diff options
Diffstat (limited to 'includes/admin/views')
-rw-r--r-- | includes/admin/views/_edit_concert_form.php | 78 | ||||
-rw-r--r-- | includes/admin/views/giglog_admin_page.php | 52 |
2 files changed, 73 insertions, 57 deletions
diff --git a/includes/admin/views/_edit_concert_form.php b/includes/admin/views/_edit_concert_form.php index c7675f0..b839edd 100644 --- a/includes/admin/views/_edit_concert_form.php +++ b/includes/admin/views/_edit_concert_form.php @@ -42,23 +42,35 @@ if (!class_exists("GiglogAdmin_EditConcertForm")) $cid = filter_input(INPUT_POST, "cid"); $editing = filter_input(INPUT_POST, "edit") == "EDIT"; - if ($editing && !empty($cid)) //A bit overdoing with the checks if concert ID is empty both here and in find_cid. But based on that, things are NULL or not. Better ideas? + if ($editing && !empty($cid)) { $c = GiglogAdmin_Concert::get($cid); - else + if ( !$c ) { + wp_die("Invalid request!", 400); + } + } + else { $c = new GiglogAdmin_Concert((object)[]); + } $content='<div class="concertform">'; $content.='<form method="POST" action="" class="concert" >' .'<div class="concertitems"><strong>CONCERT DETAILS</strong><br><br><fieldset>' - . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_edit_concert_nonce' ) - .'<input type="hidden" name="pid" value="' .$c->id(). '" />' - .'<label for="cname">Concert Name:</label><textarea id="cname" name="cname" value="'.$c->cname().'">'.$c->cname().'</textarea><br>' + . wp_nonce_field( 'edit-concert', 'nonce' ) + .'<input type="hidden" name="pid" value="' . esc_attr($c->id()) . '" />' + .'<label for="cname">Concert Name:</label>' + .'<textarea id="cname" name="cname" value="'. esc_attr($c->cname()) . '">' + . esc_textarea($c->cname()) + .'</textarea><br>' .'<label for="venue">Venue:</label>' . $this->get_venue_selector($c->venue()) . '<br>' //date has to be formatted else it is not red in the date field of html form - .'<label for="cdate">Date:</label><input type="date" id="cdate" name="cdate" value="'.date('Y-m-d',strtotime($c->cdate())).'"><br>' - .'<label for="ticket">Tickets:</label><input type="text" id="ticket" name="ticket" value="'.$c->tickets().'"><br>' - .'<label for="eventurl">Event link:</label><input type="text" id="eventurl" name="eventurl" value="'.$c->eventlink().'"><br>' + .'<label for="cdate">Date:</label>' + .'<input type="date" id="cdate" name="cdate" value="'. esc_attr(date('Y-m-d',strtotime($c->cdate()))) .'"><br>' + .'<label for="ticket">Tickets:</label>' + .'<input type="text" id="ticket" name="ticket" value="'. esc_url($c->tickets()) .'"><br>' + .'<label for="eventurl">Event link:</label>' + .'<input type="text" id="eventurl" name="eventurl" value="'. esc_url($c->eventlink()) .'"><br>' .'</fieldset>'; + // actions differ if we update or create a concert, hence two buttons needed if ($editing) $content.='<p><input type="submit" name="editconcert" value="Edit Concert"></p>'; @@ -77,5 +89,55 @@ if (!class_exists("GiglogAdmin_EditConcertForm")) return $content; } + + static function update() : void + { + if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'edit-concert')) { + wp_die('CSRF validation failed.', 403); + } + + if (isset($_POST['newconcert'])) { + if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) { + echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>'; + } + else { + if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) { + echo '<script language="javascript">alert("Yey, concert created"); </script>'; + } + else { + echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>'; + } + } + } + + if (isset($_POST['editconcert'])) + { + $roles = array_reduce( + ['photo1', 'photo1', 'rev1', 'rev2'], + function($roles, $r) { + if (isset($_POST[$r])) { + $roles[$r] = sanitize_user($_POST[$r]); + } + return $roles; + }, + [] + ); + + $attributes = [ + 'wpgconcert_name' => sanitize_text_field($_POST['cname']), + 'venue' => intval($_POST['selectvenueadmin']), + 'wpgconcert_date' => sanitize_text_field($_POST['cdate']), + 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']), + 'wpgconcert_event' => esc_url_raw($_POST['eventurl']), + 'wpgconcert_roles' => $roles, + ]; + + $concert = GiglogAdmin_Concert::get(intval($_POST['pid'])); + if ($concert && $concert->update((object) $attributes)) { + // let user know the concert was updated. + // Look into admin_notices + } + } + } } } diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php index 6ce3cc8..a2682a1 100644 --- a/includes/admin/views/giglog_admin_page.php +++ b/includes/admin/views/giglog_admin_page.php @@ -77,57 +77,11 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) { return; } - if (isset($_POST['newconcert'])) { - if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) { - echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>'; - } - else { - if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) { - echo '<script language="javascript">alert("Yey, concert created"); </script>'; - } - else { - echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>'; - } - } - } - - if (isset($_POST['editconcert'])) - { - if (!isset($_POST['giglog_edit_concert_nonce']) - || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ ))) - { - header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden"); - wp_die('CSRF validation failed.', 403); - } - - $roles = array_reduce( - ['photo1', 'photo1', 'rev1', 'rev2'], - function($roles, $r) { - if (isset($_POST[$r])) { - $roles[$r] = sanitize_user($_POST[$r]); - } - return $roles; - }, - [] - ); - - $attributes = [ - 'wpgconcert_name' => sanitize_text_field($_POST['cname']), - 'venue' => intval($_POST['selectvenueadmin']), - 'wpgconcert_date' => sanitize_text_field($_POST['cdate']), - 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']), - 'wpgconcert_event' => esc_url_raw($_POST['eventurl']), - 'wpgconcert_roles' => $roles, - ]; - - $concert = GiglogAdmin_Concert::get(intval($_POST['pid'])); - if ($concert && $concert->update((object) $attributes)) { - // let user know the concert was updated. - // Look into admin_notices - } + if (isset($_POST['newconcert']) || isset($_POST['editconcert'])) { + GiglogAdmin_EditConcertForm::update(); + return; } - if(isset($_POST['newvenue'])) { if (!isset($_POST['giglog_new_venue_nonce']) |