edit.php

   1 <?php
   2
   3 require 'includes/config.inc.php';
   4 require INCLUDES_PATH.'prepend.php';
   5
   6 if (isset($_GET['id'])) {
   7     $idNews = intval($_GET['id']) ;
   8 } else {
   9     die('News id needed. Please use the back button.');
  10 }
  11
  12 try {
  13     $tpl = new templates();
  14
  15     $tpl->action = 'edit.php?id='.$idNews;
  16
  17     $pdo = new PDO(DBH);
  18     $q = $pdo->query('SELECT * FROM news WHERE id='.$pdo->quote($idNews));
  19     $data = $q->fetch(PDO::FETCH_ASSOC);
  20     if (!$data) {
  21         die('Nothing in database. Please use the back button.');
  22     }
  23
  24     $tpl->password_fail = false;
  25     $tpl->updated = false;
  26     if (isset($_POST['password']) && PASSWORD != sha1($_POST['password'])) {
  27         $tpl->password_fail = true;
  28     } elseif (isset($_POST['password']) && PASSWORD == sha1($_POST['password'])) {
  29         $tpl->input_title = (!empty($_POST['title'])) ? trim($_POST['title']) : $data['title'];
  30         $tpl->input_text = (!empty($_POST['text'])) ? trim($_POST['text']) : $data['text'];
  31         $uq = $pdo->exec('UPDATE news SET text='. $tpl->input_title .', title='. $tpl->input_text .', editon='.$pdo->quote(time()).' WHERE id='.$pdo->quote($idNews));
  32         if ($uq === false) {
  33             echo "\nError on UPDATE : <br/>";
  34             $x = $pdo->errorInfo();
  35             echo 'errorCode: ',$x[0],'<br/>errorMessage: ',$x[2];
  36             die;
  37         } else {
  38             $tpl->updated = true;
  39         }
  40     }
  41
  42     $tpl->addFile('_begin','header.tpl.php');
  43     $tpl->addFile('_end','footer.tpl.php');
  44     $tpl->addFile('save','save.tpl.php');
  45
  46     $tpl->input_title = $data['title'];
  47     $tpl->input_text = $data['text'];
  48 } catch (PDOException $e) {
  49     die("pdo: ".$e->getMessage());
  50 }
  51
  52 define('ON_EDIT', true);
  53
  54 $tpl->title = "AYANS edit news";
  55 $tpl->render('save');