Subversion Repositories taios

Rev

Rev 511 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
157 freddie 1
<?php
2
 
3
require '../_taios.php';
4
 
176 tom 5
$page = new Taios_Page('Edit Post', '../');
157 freddie 6
 
169 tom 7
if (isset($_GET['id']))
8
{
157 freddie 9
    $id = $_GET['id'];
169 tom 10
}
11
else if (isset($_POST['id']))
12
{
157 freddie 13
    $id = $_POST['id'];
169 tom 14
}
157 freddie 15
else
169 tom 16
{
17
    $page->drawError('No ID set.');
18
}
157 freddie 19
 
20
$page->checkLoggedIn();
21
 
22
$post = $page->getBlogPost($id);
471 muzer 23
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
157 freddie 24
{
25
    $page->drawError('You do not have permission to access this page.');
26
}
27
 
28
$error = '';
29
 
492 tom 30
if (isset($_POST['id'])) {
511 freddie 31
    $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
32
 
157 freddie 33
    $title = $_POST['title'];
34
    $content = $_POST['content'];
35
    $category = $_POST['category'];
36
 
492 tom 37
    if (empty($title)) {
157 freddie 38
        $error = "No Title Specified";
492 tom 39
    } else if (empty($content)) {
157 freddie 40
        $error = "No Content Specified";
492 tom 41
    } else {
42
                $args = array($content, $title, $category, $id);
43
        $page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args);
173 tom 44
        $page->redirect('post.php?id=' . $id);
157 freddie 45
    }
46
}
47
 
48
$page->drawHeader();
49
$page->drawBlogCategoriesMenu();
50
$page->drawMiddle();
51
 
492 tom 52
if (!empty($error)) {
157 freddie 53
    $page->drawError($error, false);
54
}
55
 
56
?>
57
 
169 tom 58
<form action="edit-post.php" method="post">
157 freddie 59
<table>
60
<tr>
61
<td class="bold">Title: </td>
171 tom 62
<td><input type="text" name="title" value="<?php echo $post->title; ?>"/></td>
157 freddie 63
</tr>
64
<tr>
65
<td class="bold">Content: </td>
203 tom 66
<td><textarea name="content"><?php echo $post->content; ?></textarea></td>
157 freddie 67
</tr>
68
<tr>
69
<td class="bold">Catagory: </td>
172 tom 70
<td><input type="text" name="category" value="<?php echo $post->category; ?>" /></td>
157 freddie 71
</tr>
72
 
73
<?php
169 tom 74
write('<input type="hidden" name="id" value="' . $id . '" />');
157 freddie 75
?>
513 freddie 76
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
157 freddie 77
 
511 freddie 78
    <tr>
157 freddie 79
<td class="bold"></td>
176 tom 80
<td><input type="submit" value="Edit" /></td>
157 freddie 81
</tr>
82
</table>
83
</form>
84
 
85
<?php
86
 
87
$page->drawFooter();
88
 
89
?>
90