0,0 → 1,97 |
<?php |
|
require '../_taios.php'; |
|
$page = new Taios_Page('Edit Post', '../'); |
|
if (isset($_GET['id'])) |
{ |
$id = $_GET['id']; |
} |
else if (isset($_POST['id'])) |
{ |
$id = $_POST['id']; |
} |
else |
{ |
$page->drawError('No ID set.'); |
} |
|
$page->checkLoggedIn(); |
|
$post = $page->getBlogPost($id); |
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser())) |
{ |
$page->drawError('You do not have permission to access this page.'); |
} |
|
$error = ''; |
|
if (isset($_POST['id'])) { |
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']); |
|
$lname = ROOT_PATH . "blog/" . $page->acceptFile("file"); |
|
if ($lname == false) |
die(); |
|
$content = $post->content; |
|
if (isset($_POST['label'])) |
{ |
$label = $_POST['label']; |
$content = $content . "\n\n[b]" . $label . "[/b]\n"; |
} |
$content = $content . "[img]" . $lname . "[/img]"; |
|
if (empty($title)) { |
$args = array($content, $id); |
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args); |
|
$page->redirect('post.php?id=' . $id); |
} |
} |
|
$page->drawHeader(); |
$page->drawBlogCategoriesMenu(); |
$page->drawMiddle(); |
|
if (!empty($error)) { |
$page->drawError($error, false); |
} |
|
?> |
|
<form action="add-post-img.php" method="post" enctype="multipart/form-data"> |
<table> |
<tr> |
<td class="bold">Post Title: </td> |
<td><?php echo $post->title; ?></td> |
</tr> |
<tr> |
<td class="bold">Label: </td> |
<td><input type="text" name="label" value=""/></td> |
</tr> |
<tr> |
<td class="bold">File: </td> |
<td><input type="file" name="file" id="file"></td> |
</tr> |
|
<?php |
write('<input type="hidden" name="id" value="' . $id . '" />'); |
?> |
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" /> |
|
<tr> |
<td class="bold"></td> |
<td><input type="submit" value="Add Image" /></td> |
</tr> |
</table> |
</form> |
|
<?php |
|
$page->drawFooter(); |
|
?> |
|