function formProcess_bl($option) { $errorText = ''; if (!check_csrf_token()) { zamgerlog("csrf token nije dobar", 3); zamgerlog2("csrf token nije dobar"); return "Poslani podaci nisu ispravni. Vratite se nazad, ponovo popunite formu i kliknite na dugme Pošalji"; } if (!in_array($option, array('add', 'edit'))) { $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.'; return $errorText; } $id = intval($_REQUEST['id']); if ($option == 'edit' && $id <= 0) { $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.'; zamgerlog("pokusao urediti nepostojeci clanak {$id}, projekat {$projekat} (pp{$predmet})", 3); zamgerlog2("pokusao urediti nepostojeci clanak", $id, $projekat); return $errorText; } //get variables $naslov = $_REQUEST['naslov']; $tekst = $_REQUEST['tekst']; $slika = $_FILES['image']; $projekat = intval($_REQUEST['projekat']); $predmet = intval($_REQUEST['predmet']); global $userid; if (empty($naslov)) { $errorText = 'Unesite sva obavezna polja.'; return $errorText; } $naslov = trim($naslov); $tekst = trim($tekst); //process image if ($option == 'edit') { $entry = getArticle($id); } global $conf_files_path; $lokacijaclanaka = "{$conf_files_path}/projekti/clanci/{$projekat}/{$userid}/"; if (!file_exists("{$conf_files_path}/projekti/clanci/{$projekat}")) { mkdir("{$conf_files_path}/projekti/clanci/{$projekat}", 0777, true); } if (!file_exists($lokacijaclanaka)) { mkdir($lokacijaclanaka, 0777, true); } if ($slika['error'] != 4) { //cannot delete original image and preplace it with the new image so check this also if (isset($_REQUEST['delete'])) { $errorText .= 'Selektujte ili brisanje slike, ili zamjena slike, ne oboje!'; return $errorText; } //adding or replacing image - depends on the $option parameter(add, edit) if ($slika['error'] > 0) { if ($slika['error'] == 1 || $slika['error'] == 2) { $errorText .= 'Pokušavate poslati fajl koji je veci od dozvoljene velicine. Probajte sa manjim fajlom.<br />'; } else { $errorText .= 'Vaš fajl nije poslan korektno. Molimo pokušajte ponovo.<br />'; } return $errorText; } else { //No error occured so far $uploadDir = $lokacijaclanaka; # Go to all lower case for consistency $imageName = strtolower($slika["name"]); $extension = preg_replace('/.+(\\..*)$/', '$1', $imageName); $safeExtensions = array('.jpg', '.jpeg', '.gif', '.png'); if (!in_array($extension, $safeExtensions)) { $errorText .= 'Format slike nije dozvoljen. <br />'; return $errorText; } if (getimagesize($slika['tmp_name']) == false) { $errorText .= 'Format slike nije dozvoljen. <br />'; return $errorText; } //final file name if ($option == 'add') { $uniqueID = date('YmdHis', time()); $uploadFile = $uniqueID . "{$userid}" . $extension; } else { if ($entry['slika'] == '') { $uniqueID = date('YmdHis', time()); $uploadFile = $uniqueID . "{$userid}" . $extension; } else { $uploadFile = $entry['slika']; } } if (move_uploaded_file($slika['tmp_name'], $uploadDir . $uploadFile)) { //transfered a file to upload directory from temp dir //if edit option REPLACING the old image (overwrite) chmod($uploadDir . $uploadFile, 0777); } else { $errorText .= 'Desila se greška prilikom uploada slike. Molimo kontaktirajte administratora.<br />'; return $errorText; } //else } //else } //if ($_FILES['slika']['error'] != 4) if ($option == 'add') { if ($slika['error'] != 4) { $imageURL = $uploadFile; } else { $imageURL = ''; } } else { if ($entry['slika'] == '') { $imageURL = $uploadFile; } else { if (isset($_REQUEST['delete'])) { //delete image from server unlink($lokacijaclanaka . $entry['slika']); //reset image in the database $imageURL = ''; } else { $imageURL = $entry['slika']; } } } $data = array('naslov' => $naslov, 'tekst' => $tekst, 'slika' => $imageURL, 'osoba' => $userid, 'projekat' => $projekat); if ($option == 'add') { if (!insertArticle($data)) { $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.'; return $errorText; } } else { if (!updateArticle($data, $id)) { $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.'; return $errorText; } } //option == edit return $errorText; }
videoDistributors(); break; case 'video_new': videoPremiere(); break; case 'dvddistr': dvdDistributors(); break; case 'dvd_new': dvdPremiere(); break; case 'usa_new': usaPremiere(); break; case 'add_article': insertArticle(); break; case 'articles': manageArticles(); break; case 'logout': adminLogout(); break; case 'backup': setBackup(); break; case 'password': adminPassword(); break; case 'opt': break;
header("Access-Control-Allow-Origin: *"); header("Content-Type: application/json; charset=UTF-8"); include_once 'commons.php'; include_once 'db.php'; include_once 'log.php'; if ($_SERVER["REQUEST_METHOD"] == "GET") { return getArticles(); } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { $json = file_get_contents('php://input'); $data = json_decode($json, true); var_dump($data); $tinyurl = ""; if (!empty($data["link"])) { get_tiny_url($data["link"]); } return insertArticle($data["title"], $data["body"], $tinyurl); } elseif ($_SERVER["REQUEST_METHOD"] == "DELETE") { $json = file_get_contents('php://input'); $data = json_decode($json, true); $articleID = $data["articleId"]; if (empty($articleID)) { return; } deleteArticle($articleID); log_info("Delete Article: " . $articleID); } else { error("unknown verb"); } //Functions //gets the data from a URL function get_tiny_url($url)