function add($postArray) { if (User::isAdmin()) { $bm = BandMember::get($postArray['member_id']); } else { $uo = User::getCurrent(); $bm = BandMember::getByUserID($uo->getID()); } if (db::isError($bm)) { return $bm; } $db = new db(); $member_id = $bm->getID(); $title = $db->sanitize_to_db($postArray['title']); $_dt = strtotime($postArray['date']); $dt = date('Y-m-d', $_dt) . ' ' . $postArray['time']; $dateTime = date("Y-m-d H:i:s", strtotime($dt)); $body = $db->sanitize_to_db($postArray['body']); if (!$title) { $title = '(untitled)'; } $r = @mysql_query("insert into Band_Diaries (title, member_id, date_time, body, is_active) values ('{$title}','{$member_id}','{$dateTime}','{$body}'," . DEFAULT_ACTIVE . ")"); if (!$r) { return Error::MySQL(); } else { $bd = BandMemberDiary::get(mysql_insert_id()); return $bd; } }
function update($setting, $value) { if (!Config::isValidSetting($setting)) { return Error::create("Unrecognized setting: {$setting}"); } $q = "delete from Config where name = '{$setting}'"; $r = @mysql_query($q); if (!$r) { return Error::MySQL(); } $q = "insert into Config (name, value) values ('{$setting}', '" . db::sanitize_to_db($value) . "')"; $r = @mysql_query($q); if (!$r) { return Error::MySQL(); } return true; }
function add($postArray) { $db = new db(); include_class('venues'); $e = new Error(); $name = $db->sanitize_to_db($postArray['name']); $dt = $db->sanitize_to_db($postArray['date']); $date = date("Y-m-d", strtotime($dt)); if ($postArray['time']) { $time = $db->sanitize_to_db($postArray['time']); $time = "'" . date("H:i:s", strtotime($time)) . "'"; } else { $time = "null"; } if ($postArray['cost'] != "") { $cost = $db->sanitize_to_db($postArray['cost']); $cost = "'{$cost}'"; } else { $cost = "null"; } $is_all_ages = $postArray['is_all_ages'] == '1' ? 1 : 0; $other_bands = $db->sanitize_to_db($postArray['other_bands']); $notes = $db->sanitize_to_db($postArray['notes']); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } if ($postArray['venue_id'] != '0') { $ve = Venue::get($postArray['venue_id']); } if (db::isError($ve)) { $e->add($ve); } if ($e->hasErrors()) { return $e; } $user_id = $uo->getID(); $venue_id = $db->sanitize_to_db($postArray['venue_id']); if (!$name) { $name = is_object($ve) && !db::isError($ve) ? $db->sanitize_to_db($ve->getName()) : "(untitled show)"; } $r = mysql_query("insert into Shows (name, venue_id, date, time, user_id, cost, is_all_ages, other_bands, notes, is_active) values ('{$name}', '{$venue_id}', '{$date}', {$time}, {$user_id}, {$cost}, {$is_all_ages}, '{$other_bands}', '{$notes}'," . DEFAULT_ACTIVE . ")"); if ($r) { return Show::get(mysql_insert_id()); } else { return Error::MySQL(); } }
function login($username, $password) { $db = new db(); $username = $db->sanitize_to_db($username); $password = md5($db->sanitize_to_db($password)); $q = "select ID from Users where username = '******' and password = '******'"; $r = mysql_query($q); $row = mysql_fetch_assoc($r); if ($row['ID']) { $uo = User::get($row['ID']); $_SESSION['_uo'] = $uo; return true; } else { return false; } }
function update($postArray) { $db = new db(); $e = new Error(); if (User::isAdmin()) { $genreID = $db->sanitize_to_db($postArray['genreID']); if (!$this->isValidGenreID($postArray['genreID'])) { $e->add("Invalid genre specified"); } $name = $db->sanitize_to_db($postArray['name']); if ($name == '' || $name == null) { $e->add("You must specify a name for your band."); } $managerName = $db->sanitize_to_db($postArray['managerName']); $address1 = $db->sanitize_to_db($postArray['address1']); $address2 = $db->sanitize_to_db($postArray['address2']); $city = $db->sanitize_to_db($postArray['city']); $stateProvince = $db->sanitize_to_db($postArray['stateProvince']); if ($stateProvince == "??") { $stateProvince = $db->sanitize_to_db($postArray['stateProvinceOther']); } $postalCode = $db->sanitize_to_db($postArray['postalCode']); $bio = $db->sanitize_to_db($postArray['bio']); $miscellaneous = $db->sanitize_to_db($postArray['miscellaneous']); $country = $db->sanitize_to_db($postArray['country']); $defaultStateProvince = $db->sanitize_to_db($postArray['defaultStateProvince']); if ($defaultStateProvince == "??") { $defaultStateProvince = $db->sanitize_to_db($postArray['defaultStateProvince']); } $defaultCountry = $db->sanitize_to_db($postArray['defaultCountry']); $defaultCity = $db->sanitize_to_db($postArray['defaultCity']); $description = $db->sanitize_to_db($postArray['description']); if ($e->hasErrors()) { return $e; } $q = "delete from Band_Information"; $r = mysql_query($q); if (!$r) { return Error::MySQL(); } $q = "insert into Band_Information (name, managerName, address1, address2, city, stateProvince, postalCode, bio, miscellaneous, country, defaultStateProvince, defaultCountry, defaultCity, genreID, description) "; $q .= "values ('{$name}', '{$managerName}', '{$address1}', '{$address2}', '{$city}', '{$stateProvince}', '{$postalCode}', '{$bio}', '{$miscellaneous}', '{$country}', '{$defaultStateProvince}', '{$defaultCountry}', '{$defaultCity}', '{$genreID}', '{$description}')"; $r = mysql_query($q); // ping auditionrocks.com // aborted attempt at creating an audition directory /* include_class('xmlrpc'); $xc = new xmlrpc_client("/ping/", "www.auditionrocks.com"); $message = new xmlrpcmsg("audition.pingBack", array( new xmlrpcval($_SERVER["HTTP_HOST"] . SITE_WEB_DIRECTORY, "string"), new xmlrpcval($name, "string"), new xmlrpcval($bio, "string"), new xmlrpcval($genreID, "int"), new xmlrpcval($city, "string"), new xmlrpcval($stateProvince, "string"), new xmlrpcval($postalCode, "string"), new xmlrpcval($country, "string")) ); $response = $xc->send($message, 5, "POST"); */ if ($r) { return true; } else { return Error::create("An unexplained error occurred when trying to update your information."); } } }
function update($postArray) { $db = new db(); $title = $db->sanitize_to_db($postArray['title']); $uo = User::getCurrent(); include_class('band_members'); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } $user_id = $uo->getID(); $_dt = strtotime($postArray['date']); $dt = date('Y-m-d', $_dt) . ' ' . $postArray['time']; $dateTime = date("Y-m-d H:i:s", strtotime($dt)); $description = $db->sanitize_to_db($postArray['description']); $body = $db->sanitize_to_db($postArray['body']); if (!$title) { $title = '(untitled)'; } if (!$this->canEdit()) { return Error::create("You may not edit this news posting."); } $r = @mysql_query("update Band_News set title='{$title}', user_id = {$user_id}, date_time='{$dateTime}', description='{$description}', body='{$body}' where ID = " . $this->ID); if ($r) { return BandNews::get($this->ID); } else { return Error::MySQL(); } }
function add($postArray) { $db = new db(); if (!User::isAdmin()) { return Error::create("Only an administrator may add tours."); } $title = $db->sanitize_to_db($postArray['title']); $start_date = $db->sanitize_to_db($postArray['start_date']); $end_date = $db->sanitize_to_db($postArray['end_date']); $sd = strtotime($start_date); $start_date = date('Y-m-d', $sd); $ed = strtotime($end_date); $end_date = date('Y-m-d', $ed); $description = $db->sanitize_to_db($postArray['description']); if (!$title) { $title = '(untitled tour)'; } $r = @mysql_query("insert into Tours (title, start_date, end_date, description, is_active) values ('{$title}', '{$start_date}', '{$end_date}', '{$description}','" . DEFAULT_ACTIVE . "')"); if ($r) { return Tour::get(mysql_insert_id()); } else { return Error::MySQL(); } }
function update($postArray) { $db = new db(); $e = new Error(); $firstname = $db->sanitize_to_db($postArray['firstname']); if (!$firstname) { $e->add("A guest performer entry must contain a first name."); } $lastname = $db->sanitize_to_db($postArray['lastname']); $function = $db->sanitize_to_db($postArray['function']); if (!$function) { $e->add("A guest performer must serve a function."); } $description = $db->sanitize_to_db($postArray['description']); $website = $db->sanitize_to_db($postArray['website']); if ($e->hasErrors()) { return $e; } if (User::isAdmin()) { $r = @mysql_query("update Band_Guest_Performers set firstname='{$firstname}', lastname='{$lastname}', function='{$function}', description='{$description}', website='{$website}' where ID = {$this->ID}"); if (!$r) { return Error::MySQL(); } else { return $this; } } else { return Error::create("Only an administrator may update guest performers."); } }
function update($postArray, $filterObj = null) { if ($filterObj) { $proceed = $filterObj->validateMediaOperation("UPDATE"); if (db::isError($proceed)) { return $proceed; } } $db = new db(); $title = $db->sanitize_to_db($postArray['title']); $description = $db->sanitize_to_db($postArray['description']); $u = User::getCurrent(); if ($u->isAdmin()) { $access = $db->sanitize_to_db($postArray['access']); if ($access == 'STREAMING') { $result = $this->setupStreaming(); if ($db->isError($result)) { return $result; } } $q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}', access = '{$access}' where ID = " . $this->ID; } else { $q = "update DarkRoom_Media_to_Areas set title = '{$title}', description = '{$description}' where ID = " . $this->ID; } $r = mysql_query($q); if ($r) { return $r; } else { $e = new Error(); $e->add(mysql_error()); return $e; } }
function add($postArray) { if (User::isAdmin()) { $db = new db(); $name = $db->sanitize_to_db($postArray['name']); $description = $db->sanitize_to_db($postArray['description']); $url = $db->sanitize_to_db($postArray['url']); $category_id = $postArray['category_id']; if (!$name) { $name = '(untitled link)'; } if (strlen($url) < 6) { return Error::create("Please enter a valid URL. A URL typically begins with \"http://\""); } $r = mysql_query("INSERT INTO Links (name, description, url, category_id, is_active) VALUES ('{$name}', '{$description}', '{$url}', '{$category_id}', " . DEFAULT_ACTIVE . ")"); if ($r) { $nl = Link::get(mysql_insert_id()); return $nl; } else { return Error::MySQL(); } } else { return Error::create("Only an administrator may add links."); } }
function add($postArray) { $db = new db(); $uo = User::getCurrent(); if (User::isAdmin()) { $uo = User::get($postArray['user_id']); if (db::isError($uo)) { $e->add($uo); } else { if (!$uo->isAdmin() && $uo->isBandMember()) { $e->add("Invalid user. User must be a band member or an administrator."); } } } else { $uo = User::getCurrent(); } $user_id = $uo->getID(); $name = $db->sanitize_to_db($postArray['name']); $address1 = $db->sanitize_to_db($postArray['address1']); $address2 = $db->sanitize_to_db($postArray['address2']); $city = $db->sanitize_to_db($postArray['city']); $stateProvince = $db->sanitize_to_db($postArray['stateProvince']); if ($stateProvince == "??") { $stateProvince = $db->sanitize_to_db($postArray['stateProvinceOther']); } $postalCode = $db->sanitize_to_db($postArray['postalCode']); $directions = $db->sanitize_to_db($postArray['directions']); $country = $db->sanitize_to_db($postArray['country']); $country = $country == null ? VENUE_DEFAULT_COUNTRY : $country; if (!$name) { $name = '(untitled venue)'; } $r = mysql_query("insert into Venues (user_id, country, name, address1, address2, city, stateProvince, postalCode, directions, is_active) values ('{$user_id}', '{$country}', '{$name}', '{$address1}', '{$address2}', '{$city}', '{$stateProvince}', '{$postalCode}', '{$directions}'," . DEFAULT_ACTIVE . ")"); if ($r) { return Venue::get(mysql_insert_id()); } else { return Error::MySQL(); } }
function update($postArray) { $db = new db(); $e = new Error(); if ($this->canEdit()) { $password = $db->sanitize_to_db($postArray['password']); $confirmPassword = $db->sanitize_to_db($postArray['password_confirm']); $passwordHash = null; if ($password != null && $password != "") { // something has been entered for password if ($password == $confirmPassword) { if (strlen($password) > 4) { $passwordHash = md5($password); } else { $e->add("A user password must be at least 5 characters."); } } else { $e->add("The two passwords do not match."); } } $firstname = $db->sanitize_to_db($postArray['firstname']); if (!$firstname) { $e->add("A band member entry must contain a first name."); } $lastname = $db->sanitize_to_db($postArray['lastname']); $role = $db->sanitize_to_db($postArray['role']); if (!$role) { $e->add("A band member entry must contain a role."); } $email = $db->sanitize_to_db($postArray['email']); $_dt = strtotime($db->sanitize_to_db($postArray['birthdate'])); $birthdate = date('Y-m-d', $_dt); $equipment = $db->sanitize_to_db($postArray['equipment']); $influences = $db->sanitize_to_db($postArray['influences']); $bio = $db->sanitize_to_db($postArray['bio']); if ($e->hasErrors()) { return $e; } else { // first we update the users record $passwordQuery = $passwordHash != null ? "password = '******'," : ""; $result = @mysql_query("update Users set {$passwordQuery} lastname='{$lastname}', firstname='{$firstname}', birthdate='{$birthdate}', email='{$email}' where ID = {$this->user_id}"); if (!$result) { $e->add(mysql_error()); } $result2 = mysql_query("update Band_Members set role='{$role}', equipment='{$equipment}', influences='{$influences}', bio='{$bio}' where ID = " . $this->ID); if (!$result2) { $e->add(mysql_error()); } if ($e->hasErrors()) { return $e; } else { return true; } } } else { $e->add("You may not edit this band member's information."); return $e; } }
$r = @mysql_query($stmt); if (!$r) { break; } } } if (!$r) { $e->add("Error installing Audition database: " . mysql_error()); } else { // create admin user $username = db::sanitize_to_db($_POST['username']); $password = md5(trim($_POST['password'])); $email = db::sanitize_to_db($_POST['email']); $birthdate = db::sanitize_to_db($_POST['birthdate']); $firstname = db::sanitize_to_db($_POST['firstname']); $lastname = db::sanitize_to_db($_POST['lastname']); $q = "insert into Users (username, password, email, birthdate, firstname, lastname, level) values ('{$username}', '{$password}', '{$email}', '{$birthdate}', '{$firstname}', '{$lastname}', 'ADMIN')"; $r = @mysql_query($q); if (!$r) { $e->add("Error creating administrative user: "******"<?php\n"; $configuration .= "define('DB_SERVER', '{$_POST['dbServer']}');\n"; $configuration .= "define('DB_SERVER_USERNAME', '{$_POST['dbUser']}');\n";
function update($postArray) { $db = new db(); if (User::isAdmin()) { $title = $db->sanitize_to_db($postArray['title']); $number = $db->sanitize_to_db($postArray['number']); $length = $db->sanitize_to_db($postArray['length']); if ($postArray['length'] != "") { $length = $db->sanitize_to_db($postArray['length']); $length = "'00:{$length}'"; } else { $length = "null"; } $meta_information = $db->sanitize_to_db($postArray['meta_information']); $lyrics = $db->sanitize_to_db($postArray['lyrics']); if (!$title) { $title = '(untitled track)'; } $r = @mysql_query("update Release_Tracks set title='{$title}', number='{$number}', meta_information = '{$meta_information}', lyrics = '{$lyrics}', length = {$length} where ID = {$this->ID}"); if (!$r) { return Error::MySQL(); } else { return ReleaseTrack::get($this->ID); } } else { return Error::create("You are not allowed to update tracks."); } }
function addTrack($postArray) { $db = new db(); include_class('text'); if (User::isAdmin()) { $title = $db->sanitize_to_db($postArray['title']); $number = $db->sanitize_to_db($postArray['number']); if ($postArray['length'] != "") { $length = $db->sanitize_to_db($postArray['length']); $length = "'00:{$length}'"; } else { $length = "null"; } if (!Text::isRTELoaded('description')) { $postArray['lyrics'] = nl2br($postArray['lyrics']); } if (!Text::isRTELoaded('description')) { $postArray['meta_information'] = nl2br($postArray['meta_information']); } $meta_information = $db->sanitize_to_db($postArray['meta_information']); $lyrics = $db->sanitize_to_db($postArray['lyrics']); if (!$title) { $title = '(untitled track)'; } $r = @mysql_query("insert into Release_Tracks (title, number, meta_information, lyrics, length, release_id) values ('{$title}', '{$number}', '{$meta_information}', '{$lyrics}', {$length}, '{$this->ID}')"); if (!$r) { return Error::MySQL(); } else { $rt = ReleaseTrack::get(mysql_insert_id()); return $rt; } } else { return Error::create("You are not allowed to add tracks to a release."); } }