/**
* Updates the matruschka
*/
public function update()
{
$title = strip_tags(Helper::safeSql($_POST['title']), '<a><br><ol><ul><li><b><strong><em>');
$description = strip_tags(Helper::safeSql($_POST['description']), '<a><br><ol><ul><li><b><strong><em><div>');
$text = strip_tags(Helper::safeSql($_POST['text']), '<a><br><ol><ul><li><b><strong><em><div>');
$published = $_POST['published'];
$level = $_POST['level'];
$pubDate = $_POST['pubDate'];
$orderNo = $_POST['orderNo'];
$adminLevel = $_POST['adminLevel'];
$buttonTitle = $_POST['buttonTitle'];
$buttonImage = $_POST['buttonImage'];
$ID = $this->ID;
$query = "UPDATE matruschka SET\t\n \t mAdminLevel = '{$adminLevel}',\n mMail = '',\n\t mRss = '',\n\t mTitle = '{$title}',\n\t mDescription ='{$description}',\n\t mText = '{$text}',\n mButtonImage = '{$buttonImage}',\n mButtonTitle = '{$buttonTitle}',\n mLink = '',\n mOrderNo = '{$orderNo}',\n\t mPublished='{$published}',\n\t mPubDate = '{$pubDate}'\n\t WHERE mRowid={$ID}";
$result = mysql_query($query) or die(mysql_error());
/*
* Updates the show at places
* Clear first, then insert
*/
/* Clears the showAtPlaces */
$query = "DELETE FROM matruschkaShowAtPlaces\n WHERE msapMatruschkaID='" . $ID . "'";
$result = mysql_query($query) or die(mysql_error());
/* Clears the belongingPlaces */
$query = "DELETE FROM matruschkaBelongingPlaces\n WHERE mbpMatruschkaID='" . $ID . "'";
$result = mysql_query($query) or die(mysql_error());
/* Clears the images */
$query = "DELETE FROM matruschkaImages\n WHERE miMatruschkaID='" . $ID . "'";
$result = mysql_query($query) or die(mysql_error());
/* Inserts the selected */
$this->insertData($ID);
}
<?php
include "admin_header.php";
$description = Helper::safeSql($_POST['description']);
$text = Helper::safeSql($_POST['text']);
if (isset($_POST['action']) && $_POST['action'] == "Skapa" && $_POST['redirect'] == "admin") {
$name = Helper::safeSql($_POST['name']);
$adress = Helper::safeSql($_POST['adress']);
$answer = Helper::safeSql($_POST['answer']);
$email = Helper::safeSql($_POST['email']);
$tel = Helper::safeSql($_POST['tel']);
$personal_number = Helper::safeSql($_POST['personal_number']);
$zip = Helper::safeSql($_POST['zip']);
$co = Helper::safeSql($_POST['co']);
$city = Helper::safeSql($_POST['city']);
$id = (int) Helper::safeSql($_POST['id']);
$query = "INSERT INTO competition_answers SET \t\t\t\n\t\t\tanswerAdress='{$adress}',\n\t\t\tanswerName='{$name}',\n\t\t\tanswerAnswer='{$answer}',\n\t\t\tanswerCity='{$city}',\n\t\t\tanswerPersonalNumber='{$personal_number}',\n\t\t\tanswerTel='{$tel}',\n\t\t\tanswerCountry='Sverige',\n\t\t\tanswerZip='{$zip}',\n\t\t\tanswerCo='{$co}',\n\t\t\tanswerEmail='{$email}',\n\t\t\tanswerComp_id='{$id}'";
$result = mysql_query($query) or die(mysql_error());
echo 'Tack för ditt deltagande!';
echo 'Vänta eller <a href="admin_comp_answers.php?id=' . $id . '">tryck</a>';
header("Refresh: 0; URL=admin_comp_answers.php?id=" . $id . "");
}
if (isset($_POST['action']) && $_POST['action'] == "Skapa" && $_POST['redirect'] != "admin") {
$images = $_POST['imageArray'];
$image_id = "";
if (isset($images[0]) && $images[0] != 0) {
$image_id = $images[0];
}
$query = "INSERT INTO competitions SET title='" . strip_tags($_POST['title']) . "', description='{$description}', answer='" . $_POST['answer'] . "', text='{$text}',date='" . $_POST['date'] . "', image_id='" . $image_id . "', published_by='" . $_SESSION['admin_logged'] . "', active='" . $_POST['active'] . "',forms='" . $_POST['forms'] . "'";
$result = mysql_query($query) or die(mysql_error());
echo 'Vänta eller <a href="admin_comp.php">tryck</a>';
<span class="smallPink">
<?php
$q = new Query("advertisement_categories");
$q->makeQuery("*", "rowid", "ASC", 100);
while ($row = mysql_fetch_assoc($q->getResult())) {
echo '<a href="?category=' . $row['rowid'] . '">' . $row['category'] . '</a> |';
}
?>
<a href="?category=0">Annonsera!</a>
</span><br />
<br />
<hr /><br />
<?php
$category = Helper::safeSql($_GET['category']);
if ($category == "0") {
?>
<form action="market_confirmation.php" method="post">
<table width="200" border="0" cellpadding="0" cellspacing="0">
<tr>
<td><strong>Titel</strong></td>
<td><label></label></td>
</tr>
<tr>
<td><input name="title" type="text" id="title" class="field" size="27" value="<?php
echo $_GET['title'];
?>
" /><br />
<?php
include "admin_header.php";
$title = Helper::safeSql($_POST['title']);
$text = Helper::safeSql($_POST['text']);
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
$images = $_POST['imageArray'];
$image_id = "";
if (isset($images[0]) && $images[0] != 0) {
$image_id = $images[0];
}
$query = "UPDATE announce SET title='" . strip_tags($_POST['title']) . "', text='" . $text . "', image_id='" . $image_id . "' WHERE rowid='1'";
$result = mysql_query($query) or die(mysql_error());
}
echo 'Vänta eller <a href="admin_contact.php">tryck</a>';
header("Refresh: 0; URL=admin_announce.php");
include "admin_footer.php";
<?php
include "admin_header.php";
/******************************************************ACTION****************************************************/
$demo_id = $_GET['demo_id'];
$description = Helper::safeSql($_GET['description']);
$text = Helper::safeSql($_GET['text']);
$query = "SELECT * FROM demos \n\t\tWHERE rowid='" . $_GET['demo_id'] . "'";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if (isset($_GET['action']) && $_GET['action'] == "Uppdatera" && $rows == 1) {
//Clean first
$query = "DELETE FROM demo_songs WHERE demo_id ='" . $_GET['demo_id'] . "' ";
$result = mysql_query($query) or die(mysql_error());
//Then add
$mp3_array = $_GET['mp3Array'];
for ($i = 0; $i < count($mp3_array); $i++) {
$query = "INSERT INTO demo_songs SET song_id ='" . $mp3_array[$i] . "', demo_id='" . $_GET['demo_id'] . "' ";
$result = mysql_query($query) or die(mysql_error());
}
$query = "UPDATE demos SET name='" . $_GET['title'] . "', text='{$text}', description='{$description}', active='" . $_GET['active'] . "',week_demo='" . $_GET['week_demo'] . "',image_id='" . $_GET['imageArray'][0] . "', link_url='" . $_GET['link_url'] . "', date='" . $_GET['date'] . "'\n\t\t\tWHERE rowid='" . $_GET['demo_id'] . "' ";
$result = mysql_query($query) or die(mysql_error());
echo '<a href="admin_demo_edit.php?demo_id=$demo_id">Om ingenting händer klicka här</a>';
header("Refresh: 0; URL=admin_demo_edit.php?demo_id={$demo_id}");
}
if (isset($_GET['action']) && $_GET['action'] == "remove" && $rows == 1) {
$query = "DELETE FROM demos WHERE rowid='" . $_GET['demo_id'] . "'";
$result = mysql_query($query) or die(mysql_error());
echo '<a href="admin_demo.php">Om ingenting händer klicka här</a>';
header("Refresh: 0; URL=admin_demo.php");
}
<?php
include "admin_header.php";
if ($_POST['action'] == "Uppdatera") {
//$top40 = Helper::safeSql($_POST['top']);
$query = "DELETE FROM top40 WHERE top40Username='******'admin_logged'] . "'";
//"DELETE FROM news WHERE id=$id";
$result = mysql_query($query) or die(mysql_error());
for ($i = 0; $i < count($_POST['group']); $i++) {
$query = "INSERT INTO top40 SET top40Album='" . Helper::safeSql($_POST['album'][$i]) . "',top40Group='" . Helper::safeSql($_POST['group'][$i]) . "',top40ID='" . ($i + 1) . "', top40Username='******'admin_logged'] . "'";
$result = mysql_query($query) or die(mysql_error());
}
}
?>
<form action="<?php
$_SERVER['PHP_SELF'];
?>
" method="post">
<h2>Topp 40</h2>
Grupp - Album
<ol>
<?php
$form = new Form();
$q = new Query("top40");
for ($i = 1; $i <= 40; $i++) {
$q->whereCustom("*", "top40Username = '******'admin_logged'] . "' AND top40ID = '{$i}' ", "top40ID", "ASC", 100);
$group = htmlspecialchars($q->getResultRow("top40Group"), ENT_QUOTES);
echo '</div>' . "\n";
echo '<div class="newsPicActual">' . "\n";
if ($obj->file) {
echo Image::displayImage($obj->file, 315, "", $obj->name);
}
if ($obj->photo) {
echo ' Foto: ' . $obj->photo . "\n";
}
echo '</div> ' . "\n";
echo '<div class="newsActualText">';
echo $obj->text;
echo '</div>' . "\n";
echo '</div>' . "\n";
}
if ($_POST['search']) {
$search = Helper::safeSql($_POST['search']);
$query = " SELECT * FROM new";
$query .= " WHERE (title LIKE '%{$search}%'";
$query .= " OR description LIKE '%{$search}%')";
$query .= " AND active = '1'";
$query .= " ORDER BY date DESC";
$query .= " LIMIT 0, 20";
$result = mysql_query($query) or die(mysql_error());
echo '<div class="newsFlow2">' . "\n";
echo '<div class="bg">' . "\n";
echo '<div id="searchResult">' . "\n";
if (mysql_num_rows($result) == 0) {
echo "<strong>Tyvärr</strong>, din sökning gav inga resultat.";
}
echo '<ul>' . "\n";
while ($row = mysql_fetch_object($result)) {
<?php
include "admin_header.php";
$title = Helper::safeSql($_POST['title']);
$description = Helper::safeSql($_POST['description']);
?>
<h2>Vimmelbilder</h2>
Skapa en kategori att lägga bilder i.<br/>
Klicka sedan på din nyskapade kategori i listan nedan.
<?php
if ($_GET['action'] == "edit") {
$catQ = new Query("vimmel_categories");
$catQ->whereQuery("*", "rowid", $_GET['id'], "rowid", "DESC", 1);
?>
<h4>Kategorinamn</h4>
<form action="admin_vimmel_action.php" method="post">
<input name="title" type="text" size="50" value="<?php
echo htmlspecialchars($catQ->getResultRow("title"), ENT_QUOTES);
?>
">
<h4>Beskrivning</h4>
<textarea name="description" cols="50" rows="10"><?php
echo $catQ->getResultRow("description");
?>
</textarea><br/>
<h4>Datum</h4>
<input name="date" type="text" maxlength="19" value="<?php
echo $catQ->getResultRow("date");
?>
"><br/><br/>
<input name="id" type="hidden" value="<?php
<?php
include "admin_header.php";
$bannersCode = Helper::safeSql($_POST['bannersCode']);
if (isset($_POST['action']) && $_POST['action'] == "Skapa") {
$query = "INSERT INTO banners SET link='" . $_POST['link'] . "', target='" . $_POST['target'] . "', bannersCode='" . $bannersCode . "', image_id='" . $_POST['imageArray'][0] . "', order_no='" . $_POST['order'] . "',category='" . $_POST['category'] . "'";
$result = mysql_query($query) or die(mysql_error());
}
if (isset($_GET['action']) && $_GET['action'] == "remove") {
$query = "DELETE FROM banners WHERE rowid='" . $_GET['id'] . "'";
$result = mysql_query($query) or die(mysql_error());
}
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
$query = "UPDATE banners SET category='" . $_POST['category'] . "', link='" . $_POST['link'] . "', target='" . $_POST['target'] . "',bannersCode='" . $bannersCode . "', order_no='" . $_POST['order'] . "', image_id='" . $_POST['imageArray'][0] . "' WHERE rowid='" . $_POST['id'] . "' ";
$result = mysql_query($query) or die(mysql_error());
}
if ($_POST['category'] == "top") {
echo 'Vänta eller <a href="admin_banners_top.php">tryck</a>';
header("Refresh: 0; URL=admin_banners_top.php");
} else {
if ($_POST['category'] == "right") {
echo 'Vänta eller <a href="admin_banners_right.php">tryck</a>';
header("Refresh: 0; URL=admin_banners_right.php");
} else {
if ($_GET['action'] == "remove") {
echo 'Vänta eller <a href="admin_banners.php">tryck</a>';
header("Refresh: 0; URL=admin_banners.php");
}
}
}
?>
<?php
include "admin_header.php";
$description = Helper::safeSql($_POST['description']);
$title = Helper::safeSql($_POST['title']);
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
/*$images=$_POST['imageArray'];
$image_id="";
if(isset($images[0]) && $images[0]!=0) {
$image_id=$images[0];
}*/
$query = "UPDATE monthly_magazine SET crossword='" . $_POST['imageArray'][0] . "' \n\t\t\tWHERE number='" . $_POST['number'] . "'";
$result = mysql_query($query) or die(mysql_error());
}
echo 'Vänta eller <a href="admin_monthly.php">tryck</a>';
header("Refresh: 0; URL=admin_monthly.php");
include "admin_footer.php";