$restaurant_picture_oid = isset($_POST['restaurant_picture_oid']) ? $_POST['restaurant_picture_oid'] : 'NULL'; // to keep postgres clean $restaurant_picture_type = isset($_FILES['restaurant_picture']['type']) ? $_FILES['restaurant_picture']['type'] : ''; $remove_picture = isset($_POST['remove_picture']) ? $_POST['remove_picture'] : ''; $restaurant_menu_text = isset($_POST['restaurant_menu_text']) ? htmlentities(stripslashes($_POST['restaurant_menu_text']), ENT_QUOTES) : ''; $restaurant_comments = isset($_POST['restaurant_comments']) ? htmlentities(stripslashes($_POST['restaurant_comments']), ENT_QUOTES) : ''; if ($restaurant_id && !$SMObj->checkAccessLevel("EDITOR")) { // Figure out who the owner of this restaurant is, Editors can edit anyones items $sql = "SELECT restaurant_user FROM {$db_table_restaurants} WHERE restaurant_id = " . $DB_LINK->addq($restaurant_id, get_magic_quotes_gpc()); $rc = $DB_LINK->Execute($sql); // If the recipe is owned by someone else then do not allow editing if ($rc->fields['restaurant_user'] != "" && $rc->fields['restaurant_user'] != $SMObj->getUserID()) { die($LangUI->_('You are not the owner of this restaurant, you are not allowed to edit it')); } } $restObj = new Restaurant($restaurant_id, $restaurant_name, $restaurant_website, $restaurant_address, $restaurant_city, $restaurant_state, $restaurant_zip, $restaurant_country, $restaurant_phone, $restaurant_hours, $restaurant_menu_text, $_FILES['restaurant_picture'], $restaurant_picture_type, $restaurant_picture_oid, $restaurant_comments, $restaurant_price, $restaurant_delivery, $restaurant_carry_out, $restaurant_dine_in, $restaurant_credit, $SMObj->getUserID()); // Add or Update the restaurant $restObj->addUpdate(); // Handle the picture if ($remove_picture == "yes") { $restObj->deletePicture(); } else { $restObj->updatePicture(); } // Now that wasn't so painful was it? if ($restaurant_id) { echo $LangUI->_('restaurant successfully updated'); } else { echo $LangUI->_('restaurant successfully added'); } echo "<p>";