private function _add() { use_helper('Validate'); $data = $_POST['attraction']; Flash::set('attraction_postdata', $data); // Add pre-save checks here $errors = false; // CSRF checks if (isset($_POST['csrf_token'])) { $csrf_token = $_POST['csrf_token']; if (!SecureToken::validateToken($csrf_token, BASE_URL . 'attraction/add')) { Flash::set('error', __('Invalid CSRF token found!')); redirect(get_url('attraction/add')); } } else { Flash::set('error', __('No CSRF token found!')); redirect(get_url('attraction/add')); } if (empty($data['name'])) { Flash::set('error', __('You have to specify a attraction name!')); redirect(get_url('attraction/add')); } if ($errors !== false) { // Set the errors to be displayed. Flash::set('error', implode('<br/>', $errors)); redirect(get_url('attraction/add')); } $oAttraction = new Attraction(); $last_seq = $oAttraction->getLastAttractionSeq(); $new_attraction = new Attraction($data); $new_attraction->created_by_id = AuthUser::getId(); $new_attraction->created_on = date('Y-m-d H:i:s'); $new_attraction->sequence = $last_seq + 1; if ($new_attraction->save()) { if (isset($_FILES)) { if (strlen($_FILES['upload_file']['name']) > 0) { $attraction_id = $new_attraction->lastInsertId(); $overwrite = false; $file = $this->upload_attraction_main_image($attraction_id, $_FILES['upload_file']['name'], FILES_DIR . '/attraction/images/', $_FILES['upload_file']['tmp_name'], $overwrite); if ($file === false) { Flash::set('error', __('Image has not been uploaded!')); redirect(get_url('attraction/edit/' . $new_attraction->id)); } } } Flash::set('success', __('Attraction has been added!')); Observer::notify('attraction_after_add', $new_attraction->name); // save and quit or save and continue editing? if (isset($_POST['commit'])) { redirect(get_url('attraction')); } else { redirect(get_url('attraction/edit/' . $new_attraction->id)); } } else { Flash::set('error', __('Attraction has not been added!')); redirect(get_url('attraction/add')); } }