NewsPen/action.php

<?php

/**
 * Make things happen when buttons are pressed and forms submitted.
 */
require_once __DIR__ . "/required.php";

if ($VARS['action'] !== "signout") {
    dieifnotloggedin();
}

/**
 * Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
 * The message will be displayed by the app.
 * @param string $msg message ID (see lang/messages.php)
 * @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.
 */
function returnToSender($msg, $arg = "") {
    global $VARS;
    if ($arg == "") {
        header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
    } else {
        header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
    }
    die();
}

switch ($VARS['action']) {
    case "editpub":
        $insert = true;
        if (is_empty($VARS['pubid'])) {
            $insert = true;
        } else {
            if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
                $insert = false;
            } else {
                returnToSender("invalid_pubid");
            }
        }
        if (is_empty($VARS['name'])) {
            returnToSender('invalid_parameters');
        }
        if (!is_numeric($VARS['columns'])) {
            returnToSender('invalid_parameters');
        }
        if (!$database->has('pub_styles', ["styleid" => $VARS['style']])) {
            returnToSender('invalid_parameters');
        }
        if (!$database->has('pub_permissions', ["permid" => $VARS['perm']])) {
            returnToSender('invalid_parameters');
        }

        $data = [
            'pubname' => $VARS['name'],
            'pubdate' => date("Y-m-d H:i:s"),
            'styleid' => $VARS['style'],
            'columns' => $VARS['columns'],
            'permid' => $VARS['perm']
        ];

        if ($insert) {
            $data['uid'] = $_SESSION['uid'];
            $database->insert('publications', $data);
        } else {
            $database->update('publications', $data, ['pubid' => $VARS['pubid']]);
        }
        
        returnToSender("pub_saved");
    case "deletepub":
        if ($database->has('publications', ['pubid' => $VARS['pubid']])) {
            $database->delete('publications', ['pubid' => $VARS['pubid']]);
            returnToSender("pub_deleted");
        }
        returnToSender("invalid_parameters");
    case "signout":
        session_destroy();
        header('Location: index.php');
        die("Logged out.");
}
Create template based on SSO code 7 years ago			`<?php`

			`/**`
			`* Make things happen when buttons are pressed and forms submitted.`
			`*/`
			`require_once __DIR__ . "/required.php";`

Fix Business/CommonBugs#1 (expired session logout error) 7 years ago			`if ($VARS['action'] !== "signout") {`
			`dieifnotloggedin();`
			`}`
Create template based on SSO code 7 years ago
Add a bit of cleanup and comments 7 years ago			`/**`
			`* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.`
			`* The message will be displayed by the app.`
			`* @param string $msg message ID (see lang/messages.php)`
			`* @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.`
			`*/`
Create template based on SSO code 7 years ago			`function returnToSender($msg, $arg = "") {`
			`global $VARS;`
			`if ($arg == "") {`
			`header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);`
			`} else {`
			`header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");`
			`}`
			`die();`
			`}`

			`switch ($VARS['action']) {`
Mostly functional publication creation/deletion/editing 7 years ago			`case "editpub":`
			`$insert = true;`
			`if (is_empty($VARS['pubid'])) {`
			`$insert = true;`
			`} else {`
			`if ($database->has('publications', ['pubid' => $VARS['pubid']])) {`
			`$insert = false;`
			`} else {`
			`returnToSender("invalid_pubid");`
			`}`
			`}`
			`if (is_empty($VARS['name'])) {`
			`returnToSender('invalid_parameters');`
			`}`
			`if (!is_numeric($VARS['columns'])) {`
			`returnToSender('invalid_parameters');`
			`}`
			`if (!$database->has('pub_styles', ["styleid" => $VARS['style']])) {`
			`returnToSender('invalid_parameters');`
			`}`
			`if (!$database->has('pub_permissions', ["permid" => $VARS['perm']])) {`
			`returnToSender('invalid_parameters');`
			`}`

			`$data = [`
			`'pubname' => $VARS['name'],`
			`'pubdate' => date("Y-m-d H:i:s"),`
			`'styleid' => $VARS['style'],`
			`'columns' => $VARS['columns'],`
			`'permid' => $VARS['perm']`
			`];`

			`if ($insert) {`
			`$data['uid'] = $_SESSION['uid'];`
			`$database->insert('publications', $data);`
			`} else {`
			`$database->update('publications', $data, ['pubid' => $VARS['pubid']]);`
			`}`

			`returnToSender("pub_saved");`
			`case "deletepub":`
			`if ($database->has('publications', ['pubid' => $VARS['pubid']])) {`
			`$database->delete('publications', ['pubid' => $VARS['pubid']]);`
			`returnToSender("pub_deleted");`
			`}`
			`returnToSender("invalid_parameters");`
Create template based on SSO code 7 years ago			`case "signout":`
			`session_destroy();`
			`header('Location: index.php');`
			`die("Logged out.");`
			`}`