/**
  * Updates the matruschka
  */
 public function update()
 {
     $title = strip_tags(Helper::safeSql($_POST['title']), '<a><br><ol><ul><li><b><strong><em>');
     $description = strip_tags(Helper::safeSql($_POST['description']), '<a><br><ol><ul><li><b><strong><em><div>');
     $text = strip_tags(Helper::safeSql($_POST['text']), '<a><br><ol><ul><li><b><strong><em><div>');
     $published = $_POST['published'];
     $level = $_POST['level'];
     $pubDate = $_POST['pubDate'];
     $orderNo = $_POST['orderNo'];
     $adminLevel = $_POST['adminLevel'];
     $buttonTitle = $_POST['buttonTitle'];
     $buttonImage = $_POST['buttonImage'];
     $ID = $this->ID;
     $query = "UPDATE matruschka SET\t\n      \t      mAdminLevel = '{$adminLevel}',\n              mMail = '',\n\t      mRss = '',\n\t      mTitle = '{$title}',\n\t      mDescription ='{$description}',\n\t      mText = '{$text}',\n              mButtonImage = '{$buttonImage}',\n              mButtonTitle = '{$buttonTitle}',\n              mLink = '',\n              mOrderNo = '{$orderNo}',\n\t      mPublished='{$published}',\n\t      mPubDate = '{$pubDate}'\n\t      WHERE mRowid={$ID}";
     $result = mysql_query($query) or die(mysql_error());
     /* 
      * Updates the show at places
      * Clear first, then insert
      */
     /* Clears the showAtPlaces */
     $query = "DELETE FROM matruschkaShowAtPlaces\n            WHERE msapMatruschkaID='" . $ID . "'";
     $result = mysql_query($query) or die(mysql_error());
     /* Clears the belongingPlaces */
     $query = "DELETE FROM matruschkaBelongingPlaces\n            WHERE mbpMatruschkaID='" . $ID . "'";
     $result = mysql_query($query) or die(mysql_error());
     /* Clears the images */
     $query = "DELETE FROM matruschkaImages\n            WHERE miMatruschkaID='" . $ID . "'";
     $result = mysql_query($query) or die(mysql_error());
     /* Inserts the selected */
     $this->insertData($ID);
 }
Beispiel #2
0
<?php

include "admin_header.php";
$description = Helper::safeSql($_POST['description']);
$text = Helper::safeSql($_POST['text']);
if (isset($_POST['action']) && $_POST['action'] == "Skapa" && $_POST['redirect'] == "admin") {
    $name = Helper::safeSql($_POST['name']);
    $adress = Helper::safeSql($_POST['adress']);
    $answer = Helper::safeSql($_POST['answer']);
    $email = Helper::safeSql($_POST['email']);
    $tel = Helper::safeSql($_POST['tel']);
    $personal_number = Helper::safeSql($_POST['personal_number']);
    $zip = Helper::safeSql($_POST['zip']);
    $co = Helper::safeSql($_POST['co']);
    $city = Helper::safeSql($_POST['city']);
    $id = (int) Helper::safeSql($_POST['id']);
    $query = "INSERT INTO competition_answers SET \t\t\t\n\t\t\tanswerAdress='{$adress}',\n\t\t\tanswerName='{$name}',\n\t\t\tanswerAnswer='{$answer}',\n\t\t\tanswerCity='{$city}',\n\t\t\tanswerPersonalNumber='{$personal_number}',\n\t\t\tanswerTel='{$tel}',\n\t\t\tanswerCountry='Sverige',\n\t\t\tanswerZip='{$zip}',\n\t\t\tanswerCo='{$co}',\n\t\t\tanswerEmail='{$email}',\n\t\t\tanswerComp_id='{$id}'";
    $result = mysql_query($query) or die(mysql_error());
    echo 'Tack för ditt deltagande!';
    echo 'V&auml;nta eller <a href="admin_comp_answers.php?id=' . $id . '">tryck</a>';
    header("Refresh: 0; URL=admin_comp_answers.php?id=" . $id . "");
}
if (isset($_POST['action']) && $_POST['action'] == "Skapa" && $_POST['redirect'] != "admin") {
    $images = $_POST['imageArray'];
    $image_id = "";
    if (isset($images[0]) && $images[0] != 0) {
        $image_id = $images[0];
    }
    $query = "INSERT INTO competitions SET title='" . strip_tags($_POST['title']) . "', description='{$description}', answer='" . $_POST['answer'] . "', text='{$text}',date='" . $_POST['date'] . "', image_id='" . $image_id . "', published_by='" . $_SESSION['admin_logged'] . "', active='" . $_POST['active'] . "',forms='" . $_POST['forms'] . "'";
    $result = mysql_query($query) or die(mysql_error());
    echo 'V&auml;nta eller <a href="admin_comp.php">tryck</a>';
Beispiel #3
0
<span class="smallPink">
<?php 
$q = new Query("advertisement_categories");
$q->makeQuery("*", "rowid", "ASC", 100);
while ($row = mysql_fetch_assoc($q->getResult())) {
    echo '<a href="?category=' . $row['rowid'] . '">' . $row['category'] . '</a> |';
}
?>
<a href="?category=0">Annonsera!</a>
</span><br />
<br />
<hr /><br />


<?php 
$category = Helper::safeSql($_GET['category']);
if ($category == "0") {
    ?>


     <form action="market_confirmation.php" method="post">
     <table width="200" border="0" cellpadding="0" cellspacing="0">
      <tr>
        <td><strong>Titel</strong></td>
        <td><label></label></td>
      </tr>
      <tr>
        <td><input name="title" type="text" id="title" class="field" size="27" value="<?php 
    echo $_GET['title'];
    ?>
" /><br />
<?php

include "admin_header.php";
$title = Helper::safeSql($_POST['title']);
$text = Helper::safeSql($_POST['text']);
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
    $images = $_POST['imageArray'];
    $image_id = "";
    if (isset($images[0]) && $images[0] != 0) {
        $image_id = $images[0];
    }
    $query = "UPDATE announce SET title='" . strip_tags($_POST['title']) . "', text='" . $text . "', image_id='" . $image_id . "' WHERE rowid='1'";
    $result = mysql_query($query) or die(mysql_error());
}
echo 'V&auml;nta eller <a href="admin_contact.php">tryck</a>';
header("Refresh: 0; URL=admin_announce.php");
include "admin_footer.php";
Beispiel #5
0
<?php

include "admin_header.php";
/******************************************************ACTION****************************************************/
$demo_id = $_GET['demo_id'];
$description = Helper::safeSql($_GET['description']);
$text = Helper::safeSql($_GET['text']);
$query = "SELECT * FROM demos \n\t\tWHERE rowid='" . $_GET['demo_id'] . "'";
$result = mysql_query($query) or die(mysql_error());
$rows = mysql_num_rows($result);
if (isset($_GET['action']) && $_GET['action'] == "Uppdatera" && $rows == 1) {
    //Clean first
    $query = "DELETE FROM demo_songs WHERE demo_id ='" . $_GET['demo_id'] . "' ";
    $result = mysql_query($query) or die(mysql_error());
    //Then add
    $mp3_array = $_GET['mp3Array'];
    for ($i = 0; $i < count($mp3_array); $i++) {
        $query = "INSERT INTO demo_songs SET song_id ='" . $mp3_array[$i] . "', demo_id='" . $_GET['demo_id'] . "' ";
        $result = mysql_query($query) or die(mysql_error());
    }
    $query = "UPDATE demos SET name='" . $_GET['title'] . "', text='{$text}', description='{$description}', active='" . $_GET['active'] . "',week_demo='" . $_GET['week_demo'] . "',image_id='" . $_GET['imageArray'][0] . "', link_url='" . $_GET['link_url'] . "', date='" . $_GET['date'] . "'\n\t\t\tWHERE rowid='" . $_GET['demo_id'] . "' ";
    $result = mysql_query($query) or die(mysql_error());
    echo '<a href="admin_demo_edit.php?demo_id=$demo_id">Om ingenting h&auml;nder klicka h&auml;r</a>';
    header("Refresh: 0; URL=admin_demo_edit.php?demo_id={$demo_id}");
}
if (isset($_GET['action']) && $_GET['action'] == "remove" && $rows == 1) {
    $query = "DELETE FROM demos WHERE rowid='" . $_GET['demo_id'] . "'";
    $result = mysql_query($query) or die(mysql_error());
    echo '<a href="admin_demo.php">Om ingenting h&auml;nder klicka h&auml;r</a>';
    header("Refresh: 0; URL=admin_demo.php");
}
Beispiel #6
0
<?php

include "admin_header.php";
if ($_POST['action'] == "Uppdatera") {
    //$top40 = Helper::safeSql($_POST['top']);
    $query = "DELETE FROM top40 WHERE top40Username='******'admin_logged'] . "'";
    //"DELETE FROM news WHERE id=$id";
    $result = mysql_query($query) or die(mysql_error());
    for ($i = 0; $i < count($_POST['group']); $i++) {
        $query = "INSERT INTO top40 SET top40Album='" . Helper::safeSql($_POST['album'][$i]) . "',top40Group='" . Helper::safeSql($_POST['group'][$i]) . "',top40ID='" . ($i + 1) . "', top40Username='******'admin_logged'] . "'";
        $result = mysql_query($query) or die(mysql_error());
    }
}
?>

<form action="<?php 
$_SERVER['PHP_SELF'];
?>
" method="post">


<h2>Topp 40</h2>

Grupp - Album
<ol>
<?php 
$form = new Form();
$q = new Query("top40");
for ($i = 1; $i <= 40; $i++) {
    $q->whereCustom("*", "top40Username = '******'admin_logged'] . "' AND top40ID = '{$i}' ", "top40ID", "ASC", 100);
    $group = htmlspecialchars($q->getResultRow("top40Group"), ENT_QUOTES);
Beispiel #7
0
    echo '</div>' . "\n";
    echo '<div class="newsPicActual">' . "\n";
    if ($obj->file) {
        echo Image::displayImage($obj->file, 315, "", $obj->name);
    }
    if ($obj->photo) {
        echo ' Foto: ' . $obj->photo . "\n";
    }
    echo '</div> ' . "\n";
    echo '<div class="newsActualText">';
    echo $obj->text;
    echo '</div>' . "\n";
    echo '</div>' . "\n";
}
if ($_POST['search']) {
    $search = Helper::safeSql($_POST['search']);
    $query = " SELECT * FROM new";
    $query .= " WHERE (title LIKE '%{$search}%'";
    $query .= " OR description LIKE '%{$search}%')";
    $query .= " AND active = '1'";
    $query .= " ORDER BY date DESC";
    $query .= " LIMIT 0, 20";
    $result = mysql_query($query) or die(mysql_error());
    echo '<div class="newsFlow2">' . "\n";
    echo '<div class="bg">' . "\n";
    echo '<div id="searchResult">' . "\n";
    if (mysql_num_rows($result) == 0) {
        echo "<strong>Tyv&auml;rr</strong>, din s&ouml;kning gav inga resultat.";
    }
    echo '<ul>' . "\n";
    while ($row = mysql_fetch_object($result)) {
<?php

include "admin_header.php";
$title = Helper::safeSql($_POST['title']);
$description = Helper::safeSql($_POST['description']);
?>
<h2>Vimmelbilder</h2>
Skapa en kategori att l&auml;gga bilder i.<br/>
 Klicka sedan p&aring; din nyskapade kategori i listan nedan.
<?php 
if ($_GET['action'] == "edit") {
    $catQ = new Query("vimmel_categories");
    $catQ->whereQuery("*", "rowid", $_GET['id'], "rowid", "DESC", 1);
    ?>
	<h4>Kategorinamn</h4>
    <form action="admin_vimmel_action.php" method="post">
    <input name="title" type="text" size="50" value="<?php 
    echo htmlspecialchars($catQ->getResultRow("title"), ENT_QUOTES);
    ?>
">
    <h4>Beskrivning</h4>
    <textarea name="description" cols="50" rows="10"><?php 
    echo $catQ->getResultRow("description");
    ?>
</textarea><br/>
    <h4>Datum</h4>
    <input name="date" type="text" maxlength="19" value="<?php 
    echo $catQ->getResultRow("date");
    ?>
"><br/><br/>
    <input name="id" type="hidden" value="<?php 
<?php

include "admin_header.php";
$bannersCode = Helper::safeSql($_POST['bannersCode']);
if (isset($_POST['action']) && $_POST['action'] == "Skapa") {
    $query = "INSERT INTO banners SET link='" . $_POST['link'] . "', target='" . $_POST['target'] . "', bannersCode='" . $bannersCode . "', image_id='" . $_POST['imageArray'][0] . "', order_no='" . $_POST['order'] . "',category='" . $_POST['category'] . "'";
    $result = mysql_query($query) or die(mysql_error());
}
if (isset($_GET['action']) && $_GET['action'] == "remove") {
    $query = "DELETE FROM banners WHERE rowid='" . $_GET['id'] . "'";
    $result = mysql_query($query) or die(mysql_error());
}
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
    $query = "UPDATE banners SET category='" . $_POST['category'] . "', link='" . $_POST['link'] . "', target='" . $_POST['target'] . "',bannersCode='" . $bannersCode . "', order_no='" . $_POST['order'] . "', image_id='" . $_POST['imageArray'][0] . "'  WHERE rowid='" . $_POST['id'] . "' ";
    $result = mysql_query($query) or die(mysql_error());
}
if ($_POST['category'] == "top") {
    echo 'V&auml;nta eller <a href="admin_banners_top.php">tryck</a>';
    header("Refresh: 0; URL=admin_banners_top.php");
} else {
    if ($_POST['category'] == "right") {
        echo 'V&auml;nta eller <a href="admin_banners_right.php">tryck</a>';
        header("Refresh: 0; URL=admin_banners_right.php");
    } else {
        if ($_GET['action'] == "remove") {
            echo 'V&auml;nta eller <a href="admin_banners.php">tryck</a>';
            header("Refresh: 0; URL=admin_banners.php");
        }
    }
}
?>
<?php

include "admin_header.php";
$description = Helper::safeSql($_POST['description']);
$title = Helper::safeSql($_POST['title']);
if (isset($_POST['action']) && $_POST['action'] == "Uppdatera") {
    /*$images=$_POST['imageArray'];
    	$image_id="";
    	if(isset($images[0]) && $images[0]!=0) {
    		$image_id=$images[0];
    	}*/
    $query = "UPDATE monthly_magazine SET crossword='" . $_POST['imageArray'][0] . "' \n\t\t\tWHERE number='" . $_POST['number'] . "'";
    $result = mysql_query($query) or die(mysql_error());
}
echo 'V&auml;nta eller <a href="admin_monthly.php">tryck</a>';
header("Refresh: 0; URL=admin_monthly.php");
include "admin_footer.php";