/**
* post a new location or an updated location
*
* This function populates the error context, where applicable.
*
* @param array an array of fields
* @return the id of the new location, or FALSE on error
*
* @see locations/edit.php
**/
public static function post(&$fields)
{
global $context;
// no geo_place_name
if (!$fields['geo_place_name']) {
Logger::error(i18n::s('Please add a geo_place_name for this location'));
return FALSE;
}
// no anchor reference
if (!$fields['anchor']) {
Logger::error(i18n::s('No anchor has been found.'));
return FALSE;
}
// set default values for this editor
Surfer::check_default_editor($fields);
// extract latitude and longitude
if (isset($fields['geo_position']) && $fields['geo_position']) {
list($latitude, $longitude) = preg_split('/[\\s,;]+/', $fields['geo_position']);
}
// update the existing record
if (isset($fields['id'])) {
// id cannot be empty
if (!isset($fields['id']) || !is_numeric($fields['id'])) {
Logger::error(i18n::s('No item has the provided id.'));
return FALSE;
}
// update the existing record
$query = "UPDATE " . SQL::table_name('locations') . " SET " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '0') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '0') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "'";
// maybe a silent update
if (!isset($fields['silent']) || $fields['silent'] != 'Y') {
$query .= ", " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
$query .= " WHERE id = " . SQL::escape($fields['id']);
// insert a new record
} else {
// always remember the date
$query = "INSERT INTO " . SQL::table_name('locations') . " SET " . "anchor='" . SQL::escape($fields['anchor']) . "', " . "geo_place_name='" . SQL::escape($fields['geo_place_name']) . "', " . "geo_position='" . SQL::escape(isset($fields['geo_position']) ? $fields['geo_position'] : '') . "', " . "longitude='" . SQL::escape(isset($longitude) ? $longitude : '') . "', " . "latitude='" . SQL::escape(isset($latitude) ? $latitude : '') . "', " . "geo_country='" . SQL::escape(isset($fields['geo_country']) ? $fields['geo_country'] : '') . "', " . "description='" . SQL::escape(isset($fields['description']) ? $fields['description'] : '') . "', " . "edit_name='" . SQL::escape($fields['edit_name']) . "', " . "edit_id=" . SQL::escape($fields['edit_id']) . ", " . "edit_address='" . SQL::escape($fields['edit_address']) . "', " . "edit_date='" . SQL::escape($fields['edit_date']) . "'";
}
// actual update query
if (SQL::query($query) === FALSE) {
return FALSE;
}
// remember the id of the new item
if (!isset($fields['id'])) {
$fields['id'] = SQL::get_last_id($context['connection']);
}
// clear the cache for locations
Locations::clear($fields);
// end of job
return $fields['id'];
}
// not found
if (!isset($item['id'])) {
include '../error.php';
// permission denied
} elseif (!$permitted) {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('You are not allowed to perform this operation.'));
// deletion is confirmed
} elseif (isset($_REQUEST['confirm']) && $_REQUEST['confirm'] == 'yes') {
// touch the related anchor before actual deletion, since the location has to be accessible at that time
if (is_object($anchor)) {
$anchor->touch('location:delete', $item['id']);
}
// if no error, back to the anchor or to the index page
if (Locations::delete($item['id'])) {
Locations::clear($item);
if (is_object($anchor)) {
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . $anchor->get_url());
} else {
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . 'users/');
}
}
// deletion has to be confirmed
} elseif (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] == 'POST') {
Safe::header('Status: 401 Unauthorized', TRUE, 401);
Logger::error(i18n::s('The action has not been confirmed.'));
// ask for confirmation
} else {
// commands
$menu = array();
$menu[] = Skin::build_submit_button(i18n::s('Yes, I want to delete this location'), NULL, NULL, 'confirmed');
$context['text'] .= Skin::build_block($follow_up, 'bottom');
// log the submission by a non-associate
if (!Surfer::is_associate() && is_object($anchor)) {
$label = sprintf(i18n::c('New location in %s'), strip_tags($anchor->get_title()));
$link = $context['url_to_home'] . $context['url_to_root'] . Locations::get_url($_REQUEST['id']);
$description = $_REQUEST['geo_place_name'] . "\n" . sprintf(i18n::c('at %s'), '<a href="' . $link . '">' . $link . '</a>');
Logger::notify('locations/edit.php: ' . $label, $description);
}
// update of an existing location
} else {
// increment the post counter of the surfer
Users::increment_posts(Surfer::get_id());
// touch the related anchor
$anchor->touch('location:update', $_REQUEST['id'], isset($_REQUEST['silent']) && $_REQUEST['silent'] == 'Y');
// clear cache
Locations::clear($_REQUEST);
// forward to the view page
Safe::redirect($context['url_to_home'] . $context['url_to_root'] . Locations::get_url($_REQUEST['id']));
}
// display the form on GET
} else {
$with_form = TRUE;
}
// display the form
if ($with_form) {
// reference the anchor page
if (is_object($anchor) && $anchor->is_viewable()) {
$context['text'] .= '<p>' . sprintf(i18n::s('On page %s'), Skin::build_link($anchor->get_url(), $anchor->get_title())) . "</p>\n";
}
// the form to edit an location
$context['text'] .= '<form method="post" action="' . $context['script_url'] . '" onsubmit="return validateDocumentPost(this)" id="main_form" name="main_form"><div>';