Gazelle/sections/artist/takeedit.php
2013-02-22 08:00:24 +00:00

61 lines
2.0 KiB
PHP

<?
/*********************************************************************\
The page that handles the backend of the 'edit artist' function.
\*********************************************************************/
include(SERVER_ROOT.'/classes/class_image_tools.php');
authorize();
if(!$_REQUEST['artistid'] || !is_number($_REQUEST['artistid'])) {
error(404);
}
if(!check_perms('site_edit_wiki')) { error(403); }
// Variables for database input
$UserID = $LoggedUser['ID'];
$ArtistID = $_REQUEST['artistid'];
if ( check_perms('artist_edit_vanityhouse') ) {
$VanityHouse = ( isset($_POST['vanity_house']) ? 1 : 0 );
}
if($_GET['action'] == 'revert') { // if we're reverting to a previous revision
authorize();
$RevisionID=$_GET['revisionid'];
if(!is_number($RevisionID)) { error(0); }
} else { // with edit, the variables are passed with POST
$Body = db_string($_POST['body']);
$Summary = db_string($_POST['summary']);
$Image = db_string($_POST['image']);
check_imagehost($Image);
// Trickery
if(!preg_match("/^".IMAGE_REGEX."$/i", $Image)) {
$Image = '';
}
}
// Insert revision
if(!$RevisionID) { // edit
$DB->query("INSERT INTO wiki_artists (PageID, Body, Image, UserID, Summary, Time)
VALUES ('$ArtistID', '$Body', '$Image', '$UserID', '$Summary', '".sqltime()."')");
} else { // revert
$DB->query("INSERT INTO wiki_artists (PageID, Body, Image, UserID, Summary, Time)
SELECT '$ArtistID', Body, Image, '$UserID', 'Reverted to revision $RevisionID', '".sqltime()."'
FROM wiki_artists WHERE RevisionID='$RevisionID'");
}
$RevisionID=$DB->inserted_id();
// Update artists table (technically, we don't need the RevisionID column, but we can use it for a join which is nice and fast)
$DB->query("UPDATE artists_group
SET
". ( isset($VanityHouse) ? "VanityHouse='$VanityHouse'," : '' ) ."
RevisionID='$RevisionID'
WHERE ArtistID='$ArtistID'");
// There we go, all done!
$Cache->delete_value('artist_'.$ArtistID); // Delete artist cache
header('Location: artist.php?id='.$ArtistID);
?>