exit;
}
if (!isset($_GET['key'])) {
exit;
}
$id = (int) $_GET['id'];
$key = $_GET['key'];
$query = 'select
author, title, year, price, isbn, expires, description
from books where id="' . $id . '" and auth_key="' . $key . '"';
$result = mysql_query($query);
if (mysql_num_rows($result) == 0) {
$error = 'not found';
} else {
/* we have valid access to this book */
$selectableCategories = new SelectableCategories($id);
if (isset($_POST['author'])) {
/* update base book data */
$query = 'update books set
author = "' . $_POST['author'] . '",
title = "' . $_POST['title'] . '",
year = "' . $_POST['year'] . '",
isbn = "' . $_POST['isbn'] . '",
price = "' . str_replace(',', '.', $_POST['price']) . '",
description = "' . $_POST['desc'] . '"
where id="' . $id . '" and auth_key="' . $key . '"';
mysql_query($query);
/* update category relations */
$selectableCategories->update();
/* update expire date and look at the book */
require 'renew.php';
$indices = array('author', 'title', 'price', 'year', 'isbn', 'description');
$bookString = trim($bookString);
$bookLines = split("\n", $bookString, sizeof($labels));
for ($i = 0; $i < sizeof($labels); $i++) {
list($label, $value) = split(':', $bookLines[$i], 2);
if (trim($label) != $labels[$i]) {
$value = '';
}
$value = Parser::text2html(stripslashes(trim($value)));
$tmpl->assign($indices[$i], $value);
}
}
$usermail = Parser::text2html(stripslashes(Mailer::mailFromUser('mail')));
if (isset($_POST['book_data'])) {
$tmpl = Template::fromFile('view/add_form.html');
import_book($_POST['book_data'], $tmpl);
if (isset($_POST['mail'])) {
$tmpl->assign('mail', $usermail);
}
$selectableCategories = new SelectableCategories();
$categoryString = implode(' ', $selectableCategories->createSelectArray());
$tmpl->assign('categories', $categoryString);
} else {
$tmpl = Template::fromFile('view/import.html');
if (isset($_GET['mail'])) {
$mailTmpl = $tmpl->addSubtemplate('mail');
$mailTmpl->assign('mail', $usermail);
}
}
$output = new Output();
$output->send($tmpl->result());
