1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
<?php
require("lib/markdown.php");
assert_redir(count($args) == 3, 'notes');
$noteid = intval($args[2]);
$note = sql(
"SELECT na.id AS id, na.title AS title, na.text AS text, na.public AS public, na.owner AS owner, ".
"nb.title AS parent_title, nb.id AS parent_id, account.login AS ownername FROM notes na ".
"LEFT JOIN notes nb ON na.parent = nb.id LEFT JOIN account ON account.id = na.owner ".
"WHERE na.id = $noteid"
)->fetch();
assert_error($note && ($note['owner'] == $user['id'] || $user['priv'] >= $priv_admin),
"This note does not exist, or you are not allowed to edit it.");
$note_title = $note['title'];
$note_text = $note['text'];
$note_public = $note['public'];
if (isset($_POST['title']) && isset($_POST['text'])) {
$note_title = esca($_POST['title']);
$note_text = esca($_POST['text']);
$note_html = Markdown($note_text);
$note_public = isset($_POST['public']);
if ($note_title == "") {
$error = "You must enter a title for your note";
} else {
if (isset($_POST['preview']) && $_POST['preview'] == "Preview") {
$preview = $note_html;
$message = "Your preview is below the edit form.";
} else {
sql("UPDATE notes SET title = ?, text = ?, text_html = ?, ".
" public = " . ($note_public?'1':'0') .
" WHERE id = $noteid",
escs($note_title), escs($note_text), escs($note_html));
header("Location: view-notes-" . $noteid);
die();
}
}
}
$title = "Edit : " . $note['title'];
$fields = array(
array("label" => "Title : ", "name" => "title", "value" => $note_title),
array("label" => "Public ? ", "name" => "public", "type" => "checkbox", "checked" => $note_public),
array("label" => "Text : ", "name" => "text", "type" => "textarea", "value" => $note_text),
array("label" => "Preview : ", "name" => "preview", "type" => "submit", "value" => "Preview"),
);
$validate = "Edit note";
require("tpl/notes/edit.php");
|
