File: /home/httpd/html/baretube.com/controllers/control.editContent.php
<?php
if(!$_SESSION['userid']) {
header("Location: $basehttp");
exit();
}
if (!is_numeric($_REQUEST[id])) {
exit(_t("Invalid ID"));
}
$id = (int) $_REQUEST[id];
$result = dbQuery("SELECT * FROM content WHERE record_num = '$id' AND submitter = '$_SESSION[userid]'",false);
if (count($result) < 1) {
setMessage(_t("We're sorry, this video doesn't exist or doesn't belong to you."),"error");
} else {
if ($_POST) {
if (count($_POST[niche]) < 7) {
$_POST = mysql_real_escape_array($_POST);
foreach ($_POST as $k => $v) {
if ($k != 'niche') {
$_POST[$k] = htmlentities($v);
}
}
if($_POST['access_level'] == 1) { $access = 1; } else { $access = 0; }
dbQuery("UPDATE content SET title = '$_POST[title]', description = '$_POST[description]', keywords = '$_POST[keywords]', access_level = '$access' WHERE record_num = '$id'");
$success = true;
dbQuery("DELETE FROM content_niches WHERE content = '$_REQUEST[id]'");
if (is_array($_POST[niche])) {
foreach ($_POST[niche] as $i) {
if (is_numeric($i)) {
dbQuery("INSERT INTO content_niches (content,niche) VALUES ('$id','$i')");
}
}
}
$msg = _t('Your changes have been saved.') . " <strong><a href='$basehttp/my-uploads/'>" . _t("Back To My Uploads") . "</a>.</strong>";
setMessage($msg,"success");
} else {
$msg = "<strong>" . _t("You can choose a maximum of 6 categories") . "</strong>";
setMessage($msg,"error");
}
}
$result = dbQuery("SELECT * FROM content WHERE record_num = '$id' AND submitter = '$_SESSION[userid]'",false);
$row = $result[0];
$_meta['title'] = $row['title'];
$_meta['meta_description'] = "Edit Content: ".$row['description'];
$_meta['meta_keywords'] = "Edit Content: ".$row['keywords'];
}
$_template_header = 'overall_header';
$_template_content = 'editContent';
$_template_footer = 'overall_footer';
?>