function AddData($conn) { global $x_jobid, $user; $sFilter = ewSqlKeyWhere; // Check for duplicate key $bCheckKey = true; if (@$x_jobid == "" || is_null(@$x_jobid)) { $bCheckKey = false; } else { $sFilter = str_replace("@jobid", AdjustSql($x_jobid), $sFilter); // Replace key value } if ($bCheckKey) { $sSqlChk = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, ""); $rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSqlChk); if (phpmkr_num_rows($rsChk) > 0) { $_SESSION[ewSessionMessage] = "Duplicate value for primary key"; phpmkr_free_result($rsChk); return false; } phpmkr_free_result($rsChk); } // Field onlineuser_onlineuserid $fieldList["`onlineuser_onlineuserid`"] = $user->onlineuserId; // Field job_status $fieldList["`job_status`"] = " 'active'"; // Field expiry $fieldList["`dt_expire`"] = "'" . expiryDate() . "'"; // Field position $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_position"]) : $GLOBALS["x_position"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`position`"] = $theValue; // Field overview $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_overview"]) : $GLOBALS["x_overview"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`overview`"] = $theValue; // Field salary $theValue = $GLOBALS["x_salary"] != "" ? intval($GLOBALS["x_salary"]) : "NULL"; $fieldList["`salary`"] = $theValue; // Field bonus $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_bonus"]) : $GLOBALS["x_bonus"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`bonus`"] = $theValue; // Field benifits $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_benifits"]) : $GLOBALS["x_benifits"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`benifits`"] = $theValue; // Field location $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_location"]) : $GLOBALS["x_location"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`location`"] = $theValue; // Field company $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_company"]) : $GLOBALS["x_company"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`company`"] = $theValue; // Field profile $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_profile"]) : $GLOBALS["x_profile"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`profile`"] = $theValue; // Field contact_email $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_contact_email"]) : $GLOBALS["x_contact_email"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`contact_email`"] = $theValue; // Field link $theValue = !get_magic_quotes_gpc() ? addslashes($GLOBALS["x_link"]) : $GLOBALS["x_link"]; $theValue = $theValue != "" ? " '" . $theValue . "'" : "NULL"; $fieldList["`link`"] = $theValue; // Inserting event if (Recordset_Inserting($fieldList)) { // Insert $sSql = "INSERT INTO `job` ("; $sSql .= implode(",", array_keys($fieldList)); $sSql .= ") VALUES ("; $sSql .= implode(",", array_values($fieldList)); $sSql .= ")"; phpmkr_query($sSql, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br>SQL: ' . $sSql); $result = phpmkr_affected_rows($conn) > 0; // Inserted event if ($result) { Recordset_Inserted($fieldList); } } else { $result = false; } return $result; }
$id = intval($_POST["id"]); } if ($id > 0) { $isNew = 0; $supplier = $supplier->Get($id); //check to see user has access to modify this object $user->canAccess($supplier); } else { //new object $isNew = 1; $supplier->onlineuser_onlineuserid = $user->onlineuserId; //default link $supplier->link = "http://"; //free for now $supplier->supplier_status = 'active'; $supplier->dt_expire = expiryDate(); } //check if form is being submitted if ((bool) $_POST["submitting"]) { $isNew = $_POST["isNew"]; $supplier->logo = $_POST["currentFilename"]; $supplier->name = $_POST["name"]; $supplier->description = $_POST["description"]; $supplier->link = $_POST["link"]; $supplier->tel = $_POST["tel"]; $supplier->supplier_category_id = (int) $_POST["category"]; $tempFilename = $_FILES["logo"]["tmp_name"]; if ($tempFilename != "") { $supplier->logo = generateFilename($user->onlineuserId, $_FILES["logo"]["name"]); move_uploaded_file($tempFilename, "logos/{$supplier->logo}"); }
<?php require "common_user.php"; require "top.php"; $class = stripslashes($_GET["type"]); $id = (int) $_GET["id"]; $newExpiryDate = expiryDate(); if ($class == "gold_membership" || $class == "platinum_membership") { $newExpiryDate = expiryYear(); } if ($class == "Job") { $db = new DatabaseConnection(); $db->Query("update job set job_status = 'active', dt_expire='{$newExpiryDate}' where onlineuser_onlineuserid={$user->onlineuserId} and jobid={$id}"); } else { $object = new $class(); $object = $object->Get($id); if (isSuperUser(false) || $user->canAccess($object)) { /* no point check this, where if an object is live or not are determined by status and expiry date $expires=strtotime($object->dt_expire); if (date("U") > $expires){ // at this point the advert has already expired // maybe redirect to a pay now link ? exit; } */ $status = $class . "_status"; $object->{$status} = "active"; $object->dt_expire = $newExpiryDate; $object->Save(); } else { // this user is not allowed to access this resource