function updateListHist($listId) { global $debug, $message, $Dbc; $stmt = $Dbc->prepare("UPDATE\n\tlists\nSET\n\tmId = ?,\n\tmodified = ?\nWHERE\n\tlistId = ?"); $stmt->execute(array($_SESSION['userId'], DATETIME, $listId)); $stmt = $Dbc->prepare("SELECT\n\tfolderId\nFROM\n\tlists\nWHERE\n\tlistId = ?"); $stmt->execute(array($listId)); $row = $stmt->fetch(PDO::FETCH_ASSOC); if (!empty($row['folderId'])) { updateFolderHist($row['folderId']); } }
function listPropertiesStep2() { //User must be Manager (3) or Owner (4). global $debug, $message, $success, $Dbc, $returnThis; $output = ''; try { if (empty($_POST['listId'])) { throw new Adrlist_CustomException('', '$_POST[\'listId\'] is empty.'); } elseif (empty($_POST['newListName'])) { throw new Adrlist_CustomException('', '$_POST[\'newListName\'] is empty.'); } elseif (!isset($_POST['newFolderId'])) { throw new Adrlist_CustomException('', '$_POST[\'newFolderId\'] is not set.'); } elseif (empty($_POST['newListFramerate'])) { throw new Adrlist_CustomException('', '$_POST[\'newListFramerate\'] is empty.'); } $_POST['listId'] = intThis($_POST['listId']); $_POST['newListName'] = trim($_POST['newListName']); $_POST['newListFramerate'] = intThis($_POST['newListFramerate']); $_POST['newFolderId'] = intThis($_POST['newFolderId']); //Check the user's list role. $listInfo = getListInfo($_SESSION['userId'], $_POST['listId']); if ($listInfo === false || $listInfo['listRoleId'] < 3) { throw new Adrlist_CustomException('Your role does not allow you to change the properties of this list.', ''); } $Dbc->beginTransaction(); //Build the update statement and params. $updateFolderPropertiesStmt = "UPDATE\n\tlists\nJOIN\n\tuserListSettings ON lists.listId = userListSettings.listId AND\n\tuserListSettings.userId = ? AND\n\tlists.listId = ?\nSET\n\tlists.listName = ?,\n\tlists.frId = ?"; $updateFolderPropertiesParams = array($_SESSION['userId'], $_POST['listId'], $_POST['newListName'], $_POST['newListFramerate']); if (empty($_POST['newFolderId'])) { //Set folderID to NULL. $updateFolderPropertiesStmt .= ",\nlists.folderId = ?"; $updateFolderPropertiesParams[] = NULL; } else { //A folder was selected. Verify the user's folderRoleId. $folderInfo = getFolderInfo($_SESSION['userId'], $_POST['newFolderId']); $folderRoleId = $folderInfo['folderRoleId']; if (empty($folderRoleId) || $folderRoleId < 4) { //We don't care if there is no role or if the role is zero. Either way, deny access. throw new Adrlist_CustomException('Your role does not allow you to add lists to that folder.', ''); } //Update the folder properties and set the folderID. $updateFolderPropertiesStmt .= ",\nlists.folderId = ?"; $updateFolderPropertiesParams[] = $_POST['newFolderId']; //Make sure all list users have a folderRoleId. //Select the list users. $listUsersStmt = $Dbc->prepare("SELECT\n\tusers.userId AS 'userId',\n\tuserListSettings.listRoleId AS 'listRoleId'\nFROM\n\tusers\nJOIN\n\tuserListSettings ON userListSettings.userId = users.userId AND\n\tuserListSettings.listId = ?"); $listUsersStmt->execute(array($_POST['listId'])); $listUsers = array(); $insertFolderRoleStmt = $Dbc->prepare("INSERT INTO\n\tuserFolderSettings\nSET\n\tfolderId = ?,\n\tuserId = ?,\n\tfolderRoleId = ?,\n\tdateAdded = ?"); while ($listUsersRow = $listUsersStmt->fetch(PDO::FETCH_ASSOC)) { $listUsers[] = array('userId' => $listUsersRow['userId'], 'listRoleId' => $listUsersRow['listRoleId']); //Check if the list users has a folderRoleId. $folderInfo = getFolderInfo($listUsersRow['userId'], $_POST['newFolderId']); $folderRoleId = $folderInfo['folderRoleId']; if ($folderRoleId === false && $listUsersRow['listRoleId'] != 4) { //The user has no current folderRoleId and is not the owner of the folder. The default folderRoleId will be Member (1). $insertFolderRoleParams = array($_POST['newFolderId'], $listUsersRow['userId'], 1, DATETIME); $insertFolderRoleStmt->execute($insertFolderRoleParams); } } $debug->printArray($listUsers, '$listUsers'); updateFolderHist($_POST['newFolderId']); } $updateFolderPropertiesStmt = $Dbc->prepare($updateFolderPropertiesStmt); $updateFolderPropertiesStmt->execute($updateFolderPropertiesParams); $rowCount = $updateFolderPropertiesStmt->rowCount(); updateListHist($_POST['listId']); $Dbc->commit(); $returnThis['buildLists'] = buildLists(); if (MODE == 'listPropertiesStep2') { $success = true; $message .= 'Saved'; } } catch (Adrlist_CustomException $e) { } catch (PDOException $e) { error(__LINE__, '', '<pre>' . $e . '</pre>'); } if (MODE == 'listPropertiesStep2') { returnData(); } }