$folder = 0; } // Double-check if the user is a member of this club. function checkClubMember($creator, $forClub) { $result = sql_query("SELECT `useCid` FROM `useClubs` " . "WHERE `useCclub` = '{$forClub}' AND `useCmember` = '" . $creator . "' " . "AND `useCpending` = '0' LIMIT 1"); if (mysql_num_rows($result) == 0) { return 0; // User is no longer a member of that club. } else { return $forClub; } } $forClub = checkClubMember($objData["objCreator"], $forClub); $forClub2 = checkClubMember($objData["objCreator"], $forClub2); $forClub3 = checkClubMember($objData["objCreator"], $forClub3); if (isset($_POST["submit"]) && $title != "" && $comment != "") { include_once INCLUDES . "submission.php"; // Modify title in the database. submitModifiedTitle($objid, $title, $comment, $objData["objMature"], $forClub, $folder, $collab, $gift, $forClub2, $forClub3); // Redirect the user to view the submission. redirect(url("view/" . $objid)); } ?> <form action="<?php echo url(".", array("edit" => "title")); ?> " method="post"> <?php $_POST["title"] = $title; $_POST["comment"] = $comment;
// Double-check if the user is a member of this club. function checkClubMember($forClub) { global $_auth; $forClub = intval($forClub); $result = sql_query("SELECT `useCid` FROM `useClubs` " . "WHERE `useCclub` = '{$forClub}' " . "AND `useCmember` = '" . $_auth["useid"] . "' " . "AND `useCpending` = '0' LIMIT 1"); if (mysql_num_rows($result) == 0) { return 0; // hacked POST, change to "no club" } else { return $forClub; } } $forClub = checkClubMember($_POST["forClub"]); $forClub2 = checkClubMember($_POST["forClub2"]); $forClub3 = checkClubMember($_POST["forClub3"]); $collab = isset($_POST["collab"]) ? intval($_POST["collab"]) : 0; $gift = isset($_POST["gift"]) ? intval($_POST["gift"]) : 0; // Submit new title and receive the object id. $filters = implode(",", getFiltersByKeywords(preg_split('/\\s/', $_POST["keywordList"], -1, PREG_SPLIT_NO_EMPTY))); $objid = submitNewTitle($_POST["title"], $_POST["comment"], $filters, $forClub, $folder, $collab, $gift, $forClub2, $forClub3); submitKeywords($objid, $_POST["keywordList"]); if (submitImage($objid, "submission", $uploadErrorThumb == _UPL_NO_FILE ? "" : "thumb", $uploadErrorThumb, $imageChanged)) { // Make the submission accessible by setting // `objDeleted` = '0'. sql_query("UPDATE `objects` " . "SET `objDeleted` = '0' " . "WHERE `objid` = '{$objid}' LIMIT 1"); if ($oekakiExtras != "") { sql_query("UPDATE `objExtData` " . "SET {$oekakiExtras} " . "WHERE `objEid` = '{$objid}' LIMIT 1"); } // Notify the watchers. addArtUpdateToWatchers($_auth["useid"], $objid, $forClub);