function categoryMove()
{
// security checking
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
if (isset($_REQUEST['sourceNum'])) {
return categoryMoveDrag();
}
global $tableName, $escapedTableName, $isMyAccountMenu;
if ($isMyAccountMenu) {
die("Access not permitted for My Account menu!");
}
// load categoriesByNum
$categoriesByNum = array();
$query = "SELECT * FROM `{$escapedTableName}` ORDER BY globalOrder";
$result = mysql_query($query) or die("MySQL Error: " . mysql_error() . "\n");
while ($row = mysql_fetch_assoc($result)) {
$categoriesByNum[$row['num']] = $row;
$categoriesByNum[$row['num']]['oldSiblingOrder'] = $row['siblingOrder'];
}
if (is_resource($result)) {
mysql_free_result($result);
}
// update order
$parentNum = $categoriesByNum[$_REQUEST['num']]['parentNum'];
foreach (array_keys($categoriesByNum) as $num) {
$category =& $categoriesByNum[$num];
if ($category['parentNum'] != $parentNum) {
continue;
}
// only modify siblings on branch
$category['siblingOrder'] = 2 + $category['siblingOrder'] * 2;
// double space entries
unset($category);
}
if ($_REQUEST['direction'] == 'up') {
$categoriesByNum[$_REQUEST['num']]['siblingOrder'] -= 3;
}
if ($_REQUEST['direction'] == 'down') {
$categoriesByNum[$_REQUEST['num']]['siblingOrder'] += 3;
}
// save new order
foreach ($categoriesByNum as $num => $category) {
if ($category['oldSiblingOrder'] == $category['siblingOrder']) {
continue;
}
// skip if order didn't change
$query = "UPDATE `{$escapedTableName}` SET ";
$query .= "`siblingOrder` = '" . mysql_escape($category['siblingOrder']) . "' ";
$query .= "WHERE num = '{$category['num']}'";
mysql_query($query) or die("There was an error updating the category metadata:\n\n" . htmlencode(mysql_error()) . "\n");
}
// update global order, etc
updateCategoryMetadata();
// refresh page
redirectBrowserToURL("?menu={$tableName}", true);
exit;
}
die($error);
}
}
// My Account - update session login details
if ($isMyAccountMenu) {
$username = @$_REQUEST['username'] ? $_REQUEST['username'] : $CURRENT_USER['username'];
$passwordHash = getPasswordDigest(coalesce(@$_REQUEST['password'], $CURRENT_USER['password']));
loginCookie_set($username, $passwordHash);
}
// User Accounts - update access levels
if (@$_REQUEST['accessList'] && @$schema['accessList']['type'] == 'accessList') {
_updateAccessList();
}
// Category Sections - update category meta data
if ($schema['menuType'] == 'category') {
updateCategoryMetadata();
}
doAction('record_postsave', $tableName, $isNewRecord, $oldRecord, $_REQUEST['num']);
### redisplay list page
print $_REQUEST['num'];
exit;
// print record number or nothing to redisplay list page (done in edit_functions.js by ajax form submit code)
//
function _getInputValidationErrors($mySqlColsAndTypes, $newRecordValues)
{
global $schema, $tableName, $escapedTableName, $CURRENT_USER, $isMyAccountMenu;
$errors = '';
$recordNum = @$_REQUEST['num'];
// load schema columns
foreach ($schema as $fieldname => $fieldSchema) {
if (!is_array($fieldSchema)) {