public function library($page_no = 1)
{
$items = new Snip_Model();
$this->pagination = new Pagination(array('base_url' => 'home/library/', 'uri_segment' => 'library', 'total_items' => $items->get_total_snips_public()));
//Load the snip library table
$snips = $items->get_snips_public($page_no, $this->pagination->sql_offset);
$content = new View('snip/snipLibrary');
$content->items = $snips;
// page to get starting at offset, number of items to get
$this->template->title = "Public Snippet Library";
$this->template->template_head .= '<link href="/files/CSS/snipLibrary.css" rel="stylesheet" type="text/css" />';
$home_nav = new view('home_nav');
$home_nav->highlight = 'library';
$this->template->page_nav = $home_nav;
$this->template->page_content = $content;
}
public function snip_edit()
{
$input = Input::instance();
$post = $_POST;
if (isset($post["user"]) and isset($post['snipID']) and isset($post['title']) and isset($post['lang']) and isset($post['private_check']) and isset($post['snippet'])) {
$userID = $post["user"];
$snipID = mysql_real_escape_string($post["snipID"]);
$title = $post['title'];
$snips_model = new Snip_Model();
$language = $snips_model->brush_to_lang($post['lang']);
$snippet = $post['snippet'];
$private = mysql_real_escape_string($post['private_check']);
//$description = $post['description'];
$description = $input->post('description', NULL, TRUE);
if (valid::standard_text($title) and valid::standard_text($userID) and strlen($private) == 1) {
$preRestoreChars = array("~AMP~", "~EQUAL~");
$restoreChars = array("&", "=");
$snippet = str_replace($preRestoreChars, $restoreChars, $snippet);
$title = str_replace($preRestoreChars, $restoreChars, $title);
$description = str_replace($preRestoreChars, $restoreChars, $description);
$snippet = htmlspecialchars($snippet);
$title = mysql_real_escape_string($title);
$snippet = mysql_real_escape_string($snippet);
$parser_class = MARKDOWN_PARSER_CLASS;
$parser = new $parser_class();
$db = Database::instance();
if ($description == 'null') {
$sql = "UPDATE `snippetz`.`snips` SET `language` = '" . $language . "' , `snippet` = '" . $snippet . "' , `title` = '" . $title . "' , `date_added` = CURRENT_TIMESTAMP , `private` = " . $private . " WHERE `snip_id` = " . $snipID . ";";
$result = $db->query($sql);
} else {
$description = $parser->transform($description);
$description = str_replace("\n", "<br />", $description);
$sql = "UPDATE `snippetz`.`snips` SET `language` = '" . $language . "' , `snippet` = '" . $snippet . "' , `title` = '" . $title . "' , `date_added` = CURRENT_TIMESTAMP , `private` = " . $private . " , `description` = '" . mysql_real_escape_string($description) . "' WHERE `snip_id` = '" . $snipID . "';";
$result = $db->query($sql);
}
if ($result) {
echo "Success! Your snippet has been updated, view it now: <a href='/home/snip/" . $snipID . "'>here</a> .";
} else {
echo "DB error";
}
} else {
echo "Error: title field contains illegal characters";
die;
}
} else {
echo "Error: wrong params";
die;
}
}
