<?php
/**
* api: freshcode
* type: page
* title: Submit/edit project or release
* description: Single-page edit form for projects and their releases
* version: 0.7.3
* category: form
* license: AGPLv3
*
* Prepares the submission form. On POST checks a few constraints,
* but UPDATE itself is handled by release::update() and ::store().
*
* Tags: http://aehlke.github.io/tag-it/
*
*/
// Form field names
$form_fields = array(
"name", "title", "homepage", "description", "license", "tags", "image",
"version", "state", "scope", "changes", "download", "urls", "summary",
"autoupdate_module", "autoupdate_url", "autoupdate_regex",
"submitter", "lock",
);
// Get project ID from request
$name = $_REQUEST->proj_name->length…2…33["name"];
// Retrieve existing project data in DB.
$data = release::latest($name);
$is_new = empty($data);
// Else create empty form value defaults in $data
if ($is_new) {
$data = array_fill_keys($form_fields, "");
$data["name"] = $name;
$data["submitter"] = $_SESSION["name"];
// Optional: import initial $data from elsewhere
if ($_POST->has("import_via")) {
$data = array_merge($data, project_import::fetch());
}
}
// Project entry can be locked for editing by specific OpenIDs.
if (!release::permission($data, $_SESSION["openid"], $_SESSION["password"])) {
$error = "This entry cannot be edited with your current <a href='/login'>login</a>. Matches neither password nor OpenID handle. If your OpenID provider login fails to work, please flag for for moderator attention.";
exit(include("page_error.php"));
}
// Start page output
include("template/header.php");
include("template/table_main.php");
/**
* Fetch form input on submit.
* Check some constraints.
* Then insert into database.
*
*/
if ($name and $_REQUEST->has("title", "description")) {
// Check field lengths
if (!$_REQUEST->multi->serialize->length…150…150->strlen["title,description,homepage,changes"]) {
print("<h3>Submission too short</h3> <p>You didn't fill out crucial information. Please note that our user base expects an enticing set of data points to find your project.</p>");
log_spam($_REQUEST, "too short");
}
// Terms and conditions
elseif (array_sum($_REQUEST->array->int->range…0…1["req"]) < 2) {
print "<h3>Terms and Conditions</h3> <p>Please go back and assert that your open source project listing is reusable under the CC-BY-SA license.</p>";
}
// Simple CSRF check
elseif (!csrf(TRUE)) {
print "<h3>CSRF token invalid</h3> <p>This is likely a session timeout (1 hour), etc. Please retry or login again.</p>";
log_spam($_REQUEST, "csrf");
}
// Passed
else {
// Merge new data
$release = new release($data);
$release->update(
$_REQUEST,
array(
"flag" => 0, // User flags presumably become obsolete when project gets manually edited
"submitter_openid" => $_SESSION["openid"],
"via" => "form",
)
);
// A few blacklists
if (data_blacklisted($release)) {
print "<h2>Error #52</h2> <p>An unspecified issue with storing your data. Please drop a note if you're not a spambot!</p>";
log_spam($_REQUEST, "data_blacklisted");
}
// Update project
elseif ($release->store()) {
print "<h2>Submitted</h2> <p>Project and release information have been updated. Thanks for your care!</p>
<p>See the published entry on <a href=\"http://freshcode.club/projects/$name\">http://freshcode.club/projects/$name</a>.</p>";
}
else {
print "Unspecified database error. Please retry later.";
}
}
}
#-- Output input form with current $data
else {
$data = array_map("input::html", $data);
include("template/submit_form.php");
}
include("template/submit_sidebar.php");
include("template/table_end.php");
include("template/bottom.php");
?>