exit; } if (!isset($_GET['key'])) { exit; } $id = (int) $_GET['id']; $key = $_GET['key']; $query = 'select author, title, year, price, isbn, expires, description from books where id="' . $id . '" and auth_key="' . $key . '"'; $result = mysql_query($query); if (mysql_num_rows($result) == 0) { $error = 'not found'; } else { /* we have valid access to this book */ $selectableCategories = new SelectableCategories($id); if (isset($_POST['author'])) { /* update base book data */ $query = 'update books set author = "' . $_POST['author'] . '", title = "' . $_POST['title'] . '", year = "' . $_POST['year'] . '", isbn = "' . $_POST['isbn'] . '", price = "' . str_replace(',', '.', $_POST['price']) . '", description = "' . $_POST['desc'] . '" where id="' . $id . '" and auth_key="' . $key . '"'; mysql_query($query); /* update category relations */ $selectableCategories->update(); /* update expire date and look at the book */ require 'renew.php';
$indices = array('author', 'title', 'price', 'year', 'isbn', 'description'); $bookString = trim($bookString); $bookLines = split("\n", $bookString, sizeof($labels)); for ($i = 0; $i < sizeof($labels); $i++) { list($label, $value) = split(':', $bookLines[$i], 2); if (trim($label) != $labels[$i]) { $value = ''; } $value = Parser::text2html(stripslashes(trim($value))); $tmpl->assign($indices[$i], $value); } } $usermail = Parser::text2html(stripslashes(Mailer::mailFromUser('mail'))); if (isset($_POST['book_data'])) { $tmpl = Template::fromFile('view/add_form.html'); import_book($_POST['book_data'], $tmpl); if (isset($_POST['mail'])) { $tmpl->assign('mail', $usermail); } $selectableCategories = new SelectableCategories(); $categoryString = implode(' ', $selectableCategories->createSelectArray()); $tmpl->assign('categories', $categoryString); } else { $tmpl = Template::fromFile('view/import.html'); if (isset($_GET['mail'])) { $mailTmpl = $tmpl->addSubtemplate('mail'); $mailTmpl->assign('mail', $usermail); } } $output = new Output(); $output->send($tmpl->result());