// This site cannot be seen if user is not logged in.
if (!isset($_SESSION['username'])) {
header('Location: index.php');
}
$cPoem = new CPoem($db, $_SESSION);
// First we must check if POST-data is given. If there is POST-data,
// then we have shown this page already and user has pressed button
// what will send (possible) modified data here again.
if (isset($_POST)) {
// Get poem ID from POST-values.
$id = mysql_real_escape_string($_POST['id']);
// Check that this poem really belongs to logged user.
// This should be done here also, because otherwise it
// would be possible that someone just sends POST-data
// and then he/she could edit any poem he wants to.
$owner_id = $cPoem->getPoemWriterID($id);
// Is poem owner really the same than the user who is logged in?
if ($owner_id == $_SESSION['id']) {
$cPoem->editPoem($_POST);
$_SESSION['message'] = 'Runo päivitetty!';
// Icon to show
$_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear' . '_app_clean.png';
header('Location: ownpage.php');
}
}
// Create starting HTML and menu at the top
create_site_top();
create_top_menu();
echo '<div class="edit_poem">';
// If there is no ID given in URL, then show error.
if (!isset($_GET['id'])) {
