0)
{
$strVerb = "Edit";
$varRows = $c->query("SELECT * from posts where id = ?", $strId);
if (count($varRows) !== 1)
{
PageRender::message("Zero or more than one row returned", "danger");
Respond::redirect("/post");
}
$varRow = $varRows[0];
$strContent = $varRow["content"];
$strLocation = $varRow["location"];
$strVisibility = $varRow["visibility"];
$intPublic = 0;
if ($strVisibility == "public")
$intPublic = 1;
if (!UserAuth::has("is_admin"))
if ($varUser["username"] !== $varRow["username"])
{
PageRender::message("You are not the author of that post.");
Respond::redirect("/post");
}
}
if (Request::posts("location", "content", "visibility", "public"))
{
$strLocation = Request::getPosted("location");
$strContent = Request::getPosted("content");
$strVisibility = Request::getPosted("visibility");
$intPublic = intval(Request::getPosted("public"));
if (!preg_match("/^\//", $strLocation))
$strLocation = "/{$strLocation}";
$strVisibility = "private";
if ($intPublic == 1)
$strVisibility = "public";
if ($strId == null || strlen($strId) < 1)
{
$c->query(
"INSERT into posts (username, content, location, visibility)
values (?, ?, ?, ?)",
$varUser["username"],
$strContent,
$strLocation,
$strVisibility);
$strId = $c->query("get_last_post.sql")[0]["id"];
PageRender::message("Post created.", "success");
Respond::redirect("/{$strId}");
}
if (strlen($strContent) < 1)
{
$c->query("DELETE from posts where id = ?", $strId);
PageRender::message("Post deleted successfully.", "success");
Respond::redirect("/post");
}
$c->query(
"UPDATE posts
set
content = ?,
location = ?,
visibility = ?,
updated = current_timestamp
where
id = ?",
$strContent,
$strLocation,
$strVisibility,
$strId);
PageRender::message("Post saved.", "success");
Respond::redirect("/post/{$strId}");
}
?>