Gruppo Ludico

<?

$params = $TEMPLATECOMMAND_SOURCE→getParamHash(); $prefix = “plugin_datainput_”;

now, go through all data sets foreach( $TEMPLATECOMMAND_SOURCE→getHtmlRecords() as $rec_num ⇒ $record ) { ok, display only if showonly is not set or showonly matches the record number

if( (!isset($params['showonly'])) || ($params['showonly'] == "$rec_num") ) {
  //data record is only valid if "target" is set
  if( isset($record['targetpage']) ) {

$targetpage = htmlspecialchars(trim($record['targetpage']));

    //security check ... evaluate form only when template data set is unchanged 
    //  (i.e. committed hidden field is still in the same template data record number)
    //and check anyway if the user is allowed to edit teh targetpage
    if( ($_POST["X-".$prefix.$targetpage] == "$rec_num") && (auth_quickaclcheck($targetpage) >= AUTH_EDIT) ) {
      $newrecord = '';
      foreach( $_POST as $postkey => $postvalue ) {
        // we only need $_POST fields that start with $prefix
        if( strpos($postkey, $prefix) === 0 ) {
          $key = substr($postkey, strlen($prefix));
          //DEBUG-Code
          //echo '<p>' . $key . '</p><p>' . $postvalue . '</p><p>';

if( strpos(trim($postvalue), “\n”) !== false ) {

            // this is a multilined value, so we need to prepend a linebreak
            // to achieve a multilined value for the template plugin
            $postvalue = "\n" . $postvalue;
          }
          $newrecord .= "  * " . $key . ": " . $postvalue . "\n";
        }
      }
      $newrecord .= "\n----\n\n";
      $oldrecord = rawwiki($targetpage);

saveWikiText($targetpage, $newrecord.$oldrecord, “New news article”);

msg('Your news article has been saved successfully.');

    } else if( isset($_POST["X-".$prefix.$targetpage]) ){
      msg('Your news article could not be saved. Try to log in to gain permission to write news articles or politely ask your admin to give you permission.');
    }

echo '<form id=“'.$prefix.$targetpage.'” method=“POST” action=“'.$_SERVER['REQUEST_URI'].'”>';

    echo '<input type="hidden" name="X-'.$prefix.$targetpage.'" value="'.$rec_num.'">';
    //walk through all fields in one data set
    foreach( $record as $fieldname => $fieldvalue ) {
      $fieldname = htmlspecialchars(trim($fieldname));
      //...but not through certain fields
      if( $fieldname != 'targetpage' ) {

explode field value by '|' $matches = explode('|', $fieldvalue); $matches[0] == field type; $matches[1] = default value; $matches[2] == friendly field title;

        $fieldtype = htmlspecialchars(trim($matches[0]));
        $fieldtitle = htmlspecialchars($matches[2]);

parse default values if( isset($params['default_'.$fieldname]) ) { $default_value = strtr($params['default_'.$fieldname], “_”, “ ”); } else { $default_value = htmlspecialchars(trim($matches[1])); if( preg_match('/^date\¹⁾

¹⁾
.*)\)/', trim($matches[1]), $dateparam) !== 0 ) {
$default_value = date("Y-m-d", strtotime($dateparam[1])); }

}

// output fields if( fieldtype == 'hidden' ) { echo '<input type="hidden" name="'.$prefix.$fieldname.'" value="'.fieldtitle.'">'."\n"; } else if( preg_match('/^(\d+)\*(\d+)$/', $fieldtype, $dimensions) > 0 ) { echo '<p>' . $fieldtitle . '</p>' . '<p><textarea name="'.$prefix.$fieldname.'" cols="'.$dimensions[1].'" rows="'.$dimensions[2].'">'.$default_value.'</textarea></p>'."\n"; } else if( preg_match('/^\d+$/', $fieldtype) == 1 ) { echo '<p>' . $fieldtitle . '</p>' . '<p><input type="text" name="'.$prefix.$fieldname.'" size="'.$fieldtype.'" value="'.$default_value.'" /></p>'."\n"; } else { //DEBUG-Code //echo '|' . $fieldtype . "|-|" . $fieldtitle . '|'; }

} } echo '<input type="submit" value="Submit!">'; echo '</form>';

} }
} ?>