public function create() { AuthLib::authed(); $method = $_SERVER["REQUEST_METHOD"]; if ($method == "GET") { echo HSHTPL::template("newform"); } else { if ($method == "POST") { $dbh = new PDO(DatabaseConfig::$connectionstring); $sql = "INSERT INTO news (" . " title" . ", slug" . ", content" . ", timestamp" . ") VALUES (" . " :title" . ", :slug" . ", :content" . ", :timestamp" . ");"; $query = $dbh->prepare($sql); $title = $_POST["blogtitle"]; $slug = LIBLIB::slugify($title); $content = $_POST["blogcontent"]; $query->execute(array(":title" => htmlentities($title), ":slug" => $slug, ":content" => htmlentities($content), ":timestamp" => time())); header("Location: /kontrol/taarn"); exit; } } }
<?php $time = -microtime(true); include "./init.php"; include APPLICATION_PATH . "/config.php"; include APPLICATION_PATH . "/pdo_connect.php"; include APPLICATION_PATH . '/post.php'; include APPLICATION_PATH . '/posts.php'; include APPLICATION_PATH . '/tag.php'; include APPLICATION_PATH . "/baseController.php"; include APPLICATION_PATH . "/publicController.php"; include APPLICATION_PATH . "/adminController.php"; include APPLICATION_PATH . "/statLib.php"; include APPLICATION_PATH . "/view.php"; $login = AuthLib::getLoggedUser(); $displayName = AuthLib::getDisplayNameByLogin($login); if ($displayName) { $ctrller = new AdminController(); } $ctrller = new PublicController(); View::addHeadLine('<title>R2</title>'); View::printPageStart(); echo $displayName ? "<div class=\"userAction\">Logged as <b>{$displayName}</b> " : '<div>'; AuthLib::getAction(); echo '</div>'; $ctrller->printHtml(); $time += microtime(true); echo '<div class="stats">Memory used: ' . memory_get_usage(true) / 1024 . "kiB | Time consumed: {$time}s </div>"; View::printPageEnd();
// logout action if (!empty($_POST['logout'])) { unset($_SESSION['user']); session_destroy(); $referer = $referer ? $referer : 'index.php'; header("Location: {$referer}"); exit; } $valid = true; // has the form just been submitted? if (!empty($_POST['loginAttempt'])) { $login = !empty($_POST['login']) ? $_POST['login'] : false; $passwd = !empty($_POST['password']) ? $_POST['password'] : false; $referer = !empty($_POST['referer']) ? $_POST['referer'] : $referer; if ($login !== false && $passwd !== false) { $valid = AuthLib::validateLogin($login, $passwd); if ($valid) { $_SESSION['user'] = $login; if ($referer) { $refererParts = explode(':', $referer); array_shift($refererParts); $refererParts = array_merge(array('https'), $refererParts); $referer = implode(':', $refererParts); } else { $referer = 'index.php'; } header("Location: {$referer}"); exit; } sleep(1); }