Location: PHPKode > scripts > Ja2BU > edit.php
<?php session_start();
/**********************************************************************
*  Copyright notice Ja2BU 1.1.
*
*  (c) 2011 Predrag Rukavina - admin[at]phpform[dot]net
*  All rights reserved
*
*  This script is part of the Ja2BU project. 
*  The Ja2BU project is free software; you can redistribute it and/or
*  modify it under the terms of the GNU General Public License
*  as published by the Free Software Foundation; either version 2
*  of the License, or (at your option) any later version.
*
*  This program is distributed in the hope that it will be useful,
*  but WITHOUT ANY WARRANTY; without even the implied warranty of
*  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*  GNU General Public License for more details.
*
*  You should have received a copy of the GNU General Public License
*  along with this program; if not, write to the Free Software
*  Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
*  MA  02110-1301, USA.
*
*  This copyright notice MUST appear in all copies of the script!
************************************************************************/
include ('settings.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
require_once ('salt.php');
require_once ('classes/securesession.class.php');
$ss = new SecSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = $salt;
$ss->regenerate_id = true;
if(!$ss->Check() || !isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) {
  die();
}
if(!$_SESSION['inecsess']) {
  die();
}
include('session.php');
$smarty->display('submit.php');
if($incitem == 0) {
  echo "<a href='javascript:history.go(-1)'>$lang[EDITDISB]</a></center>";
  echo "</div></div>";
  $smarty->display('footer.php');
  die();
}
if(isset($_POST['submit'])) {
  $blogid = $_POST['blogid'];
  $bname = $_POST['bname'];
  $univer = $_POST['univer'];
  $hashtags = $_POST['hashtags'];
  $bamess = $_POST['bamess'];
  if(get_magic_quotes_gpc()) {
    $blogid = stripslashes($blogid);
    $univer = stripslashes($univer);
    $bname = stripslashes($bname);
    $hashtags = stripslashes($hashtags);
    $bamess = stripslashes($bamess);
    }
  if(strlen($bname) < 3) {
    echo "$lang[POSTERR1] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bname) > 250) {
    echo "$lang[POSTERR2] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bamess) < 10) {
    echo "$lang[POSTERR3] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  if(strlen($bamess) > $maxposting) {
    echo "Error [23] <a href='javascript:history.go(-1)'>$lang[BOOKBACK]</a></div></div>";
    $smarty->display('footer.php');
    die();
  }
  $name = array($bname,$hashtags,$bamess);
	$list = "/(content-type|mime-version|content-transfer-encoding|to:|bcc:|cc:|document.cookie|document.write|onmouse|onkey|onclick|onload)/i";
	foreach($name as $name) {
		if(preg_match($list,$name)) {
			echo "<center><font face='verdana'>$lang[INVALIDCHAR] '??' </font></center></div></div>";
			die();
		}
	}
  $bamess = htmlspecialchars($bamess);
  $shouter = @$_SESSION['INC_USER_ID'];
  $helper = preg_replace('/([?,\/,|,",\',:,%,*,(,),[,\,\],\,])/',"-",$bname);
  $helper = urlencode($helper);
    $sql = $conn->Prepare('UPDATE article SET btexty = ?, bhelper = ?, bamess = ?, tags = ? WHERE  `blogid` = ? and buserid = ?');
    if($conn->Execute($sql,array($bname,$helper,$bamess,$hashtags,$blogid,$shouter)) === false) {
      print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
    }
    $bamess = htmlspecialchars_decode($bamess);
    $bamess = strip_tags($bamess);
    $sql2 = $conn->Prepare('UPDATE onewse SET  otexty = ?, ohelper = ?, oamess = ? WHERE  `oniver` = ?');
    if($conn->Execute($sql2,array($bname,$helper,$bamess,$univer)) === false) {
      print '<br /><div id="error">error inserting[1]: '.$conn->ErrorMsg().'</div><br />';
    }
  $conn->Close();
  echo "$lang[EDITSUCC]<br />";
?>
- <a href="article.php?name=<?php echo $univer ?>"><?php echo stripslashes($bname) ?> [View]</a>
<?php
} else {
  $id = $_GET['id'];
  $shouter = $_SESSION['INC_USER_ID'];
  $arecordSet = &$conn->Execute('SELECT * FROM article WHERE blogid = ? and buserid = ? LIMIT 1',array($id,$shouter));
  if($arecordSet->fields == 0) {
    echo "<div id='error'>Error [88]</div></div>";
    $smarty->display('footer.php');
    $arecordSet->Close();
    $conn->Close();
    die();
  }
  while(!$arecordSet->EOF) {
      $blogid = $arecordSet->fields['blogid'];
      $univer = $arecordSet->fields['univer'];
      $btexty = $arecordSet->fields['btexty'];
      $firstfield = htmlspecialchars($btexty);
      $tags = $arecordSet->fields['tags'];
      $bamess = $arecordSet->fields['bamess'];
?>
<script>
function goto(site) {
var msg = confirm("Are you sure you want to delete this entry? This action cannot be undone!")
if (msg) {window.location.href = site}
else (null)
}
</script>
<div style="width:615px;height:52px">
<div>
<form id="incform" action="edit.php" method="post">
<input type="hidden" name="blogid" value="<?php echo $blogid; ?>" />
<input type="hidden" name="univer" value="<?php echo $univer; ?>" />
<h3><?php echo $lang['EDITNEWS'] ?></h3>
<div><?php echo $lang['BOOKFIELD1']; ?>:</div>
<div><input id="firstfield" type="text" name="bname" value="<?php echo $firstfield; ?>" class="incc" /></div>
<br />
<br />
<div><?php echo $lang['POSTDES']; ?>:</div>
<script>edToolbar('mytxtarea3'); </script>
<div><textarea id="mytxtarea3" name="bamess" class="ed"><?php echo $bamess; ?></textarea></div><br /><br />
<div><?php echo $lang['TAGS']; ?>: <?php echo $lang['TAGSDESC']; ?></div>
<div><input id="firstfield" type="text" value="<?php echo $tags; ?>" name="hashtags" class="incc" /></div>
<br />
<br />
<div><input class="buton" type="submit" value="<?php echo $lang['LINKSUB']; ?>" name="submit" /></div>
</form>
<?php
    $arecordSet->MoveNext();
  }
  $arecordSet->Close();
  $conn->Close();
}
?>
</div></div></div></div>
<?php
$smarty->display('footer.php');
######################################
##edit.php                      1.1.##
######################################
?>
Return current item: Ja2BU