'draft', 'pending' => 'article', 'updates' => 'instant'); $tableToTags = array( 'drafts' => 'draft', 'pending' => 'pending', 'updates' => 'published'); if (!isset($_GET['type']) || !isset($_GET['id']) || !is_numeric($_GET['id'])) { generateError('404'); } else if (!(($_GET['type'] == 'drafts') || ($_GET['type'] == 'pending') || ($_GET['type'] == 'updates'))) { generateError('404'); } else { $getpost = 'SELECT * FROM ' . $_GET['type'] . ' WHERE id = ' . $_GET['id']; $getpost2 = mysql_query($getpost); $getpost3 = mysql_fetch_array($getpost2); if ($getpost3['id'] == $_GET['id']) { $template = new FITemplate('admin/writePost'); $template->add('TITLE', 'Edit Post'); if (isset($_GET['submit'])) { if (empty($_POST['title'])) { $errors[] = array( 'field' => 'title', 'text' => 'Title is a required field'); } if (empty($_POST['text'])) { $errors[] = array( 'field' => 'text', 'text' => 'The content of a blog post cannot be empty'); } if (empty($_POST['tags'])) { $errors[] = array( 'field' => 'tags', 'text' => 'Tags is a required field'); } if ( (strpos($_POST['tags'], ',') === 0) || (strrpos($_POST['tags'], ',') === strlen($_POST['tags'])-1) || (strpos($_POST['tags'], ',,') !== FALSE) ) { $errors[] = array( 'field' => 'tags', 'text' => 'Blank tags are not allowed'); } if (empty($_POST['type'])) { $errors[] = array( 'field' => 'type', 'text' => 'Type is a required field'); } if (isset($errors)) { $template->adds_block('ISERROR',array('exi'=>1)); $eid = 0; foreach ($errors as $error) { $template->adds_block('ERROR', array( 'ID' => $eid, 'TEXT' => $error['text'])); $template->add('IS' . strtoupper($error['field']) . 'ERROR', ' error'); $template->adds_block(strtoupper($error['field']) . 'ERROR', array( 'ID' => $eid, 'TEXT' => $error['text'])); $eid++; } $template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&submit='); } else { $tags = explode(',', $_POST['tags']); removeTags($_GET['id'], $tableToTags[$_GET['type']]); if ($tableToForm[$_GET['type']] != $_POST['type']) { $delold = "DELETE FROM " . $_GET['type'] . " WHERE id = " . $_GET['id']; $delold2 = mysql_query($delold); if ($_POST['type'] == 'draft') { $insdraft = "INSERT INTO drafts (title,author,text,slug) VALUES (\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $insdraft2 = mysql_query($insdraft); $id = mysql_insert_id(); $type = 'drafts'; addTags($id, $tags, 'draft'); } else if ($_POST['type'] == 'instant') { $id = postBlogPost($_POST['title'], getSessionUsername(), $tags, $_POST['text']); $type = 'updates'; } else { if ($_POST['type'] == 'article') { $getpending = "SELECT * FROM pending ORDER BY id DESC LIMIT 0,1"; $getpending2 = mysql_query($getpending); $getpending3 = mysql_fetch_array($getpending2); if (isset($getpending3['id']) === FALSE) { $id = 50; } else { $id = $getpending3['id']+1; } } else if ($_POST['type'] == 'high') { $getpending = "SELECT * FROM pending ORDER BY id ASC LIMIT 0,1"; $getpending2 = mysql_query($getpending); $getpending3 = mysql_fetch_array($getpending2); if (isset($getpending3['id']) === FALSE) { $id = 50; } else { $id = $getpending3['id']-1; } } $inspending = "INSERT INTO pending (id,title,author,text,slug) VALUES (" . $id . ",\"" . mysql_real_escape_string($_POST['title']) . "\",\"" . getSessionUsername() . "\",\"" . mysql_real_escape_string($_POST['text']) . "\",\"" . generateSlug($_POST['title'],'updates') . "\")"; $inspending2 = mysql_query($inspending); $type = 'pending'; addTags($id, $tags, 'pending'); } } else if ($_POST['type'] == 'draft') { $setdraft = "UPDATE drafts SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setdraft2 = mysql_query($setdraft); $type = 'drafts'; $id = $_GET['id']; addTags($_GET['id'], $tags, 'draft'); } else if ($_POST['type'] == 'article') { $setpending = "UPDATE pending SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setpending2 = mysql_query($setpending); $type = 'pending'; $id = $_GET['id']; addTags($_GET['id'], $tags, 'pending'); } else if ($_POST['type'] == 'instant') { $setpost = "UPDATE updates SET title = \"" . mysql_real_escape_string($_POST['title']) . "\", text = \"" . mysql_real_escape_string($_POST['text']) . "\" WHERE id = " . $_GET['id']; $setpost2 = mysql_query($setpost); $type = 'updates'; $id = $_GET['id']; addTags($_GET['id'], $tags); } if ($type == 'updates') { $getpost = "SELECT * FROM updates WHERE id = " . $id; $getpost2 = mysql_query($getpost); $getpost3 = mysql_fetch_array($getpost2); $url = '/blog/' . $getpost3['slug'] . '/'; } else { $url = '/viewPost.php?type=' . $type . '&id=' . $id; } $template->adds_block('FLASH', array('TEXT' => 'Your post has been sucessfully edited. View post.')); $template->add('ACTION', '/admin/editPost.php?type=' . $type . '&id=' . $id . '&submit='); } $template->add('TITLEVALUE', htmlspecialchars($_POST['title'])); $template->add('TEXTVALUE', $_POST['text']); $template->add('TAGSVALUE', $_POST['tags']); $template->add(strtoupper($_POST['type']) . 'SELECTED', ' checked="checked"'); if ($_POST['type'] != 'draft') $template->add('TAGSDISABLED', ' readonly="readonly"'); } else { $template->add('TITLEVALUE', htmlspecialchars($getpost3['title'])); $template->add('TEXTVALUE', $getpost3['text']); $template->add('TAGSVALUE', implode(',', getTags($_GET['id'], $tableToTags[$_GET['type']]))); $template->add(strtoupper($tableToForm[$_GET['type']]) . 'SELECTED', ' checked="checked"'); if ($_GET['type'] != 'drafts') $template->add('TAGSDISABLED', ' readonly="readonly"'); $template->add('ACTION', '/admin/editPost.php?type=' . $_GET['type'] . '&id=' . $_GET['id'] . '&submit='); } $template->display(); } else { generateError('404'); } } ?>