function JB_save_import_feed_form() { $feed_id = (int) $_REQUEST['feed_id']; // read the sample XML file and get it ready to be placed in the database. if ($_FILES['xml_sample']['name'] != '') { $uploaddir = JB_FILE_PATH; $a = explode(".", $_FILES['xml_sample']['name']); $ext = strtolower(array_pop($a)); $name = strtolower(array_shift($a)); if ($_SESSION['JB_ID'] != '') { $name = "xml_" . $name; } $name = preg_replace('#[^a-z^0-9]+#i', "_", $name); // strip out unwanted characters $ext = preg_replace('#[^a-z^0-9]+#i', "_", $ext); // strip out unwanted characters $new_name = $name . time() . "." . $ext; $uploadfile = $uploaddir . $new_name; // if (strpos(strtoupper(PHP_OS), 'WIN') !== false) { // sometimes the dir can have double slashes on Win, remove 'em $_FILES['xml_sample']['tmp_name'] = str_replace('\\\\', '\\', $_FILES['xml_sample']['tmp_name']); } if (move_uploaded_file($_FILES['xml_sample']['tmp_name'], $uploadfile)) { //echo "File is valid, and was successfully uploaded.\n"; @chmod($uploadfile, JB_NEW_FILE_CHMOD); } $fp = fopen($uploadfile, 'r'); $xml_sample = fread($fp, filesize($uploadfile)); fclose($fp); unlink($uploadfile); // do not need it anymore if ($feed_id != false) { // reset the sequence element. $feed_row = array(); $feed_row = JB_XMLIMP_load_feed_row($feed_id); $feed_row['FMD']->seq = ''; $feed_row['FMD']->save(); jb_xml_import_update_status($feed_row); } } if ($feed_id == false) { $feed_id = JB_db_generate_id_fast('feed_id', 'xml_import_feeds'); // initialize the feed meta-data $FMD = new JB_XMLImportFeedMetaData($feed_id); $sql = "INSERT INTO `xml_import_feeds` (`feed_id`, `feed_metadata`, `feed_name`, `description`, `date`, `xml_sample`, `feed_key`, `ip_allow`, `feed_url`, `feed_filename`, `ftp_user`, `ftp_pass`, `ftp_filename`, `ftp_host`, `pickup_method`, `status`, `cron`) VALUES ('" . $feed_id . "', '" . jb_escape_sql(serialize($FMD)) . "', '" . jb_escape_sql($_REQUEST['feed_name']) . "', '" . jb_escape_sql($_REQUEST['description']) . "', NOW(), '" . jb_escape_sql(addslashes($xml_sample)) . "', '" . jb_escape_sql($_REQUEST['feed_key']) . "', '" . jb_escape_sql($_REQUEST['ip_allow']) . "', '" . jb_escape_sql($_REQUEST['feed_url']) . "', '" . jb_escape_sql($_REQUEST['feed_filename']) . "', '" . jb_escape_sql($_REQUEST['ftp_user']) . "', '" . jb_escape_sql($_REQUEST['ftp_pass']) . "', '" . jb_escape_sql($_REQUEST['ftp_filename']) . "', '" . jb_escape_sql($_REQUEST['ftp_host']) . "', '" . jb_escape_sql($_REQUEST['pickup_method']) . "', 'NEW_SAMPLE', '" . jb_escape_sql($_REQUEST['cron']) . "');"; jb_mysql_query($sql); } else { if ($xml_sample != false) { $xml_sample_sql = ", `xml_sample`='" . jb_escape_sql(addslashes($xml_sample)) . "', status='NEW_SAMPLE' "; } // save the form data. feed_metadata is edited somewhere else and not saved here $sql = "UPDATE xml_import_feeds SET `feed_name`='" . jb_escape_sql($_REQUEST['feed_name']) . "', `description`='" . jb_escape_sql($_REQUEST['description']) . "' {$xml_sample_sql}, `feed_key`='" . jb_escape_sql($_REQUEST['feed_key']) . "', `ip_allow`='" . jb_escape_sql($_REQUEST['ip_allow']) . "', `feed_url`='" . jb_escape_sql($_REQUEST['feed_url']) . "', `feed_filename`='" . jb_escape_sql($_REQUEST['feed_filename']) . "', `ftp_user`='" . jb_escape_sql($_REQUEST['ftp_user']) . "', `ftp_pass`='" . jb_escape_sql($_REQUEST['ftp_pass']) . "', `ftp_filename`='" . jb_escape_sql($_REQUEST['ftp_filename']) . "', `ftp_host`='" . jb_escape_sql($_REQUEST['ftp_host']) . "',\n\t\t`pickup_method`='" . jb_escape_sql($_REQUEST['pickup_method']) . "', `cron`='" . jb_escape_sql($_REQUEST['cron']) . "' WHERE feed_id = '" . jb_escape_sql($feed_id) . "' "; jb_mysql_query($sql); } return $feed_id; }
function JB_add_cat($catname, $parent, $form_id, $allow_records) { $id = JB_db_generate_id_fast("category_id", "categories"); $query = "INSERT INTO categories (category_id, category_name, parent_category_id, form_id, allow_records, search_set) VALUES ({$id}, '" . jb_escape_sql($catname) . "', " . jb_escape_sql($parent) . ", " . jb_escape_sql($form_id) . ", '" . jb_escape_sql($allow_records) . "', '')"; $result = JB_mysql_query($query) or die($query . mysql_error()); $sql = "REPLACE INTO `cat_name_translations` (`category_id`, `lang`, `category_name`) VALUES (" . jb_escape_sql($id) . ", '" . jb_escape_sql($_SESSION["LANG"]) . "', '" . jb_escape_sql($catname) . "')"; $result = JB_mysql_query($sql) or die(mysql_error() . $sql); return $id; }