passwordPerson = md5('{$passwordPerson}'),
behorighetPerson = '{$behorighetPerson}'
WHERE idPerson = '{$idPerson}';
QUERY;
} else {
//Annars läggs en ny användare in.
$query = <<<QUERY
INSERT INTO {$tablePerson} (accountPerson, passwordPerson, behorighetPerson)
VALUES ('{$accountPerson}', md5('{$passwordPerson}'), '{$behorighetPerson}');
QUERY;
}
$dbAccess->SingleQuery($query);
// Om $idPerson inte innehåller något är det en ny användare.
// Hämta då dennes id.
if (!$idPerson) {
$idPerson = $dbAccess->LastId();
$redirect = "edit_usr&id=" . $idPerson;
}
if ($debugEnable) {
$debug .= "idPerson: " . $idPerson . "<br />\r\n";
}
// Skicka lösenordet i mejl om detta är begärt.
if (isset($formValues['send'])) {
if ($debugEnable) {
$debug .= "send= " . $formValues['send'] . "<br />\r\n";
}
// Hämta mejladress. från personen eller dess målsman.
$query = "\n SELECT ePostPerson FROM {$tablePerson} \n WHERE idPerson = '{$idPerson}';";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$result->close();
$nameAlbum = $dbAccess->WashParameter(strip_tags($formValues['name']));
$descriptionAlbum = $dbAccess->WashParameter(strip_tags($formValues['description']));
$presentTime = time();
if ($idAlbum) {
// If $idAlbum already exists, update the DB.
$timeEditedAlbum = $presentTime;
$query = "\n UPDATE {$tableAlbum} SET \n nameAlbum = '{$nameAlbum}',\n descriptionAlbum = '{$descriptionAlbum}',\n timeEditedAlbum = '{$timeEditedAlbum}'\n WHERE idAlbum = '{$idAlbum}';\n ";
$dbAccess->SingleQuery($query);
} else {
// Otherwise a new album is added to the DB.
$album_idUser = $_SESSION['idUser'];
$timeCreatedAlbum = $presentTime;
$timeEditedAlbum = $presentTime;
$query = "\n INSERT INTO {$tableAlbum} (\n album_idUser, \n nameAlbum, \n descriptionAlbum, \n timeCreatedAlbum,\n timeEditedAlbum)\n VALUES (\n '{$album_idUser}', \n '{$nameAlbum}',\n '{$descriptionAlbum}',\n '{$timeCreatedAlbum}',\n '{$timeEditedAlbum}'\n );\n ";
$dbAccess->SingleQuery($query);
$idAlbum = $dbAccess->LastId();
if ($debugEnable) {
$debug .= "idAlbum: " . $idAlbum . "<br /> \r\n";
}
}
// Jump to next page if not in debug.
if ($debugEnable) {
$form->removeChild($buttons);
// Remove buttons.
$form->toggleFrozen(true);
// Freeze the form for display.
$mainTextHTML .= "<a title='Vidare' href='?p={$redirect}'>\n <img src='images/accept.png' alt='Vidare' /></a> <br />\r\n";
} else {
$redirect = str_replace("&", "&", $redirect);
header('Location: ' . WS_SITELINK . "?p={$redirect}");
exit;
if ($idBook) {
// Edit an existing book
// Check if the session id is owner of the book.
$query = <<<QUERY
SELECT child_idUser FROM
({$tableBook} JOIN {$tableChild} ON book_idChild = idChild)
WHERE idBook = {$idBook};
QUERY;
} else {
// Add a new book.
$query = <<<QUERY
INSERT INTO {$tableBook} (nameBook, book_idChild)
VALUES ('{$nameBook}', '{$idChild}');
QUERY;
$dbAccess->SingleQuery($query);
$idBook = $dbAccess->LastId();
// Check the id of the new book.
if ($debugEnable) {
$debug .= "idBook: " . $idBook . "<br /> \n";
}
// Add a first page of the new book.
$query = <<<QUERY
INSERT INTO {$tablePage} (stylePage, page_idBook)
VALUES ('1', '{$idBook}');
QUERY;
$dbAccess->SingleQuery($query);
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect
// If in debug mode exit before redirect.
if ($debugEnable) {
$statBostad = $dbAccess->WashParameter(strip_tags($formValues['stat']));
if ($idBostad) {
// Om personen har en bostad knuten till sig så uppdatera den.
$query = "\n UPDATE {$tableBostad} SET \n telefonBostad = '{$telefonBostad}',\n adressBostad = '{$adressBostad}',\n stadsdelBostad = '{$stadsdelBostad}',\n postnummerBostad = '{$postnummerBostad}',\n statBostad = '{$statBostad}'\n WHERE idBostad = '{$idBostad}';";
$dbAccess->SingleQuery($query);
} else {
//Annars läggs en ny bostad in.
if (!$adressBostad) {
// Om ingen adress är angiven läggs en temporär adress in för
// att senare kunna uppdateras.
$adressBostad = "Temporär adress för " . $fornamnPerson . " " . $efternamnPerson;
}
$query = "\n INSERT INTO {$tableBostad} (\n telefonBostad, \n adressBostad, \n stadsdelBostad, \n postnummerBostad, \n statBostad)\n VALUES (\n '{$telefonBostad}', \n '{$adressBostad}', \n '{$stadsdelBostad}', \n '{$postnummerBostad}', \n '{$statBostad}');";
$dbAccess->SingleQuery($query);
// Koppla bostaden till personen.
$idBostad = $dbAccess->LastId();
$query = "\n UPDATE {$tablePerson} SET person_idBostad = '{$idBostad}' \n WHERE idPerson = '{$idPerson}';";
$dbAccess->SingleQuery($query);
}
}
if ($debugEnable) {
// Om debug så visa formuläret färdigifyllt.
$form->removeChild($buttons);
// Tag bort knapparna.
$form->toggleFrozen(true);
// Frys formuläret inför ny visning.
$mainTextHTML .= "<a title='Vidare' href='?p=show_usr&id={$idPerson}'\n tabindex='1'><img src='../images/b_enter.gif' alt='Vidare' /></a>\n <br />\r\n";
} else {
// Annars hoppa vidare.
header('Location: ' . WS_SITELINK . "?p=show_usr&id={$idPerson}");
exit;
firstNameChild = '{$firstNameChild}',
famillyNameChild = '{$famillyNameChild}',
birthDateChild = '{$birthDateChild}'
WHERE idChild = '{$idChild}';
QUERY;
} else {
// Else enter a new child.
$query = <<<QUERY
INSERT INTO {$tableChild} (firstNameChild, famillyNameChild, birthDateChild, child_idUser)
VALUES ('{$firstNameChild}', '{$famillyNameChild}', '{$birthDateChild}', '{$idUser}');
QUERY;
}
$dbAccess->SingleQuery($query);
// If $idChild is empty then it's a new child. Get the id.
if (!$idChild) {
$idChild = $dbAccess->LastId();
}
if ($debugEnable) {
$debug .= "idChild: " . $idChild . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
//
// If in debug mode show info and exit.
if ($debugEnable) {
echo $debug;
exit;
}
header("Location: " . WS_SITELINK . "?p={$redirect}");
exit;
?>
$maxPhoto = new maxImageUpload();
$result = TRUE;
$msg = "";
$error = "";
// Prepare the database.
$dbAccess = new CdbAccess();
$tablePicture = DB_PREFIX . 'Picture';
$tableAlbum = DB_PREFIX . 'Album';
// Get form values.
$namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle']));
$descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc']));
// Register picture in DB and store the information.
$query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n ";
$dbAccess->SingleQuery($query);
// Get the picture id.
$idPicture = $dbAccess->LastId();
if ($debugEnable) {
$debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n";
}
//Check image type. Only jpeg images are allowed
if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) {
$error = "Bara jpeg-bilder kan laddas upp!";
$result = false;
}
if ($result) {
// Move uploaded file to a temporary name.
$target_path = TP_PICTURES . "tmp" . '.jpg';
if (@move_uploaded_file($_FILES['myfile']['tmp_name'], $target_path)) {
} else {
$error = "Något gick fel vid uppladdningen av din bild!";
$result = false;
accountUser = '******',
passwordUser = md5('{$password1User}'),
authorityUser = '******'
WHERE idUser = '******';
QUERY;
} else {
// Else enter a new user.
$query = <<<QUERY
INSERT INTO {$tableUser} (accountUser, passwordUser, authorityUser)
VALUES ('{$accountUser}', md5('{$password1User}'), '{$authorityUser}');
QUERY;
}
$dbAccess->SingleQuery($query);
// If $idUser is empty then it's a new user. Get the id.
if (!$idUser) {
$idUser = $dbAccess->LastId();
}
if ($debugEnable) {
$debug .= "idUser: "******"<br /> \n";
}
// Send the password in a mail if it is requested.
if ($send) {
// Get the mail address.
$query = "SELECT eMail1User, eMail2User FROM {$tableUser} WHERE idUser = '******';";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$result->close();
if ($row->eMail1User) {
$eMailAdr = $row->eMail1User;
} elseif ($row->eMail2User) {
$eMailAdr = $row->eMail1User;
