function handleRemove() { $id = get_http_var("remove_id"); // include journo id, to stop people zapping other journos entries! db_do("DELETE FROM journo_weblink WHERE id=? AND journo_id=?", $id, $this->journo['id']); db_commit(); eventlog_Add('remove-weblinks', $this->journo['id']); }
function genericStoreItem($tablename, $fieldnames, &$item) { if ($item['id']) { /* update existing entry */ $frags = array(); $params = array(); foreach ($fieldnames as $f) { $frags[] = "{$f}=?"; $params[] = $item[$f]; } /* note, restrict by journo id to stop people hijacking others entries! */ $sql = "UPDATE {$tablename} SET " . implode(',', $frags) . " WHERE id=? AND journo_id=?"; $params[] = $item['id']; $params[] = $this->journo['id']; db_do($sql, $params); eventlog_Add("modify-{$this->pageName}", $this->journo['id'], $item); } else { /* insert new entry */ $frags = array('?'); $params = array($this->journo['id']); foreach ($fieldnames as $f) { $frags[] = "?"; $params[] = $item[$f]; } $sql = "INSERT INTO {$tablename} (journo_id," . implode(",", $fieldnames) . ") " . "VALUES (" . implode(',', $frags) . ")"; db_do($sql, $params); $item['id'] = db_getOne("SELECT lastval()"); eventlog_Add("add-{$this->pageName}", $this->journo['id'], $item); } db_commit(); return $item['id']; }
function do_it($params) { global $_journo; $txt = build_email_body($params); $subject = "[from {$params['name']}] {$_journo['prettyname']} on journalisted"; $success = jl_send_text_email($params['email'], OPTION_WEB_DOMAIN, OPTION_TEAM_EMAIL, $subject, $txt); if ($success) { ?> <div class="infomessage"> <p>Thank you - email sent.</p> </div> <?php } else { ?> <div class="errormessage"> <p>Sorry, there was a problem, and the email was not sent</p> </div> <?php } ?> <p><a href="/<?php echo $_journo['ref']; ?> ">Go back to <?php echo $_journo['prettyname']; ?> 's page</a></p> <?php $context = array('email' => $params['email'], 'name' => $params['name'], 'message' => $params['message'], 'success' => $success, 'remote_addr' => $_SERVER["REMOTE_ADDR"]); eventlog_Add('forward-profile', $_journo['id'], $context); }
function handleSubmit() { $email = get_http_var('email'); $phone = get_http_var('phone'); $address = get_http_var('address'); $twitter = get_http_var('twitter'); $twitter = preg_replace("/^@+/", "", $twitter); // address db_do("DELETE FROM journo_address WHERE journo_id=?", $this->journo['id']); if ($address) { db_do("INSERT INTO journo_address (journo_id,address) VALUES (?,?)", $this->journo['id'], $address); } // phone db_do("DELETE FROM journo_phone WHERE journo_id=?", $this->journo['id']); if ($phone) { db_do("INSERT INTO journo_phone (journo_id,phone_number) VALUES (?,?)", $this->journo['id'], $phone); } // email db_do("DELETE FROM journo_email WHERE journo_id=? AND srctype=''", $this->journo['id']); if ($email) { db_do("INSERT INTO journo_email (journo_id,email,srctype,srcurl,approved) VALUES (?,?,?,?,?)", $this->journo['id'], $email, '', '', TRUE); } // twitter db_do("DELETE FROM journo_weblink WHERE journo_id=? AND kind='twitter'", $this->journo['id']); if ($twitter) { $twitter_url = 'http://twitter.com/' . $twitter; $twitter_desc = $this->journo['prettyname'] . ' on Twitter'; db_do("INSERT INTO journo_weblink (journo_id,url,description,approved,kind) VALUES (?,?,?,true,'twitter')", $this->journo['id'], $twitter_url, $twitter_desc); } db_commit(); eventlog_Add('modify-contact', $this->journo['id']); }