function edit() { if (isset($_SESSION['User']['id']) && $_SESSION['User']['role'] == 1) { if (empty($this->data)) { $text = $this->Page->query('SELECT text FROM pages WHERE id = 1'); $time = $this->Page->query('SELECT text FROM pages WHERE id = 2'); $this->data['Pages']['text'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($text[0]['pages']['text'])); $this->set('selected', date('Y-m-d H:i:s', $time[0]['pages']['text'])); } else { // Paranoid? Nah... if ($_SESSION['User']['role'] == 1) { $clean = new Sanitize(); $clean->cleanArray($this->data); $date = mktime($this->data['Pages']['date_hour'], $this->data['Pages']['date_min'], 0, $this->data['Pages']['date_month'], $this->data['Pages']['date_day'], $this->data['Pages']['date_year']); $this->Page->execute('UPDATE pages SET text = "' . $this->data['Pages']['text'] . '" WHERE pages.id = 1'); $this->Page->execute('UPDATE pages SET text = "' . $date . '" WHERE pages.id = 2'); $this->redirect('/'); } } } else { die; } }
function edit() { if (!isset($_SESSION['User'])) { $this->redirect('/users/login'); } $this->set('error', false); $this->pageTitle = 'Edit My Account'; if (empty($this->data)) { $this->User->id = $_SESSION['User']['id']; $this->data = $this->User->read(); $this->data['User']['password'] = ""; $this->set('utz', $this->data['User']['tz']); $this->data['User']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['name'])); $this->data['User']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['website'])); $this->data['User']['location'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['location'])); if (GMAP_API_KEY != null) { if ($this->data['User']['lat']) { $this->set('map', 'mapInit(' . $this->data['User']['lat'] . ',' . $this->data['User']['long'] . ',' . $this->data['User']['zoom'] . ')'); } else { $this->set('map', 'mapInit()'); } } } else { $user = $this->User->findById($_SESSION['User']['id']); $this->User->id = $user['User']['id']; $this->set('utz', $user['User']['tz']); $clean = new Sanitize(); $temp = array('password' => $this->data['User']['password'], 'confpassword' => $this->data['User']['confpassword'], 'lat' => $clean->sql($this->data['User']['lat']), 'long' => $clean->sql($this->data['User']['long']), 'tz' => $clean->sql($this->data['User']['tz'])); //Nuke everything else $clean->cleanArray($this->data); $this->data['User']['email'] = $user['User']['email']; $this->data['User']['password'] = $temp['password']; $this->data['User']['confpassword'] = $temp['confpassword']; $this->data['User']['lat'] = floatval($temp['lat']); $this->data['User']['long'] = floatval($temp['long']); $this->data['User']['tz'] = intval($temp['tz']); $this->data['User']['role'] = $user['User']['role']; if (!preg_match("/^(http|https)\\:\\/\\//i", $this->data['User']['website']) && !empty($this->data['User']['website'])) { $this->User->invalidate('website'); } if ($this->data['User']['password'] === $this->data['User']['confpassword'] && !empty($this->data['User']['password'])) { $pass = $this->Hash->password($this->data['User']['password'], $user['User']['email']); $this->data['User']['password'] = $pass['pass']; $this->data['User']['salt'] = $pass['salt']; } else { if (empty($this->data['User']['password']) && empty($this->data['User']['confpassword'])) { $this->data['User']['password'] = $user['User']['password']; $this->data['User']['salt'] = $user['User']['salt']; } else { $this->set('error', true); $this->User->invalidate('password'); $this->User->invalidate('confpassword'); } } if ($this->User->validates($this->data)) { if ($this->User->save($this->data)) { $sess = $this->User->findById($user['User']['id']); $this->redirect('/users/'); } } else { $this->validateErrors($this->User); $this->data['User']['password'] = null; $this->data['User']['confpassword'] = null; $this->render(); } } }
<?php ob_start(); /** * @author Evin Weissenberg 2013 */ mysql_connect('localhost', 'econline_mv', 'KeHG9.C9,n0b') or die(mysql_error()); mysql_select_db('econline_mv') or die(mysql_error()); include 'lib/Query.php'; include 'lib/Satitize.php'; $s = new Sanitize(); $data = $s->cleanArray($_REQUEST); $q = new Query(); $go = $q->setQuery("UPDATE mv_users SET user_type='" . $data['type'] . "' WHERE ID=" . $data['ID'])->run(); header('Location: /user/admin/');
function edit($id) { $this->Party->id = $id; $party = $this->Party->read(); $this->set('party', $party); $this->pageTitle = 'Edit Party'; $this->set('current', 'create'); if (empty($_SESSION['User']['id'])) { $this->redirect('/users/login/'); } if ($party['Party']['owner'] != $_SESSION['User']['id']) { $this->redirect('/parties/view/' . $id); } else { if (empty($this->data)) { $this->data = $party; $date = array('hour' => intval(date('h', $party['Party']['date'])), 'min' => intval(date('i', $party['Party']['date'])), 'mon' => intval(date('m', $party['Party']['date'])), 'day' => intval(date('d', $party['Party']['date'])), 'year' => intval(date('Y', $party['Party']['date'])), 'tz' => $party['Party']['tz']); $this->set('date', $date); $this->data['Party']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['name'])); $this->data['Party']['vname'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['vname'])); $this->data['Party']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['website'])); $this->data['Party']['address'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['address'])); $this->data['Party']['notes'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['notes'])); $this->data['Party']['flickrusr'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['flickrusr'])); if (GMAP_API_KEY != null) { if ($this->data['Party']['lat']) { $this->set('map', 'mapInit(' . $this->data['Party']['lat'] . ',' . $this->data['Party']['long'] . ',' . $this->data['Party']['zoom'] . ')'); } else { $this->set('map', 'mapInit()'); } } } else { $clean = new Sanitize(); $temp = array('lat' => $clean->sql($this->data['Party']['lat']), 'long' => $clean->sql($this->data['Party']['long']), 'tz' => $clean->sql($this->data['Party']['tz'])); $clean->cleanArray($this->data); $this->data['Party']['lat'] = floatval($temp['lat']); $this->data['Party']['long'] = floatval($temp['long']); $this->data['Party']['tz'] = intval($temp['tz']); $secoffset = $this->data['Party']['tz'] * 60 * 60; $offsetdate = gmmktime($this->data['Party']['hour_hour'], $this->data['Party']['minute_min'], 0, $this->data['Party']['month_hour'], $this->data['Party']['day_day'], $this->data['Party']['year_year']); $this->data['Party']['date'] = $offsetdate - $secoffset; $this->data['Party']['owner'] = $party['Party']['owner']; $this->data['Party']['duration'] = intval($this->data['Party']['duration']); $date = array('hour' => intval(date('h', $party['Party']['date'])), 'min' => intval(date('i', $party['Party']['date'])), 'mon' => intval(date('m', $party['Party']['date'])), 'day' => intval(date('d', $party['Party']['date'])), 'year' => intval(date('Y', $party['Party']['date'])), 'tz' => $party['Party']['tz']); $this->set('date', $date); if (!preg_match("/^(http|https)\\:\\/\\//i", $this->data['Party']['website']) && !empty($this->data['Party']['website'])) { $this->Party->invalidate('website'); } if ($this->data['Party']['flickrusr'] != $party['Party']['flickrusr']) { $params = array('type' => 'flickr', 'username' => $this->data['Party']['flickrusr']); $flick = new webServices($params); $this->data['Party']['flickrid'] = $flick->getFlickrId(); } if ($this->Party->validates($this->data)) { if ($this->Party->save($this->data)) { $this->Session->setFlash('Party edited successfully.', 'infoFlash'); $this->redirect('parties/view/' . $id); } } } } }
function edit($type, $id) { if (empty($this->data)) { switch ($type) { case 'user': $this->User->id = $id; $user = $this->User->read(); $this->set('user', $user); $this->data = $user; break; case 'party': $this->Party->id = $id; $party = $this->Party->read(); $this->set('party', $party); $this->data = $party; $this->data['Party']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['name'])); $this->data['Party']['vname'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['vname'])); $this->data['Party']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['website'])); $this->data['Party']['address'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['address'])); $this->data['Party']['notes'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['notes'])); $this->data['Party']['flickrusr'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['flickrusr'])); break; case 'comment': $this->Comment->id = $id; $comment = $this->Comment->read(); $this->set('comment', $comment); $uid = $this->User->findById($comment['Comment']['owner']); $this->set('owner', $uid['User']['name']); $this->data = $comment; break; } } else { switch ($type) { case 'user': $this->User->id = $id; $this->User->save($this->data); break; case 'party': $this->Party->id = $id; $clean = new Sanitize(); $clean->cleanArray($this->data); $this->Party->save($this->data); break; case 'comment': $this->Comment->id = $id; $this->Comment->save($this->data); break; } if ($type != 'party') { $this->redirect('/admin/' . $type . 's'); } else { $this->redirect('/admin/'); } } }