[news] Make nicer

1) Delete via POST
2) Error message if newsId is missing on delete
3) Highlight last news if not editing a specific news entry
4) Fix html syntax (missing <tr> in <thead>)

1 files changed, 26 insertions, 32 deletions

diff --git a/modules/news.inc.php b/modules/news.inc.php
index 4ec6fddd..3b7ef2bc 100644
--- a/modules/news.inc.php
+++ b/modules/news.inc.php
@@ -12,48 +12,39 @@ class Page_News extends Page
 		// load user, we will need it later
 		User::load();
 		
-		// get the newsid given per GET
-		$newsId = Request::get('newsid');
-		if ($newsId !== false) $this->newsId = $newsId;
+		// only admins should be able to edit news
+		if (!User::hasPermission('superadmin')) {
+			Message::addError('no-permission');
+			return;
+		}
 		
 		// check which action we need to do
 		$action = Request::any('action', 'show');
 		if ($action === 'show') {
 			// show news
-			$this->showNews();
+			if (!$this->loadNews(Request::any('newsid'))) {
+				Message::addError('news-empty');
+			}
 		} elseif ($action === 'save') {
 			// save to DB
 			$this->saveNews();
 		} elseif ($action === 'delete') {
 			// delete it
-			$this->delNews();
+			$this->delNews(Request::post('newsid'));
 		} else {
 			Message::addError('invalid-action', $action);
+			Util::redirect('?do=News');
 		}
 	}
 
 	protected function doRender()
 	{
-		// user must be logged in
-		if (!User::isLoggedIn()) {
-			Render::addTemplate('page-main-guest');
-			return;
-		}
-		
-		// only admins should be able to edit news
-		if (!User::hasPermission('superadmin')) {
-			Message::addError('no-permission');
-			return;
-		}
-		
-
 		// prepare the list of the older news
 		$lines = array();
 		$paginate = new Paginate("SELECT newsid, dateline, title, content FROM news ORDER BY dateline DESC", 10);
 		$res = $paginate->exec();
 		while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
-			$day = date('d.m.Y', $row['dateline']);
-			$row['date'] = $day . date(' H:i', $row['dateline']);
+			$row['date'] = date('d.m.Y H:i', $row['dateline']);
 			
 			if ($row['newsid'] == $this->newsId) $row['active'] = "active";
 			$lines[] = $row;
@@ -61,7 +52,7 @@ class Page_News extends Page
 		
 		$paginate->render('page-news', array(
 				'token' => Session::get('token'),
-				'latestDate' => date('Y-m-d H:i:s (T)', $this->newsDate),
+				'latestDate' => ($this->newsDate ? date('d.m.Y H:i', $this->newsDate) : '--'),
 				'latestContent' => $this->newsContent,
 				'latestTitle' => $this->newsTitle,
 				'list'     => $lines
@@ -69,12 +60,12 @@ class Page_News extends Page
 
 	}
 	
-	private function showNews()
+	private function loadNews($newsId)
 	{
 		// check to see if we need to request a specific newsid
-		if ($this->newsId !== false) {
+		if ($newsId !== false) {
 			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news WHERE newsid = :newsid LIMIT 1", array(
-				'newsid' => $this->newsId
+				'newsid' => $newsId
 			));
 		} else {
 			$row = Database::queryFirst("SELECT newsid, title, content, dateline FROM news ORDER BY dateline DESC LIMIT 1");
@@ -82,13 +73,12 @@ class Page_News extends Page
 		
 		// fetch the news to be shown
 		if ($row !== false) {
+			$this->newsId = $row['newsid'];
 			$this->newsTitle = $row['title'];
 			$this->newsContent = $row['content'];
 			$this->newsDate = $row['dateline'];
-		} else {
-			Message::addError('news-empty');
 		}
-		
+		return $row !== false;
 	}
 
 	private function saveNews()
@@ -109,12 +99,16 @@ class Page_News extends Page
 		}
 	}
 	
-	private function delNews()
+	private function delNews($newsId)
 	{
-		Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array(
-			'newsid' => $this->newsId
-		));
-		Message::addSuccess('news-del-success');
+		if (!is_numeric($newsId)) {
+			Message::addError('value-invalid', 'newsid', $newsId);
+		} else {
+			Database::exec("DELETE FROM news WHERE newsid = :newsid LIMIT 1", array(
+				'newsid' => $newsId
+			));
+			Message::addSuccess('news-del-success');
+		}
 		Util::redirect('?do=News');
 	}