Rev 513 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 157 | freddie | 1 | <?php |
| 2 | |||
| 3 | require '../_taios.php'; |
||
| 4 | |||
| 176 | tom | 5 | $page = new Taios_Page('Edit Post', '../'); |
| 157 | freddie | 6 | |
| 169 | tom | 7 | if (isset($_GET['id'])) |
| 8 | { |
||
| 157 | freddie | 9 | $id = $_GET['id']; |
| 169 | tom | 10 | } |
| 11 | else if (isset($_POST['id'])) |
||
| 12 | { |
||
| 157 | freddie | 13 | $id = $_POST['id']; |
| 169 | tom | 14 | } |
| 157 | freddie | 15 | else |
| 169 | tom | 16 | { |
| 17 | $page->drawError('No ID set.'); |
||
| 18 | } |
||
| 157 | freddie | 19 | |
| 20 | $page->checkLoggedIn(); |
||
| 21 | |||
| 22 | $post = $page->getBlogPost($id); |
||
| 471 | muzer | 23 | if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
| 157 | freddie | 24 | { |
| 25 | $page->drawError('You do not have permission to access this page.'); |
||
| 26 | } |
||
| 27 | |||
| 28 | $error = ''; |
||
| 29 | |||
| 492 | tom | 30 | if (isset($_POST['id'])) { |
| 511 | freddie | 31 | $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
| 32 | |||
| 157 | freddie | 33 | $title = $_POST['title']; |
| 34 | $content = $_POST['content']; |
||
| 35 | $category = $_POST['category']; |
||
| 36 | |||
| 492 | tom | 37 | if (empty($title)) { |
| 157 | freddie | 38 | $error = "No Title Specified"; |
| 492 | tom | 39 | } else if (empty($content)) { |
| 157 | freddie | 40 | $error = "No Content Specified"; |
| 492 | tom | 41 | } else { |
| 42 | $args = array($content, $title, $category, $id); |
||
| 43 | $page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args); |
||
| 173 | tom | 44 | $page->redirect('post.php?id=' . $id); |
| 157 | freddie | 45 | } |
| 46 | } |
||
| 47 | |||
| 48 | $page->drawHeader(); |
||
| 49 | $page->drawBlogCategoriesMenu(); |
||
| 50 | $page->drawMiddle(); |
||
| 51 | |||
| 492 | tom | 52 | if (!empty($error)) { |
| 157 | freddie | 53 | $page->drawError($error, false); |
| 54 | } |
||
| 55 | |||
| 56 | ?> |
||
| 57 | |||
| 169 | tom | 58 | <form action="edit-post.php" method="post"> |
| 157 | freddie | 59 | <table> |
| 60 | <tr> |
||
| 61 | <td class="bold">Title: </td> |
||
| 522 | muzer | 62 | <td><input type="text" name="title" value="<?php echo htmlentities($post->title, ENT_QUOTES); ?>"/></td> |
| 157 | freddie | 63 | </tr> |
| 64 | <tr> |
||
| 65 | <td class="bold">Content: </td> |
||
| 522 | muzer | 66 | <td><textarea name="content"><?php echo htmlentities($post->content, ENT_QUOTES); ?></textarea></td> |
| 157 | freddie | 67 | </tr> |
| 68 | <tr> |
||
| 69 | <td class="bold">Catagory: </td> |
||
| 522 | muzer | 70 | <td><input type="text" name="category" value="<?php echo htmlentities($post->category, ENT_QUOTES); ?>" /></td> |
| 157 | freddie | 71 | </tr> |
| 72 | |||
| 73 | <?php |
||
| 169 | tom | 74 | write('<input type="hidden" name="id" value="' . $id . '" />'); |
| 157 | freddie | 75 | ?> |
| 513 | freddie | 76 | <input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
| 157 | freddie | 77 | |
| 511 | freddie | 78 | <tr> |
| 157 | freddie | 79 | <td class="bold"></td> |
| 176 | tom | 80 | <td><input type="submit" value="Edit" /></td> |
| 157 | freddie | 81 | </tr> |
| 82 | </table> |
||
| 83 | </form> |
||
| 84 | |||
| 85 | <?php |
||
| 86 | |||
| 87 | $page->drawFooter(); |
||
| 88 | |||
| 89 | ?> |
||
| 90 |