*/
require_once '../.lib/functions.php';
restrict_access('A');
if (isset($_POST['do_add_file_category'])) {
do_add();
} else {
if (isset($_POST['do_edit_file_category'])) {
do_edit();
} else {
if (isset($_GET['Delete'])) {
do_delete();
} else {
if (isset($_GET['Add'])) {
show_add_page('');
} else {
show_edit_page('');
}
}
}
}
function show_add_page($err)
{
global $body_onload;
$body_onload = 'document.forms[\'addFileCategory\'].name.focus()';
if ($err != '') {
$err = "\n <div class=\"error\">{$err}</div><br />\n";
}
$name = htmlentities($_POST['name']);
page_header('Add File Category');
echo <<<HEREDOC
<h1>Add a File Category</h1>
function do_edit()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
$display_name = htmlentities($_POST['name']);
if (strlen($display_name) > 100) {
trigger_error('Edit: name > 100 characters', E_USER_ERROR);
}
if ($display_name == '') {
show_edit_page('Display Name cannot be blank');
return;
}
$visibility = $_POST['visibility'];
if ($visibility != 'P' && $visibility != 'M' && $visibility != 'A') {
trigger_error('Edit: visibility not P, M or A', E_USER_ERROR);
}
$category_id = htmlentities($_POST['category']);
if ($category_id != '0') {
$query = 'SELECT * FROM file_categories WHERE category_id="' . mysqli_real_escape_string(DB::get(), $category_id) . '"';
$result = DB::queryRaw($query);
if (mysqli_num_rows($result) != 1) {
trigger_error('Edit: Incorrect number of categories match submitted ID', E_USER_ERROR);
}
}
$query = 'SELECT category, order_num FROM files WHERE file_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '"';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
if (!$row) {
trigger_error('Edit: file not found', E_USER_ERROR);
}
$old_category = $row['category'];
$order = $row['order_num'];
if ($old_category != $category_id) {
$query = 'SELECT MAX(order_num) FROM files WHERE category="' . mysqli_real_escape_string(DB::get(), $category_id) . '"';
$result = DB::queryRaw($query);
$row = mysqli_fetch_assoc($result);
$order = $row['MAX(order_num)'] + 1;
}
// VALIDATION COMPLETE
$query = 'UPDATE files SET name="' . mysqli_real_escape_string(DB::get(), $display_name) . '", permissions="' . mysqli_real_escape_string(DB::get(), $visibility) . '", category="' . mysqli_real_escape_string(DB::get(), $category_id) . '", order_num="' . mysqli_real_escape_string(DB::get(), $order) . '" WHERE file_id="' . mysqli_real_escape_string(DB::get(), $_GET['ID']) . '" LIMIT 1';
DB::queryRaw($query);
$_SESSION['FILE_edited'] = 'The file "' . $display_name . '" has been edited';
header('Location: Files');
}
function do_delete()
{
if ($_POST['xsrf_token'] != $_SESSION['xsrf_token']) {
trigger_error('XSRF code incorrect', E_USER_ERROR);
}
// Ensure that the team exists and belongs to this user's school
if (DB::queryFirstField('SELECT COUNT(*) FROM teams WHERE team_id=%i AND school=%i', $_GET['Delete'], $_SESSION['LMT_user_id']) == 0) {
show_edit_page('Invalid team.');
}
DB::delete('teams', 'team_id=%i', $_GET['Delete']);
DB::delete('teams', 'individuals=%i', $_GET['Delete']);
header('Location: Home');
}
