Rev 492 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 169 | tom | 1 | <?php |
| 2 | |||
| 3 | function getParentID() |
||
| 4 | { |
||
| 5 | if (isset($_GET['id'])) |
||
| 6 | { |
||
| 7 | return $_GET['id']; |
||
| 8 | } |
||
| 9 | else |
||
| 10 | { |
||
| 11 | return -1; |
||
| 12 | } |
||
| 13 | } |
||
| 14 | |||
| 15 | require '../_taios.php'; |
||
| 16 | |||
| 176 | tom | 17 | $page = new Taios_Page('Add Post', '../'); |
| 169 | tom | 18 | $page->checkLoggedIn(); |
| 19 | |||
| 20 | $error = ''; |
||
| 21 | |||
| 22 | if (isset($_POST['post'])) |
||
| 23 | { |
||
| 511 | freddie | 24 | $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
| 25 | |||
| 169 | tom | 26 | $title = $_POST['title']; |
| 27 | $content = $_POST['content']; |
||
| 28 | $parentID = $_POST['parentID']; |
||
| 29 | $category = $_POST['category']; |
||
| 30 | |||
| 31 | if (empty($title)) |
||
| 32 | { |
||
| 33 | $error = "No Title Specified"; |
||
| 34 | } |
||
| 35 | else if (empty($content)) |
||
| 36 | { |
||
| 37 | $error = "No Content Specified"; |
||
| 38 | } |
||
| 39 | else if (empty($parentID)) |
||
| 40 | { |
||
| 41 | $error = "No Parent ID Specified"; |
||
| 42 | } |
||
| 43 | else |
||
| 44 | { |
||
| 471 | muzer | 45 | if (($page->getLoggedInUser()->accessID >= 2 && $parentID == -1) || $page->getLoggedInUser()->accessID > 2) |
| 169 | tom | 46 | { |
| 47 | $page->drawError('You do not have permission to access this page.'); |
||
| 48 | } |
||
| 492 | tom | 49 | |
| 50 | $args = array(0, $parentID, $page->getLoggedInUser()->ID, $title, $content, $category, 0); |
||
| 51 | $page->query("INSERT INTO BlogPosts VALUES(?, ?, ?, ?, ?, NOW(), ?, ?)", $args); |
||
| 169 | tom | 52 | $page->redirect('post.php?id=' . $parentID); |
| 53 | } |
||
| 54 | } |
||
| 55 | |||
| 56 | $page->drawHeader(); |
||
| 57 | $page->drawBlogCategoriesMenu(); |
||
| 58 | $page->drawMiddle(); |
||
| 59 | |||
| 60 | if (!empty($error)) |
||
| 61 | { |
||
| 62 | $page->drawError($error, false); |
||
| 63 | } |
||
| 64 | |||
| 65 | ?> |
||
| 66 | |||
| 67 | <form action="add-post.php?id=<?php echo getParentID(); ?>" method="post"> |
||
| 68 | <table> |
||
| 69 | <tr> |
||
| 70 | <td class="bold">Title: </td> |
||
| 71 | <td><input type="text" name="title" /></td> |
||
| 72 | </tr> |
||
| 73 | <tr> |
||
| 74 | <td class="bold">Content: </td> |
||
| 75 | <td><textarea name="content" style="width: 500px; height: 300px;"></textarea></td> |
||
| 76 | </tr> |
||
| 77 | <tr> |
||
| 78 | <td class="bold">Catagory: </td> |
||
| 79 | <td><input type="text" name="category" /></td> |
||
| 80 | </tr> |
||
| 81 | |||
| 82 | <input type="hidden" name="post" value="yes" /> |
||
| 511 | freddie | 83 | <input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
| 169 | tom | 84 | |
| 85 | <?php |
||
| 86 | write('<input type="hidden" name="parentID" value="' . getParentID() . '" />'); |
||
| 87 | ?> |
||
| 88 | |||
| 89 | <tr> |
||
| 90 | <td class="bold"></td> |
||
| 91 | <td><input type="submit" value="Post" /></td> |
||
| 92 | </tr> |
||
| 93 | </table> |
||
| 94 | </form> |
||
| 95 | |||
| 96 | <?php |
||
| 97 | |||
| 98 | $page->drawFooter(); |
||
| 99 | |||
| 100 | ?> |