break;
case ERR::PERMIS_FAIL:
echo "You must <a href='login.php'>log in</a> to do this.";
break;
case ERR::TOKEN_FAIL:
case ERR::TOKEN_EXPIRED:
case ERR::USER_NO_TOKEN:
echo "Your session has expired; please <a href='login.php'>log in</a> again.";
break;
case ERR::UNKNOWN:
default:
echo "An unknown error occurred. Please try again later. Error Code: " . $result[SP::ERROR];
break;
}
} elseif (isset($_POST['editid'])) {
$result = editPost($db, $_SESSION['id'], $_POST['editid'], $_POST['content'], $_SESSION['token']);
switch ($result[SP::ERROR]) {
case ERR::OK:
$info = multigetPostDetails($db, $_SESSION['id'], array($_POST['editid']))[$_POST['editid']];
echo "Post made successfully! <a href='threadview.php?threadid=" . $info[POST::THREAD_ID] . "&postid=" . $_POST['editid'] . "'>Back to thread</a>.";
break;
case ERR::THREAD_LOCKED:
echo "The specified thread is locked.";
break;
case ERR::PERMIS_FAIL:
echo "You do not have sufficient permissions to do this.";
break;
case ERR::TOKEN_FAIL:
case ERR::TOKEN_EXPIRED:
case ERR::USER_NO_TOKEN:
echo "Your session has expired; please <a href='login.php'>log in</a> again.";
$errors = array();
if ($_POST) {
// Validate these first
$title = $_POST['post-title'];
if (!$title) {
$errors[] = 'The post must have a title';
}
$body = $_POST['post-body'];
if (!$body) {
$errors[] = 'The post must have a body';
}
if (!$errors) {
$pdo = getPDO();
// Decide if we are editing or adding
if ($postId) {
editPost($pdo, $title, $body, $postId);
} else {
$userId = getAuthUserId($pdo);
$postId = addPost($pdo, $title, $body, $userId);
if ($postId === false) {
$errors[] = 'Post operation failed';
}
}
}
if (!$errors) {
redirectAndExit('edit-post.php?post_id=' . $postId);
}
}
?>
<!DOCTYPE html>
if ($dbPosts->delete($key)) {
// Reindex tags, this function is in 70.posts.php
reIndexTagsPosts();
Alert::set($Language->g('The post has been deleted successfully'));
Redirect::page('admin', 'manage-posts');
} else {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the post.');
}
}
// ============================================================================
// Main before POST
// ============================================================================
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['delete-post'])) {
deletePost($_POST['key']);
} else {
editPost($_POST);
}
}
// ============================================================================
// Main after POST
// ============================================================================
if (!$dbPosts->postExists($layout['parameters'])) {
Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to get the post: ' . $layout['parameters']);
Redirect::page('admin', 'manage-posts');
}
$_Post = buildPost($layout['parameters']);
$layout['title'] .= ' - ' . $Language->g('Edit post') . ' - ' . $_Post->title();
<?php include 'db-connection.php'; require 'posts.php'; session_start(); $post_id = filter_input(INPUT_POST, 'postId'); $post = filter_input(INPUT_POST, 'post'); $user_id = $_SESSION['user_id']; $status = editPost($post_id, $post, $user_id); echo $status;
editComment();
}
if ($request == "comment-delete") {
deleteComment();
}
if ($request == "comment-thumb-up") {
thumbUp();
}
if ($request == "comment-thumb-down") {
thumbDown();
}
if ($request == "post-add") {
addPost();
}
if ($request == "post-edit") {
editPost();
}
if ($request == "post-delete") {
deletePost();
}
function escapeText($text)
{
$result = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">" . $text;
$dom = new DOMDocument();
$dom->loadHTML($result);
$script = $dom->getElementsByTagName('script');
$remove = [];
foreach ($script as $item) {
$remove[] = $item;
}
foreach ($remove as $item) {
function blog_admin_controller()
{
$Blog = new Blog();
getBlogUserPermissions();
global $blogUserPermissions, $SITEURL;
if (!isset($_GET['update'])) {
$update = blog_version_check();
if ($update[0] == 'current') {
$ucolor = '#308000';
} elseif ($update[0] == 'update') {
$ucolor = '#FFA500';
} elseif ($update[0] == 'beta') {
$ucolor = '#2B5CB3';
} else {
$ucolor = '#D94136';
}
} else {
$ucolor = '#777777';
}
if (isset($_GET['edit_post']) && $blogUserPermissions['blogeditpost'] == true) {
editPost($_GET['edit_post']);
} elseif (isset($_GET['create_post']) && $blogUserPermissions['blogcreatepost'] == true) {
editPost();
} elseif (isset($_GET['categories']) && $blogUserPermissions['blogcategories'] == true) {
if (isset($_GET['edit_category'])) {
$add_category = $Blog->saveCategory($_POST['new_category']);
if ($add_category == true) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/CATEGORY_ADDED') . '</div>';
} else {
echo '<div class="error">' . i18n_r(BLOGFILE . '/CATEGORY_ERROR') . '</div>';
}
}
if (isset($_GET['delete_category'])) {
$Blog->deleteCategory($_GET['delete_category']);
}
#edit_categories
$category_file = getXML(BLOGCATEGORYFILE);
require_once 'html/category-management.php';
} elseif (isset($_GET['auto_importer']) && $blogUserPermissions['blogrssimporter'] == true) {
if (isset($_POST['post-rss'])) {
$post_data = array();
$post_data['name'] = $_POST['post-rss'];
$post_data['category'] = $_POST['post-category'];
$add_feed = $Blog->saveRSS($post_data);
if ($add_feed == true) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/FEED_ADDED') . '</div>';
} else {
echo '<div class="error">' . i18n_r(BLOGFILE . '/FEED_ERROR') . '</div>';
}
} elseif (isset($_GET['delete_rss'])) {
$delete_feed = $Blog->deleteRSS($_GET['delete_rss']);
if ($delete_feed == true) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/FEED_DELETED') . '</div>';
} else {
echo '<div class="error">' . i18n_r(BLOGFILE . '/FEED_DELETE_ERROR') . '</div>';
}
}
#edit_rss
$rss_file = getXML(BLOGRSSFILE);
require_once 'html/feed-management.php';
} elseif (isset($_GET['settings']) && $blogUserPermissions['blogsettings'] == true) {
show_settings_admin();
} elseif (isset($_GET['update']) && $blogUserPermissions['blogsettings'] == true) {
show_update_admin();
} elseif (isset($_GET['help']) && $blogUserPermissions['bloghelp'] == true) {
require_once 'html/help-admin.php';
} elseif (isset($_GET['custom_fields']) && $blogUserPermissions['blogcustomfields'] == true) {
$CustomFields = new customFields();
if (isset($_POST['save_custom_fields'])) {
$saveCustomFields = $CustomFields->saveCustomFields();
if ($saveCustomFields) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/EDIT_OK') . '</div>';
}
}
show_custom_fields();
} else {
if (isset($_GET['save_post'])) {
savePost();
} elseif (isset($_GET['delete_post']) && $blogUserPermissions['blogdeletepost'] == true) {
$post_id = urldecode($_GET['delete_post']);
$delete_post = $Blog->deletePost($post_id);
if ($delete_post == true) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/POST_DELETED') . '</div>';
} else {
echo '<div class="error">' . i18n(BLOGFILE . '/FEED_DELETE_ERROR') . '</div>';
}
}
#show_posts_admin
$all_posts = $Blog->listPosts(true, true);
// Get a list of all the posts in the blog
require_once 'html/posts-admin.php';
// Bring in the HTML to show this section
}
}
<?php
require "session.php";
require "init.php";
require "header.php";
require 'function.php';
?>
<h2>Edit post</h2>
<form enctype="multipart/form-data" method="post">
<p>title:
<input type="text" name="title"/>
</p>
<p>body:
<textarea name="body"/></textarea>
</p>
<input name="filedata" type="file" />
<p>
<input type="submit" name="ok" value="Valider"/>
</p>
</form>
<?php
if (isset($_POST["title"]) && isset($_POST["body"])) {
editPost($_POST["title"], $_POST["body"], 14, 3);
} else {
die("manque d'information");
}
// database, and all the functions it calls are in the $loq object.
function identify_admin_archives()
{
return array('name' => 'archives', 'type' => 'builtin', 'nicename' => 'Archives Admin', 'description' => 'Edit archives', 'authors' => 'Eaden McKee, Tobias Schlottke', 'licence' => 'GPL', 'help' => '');
}
$loq->assign('form_type', 'edit');
$loq->get_modifiers();
$actions = array('delete', 'edit', 'postedit', 'filter', 'allowcomments');
if (isset($_POST['action']) && in_array($_POST['action'], $actions)) {
$postid = intval($_POST['postid']);
switch ($_POST['action']) {
case 'delete':
deletePost($loq, $postid);
break;
case 'edit':
editPost($loq, $postid);
break;
case 'postedit':
savePost($loq, $postid);
break;
case 'filter':
filterDisplay($loq);
break;
case 'allowcomments':
allowComments($loq, $postid);
break;
default:
//Unknown - handle this error
break;
}
} else {
$edited_post_time = date('Y-m-d H:i:s');
//grab all the stuff we need to edit the post
$post_id = $_POST['post_id'];
$post_query = "SELECT * FROM posts WHERE id='{$post_id}'";
$post_result = $conn->query($post_query);
$total_rows = $post_result->num_rows;
if ($total_rows == 0) {
giveError("Invalid Request.");
} else {
while ($row = $post_result->fetch_assoc()) {
$post_creator_id = $row['post_creator_id'];
$post_time = $row['post_time'];
$topic_id = $row['topic_id'];
$post_content = $row['post_content'];
}
editPost($edited_post_content, $edited_post_time, $post_id, $post_creator_id, $post_time, $topic_id, $post_content);
redirect("showmsg.php?topic_id={$topic_id}");
}
}
}
} else {
// post came from edit button
$id = $_REQUEST['id'];
$post_query = "SELECT * FROM `posts` WHERE id='{$id}'";
$post_result = $conn->query($post_query);
$total_rows = $post_result->num_rows;
if ($total_rows == 0) {
giveError("Invalid Post");
} else {
while ($row = $post_result->fetch_assoc()) {
$creator_id = $row['post_creator_id'];
<p>body:
<textarea name="body"/><?php
echo $post['body'];
?>
</textarea>
</p>
<input name="filedata" type="file" />
<p>
<input type="submit" name="ok" value="Valider"/>
</p>
</form>
<?php
if (isset($_POST["title"]) && isset($_POST["body"])) {
$user = getUser($_SESSION['login_user'], hash('haval256,5', trim($_SESSION['pwd_user'])));
$user_id = $user->fetch()['id'];
$uploaddir = 'img/';
$uploadfile = $uploaddir . basename($_FILES['filedata']['name']);
if (move_uploaded_file($_FILES['filedata']['tmp_name'], $uploadfile)) {
insert(basename($_FILES['filedata']['name']), $uploadfile, $_FILES['filedata']['type'], $_SESSION['login_user'], hash('haval256,5', trim($_SESSION['pwd_user'])));
} else {
echo "Attaque potentielle par téléchargement de fichiers.\n";
}
$lastId = addImage(basename($_FILES['filedata']['name']), $uploadfile, $_FILES['filedata']['type']);
editPost($_POST["title"], $_POST["body"], $lastId, $post['id'], $user_id);
header('Location: editPost.php?id=' . $post["id"]);
exit;
} else {
die("manque d'information");
}
/**
* Handles conditionals for admin functions
*
* @return void
*/
function blog_admin_controller()
{
$Blog = new Blog();
getBlogUserPermissions();
global $blogUserPermissions;
showAdminNav();
if (isset($_GET['edit_post']) && $blogUserPermissions['blogeditpost'] == true) {
editPost($_GET['edit_post']);
} elseif (isset($_GET['create_post']) && $blogUserPermissions['blogcreatepost'] == true) {
editPost();
} elseif (isset($_GET['categories']) && $blogUserPermissions['blogcategories'] == true) {
if (isset($_GET['edit_category'])) {
$add_category = $Blog->saveCategory($_POST['new_category']);
if ($add_category == true) {
echo '<div class="updated">';
i18n(BLOGFILE . '/CATEGORY_ADDED');
echo '</div>';
} else {
echo '<div class="error">';
i18n(BLOGFILE . '/CATEGORY_ERROR');
echo '</div>';
}
}
if (isset($_GET['delete_category'])) {
$Blog->deleteCategory($_GET['delete_category']);
}
edit_categories();
} elseif (isset($_GET['auto_importer']) && $blogUserPermissions['blogrssimporter'] == true) {
if (isset($_POST['post-rss'])) {
$post_data = array();
$post_data['name'] = $_POST['post-rss'];
$post_data['category'] = $_POST['post-category'];
$add_feed = $Blog->saveRSS($post_data);
if ($add_feed == true) {
echo '<div class="updated">';
i18n(BLOGFILE . '/FEED_ADDED');
echo '</div>';
} else {
echo '<div class="error">';
i18n(BLOGFILE . '/FEED_ERROR');
echo '</div>';
}
} elseif (isset($_GET['delete_rss'])) {
$delete_feed = $Blog->deleteRSS($_GET['delete_rss']);
if ($delete_feed == true) {
echo '<div class="updated">';
i18n(BLOGFILE . '/FEED_DELETED');
echo '</div>';
} else {
echo '<div class="error">';
i18n(BLOGFILE . '/FEED_DELETE_ERROR');
echo '</div>';
}
}
edit_rss();
} elseif (isset($_GET['settings']) && $blogUserPermissions['blogsettings'] == true) {
show_settings_admin();
} elseif (isset($_GET['help']) && $blogUserPermissions['bloghelp'] == true) {
show_help_admin();
} elseif (isset($_GET['custom_fields']) && $blogUserPermissions['blogcustomfields'] == true) {
$CustomFields = new customFields();
if (isset($_POST['save_custom_fields'])) {
$saveCustomFields = $CustomFields->saveCustomFields();
if ($saveCustomFields) {
echo '<div class="updated">' . i18n_r(BLOGFILE . '/EDIT_OK') . '</div>';
}
}
show_custom_fields();
} else {
if (isset($_GET['save_post'])) {
savePost();
} elseif (isset($_GET['delete_post']) && $blogUserPermissions['blogdeletepost'] == true) {
$post_id = urldecode($_GET['delete_post']);
$delete_post = $Blog->deletePost($post_id);
if ($delete_post == true) {
echo '<div class="updated">';
i18n(BLOGFILE . '/POST_DELETED');
echo '</div>';
} else {
echo '<div class="error">';
i18n(BLOGFILE . '/FEED_DELETE_ERROR');
echo '</div>';
}
}
show_posts_admin();
}
}
<?php include 'includes/reqPost.php'; editPost($bdd); $id_post = $_GET['id_post']; $sql = "SELECT * FROM `posts` WHERE `id_post` = ?"; $result = $bdd->prepare($sql); $result->execute(array($id_post)); $editInfos = $result->fetch(); //var_dump($id_post); //var_dump($editInfos); ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8" /> <link rel="stylesheet" href="css/style.css" /> <link rel="stylesheet" href="css/styleAddPost.css" /> <script type="text/javascript" src="js/addPost.js"></script> <title>My_Weblog</title> </head> <body> <div id="main"> <?php include 'includes/nav.php'; ?> <header class="title"> <h1>~ Edition ~</h1>
public function reward()
{
global $vbulletin, $vbphrase;
// <editor-fold defaultstate="collapsed" desc="analysis information">
if ($this->type == 2) {
$this->chapternumber = "";
}
$this->fansubmember = str_replace('false', '', $this->fansubmember);
$this->fansubmember = str_replace(',,', '', $this->fansubmember);
if ($this->postid == 0) {
$this->postid = $this->manga->postid;
}
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc="create new update post, and new read online thread">
// <editor-fold defaultstate="collapsed" desc=" create new update post ">
//normal case: there is update post for the chapter, or there is not but no 18+ content.
//reward and add chapter to the database only, no need to make any new post. Only set the post to yrmspost.
if ($this->postid != $this->manga->postid) {
$vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->postid}'");
if ($this->rate == 1 && !empty($this->numberofhost)) {
$downloadpost = $this->buildpost('download');
editPost($downloadpost);
}
} else {
if ($this->postid == $this->manga->postid && $this->rate == 1) {
$downloadpost = $this->buildpost('download');
$this->postid = newPost($downloadpost, $this->poster);
$vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->postid}'");
}
}
//abnormal case 2: no download link, only readonline link.
//Skip this step
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc=" create new read online thread ">
//normal case: readonline post is a separate topic
//do nothing but set the post to yrms post, and reformat it if the chapter is 18+ content
if (!empty($this->onlinelink)) {
$vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->readonlinepostid}'");
if ($this->rate == 1) {
$readonlinepost = $this->buildpost('online');
editPost($readonlinepost);
}
}
//abnormal case: readonline post is the same as update post, or manga post
//turn it into normal case and treat as normal case
if (!empty($this->onlinelink) && ($this->readonlinepostid == $this->postid || $this->readonlinepostid == $this->manga->postid || $this->readonlinepostid == 0)) {
$readonlinepost = $this->buildpost('online');
$idpack = newThread($readonlinepost, $this->readonlineposter);
$this->readonlinepostid = $idpack['postid'];
$vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->readonlinepostid}'");
}
// </editor-fold>
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc="add chapter to the database ">
$vbulletin->db->query_write("INSERT INTO `" . TABLE_PREFIX . "yrms_vietsubmanga_chapter`" . "(`mangaid`," . "`postid`, " . "`readonlinepostid`, " . "`active`, " . "`status`, " . "`type`, " . "`chapternumber`, " . "`chaptertitle`, " . "`rate`, " . "`numberofhost`, " . "`downloadlink`, " . "`onlinelink`, " . "`fansubmember`, " . "`fansubnote`) " . "VALUES ('{$this->manga->mangaid}'," . "'{$this->postid}'," . "'{$this->readonlinepostid}'," . "'1'," . "'{$this->status}'," . "'{$this->type}'," . "'{$this->chapternumber}'," . "'{$this->chaptertitle}'," . "'{$this->rate}'," . "'{$this->numberofhost}'," . "'" . serialize($this->downloadlink) . "'," . "'{$this->onlinelink}'," . "'" . serialize($this->fansubmember) . "'," . "'{$this->fansubnote}')");
$this->chapterid = $vbulletin->db->insert_id();
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc="update manga">
$this->manga->fansubmember = update_array_to_array($this->fansubmember, $this->manga->fansubmember);
$this->manga->fansubmember = reindex_array($this->manga->fansubmember, array("translator", "proofreader", "editor", "qualitychecker", "uploader"));
if ($this->type == 1 || $this->type == 2) {
$this->manga->finishedchapter++;
}
if (!empty($this->onlinelink)) {
$this->manga->readonlinestatus = 1;
}
$chapterhostname = array();
if (!empty($this->numberofhost)) {
foreach ($this->downloadlink as $hostname => $hostlink) {
$chapterhostname[] = $hostname;
}
$this->manga->hostname = update_array_to_array($chapterhostname, $this->manga->hostname);
$this->manga->numberofhost = count($this->manga->hostname);
}
$this->manga->update();
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc=" reward ">
//For download post
$award_download = new Award();
$award_download->postid = $this->postid;
if (strpos(strtolower($this->manga->fansubsite), 'yurivn')) {
$award_download->awardcontent = $this->build_awardcontent_fansubmember();
}
if (!empty($this->numberofhost)) {
if (array_key_exists($this->poster, $award_download->awardcontent)) {
$award_download->awardcontent[$this->poster] += $vbulletin->options['yrms_vietsubmanga_yun_uploader'];
} else {
$award_download->awardcontent += array($this->poster => $vbulletin->options['yrms_vietsubmanga_yun_uploader']);
}
if ($this->numberofhost >= 2) {
if (array_key_exists($this->poster, $award_download->awardcontent)) {
$award_download->awardcontent[$this->poster] += $vbulletin->options['yrms_vietsubmanga_yun_mirror'];
} else {
$award_download->awardcontent += array($this->poster => $vbulletin->options['yrms_vietsubmanga_yun_mirror']);
}
}
}
$award_download->resourcetype = 'vietsubmanga';
$award_download->resourceid = $this->chapterid;
$award_download->resourceheadid = $this->manga->mangaid;
$award_download->add();
//For readonline post
if (!empty($this->readonlinepostid)) {
$award_online = new Award();
$award_online->postid = $this->readonlinepostid;
$award_online->awardcontent = array($this->readonlineposter => $vbulletin->options['yrms_vietsubmanga_yun_online']);
$award_online->resourcetype = 'vietsubmanga';
$award_online->resourceid = $this->chapterid;
$award_online->resourceheadid = $this->manga->mangaid;
$award_online->add();
}
// </editor-fold>
// <editor-fold defaultstate="collapsed" desc=" return the success message ">
if (isset($award_online)) {
$awardcontent = $award_download->awardcontent + $award_online->awardcontent;
} else {
$awardcontent = $award_download->awardcontent;
}
$awardinfo = array();
foreach ($awardcontent as $userid => $amount) {
$userinfo = fetch_userinfo($userid);
$username = $userinfo["username"];
$awardinfo[] = "{$username}: {$amount} {$vbulletin->options['yrms_main_moneyname']}";
}
$awardinfo = implode("\n", $awardinfo);
$return_message = construct_phrase($vbphrase['yrms_msg_success_rewardchapter'], $vbulletin->userinfo['username'], $vbphrase["yrms_chaptertype{$this->type}"] . " " . $this->chapternumber, $this->manga->mangatitle, nl2br($awardinfo));
return $return_message;
// </editor-fold>
}
