function doEdit() { try { $duan_id = mysql_real_escape_string($_POST['duan_id']); if ($duan_id == null) { die('ERROR_SYSTEM'); } $myprojects = array(); if (isset($_SESSION['myprojects'])) { $myprojects = $_SESSION['myprojects']; } if (in_array($duan_id, $myprojects) == false) { $this->checkLogin(true); $this->checkActive(true); $this->checkLock(true); die('ERROR_SYSTEM'); } $tenduan = $_POST['duan_tenduan']; $alias = $_POST['duan_alias']; $linhvuc_id = $_POST['duan_linhvuc_id']; $tinh_id = $_POST['duan_tinh_id']; $ngayketthuc = $_POST['duan_ngayketthuc']; $costmin = $_POST['duan_costmin']; $costmax = $_POST['duan_costmax']; $thongtinchitiet = $_POST['duan_thongtinchitiet']; $duan_email = $_POST['duan_email']; $duan_sodienthoai = $_POST['duan_sodienthoai']; $isbid = $_POST['duan_isbid']; //Validate if (isset($_POST['duan_skills'])) { if (isset($_POST['duan_skills'][MAX_SKILL])) { die('ERROR_MAXSKILL'); } } $validate = new Validate(); if ($validate->check_null(array($duan_id, $tenduan, $alias, $linhvuc_id, $tinh_id, $ngayketthuc, $costmin, $costmax, $thongtinchitiet, $isbid, $duan_email, $duan_sodienthoai)) == false) { die('ERROR_SYSTEM'); } if ($validate->check_length($tenduan, 101)) { die('ERROR_SYSTEM'); } if ($validate->check_date($ngayketthuc) == false) { die('ERROR_SYSTEM'); } $ngayketthuc = SQLDate($ngayketthuc); //End validate $this->duan->id = $duan_id; $data = $this->duan->search('id,ngaypost,ngayketthuc,data_id'); if (empty($data)) { die('ERROR_SYSTEM'); } $ngaypost = $data['duan']['ngaypost']; $data_id = $data['duan']['data_id']; $file_id = null; //Get upload attach file_id global $cache; $ma = time(); if ($_FILES['duan_filedinhkem']['name'] != NULL) { $str = $_FILES['duan_filedinhkem']['tmp_name']; $size = $_FILES['duan_filedinhkem']['size']; if ($size == 0) { echo 'ERROR_FILESIZE'; } else { $dir = ROOT . DS . 'public' . DS . 'upload' . DS . 'files' . DS; $filename = preg_replace("/[&' +-]/", "_", $_FILES['duan_filedinhkem']['name']); move_uploaded_file($_FILES['duan_filedinhkem']['tmp_name'], $dir . $filename); //die($filename); $sFileType = ''; $i = strlen($filename) - 1; while ($i >= 0) { if ($filename[$i] == '.') { break; } $sFileType = $filename[$i] . $sFileType; $i--; } $str = $dir . $filename; $fname = $ma . '_' . $filename; $arrType = $cache->get('fileTypes'); if (!in_array(strtolower($sFileType), $arrType)) { unlink($str); die('ERROR_WRONGFORMAT'); } else { $str2 = $dir . $fname; rename($str, $str2); $this->setModel('file'); $this->file->id = null; $this->file->filename = $filename; $this->file->fileurl = BASE_PATH . '/upload/files/' . $fname; $this->file->status = 1; $file_id = $this->file->insert(true); } } } //End $this->setModel('data'); $sIndex = "{$tenduan} " . strip_tags($thongtinchitiet); $sIndex = strtolower(remove_accents($sIndex)); $this->data->id = $data_id; $this->data->data = $sIndex; $this->data->update(); $this->setModel('duan'); $this->duan->id = $duan_id; $this->duan->tenduan = $tenduan; $this->duan->alias = $alias; $this->duan->linhvuc_id = $linhvuc_id; $this->duan->tinh_id = $tinh_id; $this->duan->costmin = $costmin; $this->duan->costmax = $costmax; $this->duan->isbid = $isbid; if ($file_id != 0) { $this->duan->file_id = $file_id; } $this->duan->thongtinchitiet = $thongtinchitiet; $currentDate = GetDateSQL(); $this->duan->timeupdate = $currentDate; $this->duan->ngayketthuc = $ngayketthuc; $this->duan->duan_email = $duan_email; $this->duan->duan_sodienthoai = $duan_sodienthoai; if ($data['duan']['ngayketthuc'] > $currentDate) { $this->duan->nhathau_id = ''; } $this->duan->update(); $this->setModel('duanskill'); $this->duanskill->custom("delete from duanskills where duan_id = {$duan_id}"); if (isset($_POST['duan_skills'])) { $lstSkill = $_POST['duan_skills']; foreach ($lstSkill as $skill_id) { $this->duanskill->id = null; $this->duanskill->duan_id = $duan_id; $this->duanskill->skill_id = $skill_id; $this->duanskill->insert(); } } echo 'DONE'; } catch (Exception $e) { echo 'ERROR_SYSTEM'; } }
function saveRaovat() { $this->checkAdmin(true); try { $id = $_POST['raovat_id']; $tieude = $_POST['raovat_tieude']; $alias = $_POST['raovat_alias']; $email = $_POST['raovat_email']; $sodienthoai = $_POST['raovat_sodienthoai']; $noidung = $_POST['raovat_noidung']; $isvip = $_POST['raovat_isvip']; $expirevip = $_POST['raovat_expirevip']; $expiredate = $_POST['raovat_expiredate']; if ($isvip == 1) { $expirevip = SQLDate($expirevip); } $expiredate = SQLDate($expiredate); if ($id == null) { //insert die('ERROR_SYSTEM'); } else { //update $this->raovat->id = $id; $this->raovat->tieude = $tieude; $this->raovat->alias = $alias; $this->raovat->raovat_email = $email; $this->raovat->raovat_sodienthoai = $sodienthoai; $this->raovat->noidung = $noidung; $this->raovat->isvip = $isvip; if ($isvip == 1) { $this->raovat->expirevip = $expirevip; } $this->raovat->expiredate = $expiredate; } $this->raovat->save(); echo 'DONE'; } catch (Exception $e) { echo 'ERROR_SYSTEM'; } }