function write_log_entry($affected_item_id, $log_type, $event_desc)
{
if (isset($_SESSION['valid_user'])) {
$username = $_SESSION['valid_user'];
}
$ip = $_SERVER['REMOTE_ADDR'];
$query = "INSERT INTO eventlog (log_type, itemid, time, event_type, username, ip) VALUES ";
$query .= "(" . $log_type . ",'" . $affected_item_id . "', NOW(), '" . $event_desc . "','" . $username . "', '" . $ip . "');";
//echo $query;
$result = DB_insert($query);
if ($result) {
return TRUE;
} else {
return FALSE;
}
}
function module_polladmin()
{
// adminpage, stop here if not logged in/right access-level
if (!isValidAdmin()) {
echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
return;
}
echo '<a href="http://localhost/avisCMS/index.php?m_c=module_polladmin&page_title=Polladmin">Tilbake til oversikt</a>';
$pollaction = $_REQUEST['pollaction'];
if ($pollaction == 'addpoll') {
if (strlen($_REQUEST['polltitle']) < 1) {
echo "Husk tittel.";
return;
}
echo '<div class="default_header">Avstemning opprettet.</div>';
$query = "INSERT INTO poll SET title='" . $_REQUEST['polltitle'] . "';";
$result = DB_insert($query);
if ($result) {
echo '<a href="index.php?m_c=module_polladmin&pollaction=editpoll&pollid=' . mysql_insert_id() . '">Rediger den nye pollen</a>';
} else {
echo "Feilmelding: " . mysql_error();
}
} else {
if ($pollaction == 'delpoll') {
$confirm = $_REQUEST['dc'];
$pollid = $_REQUEST['pollid'];
if ($confirm == "yes") {
$query = "DELETE FROM poll WHERE pollid = " . $pollid . ";";
$result = DB_update($query);
$num_results += DB_rows_affected($query);
$query = "DELETE FROM pollquestion WHERE pollid = " . $pollid . ";";
$result = DB_update($query);
$num_results += DB_rows_affected($query);
$query = "DELETE FROM vote WHERE pollid = " . $pollid . ";";
$result = DB_update($query);
$num_results += DB_rows_affected($query);
if ($num_results < 1) {
echo "<br/>Ingenting slettet - feilmelding: " . mysql_error();
} else {
echo "<br/>Avstemningen med tilhørende stemmer og det hele aldeles pulverisert.";
}
} else {
echo "<br/><br/>Sikker på at du vil slette avstemning med id " . $pollid . "? Dette medfører også sletting av alle tilknyttede spørsmål og avlagte stemmer!!<br/>";
echo '<a href="index.php?m_c=module_polladmin&pollaction=delpoll&dc=yes&pollid=' . $pollid . '">Ja!</a>';
}
} else {
if ($pollaction == 'editpoll') {
$pollaction2 = $_REQUEST['pollaction2'];
$pollid = $_REQUEST['pollid'];
$question = $_REQUEST['question'];
$description = $_REQUEST['description'];
if ($pollaction2 == "changetime") {
$query = "UPDATE poll SET description = '" . $description . "', time_opened='" . $_REQUEST['time_opened'] . "', time_closed='" . $_REQUEST['time_closed'] . "' WHERE pollid=" . $pollid . ";";
DB_update($query);
if (!result) {
echo 'mysql_error()';
}
}
if ($pollaction2 == "delquestion") {
$altid = $_REQUEST['altid'];
$query = "DELETE FROM pollquestion WHERE questionid=" . $altid . " AND pollid=" . $pollid . ";";
$result = DB_update($query);
//echo $query;
if (!$result) {
echo mysql_error();
}
}
if ($pollaction2 == 'addquestion') {
$querymax = "SELECT MAX(questionid) as maxid FROM pollquestion;";
$row = DB_search($querymax);
$newid = $row['maxid'] + 1;
$query = "INSERT INTO pollquestion SET pollid=" . $pollid . ", questionid='" . $newid . "', question='" . $question . "';";
//echo $query;
$result = DB_insert($query);
if (!result) {
echo mysql_error();
}
}
$pollid = $_REQUEST['pollid'];
$query = "SELECT * FROM poll WHERE pollid=" . $pollid . ";";
$row = DB_search($query);
$query_questions = "SELECT * FROM pollquestion WHERE pollid=" . $pollid . ";";
$result = DB_get_table($query_questions);
$pollid = $row['pollid'];
echo '<table class="default_table">';
echo '<tr><td colspan=2><div class="default_header">Rediger spørreundersøkelse</div></td></tr>';
echo "<tr><td>Tittel</td><td>" . $row['title'] . "</td></tr>";
form_start_post();
form_hidden("pollid", $pollid);
form_hidden("m_c", "module_polladmin");
form_hidden("pollaction", "editpoll");
form_hidden("pollaction2", "changetime");
echo "<tr><td>Beskrivelse (300 tegn)</td><td>" . $row['description'] . "</td><td>";
form_textarea("description", $row['description'], 10, 10);
echo "</td></tr>";
echo "<tr><td>Dato start</td><td>" . $row['time_opened'] . "</td><td>";
form_textfield("time_opened", $row['time_opened']);
echo "</td></tr>";
echo "<tr><td>Date slutt</td><td>" . $row['time_closed'] . "</td><td>";
form_textfield("time_closed", $row['time_closed']);
echo "</td></tr>";
echo "<tr><td colspan=2>Datoformat: 2005-01-31 23:10<br/>Utelat tidspunkt og det settes til 00:00.</td><td>";
form_submit("submit", "Lagre endringer");
form_end();
echo "</tr>";
while ($row = DB_next_row($result)) {
echo '<tr>';
echo '<td>' . $row['questionid'] . '</td>';
echo '<td>' . $row['question'] . '</td>';
echo '<td>';
form_start_post();
form_submit("submit", "Slett");
form_hidden("m_c", "module_polladmin");
form_hidden("pollaction2", "delquestion");
form_hidden("altid", $row['questionid']);
form_hidden("pollaction", "editpoll");
form_hidden("pollid", $pollid);
form_end();
echo '</td>';
echo '</tr>';
}
echo '</table><br/><br/>';
echo '<table class="default_table">';
echo '<tr><td colspan=2>Legg til et alternativ</td></tr>';
form_start_post();
echo '<tr><td>Alternativnavn</td><td>';
form_textfield("question", $_SESSION['question']);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("submit", "Legg til");
echo '</td></tr>';
form_hidden("pollaction", "editpoll");
form_hidden("pollaction2", "addquestion");
form_hidden("pollid", $pollid);
form_hidden("m_c", "module_polladmin");
form_end();
echo '</table>';
} else {
echo '<table class="default_table">';
echo '<tr><td colspan=4><div class="default_header">Polladmin</div></td></tr>';
echo "<tr><td colspan=4>Lag en ny</td></tr>";
form_start_post();
echo "<tr><td colspan=2>Tittel</td><td colspan=2>";
form_textfield("polltitle", $_SESSION['polltitle']);
echo '</td></tr>';
echo '<tr><td colspan=4>';
form_submit("submit", "Opprett(rediger den for å fullføre)");
echo '</td></tr>';
form_hidden("pollaction", "addpoll");
form_hidden("m_c", "module_polladmin");
form_end();
echo '<tr><td colspan=2></td></tr>';
echo '<tr><td colspan=4><div class="default_header">Eksisterende polls</div></td></tr>';
$query = "SELECT * FROM poll";
$result = DB_get_table($query);
echo '<tr><td>Tittel</td><td>Start</td><td>Slutt</td><td>Rediger</td></tr>';
while ($row = DB_next_row($result)) {
echo '<tr><td>' . $row['title'] . '</td><td>' . $row['time_opened'] . '</td>';
echo '<td>' . $row['time_closed'] . '</td>';
echo '<td><a href="index.php?m_c=module_polladmin&pollaction=editpoll&pollid=' . $row['pollid'] . '">Rediger</a>';
echo '<br/><a href="index.php?m_c=module_polladmin&pollaction=delpoll&pollid=' . $row['pollid'] . '">Slett</a></td>';
echo '</tr>';
}
echo '</table>';
}
}
}
}
function register($username, $email, $password, $firstname, $lastname, $webpage, $birthdate, $description)
{
$username = addslashes($username);
$email = addslashes($email);
$password = addslashes($password);
$firstname = addslashes($firstname);
$lastname = addslashes($lastname);
$webpage = addslashes($webpage);
$birthdate = addslashes($birthdate);
$description = addslashes($description);
// check if username is unique
$result = DB_search("select * from user where username='******'");
if (DB_rows_affected($result) > 0) {
echo 'Brukernavnet er opptatt. GÃÂ¥ tilbake og velg et annet.';
} else {
// if ok, put in db
$result = DB_insert("insert into user (username, password, email, firstname, lastname, webpage, birthdate, description, admin, may_post) VALUES\n\t ('{$username}', sha1('{$password}'), '{$email}', '{$firstname}', '{$lastname}', '{$webpage}', '{$birthdate}', '{$description}', 0,0)");
if (!$result) {
echo "Registrering mislyktes. Ta kontakt med en administrator.";
echo "Feilmelding: " . mysql_error();
return false;
}
return true;
}
}
function module_add_article()
{
global $flashformid;
echo "\n<!-- start add article -->";
$all_ok = true;
// Error checking
// create short variable names
$edit = $_REQUEST['editarticle'];
// Is this an edit operation?
// User has confirmed a previewed article, get values from session
if (isset($_REQUEST['previewconfirmed'])) {
$author = $_SESSION['author'];
$title = $_SESSION['title'];
$intro = $_SESSION['intro'];
$body = $_SESSION['body'];
$priority = $_SESSION['priority'];
$date_posted = $_SESSION['date_posted'];
$time_posted = $_SESSION['time_posted'];
$comment_to = $_SESSION['comment_to'];
$articleid = $_SESSION['articleid'];
$category = $_SESSION['category'];
$is_draft = $_SESSION['is_draft'];
} else {
$author = $_POST['author'];
$title = $_POST['title'];
$intro = $_POST['intro'];
$body = $_POST['body'];
$priority = $_POST['priority'];
$date_posted = $_POST['year'] . "-" . $_POST['month'] . "-" . $_POST['day'];
$time_posted = $_POST['hours'] . ":" . $_POST['minutes'];
$comment_to = $_POST['comment_to'];
$articleid = $_POST['articleid'];
$category = $_REQUEST['category'];
$category = 0;
$is_draft = $_POST['is_draft'];
$article_form_id = $_REQUEST['article_form_id'];
}
// Replace form-given time with real time if this is a comment
if ($comment_to > 0) {
$date_posted = date("Y") . "-" . date("m") . "-" . date("d");
$time_posted = date("H") . ":" . date("i");
} else {
}
// Can occur if someone posts after session is deleted. Return whatever
// contents is sent to us.
global $anyone_comments;
if (!$anyone_comments && !is_logged_in()) {
echo "Du må være innlogget for å kunne kommentere; dersom du ikke gjør noe på nettstedet i løpet av omtrent 25 minutter blir du logget ut. Teksten du forsøkte å poste følger under. " . "Merk den og bruk CTRL+C for å kopiere den og CTRL+V for å lime den inn i et tekstfelt når du har logget inn igjen.<br/><br/>";
echo $body;
return;
}
// Reject if this isn't a comment and user has no posting rights
if ($comment_to < 1 && !is_logged_in()) {
echo "Du har ikke tillatelse til å legge inn artikler.";
echo "Antakelig ser du dette fordi du ikke har gjort noe på nettstedet de siste 20 minuttene, slik at du har blitt automatisk utlogget. Teksten du forsøkte å poste følger under. Merk den og bruk CTRL+C for å lage en kopi og CTRL+V til å lime den inn i et tekstfelt når du har logget inn igjen.<br/>";
echo $body;
return;
}
/* If the unique form ID doesn't match with the current session counter, we do _nothing */
/* since this is most likely the result of the user tumbling back and forth.
* If the session has timed out (because the user has been writing too long, hopefully)
* we still accept the new post (i.e. NEW_SESSION is TRUE).
*/
/*
global $NEW_SESSION;
if($NEW_SESSION == TRUE)
echo "1";
else
echo "0";
*/
if (isset($article_form_id) && $flashformid != $article_form_id || $NEW_SESSION == TRUE) {
echo "Kommentar innsendt tidligere, eller du har logget ut. Du prøvde å poste dette: <br/>";
echo $body;
} else {
$preview = $_REQUEST['preview'];
$_SESSION['editarticle'] = "true";
save_form_article();
if (!($_SESSION['valid_user'] || $comment_to && article_exists($comment_to))) {
echo "Du må være en registrert bruker for å kunne legge inn artikler.";
} else {
if ($_SESSION['valid_user']) {
$author_username = $_SESSION['valid_user'];
} else {
$author_username = '';
}
if (!$author || !$body || !$date_posted || !$time_posted) {
$all_ok = false;
$error_msg .= "Forfatter, tidspunkt og tekst må fylles inn.";
}
if (!$comment_to && !$title) {
$all_ok = false;
$error_msg .= " Tittel må være med!";
}
if (!(is_valid_alphanum($author) && is_valid_alphanum($title))) {
$all_ok = false;
$error_msg .= "Systemutvikleren gnir sitt fjes i grusen og beklager på det dypeste at forfatterfelt og tittelfelt nå inneholder et eller annet spesialtegn som ikke er godkjent. Ta vennligst kontakt snarest slik at deres personlige programmeringskonsulent kan rette opp denne pinlige feilen.";
}
$title = addslashes(strip_tags($title));
$author = addslashes(strip_tags($author));
$date_posted = addslashes(strip_tags($date_posted));
$time_posted = addslashes(strip_tags($time_posted));
$body = addslashes(strip_tags($body, "<a> <img> <br> <i> <b> <div>"));
$category = addslashes(strip_tags($category));
if ($is_draft == "ON") {
$is_draft = 1;
$log_description .= "savedraft,";
} else {
$is_draft = 'NULL';
}
if (!$comment_to > 0) {
$comment_to = 'NULL';
} else {
$log_description .= "comment,";
}
// Inserting into DB
if ($edit) {
$log_description .= "editarticle,";
$query = "UPDATE articles SET title=\"{$title}\", author=\"{$author}\", intro=\"{$intro}\", body=\"{$body}\", date_posted=\"{$date_posted}\", time_posted=\"{$time_posted}\", comment_to={$comment_to}, priority=\"{$priority}\", picture_url=\"{$picture_url}\", category=\"{$category}\", is_draft={$is_draft} WHERE articleid=" . $articleid . ";";
} else {
$log_description .= "newarticle,";
$query = "INSERT INTO articles (title, author, author_username, body, date_posted, time_posted, comment_to, is_draft, view_count) VALUES(\"{$title}\", \"{$author}\", \"{$author_username}\", \"{$body}\", \"{$date_posted}\", \"{$time_posted}\", {$comment_to},{$is_draft},0);";
}
if ($all_ok == true) {
if (isset($preview)) {
echo "<div class=\"header2\">" . stripslashes($_REQUEST['title']) . "</div>";
echo "<div class=\"metatext\"><span class=\"author\">Av: " . $_REQUEST['author'];
if (isset($_SESSION['valid_user'])) {
echo " (" . $_SESSION['valid_user'] . ").</span>";
} else {
echo " (" . $unknown_author . ").</span>";
}
echo "<span class=\"time\">Lagt opp: " . date_nor_sql($date_posted) . ", " . $time_posted . "</span></div>";
echo "<div class=\"textbody\">" . stripslashes(nl2br($_REQUEST['body'])) . "</div>";
form_start_post();
form_submit("previewconfirmed", "Lagre artikkel");
if (isset($edit)) {
form_hidden("editarticle", "editarticle");
}
form_hidden("m_c", "module_add_article");
form_end();
form_start_post();
if (isset($edit)) {
form_hidden("edit", "edit");
}
form_hidden("articleid", $articleid);
form_submit("backtoedit", "Rediger artikkel");
form_hidden("m_c", "module_enter_article");
form_end();
echo "<br/><br/>";
do_cancel_article_form();
} else {
$result = DB_insert($query);
if ($result > 0) {
global $logtype;
global $eventdesc;
if ($edit) {
if ($comment_to > 0) {
write_log_entry($articleid, $logtype['comment'], $log_description);
} else {
write_log_entry($articleid, $logtype['article'], $log_description);
}
} else {
if ($comment_to > 0) {
write_log_entry(mysql_insert_id(), $logtype['comment'], $log_description);
} else {
write_log_entry(mysql_insert_id(), $logtype['article'], $log_description);
}
}
$_SESSION['flashformid'] = $flashformid + 1;
if ($comment_to != 'NULL') {
echo "Kommentar lagt til! Godt sagt, forhåpentligvis. Husk Vær Varsom-plakaten.<br/>";
form_start_get();
form_submit("submit", "Gå tilbake til artikkelen");
form_hidden("m_c", "m_va");
form_hidden("articleid", $comment_to);
form_end();
unset_form_article();
} else {
if ($edit) {
echo "Redigering fullført. Håper det ble bedre.";
if ($is_draft != 'NULL') {
echo " Denne artikkelen er lagret og er tilgjengelig fra din profilside. " . "Den blir ikke lagt ut på forsiden eller gjort tilgjengelig gjennom artikkelsøk.";
}
unset_form_article();
} else {
echo "Ny artikkel lagt inn! Husk: Sist gang noen sjekket, var det bare 1 av 10 lesere som gadd å kommentere. ;)";
if ($is_draft != 'NULL') {
echo "Denne artikkelen er lagret og er tilgjengelig fra din profilside. " . "Den blir ikke lagt ut på forsiden eller gjort tilgjengelig gjennom artikkelsøk.";
}
unset_form_article();
}
}
} else {
echo $query;
echo "Artikkel ikke lagt opp, databaseproblem.";
}
}
} else {
echo $error_msg;
}
}
}
}
function module_admininput()
{
// adminpage, stop here if not logged in/right access-level
if (!isValidAdmin()) {
echo getString("not_valid_admin", "Administratorside, du må logge inn for å få tilgang her");
return;
}
$inputaction = $_REQUEST['inputaction'];
if ($inputaction == "addarticle") {
save_form_article();
$title = $_REQUEST['title'];
$author = $_REQUEST['author'];
$author_username = $_REQUEST['author_username'];
$date_posted = $_REQUEST['year'] . "-" . $_REQUEST['month'] . "-" . $_REQUEST['day'];
$time_posted = $_REQUEST['hours'] . ":" . $_REQUEST['minutes'];
$comment_to = $_REQUEST['comment_to'];
$is_draft = $_REQUEST['is_draft'];
$body = $_REQUEST['body'];
if ($is_draft == "ON") {
$is_draft = 1;
$log_description .= "savedraft,";
} else {
$is_draft = 'NULL';
}
if (strlen($comment_to) < 1) {
$comment_to = "NULL";
$log_description .= "savenewarticle,";
} else {
$log_description .= "savenewcomment,";
}
$query = "INSERT INTO articles (title, author, author_username, body, date_posted, time_posted, comment_to, is_draft, view_count) VALUES(\"{$title}\", \"{$author}\", \"{$author_username}\", \"{$body}\", \"{$date_posted}\", \"{$time_posted}\", {$comment_to},{$is_draft},0);";
echo $query;
$result = DB_insert($query);
global $logtype;
if ($result) {
echo "Artikkel lagt inn med id: " . mysql_insert_id();
unset_form_article();
if ($comment_to != "NULL") {
$log_description .= "commentadded!,";
write_log_entry(mysql_insert_id(), $logtype['comment'], $log_description);
} else {
$log_description .= "articleadded!,";
write_log_entry(mysql_insert_id(), $logtype['article'], $log_description);
}
} else {
echo "Oops: " . mysql_error();
}
} else {
form_start_post();
echo '<table class="default_table">';
echo '<tr><td>Forfatter</td><td>';
form_textfield("author", stripslashes($_SESSION['author']));
echo '</td></tr>';
echo '<tr><td>Forfatter_brukernavn</td><td>';
form_textfield("author_username", stripslashes($_SESSION['author']));
echo '</td></tr>';
echo '<tr><td>Tittel</td><td class="form_article_title">';
form_textfield("title", stripslashes(fix_quotes($_SESSION['title'])));
echo '</td></tr>';
echo '<tr><td>Dato</td><td>';
form_datewidget($_SESSION['date_posted']);
echo '</td></tr>';
echo '<tr><td>Tidspunkt</td><td>';
form_timewidget($_SESSION['time_posted']);
echo '</td></tr>';
echo '<tr><td>Kommentar til</td><td>';
form_textfield("comment_to", $_SESSION['comment_to']);
echo '</td></tr>';
if ($_SESSION['is_draft'] == "ON") {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "1");
echo '</td></tr>';
} else {
echo '<tr><td>Bare lagre, <br/>ikke publiser</td><td>';
form_checkbox("is_draft", "ON", "0");
echo '</td></tr>';
}
echo '<tr><td colspan=2 class="form_article_text">';
form_textarea("body", stripslashes($_SESSION['body']), 30, 10);
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("Button", "Lagre artikkelen");
echo '</td></tr>';
echo '<tr><td colspan=2>';
form_submit("preview", "Forhåndsvis artikkel");
echo '</td></tr>';
form_hidden("m_c", "module_admininput");
form_hidden("inputaction", "addarticle");
form_hidden("articleid", $_SESSION['articleid']);
if (isset($edit)) {
form_hidden("editarticle", "editarticle");
}
echo '</table>';
form_end();
}
}
function DB_update($query)
{
return DB_insert($query);
}
function module_edit_profile()
{
echo "<!-- start edit profile -->";
global $href_edit_profile;
global $max_profile_image_size;
if (isset($_REQUEST['savechanges'])) {
$savechanges = $_REQUEST['savechanges'];
}
$edituser = $_SESSION['valid_user'];
if (isset($_REQUEST['canceledit'])) {
$canceledit = $_REQUEST['canceledit'];
}
if (!isset($edituser) || isset($canceledit)) {
if (isset($canceledit)) {
form_unset_user();
echo "Redigering avbrutt.";
} else {
echo "Du må ha logget deg inn for å ha tilgang til denne siden.";
}
} else {
styleConfig();
if (isset($savechanges)) {
$all_ok = true;
$email = $_POST['email'];
$password1 = $_POST['password1'];
$password2 = $_POST['password2'];
$description = $_REQUEST['description'];
$webpage = $_REQUEST['webpage'];
$picture_url = $_REQUEST['picture_url'];
$password1 = strip_tags($password1);
$password2 = strip_tags($password2);
$firstname = strip_tags($firstname);
$lastname = strip_tags($lastname);
$webpage = strip_tags($webpage);
$description = strip_tags($description);
$birthdate = strip_tags($birthdate);
$picture = strip_tags($_REQUEST['picture']);
$admin = $_REQUEST['admin'];
$may_post = $_REQUEST['may_post'];
// Assemble SQL birthdate
$birthdate = $_REQUEST['birthyear'] . "-" . $_REQUEST['birthmonth'] . "-" . $_REQUEST['birthday'];
$birthdate = strip_tags($birthdate);
$_SESSION['existing_edit'] = "true";
save_form_user();
if (strlen($password1) > 0) {
// Do password relevant checks
if (!($password1 == $password2)) {
$all_ok = false;
$error_msg .= " Passordene stemmer ikke.";
}
if (strlen($password1) < 6 || strlen($password1) > 16) {
$all_ok = false;
$error_msg .= " Passoerdet må være mellom 6 og 16 tegn.";
}
}
if (!isset($email) || !valid_email($email)) {
$all_ok = false;
$error_msg .= " Ugyldig e-postadresse.";
}
// Check what to do with the admin flag
if ($admin == 1) {
$admin = 1;
} else {
$admin = 0;
}
// Saveuser() checks whether a password is given or not :p
if (strlen($_FILES['picturepath']['tmp_name']) == 0) {
$info .= " Ingen endringer gjort med profilbilde.";
// Fair enough, no image set OR IT DOESNT EXIST. OOPS.
} else {
if ($max_profile_image_size < $_FILES['picturepath']['size']) {
$all_ok = false;
$error_msg .= " Maksimal bildestørrelse er ." . $max_profile_image_size / 1000 . " kilobytes. Ditt bilde er " . $_FILES['picturepath']['size'] / 1000 . " kilobytes.";
} else {
$picture_result = file_upload($_SESSION['valid_user']);
if ($all_ok == true && $picture_result < 0) {
if ($picture_result == -1) {
$all_ok = false;
$error_msg .= " Bildet er for stort.";
} else {
if ($picture_result == -4) {
$all_ok = false;
$error_msg .= " Lagring av bilde i databasen gikk galt.";
} else {
if ($picture_result == -3) {
$all_ok = false;
$error_msg .= " Fant ikke bildefilen.";
} else {
$all_ok = false;
$error_msg .= " Uspesifisert feil i bildeopplasting.";
}
}
}
} else {
$username = $_SESSION['valid_user'];
$sql = "UPDATE user SET picture=" . $picture_result . " WHERE username='******'";
$result = DB_insert($sql);
if (!$result || DB_rows_affected($result) == 0) {
$log_description .= "imgnotattached,";
$all_ok = false;
$error_msg .= " Bilde lastet opp, men ikke knyttet til bruker. ";
} else {
$log_description .= "goodimgupload,";
}
}
}
}
if ($all_ok) {
$result = saveuser(addslashes($_REQUEST['username']), addslashes($_REQUEST['password1']), addslashes($_REQUEST['email']), $_REQUEST['firstname'], addslashes($_REQUEST['lastname']), addslashes($_REQUEST['webpage']), addslashes($birthdate), addslashes($_POST['description']), $admin, $may_post);
if ($result) {
$log_description .= "goodedit,";
form_unset_user();
echo "<h3>Profil oppdatert</h3>";
echo "Endringene er lagret." . $info;
}
} else {
$log_description .= "badedit,";
echo $error_msg;
}
global $logtype;
write_log_entry($_POST['username'], $logtype['user'], $log_description);
} else {
if (isset($_REQUEST['existing_edit'])) {
$existing_edit = $_SESSION['existing_edit'];
}
if (isset($existing_edit)) {
form_edit_profile($_SESSION);
} else {
$edituser = $_SESSION['valid_user'];
$query = "SELECT * FROM user WHERE username=\"" . $edituser . "\";";
$row = searchDB($query);
form_edit_profile($row);
}
module_my_drafts();
}
}
}
if($pom[1]=="")
{
$pom2 = explode(".", $soubor_name);
$nazev .= ".".$pom2[count($pom2)-1];
}
$novy = c_files."files_kalendar/$nazev";
if(file_exists($novy)) $chyba .= "<li>soubor se stejným názvem jste u¾ v minulosti ulo¾il(a)</li>";
else
{
Copy($soubor, $novy);
$velikost = $soubor_size;
$platnost_do = Datum_datab($platnost_do);
$SQL = "insert into soubory (login_uc, nazev, popis, velikost, trida,
predmet, datum, typ)
values ('$login', '$nazev', '$popis', '$velikost', '$trida', '$predmet', Now(), 'akce')";
DB_insert($SQL, $id_soub);
}
$SQL = "update kalendar set id_soub='$id_soub' where id = '$id_akce'";
DB_exec($SQL);
}
}
}
}
}
else if($odstranit_soubor<>"")
{
$SQL = "select s.nazev, k.id_soub from kalendar k, soubory s where s.id = k.id_soub and k.id = '$id_akce'";
if(DB_select($SQL, $vystup, $pocet))
{
if($zaznam=mysql_fetch_array($vystup))
{
