search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Vanilla commit.
[tinybbs.git] / edit_content.php
blobfb47a318305b25322115a39c97b07fb34bdbc00f
1 <?php
2
3 require('includes/header.php');
4
5 if( ! $administrator)
6 {
7 add_error('You are not wise enough.', true);
8 }
9
10 $page_data = array();
11
12 if($_POST['form_sent'])
13 {
14 $page_data['url'] = ltrim($_POST['url'], '/');
15 $page_data['title'] = $_POST['title'];
16 $page_data['content'] = $_POST['content'];
17 }
18
19 if($_GET['edit'])
20 {
21 if( ! ctype_digit($_GET['edit']))
22 {
23 add_error('Invalid page ID.', true);
24 }
25
26 $stmt = $link->prepare('SELECT url, page_title, content FROM pages WHERE id = ?');
27 $stmt->bind_param('i', $_GET['edit']);
28 $stmt->execute();
29 $stmt->store_result();
30 if($stmt->num_rows < 1)
31 {
32 $page_title = 'Non-existent page';
33 add_error('There is no page with that ID.', true);
34 }
35 if( ! $_POST['form_sent'])
36 {
37 $stmt->bind_result($page_data['url'], $page_data['title'], $page_data['content']);
38 $stmt->fetch();
39 }
40 $stmt->close();
41
42 $editing = true;
43 $page_title = 'Editing page: <a href="/' . $page_data['url'] . '">' . htmlspecialchars($page_data['title']) . '</a>';
44
45 $page_data['id'] = $_GET['edit'];
46 }
47 else // new page
48 {
49 $page_title = 'New page';
50 if( ! empty($page_data['title']))
51 {
52 $page_title .= ': ' . htmlspecialchars($page_data['title']);
53 }
54 }
55
56 if($_POST['post'])
57 {
58 check_token();
59
60 if(empty($page_data['url']))
61 {
62 add_error('A path is required.');
63 }
64
65 if( ! $erred)
66 {
67 // Undo the effects of sanitize_for_textarea:
68 $page_data['content'] = str_replace('&#47;textarea', '/textarea', $page_data['content']);
69
70 if($editing)
71 {
72 $edit_page = $link->prepare('UPDATE pages SET url = ?, page_title = ?, content = ? WHERE id = ?');
73 $edit_page->bind_param('sssi', $page_data['url'], $page_data['title'], $page_data['content'], $page_data['id']);
74 $edit_page->execute();
75 $edit_page->close();
76
77 $notice = 'Page successfully edited.';
78 }
79 else // new page
80 {
81 $add_page = $link->prepare('INSERT INTO pages (url, page_title, content) VALUES (?, ?, ?)');
82 $add_page->bind_param('sss', $page_data['url'], $page_data['title'], $page_data['content']);
83 $add_page->execute();
84 $add_page->close();
85
86 $notice = 'Page successfully created.';
87 }
88
89 redirect($notice, $page_data['url']);
90 }
91 }
92
93 print_errors();
94
95 if( $_POST['preview'] && ! empty($page_data['content']) && check_token() )
96 {
97 echo '<h3 id="preview">Preview</h3><div class="body standalone"> <h2>' . $page_data['title'] . '</h2>' . $page_data['content'] . '</div>';
98 }
99
100 ?>
101
102 <form action="" method="post">
103 <?php csrf_token() ?>
104 <div class="noscreen">
105 <input type="hidden" name="form_sent" value="1" />
106 </div>
107
108 <div class="row">
109 <label for="url">Path</label>
110 <input id="url" name="url" value="<?php echo htmlspecialchars($page_data['url']) ?>" />
111 </div>
112
113 <div class="row">
114 <label for="title">Page title</label>
115 <input id="title" name="title" value="<?php echo htmlspecialchars($page_data['title']) ?>" />
116 </div>
117
118 <div class="row">
119 <textarea id="content" name="content" cols="120" rows="18"><?php echo sanitize_for_textarea($page_data['content']) ?></textarea>
120 <p>Use pure HTML.</p>
121 </div>
122
123 <div class="row">
124 <input type="submit" name="preview" value="Preview" class="inline" />
125 <input type="submit" name="post" value="Submit" class="inline">
126 </div>
127 </form>
128
129 <?php
130
131 require('includes/footer.php');
132
133 ?>
Tiny Bulletin Board System