case 'updateAchievement': //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++// $formData['id'] = db_clean_int($_POST['id']); $formData['category'] = db_clean_int($_POST['category']); $formData['name'] = db_clean_text($_POST['name']); $formData['image'] = db_clean_text($_POST['image']); $formData['description'] = db_clean_text($_POST['description']); $formData['goal'] = db_clean_int($_POST['goal']); $formData['points'] = db_clean_int($_POST['points']); //Verify form if (!secureform_test_pk($verify_key, $verify_action, $formData['id'])) { $smarty->assign("url", "./index.php?page=updateAchievement&id=" . $formData['id']); $smarty->display('redirectError.tpl'); exit; } updateAchievement($formData['id'], $formData['category'], $formData['name'], $formData['image'], $formData['description'], $formData['goal'], $formData['points']); $smarty->assign("url", "./index.php?page=listAchievements"); $smarty->display('redirect.tpl'); break; case 'deleteAchievement': //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++// $formData['id'] = db_clean_int($_POST['id']); //Verify form if (!secureform_test_pk($verify_key, $verify_action, $formData['id'])) { $smarty->assign("url", "./index.php?page=updateAchievement&id=" . $formData['id']); $smarty->display('redirectError.tpl'); exit; } deleteAchievement($formData['id']); $smarty->assign("url", "./index.php?page=listAchievements"); $smarty->display('redirect.tpl');
?> <!-- Bootstrap --> <link href="../css/bootstrap.min.css" rel="stylesheet"> <!-- jQuery (necessary for Bootstrap's JavaScript plugins) --> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script> <!-- Include all compiled plugins (below), or include individual files as needed --> <script src="../js/bootstrap.min.js"></script> <script src="../js/sorttable.js"></script> <?php echo '<body>'; if (isset($_POST['btn-update'])) { updateAchievement($_POST['info'], $_POST['levelid'], $mysqli); } function loadAchievement($levelid, $mysqli) { $query = "SELECT levels.*, achievementList.name FROM levels INNER JOIN achievementList ON achievementList.id = levels.achievementid WHERE levels.id = '{$levelid}'"; $res = $mysqli->query($query); $numRows = $res->num_rows; $row = $res->fetch_array(MYSQLI_ASSOC); echo '<div class="row"><div class="col-xs-8 col-xs-offset-2">'; echo '<h4>Level ' . $row['level'] . ' - ' . $row['name'] . '</h4><form method="post">'; echo '<input type="hidden" name="levelid" value="', $levelid, '">'; echo '<textarea class="form-control" name="info" rows="10">', $row['info'], '</textarea><BR>'; echo '<input type="submit" name="btn-update"></button>'; echo '</form></div></div>'; } function updateAchievement($info, $levelid, $mysqli)