public function create()
{
AuthLib::authed();
$method = $_SERVER["REQUEST_METHOD"];
if ($method == "GET") {
echo HSHTPL::template("newform");
} else {
if ($method == "POST") {
$dbh = new PDO(DatabaseConfig::$connectionstring);
$sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");";
$query = $dbh->prepare($sql);
$title = $_POST["blogtitle"];
$slug = LIBLIB::slugify($title);
$content = $_POST["blogcontent"];
$query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time()));
header("Location: /kontrol/taarn");
exit;
}
}
}
<?php
$time = -microtime(true);
include "./init.php";
include APPLICATION_PATH . "/config.php";
include APPLICATION_PATH . "/pdo_connect.php";
include APPLICATION_PATH . '/post.php';
include APPLICATION_PATH . '/posts.php';
include APPLICATION_PATH . '/tag.php';
include APPLICATION_PATH . "/baseController.php";
include APPLICATION_PATH . "/publicController.php";
include APPLICATION_PATH . "/adminController.php";
include APPLICATION_PATH . "/statLib.php";
include APPLICATION_PATH . "/view.php";
$login = AuthLib::getLoggedUser();
$displayName = AuthLib::getDisplayNameByLogin($login);
if ($displayName) {
$ctrller = new AdminController();
}
$ctrller = new PublicController();
View::addHeadLine('<title>R2</title>');
View::printPageStart();
echo $displayName ? "<div class=\"userAction\">Logged as <b>{$displayName}</b> " : '<div>';
AuthLib::getAction();
echo '</div>';
$ctrller->printHtml();
$time += microtime(true);
echo '<div class="stats">Memory used: ' . memory_get_usage(true) / 1024 . "kiB | Time consumed: {$time}s </div>";
View::printPageEnd();
// logout action
if (!empty($_POST['logout'])) {
unset($_SESSION['user']);
session_destroy();
$referer = $referer ? $referer : 'index.php';
header("Location: {$referer}");
exit;
}
$valid = true;
// has the form just been submitted?
if (!empty($_POST['loginAttempt'])) {
$login = !empty($_POST['login']) ? $_POST['login'] : false;
$passwd = !empty($_POST['password']) ? $_POST['password'] : false;
$referer = !empty($_POST['referer']) ? $_POST['referer'] : $referer;
if ($login !== false && $passwd !== false) {
$valid = AuthLib::validateLogin($login, $passwd);
if ($valid) {
$_SESSION['user'] = $login;
if ($referer) {
$refererParts = explode(':', $referer);
array_shift($refererParts);
$refererParts = array_merge(array('https'), $refererParts);
$referer = implode(':', $refererParts);
} else {
$referer = 'index.php';
}
header("Location: {$referer}");
exit;
}
sleep(1);
}
