public function executeInner()
{
// instantiate db
$dbManager = new DBManager();
// make comments safe and nicely formatted
// TODO: strip tags with exceptions (see examples at http://us2.php.net/manual/en/function.strip-tags.php)
// allowable tags <b><strong><u><i><a><em> possibly allowable <ul><ol><li>
// TODO: convert "safe" tags to safe implementations, ex <strong style="foo"></strong> becomes <strong></strong>
// TODO: sanitize anchor tags, ex <a href="javascript://"> is killed and <a href="foo"> becomes <a href="foo" target="_blank">
// escape strings for insert
$name = $dbManager->escapeString($this->name);
$contents = $dbManager->escapeString($this->contents);
// do query
$result = mysql_query("INSERT INTO blogcomments SET blogid=" . $this->blogId . ",name='{$name}', message='{$contents}'");
// check if successful
if ($result) {
$this->addNotice("Successfully posted a blog entry from \"" . $this->name . "\".");
// TODO: determine why trend micro firewall causing this to hang and why email not sending even when not hanging
//$this->notifyAdmins();
} else {
$this->addError("An error occured attempting to add a blog post. " . $dbManager->getLastError());
}
// return success regardless since returned to the same place and error displayed
return GlobalConstants::SUCCESS;
}
protected function executeInner()
{
// update user in database
$userid = $this->getUser()->getUserid();
// instantiate db
$dbManager = new DBManager();
// escape strings for insert
$email = $dbManager->escapeString($this->email);
$result = null;
if (!Str::nullOrEmpty($this->password)) {
// they put something in for password, update it
$password = md5($this->password);
$result = mysql_query("UPDATE users SET email='{$email}', password='******' WHERE userid = {$userid}");
} else {
// just update email
$result = mysql_query("UPDATE users SET email='{$email}' WHERE userid = {$userid}");
}
// check if successful
if (!$result) {
$this->addError("An error occured attempting update user info. " . $dbManager->getLastError());
return GlobalConstants::USER_INPUT;
}
$this->addNotice("Successfully updated user info for \"" . $this->email . "\".");
// get new user object
$result = mysql_query("SELECT * FROM users WHERE userid = {$userid}");
$user = mysql_fetch_object($result, 'User');
// update user object in session
$_SESSION[ValidateCredentials::USER_KEY] = $user;
// return success regardless since returned to the same place and error displayed
return GlobalConstants::SUCCESS;
}
protected function executeInner()
{
// instantiate db
$dbManager = new DBManager();
// do query
$result = mysql_query("DELETE FROM blogcomments WHERE commentid = " . $this->commentId);
// check if successful
if ($result) {
$this->addNotice("blog.notice.commentDeleted", array("id" => $this->commentId));
} else {
$this->addError("blog.error.failedCommentDeletion", array("id" => $this->commentId, "error" => $dbManager->getLastError()));
}
// return success regardless since returned to the same place and error displayed
return GlobalConstants::SUCCESS;
}
public function executeInner()
{
// instantiate db
$dbManager = new DBManager();
// escape strings for insert
$title = $dbManager->escapeString($this->postTitle);
$contents = $dbManager->escapeString($this->contents);
// do query
$result = mysql_query("UPDATE blog SET title='{$title}', message='{$contents}' WHERE blogid = " . $this->blogId);
// check if successful
if ($result) {
$this->addNotice("blog.notice.blogUpdated", array('id' => $this->blogId));
} else {
$this->addError("blog.error.failedBlogUpdate", array("error" => $dbManager->getLastError()));
}
// return success regardless since returned to the same place and error displayed
return GlobalConstants::SUCCESS;
}
