/blog/add-post-img.php |
---|
0,0 → 1,97 |
<?php |
require '../_taios.php'; |
$page = new Taios_Page('Edit Post', '../'); |
if (isset($_GET['id'])) |
{ |
$id = $_GET['id']; |
} |
else if (isset($_POST['id'])) |
{ |
$id = $_POST['id']; |
} |
else |
{ |
$page->drawError('No ID set.'); |
} |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
$error = ''; |
if (isset($_POST['id'])) { |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$lname = $page->acceptFile("file"); |
if ($lname == false) |
die(); |
$content = $post->content; |
if (isset($_POST['label'])) |
{ |
$label = $_POST['label']; |
$content = $content . "\n\n[b]" . $label . "[/b]\n"; |
} |
$content = $content . "[img]" . $lname . "[/img]"; |
if (empty($title)) { |
$args = array($content, $id); |
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args); |
$page->redirect('post.php?id=' . $id); |
} |
} |
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) { |
$page->drawError($error, false); |
} |
?> |
<form action="add-post-img.php" method="post" enctype="multipart/form-data"> |
<table> |
<tr> |
<td class="bold">Post Title: </td> |
<td><?php echo $post->title; ?></td> |
</tr> |
<tr> |
<td class="bold">Label: </td> |
<td><input type="text" name="label" value=""/></td> |
</tr> |
<tr> |
<td class="bold">File: </td> |
<td><input type="file" name="file" id="file"></td> |
</tr> |
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |
?> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<tr> |
<td class="bold"></td> |
<td><input type="submit" value="Add Image" /></td> |
</tr> |
</table> |
</form> |
<?php |
$page->drawFooter(); |
?> |
/_taios.php |
---|
223,6 → 223,59 |
return $newstr; |
} |
function acceptFile($fname) |
{ |
if (!ALLOW_FILES) |
{ |
$this->drawError("This system doesn't allow file uploading."); |
return false; |
} |
$this->checkLoggedIn(); |
if ($this->getLoggedInUser()->accessID >= 2) |
{ |
$this->drawError('You do not have permission to access this page.'); |
} |
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga"); |
$temp = explode(".", $_FILES[$fname]["name"]); |
$extension = end($temp); |
if ((($_FILES[$fname]["type"] == "image/gif") |
|| ($_FILES[$fname]["type"] == "image/jpeg") |
|| ($_FILES[$fname]["type"] == "image/jpg") |
|| ($_FILES[$fname]["type"] == "image/pjpeg") |
|| ($_FILES[$fname]["type"] == "image/x-png") |
|| ($_FILES[$fname]["type"] == "image/png") |
|| ($_FILES[$fname]["type"] == "image/x-targa") |
|| ($_FILES[$fname]["type"] == "image/x-tga")) |
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes) |
&& in_array($extension, $allowedExts)) |
{ |
if ($_FILES[$fname]["error"] > 0) |
{ |
$this->drawError("File Upload Error: " . $_FILES[$fname]["error"]); |
} |
else |
{ |
$lname = "upload/" . $this->rndString(12) . "." . $extension; |
while (file_exists($lname)) |
{ |
$lname = "upload/" . $this->rndString(12) . "." . $extension; |
} |
move_uploaded_file($_FILES[$fname]["tmp_name"], $this->url . $lname); |
return ROOT_PATH . $lname; |
} |
} |
else |
{ |
$this->drawError("Invalid file"); |
} |
return false; |
} |
function redirect($u) |
{ |
header('Location: ' . $u); |
/_config.dummy.php |
---|
3,6 → 3,8 |
define('MYSQL_HOST', 'localhost'); |
define('MYSQL_USER', 'taios'); |
define('MYSQL_PASSWORD', 'dummy'); |
define('ALLOW_FILES', false); |
define('ROOT_PATH', 'http://wolves.org/~dummy/taios/'); |
define('RECAPTCHA_PUBLICKEY', 'dummy'); |
define('RECAPTCHA_PRIVATEKEY', 'dummy'); |
/projects/edit-project-do.php |
---|
2,10 → 2,10 |
require '../_taios.php'; |
$page = new Taios_Page('Edit Project', '../'); |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$page = new Taios_Page('Edit Project', '../'); |
$project = $page->getProject($page->getPostID()); |
if (!$project) |
{ |
/projects/add-project-do.php |
---|
2,10 → 2,10 |
require '../_taios.php'; |
$page = new Taios_Page('Add Project', '../'); |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
$page = new Taios_Page('Add Project', '../'); |
$title = $_POST['title']; |
$description = $_POST['description']; |
$logoURL = $_POST['logourl']; |
/projects/edit-project.php |
---|
62,7 → 62,7 |
<td class="bold"></td> |
<td><input type="submit" value="Edit Project" /></td> |
</tr> |
<input type="hidden" name="csrftoken" value=""<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
</table> |
</form> |
/projects/add-project.php |
---|
54,7 → 54,7 |
<td class="bold"></td> |
<td><input type="submit" value="Add Project" /></td> |
</tr> |
<input type="hidden" name="csrftoken" value=""<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
</table> |
</form> |
/install.sql |
---|
66,7 → 66,7 |
PRIMARY KEY(ID) |
); |
INSERT INTO Users VALUES (1, 0, "admin", SHA1("password"), "admins@tim32.org", "Tim32 Admin", 0); |
INSERT INTO Users VALUES (1, 0, "admin", SHA1("passwordrostok"), "admins@tim32.org", "Tim32 Admin", "rostok", "rostok", 0); |
INSERT INTO BlogPosts VALUES(1, -1, 1, "Welcome to Tim32!", "Welcome to the new Tim32 website! It has had a complete design re-think to make it simpler and easier to use!", NOW(), "Tim32", FALSE); |
INSERT INTO Projects VALUES (1, 1, "TAIOS", "TAIOS (The All In One System) is a PHP based system to make the Tim32 website very self contained and altogether.", "http://websvn.kde.org/*checkout*/trunk/kdesupport/oxygen-icons/64x64/categories/applications-internet.png", "", "http://tim32.org/~tom/taios/", "SVN", NOW()); |
INSERT INTO ForumCategories VALUES (1, -1, "Tim32", "Talk about Tim32 in here"); |