/blog/index.php |
---|
16,21 → 16,24 |
} |
$query = 'WHERE ParentID = -1'; |
$args = array(); |
if (isset($_GET['cat'])) { |
$query = $query . " AND Category = ?"; |
array_push($args, $_GET['cat']); |
if (isset($_GET['cat'])) |
{ |
$query = $query . ' AND Category = "' . $_GET['cat'] . '"'; |
write('<p>Only showing blog posts from the ' . $_GET['cat'] . ' category. <a href="index.php">Reset Filtering</a></p><br />'); |
} |
if (!$page->isUserGM($page->getLoggedInUser())) { |
if(!$page->isUserGM($page->getLoggedInUser())) |
{ |
$query = $query . ' AND Category != "Drafts"'; |
} |
$query = $query . " ORDER BY DatePosted DESC"; |
foreach ($page->findIDs('BlogPosts', $query, $args) as $id) { |
$ids = $page->findIDs('BlogPosts', $query); |
for ($i = 0; $i < count($ids); $i++) |
{ |
$id = $ids[$i]; |
$post = $page->getBlogPost($id); |
$ids2 = $page->findIDs('BlogPosts', 'WHERE ParentID="' . $id . '"'); |
/admin/nowify.php |
---|
4,11 → 4,16 |
$page = new Taios_Page('Nowify', '../'); |
if (isset($_GET['id'])) { |
if (isset($_GET['id'])) |
{ |
$id = $_GET['id']; |
} else if (isset($_POST['id'])) { |
} |
else if (isset($_POST['id'])) |
{ |
$id = $_POST['id']; |
} else { |
} |
else |
{ |
$page->drawError('No ID set.'); |
} |
15,7 → 20,8 |
$page->checkLoggedIn(); |
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) { |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
25,7 → 31,7 |
{ |
$title = $_POST['title']; |
$page->query("UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = ?", array($id)); |
$page->query('UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = "' . $id . '"'); |
$page->redirect('/blog/post.php?id=' . $id); |
} |
33,7 → 39,8 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
if (!empty($error)) { |
if (!empty($error)) |
{ |
$page->drawError($error, false); |
} |
58,3 → 65,4 |
$page->drawFooter(); |
?> |
/forums/add-post-do.php |
---|
7,12 → 7,13 |
$page->checkLoggedIn(); |
$parentID = $_POST['parentID']; |
if (empty($parentID)) { |
if (empty($parentID)) |
{ |
$parentID = -1; |
} |
$categoryID = $_POST['categoryID']; |
if (empty($categoryID)) { |
if (empty($categoryID)) |
{ |
$parentID = -1; |
} |
19,20 → 20,21 |
$title = $_POST['title']; |
$content = $_POST['content']; |
if (!$page->isUserNormal($page->getLoggedInUser())) { |
if (!$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->redirect('add-post.php?error=You do not have permission to access this page'); |
} |
if (empty($title)) { |
if (empty($title)) |
{ |
$page->redirect('add-post.php?error=No Title Specified'); |
} |
if (empty($title)) { |
if (empty($title)) |
{ |
$page->redirect('add-post.php?error=No Content Specified'); |
} |
$args = array($page->getLoggedInUser()->ID, $categoryID, $parentID, $title, $content); |
$page->query("INSERT INTO ForumPosts VALUES (0, ?, ?, ?, ?, ?, NOW(), FALSE)", $args); |
$page->query('INSERT INTO ForumPosts VALUES (0, "' .$page->getLoggedInUser()->ID . '", "' . $categoryID . '", "' . $parentID . '", "' . $title . '", "' . $content . '", NOW(), FALSE)'); |
$page->redirect('index.php?parentID=' . $categoryID); |
?> |
/forums/delete-category-do.php |
---|
8,10 → 8,13 |
$id = $page->getGetID(); |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
$page->query("DELETE FROM ForumCategories WHERE ID = ?", array($id)); |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumCategories WHERE ID = "' . $id . '"'); |
$page->redirect('index.php'); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
/forums/edit-category-do.php |
---|
11,16 → 11,20 |
$title = $_POST['title']; |
$description = $_POST['description']; |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
if (empty($title)) { |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
if (empty($title)) |
{ |
$page->redirect('edit-category.php?error=No Title Specified'); |
} |
$args = array($title, $description, $id); |
$page->query("UPDATE ForumCategories SET Title = ?, Description = ? WHERE ID = ?", $args); |
$page->query('UPDATE ForumCategories SET Title = "' . $title . '", Description = "' . $description . '" WHERE ID = "' . $id . '"'); |
$page->redirect('index.php'); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
?> |
/forums/add-category-do.php |
---|
7,7 → 7,8 |
$page->checkLoggedIn(); |
$parentID = $_POST['parentID']; |
if (empty($parentID)) { |
if (empty($parentID)) |
{ |
$parentID = -1; |
} |
14,15 → 15,20 |
$title = $_POST['title']; |
$description = $_POST['description']; |
if ($page->isUserAdmin($page->getLoggedInUser())) { |
if (empty($title)) { |
if ($page->isUserAdmin($page->getLoggedInUser())) |
{ |
if (empty($title)) |
{ |
$page->redirect('add-category.php?error=No Title Specified'); |
} |
$page->query("INSERT INTO ForumCategories VALUES (0, ?, ?, ?)", array($parentID, $title, $description)); |
$page->query('INSERT INTO ForumCategories VALUES (0, "' . $parentID . '", "' . $title . '", "' . $description . '")'); |
$page->redirect('index.php?parentID=' . $parentID); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
?> |
/forums/delete-post-do.php |
---|
9,15 → 9,22 |
$id = $page->getGetID(); |
$post = $page->getForumPost($id); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) { |
$page->query("DELETE FROM ForumPosts WHERE ID = ?", array($id)); |
if (($page->isUserAdmin($page->getLoggedInUser()) || $post->author->ID == $page->getLoggedInUser()->ID) && $post && $page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->query('DELETE FROM ForumPosts WHERE ID = "' . $id . '"'); |
$page->redirect('index.php'); |
} else { |
if (!$post) { |
} |
else |
{ |
if (!$post) |
{ |
$page->drawError('No such forum post, #' . $id); |
} else { |
} |
else |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
} |
?> |