diff --git a/write.php b/write.php
index e42844e..d04a628 100644
--- a/write.php
+++ b/write.php
<?php
include "connect.php";
include "logged_in.php";
-// Hanki kategoriat
-$sql = "SELECT * FROM kategoriat";
-$result = $conn->query($sql); // Aja komento
-// Jos tuloksia
-$kategoriat = [];
-if ($result->num_rows>0){
- while($row = $result->fetch_assoc()){
- $kategoriat[] = $row;
+
+if ($logged_in) {
+ // Hanki kategoriat
+ $sql = "SELECT * FROM kategoriat";
+ $result = $conn->query($sql); // Aja komento
+ // Jos tuloksia
+ $kategoriat = [];
+ if ($result->num_rows>0){
+ while($row = $result->fetch_assoc()){
+ $kategoriat[] = $row;
+ }
}
-}
-// Upload
-if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- $user_id = $_SESSION["id"];
- $otsikko = $_POST["title"];
- $teksti = $_POST["text"];
- $kat = $_POST["cat"];
- // Random nimi tiedostolle jotta ei tule kollisioita
- $permittedchars = 'abcdefghijklmnopqrstuvwxyz1234567890';
- $random = substr(str_shuffle($permittedchars), 0, 10);
- // Ota tärkeät tiedot tiedostosta
- $filename = $_FILES['file']["name"];
- $tmp = $_FILES['file']["tmp_name"];
- $size = $_FILES['file']["size"];
- $error = $_FILES['file']["error"];
- $filetype = $_FILES['file']["type"];
- // Tarskista tyyppi
- $allowed = array('jpg', 'png', 'tiff', 'jpeg', 'webp');
- $ext = end(explode("/", $filetype));
- if (in_array($ext, $allowed) and $error === 0 and $size < 5000000000) {
- echo "Tiedosto meni läpi...";
- $filenameNew = $random . "." . $ext;
- $upload = "./images/" . $filenameNew;
- move_uploaded_file($tmp, $upload);
- echo "Success!";
- $sql = "INSERT INTO `uutiset` (`id`, `otsikko`, `teksti`, `kuva`, `kategoria_id`, `toimittaja_id`) VALUES (NULL, '$otsikko', '$teksti', '$filenameNew', '$kat', '$user_id'); ";
- $result = $conn->query($sql); // Aja komento
- // Redirect
- header("Location: .#$otsikko");
- die();
+ // Upload
+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+ $user_id = $_SESSION["id"];
+ $otsikko = $_POST["title"];
+ $teksti = $_POST["text"];
+ $kat = $_POST["cat"];
+ // Random nimi tiedostolle jotta ei tule kollisioita
+ $permittedchars = 'abcdefghijklmnopqrstuvwxyz1234567890';
+ $random = substr(str_shuffle($permittedchars), 0, 10);
+ // Ota tärkeät tiedot tiedostosta
+ $filename = $_FILES['file']["name"];
+ $tmp = $_FILES['file']["tmp_name"];
+ $size = $_FILES['file']["size"];
+ $error = $_FILES['file']["error"];
+ $filetype = $_FILES['file']["type"];
+ // Tarskista tyyppi
+ $allowed = array('jpg', 'png', 'tiff', 'jpeg', 'webp');
+ $ext = end(explode("/", $filetype));
+ if (in_array($ext, $allowed) and $error === 0 and $size < 5000000000) {
+ echo "Tiedosto meni läpi...";
+ $filenameNew = $random . "." . $ext;
+ $upload = "./images/" . $filenameNew;
+ move_uploaded_file($tmp, $upload);
+ echo "Success!";
+ $sql = "INSERT INTO `uutiset` (`id`, `otsikko`, `teksti`, `kuva`, `kategoria_id`, `toimittaja_id`) VALUES (NULL, '$otsikko', '$teksti', '$filenameNew', '$kat', '$user_id'); ";
+ $result = $conn->query($sql); // Aja komento
+ // Redirect
+ header("Location: .#$otsikko");
+ die();
+ }
}
}
+else {
+ // Redirect
+ header("Location: .");
+ die();
+}
?>
<form action="" method="POST" enctype="multipart/form-data">
<label for="title">Otsikko</label> <br>
<?php endforeach; ?>
</select>
<br>
+ <span>Käyttäjä: <?php echo $_SESSION["name"] ?></span>
+ <br>
<button type="submit">Lähetä</button>
</form>