aboutsummaryrefslogtreecommitdiff
path: root/action.php
diff options
context:
space:
mode:
Diffstat (limited to 'action.php')
-rw-r--r--action.php65
1 files changed, 64 insertions, 1 deletions
diff --git a/action.php b/action.php
index 1e70b21..e2d0098 100644
--- a/action.php
+++ b/action.php
@@ -12,7 +12,7 @@ if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){
ob_clean();
exit;
}
-$cache = false;
+$c->bypassCache = true;
switch($_GET["task"]){
case("login"):
@@ -287,6 +287,69 @@ JG Adlershof";
ob_end_flush();
exit;
break;
+ case("gallery"):
+ lredirect("foto");
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ ob_clean();
+ echo "Method not allowed";
+ exit;
+ }
+ if ( ! isset($_POST["name"]) || $_POST["name"] == "" ){
+ //print_gallery("name");
+ redirect("foto");
+ }
+ if ( ! isset($_POST["desc"]) ){
+ $_POST["desc"] = "";
+ }
+ $sql = $db->prepare("INSERT INTO " . DBPREFIX . "gallery (id, name, description, owner, restricted, time) VALUES (NULL, %s, %s, %d, %d, %d);", $_POST["name"], $_POST["desc"], $user->getUserId(), 0, time() );
+ if ( $db->doQuery($sql) ){
+ $c->flush2();
+ redirect("foto");
+ } else {
+ redirect("foto");
+ //print_gallery("database");
+ }
+ break;
+ case("editGallery"):
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ ob_clean();
+ echo "Method not allowed";
+ exit;
+ }
+ if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){
+ $_GET["gallery"] = 0;
+ }
+ lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]).";edit=1" );
+ if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["desc"]) || $_POST["desc"] == "" || $_GET["gallery"] == 0 ){
+ redirect("foto");
+ }
+ $sql = $db->prepare("UPDATE " . DBPREFIX . "gallery SET name = %s, description = %s WHERE id = %d;", $_POST["name"], $_POST["desc"], $_GET["gallery"]);
+ if ( $db->doQuery($sql) ){
+ $c->flush2();
+ redirect( "gallery&gallery=" . htmlentities($_GET["gallery"]) );
+ } else {
+ redirect("foto");
+ }
+ break;
+ case("deleteGallery"):
+ if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
+ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
+ ob_clean();
+ echo "Method not allowed";
+ exit;
+ }
+ lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]) );
+ if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){
+ redirect( "gallery;gallery=".htmlentities($_GET["gallery"]) );
+ }
+ rrmdir( IMAGE_PATH . $_GET["gallery"] );
+ $sql = $db->prepare("DELETE FROM " . DBPREFIX . "gallery WHERE id = %d;", $_GET["gallery"]);
+ if ( $db->doQuery($sql) )
+ $c->flush2();
+ redirect("foto");
+ break;
default:
print_404();
break;