deeemm-cms /admin/includes/save_content.php

Language PHP Lines 149
MD5 Hash 8b175fcaeb018fab98bde0d22f0c24c2 Estimated Cost $2,534 (why?)
Repository https://bitbucket.org/mpercy/deeemm-cms View Raw File View Project SPDX
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
<?php
defined( '_INDM' ) or die( 'POSSIBLE HACK ATTEMPT!' );


/*===========================================================================
Check user priviledges
===========================================================================*/
require VALIDATE;

if ($user != 'ADMIN') header("Location: " . $default_url . "index.php");



//get data entered in form and propogate variables
$parent = mysql_escape_string(stripslashes($_REQUEST['parent']));

if (!$parent){
	$parent = 'orphan';
}


//$child = mysql_escape_string(stripslashes($_REQUEST['child']));
$image = $_REQUEST['image'];
$title_lan_1 = mysql_escape_string(ucwords(stripslashes($_REQUEST['title_lan_1'])));
$title_lan_2 = mysql_escape_string(ucwords(stripslashes($_REQUEST['title_lan_2'])));
$title_lan_3 = mysql_escape_string(ucwords(stripslashes($_REQUEST['title_lan_3'])));
$title_lan_4 = mysql_escape_string(ucwords(stripslashes($_REQUEST['title_lan_4'])));
$tool_tip_lan_1 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_1']));
$tool_tip_lan_2 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_2']));
$tool_tip_lan_3 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_3']));
$tool_tip_lan_4 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_4']));
$description_lan_1 = mysql_escape_string(stripslashes($_REQUEST['description_lan_1']));
$description_lan_2 = mysql_escape_string(stripslashes($_REQUEST['description_lan_2']));
$description_lan_3 = mysql_escape_string(stripslashes($_REQUEST['description_lan_3']));
$description_lan_4 = mysql_escape_string(stripslashes($_REQUEST['description_lan_4']));


//get parent field data from database entry if available
if ($page <> 'admin'){
	$sql_query = mysql_query("SELECT * FROM " . $db_table_prefix . 'cat_' . "$page WHERE `id` = $id");
	while($sql_result = mysql_fetch_array($sql_query)){
		$old_parent = $sql_result[parent];
		$old_image = $sql_result[image];
		$old_date = $sql_result[date];
	}
}

//get number of entries in new parent table
$sql_result = mysql_query("select count(*) from '$parent'");
$order = @mysql_result($sql_result,0) + 1;
if ($order < 1) $order = 1;

//breakpoint($parent);

//if $page does not exist add data to database
if ($page == '' || !isset($page) || $page == 'admin') {

	mysql_query("INSERT INTO `" . $db_table_prefix . $parent . "` VALUES(NULL,
  (now()),
  '$order',
  '$parent',
  '$title_lan_1',
  '$title_lan_1',
  '$filename',
	'',
	'on',
  '$title_lan_1',
  '$tool_tip_lan_1',
  '$description_lan_1',
  '$title_lan_2',
  '$tool_tip_lan_2',
  '$description_lan_2',
  '$title_lan_3',
  '$tool_tip_lan_3',
  '$description_lan_3',
  '$title_lan_4',
  '$tool_tip_lan_4',
  '$description_lan_4')") or die ("<b>A fatal MySQL error occured</b>.\n<br />\nError: (" . mysql_errno() . ") " . mysql_error());;

	$sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$parent` WHERE `description_lan_1` = '$description_lan_1'");
	while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];

	//$page already exists - update data in database
} else {

	//new and old parent fields are the same - update existing entry
	if ($old_parent == $parent){

		//breakpoint($description_lan_1);

		// sort out order and type fields
		mysql_query("UPDATE `" . $db_table_prefix . "$parent` SET
		`date` = '$old_date',
		`order` = '$order',
		`child` = '$title_lan_1',
		`category` = '$title_lan_1',
		`title_lan_1` = '$title_lan_1',
		`tool_tip_lan_1` = '$tool_tip_lan_1',
		`description_lan_1` = '$description_lan_1',
		`title_lan_2` = '$title_lan_2',
		`tool_tip_lan_2` = '$tool_tip_lan_2',
		`description_lan_2` = '$description_lan_2',
		`title_lan_3` = '$title_lan_3',
		`tool_tip_lan_3` = '$tool_tip_lan_3',
		`description_lan_3` = '$description_lan_3',
		`title_lan_4` = '$title_lan_4',
		`tool_tip_lan_4` = '$tool_tip_lan_4',
		`description_lan_4` = '$description_lan_4' WHERE `id` = '$id'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());;


		//else parent fields are different
	} else {
		//so delete data from old table
		mysql_query("DELETE FROM `" . $db_table_prefix . "$old_parent` WHERE `id` = '$id'");

		//reorder id of old table by recreating field
		mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_parent` DROP `id`");
		mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_parent` ADD `id` MEDIUMINT( 16 ) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST");

		//add data to new table
		mysql_query("INSERT INTO `" . $db_table_prefix . "$parent` VALUES(NULL,
    '$old_date',
    '$order',
    '$parent',
    '$title_lan_1',
    '$title_lan_1',
    '$old_image',
		'',
		'on',
    '$title_lan_1',
    '$tool_tip_lan_1',
    '$description_lan_1',
    '$title_lan_2',
    '$tool_tip_lan_2',
    '$description_lan_2',
    '$title_lan_3',
    '$tool_tip_lan_3',
    '$description_lan_3',
    '$title_lan_4',
    '$tool_tip_lan_4',
    '$description_lan_4')") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());

		$sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$parent` WHERE `description_lan_1` = '$description_lan_1'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
		while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];
	}
}
header("Location: " . $default_url . "index.php?page=$parent&id=$id");
exit;
?>
Back to Top