Location: PHPKode > scripts > Noostr > _engine/handlers/forms.php
<?php defined('SYSPATH') OR die('No direct access to this file is allowed.');
/**
 * Forms handler for POSTed data (excluding login).
 *
 * @package Noostr
 * @subpackage Handler_Forms
 */

if (form_required('type') && strtolower(form('type')) != 'login') {
	$next = $site->root.'/'.$site->startpage;
	switch(strtolower(form('type'))) {
		case 'story':
			// Story submission form
			if (form_required('next')) {
				$next = str_replace('-', '/', form('next'));
			}
			if ($acl->submitStory && form_required('title') && (form_required('url') || form_required('content'))) {
				$title = clean(form('title'));
				$url = clean(form('url'));
				$content = clean(form('content'));
				$node = clean(form('node'));
				$class = get_classid('story');
				if (strtolower(form('action')) == 'edit' && $node != '') {
					$sql = 'update '.PREFIX.'nodes set title = ?, url = ?, description = ? where uid = ?';
					$data = array($title, $url, $content, $node);
					$db->query($sql, $data);
					$next = $site->root.'/story/'.$node;
				} elseif (strtolower(form('action')) == 'new') {
					$sql = 'lock table '.PREFIX.'nodes write';
					$db->query($sql);
					$sql = 'select max(rgt) as rgt from '.PREFIX.'nodes';
					$result = $db->query($sql);
					$rgt = 0;
					if (is_array($result) && isset($result[0])) {
						$rgt = $result[0]['rgt'];
					}
					$submission = microtime(true);
					$sql = 'insert into '.PREFIX.'nodes (lft,rgt,userid,roleid,classid,title,url,description,votes,submissionDate,publishDate,expiryDate) values (?,?,?,?,?,?,?,?,?,?,?,?)';
					$data = array($rgt + 1, $rgt + 2, $user->uid, $acl->anon, $class, $title, $url, $content, 1, $submission, $submission, null);
					$node = $db->query($sql, $data);
					$sql = 'unlock tables';
					$db->query($sql);
					$sql = 'update '.PREFIX.'users set submissions = submissions + 1 where uid = ?';
					$db->query($sql, $user->uid);
					$sql = 'update '.PREFIX.'classes set stories = stories + 1 where uid = ?';
					$db->query($sql, $class);
					$next = $site->root.'/story/'.$node;
				}
			} else {
				// Incomplete or illegal submission.
				set_error('s01');
			}
			break;
		case 'comment':
			// Comment submission form
			if ($acl->submitComment && (form_required('content,parent') || form_required('content,node'))) {
				$content = clean(form('content'));
				$pid = clean(form('parent'));
				$node = clean(form('node'));
				$class = get_classid('comment');
				if (strtolower(form('action')) == 'edit' && $node != '') {
					$sql = 'update '.PREFIX.'nodes set description = ? where uid = ?';
					$data = array($content, $node);
					$db->query($sql, $data);
				} elseif (strtolower(form('action')) == 'new') {
					$rgt = 1;
					$sql = 'lock table '.PREFIX.'nodes write';
					$db->query($sql);
					$sql = 'select rgt from '.PREFIX.'nodes where uid = ?';
					$result = $db->query($sql, $pid);
					if (is_array($result) && isset($result[0])) {
						$rgt = $result[0]['rgt'];
					}
					$sql = 'update '.PREFIX.'nodes set rgt = rgt + 2 where rgt >= ?';
					$db->query($sql, $rgt);
					$sql = 'update '.PREFIX.'nodes set lft = lft + 2 where lft > ?';
					$db->query($sql, $rgt);
					$submission = microtime(true);
					$sql = 'insert into '.PREFIX.'nodes (lft,rgt,userid,roleid,classid,description,votes,submissionDate,publishDate,expiryDate) values (?,?,?,?,?,?,?,?,?,?)';
					$data = array($rgt, $rgt + 1, $user->uid, $acl->anon, $class, $content, 1, $submission, $submission, null);
					$db->query($sql, $data);
					$sql = 'unlock tables';
					$db->query($sql);
					$sql = 'update '.PREFIX.'classes set stories = stories + 1 where uid = ?';
					$db->query($sql, $class);
				}
			} else {
				// Incomplete or illegal comment.
				set_error('c01');
			}
			if (form_required('next')) {
				$next = str_replace('-', '/', form('next'));
			}
			break;
		case 'signup':
			// New user signup
			if (!$user->loggedin || !form_required('signupname') || !form_required('signuppass') || !form_required('signuppass2') || !form_required('signup1') || !form_required('signup2')) {
				if (form('signuppass') == form('signuppass2')) {
					// Check for the username.
					$result = null;
					$sql = 'select uid from '.PREFIX.'users where nick = ?';
					$data = strtolower(form('signupname'));
					$result = $db->query($sql, $data);
					if (!is_array($result) || !isset($result[0]) || $result[0]['uid'] == '') {
						// Username does not already exist.
						$sql = 'insert into '.PREFIX.'users (nick,password,created,votedUp,votedDown,submissions,karma,roleid) values (?,?,?,?,?,?,?,?)';
						$data = array(clean(form('signupname')), sha1(clean(form('signuppass'))), date('Y/m/d h:i:s a'), 0, 0, 0, 1, $acl->default);
						$db->query($sql, $data);
						if ($user->loadfromlogin(clean(form('signupname')), clean(form('signuppass')), clean(form('signup1')), clean(form('signup2')))) {
							$user->loggedin = true;
						}
					} else {
						// Username already exists.
						$next = $site->root.'/login';
						if (form_required('next')) {
							$next .= '?loginreturn=';
							if (substr($site->geturi(), 0, 1) == '/') {
								$next .= substr($site->geturi(), 1);
							} else {
								$next .= $site->geturi();
							}
						}
						set_error('su01');
					}
				} else {
					// Passwords didn't match in the signup form.
					$next = $site->root.'/login';
					if (form_required('next')) {
						$next .= '?loginreturn=';
						if (substr($site->geturi(), 0, 1) == '/') {
							$next .= substr($site->geturi(), 1);
						} else {
							$next .= $site->geturi();
						}
					}
					set_error('su02');
					form_preserve(array('signupname' => form('signupname')));
				}
			} else {
				if ($user->loggedin) {
					// Logged in users can't signup.
					set_error('su03');
				} else {
					// Incomplete or illegal form.
					set_error('su04');
					$next = $site->root.'/login';
				}
			}
			break;
		case 'user':
			if (form_required('next')) {
				$next = str_replace('-', '/', form('next'));
			}
			if ($user->loggedin && $site->allowprofile && (form_required('action') && form('action') == 'edit') && (form_required('node') && $user->uid == form('node'))) {
				// Allowed to edit your own details.
				$firstName = clean(form('firstName'));
				$lastName = clean(form('lastName'));
				$email = clean(form('email'));
				$about = clean(form('about'));
				$passwords = '';
				if (form_required('password1,password2') && form('password1') == form('password2')) {
					$passwords = ", password = '".sha1(form('password1'))."'";
				}
				$sql = 'update '.PREFIX.'users set firstName = ?, lastName = ?, email = ?, about = ?'.$passwords.' where uid = ?';
				$data = array($firstName, $lastName, $email, $about, $user->uid);
				$db->query($sql, $data);
			} else {
				if (!$user->loggedin) {
					// Must be logged in to edit details.
					set_error('ue01');
				} elseif (!$site->allowprofile) {
					// Site does not allow profile editing.
					set_error('ue02');
				} elseif (!form_required('node') || (form_required('node') && $user->uid != form('node'))) {
					// Can't edit someone else's details.
					set_error('ue03');
				} else {
					// Unhandled error or illegal "action".
					set_error('ue04');
				}
			}
			break;
		case 'edit':
			$next = '';
			break;
		case 'admin_update':
			if ($user->loggedin && $site->admin && $user->roleid == $acl->admin && $acl->changeSiteSettings) {
				$sitevals = $site->tpl_getinfo();
				$vars = get_vars($sitevals);
				for ($i = 0, $c = count($vars); $i < $c; $i++) {
					if (form($vars[$i]) != $sitevals[$vars[$i]] && $vars[$i] != 'startpage' && $vars[$i] != 'style' && $sitevals[$vars[$i].'_group'] != 'private') {
						//echo $vars[$i].": ".form($vars[$i])." = ".$sitevals[$vars[$i]]."<br />\n";
						$sql = 'update '.PREFIX.'settings_site set value = ? where variable = ?';
						$data = array(clean(form($vars[$i])), $vars[$i]);
						$db->query($sql, $data);
					}
				}
			}
			$next = form('next');
			break;
		case 'admin_new_page':
			if (form_required('title,roleid,parent,template') && $user->loggedin && $site->admin && $user->roleid == $acl->admin) {
				$title = form('title');
				$url = form('url');
				$content = form('content');
				$displayorder = form('displayorder');
				$roleid = form('roleid');
				$showAlways = form('showAlways');
				$pid = form('parent');
				if ($pid < 1) {
					$pid = null;
				}
				$tid = form('template');
				if ($tid < 1) {
					$tid = null;
				}
				if ($url == '' || $url == null) {
					$url = '/'.trim(str_replace(' ', '_', $url));
				}
				if (substr($url, 0, 1) != '/') {
					$url = '/'.$url;
				}
				$sql = 'insert into '.PREFIX.'pages (pid,tid,created,displayOrder,url,title,type,description,roleid,showAlways) values (?,?,?,?,?,?,?,?,?,?)';
				$data = array($pid, $tid, date('Y/m/d h:i:s a'), $displayorder, $url, $title, 'page', $content, $roleid, $showAlways);
				$db->query($sql, $data);
				$next = form('from');
			} else {
				// No title set.
				set_error('ape01');
			}
			break;
		case 'admin_edit_page':
			if (form_required('title,roleid,parent,template') && $user->loggedin && $site->admin && $user->roleid == $acl->admin) {
				$title = form('title');
				$url = form('url');
				$content = form('content');
				$displayorder = form('displayorder');
				$roleid = form('roleid');
				$showAlways = form('showAlways');
				$pid = form('parent');
				if ($pid < 1) {
					$pid = null;
				}
				$tid = form('template');
				if ($tid < 1) {
					$tid = null;
				}
				$uid = form('id');
				if ($url == '' || $url == null) {
					$url = '/'.trim(str_replace(' ', '_', $url));
				}
				if (substr($url, 0, 1) != '/') {
					$url = '/'.$url;
				}
				$sql = 'update '.PREFIX.'pages set pid = ?, tid = ?, displayOrder = ?, url = ?, title = ?, description = ?, roleid = ?, showAlways = ? where uid = ?';
				$data = array($pid, $tid, $displayorder, $url, $title, $content, $roleid, $showAlways, $uid);
				$db->query($sql, $data);
				$next = form('from');
			} else {
				// No title set.
				set_error('ape01');
			}
			break;
		case 'admin_delete_page':
			if (form_required('id') && $user->loggedin && $site->admin && $user->roleid == $acl->admin) {
				$sql = 'delete from '.PREFIX.'pages where uid = ?';
				$db->query($sql, form('id'));
				$next = form('from');
			}
			break;
	}
	if ($next != '') {
		locate($next);
	}
}
Return current item: Noostr