Location: PHPKode > scripts > Ja2BU > admin/editarticle.php
<?php
include ('header.php');
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
?>
<div id=vforms>
<div id="cconfig">Edit</div>
<?php
$id = $_GET['id'];
if(isset($_POST['submit'])) {
  $blogid = $_POST['blogid'];
  $bname = $_POST['bname'];
  $univer = $_POST['univer'];
  $hashtags = $_POST['hashtags'];
  $bamess = $_POST['bamess'];
  if(get_magic_quotes_gpc()) {
    $blogid = stripslashes($blogid);
    $univer = stripslashes($univer);
    $bname = stripslashes($bname);
    $hashtags = stripslashes($hashtags);
    $bamess = stripslashes($bamess);
    }
  if(strlen($bname) < 3) {
    echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bname) > 250) {
    echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bamess) < 10) {
    echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bamess) > $maxposting) {
    echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  $name = array($bname,$hashtags,$bamess);
	$list = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
	foreach($name as $name) {
		if(preg_match($list,$name)) {
			echo "<center><font face='verdana'>$lang[INVALIDCHAR] '??' </font></center></div></div>";
			die();
		}
	}
  $bamess = htmlspecialchars($bamess);
  $shouter = @$_SESSION['INC_USER_ID'];
  $helper = preg_replace('/([?,\/,|,",\',:,%,*,(,),[,\,\],\,])/',"-",$bname);
  $helper = urlencode($helper);
    $sql = $conn->Prepare('UPDATE article SET btexty = ?, bhelper = ?, bamess = ?, tags = ? WHERE  `blogid` = ?');
    if($conn->Execute($sql,array($bname,$helper,$bamess,$hashtags,$blogid)) === false) {
      print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
    }
    $bamess = htmlspecialchars_decode($bamess);
    $bamess = strip_tags($bamess);
    $sql2 = $conn->Prepare('UPDATE onewse SET  otexty = ?, ohelper = ?, oamess = ? WHERE  `oniver` = ?');
    if($conn->Execute($sql2,array($bname,$helper,$bamess,$univer)) === false) {
      print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
    }
  $conn->Close();
  echo "$lang[EDITSUCC]<br />";
?>
- <a href="<?php echo $sitepath; ?>/article.php?name=<?php echo $univer ?>"><?php echo stripslashes($bname) ?> [View]</a>
<?php
} else {
  $id = $_GET['id'];
  $shouter = $_SESSION['INC_USER_ID'];
  $arecordSet = &$conn->Execute('SELECT * FROM article WHERE blogid = ? LIMIT 1',array($id));
  if($arecordSet->fields == 0) {
    echo "<div id='error'>Error [88]</div></div>";
    $smarty->display('footer.php');
    $arecordSet->Close();
    $conn->Close();
    die();
  }
  while(!$arecordSet->EOF) {
      $blogid = $arecordSet->fields['blogid'];
      $univer = $arecordSet->fields['univer'];
      $btexty = $arecordSet->fields['btexty'];
      $firstfield = htmlspecialchars($btexty);
      $tags = $arecordSet->fields['tags'];
      $bamess = $arecordSet->fields['bamess'];
?>
<div>
<form id="incform" action="editarticle.php" method="post">
<input type="hidden" name="blogid" value="<?php echo $blogid; ?>" />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<div>Title:</div>
<div><input id="incc" type="text" name="bname" value="<?php echo $firstfield; ?>" /></div>
<br />
<br />
<div>Description:</div>
<script>edToolbar('mytxtarea3'); </script>
<div><textarea id="mytxtarea3" name="bamess" style="width:564px;height:455px;" class="ed"><?php echo $bamess; ?></textarea></div><br /><br />
<div>Tags: <?php echo $lang['TAGSDESC']; ?></div>
<div><input id="incc" type="text" value="<?php echo $tags; ?>" name="hashtags" class="incc" /></div>
<br />
<br />
<div><input class="buton" type="submit" value="Submit" name="submit" /></div>
</form>
<?php
    $arecordSet->MoveNext();
  }
  $arecordSet->Close();
  $conn->Close();
}
?>
</div></div>
<?php
include ('footer.php');
######################################
##editarticle.php               1.1.##
######################################

?>
Return current item: Ja2BU