<?php session_start();
/**********************************************************************
* Copyright notice Ja2BU 1.1.
*
* (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
* All rights reserved
*
* This script is part of the Ja2BU project.
* The Ja2BU project is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
* MA 02110-1301, USA.
*
* This copyright notice MUST appear in all copies of the script!
************************************************************************/
include ('settings.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
die();
}
if(!$_SESSION['inecsess']) {
die();
}
include('session.php');
$smarty->display('submit.php');
if($incitem == 0) {
echo "<a href='javascript:history.go(-1)'>$lang[EDITDISB]</a></center>";
echo "</div></div>";
$smarty->display('footer.php');
die();
}
if(isset($_POST['submit'])) {
$blogid = $_POST['blogid'];
$bname = $_POST['bname'];
$univer = $_POST['univer'];
$hashtags = $_POST['hashtags'];
$bamess = $_POST['bamess'];
if(get_magic_quotes_gpc()) {
$blogid = stripslashes($blogid);
$univer = stripslashes($univer);
$bname = stripslashes($bname);
$hashtags = stripslashes($hashtags);
$bamess = stripslashes($bamess);
}
if(strlen($bname) < 3) {
echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
$smarty->display('footer.php');
die();
}
if(strlen($bname) > 250) {
echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
$smarty->display('footer.php');
die();
}
if(strlen($bamess) < 10) {
echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
$smarty->display('footer.php');
die();
}
if(strlen($bamess) > $maxposting) {
echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
$smarty->display('footer.php');
die();
}
$name = array($bname,$hashtags,$bamess);
$list = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
foreach($name as $name) {
if(preg_match($list,$name)) {
echo "<center><font face='verdana'>$lang[INVALIDCHAR] '??' </font></center></div></div>";
die();
}
}
$bamess = htmlspecialchars($bamess);
$shouter = @$_SESSION['INC_USER_ID'];
$helper = preg_replace('/([?,\/,|,",\',:,%,*,(,),[,\,\],\,])/',"-",$bname);
$helper = urlencode($helper);
$sql = $conn->Prepare('UPDATE article SET btexty = ?, bhelper = ?, bamess = ?, tags = ? WHERE `blogid` = ? and buserid = ?');
if($conn->Execute($sql,array($bname,$helper,$bamess,$hashtags,$blogid,$shouter)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$bamess = htmlspecialchars_decode($bamess);
$bamess = strip_tags($bamess);
$sql2 = $conn->Prepare('UPDATE onewse SET otexty = ?, ohelper = ?, oamess = ? WHERE `oniver` = ?');
if($conn->Execute($sql2,array($bname,$helper,$bamess,$univer)) === false) {
print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
}
$conn->Close();
echo "$lang[EDITSUCC]<br />";
?>
- <a href="article.php?name=<?php echo $univer ?>"><?php echo stripslashes($bname) ?> [View]</a>
<?php
} else {
$id = $_GET['id'];
$shouter = $_SESSION['INC_USER_ID'];
$arecordSet = &$conn->Execute('SELECT * FROM article WHERE blogid = ? and buserid = ? LIMIT 1',array($id,$shouter));
if($arecordSet->fields == 0) {
echo "<div id='error'>Error [88]</div></div>";
$smarty->display('footer.php');
$arecordSet->Close();
$conn->Close();
die();
}
while(!$arecordSet->EOF) {
$blogid = $arecordSet->fields['blogid'];
$univer = $arecordSet->fields['univer'];
$btexty = $arecordSet->fields['btexty'];
$firstfield = htmlspecialchars($btexty);
$tags = $arecordSet->fields['tags'];
$bamess = $arecordSet->fields['bamess'];
?>
<script>
function goto(site) {
var msg = confirm("Are you sure you want to delete this entry? This action cannot be undone!")
if (msg) {window.location.href = site}
else (null)
}
</script>
<div style="width:615px;height:52px">
<div>
<form id="incform" action="edit.php" method="post">
<input type="hidden" name="blogid" value="<?php echo $blogid; ?>" />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<h3><?php echo $lang['EDITNEWS'] ?></h3>
<div><?php echo $lang['BOOKFIELD1']; ?>:</div>
<div><input id="firstfield" type="text" name="bname" value="<?php echo $firstfield; ?>" class="incc" /></div>
<br />
<br />
<div><?php echo $lang['POSTDES']; ?>:</div>
<script>edToolbar('mytxtarea3'); </script>
<div><textarea id="mytxtarea3" name="bamess" class="ed"><?php echo $bamess; ?></textarea></div><br /><br />
<div><?php echo $lang['TAGS']; ?>: <?php echo $lang['TAGSDESC']; ?></div>
<div><input id="firstfield" type="text" value="<?php echo $tags; ?>" name="hashtags" class="incc" /></div>
<br />
<br />
<div><input class="buton" type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="submit" /></div>
</form>
<?php
$arecordSet->MoveNext();
}
$arecordSet->Close();
$conn->Close();
}
?>
</div></div></div></div>
<?php
$smarty->display('footer.php');
######################################
##edit.php 1.1.##
######################################
?>