Go to most recent revision | Details | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 519 | freddie | 1 | <?php |
| 2 | |||
| 3 | require '../_taios.php'; |
||
| 4 | |||
| 5 | $page = new Taios_Page('Edit Post', '../'); |
||
| 6 | |||
| 7 | if (isset($_GET['id'])) |
||
| 8 | { |
||
| 9 | $id = $_GET['id']; |
||
| 10 | } |
||
| 11 | else if (isset($_POST['id'])) |
||
| 12 | { |
||
| 13 | $id = $_POST['id']; |
||
| 14 | } |
||
| 15 | else |
||
| 16 | { |
||
| 17 | $page->drawError('No ID set.'); |
||
| 18 | } |
||
| 19 | |||
| 20 | $page->checkLoggedIn(); |
||
| 21 | |||
| 22 | $post = $page->getBlogPost($id); |
||
| 23 | if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
||
| 24 | { |
||
| 25 | $page->drawError('You do not have permission to access this page.'); |
||
| 26 | } |
||
| 27 | |||
| 28 | $error = ''; |
||
| 29 | |||
| 30 | if (isset($_POST['id'])) { |
||
| 31 | $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
||
| 32 | |||
| 33 | $lname = ROOT_PATH . "blog/" . $page->acceptFile("file"); |
||
| 34 | |||
| 35 | if ($lname == false) |
||
| 36 | die(); |
||
| 37 | |||
| 38 | $content = $post->content; |
||
| 39 | |||
| 40 | if (isset($_POST['label'])) |
||
| 41 | { |
||
| 42 | $label = $_POST['label']; |
||
| 43 | $content = $content . "\n\n[b]" . $label . "[/b]\n"; |
||
| 44 | } |
||
| 45 | $content = $content . "[img]" . $lname . "[/img]"; |
||
| 46 | |||
| 47 | if (empty($title)) { |
||
| 48 | $args = array($content, $id); |
||
| 49 | $page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args); |
||
| 50 | |||
| 51 | $page->redirect('post.php?id=' . $id); |
||
| 52 | } |
||
| 53 | } |
||
| 54 | |||
| 55 | $page->drawHeader(); |
||
| 56 | $page->drawBlogCategoriesMenu(); |
||
| 57 | $page->drawMiddle(); |
||
| 58 | |||
| 59 | if (!empty($error)) { |
||
| 60 | $page->drawError($error, false); |
||
| 61 | } |
||
| 62 | |||
| 63 | ?> |
||
| 64 | |||
| 65 | <form action="add-post-img.php" method="post" enctype="multipart/form-data"> |
||
| 66 | <table> |
||
| 67 | <tr> |
||
| 68 | <td class="bold">Post Title: </td> |
||
| 69 | <td><?php echo $post->title; ?></td> |
||
| 70 | </tr> |
||
| 71 | <tr> |
||
| 72 | <td class="bold">Label: </td> |
||
| 73 | <td><input type="text" name="label" value=""/></td> |
||
| 74 | </tr> |
||
| 75 | <tr> |
||
| 76 | <td class="bold">File: </td> |
||
| 77 | <td><input type="file" name="file" id="file"></td> |
||
| 78 | </tr> |
||
| 79 | |||
| 80 | <?php |
||
| 81 | write('<input type="hidden" name="id" value="' . $id . '" />'); |
||
| 82 | ?> |
||
| 83 | <input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
||
| 84 | |||
| 85 | <tr> |
||
| 86 | <td class="bold"></td> |
||
| 87 | <td><input type="submit" value="Add Image" /></td> |
||
| 88 | </tr> |
||
| 89 | </table> |
||
| 90 | </form> |
||
| 91 | |||
| 92 | <?php |
||
| 93 | |||
| 94 | $page->drawFooter(); |
||
| 95 | |||
| 96 | ?> |
||
| 97 |