<?php include 'base.php'; User::protect(); $section = 'venues'; include_class('venues'); include_class('band_members'); include_class('locations'); $ve = Venue::get($_GET['id']); if (!db::isError($ve)) { switch ($_GET['task']) { case 'update': $res = $ve->update($_POST); if (!db::isError($res)) { header('Location: venue_edit.php?id=' . $_GET['id']); } break; case 'deactivate': $res = $ve->deactivate(); if (!db::isError($res)) { header('Location: venue_edit.php?id=' . $_GET['id']); } break; case 'activate': $res = $ve->activate(); if (!db::isError($res)) { header('Location: venue_edit.php?id=' . $_GET['id']); } break; case 'delete': $res = $ve->remove();
function add($postArray) { $db = new db(); include_class('venues'); $e = new Error(); $name = $db->sanitize_to_db($postArray['name']); $dt = $db->sanitize_to_db($postArray['date']); $date = date("Y-m-d", strtotime($dt)); if ($postArray['time']) { $time = $db->sanitize_to_db($postArray['time']); $time = "'" . date("H:i:s", strtotime($time)) . "'"; } else { $time = "null"; } if ($postArray['cost'] != "") { $cost = $db->sanitize_to_db($postArray['cost']); $cost = "'{$cost}'"; } else { $cost = "null"; } $is_all_ages = $postArray['is_all_ages'] == '1' ? 1 : 0; $other_bands = $db->sanitize_to_db($postArray['other_bands']); $notes = $db->sanitize_to_db($postArray['notes']); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } if ($postArray['venue_id'] != '0') { $ve = Venue::get($postArray['venue_id']); } if (db::isError($ve)) { $e->add($ve); } if ($e->hasErrors()) { return $e; } $user_id = $uo->getID(); $venue_id = $db->sanitize_to_db($postArray['venue_id']); if (!$name) { $name = is_object($ve) && !db::isError($ve) ? $db->sanitize_to_db($ve->getName()) : "(untitled show)"; } $r = mysql_query("insert into Shows (name, venue_id, date, time, user_id, cost, is_all_ages, other_bands, notes, is_active) values ('{$name}', '{$venue_id}', '{$date}', {$time}, {$user_id}, {$cost}, {$is_all_ages}, '{$other_bands}', '{$notes}'," . DEFAULT_ACTIVE . ")"); if ($r) { return Show::get(mysql_insert_id()); } else { return Error::MySQL(); } }
function add($postArray) { $db = new db(); $uo = User::getCurrent(); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } $user_id = $uo->getID(); $name = $db->sanitize_to_db($postArray['name']); $address1 = $db->sanitize_to_db($postArray['address1']); $address2 = $db->sanitize_to_db($postArray['address2']); $city = $db->sanitize_to_db($postArray['city']); $stateProvince = $db->sanitize_to_db($postArray['stateProvince']); if ($stateProvince == "??") { $stateProvince = $db->sanitize_to_db($postArray['stateProvinceOther']); } $postalCode = $db->sanitize_to_db($postArray['postalCode']); $directions = $db->sanitize_to_db($postArray['directions']); $country = $db->sanitize_to_db($postArray['country']); $country = $country == null ? VENUE_DEFAULT_COUNTRY : $country; if (!$name) { $name = '(untitled venue)'; } $r = mysql_query("insert into Venues (user_id, country, name, address1, address2, city, stateProvince, postalCode, directions, is_active) values ('{$user_id}', '{$country}', '{$name}', '{$address1}', '{$address2}', '{$city}', '{$stateProvince}', '{$postalCode}', '{$directions}'," . DEFAULT_ACTIVE . ")"); if ($r) { return Venue::get(mysql_insert_id()); } else { return Error::MySQL(); } }