} } } } $message .= $avatarError; //Avatar End if (!isset($catid) || $catid == "") { //at the top level $parentcatid = "0"; } else { $parentcatid = $catid; } if (!isNotNull($txtCategoryName)) { $message .= "* Category Name is required! <br>"; } else { if (categoryExists($txtCategoryName, $catid)) { $message .= "Category Exists!"; } } if ($message != "") { // error $message = "<br>Please correct the following errors to continue!<br>" . $message; } else { // no error so insert category details if ($parentcatid == "0") { //top level category $sqlinsertcat = "INSERT INTO " . $tableprefix . "categories(category_name,parent_id,route,avatar)\n\t\t\t\t\t\t\t \t\t\t\t\t VALUES ('" . addslashes($txtCategoryName) . "', '" . addslashes($parentcatid) . "','0','" . addslashes($catfilename) . "') "; $resultinsertcat = mysql_query($sqlinsertcat); $route_pr = mysql_insert_id(); $category_id = $route_pr; $catOptArr = $_POST['category_options'];
function constructQuery() { global $smarty; $query = array(); $query_select = "SELECT b.*, s.username FROM blog AS b, signup AS s WHERE b.UID = s.UID"; $query_count = "SELECT count(b.BID) AS total_blogs FROM blog AS b, signup AS s WHERE b.UID = s.UID"; $query_option = array(); $category = isset($_GET['CHID']) && is_numeric($_GET['CHID']) && categoryExists($_GET['CHID']) ? intval(trim($_GET['CHID'])) : NULL; $option_orig = array('username' => '', 'title' => '', 'content' => '', 'category' => $category, 'status' => '', 'sort' => 'b.BID', 'order' => 'DESC', 'display' => 10); $all = isset($_GET['all']) ? intval($_GET['all']) : 0; if ($all == 1) { unset($_SESSION['search_blogs_option']); } $option = isset($_SESSION['search_blogs_option']) ? $_SESSION['search_blogs_option'] : $option_orig; if (isset($_POST['search_blogs'])) { $option['username'] = trim($_POST['username']); $option['title'] = trim($_POST['title']); $option['content'] = trim($_POST['content']); $option['category'] = intval(trim($_POST['category'])); $option['status'] = trim($_POST['status']); $option['sort'] = trim($_POST['sort']); $option['order'] = trim($_POST['order']); $option['display'] = trim($_POST['display']); if ($option['username'] != '' || isset($_GET['UID'])) { if ($option['username'] != '') { $UID = getUserID($option['username']); } else { $UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? $_GET['UID'] : 0; } $UID = $UID ? intval($UID) : 0; $query_option[] = " AND b.UID = " . $UID; } if ($option['title'] != '') { $query_option[] = " AND b.title LIKE '%" . mysql_real_escape_string($option['title']) . "%'"; } if ($option['content'] != '') { $query_option[] = " AND b.content LIKE '%" . mysql_real_escape_string($option['content']) . "%'"; } if ($option['category'] != '') { $query_option[] = " AND b.category = " . intval($option['category']); } if ($option['status'] == '1' || $option['status'] == '0') { $query_option[] = " AND b.status = '" . $option['status'] . "'"; } $_SESSION['search_blogs_option'] = $option; } $query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order']; $query['select'] = $query_select . implode(' ', $query_option); $query['count'] = $query_count . implode(' ', $query_option); $query['page_items'] = $option['display']; $smarty->assign('option', $option); return $query; }
function constructQuery($module) { global $smarty; $query_module = ''; if ($module == 'private' or $module == 'public') { $query_module = " AND a.type = '" . $module . "'"; } $query = array(); $query_select = "SELECT a.*, s.username FROM albums AS a, signup AS s WHERE a.UID = s.UID" . $query_module; $query_count = "SELECT count(a.AID) AS total_albums FROM albums AS a WHERE a.AID != ''" . $query_module; $query_add = $query_module != '' ? " AND" : " WHERE"; $query_option = array(); $category = isset($_GET['CHID']) && is_numeric($_GET['CHID']) && categoryExists($_GET['CHID']) ? intval(trim($_GET['CHID'])) : NULL; $option = array('username' => '', 'name' => '', 'tags' => '', 'category' => $category, 'status' => '', 'sort' => 'a.AID', 'order' => 'DESC', 'display' => 10); if (isset($_POST['search_albums'])) { $option['username'] = trim($_POST['username']); $option['name'] = trim($_POST['name']); $option['tags'] = trim($_POST['tags']); $option['category'] = intval(trim($_POST['category'])); $option['status'] = intval(trim($_POST['status'])); $option['sort'] = trim($_POST['sort']); $option['order'] = trim($_POST['order']); $option['display'] = intval(trim($_POST['display'])); } if ($option['username'] != '' || isset($_GET['UID'])) { if ($option['username'] != '') { $UID = getUserID($option['username']); } else { $UID = isset($_GET['UID']) && is_numeric($_GET['UID']) ? $_GET['UID'] : 0; } $UID = $UID ? intval($UID) : 0; $query_option[] = " AND a.UID = " . $UID; } if ($option['name'] != '') { $query_option[] = " AND a.name LIKE '%" . mysql_real_escape_string($option['name']) . "%'"; } if ($option['tags'] != '') { $query_option[] = " AND a.tags LIKE '%" . mysql_real_escape_string($option['tags']) . "%'"; } if ($option['category'] != '') { $query_option[] = " AND a.category = " . intval($option['category']); } if ($option['status'] === 0 || $option['status'] === 1) { $query_option[] = " AND a.status = " . $option['status']; } $query_option[] = " ORDER BY " . $option['sort'] . " " . $option['order']; $query['select'] = $query_select . implode(' ', $query_option); $query['count'] = $query_count . implode(' ', $query_option); $query['page_items'] = $option['display']; $smarty->assign('option', $option); return $query; }
function verifyArticle($articleArray) { $feedback = array(); if ($articleArray['comment_to'] == "NULL") { if (strlen($articleArray['title']) < 2) { $feedback[] = getString("title_is_required", "Tittelen mangler."); } } if (strlen($articleArray['body']) < 2) { $feedback[] = getString("body_is_required", "Teksten mangler."); } if (!justTextAndNumbers($articleArray['author'])) { $feedback[] = "author_just_text_and_numbers"; } if (!isLoggedIn($articleArray['author_username'])) { $feedback[] = "user_does_not_exist"; } if (!mayCreateArticles($articleArray['author_username'])) { $feedback[] = "user_cannot_post_article"; } if (!categoryExists($articleArray['category'])) { $feedback[] = "category_does_not_exist"; } if (!validDate($articleArray['date_posted'])) { $feedback[] = "invalid_date"; } if (!validTime($articleArray['time_posted'])) { $feedback[] = "invalid_time"; } //if (!isBoolean($articleArray['is_draft'])) //$feedback[] = "isdraft_must_be_boolean"; if (!validURL($articleArray['picture_url'])) { $feedback[] = "invalid_url"; } // More than 0 errors, return now // First element in array must be -1 to signal error if (count($feedback) > 0) { array_push($feedback, "-1"); return array_reverse($feedback); } $feedback[] = "1"; return $feedback; }