Rev 519 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
519 | freddie | 1 | <?php |
2 | |||
3 | require '../_taios.php'; |
||
4 | |||
5 | $page = new Taios_Page('Edit Post', '../'); |
||
6 | |||
7 | if (isset($_GET['id'])) |
||
8 | { |
||
9 | $id = $_GET['id']; |
||
10 | } |
||
11 | else if (isset($_POST['id'])) |
||
12 | { |
||
13 | $id = $_POST['id']; |
||
14 | } |
||
15 | else |
||
16 | { |
||
17 | $page->drawError('No ID set.'); |
||
18 | } |
||
19 | |||
20 | $page->checkLoggedIn(); |
||
21 | |||
22 | $post = $page->getBlogPost($id); |
||
23 | if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
||
24 | { |
||
25 | $page->drawError('You do not have permission to access this page.'); |
||
26 | } |
||
27 | |||
28 | $error = ''; |
||
29 | |||
30 | if (isset($_POST['id'])) { |
||
31 | $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
||
32 | |||
521 | freddie | 33 | $lname = $page->acceptFile("file"); |
519 | freddie | 34 | |
35 | if ($lname == false) |
||
36 | die(); |
||
37 | |||
38 | $content = $post->content; |
||
39 | |||
40 | if (isset($_POST['label'])) |
||
41 | { |
||
42 | $label = $_POST['label']; |
||
43 | $content = $content . "\n\n[b]" . $label . "[/b]\n"; |
||
44 | } |
||
45 | $content = $content . "[img]" . $lname . "[/img]"; |
||
46 | |||
47 | if (empty($title)) { |
||
48 | $args = array($content, $id); |
||
49 | $page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args); |
||
50 | |||
51 | $page->redirect('post.php?id=' . $id); |
||
52 | } |
||
53 | } |
||
54 | |||
55 | $page->drawHeader(); |
||
56 | $page->drawBlogCategoriesMenu(); |
||
57 | $page->drawMiddle(); |
||
58 | |||
59 | if (!empty($error)) { |
||
60 | $page->drawError($error, false); |
||
61 | } |
||
62 | |||
63 | ?> |
||
64 | |||
65 | <form action="add-post-img.php" method="post" enctype="multipart/form-data"> |
||
66 | <table> |
||
67 | <tr> |
||
68 | <td class="bold">Post Title: </td> |
||
69 | <td><?php echo $post->title; ?></td> |
||
70 | </tr> |
||
71 | <tr> |
||
72 | <td class="bold">Label: </td> |
||
73 | <td><input type="text" name="label" value=""/></td> |
||
74 | </tr> |
||
75 | <tr> |
||
76 | <td class="bold">File: </td> |
||
77 | <td><input type="file" name="file" id="file"></td> |
||
78 | </tr> |
||
79 | |||
80 | <?php |
||
81 | write('<input type="hidden" name="id" value="' . $id . '" />'); |
||
82 | ?> |
||
83 | <input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
||
84 | |||
85 | <tr> |
||
86 | <td class="bold"></td> |
||
87 | <td><input type="submit" value="Add Image" /></td> |
||
88 | </tr> |
||
89 | </table> |
||
90 | </form> |
||
91 | |||
92 | <?php |
||
93 | |||
94 | $page->drawFooter(); |
||
95 | |||
96 | ?> |
||
97 |