<?php
require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
$projid = $_GET['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
$isNews = isNews($projid);
emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
if ($name == '') {
errAndDie('Project not found.');
}
} else {
emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
mysqlSetup();
if (isset($_POST['modified'])) {
if (!isset($_POST['projid'])) {
errAndDie('Project ID not specified.');
}
$projid = $_POST['projid'];
$projinfo = getProjInfoFromId($projid);
$name = $projinfo[0];
$owner = $projinfo[1];
if ($userType == ADMIN && $owner != $userName) {
errAndDie('Sorry, admins may only edit their own projects.');
}
escapes('projid', $projid);
escapes('name', $name);
escapes('owner', $owner);
if (isNews($projid)) {
errAndDie('You cannot edit a project with id = -1');
}
$sqlquery = "UPDATE `pb_projects` " . "SET `name` = '{$mName}', " . "`modified` = NOW(), " . "`description` = '{$mDescription}', " . "`keywords` = '{$mKeywords}', " . "`status` = '{$mStatus}', " . "`progress` = '{$mProgress}', " . "`priority` = '{$mPriority}', " . "`deadline` = '{$mDeadline}', " . "`notes` = '{$mNotes}' " . "" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$numrows = mysql_affected_rows();
if (!$numrows) {
print '<h3>Update unsuccessful.</h3>';
} else {
print "<h3>Edited.</h3>";
}
} else {
$sqlquery = "INSERT INTO `pb_projects` (`name`,`owner`,`added`,`modified`," . "`description`,`keywords`,`status`,`progress`,`priority`," . "`deadline`,`notes`) VALUES ('{$mName}','{$mOwner}',NOW(),NOW(),'{$mDescription}'," . "'{$mKeywords}','{$mStatus}','{$mProgress}','{$mPriority}'," . "'{$mDeadline}','{$mNotes}')";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
print "<h3>Created.</h3>";
$projid = mysql_insert_id();
