misuzu/public/manage/news/post.php

<?php
require_once '../../../misuzu.php';

if(!perms_check_user(MSZ_PERMS_NEWS, user_session_current('user_id'), MSZ_PERM_NEWS_MANAGE_POSTS)) {
    echo render_error(403);
    return;
}

$post = [];
$postId = (int)($_GET['p'] ?? null);
$categories = news_categories_get(0, 0, false, false, true);

if(!empty($_POST['post']) && csrf_verify_request()) {
    $originalPostId = (int)($_POST['post']['id'] ?? null);
    $currentUserId = user_session_current('user_id');
    $title = $_POST['post']['title'] ?? null;
    $isFeatured = !empty($_POST['post']['featured']);
    $postId = news_post_create(
        $title,
        $_POST['post']['text'] ?? null,
        (int)($_POST['post']['category'] ?? null),
        user_session_current('user_id'),
        $isFeatured,
        null,
        $originalPostId
    );

    audit_log(
        $originalPostId === $postId
            ? MSZ_AUDIT_NEWS_POST_EDIT
            : MSZ_AUDIT_NEWS_POST_CREATE,
        $currentUserId,
        [$postId]
    );

    if(!$originalPostId && $isFeatured) {
        $twitterApiKey = config_get('twitter.api.key', MSZ_CFG_STR);
        $twitterApiSecret = config_get('twitter.api.secret', MSZ_CFG_STR);
        $twitterToken = config_get('twitter.token.key', MSZ_CFG_STR);
        $twitterTokenSecret = config_get('twitter.token.secret', MSZ_CFG_STR);

        if(!empty($twitterApiKey) && !empty($twitterApiSecret)
            && !empty($twitterToken) && !empty($twitterTokenSecret)) {
            twitter_init($twitterApiKey, $twitterApiSecret, $twitterToken, $twitterTokenSecret);
            $url = url('news-post', ['post' => $postId]);
            twitter_tweet_post("News :: {$title}\nhttps://{$_SERVER['HTTP_HOST']}{$url}");
        }
    }
}

if($postId > 0) {
    $post = news_post_get($postId);
}

echo tpl_render('manage.news.post', compact('post', 'categories'));
Manage is now less of mess! 2019-06-09 22:10:59 +00:00			`<?php`
			`require_once '../../../misuzu.php';`

			`if(!perms_check_user(MSZ_PERMS_NEWS, user_session_current('user_id'), MSZ_PERM_NEWS_MANAGE_POSTS)) {`
			`echo render_error(403);`
			`return;`
			`}`

			`$post = [];`
			`$postId = (int)($_GET['p'] ?? null);`
			`$categories = news_categories_get(0, 0, false, false, true);`

Made the CSRF system less complicated. 2019-06-10 15:21:53 +00:00			`if(!empty($_POST['post']) && csrf_verify_request()) {`
Manage is now less of mess! 2019-06-09 22:10:59 +00:00			`$originalPostId = (int)($_POST['post']['id'] ?? null);`
			`$currentUserId = user_session_current('user_id');`
			`$title = $_POST['post']['title'] ?? null;`
			`$isFeatured = !empty($_POST['post']['featured']);`
			`$postId = news_post_create(`
			`$title,`
			`$_POST['post']['text'] ?? null,`
			`(int)($_POST['post']['category'] ?? null),`
			`user_session_current('user_id'),`
			`$isFeatured,`
			`null,`
			`$originalPostId`
			`);`

			`audit_log(`
			`$originalPostId === $postId`
			`? MSZ_AUDIT_NEWS_POST_EDIT`
			`: MSZ_AUDIT_NEWS_POST_CREATE,`
			`$currentUserId,`
			`[$postId]`
			`);`

			`if(!$originalPostId && $isFeatured) {`
Moved all config except database creds into the database. 2019-08-14 19:40:36 +00:00			`$twitterApiKey = config_get('twitter.api.key', MSZ_CFG_STR);`
			`$twitterApiSecret = config_get('twitter.api.secret', MSZ_CFG_STR);`
			`$twitterToken = config_get('twitter.token.key', MSZ_CFG_STR);`
			`$twitterTokenSecret = config_get('twitter.token.secret', MSZ_CFG_STR);`
Manage is now less of mess! 2019-06-09 22:10:59 +00:00
			`if(!empty($twitterApiKey) && !empty($twitterApiSecret)`
			`&& !empty($twitterToken) && !empty($twitterTokenSecret)) {`
			`twitter_init($twitterApiKey, $twitterApiSecret, $twitterToken, $twitterTokenSecret);`
			`$url = url('news-post', ['post' => $postId]);`
			`twitter_tweet_post("News :: {$title}\nhttps://{$_SERVER['HTTP_HOST']}{$url}");`
			`}`
			`}`
			`}`

			`if($postId > 0) {`
			`$post = news_post_get($postId);`
			`}`

			`echo tpl_render('manage.news.post', compact('post', 'categories'));`