function maintLot()
{
$results = '';
if (isset($_POST['save']) and $_POST['save'] == 'Save') {
// check the token
$badToken = true;
if (!isset($_POST['token']) || !isset($_SESSION['token']) || empty($_POST['token']) || $_POST['token'] !== $_SESSION['token']) {
$results = array('', 'Sorry, go back and try again.
There was a security issue.');
$badToken = true;
} else {
$badToken = false;
unset($_SESSION['token']);
// Put the sanitized variables in an associative array
// Use the FILTER_FLAG_NO_ENCODE_QUOTES
// to allow quotes in the description
$item = array('lot_id' => (int) $_POST['lot_id'], 'lot_name' => filter_input(INPUT_POST, 'lot_name', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), 'lot_description' => filter_input(INPUT_POST, 'lot_description', FILTER_SANITIZE_STRING, FILTER_FLAG_NO_ENCODE_QUOTES), 'lot_image' => filter_input(INPUT_POST, 'lot_image', FILTER_SANITIZE_STRING), 'lot_number' => (int) $_POST['lot_number'], 'lot_price' => filter_input(INPUT_POST, 'lot_price', FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'cat_id' => (int) $_POST['cat_id']);
// Set up a Lot object based on the posts
$lot = new Lot($item);
if ($lot->getLot_id()) {
$results = $lot->editRecord();
} else {
$results = $lot->addRecord();
}
}
}
return $results;
}
?>
</li>
</ul>
<?php
// create token
$salt = 'SomeSalt';
$token = sha1(mt_rand(1, 1000000) . $salt);
$_SESSION['token'] = $token;
?>
<input type="hidden" name="cat_id_in" id="cat_id_in" value="<?php
echo $cat_id_in;
?>
" />
<input type="hidden" name="lot_id" id="lot_id" value="<?php
echo $item->getLot_id();
?>
" />
<input type="hidden" name="task" id="task" value="lot.maint" />
<input type='hidden' name='token' value='<?php
echo $token;
?>
'/>
<input type="submit" name="save" value="Save" />
<a class="cancel" href="index.php?content=lots&cat_id=<?php
echo $cat_id_in;
?>
&sidebar=catnav">Cancel</a>
</fieldset>
</form>
