break; case ERR::PERMIS_FAIL: echo "You must <a href='login.php'>log in</a> to do this."; break; case ERR::TOKEN_FAIL: case ERR::TOKEN_EXPIRED: case ERR::USER_NO_TOKEN: echo "Your session has expired; please <a href='login.php'>log in</a> again."; break; case ERR::UNKNOWN: default: echo "An unknown error occurred. Please try again later. Error Code: " . $result[SP::ERROR]; break; } } elseif (isset($_POST['editid'])) { $result = editPost($db, $_SESSION['id'], $_POST['editid'], $_POST['content'], $_SESSION['token']); switch ($result[SP::ERROR]) { case ERR::OK: $info = multigetPostDetails($db, $_SESSION['id'], array($_POST['editid']))[$_POST['editid']]; echo "Post made successfully! <a href='threadview.php?threadid=" . $info[POST::THREAD_ID] . "&postid=" . $_POST['editid'] . "'>Back to thread</a>."; break; case ERR::THREAD_LOCKED: echo "The specified thread is locked."; break; case ERR::PERMIS_FAIL: echo "You do not have sufficient permissions to do this."; break; case ERR::TOKEN_FAIL: case ERR::TOKEN_EXPIRED: case ERR::USER_NO_TOKEN: echo "Your session has expired; please <a href='login.php'>log in</a> again.";
$errors = array(); if ($_POST) { // Validate these first $title = $_POST['post-title']; if (!$title) { $errors[] = 'The post must have a title'; } $body = $_POST['post-body']; if (!$body) { $errors[] = 'The post must have a body'; } if (!$errors) { $pdo = getPDO(); // Decide if we are editing or adding if ($postId) { editPost($pdo, $title, $body, $postId); } else { $userId = getAuthUserId($pdo); $postId = addPost($pdo, $title, $body, $userId); if ($postId === false) { $errors[] = 'Post operation failed'; } } } if (!$errors) { redirectAndExit('edit-post.php?post_id=' . $postId); } } ?> <!DOCTYPE html>
if ($dbPosts->delete($key)) { // Reindex tags, this function is in 70.posts.php reIndexTagsPosts(); Alert::set($Language->g('The post has been deleted successfully')); Redirect::page('admin', 'manage-posts'); } else { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to delete the post.'); } } // ============================================================================ // Main before POST // ============================================================================ // ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { if (isset($_POST['delete-post'])) { deletePost($_POST['key']); } else { editPost($_POST); } } // ============================================================================ // Main after POST // ============================================================================ if (!$dbPosts->postExists($layout['parameters'])) { Log::set(__METHOD__ . LOG_SEP . 'Error occurred when trying to get the post: ' . $layout['parameters']); Redirect::page('admin', 'manage-posts'); } $_Post = buildPost($layout['parameters']); $layout['title'] .= ' - ' . $Language->g('Edit post') . ' - ' . $_Post->title();
<?php include 'db-connection.php'; require 'posts.php'; session_start(); $post_id = filter_input(INPUT_POST, 'postId'); $post = filter_input(INPUT_POST, 'post'); $user_id = $_SESSION['user_id']; $status = editPost($post_id, $post, $user_id); echo $status;
editComment(); } if ($request == "comment-delete") { deleteComment(); } if ($request == "comment-thumb-up") { thumbUp(); } if ($request == "comment-thumb-down") { thumbDown(); } if ($request == "post-add") { addPost(); } if ($request == "post-edit") { editPost(); } if ($request == "post-delete") { deletePost(); } function escapeText($text) { $result = "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">" . $text; $dom = new DOMDocument(); $dom->loadHTML($result); $script = $dom->getElementsByTagName('script'); $remove = []; foreach ($script as $item) { $remove[] = $item; } foreach ($remove as $item) {
function blog_admin_controller() { $Blog = new Blog(); getBlogUserPermissions(); global $blogUserPermissions, $SITEURL; if (!isset($_GET['update'])) { $update = blog_version_check(); if ($update[0] == 'current') { $ucolor = '#308000'; } elseif ($update[0] == 'update') { $ucolor = '#FFA500'; } elseif ($update[0] == 'beta') { $ucolor = '#2B5CB3'; } else { $ucolor = '#D94136'; } } else { $ucolor = '#777777'; } if (isset($_GET['edit_post']) && $blogUserPermissions['blogeditpost'] == true) { editPost($_GET['edit_post']); } elseif (isset($_GET['create_post']) && $blogUserPermissions['blogcreatepost'] == true) { editPost(); } elseif (isset($_GET['categories']) && $blogUserPermissions['blogcategories'] == true) { if (isset($_GET['edit_category'])) { $add_category = $Blog->saveCategory($_POST['new_category']); if ($add_category == true) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/CATEGORY_ADDED') . '</div>'; } else { echo '<div class="error">' . i18n_r(BLOGFILE . '/CATEGORY_ERROR') . '</div>'; } } if (isset($_GET['delete_category'])) { $Blog->deleteCategory($_GET['delete_category']); } #edit_categories $category_file = getXML(BLOGCATEGORYFILE); require_once 'html/category-management.php'; } elseif (isset($_GET['auto_importer']) && $blogUserPermissions['blogrssimporter'] == true) { if (isset($_POST['post-rss'])) { $post_data = array(); $post_data['name'] = $_POST['post-rss']; $post_data['category'] = $_POST['post-category']; $add_feed = $Blog->saveRSS($post_data); if ($add_feed == true) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/FEED_ADDED') . '</div>'; } else { echo '<div class="error">' . i18n_r(BLOGFILE . '/FEED_ERROR') . '</div>'; } } elseif (isset($_GET['delete_rss'])) { $delete_feed = $Blog->deleteRSS($_GET['delete_rss']); if ($delete_feed == true) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/FEED_DELETED') . '</div>'; } else { echo '<div class="error">' . i18n_r(BLOGFILE . '/FEED_DELETE_ERROR') . '</div>'; } } #edit_rss $rss_file = getXML(BLOGRSSFILE); require_once 'html/feed-management.php'; } elseif (isset($_GET['settings']) && $blogUserPermissions['blogsettings'] == true) { show_settings_admin(); } elseif (isset($_GET['update']) && $blogUserPermissions['blogsettings'] == true) { show_update_admin(); } elseif (isset($_GET['help']) && $blogUserPermissions['bloghelp'] == true) { require_once 'html/help-admin.php'; } elseif (isset($_GET['custom_fields']) && $blogUserPermissions['blogcustomfields'] == true) { $CustomFields = new customFields(); if (isset($_POST['save_custom_fields'])) { $saveCustomFields = $CustomFields->saveCustomFields(); if ($saveCustomFields) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/EDIT_OK') . '</div>'; } } show_custom_fields(); } else { if (isset($_GET['save_post'])) { savePost(); } elseif (isset($_GET['delete_post']) && $blogUserPermissions['blogdeletepost'] == true) { $post_id = urldecode($_GET['delete_post']); $delete_post = $Blog->deletePost($post_id); if ($delete_post == true) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/POST_DELETED') . '</div>'; } else { echo '<div class="error">' . i18n(BLOGFILE . '/FEED_DELETE_ERROR') . '</div>'; } } #show_posts_admin $all_posts = $Blog->listPosts(true, true); // Get a list of all the posts in the blog require_once 'html/posts-admin.php'; // Bring in the HTML to show this section } }
<?php require "session.php"; require "init.php"; require "header.php"; require 'function.php'; ?> <h2>Edit post</h2> <form enctype="multipart/form-data" method="post"> <p>title: <input type="text" name="title"/> </p> <p>body: <textarea name="body"/></textarea> </p> <input name="filedata" type="file" /> <p> <input type="submit" name="ok" value="Valider"/> </p> </form> <?php if (isset($_POST["title"]) && isset($_POST["body"])) { editPost($_POST["title"], $_POST["body"], 14, 3); } else { die("manque d'information"); }
// database, and all the functions it calls are in the $loq object. function identify_admin_archives() { return array('name' => 'archives', 'type' => 'builtin', 'nicename' => 'Archives Admin', 'description' => 'Edit archives', 'authors' => 'Eaden McKee, Tobias Schlottke', 'licence' => 'GPL', 'help' => ''); } $loq->assign('form_type', 'edit'); $loq->get_modifiers(); $actions = array('delete', 'edit', 'postedit', 'filter', 'allowcomments'); if (isset($_POST['action']) && in_array($_POST['action'], $actions)) { $postid = intval($_POST['postid']); switch ($_POST['action']) { case 'delete': deletePost($loq, $postid); break; case 'edit': editPost($loq, $postid); break; case 'postedit': savePost($loq, $postid); break; case 'filter': filterDisplay($loq); break; case 'allowcomments': allowComments($loq, $postid); break; default: //Unknown - handle this error break; } } else {
$edited_post_time = date('Y-m-d H:i:s'); //grab all the stuff we need to edit the post $post_id = $_POST['post_id']; $post_query = "SELECT * FROM posts WHERE id='{$post_id}'"; $post_result = $conn->query($post_query); $total_rows = $post_result->num_rows; if ($total_rows == 0) { giveError("Invalid Request."); } else { while ($row = $post_result->fetch_assoc()) { $post_creator_id = $row['post_creator_id']; $post_time = $row['post_time']; $topic_id = $row['topic_id']; $post_content = $row['post_content']; } editPost($edited_post_content, $edited_post_time, $post_id, $post_creator_id, $post_time, $topic_id, $post_content); redirect("showmsg.php?topic_id={$topic_id}"); } } } } else { // post came from edit button $id = $_REQUEST['id']; $post_query = "SELECT * FROM `posts` WHERE id='{$id}'"; $post_result = $conn->query($post_query); $total_rows = $post_result->num_rows; if ($total_rows == 0) { giveError("Invalid Post"); } else { while ($row = $post_result->fetch_assoc()) { $creator_id = $row['post_creator_id'];
<p>body: <textarea name="body"/><?php echo $post['body']; ?> </textarea> </p> <input name="filedata" type="file" /> <p> <input type="submit" name="ok" value="Valider"/> </p> </form> <?php if (isset($_POST["title"]) && isset($_POST["body"])) { $user = getUser($_SESSION['login_user'], hash('haval256,5', trim($_SESSION['pwd_user']))); $user_id = $user->fetch()['id']; $uploaddir = 'img/'; $uploadfile = $uploaddir . basename($_FILES['filedata']['name']); if (move_uploaded_file($_FILES['filedata']['tmp_name'], $uploadfile)) { insert(basename($_FILES['filedata']['name']), $uploadfile, $_FILES['filedata']['type'], $_SESSION['login_user'], hash('haval256,5', trim($_SESSION['pwd_user']))); } else { echo "Attaque potentielle par téléchargement de fichiers.\n"; } $lastId = addImage(basename($_FILES['filedata']['name']), $uploadfile, $_FILES['filedata']['type']); editPost($_POST["title"], $_POST["body"], $lastId, $post['id'], $user_id); header('Location: editPost.php?id=' . $post["id"]); exit; } else { die("manque d'information"); }
/** * Handles conditionals for admin functions * * @return void */ function blog_admin_controller() { $Blog = new Blog(); getBlogUserPermissions(); global $blogUserPermissions; showAdminNav(); if (isset($_GET['edit_post']) && $blogUserPermissions['blogeditpost'] == true) { editPost($_GET['edit_post']); } elseif (isset($_GET['create_post']) && $blogUserPermissions['blogcreatepost'] == true) { editPost(); } elseif (isset($_GET['categories']) && $blogUserPermissions['blogcategories'] == true) { if (isset($_GET['edit_category'])) { $add_category = $Blog->saveCategory($_POST['new_category']); if ($add_category == true) { echo '<div class="updated">'; i18n(BLOGFILE . '/CATEGORY_ADDED'); echo '</div>'; } else { echo '<div class="error">'; i18n(BLOGFILE . '/CATEGORY_ERROR'); echo '</div>'; } } if (isset($_GET['delete_category'])) { $Blog->deleteCategory($_GET['delete_category']); } edit_categories(); } elseif (isset($_GET['auto_importer']) && $blogUserPermissions['blogrssimporter'] == true) { if (isset($_POST['post-rss'])) { $post_data = array(); $post_data['name'] = $_POST['post-rss']; $post_data['category'] = $_POST['post-category']; $add_feed = $Blog->saveRSS($post_data); if ($add_feed == true) { echo '<div class="updated">'; i18n(BLOGFILE . '/FEED_ADDED'); echo '</div>'; } else { echo '<div class="error">'; i18n(BLOGFILE . '/FEED_ERROR'); echo '</div>'; } } elseif (isset($_GET['delete_rss'])) { $delete_feed = $Blog->deleteRSS($_GET['delete_rss']); if ($delete_feed == true) { echo '<div class="updated">'; i18n(BLOGFILE . '/FEED_DELETED'); echo '</div>'; } else { echo '<div class="error">'; i18n(BLOGFILE . '/FEED_DELETE_ERROR'); echo '</div>'; } } edit_rss(); } elseif (isset($_GET['settings']) && $blogUserPermissions['blogsettings'] == true) { show_settings_admin(); } elseif (isset($_GET['help']) && $blogUserPermissions['bloghelp'] == true) { show_help_admin(); } elseif (isset($_GET['custom_fields']) && $blogUserPermissions['blogcustomfields'] == true) { $CustomFields = new customFields(); if (isset($_POST['save_custom_fields'])) { $saveCustomFields = $CustomFields->saveCustomFields(); if ($saveCustomFields) { echo '<div class="updated">' . i18n_r(BLOGFILE . '/EDIT_OK') . '</div>'; } } show_custom_fields(); } else { if (isset($_GET['save_post'])) { savePost(); } elseif (isset($_GET['delete_post']) && $blogUserPermissions['blogdeletepost'] == true) { $post_id = urldecode($_GET['delete_post']); $delete_post = $Blog->deletePost($post_id); if ($delete_post == true) { echo '<div class="updated">'; i18n(BLOGFILE . '/POST_DELETED'); echo '</div>'; } else { echo '<div class="error">'; i18n(BLOGFILE . '/FEED_DELETE_ERROR'); echo '</div>'; } } show_posts_admin(); } }
<?php include 'includes/reqPost.php'; editPost($bdd); $id_post = $_GET['id_post']; $sql = "SELECT * FROM `posts` WHERE `id_post` = ?"; $result = $bdd->prepare($sql); $result->execute(array($id_post)); $editInfos = $result->fetch(); //var_dump($id_post); //var_dump($editInfos); ?> <!DOCTYPE HTML> <html> <head> <meta charset="utf-8" /> <link rel="stylesheet" href="css/style.css" /> <link rel="stylesheet" href="css/styleAddPost.css" /> <script type="text/javascript" src="js/addPost.js"></script> <title>My_Weblog</title> </head> <body> <div id="main"> <?php include 'includes/nav.php'; ?> <header class="title"> <h1>~ Edition ~</h1>
public function reward() { global $vbulletin, $vbphrase; // <editor-fold defaultstate="collapsed" desc="analysis information"> if ($this->type == 2) { $this->chapternumber = ""; } $this->fansubmember = str_replace('false', '', $this->fansubmember); $this->fansubmember = str_replace(',,', '', $this->fansubmember); if ($this->postid == 0) { $this->postid = $this->manga->postid; } // </editor-fold> // <editor-fold defaultstate="collapsed" desc="create new update post, and new read online thread"> // <editor-fold defaultstate="collapsed" desc=" create new update post "> //normal case: there is update post for the chapter, or there is not but no 18+ content. //reward and add chapter to the database only, no need to make any new post. Only set the post to yrmspost. if ($this->postid != $this->manga->postid) { $vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->postid}'"); if ($this->rate == 1 && !empty($this->numberofhost)) { $downloadpost = $this->buildpost('download'); editPost($downloadpost); } } else { if ($this->postid == $this->manga->postid && $this->rate == 1) { $downloadpost = $this->buildpost('download'); $this->postid = newPost($downloadpost, $this->poster); $vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->postid}'"); } } //abnormal case 2: no download link, only readonline link. //Skip this step // </editor-fold> // <editor-fold defaultstate="collapsed" desc=" create new read online thread "> //normal case: readonline post is a separate topic //do nothing but set the post to yrms post, and reformat it if the chapter is 18+ content if (!empty($this->onlinelink)) { $vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->readonlinepostid}'"); if ($this->rate == 1) { $readonlinepost = $this->buildpost('online'); editPost($readonlinepost); } } //abnormal case: readonline post is the same as update post, or manga post //turn it into normal case and treat as normal case if (!empty($this->onlinelink) && ($this->readonlinepostid == $this->postid || $this->readonlinepostid == $this->manga->postid || $this->readonlinepostid == 0)) { $readonlinepost = $this->buildpost('online'); $idpack = newThread($readonlinepost, $this->readonlineposter); $this->readonlinepostid = $idpack['postid']; $vbulletin->db->query_write("UPDATE `" . TABLE_PREFIX . "post` " . "SET `yrmspost`=1 " . "WHERE `postid` = '{$this->readonlinepostid}'"); } // </editor-fold> // </editor-fold> // <editor-fold defaultstate="collapsed" desc="add chapter to the database "> $vbulletin->db->query_write("INSERT INTO `" . TABLE_PREFIX . "yrms_vietsubmanga_chapter`" . "(`mangaid`," . "`postid`, " . "`readonlinepostid`, " . "`active`, " . "`status`, " . "`type`, " . "`chapternumber`, " . "`chaptertitle`, " . "`rate`, " . "`numberofhost`, " . "`downloadlink`, " . "`onlinelink`, " . "`fansubmember`, " . "`fansubnote`) " . "VALUES ('{$this->manga->mangaid}'," . "'{$this->postid}'," . "'{$this->readonlinepostid}'," . "'1'," . "'{$this->status}'," . "'{$this->type}'," . "'{$this->chapternumber}'," . "'{$this->chaptertitle}'," . "'{$this->rate}'," . "'{$this->numberofhost}'," . "'" . serialize($this->downloadlink) . "'," . "'{$this->onlinelink}'," . "'" . serialize($this->fansubmember) . "'," . "'{$this->fansubnote}')"); $this->chapterid = $vbulletin->db->insert_id(); // </editor-fold> // <editor-fold defaultstate="collapsed" desc="update manga"> $this->manga->fansubmember = update_array_to_array($this->fansubmember, $this->manga->fansubmember); $this->manga->fansubmember = reindex_array($this->manga->fansubmember, array("translator", "proofreader", "editor", "qualitychecker", "uploader")); if ($this->type == 1 || $this->type == 2) { $this->manga->finishedchapter++; } if (!empty($this->onlinelink)) { $this->manga->readonlinestatus = 1; } $chapterhostname = array(); if (!empty($this->numberofhost)) { foreach ($this->downloadlink as $hostname => $hostlink) { $chapterhostname[] = $hostname; } $this->manga->hostname = update_array_to_array($chapterhostname, $this->manga->hostname); $this->manga->numberofhost = count($this->manga->hostname); } $this->manga->update(); // </editor-fold> // <editor-fold defaultstate="collapsed" desc=" reward "> //For download post $award_download = new Award(); $award_download->postid = $this->postid; if (strpos(strtolower($this->manga->fansubsite), 'yurivn')) { $award_download->awardcontent = $this->build_awardcontent_fansubmember(); } if (!empty($this->numberofhost)) { if (array_key_exists($this->poster, $award_download->awardcontent)) { $award_download->awardcontent[$this->poster] += $vbulletin->options['yrms_vietsubmanga_yun_uploader']; } else { $award_download->awardcontent += array($this->poster => $vbulletin->options['yrms_vietsubmanga_yun_uploader']); } if ($this->numberofhost >= 2) { if (array_key_exists($this->poster, $award_download->awardcontent)) { $award_download->awardcontent[$this->poster] += $vbulletin->options['yrms_vietsubmanga_yun_mirror']; } else { $award_download->awardcontent += array($this->poster => $vbulletin->options['yrms_vietsubmanga_yun_mirror']); } } } $award_download->resourcetype = 'vietsubmanga'; $award_download->resourceid = $this->chapterid; $award_download->resourceheadid = $this->manga->mangaid; $award_download->add(); //For readonline post if (!empty($this->readonlinepostid)) { $award_online = new Award(); $award_online->postid = $this->readonlinepostid; $award_online->awardcontent = array($this->readonlineposter => $vbulletin->options['yrms_vietsubmanga_yun_online']); $award_online->resourcetype = 'vietsubmanga'; $award_online->resourceid = $this->chapterid; $award_online->resourceheadid = $this->manga->mangaid; $award_online->add(); } // </editor-fold> // <editor-fold defaultstate="collapsed" desc=" return the success message "> if (isset($award_online)) { $awardcontent = $award_download->awardcontent + $award_online->awardcontent; } else { $awardcontent = $award_download->awardcontent; } $awardinfo = array(); foreach ($awardcontent as $userid => $amount) { $userinfo = fetch_userinfo($userid); $username = $userinfo["username"]; $awardinfo[] = "{$username}: {$amount} {$vbulletin->options['yrms_main_moneyname']}"; } $awardinfo = implode("\n", $awardinfo); $return_message = construct_phrase($vbphrase['yrms_msg_success_rewardchapter'], $vbulletin->userinfo['username'], $vbphrase["yrms_chaptertype{$this->type}"] . " " . $this->chapternumber, $this->manga->mangatitle, nl2br($awardinfo)); return $return_message; // </editor-fold> }