Subversion Repositories taios

Rev

Go to most recent revision | Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
519 freddie 1
<?php
2
 
3
require '../_taios.php';
4
 
5
$page = new Taios_Page('Edit Post', '../');
6
 
7
if (isset($_GET['id']))
8
{
9
    $id = $_GET['id'];
10
}
11
else if (isset($_POST['id']))
12
{
13
    $id = $_POST['id'];
14
}
15
else
16
{
17
    $page->drawError('No ID set.');
18
}
19
 
20
$page->checkLoggedIn();
21
 
22
$post = $page->getBlogPost($id);
23
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
24
{
25
    $page->drawError('You do not have permission to access this page.');
26
}
27
 
28
$error = '';
29
 
30
if (isset($_POST['id'])) {
31
    $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
32
 
33
    $lname = ROOT_PATH . "blog/" . $page->acceptFile("file");
34
 
35
    if ($lname == false)
36
        die();
37
 
38
    $content = $post->content;
39
 
40
    if (isset($_POST['label']))
41
    {
42
       $label = $_POST['label'];
43
       $content = $content . "\n\n[b]" . $label . "[/b]\n";
44
    }
45
    $content = $content . "[img]" . $lname . "[/img]";
46
 
47
    if (empty($title)) {
48
        $args = array($content, $id);
49
        $page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args);
50
 
51
        $page->redirect('post.php?id=' . $id);
52
    }
53
}
54
 
55
$page->drawHeader();
56
$page->drawBlogCategoriesMenu();
57
$page->drawMiddle();
58
 
59
if (!empty($error)) {
60
    $page->drawError($error, false);
61
}
62
 
63
?>
64
 
65
<form action="add-post-img.php" method="post" enctype="multipart/form-data">
66
<table>
67
<tr>
68
<td class="bold">Post Title: </td>
69
<td><?php echo $post->title; ?></td>
70
</tr>
71
<tr>
72
<td class="bold">Label: </td>
73
<td><input type="text" name="label" value=""/></td>
74
</tr>
75
<tr>
76
<td class="bold">File: </td>
77
<td><input type="file" name="file" id="file"></td>
78
</tr>
79
 
80
<?php
81
write('<input type="hidden" name="id" value="' . $id . '" />');
82
?>
83
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
84
 
85
    <tr>
86
<td class="bold"></td>
87
<td><input type="submit" value="Add Image" /></td>
88
</tr>
89
</table>
90
</form>
91
 
92
<?php
93
 
94
$page->drawFooter();
95
 
96
?>
97