function add_page() { global $conn, $lang, $config; $security = login::loginCheck('editpages', true); $display = ''; if ($security === true) { require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); // Do we need to save? if (isset($_POST['edit'])) { // Save page now $save_full = $_POST['ta']; $save_title = $misc->make_db_safe($_POST['title']); $save_description = $misc->make_db_safe($_POST['description']); $save_keywords = $misc->make_db_safe($_POST['keywords']); // $save_full_xhtml = urldecode($save_full); // $save_full_xhtml = $this->html2xhtml($save_full_xhtml); $save_full_xhtml = $misc->make_db_safe(editor::htmlEncodeText($save_full), TRUE); $sql = "INSERT INTO " . $config['table_prefix'] . "pagesmain (pagesmain_full,pagesmain_title,pagesmain_date,pagesmain_summary,pagesmain_no_visitors,pagesmain_complete,pagesmain_description,pagesmain_keywords) VALUES ({$save_full_xhtml},{$save_title}," . $conn->DBDate(time()) . ",'',0,1,{$save_description},{$save_keywords})"; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } $display .= "<center><b>{$lang['page_saved']}</b></center><br />"; $display .= $this->page_list(); $display .= '<form action="index.php?action=edit_page" method="post" id="edit" name="edit">'; $html = ''; $sql = "SELECT pagesmain_full, pagesmain_title, pagesmain_complete, pagesmain_id, pagesmain_description, pagesmain_keywords FROM " . $config['table_prefix'] . "pagesmain WHERE pagesmain_title = " . $save_title; $recordSet = $conn->Execute($sql); if (!$recordSet) { $misc->log_error($sql); } // Save PageID to Session for Image Upload Plugin $_SESSION['PageID'] = $recordSet->fields['pagesmain_id']; // Pull the page from the database $display .= "<input type=\"hidden\" name=\"edit\" value=\"yes\" />"; $display .= "<input type=\"hidden\" name=\"PageID\" value=\"" . $_SESSION['PageID'] . "\" />"; $html = $misc->make_db_unsafe($recordSet->fields['pagesmain_full']); $title = $misc->make_db_unsafe($recordSet->fields['pagesmain_title']); $description = $misc->make_db_unsafe($recordSet->fields['pagesmain_description']); $keywords = $misc->make_db_unsafe($recordSet->fields['pagesmain_keywords']); // $complete = $misc->make_db_unsafe($recordSet->fields['pagesmain_complete']); $display .= $lang['title'] . ' <input type="text" name="title" value="' . $title . '" /><br /><br />'; $display .= $lang['page_meta_description'] . ' <input type="text" size="50" name="description" value="' . $description . '" /><br /><br />'; $display .= $lang['page_meta_keywords'] . ' <input type="text" size="50" name="keywords" value="' . $keywords . '" /><br /><br />'; $display .= '<textarea name="ta" id="ta" style="height: 350px; width: 100%;">' . $html . '</textarea>'; $display .= '<input type="submit" name="ok" value="' . $lang['submit'] . '" style="margin-top:3px;"/>'; $display .= '</form>'; if ($_SESSION['PageID'] != '') { $display .= '<form action="index.php?action=edit_page" method="post" id="delete" style="margin-top:3px;">'; $display .= '<input type="hidden" name="delete" value="yes" />'; $display .= '<input type="hidden" name="PageID" value="' . $_SESSION['PageID'] . '" />'; $display .= '<input type="submit" name="ok" value="' . $lang['delete_page'] . '" />'; $display .= '</form>'; } } else { $display .= $this->page_list(); $display .= '<form action="index.php?action=add_page" method="post" id="edit" name="edit">'; $display .= "<input type=\"hidden\" name=\"edit\" value=\"yes\" />"; $display .= $lang['title'] . ' <input type="text" name="title" value="" /><br /><br />'; $display .= $lang['page_meta_description'] . ' <input type="text" size="50" name="description" value="" /><br /><br />'; $display .= $lang['page_meta_keywords'] . ' <input type="text" size="50" name="keywords" value="" /><br /><br />'; $display .= '<textarea name="ta" id="ta" style="height: 30em; width: 100%;"></textarea>'; $display .= '<input type="submit" name="ok" value="' . $lang['submit'] . '" style="margin-top:3px;" />'; $display .= '</form>'; } } else { $display .= '<div class="error_text">' . $lang['access_denied'] . '</div>'; } return $display; }