*/ $params = $TEMPLATECOMMAND_SOURCE->getParamHash(); $prefix = "plugin_datainput_"; //now, go through all data sets foreach( $TEMPLATECOMMAND_SOURCE->getHtmlRecords() as $rec_num => $record ) { //ok, display only if showonly is not set or showonly matches the record number if( (!isset($params['showonly'])) || ($params['showonly'] == "$rec_num") ) { //data record is only valid if "target" is set if( isset($record['targetpage']) ) { $targetpage = htmlspecialchars(trim($record['targetpage'])); //security check ... evaluate form only when template data set is unchanged // (i.e. committed hidden field is still in the same template data record number) //and check anyway if the user is allowed to edit teh targetpage if( ($_POST["X-".$prefix.$targetpage] == "$rec_num") && (auth_quickaclcheck($targetpage) >= AUTH_EDIT) ) { $newrecord = ''; foreach( $_POST as $postkey => $postvalue ) { // we only need $_POST fields that start with $prefix if( strpos($postkey, $prefix) === 0 ) { $key = substr($postkey, strlen($prefix)); //DEBUG-Code //echo '

' . $key . '

' . $postvalue . '

'; if( strpos(trim($postvalue), "\n") !== false ) { // this is a multilined value, so we need to prepend a linebreak // to achieve a multilined value for the template plugin $postvalue = "\n" . $postvalue; } $newrecord .= " * " . $key . ": " . $postvalue . "\n"; } } $newrecord .= "\n----\n\n"; $oldrecord = rawwiki($targetpage); saveWikiText($targetpage, $newrecord.$oldrecord, "New news article"); msg('Your news article has been saved successfully.'); } else if( isset($_POST["X-".$prefix.$targetpage]) ){ msg('Your news article could not be saved. Try to log in to gain permission to write news articles or politely ask your admin to give you permission.'); } echo '

'; echo ''; //walk through all fields in one data set foreach( $record as $fieldname => $fieldvalue ) { $fieldname = htmlspecialchars(trim($fieldname)); //...but not through certain fields if( $fieldname != 'targetpage' ) { //explode field value by '|' $matches = explode('|', $fieldvalue); //$matches[0] == field type; $matches[1] = default value; $matches[2] == friendly field title; $fieldtype = htmlspecialchars(trim($matches[0])); $fieldtitle = htmlspecialchars($matches[2]); // parse default values if( isset($params['default_'.$fieldname]) ) { $default_value = strtr($params['default_'.$fieldname], "_", " "); } else { $default_value = htmlspecialchars(trim($matches[1])); if( preg_match('/^date$(.*)$/', trim($matches[1]), $dateparam) !== 0 ) { $default_value = date("Y-m-d", strtotime($dateparam[1])); } } // output fields if( fieldtype == 'hidden' ) { echo ''."\n"; } else if( preg_match('/^(\d+)\*(\d+)$/', $fieldtype, $dimensions) > 0 ) { echo '

' . $fieldtitle . '

' . '

'.$default_value.'

'."\n"; } else if( preg_match('/^\d+$/', $fieldtype) == 1 ) { echo '

' . $fieldtitle . '

' . '

'."\n"; } else { //DEBUG-Code //echo '|' . $fieldtype . "|-|" . $fieldtitle . '|'; } } } echo ''; echo '

'; } } } ?>