '' || $_POST['type'] == ''){
            $message = "You Forgot To Fill the required Field Please Fix The Error";
        }
        
        if(isset($image['id']) && is_numeric($id)) {
            if($image['uid'] == $this->user['steamid']) {
                // We have verified this is our news, lets edit it.
                
                $values = array(
                    'name' => $name,
                    'type' => $type,
                    'description' => $description
                );
                $DB->update('news', $values, array('id' => $id));
                
                $status = 'success';
                $message = 'News has been updated.';
            }
        }
    }
    return array('status' => $status, 'message' => $message);		
}[/php]

I am trying to be clear on my posts. What i am trying to do is get it so only myself can add news. But right now anyone who logs in can post lol. I am also using a steam api script not sure if I should post that as well or if this is enough. This website I am working on I am setting to launch an early alpha version end of next month. Still quiet a bit that needs to be done.

Thanks,
ZiG

mdahlke · September 17, 2014, 1:17am

There are a couple of ways you can go about this.

If you are the only one you want editing then you can simply do an if() statement to check and make sure that only your user id is allowed to.

Example:
[php]<?php

$userID = get_user_id() // just say your userID is 100

if( $userID === 100 ){
//show the option to add news
}
?>
[/php]
Also right before inserting into the DB make sure that it’s your userID still

Add a column to the users table that has user permissions. This way you can allow multiple users that ability to add news articles (content managers).
Then you can create a function that check to makes sure the user has the required permission level

Example:
[php]<?php

$userID = get_user_id();

if( is_editor($userID) ){
//show the option to add news
}
?>
[/php]

I personally would opt for option 2 as this allows for easy expansion.

zigvt85 · September 17, 2014, 1:36am

Thanks for the reply. I will have to look into it more see if I can figure it out. I do not need the entire steam community posting news on my website lol.

zigvt85 · September 27, 2014, 11:49pm

Ok now I can not seem to get my news script to show on index? Here is the function code to show news how would I set it up on my index page?

Function PHP Code
[php] function getNewsData($id) {
global $DB;

    $status = 'error';
    $message = 'You are not authorized to edit this image.';
    
    
    if($this->isLoggedin()) {
        //$id = 454;
        // Verify the screenshot belongs to us
        $news = $DB->getScreenshotById($id);
        $name = $_POST['name'];
        $type = $_POST['type'];
        $description = $_POST['description'];
        
        
        if(empty($_POST['name']) || empty($_POST['type']) || $_POST['name'] == '' || $_POST['type'] == ''){
            $message = "You Forgot To Fill the required Field Please Fix The Error";
        }
        
        if(isset($news['id']) && is_numeric($id)) {
            if($news['uid'] == $this->user['steamid']) {
                // We have verified this is our screenshot, lets delete it.
                
                $values = array(
                    'name' => $name,
                    'type' => $type,
                    'description' => $description
                );
                $DB->select('news', $values, array('id' => $id));
                
                $status = 'success';
                $message = 'Image has been updated';
            }
        }
    }
    return array('status' => $status, 'message' => $message);		
}[/php]

Any help will be grateful I thought I would post here since it is a similar topic.

Thanks,
Zig

astonecipher · September 28, 2014, 10:16pm

[php]echo getNewsData(2);[/php]

Theoretically would work, but I doubt that is the proper function. That looks like you copied it to make it easy to modify, but have not modified it, yet.

It would only show 2 possible statuses and 3 possible messages.

zigvt85 · September 28, 2014, 10:56pm

Ya I am going to look into more this week. Need this done so I can do a trial test for my project I am working on. I basically took the add news data process to transform it to the display news on homepage. But looks like I never really got around to finishing it lol. I will let you guys know when I do a trial launch it requires steam to login and no its not another trading website for steam.