|
|
@ -488,8 +488,7 @@ |
|
|
|
|
|
|
|
$body = ''; |
|
|
|
|
|
|
|
if($mod['type'] >= $config['mod']['noticeboard_post']) { |
|
|
|
if(isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { |
|
|
|
if(hasPermission($config['mod']['noticeboard_post']) && isset($_POST['subject']) && isset($_POST['body']) && !empty($_POST['body'])) { |
|
|
|
$query = prepare("INSERT INTO `noticeboard` VALUES (NULL, :mod, :time, :subject, :body)"); |
|
|
|
$query->bindValue(':mod', $mod['id'], PDO::PARAM_INT); |
|
|
|
$query->bindvalue(':time', time(), PDO::PARAM_INT); |
|
|
@ -498,8 +497,11 @@ |
|
|
|
markup($_POST['body']); |
|
|
|
$query->bindValue(':body', $_POST['body']); |
|
|
|
$query->execute() or error(db_error($query)); |
|
|
|
} |
|
|
|
|
|
|
|
header('Location: ?/noticeboard', true, $config['redirect_http']); |
|
|
|
} else { |
|
|
|
|
|
|
|
if(hasPermission($config['mod']['noticeboard_post'])) { |
|
|
|
$body .= '<fieldset><legend>New post</legend><form style="display:inline" action="" method="post"><table>' . |
|
|
|
'<tr>' . |
|
|
|
'<th><label for="subject">Name</label></th>' . |
|
|
@ -552,6 +554,7 @@ |
|
|
|
'mod'=>true |
|
|
|
) |
|
|
|
); |
|
|
|
} |
|
|
|
} elseif(preg_match('/^\/news\/delete\/(\d+)$/', $query, $match)) { |
|
|
|
if(!hasPermission($config['mod']['noticeboard_delete'])) error($config['error']['noaccess']); |
|
|
|
|
|
|
|