$restaurant_picture_oid = isset($_POST['restaurant_picture_oid']) ? $_POST['restaurant_picture_oid'] : 'NULL';
// to keep postgres clean
$restaurant_picture_type = isset($_FILES['restaurant_picture']['type']) ? $_FILES['restaurant_picture']['type'] : '';
$remove_picture = isset($_POST['remove_picture']) ? $_POST['remove_picture'] : '';
$restaurant_menu_text = isset($_POST['restaurant_menu_text']) ? htmlentities(stripslashes($_POST['restaurant_menu_text']), ENT_QUOTES) : '';
$restaurant_comments = isset($_POST['restaurant_comments']) ? htmlentities(stripslashes($_POST['restaurant_comments']), ENT_QUOTES) : '';
if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) {
// Figure out who the owner of this restaurant is, Editors can edit anyones items
$sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc());
$rc = $DB_LINK->Execute($sql);
// If the recipe is owned by someone else then do not allow editing
if ($rc->fields['restaurant_user'] != "" && $rc->fields['restaurant_user'] != $SMObj->getUserID()) {
die($LangUI->_('You are not the owner of this restaurant, you are not allowed to edit it'));
}
}
$restObj = new Restaurant($restaurant_id, $restaurant_name, $restaurant_website, $restaurant_address, $restaurant_city, $restaurant_state, $restaurant_zip, $restaurant_country, $restaurant_phone, $restaurant_hours, $restaurant_menu_text, $_FILES['restaurant_picture'], $restaurant_picture_type, $restaurant_picture_oid, $restaurant_comments, $restaurant_price, $restaurant_delivery, $restaurant_carry_out, $restaurant_dine_in, $restaurant_credit, $SMObj->getUserID());
// Add or Update the restaurant
$restObj->addUpdate();
// Handle the picture
if ($remove_picture == "yes") {
$restObj->deletePicture();
} else {
$restObj->updatePicture();
}
// Now that wasn't so painful was it?
if ($restaurant_id) {
echo $LangUI->_('restaurant successfully updated');
} else {
echo $LangUI->_('restaurant successfully added');
}
echo "<p>";
