4,11 → 4,16 |
|
$page = new Taios_Page('Nowify', '../'); |
|
if (isset($_GET['id'])) { |
if (isset($_GET['id'])) |
{ |
$id = $_GET['id']; |
} else if (isset($_POST['id'])) { |
} |
else if (isset($_POST['id'])) |
{ |
$id = $_POST['id']; |
} else { |
} |
else |
{ |
$page->drawError('No ID set.'); |
} |
|
15,7 → 20,8 |
$page->checkLoggedIn(); |
|
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) { |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
|
25,7 → 31,7 |
{ |
$title = $_POST['title']; |
|
$page->query("UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = ?", array($id)); |
$page->query('UPDATE BlogPosts SET DatePosted = NOW() WHERE ID = "' . $id . '"'); |
$page->redirect('/blog/post.php?id=' . $id); |
} |
|
33,7 → 39,8 |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
|
if (!empty($error)) { |
if (!empty($error)) |
{ |
$page->drawError($error, false); |
} |
|
58,3 → 65,4 |
$page->drawFooter(); |
|
?> |
|