/admin/includes/save_media.php
PHP | 149 lines | 111 code | 22 blank | 16 comment | 14 complexity | 0e3bb5b3193288e2313dcb08639db9ae MD5 | raw file
Possible License(s): LGPL-2.1, BSD-2-Clause
- <?php
- defined( '_INDM' ) or die( 'POSSIBLE HACK ATTEMPT!' );
-
- /*===========================================================================
- Check user priviledges
- ===========================================================================*/
- require VALIDATE;
-
- if ($user != 'ADMIN') header("Location: " . $default_url . "index.php");
-
-
-
- //>get data entered in form and propogate variables
- //strip slashes just in case magic quotes on
- $library = mysql_escape_string(stripslashes($_REQUEST['parent']));
- $child = mysql_escape_string(stripslashes($_REQUEST['child']));
- $category = mysql_escape_string(stripslashes($_REQUEST['selected_category']));
- $title_lan_1 = mysql_escape_string(stripslashes($_REQUEST['title_lan_1']));
- $title_lan_2 = mysql_escape_string(stripslashes($_REQUEST['title_lan_2']));
- $title_lan_3 = mysql_escape_string(stripslashes($_REQUEST['title_lan_3']));
- $title_lan_4 = mysql_escape_string(stripslashes($_REQUEST['title_lan_4']));
- $tool_tip_lan_1 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_1']));
- $tool_tip_lan_2 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_2']));
- $tool_tip_lan_3 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_3']));
- $tool_tip_lan_4 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_4']));
- $description_lan_1 = mysql_escape_string(stripslashes($_REQUEST['description_lan_1']));
- $description_lan_2 = mysql_escape_string(stripslashes($_REQUEST['description_lan_2']));
- $description_lan_3 = mysql_escape_string(stripslashes($_REQUEST['description_lan_3']));
- $description_lan_4 = mysql_escape_string(stripslashes($_REQUEST['description_lan_4']));
-
-
- //>get parent field data from database entry if available
- $sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . 'cat_' . "$page` WHERE `id` = '$id'");
- while($sql_result = mysql_fetch_array($sql_query)){
- $old_library = $sql_result[parent];
- $old_image = $sql_result[image];
- $old_date = $sql_result[date];
- $old_category = $sql_result[category];
- }
-
-
- if ($_FILES['file_data']['name']) {
-
- //>upload file
- $destination_filepath = $default_url . $media_dir;
- $form_name = 'file_data';
- $filename = upload_file($destination_filepath, $form_name);
-
- if (!$filename){
- header("Location: " . $default_url . 'index.php?page=messagebox&message=upload_failed');
- exit;
- }
-
- } else {
- $filename = $old_image;
- }
-
- //>if page does not exist add data to database
- if ($id == '' || !isset($id) || $page == 'admin') {
-
- mysql_query("INSERT INTO `" . $db_table_prefix . $library . "` VALUES(NULL,
- (now()),
- '$order',
- '$library',
- '$title_lan_1',
- '$category',
- '$filename',
- '',
- 'on',
- '$title_lan_1',
- '$tool_tip_lan_1',
- '$description_lan_1',
- '$title_lan_2',
- '$tool_tip_lan_2',
- '$description_lan_2',
- '$title_lan_3',
- '$tool_tip_lan_3',
- '$description_lan_3',
- '$title_lan_4',
- '$tool_tip_lan_4',
- '$description_lan_4')") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());;
-
- $sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$library` WHERE `description_lan_1` = '$description_lan_1'");
- while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];
-
- //$page already exists - update data in database
- } else {
-
- //breakpoint("'".$description_lan_1."'");
-
- //>new and old parent fields are the same - update existing entry
- if ($old_library == $library){
- // sort out order and type fields
- mysql_query("UPDATE `" . $db_table_prefix . $library . "` SET
- `child` = '$title_lan_1',
- `category` = '$category',
- `image` = '$old_image',
- `title_lan_1` = '$title_lan_1',
- `tool_tip_lan_1` = '$tool_tip_lan_1',
- `description_lan_1` = '$description_lan_1',
- `title_lan_2` = '$title_lan_2',
- `tool_tip_lan_2` = '$tool_tip_lan_2',
- `description_lan_2` = '$description_lan_2',
- `title_lan_3` = '$title_lan_3',
- `tool_tip_lan_3` = '$tool_tip_lan_3',
- `description_lan_3` = '$description_lan_3',
- `title_lan_4` = '$title_lan_4',
- `tool_tip_lan_4` = '$tool_tip_lan_4',
- `description_lan_4` = '$description_lan_4' WHERE `id` = '$id'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());;
-
- //>else parent fields are different
- } else {
- //>so delete data from old table
- mysql_query("DELETE FROM `" . $db_table_prefix . "$old_library` WHERE `id` = '$id'");
-
- //>reorder id of old table by recreating field
- mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_library` DROP `id`");
- mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_library` ADD `id` MEDIUMINT( 16 ) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST");
-
- //>add data to new table
- mysql_query("INSERT INTO `" . $db_table_prefix . "$library` VALUES(NULL,
- '$old_date',
- '$order',
- '$library',
- '$title_lan_1',
- '$category',
- '$old_image',
- '',
- 'on',
- '$title_lan_1',
- '$tool_tip_lan_1',
- '$description_lan_1',
- '$title_lan_2',
- '$tool_tip_lan_2',
- '$description_lan_2',
- '$title_lan_3',
- '$tool_tip_lan_3',
- '$description_lan_3',
- '$title_lan_4',
- '$tool_tip_lan_4',
- '$description_lan_4')") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
-
- $sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$library` WHERE `description_lan_1` = '$description_lan_1'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
- while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];
- }
- }
- header("Location: " . $default_url . "index.php?page=$library&id=$id");
- exit;
- ?>