editpost.php
<?php
/*
UserSpice 4
An Open Source PHP User Management System
by the UserSpice Team at http://UserSpice.com
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
?>
<?php require_once '../users/init.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/header.php'; ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/navigation.php'; ?>
<?php if (!securePage($_SERVER['PHP_SELF'])){die();}?>
<?php
//PHP Goes Here!
$validation = new Validate();
$errors = [];
$successes = [];
$id = Input::get('id');
$query = $db->query("SELECT * FROM blog WHERE id = ?",array($id));
if($query->count() <= 0) $err = "That blogpost does not exist. Please try again.";
if($query->count() > 1) $err = "You somehow managed to find more than 1 thing...I don't know how...";
if(isset($err)) Redirect::to('adminblog.php?err='.$err);
if($query->count() == 1) $results = $query->first();
if(!empty($_POST)){
if(!empty($_POST['updatePost'])){
$token = $_POST['csrf'];
if(!Token::check($token)){
die('Token doesn\'t match!');
}
if(Input::get('delete') != NULL) { $db->query("DELETE FROM blog WHERE id = ?",array($id)); Redirect::to('adminblog.php?msg=Post+has+been+deleted.'); }
else {
//Update title
if ($results->title != $_POST['title']){
$title = Input::get("title");
$fields=array('title'=>$title);
$validation->check($_POST,array(
'title' => array(
'display' => 'Title',
'required' => true,
'max' => 255
)
));
if($validation->passed()){
$db->update('blog',$id,$fields);
$successes[] = "Title Updated";
}else{
?><div id="form-errors">
<?=$validation->display_errors();?></div>
<?php
}
}
//Update content
if ($results->content != $_POST['content']){
$content = Input::get("content");
$fields=array('content'=>$content);
$validation->check($_POST,array(
'content' => array(
'display' => 'Content',
'required' => true,
)
));
if($validation->passed()){
$db->update('blog',$id,$fields);
$successes[] = "Content Updated";
}else{
?><div id="form-errors">
<?=$validation->display_errors();?></div>
<?php
}
} }
}
if(!empty($_POST['updateImage'])){
$target_dir = "img/";
$target_file = $target_dir . basename($_FILES["fileToUpload"]["name"]);
$uploadOk = 1;
$imageFileType = pathinfo($target_file,PATHINFO_EXTENSION);
// Check if image file is a actual image or fake image
if(isset($_POST["submit"])) {
$check = getimagesize($_FILES["fileToUpload"]["tmp_name"]);
if($check !== false) {
$errors[] = "File is an image - " . $check["mime"] . ".";
$uploadOk = 1;
} else {
$errors[] = "File is not an image.";
$uploadOk = 0;
}
}
// Check if file already exists
if (file_exists($target_file)) {
$target_file .= generateRandomString();
$errors[] = "Renamed file due to pre-existing file.";
}
// Check file size
if ($_FILES["fileToUpload"]["size"] > 500000) {
$errors[] = "Sorry, your file is too large.";
$uploadOk = 0;
}
// Allow certain file formats
if($imageFileType != "jpg" && $imageFileType != "png" && $imageFileType != "jpeg"
&& $imageFileType != "gif" ) {
$errors[] = "Sorry, only JPG, JPEG, PNG & GIF files are allowed.";
$uploadOk = 0;
}
// Check if $uploadOk is set to 0 by an error
if ($uploadOk == 0) {
$errors[] = "Sorry, your file was not uploaded.";
// if everything is ok, try to upload file
} else {
if (move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file)) {
$successes[] = "The file ". basename( $_FILES["fileToUpload"]["name"]). " has been uploaded.";
} else {
$errors[] = "Sorry, there was an error uploading your file.";
}
}
if($uploadOk==1) {
//Update image
if ($results->image != $target_file){
$image = $target_file;
$fields=array('image'=>$image);
$db->update('blog',$id,$fields);
$successes[] = "Image Updated";
}
}
else {
}
}
$query = $db->query("SELECT * FROM blog WHERE id = ?",array($id));
$results = $query->first();
}
?>
<div id="page-wrapper">
<div class="container">
<?=resultBlock($errors,$successes);?>
<?=$validation->display_errors();?>
<div class="well">
<h1>Edit Blog Post</h1>
<div class="row">
<div class="col-xs-12 col-md-10">
<form class="form-group" action="" name="updatePost" method="post" enctype="multipart/form-data">
<table class="table">
<tr>
<td width="100px"><a href="#" data-toggle="modal" data-target="#image"><img src="<?=$results->image?>" width="100px" height="100px" alt="<?=$results->title?>" /></a></td>
<td><label>Title</label> <input type="text" class="form-control" name="title" maxlength="255" value="<?=$results->title?>" required />
<?php // <label>Featured Image</label> <input type="file" class="form-control" name="fileToUpload" id="fileToUpload" required /> ?>
<label>Content</label>
<textarea class="form-control" name="content" id="content" ><?=$results->content?></textarea></td>
</tr></table>
<label>Delete this post? <input type="checkbox" name="delete" /> </label>
<input required type="hidden" name="csrf" value="<?=Token::generate();?>" >
<br /><div class="pull-right"><div class="btn-group"><input type="submit" name="updatePost" value="Update Post" class="btn btn-success" /></div>
<div class="btn-group"><a href="adminblog.php" class="btn btn-danger">Cancel</a></div></div>
</form>
</div>
</div>
</div>
<div id="image" class="modal fade" role="dialog">
<div class="modal-dialog">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Update Image</h4>
</div>
<div class="modal-body">
<label>Current Image</label><br />
<img src="<?=$results->image?>" width="250px" height="250px" alt="<?=$results->title?>" />
<form class="form-group" action="" name="updateImage" method="post" enctype="multipart/form-data">
<label>New Image</label> <input type="file" class="form-control" name="fileToUpload" id="fileToUpload" required />
</div>
<div class="modal-footer">
<div class="btn-group"><input class='btn btn-success' type='submit' name="updateImage" value='Update Image' class='submit' /></div></form>
<div class="btn-group"><button type="button" class="btn btn-default" data-dismiss="modal">Close</button></div>
</div>
</div>
</div>
</div>
</div> <!-- /container -->
</div> <!-- /#page-wrapper -->
<!-- footers -->
<?php require_once $abs_us_root.$us_url_root.'users/includes/page_footer.php'; // the final html footer copyright row + the external js calls ?>
<!-- Place any per-page javascript here -->
<?php if ($settings->wys == 1){ ?>
<script src='//cdn.tinymce.com/4/tinymce.min.js'></script>
<script>
tinymce.init({
selector: '#content'
});
</script>
<?php } ?>
<?php require_once $abs_us_root.$us_url_root.'users/includes/html_footer.php'; // currently just the closing /body and /html ?> Pasted: Aug 23, 2017, 10:52:52 pm
Views: 18