function edit()
{
if (isset($_SESSION['User']['id']) && $_SESSION['User']['role'] == 1) {
if (empty($this->data)) {
$text = $this->Page->query('SELECT text FROM pages WHERE id = 1');
$time = $this->Page->query('SELECT text FROM pages WHERE id = 2');
$this->data['Pages']['text'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($text[0]['pages']['text']));
$this->set('selected', date('Y-m-d H:i:s', $time[0]['pages']['text']));
} else {
// Paranoid? Nah...
if ($_SESSION['User']['role'] == 1) {
$clean = new Sanitize();
$clean->cleanArray($this->data);
$date = mktime($this->data['Pages']['date_hour'], $this->data['Pages']['date_min'], 0, $this->data['Pages']['date_month'], $this->data['Pages']['date_day'], $this->data['Pages']['date_year']);
$this->Page->execute('UPDATE pages SET text = "' . $this->data['Pages']['text'] . '" WHERE pages.id = 1');
$this->Page->execute('UPDATE pages SET text = "' . $date . '" WHERE pages.id = 2');
$this->redirect('/');
}
}
} else {
die;
}
}
function edit()
{
if (!isset($_SESSION['User'])) {
$this->redirect('/users/login');
}
$this->set('error', false);
$this->pageTitle = 'Edit My Account';
if (empty($this->data)) {
$this->User->id = $_SESSION['User']['id'];
$this->data = $this->User->read();
$this->data['User']['password'] = "";
$this->set('utz', $this->data['User']['tz']);
$this->data['User']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['name']));
$this->data['User']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['website']));
$this->data['User']['location'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['User']['location']));
if (GMAP_API_KEY != null) {
if ($this->data['User']['lat']) {
$this->set('map', 'mapInit(' . $this->data['User']['lat'] . ',' . $this->data['User']['long'] . ',' . $this->data['User']['zoom'] . ')');
} else {
$this->set('map', 'mapInit()');
}
}
} else {
$user = $this->User->findById($_SESSION['User']['id']);
$this->User->id = $user['User']['id'];
$this->set('utz', $user['User']['tz']);
$clean = new Sanitize();
$temp = array('password' => $this->data['User']['password'], 'confpassword' => $this->data['User']['confpassword'], 'lat' => $clean->sql($this->data['User']['lat']), 'long' => $clean->sql($this->data['User']['long']), 'tz' => $clean->sql($this->data['User']['tz']));
//Nuke everything else
$clean->cleanArray($this->data);
$this->data['User']['email'] = $user['User']['email'];
$this->data['User']['password'] = $temp['password'];
$this->data['User']['confpassword'] = $temp['confpassword'];
$this->data['User']['lat'] = floatval($temp['lat']);
$this->data['User']['long'] = floatval($temp['long']);
$this->data['User']['tz'] = intval($temp['tz']);
$this->data['User']['role'] = $user['User']['role'];
if (!preg_match("/^(http|https)\\:\\/\\//i", $this->data['User']['website']) && !empty($this->data['User']['website'])) {
$this->User->invalidate('website');
}
if ($this->data['User']['password'] === $this->data['User']['confpassword'] && !empty($this->data['User']['password'])) {
$pass = $this->Hash->password($this->data['User']['password'], $user['User']['email']);
$this->data['User']['password'] = $pass['pass'];
$this->data['User']['salt'] = $pass['salt'];
} else {
if (empty($this->data['User']['password']) && empty($this->data['User']['confpassword'])) {
$this->data['User']['password'] = $user['User']['password'];
$this->data['User']['salt'] = $user['User']['salt'];
} else {
$this->set('error', true);
$this->User->invalidate('password');
$this->User->invalidate('confpassword');
}
}
if ($this->User->validates($this->data)) {
if ($this->User->save($this->data)) {
$sess = $this->User->findById($user['User']['id']);
$this->redirect('/users/');
}
} else {
$this->validateErrors($this->User);
$this->data['User']['password'] = null;
$this->data['User']['confpassword'] = null;
$this->render();
}
}
}
<?php
ob_start();
/**
* @author Evin Weissenberg 2013
*/
mysql_connect('localhost', 'econline_mv', 'KeHG9.C9,n0b') or die(mysql_error());
mysql_select_db('econline_mv') or die(mysql_error());
include 'lib/Query.php';
include 'lib/Satitize.php';
$s = new Sanitize();
$data = $s->cleanArray($_REQUEST);
$q = new Query();
$go = $q->setQuery("UPDATE mv_users SET user_type='" . $data['type'] . "' WHERE ID=" . $data['ID'])->run();
header('Location: /user/admin/');
function edit($id)
{
$this->Party->id = $id;
$party = $this->Party->read();
$this->set('party', $party);
$this->pageTitle = 'Edit Party';
$this->set('current', 'create');
if (empty($_SESSION['User']['id'])) {
$this->redirect('/users/login/');
}
if ($party['Party']['owner'] != $_SESSION['User']['id']) {
$this->redirect('/parties/view/' . $id);
} else {
if (empty($this->data)) {
$this->data = $party;
$date = array('hour' => intval(date('h', $party['Party']['date'])), 'min' => intval(date('i', $party['Party']['date'])), 'mon' => intval(date('m', $party['Party']['date'])), 'day' => intval(date('d', $party['Party']['date'])), 'year' => intval(date('Y', $party['Party']['date'])), 'tz' => $party['Party']['tz']);
$this->set('date', $date);
$this->data['Party']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['name']));
$this->data['Party']['vname'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['vname']));
$this->data['Party']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['website']));
$this->data['Party']['address'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['address']));
$this->data['Party']['notes'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['notes']));
$this->data['Party']['flickrusr'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['flickrusr']));
if (GMAP_API_KEY != null) {
if ($this->data['Party']['lat']) {
$this->set('map', 'mapInit(' . $this->data['Party']['lat'] . ',' . $this->data['Party']['long'] . ',' . $this->data['Party']['zoom'] . ')');
} else {
$this->set('map', 'mapInit()');
}
}
} else {
$clean = new Sanitize();
$temp = array('lat' => $clean->sql($this->data['Party']['lat']), 'long' => $clean->sql($this->data['Party']['long']), 'tz' => $clean->sql($this->data['Party']['tz']));
$clean->cleanArray($this->data);
$this->data['Party']['lat'] = floatval($temp['lat']);
$this->data['Party']['long'] = floatval($temp['long']);
$this->data['Party']['tz'] = intval($temp['tz']);
$secoffset = $this->data['Party']['tz'] * 60 * 60;
$offsetdate = gmmktime($this->data['Party']['hour_hour'], $this->data['Party']['minute_min'], 0, $this->data['Party']['month_hour'], $this->data['Party']['day_day'], $this->data['Party']['year_year']);
$this->data['Party']['date'] = $offsetdate - $secoffset;
$this->data['Party']['owner'] = $party['Party']['owner'];
$this->data['Party']['duration'] = intval($this->data['Party']['duration']);
$date = array('hour' => intval(date('h', $party['Party']['date'])), 'min' => intval(date('i', $party['Party']['date'])), 'mon' => intval(date('m', $party['Party']['date'])), 'day' => intval(date('d', $party['Party']['date'])), 'year' => intval(date('Y', $party['Party']['date'])), 'tz' => $party['Party']['tz']);
$this->set('date', $date);
if (!preg_match("/^(http|https)\\:\\/\\//i", $this->data['Party']['website']) && !empty($this->data['Party']['website'])) {
$this->Party->invalidate('website');
}
if ($this->data['Party']['flickrusr'] != $party['Party']['flickrusr']) {
$params = array('type' => 'flickr', 'username' => $this->data['Party']['flickrusr']);
$flick = new webServices($params);
$this->data['Party']['flickrid'] = $flick->getFlickrId();
}
if ($this->Party->validates($this->data)) {
if ($this->Party->save($this->data)) {
$this->Session->setFlash('Party edited successfully.', 'infoFlash');
$this->redirect('parties/view/' . $id);
}
}
}
}
}
function edit($type, $id)
{
if (empty($this->data)) {
switch ($type) {
case 'user':
$this->User->id = $id;
$user = $this->User->read();
$this->set('user', $user);
$this->data = $user;
break;
case 'party':
$this->Party->id = $id;
$party = $this->Party->read();
$this->set('party', $party);
$this->data = $party;
$this->data['Party']['name'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['name']));
$this->data['Party']['vname'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['vname']));
$this->data['Party']['website'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['website']));
$this->data['Party']['address'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['address']));
$this->data['Party']['notes'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['notes']));
$this->data['Party']['flickrusr'] = preg_replace("/&#(\\d{2,5});/e", '$this->Unicode->unicode2utf(${1})', html_entity_decode($this->data['Party']['flickrusr']));
break;
case 'comment':
$this->Comment->id = $id;
$comment = $this->Comment->read();
$this->set('comment', $comment);
$uid = $this->User->findById($comment['Comment']['owner']);
$this->set('owner', $uid['User']['name']);
$this->data = $comment;
break;
}
} else {
switch ($type) {
case 'user':
$this->User->id = $id;
$this->User->save($this->data);
break;
case 'party':
$this->Party->id = $id;
$clean = new Sanitize();
$clean->cleanArray($this->data);
$this->Party->save($this->data);
break;
case 'comment':
$this->Comment->id = $id;
$this->Comment->save($this->data);
break;
}
if ($type != 'party') {
$this->redirect('/admin/' . $type . 's');
} else {
$this->redirect('/admin/');
}
}
}
