diff options
| author | root | 2014-10-19 03:54:53 +0200 |
|---|---|---|
| committer | root | 2014-10-19 03:54:53 +0200 |
| commit | 2330bb06ececee220d854883a2870a3adf17c277 (patch) | |
| tree | e49f6b561faf5b39a81d57d54fa57a1550074c0f /action.php | |
| parent | a3009bf57d50fbc25a707b32fb3c5c170d011680 (diff) | |
| download | jungegemeinde-2330bb06ececee220d854883a2870a3adf17c277.tar.gz | |
Version 4.1. Support for photo galleries and advanced caching.
Diffstat (limited to 'action.php')
| -rw-r--r-- | action.php | 65 |
1 files changed, 64 insertions, 1 deletions
@@ -12,7 +12,7 @@ if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){ ob_clean(); exit; } -$cache = false; +$c->bypassCache = true; switch($_GET["task"]){ case("login"): @@ -287,6 +287,69 @@ JG Adlershof"; ob_end_flush(); exit; break; + case("gallery"): + lredirect("foto"); + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); + echo "Method not allowed"; + exit; + } + if ( ! isset($_POST["name"]) || $_POST["name"] == "" ){ + //print_gallery("name"); + redirect("foto"); + } + if ( ! isset($_POST["desc"]) ){ + $_POST["desc"] = ""; + } + $sql = $db->prepare("INSERT INTO " . DBPREFIX . "gallery (id, name, description, owner, restricted, time) VALUES (NULL, %s, %s, %d, %d, %d);", $_POST["name"], $_POST["desc"], $user->getUserId(), 0, time() ); + if ( $db->doQuery($sql) ){ + $c->flush2(); + redirect("foto"); + } else { + redirect("foto"); + //print_gallery("database"); + } + break; + case("editGallery"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); + echo "Method not allowed"; + exit; + } + if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){ + $_GET["gallery"] = 0; + } + lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]).";edit=1" ); + if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["desc"]) || $_POST["desc"] == "" || $_GET["gallery"] == 0 ){ + redirect("foto"); + } + $sql = $db->prepare("UPDATE " . DBPREFIX . "gallery SET name = %s, description = %s WHERE id = %d;", $_POST["name"], $_POST["desc"], $_GET["gallery"]); + if ( $db->doQuery($sql) ){ + $c->flush2(); + redirect( "gallery&gallery=" . htmlentities($_GET["gallery"]) ); + } else { + redirect("foto"); + } + break; + case("deleteGallery"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); + echo "Method not allowed"; + exit; + } + lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]) ); + if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){ + redirect( "gallery;gallery=".htmlentities($_GET["gallery"]) ); + } + rrmdir( IMAGE_PATH . $_GET["gallery"] ); + $sql = $db->prepare("DELETE FROM " . DBPREFIX . "gallery WHERE id = %d;", $_GET["gallery"]); + if ( $db->doQuery($sql) ) + $c->flush2(); + redirect("foto"); + break; default: print_404(); break; |