For information about Extend-A-Story and its authors, please visit the website: http://www.sir-toby.com/extend-a-story/ */ require __DIR__ . "/include/Extend-A-Story.php"; use Extend_A_Story\HardStoryException; use Extend_A_Story\Util; Util::getSessionAndUserIDs($sessionID, $userID); $storyName = Util::getStringValue("StoryName"); $siteName = Util::getStringValue("SiteName"); $storyHome = Util::getStringValue("StoryHome"); $siteHome = Util::getStringValue("SiteHome"); $readEpisodeURL = Util::getStringValue("ReadEpisodeURL"); $adminEmail = Util::getStringValue("AdminEmail"); $isWriteable = Util::getStringValue("IsWriteable"); $maxLinks = Util::getIntValue("MaxLinks"); $maxEditDays = Util::getIntValue("MaxEditDays"); $message = ""; $command = Util::getStringParamDefault($_REQUEST, "command", ""); if ($command != "" && $command != "addUser" && $command != "addUserSave" && $command != "changePassword" && $command != "changePasswordSave" && $command != "deleteUser" && $command != "deleteUserSave" && $command != "editUser" && $command != "editUserSave" && $command != "configure" && $command != "configureSave" && $command != "listDeadEnds" && $command != "listOrphans" && $command != "listRecentEdits" && $command != "login" && $command != "logout") { $message = "Invalid Command"; $command = ""; } if ($command == "login") { $loginName = Util::getStringParam($_POST, "loginName"); $password = Util::getStringParam($_POST, "password"); $dbStatement = Util::getDbConnection()->prepare("SELECT UserID " . "FROM User " . "WHERE LoginName = :loginName " . "AND Password = PASSWORD( :password )"); $dbStatement->bindParam(":loginName", $loginName, PDO::PARAM_STR); $dbStatement->bindParam(":password", $password, PDO::PARAM_STR); $dbStatement->execute(); $row = $dbStatement->fetch(PDO::FETCH_NUM); if (!$row) {
</BODY></HTML> <?php exit; } $extending = $command == "Extend" || $command == "ExtendPreview" || $command == "ExtendSave"; $editing = $command == "Edit" || $command == "EditPreview" || $command == "EditSave"; Util::getSessionAndUserIDs($sessionID, $userID); $storyName = Util::getStringValue("StoryName"); $siteName = Util::getStringValue("SiteName"); $storyHome = Util::getStringValue("StoryHome"); $siteHome = Util::getStringValue("SiteHome"); $adminEmail = Util::getStringValue("AdminEmail"); $maxLinks = Util::getIntValue("MaxLinks"); $countDate = Util::getStringValue("CountDate"); $countValue = Util::getIntValue("CountValue"); $isWriteable = Util::getStringValue("IsWriteable"); if ($isWriteable == "N") { ?> <HTML><HEAD> <TITLE>Creation Error - Episode Creation Disabled</TITLE> </HEAD><BODY> <CENTER> <H1>Creation Error</H1> <H2>Episode Creation Disabled</H2> <TABLE WIDTH="500"> <TR> <TD>
public static function canEditEpisode($sessionID, $userID, $episodeID) { if ($userID != 0) { return true; } $dbStatement = Util::getDbConnection()->prepare("SELECT AuthorSessionID, " . "CreationDate " . "FROM Episode " . "WHERE EpisodeID = :episodeID"); $dbStatement->bindParam(":episodeID", $episodeID, PDO::PARAM_INT); $dbStatement->execute(); $row = $dbStatement->fetch(PDO::FETCH_NUM); if (!$row) { throw new HardStoryException("Episode " . $episodeID . " not found."); } $authorSessionID = $row[0]; $creationDate = $row[1]; if ($sessionID == $authorSessionID) { $maxEditDays = Util::getIntValue("MaxEditDays"); $creationTime = strtotime($creationDate); $curTime = time(); $seconds = $curTime - $creationTime; $minutes = (int) ($seconds / 60); $hours = (int) ($minutes / 60); $days = (int) ($hours / 24); if ($days < $maxEditDays) { return true; } } return false; }