$isbn = substr($isbn, 0, 3) . "-" . substr($isbn, 3, 1) . "-" . substr($isbn, 4, 3) . "-" . substr($isbn, 7, 5) . "-" . substr($isbn, 12);
}
}
}
//sanitize user generated vars
$title = strip_tags(htmlspecialchars($title));
$price = $price != 0 ? "\$" . round($price, 2) : "";
$details = str_replace("\n", "<br>", strip_tags(htmlspecialchars($details)));
$location = strip_tags(htmlspecialchars($location));
$uName = strip_tags(htmlspecialchars($uName));
$author = strip_tags(htmlspecialchars($author));
}
//update view count
if ($loggedIn && $_SESSION['username'] != $uName || !$loggedIn) {
if (!isset($_COOKIE[$identifier])) {
if ($stmt = $cs->getListingConnection()->prepare("UPDATE `" . $schoolTextId . "` SET `views` = `views` + 1 WHERE `id` = ? LIMIT 1")) {
//prepare query
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->close();
$views++;
$expire = time() + 60 * 60 * 24;
# 1 Day
$path = "/";
setCookie($identifier, "true", $expire, $path);
}
}
} else {
$myPost = true;
}
//get poster details
<?php
require_once "framework2/CredentialStore.php";
$cs = new CredentialStore();
$loggedIn = $cs->getLoginStatus();
//get page args
$args = array_keys($_GET);
$args = split(":", $args[0]);
$identifier = $args[1];
$schoolTextId = $args[0];
if ($cs->getSchoolName($schoolTextId) == null || !$loggedIn) {
return;
}
if ($identifier != null) {
if ($editSTMT = $cs->getListingConnection()->prepare("SELECT id, title, details, price, tags FROM " . $schoolTextId . " WHERE identifier = ? LIMIT 1")) {
$editSTMT->bind_param("s", $identifier);
$editSTMT->execute();
// Execute the prepared query.
$editSTMT->store_result();
$editSTMT->bind_result($id, $title, $details, $price, $tags);
$editSTMT->fetch();
if ($editSTMT->num_rows < 1) {
header('Location: ./');
}
$title = htmlspecialchars($title);
$price = $price != 0 ? "\$" . round($price, 2) : "(no price)";
$details = htmlspecialchars($details);
}
}
?>
<!DOCTYPE html>
