public function action_add() { // check permission if (\Model_AccountLevelPermission::checkAdminPermission('blog_perm', 'blog_write_perm') == false) { \Session::set_flash('form_status', array('form_status' => 'error', 'form_status_message' => \Lang::get('admin_permission_denied', array('page' => \Uri::string())))); \Response::redirect(\Uri::create('blog/admin')); } // read flash message for display errors. $form_status = \Session::get_flash('form_status'); if (isset($form_status['form_status']) && isset($form_status['form_status_message'])) { $output['form_status'] = $form_status['form_status']; $output['form_status_message'] = $form_status['form_status_message']; } unset($form_status); // if form submitted if (\Input::method() == 'POST') { // store data for save $data['post_name'] = \Security::htmlentities(trim(\Input::post('post_name'))); $data['post_body'] = trim(\Input::post('post_body')); // validate form. $validate = \Validation::forge(); $validate->add('post_name', \Lang::get('blog_post_name'), array(), array('required')); $validate->add('post_body', \Lang::get('blog_post_content'), array(), array('required')); if (!\Extension\NoCsrf::check()) { // validate token failed $output['form_status'] = 'error'; $output['form_status_message'] = \Lang::get('fslang_invalid_csrf_token'); } elseif (!$validate->run()) { // validate failed $output['form_status'] = 'error'; $output['form_status_message'] = $validate->show_errors(); } else { $result = \Blog\Model_Blog::addPost($data); if ($result === true) { if (\Session::get_flash('form_status', null, false) == null) { \Session::set_flash('form_status', array('form_status' => 'success', 'form_status_message' => \Lang::get('admin_saved'))); } \Response::redirect(\Uri::create('blog/admin')); } else { $output['form_status'] = 'error'; $output['form_status_message'] = $result; } } // re-populate form $output['post_name'] = $data['post_name']; $output['post_body'] = $data['post_body']; } // <head> output ---------------------------------------------------------------------------------------------- $output['page_title'] = $this->generateTitle(\Lang::get('blog')); // <head> output ---------------------------------------------------------------------------------------------- return $this->generatePage('admin/blog_form_v', $output, false); }