$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $resource->id);
if (exponent_permissions_check('edit', $loc) || exponent_permissions_check('edit', $iloc)) {
$directory = 'files/resourcesmodule/' . $loc->src;
$file = file::update('file', $directory, null, time() . '_' . $_FILES['file']['name']);
if (is_object($file)) {
$id = $db->insertObject($file, 'file');
$resource->file_id = $id;
$resource->editor = $user->id;
$resource->edited = time();
if (isset($_POST['checkin']) && ($user->is_acting_admin == 1 || $user->id == $resource->flock_owner)) {
$resource->flock_owner = 0;
}
if (!defined('SYS_WORKFLOW')) {
include_once BASE . 'subsystems/workflow.php';
}
exponent_workflow_post($resource, 'resourceitem', $loc);
unset($_SESSION['resource_cache']);
} else {
// If file::update() returns a non-object, it should be a string. That string is the error message.
$post = $_POST;
$post['_formError'] = $file;
exponent_sessions_set('last_POST', $post);
unset($_SESSION['resource_cache']);
header('Location: ' . $_SERVER['HTTP_REFERER']);
}
} else {
echo SITE_403_HTML;
}
} else {
echo SITE_404_HTML;
}
#
# This file is part of Exponent
#
# Exponent is free software; you can redistribute
# it and/or modify it under the terms of the GNU
# General Public License as published by the Free
# Software Foundation; either version 2 of the
# License, or (at your option) any later version.
#
# GPL: http://www.gnu.org/licenses/gpl.txt
#
##################################################
if (!defined('EXPONENT')) {
exit('');
}
if (isset($_POST['id'])) {
$textitem = $db->selectObject('textitem', 'id=' . intval($_POST['id']));
if ($textitem) {
$loc = unserialize($textitem->location_data);
}
}
if (exponent_permissions_check('edit', $loc)) {
$textitem = textitem::update($_POST, $textitem);
$textitem->location_data = serialize($loc);
if (!defined('SYS_WORKFLOW')) {
include_once BASE . 'subsystems/workflow.php';
}
exponent_workflow_post($textitem, 'textitem', $loc);
} else {
echo SITE_403_HTML;
}
if (isset($_POST['id'])) {
$news = $db->selectObject("newsitem", "id=" . intval($_POST['id']));
if ($news != null) {
$loc = unserialize($news->location_data);
$iloc = exponent_core_makeLocation($loc->mod, $loc->src, $news->id);
}
$news->editor = $user->id;
$news->edited = time();
} else {
$news->posted = time();
$news->poster = $user ? $user->id : 0;
}
if (isset($news->id) && exponent_permissions_check("edit_item", $loc) || !isset($news->id) && exponent_permissions_check("add_item", $loc) || $iloc != null && exponent_permissions_check("edit_item", $iloc)) {
$news = newsitem::update($_POST, $news);
//not sure why this is here - added by James?
/*if (!isset($news->id) && $db->countObjects('newsitem',"internal_name='".$news->internal_name."'")) {
unset($_POST['internal_name']);
$_POST['_formError'] = 'That Internal Name is already taken';
exponent_sessions_set('last_POST',$_POST);
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit('');
}
*/
$news->location_data = serialize($loc);
if (!defined("SYS_WORKFLOW")) {
require_once BASE . "subsystems/workflow.php";
}
exponent_workflow_post($news, "newsitem", $loc);
} else {
echo SITE_403_HTML;
}
