function add($postArray) { if (User::isAdmin()) { $bm = BandMember::get($postArray['member_id']); } else { $uo = User::getCurrent(); $bm = BandMember::getByUserID($uo->getID()); } if (db::isError($bm)) { return $bm; } $db = new db(); $member_id = $bm->getID(); $title = $db->sanitize_to_db($postArray['title']); $_dt = strtotime($postArray['date']); $dt = date('Y-m-d', $_dt) . ' ' . $postArray['time']; $dateTime = date("Y-m-d H:i:s", strtotime($dt)); $body = $db->sanitize_to_db($postArray['body']); if (!$title) { $title = '(untitled)'; } $r = @mysql_query("insert into Band_Diaries (title, member_id, date_time, body, is_active) values ('{$title}','{$member_id}','{$dateTime}','{$body}'," . DEFAULT_ACTIVE . ")"); if (!$r) { return Error::MySQL(); } else { $bd = BandMemberDiary::get(mysql_insert_id()); return $bd; } }
<?php include 'base.php'; User::protect(); include_class('band_members'); include_class('m2'); // type is only used on initial entry, not on an actual submit $bm = BandMember::get($_GET['id']); if (!db::isError($bm)) { $doSubmit = false; if (!$_POST['area']) { $type = $_REQUEST['type'] == 'av' ? 'av' : 'photos'; $ma = $type == 'av' ? $bm->getAVAreaObject() : $bm->getPhotoAreaObject(); } else { if ($_POST['area'] == $bm->getAVAreaID() || $_POST['area'] == $bm->getPhotoAreaID()) { $doSubmit = true; } } if ($doSubmit) { $ma = MediaArea::get($_POST['area']); if (!db::isError($ma)) { if ($_POST['localfile']) { $res = $ma->addMediaUpload('mediafile', $bm); } else { if ($_POST['url']) { $res = $ma->addMediaRemote($_POST['url'], $bm); } else { if ($_POST['toAdd'] == 'all') { $keepCopy = $_POST['copyFromIncoming'] ? 1 : 0; $res = $ma->addAllMediaIncoming($keepCopy, $bm); } else {
<?php include 'base.php'; User::protect(); $page_title = 'Band Member Diaries'; include_class('band_diaries'); include_class('band_members'); if ($_GET['memberID']) { $bm = BandMember::get($_GET['memberID']); $bdlist = $bm->getDiaries($_GET['entries_per_page'], $_GET['start']); $news_total = $bm->getTotalDiaryEntries(); if (!db::isError($bm)) { $uo = $bm->getUserObject(); $uoc = User::getCurrent(); } } $section = 'band_diaries'; include 'layout/header.php'; if (is_object($bm) && !db::isError($bm)) { ?> <div id="breadcrumb"> <a href="index.php">Audition ></a> <a href="band.php">Manage Band ></a> <a href="band_diaries.php">Diaries ></a> <?php echo $uo->getFirstName(); ?> 's Diary </div> <h1><?php echo strtolower($uo->getFirstName()); ?>
function add($postArray) { $db = new db(); $e = new Error(); if (User::isAdmin()) { $password = $db->sanitize_to_db($postArray['password']); $confirmPassword = $db->sanitize_to_db($postArray['password_confirm']); $passwordHash = null; $username = $db->sanitize_to_db($postArray['username']); if ($username != null && $username != "") { if (User::exists($username)) { $e->add("A user with the username '{$username}' already exists."); } } else { $e->add("A band member entry must contain a username."); } if ($password != null && $password != "") { // something has been entered for password if ($password == $confirmPassword) { if (strlen($password) > 4) { $passwordHash = md5($password); } else { $e->add("A user password must be at least 5 characters."); } } else { $e->add("The two passwords do not match."); } } else { $e->add("A band member entry must contain a password."); } $firstname = $db->sanitize_to_db($postArray['firstname']); if (!$firstname) { $e->add("A band member entry must contain a first name."); } $lastname = $db->sanitize_to_db($postArray['lastname']); $role = $db->sanitize_to_db($postArray['role']); if (!$role) { $e->add("A band member entry must contain a role."); } $_dt = strtotime($db->sanitize_to_db($postArray['birthdate'])); $birthdate = date('Y-m-d', $_dt); $email = $db->sanitize_to_db($postArray['email']); $equipment = $db->sanitize_to_db($postArray['equipment']); $influences = $db->sanitize_to_db($postArray['influences']); $bio = $db->sanitize_to_db($postArray['bio']); if ($e->hasErrors()) { return $e; } else { $result = @mysql_query("insert into Users (username, password, lastname, firstname, email, birthdate) values ('{$username}', '{$passwordHash}', '{$lastname}', '{$firstname}', '{$email}', '{$birthdate}')"); if (!$result) { $e->add(mysql_error()); } else { $userID = mysql_insert_id(); $result2 = @mysql_query("insert into Band_Members (role, equipment, influences, bio, user_id) values ('{$role}', '{$equipment}', '{$influences}', '{$bio}', {$userID})"); if (!$result2) { $e->add(mysql_error()); } else { $bmID = mysql_insert_id(); } } if ($e->hasErrors()) { return $e; } else { $bm = BandMember::get($bmID); return $bm; } } } else { $e->add('You may not add a band member entry. Only an admin user may do that.'); return $e; } }
<?php include 'base.php'; User::protect(); $section = 'band_diaries'; $db = new db(); include_class('band_diaries'); include_class('band_members'); $bm = BandMember::get($_REQUEST['memberID']); if (!db::isError($bm)) { $uo = $bm->getUserObject(); if ($_POST['submit']) { // add news entry $bd = BandMemberDiary::add($_POST); if (!db::isError($bd)) { header('Location: band_diary_edit.php?id=' . $bd->getID()); } } } $calendar = true; $editors = array('body'); $page_title = 'Add Band Diary'; include 'layout/header.php'; // This page requires a member_id get variable. If it's not present we forward to it if the user isn't admin // and if the user admin, we go back to the band_diaries page ?> <?php if (!db::isError($bm)) { if ($bm->canEdit()) { ?>
function selectBandMembers($memberIDArray) { if (User::isAdmin()) { $q = "delete from Releases_to_Band_Members where release_id = " . $this->ID; $r = mysql_query($q); if (is_array($memberIDArray)) { foreach ($memberIDArray as $mID) { $bm = BandMember::get($mID); if (!db::isError($bm)) { $q = "insert into Releases_to_Band_Members (member_id, release_id) values (" . $bm->getID() . "," . $this->ID . ")"; $r = mysql_query($q); } } } } else { return Error::create("You may not select the band members for a particular release."); } }