// Delete spell check_authorization(); delete_spell(); header("Location: index.php?editor=spellset&z={$z}&zoneid={$zoneid}&npcid={$npcid}&spellset={$spellset}"); exit; case 6: // Edit spell check_authorization(); $javascript = new Template("templates/iframes/js.tmpl.php"); $body = new Template("templates/spellset/spell.edit.tmpl.php"); $body->set('currzone', $z); $body->set('currzoneid', $zoneid); $body->set('spellset', $spellset); $body->set('npcid', $npcid); $body->set('spelltypes', $spelltypes); $vars = spell_info(); if ($vars) { foreach ($vars as $key => $value) { $body->set($key, $value); } } break; case 7: check_authorization(); delete_spellset(); header("Location: index.php?editor=spellset&z={$z}&zoneid={$zoneid}&npcid={$npcid}"); exit; case 8: check_authorization(); update_spell(); header("Location: index.php?editor=spellset&z={$z}&zoneid={$zoneid}&npcid={$npcid}&spellset={$spellset}");
function update_spell() { global $mysql; $id = $_POST['id']; $vars = spell_info(); //Checkbox list $cbs = array("dot_stacking_exempt", "deleteable", "uninterruptable", "nodispell", "can_mgb", "short_buff_box", "deities0", "deities1", "deities2", "deities3", "deities4", "deities5", "deities6", "deities7", "deities8", "deities9", "deities10", "deities11", "deities12", "deities13", "deities14", "deities15", "deities16"); //Sanitize checkboxes foreach ($cbs as $cb) { if ($_POST[$cb] == 'on') { $_POST[$cb] = 1; } else { $_POST[$cb] = 0; } } //Fix the 'use text field' elements if ($_POST[spell_category] == -100) { $_POST[spell_category] = $_POST[spcat]; } for ($x = 1; $x <= 12; $x++) { if ($_POST['formula' . $x] == 1) { $_POST['formula' . $x] = $_POST['fmm' . $x]; } } $fields = ''; foreach (array_keys($vars) as $f) { //Put field name in backticks to avoid conflicts with columns named for sql functions (like range) if ($vars[$f] != stripslashes($_POST[$f]) and isset($_POST[$f])) { $fields .= "`{$f}` = \"{$_POST[$f]}\", "; } } $fields = rtrim($fields, ", "); if ($fields != '') { $query = "UPDATE spells_new SET {$fields} WHERE id={$id}"; $mysql->query_no_result($query); } }