-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathsubmit.php
More file actions
executable file
·143 lines (121 loc) · 7.1 KB
/
submit.php
File metadata and controls
executable file
·143 lines (121 loc) · 7.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php /*====================================================================================
SamNews [http://samjlevy.com/samnews], open-source PHP social news application
sam j levy [http://samjlevy.com]
This program is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this
program. If not, see <http://www.gnu.org/licenses/>.
====================================================================================*/
include('config.php');
if(isset($_SESSION['access']) && ($_SESSION['access'] == 2 || $_SESSION['access'] == 3) && isset($_GET['post'])) {
$mode = "edit";
$post_result = samq("post","id,title,slug,url,description,category",NULL,"id = " . esc($_GET['post']));
} else {
$mode = "new";
}
// handle form submit
if(isset($_SESSION['user']) && isset($_POST['title'])) {
include(INCLUDES_PATH . 'slugify.php');
$error = 0;
$error_msg = array();
// validate fields
if(!isset($_POST['title']) || trim($_POST['title']) == "") { $error = 1; $error_msg[] = "title cannot be blank"; }
if(!isset($_POST['url']) || trim($_POST['url']) == "") { $error = 1; $error_msg[] = "url cannot be blank"; }
elseif(!filter_var(trim($_POST['url']), FILTER_VALIDATE_URL)) { $error = 1; $error_msg[] = "invalid url"; }
elseif(strlen(trim($_POST['url'])) > 255) { $error = 1; $error_msg[] = "url cannot be longer than 255 characters"; }
if(trim($_POST['description']) == "") $description = NULL; else $description = $_POST['description'];
$category = $_POST['category'];
if($error == 0) {
if($mode == "edit") {
$slug = $_POST['slug'];
} else {
$slug = slugify(replace_schars(trim($_POST['title'])));
}
$domain = parse_url(trim($_POST['url']), PHP_URL_HOST);
$domain = str_replace("www.","",$domain);
if($mode == "new") {
// passed check, execute insert
samq_i("post",array("title","slug","url","domain","author","description","category","score","ip","created"),array($_POST['title'],$slug,$_POST['url'],$domain,$_SESSION['user_id'],$description,$category,1,gethostbyaddr($_SERVER['REMOTE_ADDR']),DATETIME_NOW));
// add one to user's score
samq_c("UPDATE users SET post_count = post_count + 1 WHERE id = " . esc($_SESSION['user_id']));
} elseif($mode == "edit") {
// passed check, execute update
samq_u("post",array("title","slug","url","domain","description","category"),array($_POST['title'],$slug,$_POST['url'],$domain,$description,$category), "id = " . $post_result[0]['id']);
}
// redirect to slug
header("Location: " . SITE_URL . "/v/" . $slug);
die();
}
}
include('head.php'); ?>
<script type="text/javascript">
function textCounter(field, countfield, maxlimit) {
if(field.value.length > maxlimit)
field.value = field.value.substring(0, maxlimit);
else countfield.value = maxlimit - field.value.length; }
</script>
<script type="text/javascript">
jQuery(function() {
<!-- jQuery autoresize comment textarea -->
$("#description").elastic();
});
</script>
<br />
<div class="content">
<span class="page_title"><?php if($mode=="new") { echo "submit"; } elseif($mode=="edit") { echo "edit"; } ?></span><?php if(isset($_SESSION['access']) && $_SESSION['access'] == 3) { ?> <span class="admin_link"><a href="<?php echo SITE_URL . "/submit/bulk"; ?>">submit bulk</a><?php } ?></span>
<br />
<?php if(isset($_SESSION['user'])) {
// echo error message
if(isset($error) && $error == 1) {
echo "<br /><div class='error'>";
foreach ($error_msg as $e) echo $e . "<br />";
echo "</div><br />";
} ?>
<form method="post" action="<?php echo SITE_URL ?><?php if($mode == "new") { echo "/submit"; } elseif($mode == "edit") { echo "/edit/p/" . $post_result[0]['id']; } ?>">
<table class="form_table" width="500">
<tr><td><strong>title</strong><br />
<div style="padding-bottom:4px;"><input type="text" name="title" style="width:98%;" maxlength="120" onKeyDown="textCounter(this.form.title,this.form.remLen_1,120);" onKeyUp="textCounter(this.form.title,this.form.remLen_1,120);" value="<?php if(isset($_POST['title'])) { echo stripslashes(htmlentities(replace_schars(trim($_POST['title'])))); } elseif($mode == "edit") { echo stripslashes(htmlentities(trim($post_result[0]['title']))); } ?>" /></div>
<input disabled type="text" name="remLen_1" size="3" maxlength="3" value="120"> characters left</td></td></tr>
</table>
<?php if($mode == "edit") { ?>
<br />
<table class="form_table" width="500">
<tr><td><strong>slug</strong><br /><input type="text" name="slug" maxlength="255" style="width:98%;" value="<?php echo trim($post_result[0]['slug']); ?>" /></td></tr>
</table>
<?php } ?>
<br />
<table class="form_table" width="500">
<tr><td><strong>url</strong><br /><input type="text" name="url" maxlength="600" style="width:98%;" value="<?php if(isset($_POST['url'])) { echo stripslashes(htmlentities(replace_schars(trim($_POST['url'])))); } elseif($mode == "edit") { echo stripslashes(htmlentities(trim($post_result[0]['url']))); } ?>" /></td></tr>
</table>
<br />
<table class="form_table" width="500">
<tr><td><strong>description</strong><br />
<div style="padding-bottom:4px;"><textarea name="description" id="description" style="width:98%;" rows="4"><?php if(isset($_POST['description'])) { echo stripslashes(htmlentities(replace_schars(trim($_POST['description'])))); } elseif($mode == "edit") { echo stripslashes(htmlentities(trim($post_result[0]['description']))); } ?></textarea></div>
</tr>
</table>
<br />
<table class="form_table" width="500">
<tr><td><strong>category</strong><br />
<div style="padding-bottom:4px;">
<select name="category">
<?php foreach(samq("category","*",NULL,NULL,"name") as $e) {
echo "<option value='" . $e['id'] . "'" . (((isset($_POST['category']) && $_POST['category'] == $e['id']) || ($mode=="edit" && $e['id'] == $post_result[0]['category']) || (!isset($_POST['category']) && $mode != "edit" && $e['id'] == 5) ? " selected='selected'" : "")) . ">" . $e['name'] . "</option>";
} ?>
</select>
</div>
</tr>
</table>
<br />
<input type="submit" name="submit" value="submit" />
</form>
<?php } else { ?>
<br />you must <a href="<?php echo SITE_URL; ?>/login">login</a> to submit an article | don't have an account? <a href="<?php echo SITE_URL; ?>/register">register here</a>
<?php } ?>
</div>
<br /><br />
<?php include('foot.php'); ?>