Exemple #1
0
include '../../settings.php';
include '../../inc/login_functions.php';
include '../../inc/helper.php';
include 'functions.php';
$logedIn = access($mysqli);
/* Berechtigung den Artikel zu bearbeiten */
if (isset($_GET['article'])) {
    $articleId = trim(htmlentities($_GET['article'], ENT_QUOTES, "UTF-8"));
    $articleId = $mysqli->real_escape_string($articleId);
    $article = getArticle($mysqli, $articleId);
    if ($article['userId'] != $_SESSION['userId']) {
        header("Location: ../../404.php");
        exit;
    }
}
$result = updateArticle($mysqli, $articleId);
include '../../inc/header.php';
include "../../inc/topNavbar.php";
?>

<section id="main-container">

	<?php 
include "../../inc/leftNavbar.php";
?>
	
	<!--Page main section start-->
  	<section id="min-wrapper">
    	<div id="main-content">
      		<div class="container-fluid">
Exemple #2
0
                        $_GET['titlelink'] = $as;
                        break;
                    case 'delete':
                        $reports[] = deleteArticle($result);
                        break;
                }
            }
        } else {
            $result = new ZenpageNews('');
            $result->setPermalink(1);
            $result->setDateTime(date('Y-m-d H:i:s'));
        }
    }
    if (isset($_GET['save'])) {
        XSRFdefender('save');
        $result = updateArticle($reports, true);
    }
    if (isset($_GET['delete'])) {
        XSRFdefender('delete');
        $msg = deleteArticle(sanitize($_GET['delete']));
        if (!empty($msg)) {
            $reports[] = $msg;
        }
    }
}
if (is_AdminEditPage('newscategory')) {
    $tab = 'news';
    $_GET['tab'] = 'categories';
    if (isset($_GET['save'])) {
        XSRFdefender('save');
        updateCategory($reports, true);
Exemple #3
0
function formProcess_bl($option)
{
    $errorText = '';
    if (!check_csrf_token()) {
        zamgerlog("csrf token nije dobar", 3);
        zamgerlog2("csrf token nije dobar");
        return "Poslani podaci nisu ispravni. Vratite se nazad, ponovo popunite formu i kliknite na dugme Pošalji";
    }
    if (!in_array($option, array('add', 'edit'))) {
        $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
        return $errorText;
    }
    $id = intval($_REQUEST['id']);
    if ($option == 'edit' && $id <= 0) {
        $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
        zamgerlog("pokusao urediti nepostojeci clanak {$id}, projekat {$projekat} (pp{$predmet})", 3);
        zamgerlog2("pokusao urediti nepostojeci clanak", $id, $projekat);
        return $errorText;
    }
    //get variables
    $naslov = $_REQUEST['naslov'];
    $tekst = $_REQUEST['tekst'];
    $slika = $_FILES['image'];
    $projekat = intval($_REQUEST['projekat']);
    $predmet = intval($_REQUEST['predmet']);
    global $userid;
    if (empty($naslov)) {
        $errorText = 'Unesite sva obavezna polja.';
        return $errorText;
    }
    $naslov = trim($naslov);
    $tekst = trim($tekst);
    //process image
    if ($option == 'edit') {
        $entry = getArticle($id);
    }
    global $conf_files_path;
    $lokacijaclanaka = "{$conf_files_path}/projekti/clanci/{$projekat}/{$userid}/";
    if (!file_exists("{$conf_files_path}/projekti/clanci/{$projekat}")) {
        mkdir("{$conf_files_path}/projekti/clanci/{$projekat}", 0777, true);
    }
    if (!file_exists($lokacijaclanaka)) {
        mkdir($lokacijaclanaka, 0777, true);
    }
    if ($slika['error'] != 4) {
        //cannot delete original image and preplace it with the new image so check this also
        if (isset($_REQUEST['delete'])) {
            $errorText .= 'Selektujte ili brisanje slike, ili zamjena slike, ne oboje!';
            return $errorText;
        }
        //adding or replacing image - depends on the $option parameter(add, edit)
        if ($slika['error'] > 0) {
            if ($slika['error'] == 1 || $slika['error'] == 2) {
                $errorText .= 'Pokušavate poslati fajl koji je veci od dozvoljene velicine. Probajte sa manjim fajlom.<br />';
            } else {
                $errorText .= 'Vaš fajl nije poslan korektno. Molimo pokušajte ponovo.<br />';
            }
            return $errorText;
        } else {
            //No error occured so far
            $uploadDir = $lokacijaclanaka;
            # Go to all lower case for consistency
            $imageName = strtolower($slika["name"]);
            $extension = preg_replace('/.+(\\..*)$/', '$1', $imageName);
            $safeExtensions = array('.jpg', '.jpeg', '.gif', '.png');
            if (!in_array($extension, $safeExtensions)) {
                $errorText .= 'Format slike nije dozvoljen. <br />';
                return $errorText;
            }
            if (getimagesize($slika['tmp_name']) == false) {
                $errorText .= 'Format slike nije dozvoljen. <br />';
                return $errorText;
            }
            //final file name
            if ($option == 'add') {
                $uniqueID = date('YmdHis', time());
                $uploadFile = $uniqueID . "{$userid}" . $extension;
            } else {
                if ($entry['slika'] == '') {
                    $uniqueID = date('YmdHis', time());
                    $uploadFile = $uniqueID . "{$userid}" . $extension;
                } else {
                    $uploadFile = $entry['slika'];
                }
            }
            if (move_uploaded_file($slika['tmp_name'], $uploadDir . $uploadFile)) {
                //transfered a file to upload directory from temp dir
                //if edit option REPLACING the old image (overwrite)
                chmod($uploadDir . $uploadFile, 0777);
            } else {
                $errorText .= 'Desila se greška prilikom uploada slike. Molimo kontaktirajte administratora.<br />';
                return $errorText;
            }
            //else
        }
        //else
    }
    //if ($_FILES['slika']['error'] != 4)
    if ($option == 'add') {
        if ($slika['error'] != 4) {
            $imageURL = $uploadFile;
        } else {
            $imageURL = '';
        }
    } else {
        if ($entry['slika'] == '') {
            $imageURL = $uploadFile;
        } else {
            if (isset($_REQUEST['delete'])) {
                //delete image from server
                unlink($lokacijaclanaka . $entry['slika']);
                //reset image in the database
                $imageURL = '';
            } else {
                $imageURL = $entry['slika'];
            }
        }
    }
    $data = array('naslov' => $naslov, 'tekst' => $tekst, 'slika' => $imageURL, 'osoba' => $userid, 'projekat' => $projekat);
    if ($option == 'add') {
        if (!insertArticle($data)) {
            $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
            return $errorText;
        }
    } else {
        if (!updateArticle($data, $id)) {
            $errorText = 'Doslo je do greske prilikom spasavanja podataka. Molimo kontaktirajte administratora.';
            return $errorText;
        }
    }
    //option == edit
    return $errorText;
}
    if (isset($_GET['delete'])) {
        XSRFdefender('delete');
        $msg = deletePage($_GET['delete']);
        if (!empty($msg)) {
            $reports[] = $msg;
        }
    }
}
if (is_AdminEditPage('newsarticle')) {
    $tab = 'news';
    if (isset($_GET['titlelink'])) {
        $result = new ZenpageNews(urldecode($_GET['titlelink']));
    } else {
        if (isset($_GET['update'])) {
            XSRFdefender('update');
            $result = updateArticle($reports);
            if (getCheckboxState('copy_delete_object')) {
                switch (sanitize($_POST['copy_delete_object'])) {
                    case 'copy':
                        $as = trim(sanitize(sanitize($_POST['copy_object_as'])));
                        if (empty($as)) {
                            $as = sprintf(gettext('copy of %s'), $result->getTitle());
                        }
                        $result->copy($as);
                        break;
                    case 'delete':
                        $reports[] = deleteArticle($result);
                        break;
                }
            }
        } else {
Exemple #5
0
<?php

print_r($_POST);
define('__ROOT__', dirname(dirname(__FILE__)));
require_once __ROOT__ . '/admin/include/PageLocation.php';
// Check for the submit
$edit = filter_input(INPUT_POST, 'edit', FILTER_DEFAULT);
$saveEdit = filter_input(INPUT_POST, 'saveEdit', FILTER_DEFAULT);
$cancelEdit = filter_input(INPUT_POST, 'cancelEdit', FILTER_DEFAULT);
$pageLocation = PageLocation::Article;
if ($edit != "") {
    $pageLocation = PageLocation::EditArticle;
} else {
    if ($saveEdit != "") {
        updateArticle($saveEdit);
    }
}
include_once __ROOT__ . '/admin/index.php';
$delete = filter_input(INPUT_POST, 'delete', FILTER_DEFAULT);
if ($delete != "") {
    deleteArticle($delete);
} else {
    //showAllArticles();
}
function editArticle($edit)
{
    // Create DB connection
    require_once __ROOT__ . '/admin/include/DBclass.php';
    $sqlConn = new DBclass("nazmarket");
    $query = "SELECT * FROM article, category, company, unit " . "     WHERE ((article.idcategory = category.idcategory) AND " . "             (article.idcompany = company.idcompany) AND " . "             (article.idunit = unit.idunit) AND (article.idarticle=" . $edit . "))";
    $article = $sqlConn->exeQuery($query);