163 lines
4.5 KiB
PHP
163 lines
4.5 KiB
PHP
<?php
|
|
global $c;
|
|
|
|
UserAuth::require("can_post");
|
|
|
|
$varUser = UserAuth::getUser();
|
|
$strId = Request::getArg(0);
|
|
|
|
$strContent = "";
|
|
$strLocation = Request::getParam("to") ?? "";
|
|
$strVisibility = "";
|
|
$strVerb = "Create";
|
|
$intPublic = 0;
|
|
|
|
if ($strId !== null && strlen($strId) > 0)
|
|
{
|
|
$strVerb = "Edit";
|
|
$varRows = $c->query("SELECT * from posts where id = ?", $strId);
|
|
|
|
if (count($varRows) !== 1)
|
|
{
|
|
PageRender::message("Zero or more than one row returned", "danger");
|
|
Respond::redirect("/post");
|
|
}
|
|
|
|
$varRow = $varRows[0];
|
|
$strContent = $varRow["content"];
|
|
$strLocation = $varRow["location"];
|
|
$strVisibility = $varRow["visibility"];
|
|
$intPublic = 0;
|
|
|
|
if ($strVisibility == "public")
|
|
$intPublic = 1;
|
|
|
|
if (!UserAuth::has("is_admin"))
|
|
if ($varUser["username"] !== $varRow["username"])
|
|
{
|
|
PageRender::message("You are not the author of that post.");
|
|
Respond::redirect("/post");
|
|
}
|
|
}
|
|
|
|
|
|
if (Request::posts("location", "content", "visibility", "public"))
|
|
{
|
|
$strLocation = Request::getPosted("location");
|
|
$strContent = Request::getPosted("content");
|
|
$strVisibility = Request::getPosted("visibility");
|
|
$intPublic = intval(Request::getPosted("public"));
|
|
|
|
if (!preg_match("/^\//", $strLocation))
|
|
$strLocation = "/{$strLocation}";
|
|
|
|
$strVisibility = "private";
|
|
if ($intPublic == 1)
|
|
$strVisibility = "public";
|
|
|
|
if ($strId == null || strlen($strId) < 1)
|
|
{
|
|
$c->query(
|
|
"INSERT into posts (username, content, location, visibility)
|
|
values (?, ?, ?, ?)",
|
|
$varUser["username"],
|
|
$strContent,
|
|
$strLocation,
|
|
$strVisibility);
|
|
|
|
$strId = $c->query("get_last_post.sql")[0]["id"];
|
|
|
|
PageRender::message("Post created.", "success");
|
|
Respond::redirect("/{$strId}");
|
|
}
|
|
|
|
if (strlen($strContent) < 1)
|
|
{
|
|
$c->query("DELETE from posts where id = ?", $strId);
|
|
PageRender::message("Post deleted successfully.", "success");
|
|
Respond::redirect("/post");
|
|
}
|
|
|
|
$c->query(
|
|
"UPDATE posts
|
|
set
|
|
content = ?,
|
|
location = ?,
|
|
visibility = ?,
|
|
updated = current_timestamp
|
|
where
|
|
id = ?",
|
|
$strContent,
|
|
$strLocation,
|
|
$strVisibility,
|
|
$strId);
|
|
|
|
PageRender::message("Post saved.", "success");
|
|
Respond::redirect("/post/{$strId}");
|
|
}
|
|
?>
|
|
|
|
<?php PageRender::message(); ?>
|
|
|
|
<style>
|
|
textarea {
|
|
font-family: monospace;
|
|
}
|
|
</style>
|
|
|
|
<form method="post">
|
|
<div>
|
|
<div>
|
|
<label>Content</label>
|
|
</div>
|
|
<div>
|
|
<textarea
|
|
name="content"
|
|
placeholder="Enter markdown content here..."
|
|
><?= $strContent; ?></textarea>
|
|
</div>
|
|
</div>
|
|
|
|
<div>
|
|
<table>
|
|
<tbody>
|
|
<tr>
|
|
<td><label>Location</label></td>
|
|
<td>
|
|
<input
|
|
type="text"
|
|
name="location"
|
|
placeholder="/"
|
|
value="<?= $strLocation; ?>" />
|
|
</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td><label>Public</label></td>
|
|
<td>
|
|
<input type="hidden" name="visibility" value="" />
|
|
<input type="hidden" name="public" value="0" />
|
|
<input
|
|
type="checkbox"
|
|
name="public"
|
|
value="1"
|
|
<?= $intPublic == 1? "checked": "" ?>
|
|
/>
|
|
</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td></td>
|
|
<td>
|
|
<input
|
|
type="submit"
|
|
value="Go" />
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</form>
|
|
|
|
<?php PageRender::uploads(); ?>
|