1 files changed, 224 insertions, 0 deletions
diff --git a/admin/editPost.php b/admin/editPost.php
new file mode 100644
index 0000000..b01d1e2
--- /dev/null
+++ b/admin/editPost.php

@@ -0,0 +1,224 @@
+<?php
+/*
+       444444444  
+      4::::::::4  
+     4:::::::::4  
+    4::::44::::4  
+   4::::4 4::::4   Four Island
+  4::::4  4::::4  
+ 4::::4   4::::4   Written and maintained by Starla Insigna
+4::::444444::::444
+4::::::::::::::::4  admin/editPost.php
+4444444444:::::444
+          4::::4   Please do not use, reproduce or steal the
+          4::::4   contents of this file without explicit
+          4::::4   permission from Hatkirby.
+        44::::::44
+        4::::::::4
+        4444444444
+*/
+if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
+require('headerproc.php');
+$category = 'posts';
+if ($_GET['type'] == 'updates')
+{
+        $pageaid = 'posts';
+} else {
+        $pageaid = $_GET['type'];
+}
+$tableToForm = array(   'drafts' => 'draft',
+                        'pending' => 'article',
+                        'updates' => 'instant');
+$tableToTags = array(   'drafts' => 'draft',
+                        'pending' => 'pending',
+                        'updates' => 'published');
+if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id']))
+{
+        generateError('404');
+} else if (!(($_GET['type'] == 'drafts') || ($_GET['type'] == 'pending') || ($_GET['type'] == 'updates')))
+{
+        generateError('404');
+} else {
+        $getpost = 'SELECT * FROM ' . $_GET['type'] . ' WHERE id = ' . $_GET['id'];
+        $getpost2 = mysql_query($getpost);
+        $getpost3 = mysql_fetch_array($getpost2);
+        if ($getpost3['id'] == $_GET['id'])
+        {
+                $template = new FITemplate('admin/writePost');
+                $template->add('TITLE', 'Edit Post');
+                if (isset($_GET['submit']))
+                {
+                        if (empty($_POST['title']))
+                        {
+                                $errors[] = array(      'field' => 'title',
+                                                        'text' => 'Title is a required field');
+                        }
+                        if (empty($_POST['text']))
+                        {
+                                $errors[] = array(      'field' => 'text',
+                                                        'text' => 'The content of a blog post cannot be empty');
+                        }
+                        if (empty($_POST['tags']))
+                        {
+                                $errors[] = array(      'field' => 'tags',
+                                                        'text' => 'Tags is a required field');
+                        }
+                        if (
+                                (strpos($_POST['tags'], ',') === 0) ||
+                                (strrpos($_POST['tags'], ',') === strlen($_POST['tags'])-1) ||
+                                (strpos($_POST['tags'], ',,') !== FALSE)
+                        )
+                        {
+                                $errors[] = array(      'field' => 'tags',
+                                                        'text' => 'Blank tags are not allowed');
+                        }
+                        if (empty($_POST['type']))
+                        {
+                                $errors[] = array(      'field' => 'type',
+                                                        'text' => 'Type is a required field');
+                        }
+        
+                        if (isset($errors))
+                        {
+                                $template->adds_block('ISERROR',array('exi'=>1));
+                                $eid = 0;
+                                foreach ($errors as $error)
+                                {
+                                        $template->adds_block('ERROR', array(   'ID' => $eid,
+                                                                                'TEXT' => $error['text']));
+                                        $template->add('IS' . strtoupper($error['field']) . 'ERROR', ' error');
+                                        $template->adds_block(strtoupper($error['field']) . 'ERROR', array(     'ID' => $eid,
+                                                                                                                'TEXT' => $error['text']));
+                                        $eid++;
+                                }
+                                $template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&amp;id=' . $_GET['id'] . '&amp;submit=');
+                        } else {
+                                $tags = explode(',', $_POST['tags']);
+                                removeTags($_GET['id'], $tableToTags[$_GET['type']]);
+                                if ($tableToForm[$_GET['type']] != $_POST['type'])
+                                {
+                                        $delold = "DELETE FROM " . $_GET['type'] . " WHERE id = " . $_GET['id'];
+                                        $delold2 = mysql_query($delold);
+                                        if ($_POST['type'] == 'draft')
+                                        {
+                                                $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
+                                                $insdraft2 = mysql_query($insdraft);
+                                                $id = mysql_insert_id();
+                                                $type = 'drafts';
+                                                addTags($id, $tags, 'draft');
+                                        } else if ($_POST['type'] == 'instant')
+                                        {
+                                                $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
+                                                $type = 'updates';
+                                        } else {
+                                                if ($_POST['type'] == 'article')
+                                                {
+                                                        $getpending = "SELECT * FROM pending ORDER BY id DESC LIMIT 0,1";
+                                                        $getpending2 = mysql_query($getpending);
+                                                        $getpending3 = mysql_fetch_array($getpending2);
+                                                        if (isset($getpending3['id']) === FALSE)
+                                                        {
+                                                                $id = 50;
+                                                        } else {
+                                                                $id = $getpending3['id']+1;
+                                                        }
+                                                } else if ($_POST['type'] == 'high')
+                                                {
+                                                        $getpending = "SELECT * FROM pending ORDER BY id ASC LIMIT 0,1";
+                                                        $getpending2 = mysql_query($getpending);
+                                                        $getpending3 = mysql_fetch_array($getpending2);
+                                                        if (isset($getpending3['id']) === FALSE)
+                                                        {
+                                                                $id = 50;
+                                                        } else {
+                                                                $id = $getpending3['id']-1;
+                                                        }
+                                                }
+                                                $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
+                                                $inspending2 = mysql_query($inspending);
+                                                $type = 'pending';
+                                                addTags($id, $tags, 'pending');
+                                        }
+                                } else if ($_POST['type'] == 'draft')
+                                {
+                                        $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
+                                        $setdraft2 = mysql_query($setdraft);
+                                        $type = 'drafts';
+                                        $id = $_GET['id'];
+                                        addTags($_GET['id'], $tags, 'draft');
+                                } else if ($_POST['type'] == 'article')
+                                {
+                                        $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
+                                        $setpending2 = mysql_query($setpending);
+                                        $type = 'pending';
+                                        $id = $_GET['id'];
+                                        addTags($_GET['id'], $tags, 'pending');
+                                } else if ($_POST['type'] == 'instant')
+                                {
+                                        $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
+                                        $setpost2 = mysql_query($setpost);
+                                        $type = 'updates';
+                                        $id = $_GET['id'];
+                                        addTags($_GET['id'], $tags);
+                                }
+                                if ($type == 'updates')
+                                {
+                                        $getpost = "SELECT * FROM updates WHERE id = " . $id;
+                                        $getpost2 = mysql_query($getpost);
+                                        $getpost3 = mysql_fetch_array($getpost2);
+                                        $url = '/blog/' . $getpost3['slug'] . '/';
+                                } else {
+                                        $url = '/viewPost.php?type=' . $type . '&amp;id=' . $id;
+                                }
+                                $template->adds_block('FLASH', array('TEXT' => 'Your post has been sucessfully edited. <a href="' . $url . '">View post</a>.'));
+                                $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&amp;id=' . $id . '&amp;submit=');
+                        }
+                        $template->add('TITLEVALUE', $_POST['title']);
+                        $template->add('TEXTVALUE', $_POST['text']);
+                        $template->add('TAGSVALUE', $_POST['tags']);
+                        $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
+                        if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
+                } else {
+                        $template->add('TITLEVALUE', $getpost3['title']);
+                        $template->add('TEXTVALUE', $getpost3['text']);
+                        $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
+                        $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
+                        if ($_GET['type'] != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
+                        $template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&amp;id=' . $_GET['id'] . '&amp;submit=');
+                }
+                $template->display();
+        } else {
+                generateError('404');
+        }
+}
+?>

diff --git a/admin/editPost.php b/admin/editPost.php new file mode 100644 index 0000000..b01d1e2 --- /dev/null +++ b/admin/editPost.php
@@ -0,0 +1,224 @@
	1	<?php
	2	/*
	3	444444444
	4	4::::::::4
	5	4:::::::::4
	6	4::::44::::4
	7	4::::4 4::::4 Four Island
	8	4::::4 4::::4
	9	4::::4 4::::4 Written and maintained by Starla Insigna
	10	4::::444444::::444
	11	4::::::::::::::::4 admin/editPost.php
	12	4444444444:::::444
	13	4::::4 Please do not use, reproduce or steal the
	14	4::::4 contents of this file without explicit
	15	4::::4 permission from Hatkirby.
	16	44::::::44
	17	4::::::::4
	18	4444444444
	19	*/
	20
	21	if (!defined('S_INCLUDE_FILE')) {define('S_INCLUDE_FILE',1);}
	22
	23	require('headerproc.php');
	24
	25	$category = 'posts';
	26
	27	if ($_GET['type'] == 'updates')
	28	{
	29	$pageaid = 'posts';
	30	} else {
	31	$pageaid = $_GET['type'];
	32	}
	33
	34	$tableToForm = array( 'drafts' => 'draft',
	35	'pending' => 'article',
	36	'updates' => 'instant');
	37	$tableToTags = array( 'drafts' => 'draft',
	38	'pending' => 'pending',
	39	'updates' => 'published');
	40
	41	if (!isset($_GET['type']) \|\| !isset($_GET['id']) \|\| !is_numeric($_GET['id']))
	42	{
	43	generateError('404');
	44	} else if (!(($_GET['type'] == 'drafts') \|\| ($_GET['type'] == 'pending') \|\| ($_GET['type'] == 'updates')))
	45	{
	46	generateError('404');
	47	} else {
	48	$getpost = 'SELECT * FROM ' . $_GET['type'] . ' WHERE id = ' . $_GET['id'];
	49	$getpost2 = mysql_query($getpost);
	50	$getpost3 = mysql_fetch_array($getpost2);
	51
	52	if ($getpost3['id'] == $_GET['id'])
	53	{
	54	$template = new FITemplate('admin/writePost');
	55
	56	$template->add('TITLE', 'Edit Post');
	57
	58	if (isset($_GET['submit']))
	59	{
	60	if (empty($_POST['title']))
	61	{
	62	$errors[] = array( 'field' => 'title',
	63	'text' => 'Title is a required field');
	64	}
	65
	66	if (empty($_POST['text']))
	67	{
	68	$errors[] = array( 'field' => 'text',
	69	'text' => 'The content of a blog post cannot be empty');
	70	}
	71
	72	if (empty($_POST['tags']))
	73	{
	74	$errors[] = array( 'field' => 'tags',
	75	'text' => 'Tags is a required field');
	76	}
	77
	78	if (
	79	(strpos($_POST['tags'], ',') === 0) \|\|
	80	(strrpos($_POST['tags'], ',') === strlen($_POST['tags'])-1) \|\|
	81	(strpos($_POST['tags'], ',,') !== FALSE)
	82	)
	83	{
	84	$errors[] = array( 'field' => 'tags',
	85	'text' => 'Blank tags are not allowed');
	86	}
	87
	88	if (empty($_POST['type']))
	89	{
	90	$errors[] = array( 'field' => 'type',
	91	'text' => 'Type is a required field');
	92	}
	93
	94	if (isset($errors))
	95	{
	96	$template->adds_block('ISERROR',array('exi'=>1));
	97
	98	$eid = 0;
	99	foreach ($errors as $error)
	100	{
	101	$template->adds_block('ERROR', array( 'ID' => $eid,
	102	'TEXT' => $error['text']));
	103	$template->add('IS' . strtoupper($error['field']) . 'ERROR', ' error');
	104	$template->adds_block(strtoupper($error['field']) . 'ERROR', array( 'ID' => $eid,
	105	'TEXT' => $error['text']));
	106
	107	$eid++;
	108	}
	109
	110	$template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&submit=');
	111	} else {
	112	$tags = explode(',', $_POST['tags']);
	113	removeTags($_GET['id'], $tableToTags[$_GET['type']]);
	114
	115	if ($tableToForm[$_GET['type']] != $_POST['type'])
	116	{
	117	$delold = "DELETE FROM " . $_GET['type'] . " WHERE id = " . $_GET['id'];
	118	$delold2 = mysql_query($delold);
	119
	120	if ($_POST['type'] == 'draft')
	121	{
	122	$insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
	123	$insdraft2 = mysql_query($insdraft);
	124
	125	$id = mysql_insert_id();
	126	$type = 'drafts';
	127	addTags($id, $tags, 'draft');
	128	} else if ($_POST['type'] == 'instant')
	129	{
	130	$id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']);
	131	$type = 'updates';
	132	} else {
	133	if ($_POST['type'] == 'article')
	134	{
	135	$getpending = "SELECT * FROM pending ORDER BY id DESC LIMIT 0,1";
	136	$getpending2 = mysql_query($getpending);
	137	$getpending3 = mysql_fetch_array($getpending2);
	138	if (isset($getpending3['id']) === FALSE)
	139	{
	140	$id = 50;
	141	} else {
	142	$id = $getpending3['id']+1;
	143	}
	144	} else if ($_POST['type'] == 'high')
	145	{
	146	$getpending = "SELECT * FROM pending ORDER BY id ASC LIMIT 0,1";
	147	$getpending2 = mysql_query($getpending);
	148	$getpending3 = mysql_fetch_array($getpending2);
	149	if (isset($getpending3['id']) === FALSE)
	150	{
	151	$id = 50;
	152	} else {
	153	$id = $getpending3['id']-1;
	154	}
	155	}
	156
	157	$inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")";
	158	$inspending2 = mysql_query($inspending);
	159
	160	$type = 'pending';
	161	addTags($id, $tags, 'pending');
	162	}
	163	} else if ($_POST['type'] == 'draft')
	164	{
	165	$setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
	166	$setdraft2 = mysql_query($setdraft);
	167
	168	$type = 'drafts';
	169	$id = $_GET['id'];
	170	addTags($_GET['id'], $tags, 'draft');
	171	} else if ($_POST['type'] == 'article')
	172	{
	173	$setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
	174	$setpending2 = mysql_query($setpending);
	175
	176	$type = 'pending';
	177	$id = $_GET['id'];
	178	addTags($_GET['id'], $tags, 'pending');
	179	} else if ($_POST['type'] == 'instant')
	180	{
	181	$setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id'];
	182	$setpost2 = mysql_query($setpost);
	183
	184	$type = 'updates';
	185	$id = $_GET['id'];
	186	addTags($_GET['id'], $tags);
	187	}
	188
	189	if ($type == 'updates')
	190	{
	191	$getpost = "SELECT * FROM updates WHERE id = " . $id;
	192	$getpost2 = mysql_query($getpost);
	193	$getpost3 = mysql_fetch_array($getpost2);
	194
	195	$url = '/blog/' . $getpost3['slug'] . '/';
	196	} else {
	197	$url = '/viewPost.php?type=' . $type . '&id=' . $id;
	198	}
	199
	200	$template->adds_block('FLASH', array('TEXT' => 'Your post has been sucessfully edited. <a href="' . $url . '">View post</a>.'));
	201	$template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit=');
	202	}
	203
	204	$template->add('TITLEVALUE', $_POST['title']);
	205	$template->add('TEXTVALUE', $_POST['text']);
	206	$template->add('TAGSVALUE', $_POST['tags']);
	207	$template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"');
	208	if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"');
	209	} else {
	210	$template->add('TITLEVALUE', $getpost3['title']);
	211	$template->add('TEXTVALUE', $getpost3['text']);
	212	$template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']])));
	213	$template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"');
	214	if ($_GET['type'] != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"');
	215	$template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&submit=');
	216	}
	217
	218	$template->display();
	219	} else {
	220	generateError('404');
	221	}
	222	}
	223
	224	?>