Subversion Repositories taios

Compare Revisions

Ignore whitespace Rev 518 → Rev 519

/blog/add-post-img.php
0,0 → 1,97
<?php
 
require '../_taios.php';
 
$page = new Taios_Page('Edit Post', '../');
 
if (isset($_GET['id']))
{
$id = $_GET['id'];
}
else if (isset($_POST['id']))
{
$id = $_POST['id'];
}
else
{
$page->drawError('No ID set.');
}
 
$page->checkLoggedIn();
 
$post = $page->getBlogPost($id);
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
{
$page->drawError('You do not have permission to access this page.');
}
 
$error = '';
 
if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);
 
$lname = ROOT_PATH . "blog/" . $page->acceptFile("file");
 
if ($lname == false)
die();
 
$content = $post->content;
 
if (isset($_POST['label']))
{
$label = $_POST['label'];
$content = $content . "\n\n[b]" . $label . "[/b]\n";
}
$content = $content . "[img]" . $lname . "[/img]";
 
if (empty($title)) {
$args = array($content, $id);
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args);
 
$page->redirect('post.php?id=' . $id);
}
}
 
$page->drawHeader();
$page->drawBlogCategoriesMenu();
$page->drawMiddle();
 
if (!empty($error)) {
$page->drawError($error, false);
}
 
?>
 
<form action="add-post-img.php" method="post" enctype="multipart/form-data">
<table>
<tr>
<td class="bold">Post Title: </td>
<td><?php echo $post->title; ?></td>
</tr>
<tr>
<td class="bold">Label: </td>
<td><input type="text" name="label" value=""/></td>
</tr>
<tr>
<td class="bold">File: </td>
<td><input type="file" name="file" id="file"></td>
</tr>
 
<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />
 
<tr>
<td class="bold"></td>
<td><input type="submit" value="Add Image" /></td>
</tr>
</table>
</form>
 
<?php
 
$page->drawFooter();
 
?>
 
/_config.dummy.php
3,6 → 3,8
define('MYSQL_HOST', 'localhost');
define('MYSQL_USER', 'taios');
define('MYSQL_PASSWORD', 'dummy');
define('ALLOW_FILES', false);
define('ROOT_PATH', 'http://wolves.org/~dummy/taios/');
define('RECAPTCHA_PUBLICKEY', 'dummy');
define('RECAPTCHA_PRIVATEKEY', 'dummy');
 
/_taios.php
223,6 → 223,58
return $newstr;
}
 
function acceptFile($fname)
{
if (!ALLOW_FILES)
{
$page->drawError("This system doesn't allow file uploading.");
return false;
}
$this->checkLoggedIn();
if ($this->getLoggedInUser()->accessID >= 2)
{
$page->drawError('You do not have permission to access this page.');
}
$allowedExts = array("gif", "jpeg", "jpg", "png", "tga");
$temp = explode(".", $_FILES[$fname]["name"]);
$extension = end($temp);
if ((($_FILES[$fname]["type"] == "image/gif")
|| ($_FILES[$fname]["type"] == "image/jpeg")
|| ($_FILES[$fname]["type"] == "image/jpg")
|| ($_FILES[$fname]["type"] == "image/pjpeg")
|| ($_FILES[$fname]["type"] == "image/x-png")
|| ($_FILES[$fname]["type"] == "image/png")
|| ($_FILES[$fname]["type"] == "image/tga"))
&& ($_FILES[$fname]["size"] < 200000) // file size limit (bytes)
&& in_array($extension, $allowedExts))
{
if ($_FILES[$fname]["error"] > 0)
{
$page->drawError("File Upload Error: " . $_FILES[$fname]["error"]);
}
else
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
while (file_exists($lname))
{
$lname = "upload/" . $this->rndString(12) . "." . $extension;
}
move_uploaded_file($_FILES[$fname]["tmp_name"], $lname);
return $lname;
}
}
else
{
$page->drawError("Invalid file");
}
return false;
}
 
function redirect($u)
{
header('Location: ' . $u);