示例#1
0
<?php

require_once 'includes/globals.inc';
if (isset($_GET['projid'])) {
    $projid = $_GET['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    $isNews = isNews($projid);
    emitTop('Peanut Butter -> Projects -> Edit: ' . $name, '/pb/');
    if ($name == '') {
        errAndDie('Project not found.');
    }
} else {
    emitTop('Peanut Butter -> Edit Project [ERROR]', $_SERVER['PHP_SELF']);
    errAndDie('Required Information not specified.');
}
if ($userType != ADMIN && $userType != SITEADMIN) {
    errAndDie('Sorry, only admins/siteadmins may edit projects.');
}
if ($userType == ADMIN && $owner != $userName) {
    errAndDie('Sorry, you may only edit your own project.');
}
mysqlSetup();
$sqlquery = "SELECT * FROM `pb_projects`" . " WHERE `id` = '{$mprojid}'";
$result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
$count = mysql_num_rows($result);
$row = mysql_fetch_assoc($result);
示例#2
0
mysqlSetup();
if (isset($_POST['modified'])) {
    if (!isset($_POST['projid'])) {
        errAndDie('Project ID not specified.');
    }
    $projid = $_POST['projid'];
    $projinfo = getProjInfoFromId($projid);
    $name = $projinfo[0];
    $owner = $projinfo[1];
    if ($userType == ADMIN && $owner != $userName) {
        errAndDie('Sorry, admins may only edit their own projects.');
    }
    escapes('projid', $projid);
    escapes('name', $name);
    escapes('owner', $owner);
    if (isNews($projid)) {
        errAndDie('You cannot edit a project with id = -1');
    }
    $sqlquery = "UPDATE `pb_projects` " . "SET `name` = '{$mName}', " . "`modified` = NOW(), " . "`description` = '{$mDescription}', " . "`keywords` = '{$mKeywords}', " . "`status` = '{$mStatus}', " . "`progress` = '{$mProgress}', " . "`priority` = '{$mPriority}', " . "`deadline` = '{$mDeadline}', " . "`notes` = '{$mNotes}' " . "" . " WHERE `id` = '{$mprojid}'";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    $numrows = mysql_affected_rows();
    if (!$numrows) {
        print '<h3>Update unsuccessful.</h3>';
    } else {
        print "<h3>Edited.</h3>";
    }
} else {
    $sqlquery = "INSERT INTO `pb_projects` (`name`,`owner`,`added`,`modified`," . "`description`,`keywords`,`status`,`progress`,`priority`," . "`deadline`,`notes`) VALUES ('{$mName}','{$mOwner}',NOW(),NOW(),'{$mDescription}'," . "'{$mKeywords}','{$mStatus}','{$mProgress}','{$mPriority}'," . "'{$mDeadline}','{$mNotes}')";
    $result = mysql_query($sqlquery) or die('Invalid query: ' . mysql_error());
    print "<h3>Created.</h3>";
    $projid = mysql_insert_id();