The following files exists in this folder. Click to view.
Foogler_blog/pages
PAuthor.php
PCommentProcess.php
PDeleteCommentProcess.php
PDeletePost.php
PDeletePostProcess.php
PEditPost.php
PEditPostProcess.php
PErDiagramme.php
PIndex.php
PInstall.php
PInstallProcess.php
PNewPost.php
PNewPostProcess.php
PRssFeed.php
PShowPost.php
PStatistics.php
PValidate.php
login/
<?php
//--------------------------
// PNewPostProcess.php
//
// Handles process for adding new post
//--------------------------
//Checks that user is logged in
if(!isset($_SESSION['accountUser'])) {
require_once("login/PLogin.php");
exit;
} else if($_SESSION['accountUser'] == "guest" ) {
die("Sorry, you don't have the priviliges for doing this...");
}
//--------------------------
//Handles POST variables
$idAuthor = isset($_POST['idAuthor']) ? $_POST['idAuthor'] : '';
$postTitle = isset($_POST['postTitle']) ? $_POST['postTitle'] : '';
$postText = isset($_POST['postText']) ? $_POST['postText'] : '';
$tags = isset($_POST['tags']) ? $_POST['tags'] : '';
//--------------------------
//DB stuff
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_DATABASE); //New DB object
if (mysqli_connect_error()) {
echo "Connect failed: ".mysqli_connect_error()."<br>";
exit();
}
$mysqli->set_charset("utf8");
//Prevent SQL injections
$postTitle = $mysqli->real_escape_string($postTitle);
$postText = $mysqli->real_escape_string($postText);
$tags = $mysqli->real_escape_string($tags);
$idAuthor = $mysqli->real_escape_string($idAuthor);
//-------------------------
//SQL query
$tablePost = DB_PREFIX . 'Post';
$tableTag = DB_PREFIX . 'Tag';
$tablePostTag = DB_PREFIX . 'PostTag';
$query = <<<END
--
-- Inserts new post
--
INSERT INTO {$tablePost}(postTitle, postText, postDate, Post_idAuthor)
VALUES ('{$postTitle}', '{$postText}', NOW(), {$idAuthor});
END;
//Performs query
$res = $mysqli->query($query) or die("Could not query database.");
$query = "";
$tagArray = explode(',', $tags); //Separates tag string
//For each tag, check if it exists and if not adds it to DB
foreach($tagArray as $tag) {
$tag = trim($tag); //Removes whotespace
//Query
$queryTwo = <<<END
--
-- Gets tag
--
SELECT idTag FROM {$tableTag} WHERE tagName = '{$tag}';
END;
//Performs query
$res = $mysqli->query($queryTwo) or die("Could not query database.");
//If previous query didn't return any rows, adds query to insert new tag to DB
if($res->num_rows == 0) {
$query .= <<<END
--
-- Adds new tag
--
INSERT INTO {$tableTag}(tagName) VALUES ('{$tag}');
END;
}
$res->close();
//Query
$query .= <<<END
--
-- Inserts new post + tag connection
--
INSERT INTO {$tablePostTag} (PostTag_idPost, PostTag_idTag)
VALUES (
(SELECT idPost FROM {$tablePost} WHERE postTitle = '{$postTitle}' ORDER BY postDate DESC LIMIT 1),
(SELECT idTag FROM {$tableTag} WHERE tagName = '{$tag}')
);
END;
}
//Performs query
$res = $mysqli->multi_query($query) or die("Could not query database");
$mysqli->close(); //Closes DB connection
//---------------------
//Redirects to index page
require_once(TP_SOURCEPATH . 'CHTMLPage.php');
header("Location:" . WS_SITELINK . "?p=index");
exit;