Changeset 79
- Timestamp:
- 28/05/05 18:30:45 (4 years ago)
- Files:
-
- admin.lib.php (modified) (4 diffs)
- admin.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
admin.lib.php
r77 r79 214 214 //re-display entry form if there are errors 215 215 else { 216 $this->printEntryForm( );216 $this->printEntryForm($_POST,true); 217 217 } 218 218 } … … 224 224 $subject = ''; 225 225 $body = ''; 226 $err = 0;227 226 228 227 //sanitise category (make sure it IS a number!) 229 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] == 0) {228 if (isset($_POST['category']) && trim($_POST['category']) != "" && (int)$_POST['category'] != 0) { 230 229 $category = (int)$_POST['category']; 231 230 } else { 232 error(4,_("Undefined Category.")); 233 $err = 1; 234 } 235 231 $this->inputError = _("Undefined Category!"); 232 } 236 233 //sanitise subject (make sure it's not a number!) 237 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['subject'] != 0) { 238 $subject = $_POST['subject']; 239 } else { 240 error(4,_("No Subject!")); 241 $err = 1; 242 } 243 234 if (isset($_POST['subject']) && trim($_POST['subject']) != "" && (int)$_POST['category'] != 0) { 235 $subject = addslashes(trim(strip_tags($_POST['subject']))); 236 } else { 237 $this->inputError = _("No entry subject!"); 238 } 244 239 //sanitise body 245 240 if (isset($_POST['body']) && trim($_POST['body']) != "") { 246 $body = $_POST['body'];247 } else { 248 error(4,_("No Entry!"));249 $err = 1;250 }251 252 if ($err == 0) {241 $body = addslashes(nl2br(trim(strip_tags($_POST['body'])))); 242 } else { 243 $this->inputError = _("No entry body!"); 244 } 245 //no errors, so continue.. 246 if ($this->inputError) { 247 //check to see this post exists 253 248 $sql = db_query("SELECT id from entries where id = ".$id."';"); 254 249 $sqlNum = db_num_rows($sql); 255 if ($sqlNum != 0) { //existio? 256 $sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{add_slashes($subject)}','{add_slashes($body)}') WHERE id = '{$id}';"); 257 258 $this->printEntry($id); //printenate it 259 260 } else { 261 error(2,_("Cannot update entry - it never existed!".db_error())); 262 } 263 } else { 264 error(4,_("You can't change it to be blank :)")); 265 } 266 } 267 268 // this will... uh ... print the blog Entry form... 269 function printEntryForm() 250 //yes?, we can update it then.. 251 if ($sqlNum == 1) { 252 $sql = db_query("UPDATE entries SET (category, subject, body) = ({$category},'{$subject}','{$body}') WHERE id = '{$id}';"); 253 if (!$sql) { 254 error(2,"Database commit failed - ".db_error()); 255 } 256 else { 257 $row = db_last($sql, "entries"); 258 $this->blog->printEntry($row,false,false); 259 } 260 } 261 //cant update non-existant entrys 262 else { 263 error(2,_("Cannot update entry, as it does not exist.".db_error())); 264 } 265 } 266 //redisplay entry form if there are errors 267 else { 268 $this->printEntryForm(); 269 } 270 } 271 //update form 272 function updateForm($id) 273 { 274 $id = $this->blog->makeCleanString($id); 275 $sql = db_query("SELECT subject, category, body from entries where shortsubject = '".$id."';"); 276 $sqlNum = db_num_rows($sql); 277 //yes?, we can update it then.. 278 if ($sqlNum == 1) { 279 $row = db_getrow($sql); 280 $this->printEntryForm($row,true,true); 281 } 282 } 283 284 //print the blog Entry form... 285 function printEntryForm($row='',$show=false,$edit=false) 270 286 { 271 287 echo "<div class=\"entry\">\n"; … … 273 289 echo "<p class=\"invalid\">*** " . $this->inputError . " ***</p>\n"; 274 290 } 275 elseif (isset($_POST['submit'])) { 276 echo "<p>Thank you for your comment</p>\n"; 277 } 278 279 echo "<h2>"._("Write Entry")."</h2>\n"; 280 echo "<form action=\"".$this->blogPath."postentry\" method=\"post\" id=\"entryform\">\n"; 281 echo "<p>\n"; 282 echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($this->inputError != "") ? strip_tags(trim($_POST['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n"; 291 echo "<h2>".((!$edit) ?_("Write Entry") : _("Edit Entry"))."</h2>\n"; 292 echo "<form action=\"".$this->blogPath.((!$edit) ? "postentry" : "postupdate")."\" method=\"post\" id=\"entryform\">\n"; 293 echo "<p>\n"; 294 echo "<input type=\"text\" name=\"subject\" id=\"subject\" value=\"" . (($show) ? strip_tags(trim($row['subject'])) : "") . "\" size=\"22\" maxlength=\"50\" tabindex=\"1\" />\n"; 283 295 echo "<label for=\"subject\">"._(Subject)."</label>\n"; 284 296 echo "</p>\n"; 285 297 echo "<p>\n"; 286 298 echo "<select name=\"category\" id=\"category\">"; 299 //pull in the list of catogories from the database 287 300 $sql = db_query("SELECT id, name FROM categories"); 288 301 while ($sqlRow = db_getrow($sql)) { 289 echo "<option value=\"{$sqlRow['id']}\"".(((int)$ _POST['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>";302 echo "<option value=\"{$sqlRow['id']}\"".(((int)$row['category'] == $sqlRow['id']) ? "selected" : "").">{$sqlRow['name']}</option>"; 290 303 } 291 304 echo "</select>"; … … 293 306 echo "</p>\n"; 294 307 echo "<p>\n"; 295 echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($ this->inputError != "") ? strip_tags($_POST['comment'],$entryTags) : "") . "</textarea>\n";308 echo "<textarea name=\"body\" id=\"body\" cols=\"50\" rows=\"10\" tabindex=\"3\">" . (($show) ? strip_tags($row['body'],$entryTags) : "") . "</textarea>\n"; 296 309 echo "</p>\n"; 297 310 echo "<p>\n"; admin.php
r66 r79 21 21 <div id="sidepanel"> 22 22 <p class="sideblurb"> 23 #sidepanel<br />23 <?$admin->menu();?><br /> 24 24 <a href="http://sucs.org"><img src="<? echo $admin->httpPath."img/sucspow.png"; ?>" alt="Powered by SUCS" height="13" width="80" /></a> 25 25 </p> … … 40 40 case "postentry": 41 41 $admin->postEntry() ; 42 break; 43 case "postupdate": 44 $admin->updateEntry(array_shift($request)) ; 45 break; 46 case "update": 47 $admin->updateForm(array_shift($request)) ; 42 48 break; 43 49 default:
