public static function validate_admin() { if (isset($_POST['submit'])) { $required_fields = array("username", "password"); validation::validate_presentces($required_fields); $fields_with_max_lengths = array("password" => 30); validation::validate_max_lengths($fields_with_max_lengths); return empty(validation::$errors) ? true : false; } else { return false; } }
/** * edit page according the passed page id * @param string $page_id * update session message */ public static function edit_page($page_id) { global $dbo; if (isset($_POST['submit'])) { // validations $required_fields = array("menu_name", "position", "visible", "content"); validation::validate_presentces($required_fields); $fields_with_max_lengths = array("menu_name" => 200, "description" => 500, "content" => 2000); validation::validate_max_lengths($fields_with_max_lengths); if (empty(validation::$errors)) { // process form perform update $id = $page_id; $subject_id = (int) $_POST["belong_subject"]; $menu_name = $dbo->mysql_prep($_POST["menu_name"]); // Escape all strings $position = (int) $_POST["position"]; $visible = (int) $_POST["visible"]; $home_page = (int) $_POST["home_display"]; $archive = (int) $_POST["archive_display"]; $description = $dbo->mysql_prep($_POST["description"]); //$content = str_replace(" ", "", ); $content = $dbo->mysql_prep($_POST["content"]); // perform database query $query = "UPDATE pages SET "; $query .= "subject_id = '{$subject_id}', "; $query .= "menu_name = '{$menu_name}', "; $query .= "position = {$position}, "; $query .= "visible = {$visible}, "; $query .= "home_page = {$home_page}, "; $query .= "archive = {$archive}, "; $query .= "description = '{$description}', "; $query .= "content = '{$content}' "; $query .= "WHERE id = {$id}"; $query .= " LIMIT 1"; $result = self::find_by_sql($query); } if (isset($result) && $dbo->affected_rows($result) >= 0) { // success $_SESSION["message"] = "Page Updated."; utility::redirect_to("manage_content.php?page={$id}"); } else { // failure $_SESSION["message"] = "Page update failed."; } } else { // This is probably a GET request } }
/** * Create a comment * no return value, update $_SESSION message */ public static function create_comment() { global $dbo; global $current_page; if (isset($_POST['submit'])) { // validations $required_fields = array("author", "body"); validation::validate_presentces($required_fields); $fields_with_max_lengths = array("body" => 200); validation::validate_max_lengths($fields_with_max_lengths); if (empty(validation::$errors)) { // process form $page_id = $current_page['id']; $created = strftime("%Y-%m-%d %H-%M-%S", time()); // $created = time(); // store time stam or string $author = $dbo->mysql_prep($_POST["author"]); $body = $dbo->mysql_prep($_POST["body"]); // perform database query $query = "INSERT INTO comments ("; $query .= " page_id, created, author, body"; $query .= ") VALUES ("; $query .= " {$page_id}, '{$created}', '{$author}', '{$body}'"; $query .= ")"; $result = $dbo->query($query); $dbo->confirm_query($result); } if (isset($result) && $dbo->affected_rows($result) >= 0) { // success $_SESSION["message"] = "comment created."; //utility::redirect_to("manage_admins.php"); } else { // failure $_SESSION["message"] = "comment creation failed."; } } else { $_SESSION["message"] = "There is some problem."; // not a post submit } }
/** * edit subject according to form submit * @param string $subject_id A field provide by user click edit button * */ public static function edit_subject($subject_id) { global $dbo; if (isset($_POST['submit'])) { // validations $required_fields = array("menu_name", "position", "visible"); validation::validate_presentces($required_fields); $fields_with_max_lengths = array("menu_name" => 30); validation::validate_max_lengths($fields_with_max_lengths); if (empty(validation::$errors)) { // process form perform update $id = $subject_id; $menu_name = $dbo->mysql_prep($_POST["menu_name"]); // Escape all strings $position = (int) $_POST["position"]; $visible = (int) $_POST["visible"]; // perform database query $query = "UPDATE subjects SET "; $query .= "menu_name = '{$menu_name}', "; $query .= "position = {$position}, "; $query .= "visible = {$visible} "; $query .= "WHERE id = {$id}"; $query .= " LIMIT 1"; $result = $dbo->query($query); } if (isset($result) && $dbo->affected_rows($result) >= 0) { // success $_SESSION["message"] = "Subject Updated."; utility::redirect_to("manage_content.php"); } else { // failure $_SESSION["message"] = "Subject updit failed."; } } else { // This is probably a GET request } // end: if(isset($_POST['submit'])) }
<?php /* * Include necessary files */ include_once '../includes/core/init.inc.php'; ?> <?php $username = ""; if (isset($_POST['submit'])) { // validations $required_fields = array("username", "password"); validation::validate_presentces($required_fields); if (empty(validation::$errors)) { // Attempt Login $username = $_POST["username"]; $password = $_POST["password"]; $found_admin = utility::attempt_login($username, $password); if ($found_admin) { // success // Mark user as logged in $my_session->carry_session_data($found_admin["id"], $found_admin["username"], time()); // write access log $my_session->write_access_log(); // $firephp = FirePHP::getInstance(TRUE); // $firephp->info("run write_access_log method"); $my_session->backup_my_session(); // $_SESSION["admin_id"] = $found_admin["id"]; // $_SESSION["username"] = $found_admin["username"];