<?php /* UserSpice 4 An Open Source PHP User Management System by the UserSpice Team at http://UserSpice.com This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ ?> <?php require_once '../users/init.php'; ?> <?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?> <?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?> <?php if (!securePage($_SERVER['PHP_SELF'])){die();}?> <?php //PHP Goes Here! $validation = new Validate(); $errors = []; $successes = []; $id = Input::get('id'); $query = $db->query("SELECT * FROM blog WHERE id = ?",array($id)); if($query->count() <= 0) $err = "That blogpost does not exist. Please try again."; if($query->count() > 1) $err = "You somehow managed to find more than 1 thing...I don't know how..."; if(isset($err)) Redirect::to('adminblog.php?err='.$err); if($query->count() == 1) $results = $query->first(); if(!empty($_POST)){ if(!empty($_POST['updatePost'])){ $token = $_POST['csrf']; if(!Token::check($token)){ die('Token doesn\'t match!'); } if(Input::get('delete') != NULL) { $db->query("DELETE FROM blog WHERE id = ?",array($id)); Redirect::to('adminblog.php?msg=Post+has+been+deleted.'); } else { //Update title if ($results->title != $_POST['title']){ $title = Input::get("title"); $fields=array('title'=>$title); $validation->check($_POST,array( 'title' => array( 'display' => 'Title', 'required' => true, 'max' => 255 ) )); if($validation->passed()){ $db->update('blog',$id,$fields); $successes[] = "Title Updated"; }else{ ?><div id="form-errors"> <?=$validation->display_errors();?></div> <?php } } //Update content if ($results->content != $_POST['content']){ $content = Input::get("content"); $fields=array('content'=>$content); $validation->check($_POST,array( 'content' => array( 'display' => 'Content', 'required' => true, ) )); if($validation->passed()){ $db->update('blog',$id,$fields); $successes[] = "Content Updated"; }else{ ?><div id="form-errors"> <?=$validation->display_errors();?></div> <?php } } } } if(!empty($_POST['updateImage'])){ $target_dir = "img/"; $target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]); $uploadOk = 1; $imageFileType = pathinfo($target_file,PATHINFO_EXTENSION); // Check if image file is a actual image or fake image if(isset($_POST["submit"])) { $check = getimagesize($_FILES["fileToUpload"]["tmp_name"]); if($check !== false) { $errors[] = "File is an image - " . $check["mime"] . "."; $uploadOk = 1; } else { $errors[] = "File is not an image."; $uploadOk = 0; } } // Check if file already exists if (file_exists($target_file)) { $target_file .= generateRandomString(); $errors[] = "Renamed file due to pre-existing file."; } // Check file size if ($_FILES["fileToUpload"]["size"] > 500000) { $errors[] = "Sorry, your file is too large."; $uploadOk = 0; } // Allow certain file formats if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg" && $imageFileType != "gif" ) { $errors[] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed."; $uploadOk = 0; } // Check if $uploadOk is set to 0 by an error if ($uploadOk == 0) { $errors[] = "Sorry, your file was not uploaded."; // if everything is ok, try to upload file } else { if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) { $successes[] = "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded."; } else { $errors[] = "Sorry, there was an error uploading your file."; } } if($uploadOk==1) { //Update image if ($results->image != $target_file){ $image = $target_file; $fields=array('image'=>$image); $db->update('blog',$id,$fields); $successes[] = "Image Updated"; } } else { } } $query = $db->query("SELECT * FROM blog WHERE id = ?",array($id)); $results = $query->first(); } ?> <div id="page-wrapper"> <div class="container"> <?=resultBlock($errors,$successes);?> <?=$validation->display_errors();?> <div class="well"> <h1>Edit Blog Post</h1> <div class="row"> <div class="col-xs-12 col-md-10"> <form class="form-group" action="" name="updatePost" method="post" enctype="multipart/form-data"> <table class="table"> <tr> <td width="100px"><a href="#" data-toggle="modal" data-target="#image"><img src="<?=$results->image?>" width="100px" height="100px" alt="<?=$results->title?>" /></a></td> <td><label>Title</label> <input type="text" class="form-control" name="title" maxlength="255" value="<?=$results->title?>" required /> <?php // <label>Featured Image</label> <input type="file" class="form-control" name="fileToUpload" id="fileToUpload" required /> ?> <label>Content</label> <textarea class="form-control" name="content" id="content" ><?=$results->content?></textarea></td> </tr></table> <label>Delete this post? <input type="checkbox" name="delete" /> </label> <input required type="hidden" name="csrf" value="<?=Token::generate();?>" > <br /><div class="pull-right"><div class="btn-group"><input type="submit" name="updatePost" value="Update Post" class="btn btn-success" /></div> <div class="btn-group"><a href="adminblog.php" class="btn btn-danger">Cancel</a></div></div> </form> </div> </div> </div> <div id="image" class="modal fade" role="dialog"> <div class="modal-dialog"> <!-- Modal content--> <div class="modal-content"> <div class="modal-header"> <button type="button" class="close" data-dismiss="modal">×</button> <h4 class="modal-title">Update Image</h4> </div> <div class="modal-body"> <label>Current Image</label><br /> <img src="<?=$results->image?>" width="250px" height="250px" alt="<?=$results->title?>" /> <form class="form-group" action="" name="updateImage" method="post" enctype="multipart/form-data"> <label>New Image</label> <input type="file" class="form-control" name="fileToUpload" id="fileToUpload" required /> </div> <div class="modal-footer"> <div class="btn-group"><input class='btn btn-success' type='submit' name="updateImage" value='Update Image' class='submit' /></div></form> <div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div> </div> </div> </div> </div> </div> <!-- /container --> </div> <!-- /#page-wrapper --> <!-- footers --> <?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?> <!-- Place any per-page javascript here --> <?php if ($settings->wys == 1){ ?> <script src='//cdn.tinymce.com/4/tinymce.min.js'></script> <script> tinymce.init({ selector: '#content' }); </script> <?php } ?> <?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?>