public function save() { $eqApp = new Apps(); $getFinfo_q = 'SELECT * FROM cms_records WHERE fieldsetid = "' . $_POST['fieldsetid'] . '" ORDER BY sortorder ASC'; $getFinfo_r = mysql_query($getFinfo_q); $getFinfo_n = mysql_num_rows($getFinfo_r); $pnum = 1; $checkPosted = 0; //START INSERT QUERY BEGINNING WITH USUAL STARTING VALUES $query_q = 'UPDATE cms_content SET '; //WHILE LOOP FOR ADDING THE DATABASE VALUES while ($getFinfo = mysql_fetch_array($getFinfo_r)) { switch ($getFinfo['type']) { case "file": if (isset($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["name"])) { $fileInput = rand() . $_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["name"]; if (!file_exists('../uploads/' . $_POST['id'] . '/')) { mkdir('../uploads/' . $_POST['id'] . '/', 0777); } if (!file_exists('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'])) { mkdir('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'], 0777); } else { foreach (glob('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/*') as $file) { if (is_dir($file)) { recursiveRemoveDirectory($file); } else { unlink($file); } } } move_uploaded_file($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["tmp_name"], '../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/' . $filename . '.' . $fileext); $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $fileInput . '" '; $checkPosted++; } break; case "photo": if (!empty($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["name"])) { if (!file_exists('../uploads/' . $_POST['id'] . '/')) { mkdir('../uploads/' . $_POST['id'] . '/', 0777); } if (!file_exists('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'])) { mkdir('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'], 0777); } else { foreach (glob('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/*') as $file) { if (is_dir($file)) { recursiveRemoveDirectory($file); } else { unlink($file); } } } $filename = pathinfo($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["name"], PATHINFO_FILENAME); $fileext = strtolower(pathinfo($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["name"], PATHINFO_EXTENSION)); $filename = strtolower(rand() . $filename); $img = new abeautifulsite\SimpleImage($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]['tmp_name']); $img->fit_to_width(300)->save('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/300xauto_' . $filename . '.' . $fileext); $img->save('../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/' . $filename . '.' . $fileext); move_uploaded_file($_FILES[$_POST['recordset'] . '_' . $getFinfo['db_name']]["tmp_name"], '../uploads/' . $_POST['id'] . '/' . $getFinfo['db_name'] . '/' . $filename . '.' . $fileext); $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $filename . '.' . $fileext . '" '; $checkPosted++; } break; case "html": $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . addslashes(htmlspecialchars($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']])) . '" '; $checkPosted++; break; case "yesno": $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']] . '" '; $checkPosted++; break; case "multiselect": case "checkboxes": $vals = ""; $x = 0; if (isset($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']])) { foreach ($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']] as $key => $value) { $x++; $vals .= $value . ($x < count($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']]) ? "," : ""); } $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $vals . '" '; $checkPosted++; } break; case "radio": $vals = ""; $x = 0; if (!empty($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']])) { $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . htmlspecialchars($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']]) . '" '; $checkPosted++; } break; case "foreignkey": $fkeyOptions = $eqApp->get_field_options($getFinfo['options'], $pnum - 1); if ($fkeyOptions['record_fkeytype'] == "select") { $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . htmlspecialchars($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']]) . '" '; $checkPosted++; } elseif ($fkeyOptions['record_fkeytype'] == "multiselect") { $vals = ''; if (isset($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']])) { $d = 0; foreach ($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']] as $key => $value) { $d++; $vals .= htmlspecialchars($value) . ($d < count($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']]) ? "," : ""); } } $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $vals . '" '; $checkPosted++; } break; case "custom_url": $custom_url = ltrim(rtrim($getFinfo['custom_url'], '/'), '/'); $perma = explode('/', $custom_url); $postedCustomUrl = ""; $ddnum = 0; foreach ($perma as $links) { $ddnum++; if (isset($_POST[$links])) { $postedCustomUrl .= $eqApp->permaLink($_POST[$links]) . '/'; } } $postedCustomUrl = rtrim($postedCustomUrl, '/'); $checkCU_q = 'SELECT * FROM cms_content WHERE custom_url = "' . $postedCustomUrl . '" AND id <> "' . $_POST['id'] . '"'; $checkCU_r = mysql_query($checkCU_q); $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . $postedCustomUrl . (mysql_num_rows($checkCU_r) > 0 ? rand() : '') . '" '; $checkPosted++; break; default: //for text,textarea,colorpicker,date,select $query_q .= ($pnum > 1 ? ", " : " ") . $getFinfo['db_name'] . '="' . htmlspecialchars($_POST[$_POST['recordset'] . '_' . $getFinfo['db_name']]) . '" '; $checkPosted++; break; } $pnum++; } $query_q .= 'WHERE id = "' . $_POST['id'] . '"'; if ($checkPosted > 0) { mysql_query($query_q) or die(mysql_error()); } exit; }
public function savepage() { $eqApp = new Apps(); if (isset($_POST['title'])) { if (!empty($_POST['page_url'])) { //if the page url is not empty ...meaning one has already been set then set up a //custom url and check if it exists amungst other pages $uri = $eqApp->permaLink($_POST['title']); $checkuri_q = 'SELECT * FROM cms_pages WHERE page_url = "' . $uri . '" AND id <> "' . $_POST['id'] . '"'; $checkuri_r = mysql_query($checkuri_q); if (mysql_num_rows($checkuri_r) == 1) { $uri = $uri . '-' . rand(); } else { $uri = $uri; } } else { $uri = $eqApp->permaLink($_POST['title']); $checkuri_q = 'SELECT * FROM cms_pages WHERE page_url = "' . $uri . '" AND id <> "' . $_POST['id'] . '"'; $checkuri_r = mysql_query($checkuri_q); if (mysql_num_rows($checkuri_r) == 1) { $uri = $uri . '-' . rand(); } else { $uri = $uri; } } //Create query for the edit page $updateP_q = 'UPDATE cms_pages SET page_url = "' . $uri . '", pagestatus = "' . $_POST['pagestatus'] . '", title = "' . $_POST['title'] . '", search_index = "' . $_POST['search_index'] . '", meta_title = "' . $_POST['meta_title'] . '", meta_description = "' . $_POST['meta_description'] . '", meta_keywords = "' . $_POST['meta_keywords'] . '", parentid = "' . $_POST['parentid'] . '", catid = "' . $_POST['catid'] . '", redirect = "' . $_POST['redirect'] . '" WHERE id = "' . $_POST['id'] . '"'; $updateP_r = mysql_query($updateP_q) or die(mysql_error()); //Make sure all sub pages of this page change their cat id's in case this page's ids have been changed $subP_q = 'UPDATE cms_pages SET catid = "' . $_POST['catid'] . '" WHERE parentid = "' . $_POST['id'] . '"'; $subP_r = mysql_query($subP_q); //print the new uri of the page so that it outputs on the text-input of the page edit echo $uri; exit; } }