e59-website/html/upload/index.php

<?php

require("../../include/variables.php");
require("../../include/init.php");

if ($_SESSION['userRole'] < 10) {
    header("Location: /login");
    http_response_code(403);
    die('Vous n\'avez pas la permission de publier des articles.');
}

require("../../include/main-functions.php");
require("../../include/inputs.php");
require("../../include/panels.php");

$pdo = sqlConnect($sqlDatabaseHost, $sqlDatabaseName, $sqlDatabaseUser, $sqlDatabasePass);

if(isset($_POST['article-content']) && isset($_POST['classification'])) {
    $sqlRequest = "SELECT ID FROM articles WHERE ID >= 1 ORDER BY ID DESC LIMIT 1";
    $request = $pdo->prepare($sqlRequest);
    $request->execute();
    $result = $request->fetchAll(PDO::FETCH_ASSOC);

    $articleID = (int)$result[0]['ID'] + 1;

    file_put_contents($rootFilePath . "content/articles/" . $articleID . ".md", nl2br($_POST['article-content']));

    $sqlRequest = "INSERT INTO articles (ID, title, author, resume, classification) VALUES (:articleID, :title, :author, :resume, :classification)";
    $request = $pdo->prepare($sqlRequest);
    $request->bindParam(":articleID", $articleID);
    $request->bindParam(":title", htmlspecialchars($_POST['article-title']));
    $request->bindParam(":author", $_SESSION['userID']);
    $request->bindParam(":resume", htmlspecialchars($_POST['article-resume']));
    $request->bindParam(":classification", $_POST['classification'], PDO::PARAM_INT);
    if($request->execute()) {
        $webhook = "https://discord.com/api/webhooks/1267506225692545024/lbQ2utQVHiE_QxdhmmKzHc9XGnekqc_6G6CF478VER3hDjzDuNvTcGeKw1P-AZ8vLfai";
        $message = "Nouvel Article : https://e59.fr/news?article=" . $articleID;
        $data = [
            'username' => "e59.fr",
            'content' => $message,
        ];
    
        $ch = curl_init($webhook);
        curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($ch, CURLOPT_POST, true);
        curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode($data));
        curl_setopt($ch, CURLOPT_HTTPHEADER, [
            'Content-Type: application/json'
        ]);
    
        $response = curl_exec($ch);
        if ($response === false) {
            throw new Exception('Erreur CURL : ' . curl_error($ch));
        }
    
        $httpStatusCode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
        curl_close($ch);
        header("Location: /news?article=" . $articleID);
    } else {
        $status = "Erreur SQL";
    }
    $request->close();
}

?>

<!DOCTYPE html>
<html lang="fr">

    <head>
        <?php fillHead($rootPageURL, "Rédiger un article - " . $pageName, $darkTheme, $lightTheme);?>
        <style>
            .text-input label {
                width: 0;
            }
            textarea {
                min-width: 80%;
            }
            .article-content-input {
                min-height: 40em;
            }
        </style>
    </head>

    <body class="body">

        <header>
            <div class="panel-content">
                <?php fillHeader($rootPageURL, $headerTitle, $headerSubtitle, $social);?>
            </div>
        </header>

        <nav>
            <div class="panel-content">
                <?php fillNav($rootPageURL);?>
            </div>
        </nav>

        <main>
            <div class="content">
                <form action="#" method="post">
                    <div>
                        <div><h1>Rédiger un article</h1></div>
                        <div  class="status"><?=$status?></div>
                        <?php textInput("text", "", "article-title", "Titre de l'article", "")?>
                        <div><textarea name="article-resume" placeholder="Résumé de l'article (200 cacactères) ..." class="article-resume-input" maxlength="200"></textarea></div>
                        <div><textarea name="article-content" placeholder="Contenu de l'article (MarkDown) ..." class="article-content-input"></textarea></div>
                        <?php 
                            $sqlRequest = "SELECT ID, name FROM confidential_levels";
                            $request = $pdo->prepare($sqlRequest);
                            $request->execute();
                            $confidentialLevels = array();
                            foreach($request->fetchAll(PDO::FETCH_ASSOC) as $confidentialLevel) {
                                $confidentialLevels[$confidentialLevel['ID']] = $confidentialLevel['name'];
                            }
                            selectInput("classification", "Classification", $confidentialLevels, 0);
                        ?>
                        <div><button type="submit">Publier</button></div>
                    </div>
                </form>
            </div>
        </main>
        <footer>
            <div class="panel-content">
                <?php fillFooter($footerText);?>
            </div>
        </footer>
    </body>
</html>