<?php require_once "./database.php"; require_once "./session.php"; /* This page handles uploading of blog posts. TODO: Need to secure this by making sure correct CSRF token was sent */ //if the user is not logged in, do not allow the upload to continue into database if (!Session::userLoggedIn()) { header("Location: login.php"); exit; } $req = $_POST; $needed = array("author", "title", "text", "token"); foreach ($needed as $key => $value) { if (!isset($req[$value])) { die("Missing {$value}"); } } if (!Session::verifyToken($req['token'])) { $str = urlencode("Request could not be handled, token does not match"); header("Location: admin.php?blog=true&uploaded={$str}"); exit; } $title = Database::sanitizeData($req['title']); $text = Database::sanitizeData($req['text']); $author = Database::sanitizeData($req['author']); Database::createBlogPost($author, $title, $text); header("Location: admin.php?blog=true&uploaded=yes"); exit;