save.php

   1 <?php
   2
   3 require 'includes/config.inc.php';
   4 require INCLUDES_PATH.'prepend.php';
   5
   6 $tpl = new templates();
   7
   8 $tpl->action = 'save.php';
   9
  10 $tpl->addFile('_begin','header.tpl.php');
  11 $tpl->addFile('_end','footer.tpl.php');
  12 $tpl->addFile('save','save.tpl.php');
  13
  14 $tpl->password_fail = false;
  15 $tpl->input_title = (!empty($_POST['title'])) ? trim($_POST['title']) : 'Your title...';
  16 $tpl->input_text = (!empty($_POST['text'])) ? trim($_POST['text']) : 'Your news...';
  17
  18 $tpl->title = "AYANS save news";
  19
  20 if (isset($_POST['password']) && PASSWORD != sha1($_POST['password'])) {
  21         $tpl->password_fail = true;
  22 } elseif (isset($_POST['password']) && PASSWORD == sha1($_POST['password'])) {
  23     try {
  24         $pdo = new PDO(DBH);
  25
  26         $dq = $pdo->exec('INSERT INTO news (title, text, author, postedon) VALUES('.
  27             $pdo->quote($tpl->input_title).','.
  28             $pdo->quote($tpl->input_text).','.
  29             $pdo->quote('xrogaan').','.
  30             $pdo->quote(time()).')');
  31
  32         if ($dq === false) {
  33             echo "\nPDO::error : ";
  34             $x = $pdo->errorInfo();
  35             echo 'errorCode: ',$x[0],'<br/>errorMessage: ',$x[2];
  36             die;
  37         }
  38
  39         $news = new news_node();
  40         $news->add_filter('Markdown','text');
  41         $news->add_filter('htmlentities','title');
  42         $news->add_filter('set_bolder','author');
  43         $news->setPDO($pdo);
  44         $news->render(true);
  45     } catch  (PDOException $e) {
  46         die("pdo: ".$e->getMessage());
  47     }
  48         header('Location: index.php#n-'.$pdo->lastInsertId());
  49         die;
  50
  51 }
  52
  53 $tpl->render('save');
  54
  55 ?>