public function create()
{
AuthLib::authed();
$method = $_SERVER["REQUEST_METHOD"];
if ($method == "GET") {
echo HSHTPL::template("newform");
} else {
if ($method == "POST") {
$dbh = new PDO(DatabaseConfig::$connectionstring);
$sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");";
$query = $dbh->prepare($sql);
$title = $_POST["blogtitle"];
$slug = LIBLIB::slugify($title);
$content = $_POST["blogcontent"];
$query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time()));
header("Location: /kontrol/taarn");
exit;
}
}
}
