<?php

session_start();
date_default_timezone_set('America/Denver');
include 'authentication.php';
checkAdmin();
include '../../db/db.php';
$db = new Database();
$url = $db->prepURL($_POST['title']);
$status = $_POST['submit'] == 'Publish' ? 'published' : 'saved';
switch ($_POST['action']) {
    case 'insert':
        $query = 'INSERT INTO blog
				(title, url, article, color, to_edges, film, timestamp, status) VALUES (?, ?, ?, ?, ?, ?, ?, "' . $status . '")';
        $params = array($_POST['title'], $url, $_POST['blogpost'], $_POST['color'], $_POST['to_edges'], $_POST['film'], $_POST['timestamp']);
        break;
    case 'update':
        $query = 'UPDATE blog SET
				title=?, 
				url=?, 
				article=?, 
				color=?,
				to_edges=?, 
				film=?, 
				timestamp=?,
				status = "' . $status . '"
				WHERE id =' . $_POST['id'];
        $params = array($_POST['title'], $url, $_POST['blogpost'], $_POST['color'], $_POST['to_edges'], $_POST['film'], $_POST['timestamp']);
        break;
    case 'delete':
        $db->dc('DELETE FROM blog WHERE id=' . $_POST['id']);