Beispiel #1
0
                 $isbn = substr($isbn, 0, 3) . "-" . substr($isbn, 3, 1) . "-" . substr($isbn, 4, 3) . "-" . substr($isbn, 7, 5) . "-" . substr($isbn, 12);
             }
         }
     }
     //sanitize user generated vars
     $title = strip_tags(htmlspecialchars($title));
     $price = $price != 0 ? "\$" . round($price, 2) : "";
     $details = str_replace("\n", "<br>", strip_tags(htmlspecialchars($details)));
     $location = strip_tags(htmlspecialchars($location));
     $uName = strip_tags(htmlspecialchars($uName));
     $author = strip_tags(htmlspecialchars($author));
 }
 //update view count
 if ($loggedIn && $_SESSION['username'] != $uName || !$loggedIn) {
     if (!isset($_COOKIE[$identifier])) {
         if ($stmt = $cs->getListingConnection()->prepare("UPDATE `" . $schoolTextId . "` SET `views` = `views` + 1 WHERE `id` = ? LIMIT 1")) {
             //prepare query
             $stmt->bind_param('i', $id);
             $stmt->execute();
             $stmt->close();
             $views++;
             $expire = time() + 60 * 60 * 24;
             # 1 Day
             $path = "/";
             setCookie($identifier, "true", $expire, $path);
         }
     }
 } else {
     $myPost = true;
 }
 //get poster details
Beispiel #2
0
<?php

require_once "framework2/CredentialStore.php";
$cs = new CredentialStore();
$loggedIn = $cs->getLoginStatus();
//get page args
$args = array_keys($_GET);
$args = split(":", $args[0]);
$identifier = $args[1];
$schoolTextId = $args[0];
if ($cs->getSchoolName($schoolTextId) == null || !$loggedIn) {
    return;
}
if ($identifier != null) {
    if ($editSTMT = $cs->getListingConnection()->prepare("SELECT id, title, details, price, tags FROM " . $schoolTextId . " WHERE identifier = ? LIMIT 1")) {
        $editSTMT->bind_param("s", $identifier);
        $editSTMT->execute();
        // Execute the prepared query.
        $editSTMT->store_result();
        $editSTMT->bind_result($id, $title, $details, $price, $tags);
        $editSTMT->fetch();
        if ($editSTMT->num_rows < 1) {
            header('Location: ./');
        }
        $title = htmlspecialchars($title);
        $price = $price != 0 ? "\$" . round($price, 2) : "(no price)";
        $details = htmlspecialchars($details);
    }
}
?>
<!DOCTYPE html>