WebSVN - taios - Rev 519 - /blog/add-post-img.php

<?php

require '../_taios.php';

$page = new Taios_Page('Edit Post', '../');

if (isset($_GET['id']))
{
$id = $_GET['id'];
}
else if (isset($_POST['id']))
{
$id = $_POST['id'];
}
else
{
$page->drawError('No ID set.');
}

$page->checkLoggedIn();

$post = $page->getBlogPost($id);
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
{
$page->drawError('You do not have permission to access this page.');
}

$error = '';

if (isset($_POST['id'])) {
$page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);

$lname = ROOT_PATH . "blog/" . $page->acceptFile("file");

if ($lname == false)
die();

$content = $post->content;

if (isset($_POST['label']))
{
$label = $_POST['label'];
$content = $content . "\n\n[b]" . $label . "[/b]\n";
}
$content = $content . "[img]" . $lname . "[/img]";

if (empty($title)) {
$args = array($content, $id);
$page->query("UPDATE BlogPosts SET Content = ? WHERE ID = ?", $args);

$page->redirect('post.php?id=' . $id);
}
}

$page->drawHeader();
$page->drawBlogCategoriesMenu();
$page->drawMiddle();

if (!empty($error)) {
$page->drawError($error, false);
}

?>

<form action="add-post-img.php" method="post" enctype="multipart/form-data">
<table>
<tr>
<td class="bold">Post Title: </td>
<td><?php echo $post->title; ?></td>
</tr>
<tr>
<td class="bold">Label: </td>
<td><input type="text" name="label" value=""/></td>
</tr>
<tr>
<td class="bold">File: </td>
<td><input type="file" name="file" id="file"></td>
</tr>

<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />

<tr>
<td class="bold"></td>
<td><input type="submit" value="Add Image" /></td>
</tr>
</table>
</form>

<?php

$page->drawFooter();

?>

Subversion Repositories taios

(root)/blog/add-post-img.php - Rev 519