/** * Submit form contents for an event edit to the DB */ function events_edit_submit() { global $ssc_database; $id = (int) $_POST['id']; if ($id == 0) { $result = $ssc_database->query("INSERT INTO #__events (title, description, uri, flags, date) VALUES ('%s', '%s', '%s', %d, '%s')", $_POST['name'], $_POST['desc'], $_POST['uri'], isset($_POST['link']) && $_POST['link'] == '1' ? 1 : 0, date("Y-m-d", strtotime(ssc_parse_date($_POST['date'])))); $id = $ssc_database->last_id(); } else { $result = $ssc_database->query("UPDATE #__events SET title = '%s', description = '%s', uri = '%s', flags = %d, date = '%s' WHERE id = %d LIMIT 1", $_POST['name'], $_POST['desc'], $_POST['uri'], isset($_POST['link']) && $_POST['link'] == '1' ? 1 : 0, date("Y-m-d", strtotime(ssc_parse_date($_POST['date']))), $id); } if ($result) { ssc_add_message(SSC_MSG_INFO, t('Event saved successfully')); } else { ssc_add_message(SSC_MSG_CRIT, t('Event was unable to be saved - ' . $ssc_database->error())); return; } if ((int) $_POST['id'] == 0) { ssc_redirect('/admin/events/edit/' . $id); } }
function sailing_series_submit() { global $ssc_database; // Get id number $id = (int) $_POST['id']; // Bitflags $flags = 0; if (isset($_POST['class']) && (int) $_POST['class'] == 1) { $flags |= SSC_SAILING_CLASS; } if (isset($_POST['club']) && (int) $_POST['club'] == 1) { $flags |= SSC_SAILING_CLUB; } if (isset($_POST['div']) && (int) $_POST['div'] == 1) { $flags |= SSC_SAILING_PREFIX; } if ($id == 0) { // Inserting fresh $result = $ssc_database->query("INSERT INTO #__handler (path, handler) VALUES ('%s', %d)", $_POST['url'], module_id('sailing')); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into db'); return false; } $id = $ssc_database->last_id(); $result = $ssc_database->query("INSERT INTO #__sailing_series (id, name, description, updated, flags, heats) VALUES (%d, '%s', '%s', 0, %d, '')", $id, $_POST['name'], $_POST['desc'], $flags); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into db'); return false; } } else { // Update existing $ssc_database->query("UPDATE #__handler SET path = '%s' WHERE id = %d LIMIT 1", $_POST['url'], $id); $ssc_database->query("UPDATE #__sailing_series SET name = '%s', description = '%s', flags = %d WHERE id = %d LIMIT 1", $_POST['name'], $_POST['desc'], $flags, $id); } if (isset($_FILES['update']['name'])) { switch ($_FILES['update']['error']) { case UPLOAD_ERR_OK: if (!_ssc_sailing_parse_csv($id)) { ssc_add_message(SSC_MSG_CRIT, t('Unable to update race results')); } else { ssc_add_message(SSC_MSG_INFO, t('Regatta details and heats updated successfully')); } unlink($_FILES['update']['tmp_name']); break; case UPLOAD_ERR_NO_FILE: // No file, but other details should be saved ssc_add_message(SSC_MSG_INFO, t("Regatta details updated successfully")); break; default: ssc_add_message(SSC_MSG_ERROR, t('Unknown file upload error: !num', array('!num' => $_FILES['update']['error']))); break; } } if ((int) $_POST['id'] == 0) { ssc_redirect('/admin/sailing/edit/' . $id); } }
/** * Profile edit saving */ function login_profile_submit() { global $ssc_database, $ssc_user; $admin = $_GET['path'] == '/admin' && login_check_auth("login"); if (!empty($_POST['n2'])) { $hash = new PasswordHash(8, true); $pass = $hash->HashPassword($_POST['n2']); } else { $pass = null; } // Ready to submit if ($_POST['uid'] <= 0 && $admin) { // New user $result = $ssc_database->query("INSERT INTO #__user SET\n\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\tgid = %d, password = '******', created = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, time()); if (!$result) { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); return; } $id = $ssc_database->last_id(); ssc_add_message(SSC_MSG_INFO, t('User details saved')); ssc_redirect("/admin/login/edit/{$id}"); } else { // Update existing if ($admin) { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d, password = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $pass, $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tgid = %d WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $_POST['grp'], $_POST['uid']); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } else { if ($pass) { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s',\n\t\t\t\tpassword = '******' WHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $pass, $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } else { $result = $ssc_database->query("UPDATE #__user SET\n\t\t\t\tusername = '******', fullname = '%s', displayname = '%s', email = '%s'\n\t\t\t\tWHERE id = %d", $_POST['user'], $_POST['full'], $_POST['disp'], $_POST['email'], $ssc_user->id); if ($result) { ssc_add_message(SSC_MSG_INFO, t('User details saved')); } else { ssc_add_message(SSC_MSG_CRIT, t('There was an error submitting this form')); } } } } }
/** * Gallery edit submission */ function gallery_form_submit() { global $ssc_database, $ssc_site_path; if ($_POST['gid'] == 0) { // Insert new $result = $ssc_database->query("INSERT INTO #__handler (status, handler, path) \n\t\t\t\tVALUES (0, %d, '%s')", module_id('gallery'), $_POST['url']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } $id = $ssc_database->last_id(); $result = $ssc_database->query("INSERT INTO #__gallery (id, title, description, visible) \n\t\t\t\tVALUES (%d, '%s', '%s', %d)", $id, $_POST['name'], $_POST['desc'], $_POST['vis']); if (!$result) { $ssc_database->query("DELETE FROM #__handler WHERE id = %d LIMIT 1", $id); ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } mkdir($ssc_site_path . '/images/gallery/' . $id); ssc_add_message(SSC_MSG_INFO, t('Gallery saved')); ssc_redirect('/admin/gallery/edit/' . $id); } else { $result = $ssc_database->query("UPDATE #__gallery g, #__handler h SET title = '%s', description = '%s', \n\t\t\t\tvisible = %d, path = '%s' WHERE g.id = %d AND g.id = h.id ", $_POST['name'], $_POST['desc'], $_POST['vis'], $_POST['url'], $_POST['gid']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Gallery details were not saved'); } else { ssc_add_message(SSC_MSG_INFO, 'Gallery details updated'); } } if (isset($_FILES['single'])) { // Uploading single file $ext = pathinfo($_FILES['single']['name']); $ext = "." . $ext['extension']; $file = $ssc_site_path . '/tmp/' . time() . "{$ext}"; if (!move_uploaded_file($_FILES['single']['tmp_name'], $file)) { return; } $image = new sscImage($file); // Possibly messy, but insert before resizing $result = $ssc_database->query("INSERT INTO #__gallery_content (gallery_id, caption, mid) VALUES (%d, '', 0)", $_POST['gid']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } $id = $ssc_database->last_id(); $path = $ssc_site_path . '/images/gallery/' . $_POST['gid'] . '/'; if (!$image->resize($path . $id . $ext, 1024, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } if (!$image->resize($path . $id . "_m{$ext}", 350, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); unlink($path . $id . $ext); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } if (!$image->resize($path . $id . "_t{$ext}", 150, -1)) { $ssc_database->query("DELETE FROM #__gallery_content WHERE id = %d LIMIT 1", $id); unlink($file); unlink($path . $id . $ext); unlink($path . $id . "_m.{$ext}"); ssc_add_message(SSC_MSG_CRIT, 'Unable to insert new image'); return; } ssc_add_message(SSC_MSG_INFO, t('Image uploaded')); unlink($file); } }
/** * Post submission */ function blog_post_submit() { global $ssc_user, $ssc_database; $blog = (int) $_POST['bid']; $id = (int) $_POST['id']; // Someone trying to circumvent things if ($blog == 0) { return; } if (isset($_POST['prev'])) { ssc_add_message(SSC_MSG_INFO, "Below is a preview of your post. Nothing has been saved yet."); return; } $require_redir = false; if ($id == 0) { // Insert $result = $ssc_database->query("INSERT INTO #__blog_post (blog_id, title, created, modified, body, urltext, author_id, is_draft, publish_time) VALUES (%d, '%s', %d, %d, '%s', '%s', %d, %d, 0)", $blog, $_POST['title'], time(), time(), $_POST['body'], $_POST['url'], $ssc_user->id, $_POST['is_draft'] + ($_POST['is_draft'] ? $_POST['repub'] << 1 : 0)); $_POST['id'] = $id = $ssc_database->last_id(); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } $require_redir = true; if ($_POST['is_draft'] == 0) { module_hook('mod_blog_post_publish', null, array($blog, $id, t($_POST['title']))); } } else { // Update // Determine changes.... $result = $ssc_database->query("SELECT body FROM #__blog_post p WHERE id = %d AND blog_id = %d", $id, $blog); if ($result && ($data = $ssc_database->fetch_assoc($result))) { $dirty = $data['body'] != $_POST['body']; if (!$dirty) { if ($_POST['repub']) { $ssc_database->query("UPDATE #__blog_post b SET title = '%s', urltext = '%s', is_draft = %d, created = %d, modified = %d WHERE id = %d AND blog_id = %d", $_POST['title'], $_POST['url'], $_POST['is_draft'] + ($_POST['is_draft'] ? $_POST['repub'] << 1 : 0), time(), time(), $id, $blog); } else { $ssc_database->query("UPDATE #__blog_post b SET title = '%s', urltext = '%s', is_draft = %d WHERE id = %d AND blog_id = %d", $_POST['title'], $_POST['url'], $_POST['is_draft'] + ($_POST['is_draft'] ? $_POST['repub'] << 1 : 0), $id, $blog); } } else { if ($_POST['repub']) { $ssc_database->query("UPDATE #__blog_post b SET title = '%s', body = '%s', urltext = '%s', is_draft = %d, created = %d, modified = %d WHERE id = %d AND blog_id = %d", $_POST['title'], $_POST['body'], $_POST['url'], $_POST['is_draft'] + ($_POST['is_draft'] ? $_POST['repub'] << 1 : 0), time(), time(), $id, $blog); } else { $ssc_database->query("UPDATE #__blog_post b SET title = '%s', body = '%s', urltext = '%s', is_draft = %d WHERE id = %d AND blog_id = %d", $_POST['title'], $_POST['body'], $_POST['url'], $_POST['is_draft'] + ($_POST['is_draft'] ? $_POST['repub'] << 1 : 0), $id, $blog); } } if ($_POST['is_draft'] == 0) { if ($_POST['repub']) { module_hook('mod_blog_post_publish', null, array($blog, $id, t($_POST['title']))); } else { if ($dirty) { module_hook('mod_blog_post_update', null, array($blog, $id, t($_POST['title']))); } } } } } // Tags $result = $ssc_database->query("SELECT tag_id FROM #__blog_relation WHERE post_id = %d", $id); $exist = array(); // Retrieve existing list of tags while ($data = $ssc_database->fetch_assoc($result)) { $exist[] = $data['tag_id']; } $exist = ',' . implode(',', $exist) . ','; if (isset($_POST['tid'])) { $tID = $_POST['tid']; // Loop through each tag id foreach ($tID as $key => $value) { $key = (int) $key; if ($key > 0 && strpos($exist, ',' . $key . ',') === false) { // If not present already, add to the relation table $ssc_database->query("INSERT INTO #__blog_relation (post_id, tag_id) VALUES (%d, %d)", $id, $key); } else { // Else, it's already there so don't need to add. // Remove from todelete list $exist = str_replace(',' . $key, '', $exist); } } } $exist = explode(',', $exist); $total = count($exist); for ($i = 0; $i < $total; $i++) { if ($tID = intval($exist[$i])) { $ssc_database->query("DELETE FROM #__blog_relation WHERE post_id = %d AND tag_id = %d LIMIT 1", $id, $tID); } } ssc_add_message(SSC_MSG_INFO, t('Post saved')); if ($require_redir) { ssc_redirect("/admin/blog/edit/{$blog}/post/{$id}"); } }
/** * Page submission */ function static_form_submit() { global $ssc_database; $id = intval($_POST['id']); if ($id == 0) { // Insert $result = $ssc_database->query("INSERT INTO #__handler (path, handler) VALUES ('%s', %d)", $_POST['url'], module_id('static')); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } $id = $ssc_database->last_id(); $result = $ssc_database->query("INSERT INTO #__static (id, title, created, modified, body) VALUES (%d, '%s', %d, %d, '%s')", $id, $_POST['title'], time(), time(), $_POST['body']); if (!$result) { ssc_add_message(SSC_MSG_CRIT, 'Error inserting into DB'); return; } ssc_add_message(SSC_MSG_INFO, t('Page saved')); ssc_redirect('/admin/static/edit/' . $id); } else { // Update $ssc_database->query("UPDATE #__static s, #__handler h SET s.title = '%s', s.body = '%s', h.path = '%s', s.modified = %d WHERE s.id = h.id AND s.id = %d", $_POST['title'], $_POST['body'], $_POST['url'], time(), $id); } ssc_add_message(SSC_MSG_INFO, t('Page saved')); }