-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathcreate.php
More file actions
executable file
·45 lines (39 loc) · 1.22 KB
/
create.php
File metadata and controls
executable file
·45 lines (39 loc) · 1.22 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<?php
include 'includes.php';
session_start();
if($_SESSION['isAdmin']) {
//is logged in and is admin
if(isset($_POST['submit'])) {
$title = addslashes($_POST['title']);
$blog = addslashes($_POST['blog']);
$date = date_create();
$date_formatted = date_format($date, 'Y-m-d H:i:s');
if(!empty($title) && !empty($blog)) {
//Saving the post to SQL
Connect();
mysql_select_db('blog');
$author_id = $_SESSION['author_id'];
$sql = "INSERT INTO blog_posts (title, post, author_id, date_posted) VALUES ('$title', '$blog', '$author_id', '$date_formatted')";
mysql_query($sql);
$postId = mysql_insert_id();
$_SESSION['post_id'] = $postId;
Disconnect();
//Success
$success = true;
header("Location: view.php");
} else {
$error_msg = "Please fill in all fields before continuing";
$success = false;
}
//unset session vars
} else {
$_SESSION['blogpost_editor'] = "create.php";
$_SESSION['title'] = "Create a New";
header("Location: blogpost_editor.php");
}
} elseif($_SESSION['isClient']) {
//logged in as a client => go back to public_view
} else {
header("Location: login.php");
}
?>