The following files exists in this folder. Click to view.
Foogler_blog/pages
PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/
<?php
//--------------------------
// PEditPostProcess.php
//
// Performs process for editing post
//--------------------------
//Note: At the moment it's not possible to remove tags
//Checks that user is logged in
if(!isset($_SESSION['accountUser'])) {
require_once("login/PLogin.php");
exit;
} else if($_SESSION['accountUser'] == "guest" ) {
die("Sorry, you don't have the priviliges for doing this...");
}
//--------------------------
//Handles POST variables
$idPost = isset($_POST['idPost']) ? $_POST['idPost'] : '';
$postTitle = isset($_POST['postTitle']) ? $_POST['postTitle'] : '';
$postText = isset($_POST['postText']) ? $_POST['postText'] : '';
$tags = isset($_POST['tags']) ? $_POST['tags'] : '';
//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); //New DB object
if (mysqli_connect_error()) {
echo "Connect failed: ".mysqli_connect_error()."<br>";
exit();
}
$mysqli->set_charset("utf8");
//Prevent SQL injections
$postTitle = $mysqli->real_escape_string($postTitle);
$postText = $mysqli->real_escape_string($postText);
$tags = $mysqli->real_escape_string($tags);
$idPost = $mysqli->real_escape_string($idPost);
//------------------------
//SQL query
$tablePost = DB_PREFIX . 'Post';
$tableTag = DB_PREFIX . 'Tag';
$tablePostTag = DB_PREFIX . 'PostTag';
$query = <<<END
--
-- Edits post
--
UPDATE {$tablePost}
SET
postTitle = '{$postTitle}',
postText = '{$postText}'
WHERE
idPost = {$idPost};
END;
$tagArray = explode(',', $tags); //Separates string with tags
//For each tag, makes sure it doesn't already exist - if it doesn't, adds the tag to DB
foreach($tagArray as $tag) {
$tag = trim($tag); //Removes whitespace around tag
//-------------------
//SQL query
$queryTwo = <<<END
--
-- Selects tag by name
--
SELECT idTag FROM {$tableTag} WHERE tagName = '{$tag}';
END;
//Performs query
$res = $mysqli->query($queryTwo) or die("Could not query database" . $mysqli->errno . " : " . $mysqli->error);
//If the previous query didn't yield any results, adds query to insert new tag
if($res->num_rows == 0) {
$query .= <<<END
--
-- Adds new tag
--
INSERT INTO {$tableTag}(tagName) VALUES ('{$tag}');
END;
}
$res->close();
//-----------------
//SQL query
$queryTwo = <<<END
--
-- Selects tag + post connection for chosen post and current tag
--
SELECT * FROM {$tablePostTag}
WHERE PostTag_idPost = {$idPost}
AND PostTag_idTag = (SELECT idTag FROM {$tableTag} WHERE tagName = '{$tag}');
END;
//Performs query
$res = $mysqli->query($queryTwo) or die("Could not query database" . $mysqli->errno . " : " . $mysqli->error);
//If the previous query didn't yield any results, adds query to insert tag + post connection
if($res->num_rows == 0) {
$query .= <<<END
--
-- Adds post + tag connection
--
INSERT INTO {$tablePostTag} (PostTag_idPost, PostTag_idTag)
VALUES ({$idPost}, (SELECT idTag FROM {$tableTag} WHERE tagName = '{$tag}'));
END;
}
$res->close();
}
//Performs multiple queries
$res = $mysqli->multi_query($query) or die("Could not query database" . $mysqli->errno . " : " . $mysqli->error);
$mysqli->close(); //Closes DB connection
//---------------------
//Redirects to post page
header("Location:" . WS_SITELINK . "?p=post&id=" . $idPost);
exit;