discourse-legacysite-perl/site/triclubs/wiki_validate_X.php

103 lines
3.4 KiB
PHP
Raw Normal View History

2024-06-17 12:42:14 +00:00
<?PHP
// do I need to do additional security checks to make sure the script is being called appropriately?
/*
FIELD NAMES:
triclub_id
triclub_name
triclub_name_tag
triclub_address
triclub_address_two
triclub_city
triclub_state
triclub_state_tag
triclub_zip
triclub_email
triclub_website
triclub_president
triclub_board
triclub_board_names
triclub_membership
triclub_dues
triclub_info
triclub_sponsors
triclub_discounts
triclub_directions
triclub_workouts
triclub_meetings
triclub_submitted_by
triclub_valid
triclub_member_tags
*/
include("config.php");
if (!$_POST){ header('Location: '.$site_url.'/'); }
// error checking
if(!isset($_POST)) exit();
if (isset($_POST[delete])) {
// convert the array to a SQL friendly format
$deleteList = "(".implode(",", $_POST[delete]).")";
// build the SQL query to delete the edits that are bad
$sql = "DELETE FROM ".$prefix."TriclubsEdits WHERE edit_id IN $deleteList";
mysql_query($sql) or die(mysql_error());
}
if (isset($_POST[validate])) {
// convert the array to a SQL friendly format
$validateList = "(".implode(",", $_POST[validate]).")";
$sql = "SELECT * FROM ".$prefix."TriclubsEdits WHERE edit_id IN $validateList";
$results = mysql_query($sql) OR die(mysql_error());
// Loop through triclubs shifting edits over
while($row = mysql_fetch_array($results)) {
$sql = "UPDATE ".$prefix."Triclubs
SET triclub_name = '".mysql_escape_string($row[triclub_name])."',
triclub_name_tag = '".mysql_escape_string($row[triclub_name_tag])."',
triclub_address = '".mysql_escape_string($row[triclub_address])."',
triclub_address_two = '".mysql_escape_string($row[triclub_address_two])."',
triclub_city = '".mysql_escape_string($row[triclub_city])."',
triclub_state = '".mysql_escape_string($row[triclub_state])."',
triclub_state_tag = '".mysql_escape_string($row[triclub_state_tag])."',
triclub_zip = '".mysql_escape_string($row[triclub_zip])."',
triclub_email = '".mysql_escape_string($row[triclub_email])."',
triclub_website = '".mysql_escape_string($row[triclub_website])."',
triclub_president = '".mysql_escape_string($row[triclub_president])."',
triclub_board = '".mysql_escape_string($row[triclub_board])."',
triclub_board_names = '".mysql_escape_string($row[triclub_board_names])."',
triclub_membership = '".mysql_escape_string($row[triclub_membership])."',
triclub_dues = '".mysql_escape_string($row[triclub_dues])."',
triclub_info = '".mysql_escape_string($row[triclub_info])."',
triclub_sponsors = '".mysql_escape_string($row[triclub_sponsors])."',
triclub_discounts = '".mysql_escape_string($row[triclub_discounts])."',
triclub_directions = '".mysql_escape_string($row[triclub_directions])."',
triclub_workouts = '".mysql_escape_string($row[triclub_workouts])."',
triclub_meetings = '".mysql_escape_string($row[triclub_meetings])."'
WHERE triclub_id = '$row[triclub_id_fk]'";
//echo $sql;
//exit();
mysql_query($sql) OR die(mysql_error());
$sql = "INSERT INTO ".$prefix."TriclubsEditors (triclub_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[triclub_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
mysql_query($sql) OR die(mysql_error());
$sql = "DELETE FROM ".$prefix."TriclubsEdits WHERE edit_id = $row[edit_id]";
mysql_query($sql) OR die(mysql_error());
}
}
header('Location: '.$site_url.'/wiki_validate.php');
?>