-
Notifications
You must be signed in to change notification settings - Fork 9
/
edit_submit.php
executable file
·117 lines (99 loc) · 3.8 KB
/
edit_submit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
<?php
/*
* edit_submit.php: script called upon submission of modifications
* PHP version 5
*
* LICENSE: This source file is subject to version 3.01 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license/3_01.txt. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to [email protected] so we can mail you a copy immediately.
*
* @category event editing
* @author CSC-325 Database and Web Application Fall 2010 Class
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* @version 3.0
*/
session_start();
require_once 'global.php';
$userID = ($_SESSION['userID'] != '') ? $_SESSION['userID'] : 2;
// set table name
$eventID = $_REQUEST["eventID"];
$eventID = htmlspecialchars($eventID);
// get variables from form page
foreach($_POST as $field_name => $value) $$field_name = addslashes($value);
//check required fields
if((strlen($event_name) == 0) || (strlen($start_date) == 0)
|| (strlen($end_date) == 0) || (strlen($location) == 0)
|| (strlen($start_time) == 0) || (strlen($end_time) == 0)
|| (strlen($category) == 0)) {
header('Location: '.ed(false).'edit.php?s=f&eventID='.$eventID);
exit();
}
// process start and end times
$start_temp = explode(' ',
date('Y-m-d H:i:s',
strtotime($start_date . " ". $start_time)));
$end_temp = explode(' ',
date('Y-m-d H:i:s',
strtotime($end_date . " " . $end_time)));
$right_now = date('Y-m-d H:i:s');
$start_date = $start_temp[0];
$start_time = $start_temp[1];
$end_date = $end_temp[0];
$end_time = $end_temp[1];
$start = $start_date.' '.$start_time;
$end = $end_date.' '.$end_time;
if(($end < $right_now) || ($end < $start)) {
header('Location: '.ed(false).'edit.php?time=f&s=t&eventID='.$eventID);
exit();
}
// sanitize description box
$description = htmlspecialchars($description);
// parse tags
$tags = explode(',',$tags);
$tags = array_map('trim',$tags);
// process publicity
if ($public == "yes") $publicity = 1;
else $publicity = 0;
// Category and Location table query
if ($location == 'other') $location = $location_other;
$query = 'INSERT INTO locations (locationName)
VALUES ("'.$location.'")
ON DUPLICATE KEY
UPDATE requestCount = requestCount';
mysql_query($query);
$locationID = mysql_insert_id();
if ($category == 'other') $category = $category_other;
$query = 'INSERT INTO categories (categoryName)
VALUES ("'.$category.'")
ON DUPLICATE KEY
UPDATE requestCount = requestCount';
mysql_query($query);
$categoryID = mysql_insert_id();
// Events table query
$event_query = "UPDATE events";
$event_query .= " SET
locationID=$locationID,
categoryID=$categoryID,
startDate='$start_date', startTime='$start_time',
endDate='$end_date', endTime='$end_time',
start='$start', end='$end',
public=$publicity,
description='$description',
eventName='$event_name' ";
$event_query .= " WHERE eventID='$eventID';";
$event_result = mysql_query($event_query);
// Tags table query
$tags_clean_query = 'DELETE FROM tags WHERE eventID='.$eventID;
$tag_clean_result = mysql_query($tags_clean_query);
if (count($tags) == 1 && ($tags[0] == '' || $tags[0] == ' ')) {
} else {
foreach ($tags as $tag) {
$tags_query = 'INSERT INTO tags (tag,eventID)
VALUES ("'.$tag.'",'.$eventID.')';
$tag_result = mysql_query($tags_query);
}
}
header('Location: '.ed(false).'detailView.php?eventID='.$eventID);
?>