PageRenderTime 28ms CodeModel.GetById 28ms RepoModel.GetById 0ms app.codeStats 0ms

/editsponsor.php

https://github.com/timconstan/vtcalendar
PHP | 265 lines | 241 code | 17 blank | 7 comment | 68 complexity | 0bc0471db365f77cbe0d06c21780d4ed MD5 | raw file
    

  1. <?php
    2. 

  2.   session_start();
    3. 

  3.   require_once('globalsettings.inc.php');
    4. 

  4.   require_once('functions.inc.php');
    5. 

  5. 

  6.   $database = DBopen();
    7. 

  7.   if (!authorized($database)) { exit; }
    8. 

  8.   if (!$_SESSION["AUTH_ADMIN"]) { exit; } // additional security
    9. 

  9. 

  10.   if (isset($_POST['cancel'])) { setVar($cancel,$_POST['cancel'],'cancel'); } else { unset($cancel); }
    11. 

  11.   if (isset($_POST['save'])) { setVar($save,$_POST['save'],'save'); } else { unset($save); }
    12. 

  12.   if (isset($_POST['check'])) { setVar($check,$_POST['check'],'check'); } else { unset($check); }
    13. 

  13.   if (isset($_POST['id'])) { setVar($id,$_POST['id'],'sponsorid'); } 
    14. 

  14. 	else { 
    15. 

  15. 	  if (isset($_GET['id'])) { setVar($id,$_GET['id'],'sponsorid'); } 
    16. 

  16. 		else { unset($id); }
    17. 

  17. 	}
    18. 

  18.   if (isset($_POST['sponsor'])) { 
    19. 

  19.     if (isset($_POST['sponsor']['name'])) { setVar($sponsor['name'],$_POST['sponsor']['name'],'sponsor_name'); } 
    20. 

  20. 		else { unset($sponsor['name']); }
    21. 

  21.     if (isset($_POST['sponsor']['email'])) { setVar($sponsor['email'],$_POST['sponsor']['email'],'email'); } 
    22. 

  22. 		else { unset($sponsor['email']); }
    23. 

  23.     if (isset($_POST['sponsor']['url'])) { setVar($sponsor['url'],$_POST['sponsor']['url'],'sponsor_url'); } 
    24. 

  24. 		else { unset($sponsor['url']); }
    25. 

  25.     if (isset($_POST['sponsor']['admins'])) { setVar($sponsor['admins'],$_POST['sponsor']['admins'],'sponsor_admins'); } 
    26. 

  26. 		else { unset($sponsor['admins']); }
    27. 

  27.   }
    28. 

  28. 

  29.   if (isset($cancel)) {
    30. 

  30.     redirect2URL("managesponsors.php");
    31. 

  31.     exit;
    32. 

  32.   }
    33. 

  33. 

  34.   function checksponsor(&$sponsor) {
    35. 

  35.     return (!empty($sponsor['name']) &&
    36. 

  36.        	    !empty($sponsor['email']) &&
    37. 

  37. 						checkURL($sponsor['url']));
    38. 

  38.   }
    39. 

  39. 

  40. 	function emailsponsoraccountchanged(&$sponsor) {
    41. 

  41. 		$subject = lang('email_account_updated_subject');
    42. 

  42. 		$body = lang('email_account_updated_body');
    43. 

  43. 		$body.= "   ".lang('sponsor_name')." ".stripslashes($sponsor['name'])."\n";
    44. 

  44. 		$body.= "   ".lang('email')." ".stripslashes($sponsor['email'])."\n";
    45. 

  45. 		$body.= "   ".lang('homepage')." ".stripslashes($sponsor['url'])."\n\n";
    46. 

  46. 

  47.     	if ( isset($_SERVER["HTTPS"]) ) { $body .= "https"; } else { $body .= "http"; } 
    48. 

  48.         $body .= "://".$_SERVER['HTTP_HOST'].substr($_SERVER['SCRIPT_NAME'],0,strrpos($_SERVER['SCRIPT_NAME'], "/"))."/update.php?calendarid=".$_SESSION["CALENDARID"]."\n\n";
    49. 

  49. 

  50. 		$body.= lang('email_add_event_instructions');
    51. 

  51. 		sendemail2sponsor($sponsor['name'],$sponsor['email'],$subject,$body);
    52. 

  52. 	} // end: emailsponsoraccountchanged
    53. 

  53. 

  54.   $sponsorexists = false;
    55. 

  55.   $addPIDError="";
    56. 

  56.   if (isset($save) && checksponsor($sponsor) ) {
    57. 

  57.     $result = DBQuery($database, "SELECT * FROM vtcal_sponsor WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND name='".sqlescape($sponsor['name'])."'" );
    58. 

  58. 		if ( $result->numRows()>0 ) {
    59. 

  59.       if ($result->numRows()>1) {
    60. 

  60. 			  $sponsorexists = true;
    61. 

  61. 			}
    62. 

  62. 			else { // exactly one result
    63. 

  63. 				if ( isset ($id) ) {
    64. 

  64.   				$s = $result->fetchRow(DB_FETCHMODE_ASSOC,0);
    65. 

  65. 	  			if ( $s['id'] != $id ) {
    66. 

  66.             $sponsorexists = true;
    67. 

  67. 			  	}
    68. 

  68. 				}
    69. 

  69. 				else {
    70. 

  70. 				  $sponsorexists = true;
    71. 

  71. 				}			
    72. 

  72. 			}
    73. 

  73. 		}
    74. 

  74. 

  75. 		if (!$sponsorexists) {
    76. 

  76. 			// check validity of sponsor-admins
    77. 

  77. 			if ( !empty($sponsor['admins']) ) {
    78. 

  78. 				// disassemble the admins string and check all PIDs against the DB
    79. 

  79. 				$pidsInvalid = "";
    80. 

  80. 				$pidsTokens = split ( "[ ,;\n\t]", $sponsor['admins'] );
    81. 

  81. 				$pidsAddedCount = 0;
    82. 

  82. 				for ($i=0; $i<count($pidsTokens); $i++) {
    83. 

  83. 					$pidName = $pidsTokens[$i];
    84. 

  84. 					$pidName = trim($pidName);
    85. 

  85. 					if ( !empty($pidName) ) {
    86. 

  86. 						if ( isvaliduser ( $database, $pidName ) ) {
    87. 

  87. 							$pidsAdded[$pidsAddedCount] = $pidName;
    88. 

  88. 							$pidsAddedCount++;
    89. 

  89. 						} 
    90. 

  90. 						else {
    91. 

  91. 							if ( !empty($pidsInvalid) ) { $pidsInvalid .= ","; }
    92. 

  92. 							$pidsInvalid .= $pidName;
    93. 

  93. 						}
    94. 

  94. 					} 
    95. 

  95. 				} // end: while
    96. 

  96. 		
    97. 

  97. 				// save the changes
    98. 

  98. 		
    99. 

  99. 				// feedback message(s)
    100. 

  100. 				if ( !empty($pidsInvalid) ) {
    101. 

  101. 					if ( strpos($pidsInvalid, "," ) > 0 ) { // more than one user-ID
    102. 

  102. 						$addPIDError = lang('user_ids_invalid')." &quot;".$pidsInvalid."&quot;";
    103. 

  103. 					}
    104. 

  104. 					else {
    105. 

  105. 						$addPIDError = lang('user_id_invalid')." &quot;".$pidsInvalid."&quot;";
    106. 

  106. 					}
    107. 

  107. 				}
    108. 

  108. 			} // end: else: if ( empty($sponsor[admins]) )
    109. 

  109. 

  110.   		if (empty($addPIDError)) {    
    111. 

  111. 				if ( isset ($id) ) { // edit, not new
    112. 

  112. 					$result = DBQuery($database, "UPDATE vtcal_sponsor SET name='".sqlescape($sponsor['name'])."',email='".sqlescape($sponsor['email'])."',url='".sqlescape($sponsor['url'])."' WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND id = '".sqlescape($id)."'" );
    113. 

  113. 	
    114. 

  114. 					// substitute existing auth info with the new one
    115. 

  115. 					$result = DBQuery($database, "DELETE FROM vtcal_auth WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND sponsorid='".sqlescape($id)."'" );
    116. 

  116. 					for ($i=0; $i<count($pidsAdded); $i++) {
    117. 

  117. 						$result = DBQuery($database, "INSERT INTO vtcal_auth (calendarid,userid,sponsorid) VALUES ('".sqlescape($_SESSION["CALENDARID"])."','".sqlescape($pidsAdded[$i])."','".sqlescape($id)."')" );
    118. 

  118. 					}
    119. 

  119. 				}
    120. 

  120. 				else {
    121. 

  121. 					$query = "INSERT INTO vtcal_sponsor (calendarid,name,email,url) VALUES ('".sqlescape($_SESSION["CALENDARID"])."','".sqlescape($sponsor['name'])."','".sqlescape($sponsor['email'])."','".sqlescape($sponsor['url'])."')";
    122. 

  122. 					$result = DBQuery($database, $query ); 
    123. 

  123. 	
    124. 

  124. 					// determine the automatically generated sponsor-id
    125. 

  125. 					$result = DBQuery($database, "SELECT id FROM vtcal_sponsor WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND name='".sqlescape($sponsor['name'])."' AND email='".sqlescape($sponsor['email'])."' AND url='".sqlescape($sponsor['url'])."'" ); 
    126. 

  126. 					$s = $result->fetchRow(DB_FETCHMODE_ASSOC,0);
    127. 

  127. 					$id = $s['id'];
    128. 

  128. 					
    129. 

  129. 					// substitute existing auth info with the new one
    130. 

  130. 					$result = DBQuery($database, "DELETE FROM vtcal_auth WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND sponsorid='".sqlescape($id)."'" );
    131. 

  131. 					for ($i=0; $i<count($pidsAdded); $i++) {
    132. 

  132. 						$result = DBQuery($database, "INSERT INTO vtcal_auth (calendarid,userid,sponsorid) VALUES ('".sqlescape($_SESSION["CALENDARID"])."','".sqlescape($pidsAdded[$i])."','".sqlescape($id)."')" );
    133. 

  133. 					}
    134. 

  134. 				}
    135. 

  135. 									
    136. 

  136. 				emailsponsoraccountchanged($sponsor);
    137. 

  137. 				redirect2URL("managesponsors.php");
    138. 

  138. 				exit;
    139. 

  139. 			} // end: if (empty($addPIDError))
    140. 

  140.     } // end: if (!$sponsorexists) 
    141. 

  141. 	}
    142. 

  142. 

  143.   if ( isset($id) ) {
    144. 

  144.     pageheader(lang('edit_sponsor'),
    145. 

  145.                lang('edit_sponsor'),
    146. 

  146.                "Update","",$database);
    147. 

  147.     echo "<br />";
    148. 

  148.     box_begin("inputbox",lang('edit_sponsor'));
    149. 

  149. 		if ( !isset($check) ) {
    150. 

  150.   		$result = DBQuery($database, "SELECT * FROM vtcal_sponsor WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND id='".sqlescape($id)."'" );
    151. 

  151.       $sponsor = $result->fetchRow(DB_FETCHMODE_ASSOC,0);
    152. 

  152. 		}
    153. 

  153. 	}
    154. 

  154. 	else {
    155. 

  155.     pageheader(lang('add_new_sponsor'),
    156. 

  156.                lang('add_new_sponsor'),
    157. 

  157.                "Update","",$database);
    158. 

  158.     echo "<br />";
    159. 

  159.     box_begin("inputbox",lang('add_new_sponsor'));
    160. 

  160. 	}
    161. 

  161. ?>
    162. 

  162. <br />
    163. 

  163. <form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    164. 

  164. <TABLE border="0" cellpadding="2" cellspacing="0">
    165. 

  165.   <TR>
    166. 

  166.     <TD class="bodytext" valign="top">
    167. 

  167.       <strong><?php echo lang('sponsor_name'); ?></strong>
    168. 

  168.       <FONT color="#FF0000">*</FONT>
    169. 

  169.     </TD>
    170. 

  170.     <TD class="bodytext" valign="top">
    171. 

  171. <?php
    172. 

  172. 		if ( isset($check) ) {
    173. 

  173. 			if (empty($sponsor['name'])) {
    174. 

  174. 				feedback(lang('choose_sponsor_name'),1);
    175. 

  175. 			}
    176. 

  176. 			elseif ($sponsorexists) {
    177. 

  177. 				feedback(lang('sponsor_already_exists'),1);
    178. 

  178. 			}
    179. 

  179. 		}
    180. 

  180. ?>
    181. 

  181.       <INPUT type="text" size="50" name="sponsor[name]" maxlength=<?php echo constSponsor_nameMaxLength; ?>  value="<?php
    182. 

  182.     if ( isset($check) ) { $sponsor['name']=stripslashes($sponsor['name']); }
    183. 

  183.     if ( isset($sponsor['name']) ) { echo HTMLSpecialChars($sponsor['name']); }
    184. 

  184. ?>"> <em><?php echo lang('sponsor_name_example'); ?></em><br />
    185. 

  185.     </TD>
    186. 

  186.   </TR>
    187. 

  187.   <TR>
    188. 

  188.     <TD class="bodytext" valign="top">
    189. 

  189.       <strong><?php echo lang('email'); ?></strong>
    190. 

  190.       <FONT color="#FF0000">*</FONT>
    191. 

  191.     </TD>
    192. 

  192.     <TD class="bodytext" valign="top">
    193. 

  193. <?php
    194. 

  194.   if (isset($check) && (empty($sponsor['email']))) {
    195. 

  195.     feedback(lang('choose_email'),1);
    196. 

  196.   }
    197. 

  197. ?>
    198. 

  198.       <INPUT type="text" size="20" name="sponsor[email]" maxlength=<?php echo constEmailMaxLength; ?> value="<?php
    199. 

  199.   if ( isset($check) ) { $sponsor['email']=stripslashes($sponsor['email']); }
    200. 

  200.   if ( isset($sponsor['email'])) { echo HTMLSpecialChars($sponsor['email']); }
    201. 

  201. ?>">
    202. 

  202.       <em><?php echo lang('email_example'); ?></em><br />
    203. 

  203.     </TD>
    204. 

  204.   </TR>
    205. 

  205.   <TR>
    206. 

  206.     <TD class="bodytext" valign="top">
    207. 

  207.       <strong><?php echo lang('homepage'); ?></strong>
    208. 

  208.     </TD>
    209. 

  209.     <TD class="bodytext" valign="top">
    210. 

  210. <?php
    211. 

  211.   if ( isset($check) && !checkURL($sponsor['url']) ) {
    212. 

  212.     feedback(lang('url_invalid'),1);
    213. 

  213.   }
    214. 

  214. ?>
    215. 

  215.       <INPUT type="text" size="50" name="sponsor[url]" maxlength=<?php echo constUrlMaxLength; ?> value="<?php
    216. 

  216.   if ( isset($check) ) { $sponsor['url']=stripslashes($sponsor['url']); }
    217. 

  217.   if ( isset($sponsor['url']) ) { echo HTMLSpecialChars($sponsor['url']); }
    218. 

  218. ?>">
    219. 

  219.       <em><?php echo lang('url_example'); ?></em><br />
    220. 

  220.     </TD>
    221. 

  221.   </TR>
    222. 

  222.   <TR>
    223. 

  223.     <TD class="bodytext" valign="top">
    224. 

  224.       <strong><?php echo lang('administrative_members'); ?></strong>
    225. 

  225.     </TD>
    226. 

  226.     <TD class="bodytext" valign="top">
    227. 

  227. <?php
    228. 

  228.   if (!empty($addPIDError)) {    
    229. 

  229.     feedback($addPIDError,1);
    230. 

  230.   }
    231. 

  231. ?>
    232. 

  232. 		<textarea name="sponsor[admins]" cols="40" rows="3" wrap="virtual"><?php
    233. 

  233. 		if ( isset($sponsor['admins']) ) {
    234. 

  234. 		  echo $sponsor['admins'];
    235. 

  235. 		}
    236. 

  236. 		elseif ( isset($id) ) {
    237. 

  237. 		  $query = "SELECT * FROM vtcal_auth WHERE calendarid='".sqlescape($_SESSION["CALENDARID"])."' AND sponsorid='".sqlescape($id)."' ORDER BY userid";
    238. 

  238.       $result = DBQuery($database, $query ); 
    239. 

  239. 			$i = 0;
    240. 

  240. 			while ($i < $result->numRows()) {
    241. 

  241. 			  $authorization = $result->fetchRow(DB_FETCHMODE_ASSOC,$i);
    242. 

  242. 				if ($i>0) { echo ","; }
    243. 

  243. 				echo $authorization['userid'];
    244. 

  244. 				$i++;
    245. 

  245. 			}
    246. 

  246. 		}
    247. 

  247. 		?></textarea><br />
    248. 

  248. 		<i><?php echo lang('administrative_members_example'); ?></i>
    249. 

  249.     </TD>
    250. 

  250.   </TR>
    251. 

  251. </TABLE>
    252. 

  252. 	<input type="hidden" name="check" value="1">
    253. 

  253. <?php
    254. 

  254.   if ( isset ($id) ) { echo '<input type="hidden" name="id" value="',$id,'">'; }
    255. 

  255. ?>
    256. 

  256. 	<br />
    257. 

  257.   <br />
    258. 

  258.   <INPUT type="submit" name="save" value="<?php echo lang('ok_button_text'); ?>">
    259. 

  259.   <INPUT type="submit" name="cancel" value="<?php echo lang('cancel_button_text'); ?>">
    260. 

  260. </form>
    261. 

  261. <?php
    262. 

  262.   box_end();
    263. 

  263.   echo "<br />";
    264. 

  264.   require("footer.inc.php");
    265. 

  265. ?>
    266. 

  266.