$sql = "SELECT\n\t mk.*, m.free_marker\n FROM {$_TABLES['maps_markers']} AS mk\n\t\t\tLEFT JOIN {$_TABLES['maps_maps']} AS m\n\t\t\t\t ON mk.mid = m.mid\n\t\t\tWHERE mkid = {$_REQUEST['mkid']} LIMIT 1";
$res = DB_query($sql, 0);
$A = DB_fetchArray($res);
if ($A['owner_id'] != $_USER['uid'] or $_MAPS_CONF['marker_edition'] == 0 or $A['free_marker'] != 1) {
echo COM_refresh($_CONF['site_url']);
exit;
}
$_REQUEST['mid'] = $A['mid'];
// prepare strings for insertion
$_REQUEST['modified'] = date("YmdHis");
// lat, lng can only contain numbers and a decimal
if (empty($_REQUEST['lat']) || empty($_REQUEST['lng'])) {
$address = $_REQUEST['address'];
$coords = MAPS_getCoords($address, $lat, $lng);
if ($lat == 0 && $lng == 0) {
$display .= getMarkerForm($_REQUEST);
$display .= COM_siteFooter();
COM_output($display);
exit;
}
} else {
$lat = strval($_REQUEST['lat']);
$lng = strval($_REQUEST['lng']);
}
// addslashes
$_REQUEST['name'] = addslashes($_REQUEST['name']);
$_REQUEST['description'] = addslashes($_REQUEST['description']);
$_REQUEST['address'] = addslashes($_REQUEST['address']);
$_REQUEST['street'] = addslashes($_REQUEST['street']);
$_REQUEST['city'] = addslashes($_REQUEST['city']);
$_REQUEST['state'] = addslashes($_REQUEST['state']);
$display .= getMarkerForm($A);
} else {
echo COM_refresh($_CONF['site_url']);
}
break;
case 'editsubmission':
// Get the marker to edit and display the form
if (isset($_GET['mkid'])) {
$sql = "SELECT * FROM {$_TABLES['maps_submission']} WHERE mkid = {$_GET['mkid']} LIMIT 1";
$res = DB_query($sql);
$nRows = DB_numRows($res);
if ($nRows < 1) {
//echo COM_refresh($_MAPS_CONF['site_url'] . '/index.php');
//exit ();
}
$A = DB_fetchArray($res);
$display .= getMarkerForm($A);
} else {
echo COM_refresh($_CONF['site_url']);
}
break;
case 'new':
default:
$marker['mk_default'] = 1;
$marker['lat'] = '37.4217913';
$marker['lng'] = '-122.08371390000002';
$display .= getMarkerForm($marker);
break;
}
$display .= COM_siteFooter(0);
COM_output($display);
