summaryrefslogtreecommitdiffstats
path: root/includes/admin/views
diff options
context:
space:
mode:
Diffstat (limited to 'includes/admin/views')
-rw-r--r--includes/admin/views/_edit_concert_form.php78
-rw-r--r--includes/admin/views/giglog_admin_page.php52
2 files changed, 73 insertions, 57 deletions
diff --git a/includes/admin/views/_edit_concert_form.php b/includes/admin/views/_edit_concert_form.php
index c7675f0..b839edd 100644
--- a/includes/admin/views/_edit_concert_form.php
+++ b/includes/admin/views/_edit_concert_form.php
@@ -42,23 +42,35 @@ if (!class_exists("GiglogAdmin_EditConcertForm"))
$cid = filter_input(INPUT_POST, "cid");
$editing = filter_input(INPUT_POST, "edit") == "EDIT";
- if ($editing && !empty($cid)) //A bit overdoing with the checks if concert ID is empty both here and in find_cid. But based on that, things are NULL or not. Better ideas?
+ if ($editing && !empty($cid)) {
$c = GiglogAdmin_Concert::get($cid);
- else
+ if ( !$c ) {
+ wp_die("Invalid request!", 400);
+ }
+ }
+ else {
$c = new GiglogAdmin_Concert((object)[]);
+ }
$content='<div class="concertform">';
$content.='<form method="POST" action="" class="concert" >'
.'<div class="concertitems"><strong>CONCERT DETAILS</strong><br><br><fieldset>'
- . wp_nonce_field( plugin_basename( __FILE__ ), 'giglog_edit_concert_nonce' )
- .'<input type="hidden" name="pid" value="' .$c->id(). '" />'
- .'<label for="cname">Concert Name:</label><textarea id="cname" name="cname" value="'.$c->cname().'">'.$c->cname().'</textarea><br>'
+ . wp_nonce_field( 'edit-concert', 'nonce' )
+ .'<input type="hidden" name="pid" value="' . esc_attr($c->id()) . '" />'
+ .'<label for="cname">Concert Name:</label>'
+ .'<textarea id="cname" name="cname" value="'. esc_attr($c->cname()) . '">'
+ . esc_textarea($c->cname())
+ .'</textarea><br>'
.'<label for="venue">Venue:</label>' . $this->get_venue_selector($c->venue()) . '<br>'
//date has to be formatted else it is not red in the date field of html form
- .'<label for="cdate">Date:</label><input type="date" id="cdate" name="cdate" value="'.date('Y-m-d',strtotime($c->cdate())).'"><br>'
- .'<label for="ticket">Tickets:</label><input type="text" id="ticket" name="ticket" value="'.$c->tickets().'"><br>'
- .'<label for="eventurl">Event link:</label><input type="text" id="eventurl" name="eventurl" value="'.$c->eventlink().'"><br>'
+ .'<label for="cdate">Date:</label>'
+ .'<input type="date" id="cdate" name="cdate" value="'. esc_attr(date('Y-m-d',strtotime($c->cdate()))) .'"><br>'
+ .'<label for="ticket">Tickets:</label>'
+ .'<input type="text" id="ticket" name="ticket" value="'. esc_url($c->tickets()) .'"><br>'
+ .'<label for="eventurl">Event link:</label>'
+ .'<input type="text" id="eventurl" name="eventurl" value="'. esc_url($c->eventlink()) .'"><br>'
.'</fieldset>';
+
// actions differ if we update or create a concert, hence two buttons needed
if ($editing)
$content.='<p><input type="submit" name="editconcert" value="Edit Concert"></p>';
@@ -77,5 +89,55 @@ if (!class_exists("GiglogAdmin_EditConcertForm"))
return $content;
}
+
+ static function update() : void
+ {
+ if (!isset($_POST['nonce']) || !wp_verify_nonce($_POST['nonce'], 'edit-concert')) {
+ wp_die('CSRF validation failed.', 403);
+ }
+
+ if (isset($_POST['newconcert'])) {
+ if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) {
+ echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>';
+ }
+ else {
+ if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) {
+ echo '<script language="javascript">alert("Yey, concert created"); </script>';
+ }
+ else {
+ echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>';
+ }
+ }
+ }
+
+ if (isset($_POST['editconcert']))
+ {
+ $roles = array_reduce(
+ ['photo1', 'photo1', 'rev1', 'rev2'],
+ function($roles, $r) {
+ if (isset($_POST[$r])) {
+ $roles[$r] = sanitize_user($_POST[$r]);
+ }
+ return $roles;
+ },
+ []
+ );
+
+ $attributes = [
+ 'wpgconcert_name' => sanitize_text_field($_POST['cname']),
+ 'venue' => intval($_POST['selectvenueadmin']),
+ 'wpgconcert_date' => sanitize_text_field($_POST['cdate']),
+ 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']),
+ 'wpgconcert_event' => esc_url_raw($_POST['eventurl']),
+ 'wpgconcert_roles' => $roles,
+ ];
+
+ $concert = GiglogAdmin_Concert::get(intval($_POST['pid']));
+ if ($concert && $concert->update((object) $attributes)) {
+ // let user know the concert was updated.
+ // Look into admin_notices
+ }
+ }
+ }
}
}
diff --git a/includes/admin/views/giglog_admin_page.php b/includes/admin/views/giglog_admin_page.php
index 6ce3cc8..a2682a1 100644
--- a/includes/admin/views/giglog_admin_page.php
+++ b/includes/admin/views/giglog_admin_page.php
@@ -77,57 +77,11 @@ if ( !class_exists( 'GiglogAdmin_AdminPage' ) ) {
return;
}
- if (isset($_POST['newconcert'])) {
- if (empty($_POST['cname']) || empty($_POST['selectvenueadmin']) || empty($_POST['cdate']) || empty($_POST['ticket']) || empty($_POST['eventurl'])) {
- echo '<script language="javascript">alert("You are missing a value, concert was not created"); </script>';
- }
- else {
- if (GiglogAdmin_Concert::create($_POST['cname'], $_POST['selectvenueadmin'], $_POST['cdate'], $_POST['ticket'], $_POST['eventurl'])) {
- echo '<script language="javascript">alert("Yey, concert created"); </script>';
- }
- else {
- echo '<script language="javascript">alert("Nay, concert was duplicated"); </script>';
- }
- }
- }
-
- if (isset($_POST['editconcert']))
- {
- if (!isset($_POST['giglog_edit_concert_nonce'])
- || wp_verify_nonce($_POST['giglog_edit_concert_nonce'], plugin_basename( __FILE__ )))
- {
- header("{$_SERVER['SERVER_PROTOCOL']} 403 Forbidden");
- wp_die('CSRF validation failed.', 403);
- }
-
- $roles = array_reduce(
- ['photo1', 'photo1', 'rev1', 'rev2'],
- function($roles, $r) {
- if (isset($_POST[$r])) {
- $roles[$r] = sanitize_user($_POST[$r]);
- }
- return $roles;
- },
- []
- );
-
- $attributes = [
- 'wpgconcert_name' => sanitize_text_field($_POST['cname']),
- 'venue' => intval($_POST['selectvenueadmin']),
- 'wpgconcert_date' => sanitize_text_field($_POST['cdate']),
- 'wpgconcert_ticket' => esc_url_raw($_POST['ticket']),
- 'wpgconcert_event' => esc_url_raw($_POST['eventurl']),
- 'wpgconcert_roles' => $roles,
- ];
-
- $concert = GiglogAdmin_Concert::get(intval($_POST['pid']));
- if ($concert && $concert->update((object) $attributes)) {
- // let user know the concert was updated.
- // Look into admin_notices
- }
+ if (isset($_POST['newconcert']) || isset($_POST['editconcert'])) {
+ GiglogAdmin_EditConcertForm::update();
+ return;
}
-
if(isset($_POST['newvenue']))
{
if (!isset($_POST['giglog_new_venue_nonce'])