forked from Philipinho/Simple-PHP-Blog
-
-
Notifications
You must be signed in to change notification settings - Fork 0
/
edit.php
85 lines (73 loc) · 2.54 KB
/
edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
<?php
require_once 'includes.php';
# Turn on debug mode, and show all errors.
if (DEBUG_MODE == true) {
error_reporting(E_ALL);
ini_set("display_errors", 1);
}
$tpl = new Template('templates/' . TEMPALTE); // Creates the tpl object so we can reuse it
$intFunctions = new internalFunctions; // Creates the internalFunction object so we can call various functions (e.g. sending the header & footer)
$ValidateInt = array( // Sets an option for the FILTER_VALIDATE_INT to allow anything above 0 and is an INT
'options' => array(
'min_range' => 0,
)
);
// Check if the user is logged in
if (!checkedLoggedIn()){
$intFunctions->callHeader(2,SITE_URL . 'login.php');
print $tpl->render('login', array(
'url_path' => SITE_URL,
'Login_Required' => true
));
$intFunctions->callFooter();
die();
}
$intFunctions->callHeader(); // Call for the header
$id = (int)filter_var($_GET['id'], FILTER_VALIDATE_INT);
if ($id < 1) {
header("location: " . SITE_URL);
}
$sql = "SELECT * FROM posts WHERE id = '$id'";
$result = mysqli_query($dbcon, $sql);
if (mysqli_num_rows($result) == 0) {
header("location: index.php");
}
$row = mysqli_fetch_assoc($result);
$id = $row['id'];
$title = $row['title'];
$description = $row['description'];
$slug = $row['slug'];
$permalink = "p/" . $id . "/" . $slug;
if (isset($_POST['update'])) {
$id = (int)filter_var($_GET['id'], FILTER_VALIDATE_INT);
$title = mysqli_real_escape_string($dbcon, $_POST['title']);
$description = mysqli_real_escape_string($dbcon, $_POST['description']);
$slug = slug(mysqli_real_escape_string($dbcon, $_POST['slug']));
$permalink = "p/" . $id . "/" . $slug;
$sql2 = "UPDATE posts SET title = '$title', description = '$description', slug = '$slug' WHERE id = $id";
if (mysqli_query($dbcon, $sql2)) {
echo '<meta http-equiv="refresh" content="0">';
} else {
print $tpl->render('edit', array(
'url_path' => SITE_URL,
'CurrentID' => $id,
'Slug' => $slug,
'Title' => $title,
'Description' => $description,
'permalink' => $permalink,
'ErrorMessage' => mysqli_connect_error(),
'Edit_Failed' => true
));
}
}
print $tpl->render('edit', array(
'url_path' => SITE_URL,
'CurrentID' => $id,
'Slug' => $slug,
'Title' => $title,
'Description' => $description,
'permalink' => $permalink,
'Edit' => true
));
mysqli_close($dbcon);
$intFunctions->callFooter();