<?php require_once "../initialize.php"; $message = ""; if (isset($_POST['userid']) && $_POST['userid'] != "" && isset($_POST['itemid']) && $_POST['itemid'] != "" && isset($_POST['itemtype']) && $_POST['itemtype'] != "" && isset($_POST['rating']) && $_POST['rating'] != "" && isset($_POST['review']) && $_POST['review'] != "") { $object = Review::get_by_id($_POST['reviewid']); $object->userid = $_POST['userid']; $object->itemid = $_POST['itemid']; $object->itemtype = $_POST['itemtype']; $object->review = $_POST['review']; $object->rating = $_POST['rating']; $object->pending = $_POST['pending']; $object->enabled = $_POST['enabled']; $object->update(); $log = new Log($session->userid, $clientip, "WEB", "UPDATED REVIEW: " . $object->id); $log->create(); $message .= "success"; } else { $message = "You have missed a required field."; } echo $message;
<?php require_once "../../includes/initialize.php"; global $session; if (!$session->is_logged_in()) { redirect_to("../../index.php"); } $page = $_GET['page']; $limit = $_GET['rows']; $sidx = $_GET['sidx']; $sord = $_GET['sord']; $object = Review::get_by_id($session->userid); $objects_count = Review::get_by_sql("SELECT * FROM " . T_REVIEWS); $count = count($objects_count); if ($count > 0 && $limit > 0) { $total_pages = ceil($count / $limit); } else { $total_pages = 0; } if ($page > $total_pages) { $page = $total_pages; } $start = $limit * $page - $limit; if ($start < 0) { $start = 0; } if (!$sidx) { $sidx = 1; } $ops = array('eq' => '=', 'ne' => '<>', 'lt' => '<', 'le' => '<=', 'gt' => '>', 'ge' => '>=', 'bw' => 'LIKE', 'bn' => 'NOT LIKE', 'in' => 'LIKE', 'ni' => 'NOT LIKE', 'ew' => 'LIKE', 'en' => 'NOT LIKE', 'cn' => 'LIKE', 'nc' => 'NOT LIKE'); if (isset($_GET['searchString']) && isset($_GET['searchField']) && isset($_GET['searchOper'])) {
StorePic::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "product") { Product::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "producttype") { ProductType::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "productpic") { ProductPic::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "traffic") { Traffic::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "review") { Review::get_by_id($_GET['itemid'])->delete(); } else { if ($_GET['itemtype'] == "featureditem") { FeaturedItem::get_by_id($_GET['itemid'])->delete(); } else { $message = "unknown parameter passed"; } } } } } } } } } }
$object->itemtype = $_POST['itemtype']; $object->review = $_POST['review']; $object->rating = $_POST['rating']; $object->pending = $_POST['pending']; $object->enabled = $_POST['enabled']; $object->create(); $log = new Log($session->userid, $clientip, "WEB", "CREATED REVIEW: " . $_POST['id']); $log->create(); } else { if ($_POST['oper'] == 'edit') { $object = Review::get_by_id($_POST['id']); $object->userid = $_POST['userid']; $object->itemid = $_POST['itemid']; $object->itemtype = $_POST['itemtype']; $object->review = $_POST['review']; $object->rating = $_POST['rating']; $object->pending = $_POST['pending']; $object->enabled = $_POST['enabled']; $object->update(); $log = new Log($session->userid, $clientip, "WEB", "UPDATED REVIEW: " . $_POST['id']); $log->create(); } else { if ($_POST['oper'] == 'del') { if ($_POST['id'] != $session->userid) { $log = new Log($session->userid, $clientip, "WEB", "DELETED REVIEW: " . $_POST['id']); $log->create(); Review::get_by_id($_POST['id'])->delete(); } } } }
<?php require_once "header.php"; if (isset($_GET['id'])) { $object = Review::get_by_id($_GET['id']); } else { header("location: index.php?negative"); } if (!$session->is_logged_in()) { header("location: index.php?negative"); } else { $loggeduser = User::get_by_id($session->userid); if ($loggeduser->enabled == DISABLED) { header("location: index.php?disabled"); } } $pathinfo = pathinfo($_SERVER["PHP_SELF"]); $basename = $pathinfo["basename"]; $currentFile = str_replace(".php", "", $basename); ?> <div class="container-fluid"> <div class="row-fluid"> <div class="span1"></div> <div class="span9"> <form id="theform" class="form-horizontal" action="#" method="post" enctype="multipart/form-data"> <fieldset> <legend> Update </legend>