Subversion Repositories taios

Rev

Rev 513 | Blame | Compare with Previous | Last modification | View Log | RSS feed

<?php

require '../_taios.php';

$page = new Taios_Page('Edit Post', '../');

if (isset($_GET['id']))
{
    $id = $_GET['id'];
}
else if (isset($_POST['id']))
{
    $id = $_POST['id'];
}
else
{
    $page->drawError('No ID set.');
}

$page->checkLoggedIn();

$post = $page->getBlogPost($id);
if ((!$page->isUserAdmin($page->getLoggedInUser()) && $page->getLoggedInUser()->ID != $post->author->ID) || !$page->isUserNormal($page->getLoggedInUser()))
{
    $page->drawError('You do not have permission to access this page.');
}

$error = '';

if (isset($_POST['id'])) {
    $page->checkCSRFToken($page->getLoggedInUser()->ID, $_POST['csrftoken']);

    $title = $_POST['title'];
    $content = $_POST['content'];
    $category = $_POST['category'];

    if (empty($title)) {
        $error = "No Title Specified";
    } else if (empty($content)) {
        $error = "No Content Specified";
    } else {
                $args = array($content, $title, $category, $id);
        $page->query("UPDATE BlogPosts SET Content = ?, Title = ?, Category = ? WHERE ID = ?", $args);
        $page->redirect('post.php?id=' . $id);
    }
}

$page->drawHeader();
$page->drawBlogCategoriesMenu();
$page->drawMiddle();

if (!empty($error)) {
    $page->drawError($error, false);
}

?>

<form action="edit-post.php" method="post">
<table>
<tr>
<td class="bold">Title: </td>
<td><input type="text" name="title" value="<?php echo htmlentities($post->title, ENT_QUOTES); ?>"/></td>
</tr>
<tr>
<td class="bold">Content: </td>
<td><textarea name="content"><?php echo htmlentities($post->content, ENT_QUOTES); ?></textarea></td>
</tr>
<tr>
<td class="bold">Catagory: </td>
<td><input type="text" name="category" value="<?php echo htmlentities($post->category, ENT_QUOTES); ?>" /></td>
</tr>

<?php
write('<input type="hidden" name="id" value="' . $id . '" />');
?>
<input type="hidden" name="csrftoken" value="<?php echo $page->getCSRFToken($page->getLoggedInUser()->ID); ?>" />

    <tr>
<td class="bold"></td>
<td><input type="submit" value="Edit" /></td>
</tr>
</table>
</form>

<?php

$page->drawFooter();

?>