saint/discourse-legacysite-perl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fifth pass at adding key files

Browse Source
This commit is contained in:
dsainty
2024-06-17 22:42:14 +10:00
parent 67ccdbcc34
commit 9797a6824a
535 changed files with 95045 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
site/coaches/wiki_validate_X.php Normal file
View File

@@ -0,0 +1,97 @@
<?PHP
// do I need to do additional security checks to make sure the script is being called appropriately?
/*
FIELD NAMES:
coach_id
coach_name
coach_name_tag
coach_address
coach_address_two
coach_city
coach_state
coach_state_tag
coach_zip
coach_phone
coach_fax
coach_email
coach_website
coach_certifications
coach_services
coach_degrees
coach_cost
coach_info
coach_camps
coach_submitted_by
coach_valid
coach_user_tags
*/
include("config.php");
if (!$_POST){ header('Location: '.$site_url.'/'); }
// error checking
if(!isset($_POST)) exit();
if (isset($_POST[delete])) {
// convert the array to a SQL friendly format
$deleteList = "(".implode(",", $_POST[delete]).")";
// build the SQL query to delete the edits that are bad
$sql = "DELETE FROM ".$prefix."CoachesEdits WHERE edit_id IN $deleteList";
mysql_query($sql) or die(mysql_error());
}
if (isset($_POST[validate])) {
// convert the array to a SQL friendly format
$validateList = "(".implode(",", $_POST[validate]).")";
$sql = "SELECT * FROM ".$prefix."CoachesEdits WHERE edit_id IN $validateList";
$results = mysql_query($sql) OR die(mysql_error());
// Loop through coaches shifting edits over
while($row = mysql_fetch_array($results)) {
$sql = "UPDATE ".$prefix."Coaches
SET coach_name = '".mysql_escape_string($row[coach_name])."',
coach_name_tag = '".mysql_escape_string($row[coach_name_tag])."',
coach_address = '".mysql_escape_string($row[coach_address])."',
coach_address_two = '".mysql_escape_string($row[coach_address_two])."',
coach_city = '".mysql_escape_string($row[coach_city])."',
coach_state = '".mysql_escape_string($row[coach_state])."',
coach_state_tag = '".mysql_escape_string($row[coach_state_tag])."',
coach_phone = '".mysql_escape_string($row[coach_phone])."',
coach_fax = '".mysql_escape_string($row[coach_fax])."',
coach_zip = '".mysql_escape_string($row[coach_zip])."',
coach_email = '".mysql_escape_string($row[coach_email])."',
coach_website = '".mysql_escape_string($row[coach_website])."',
coach_certifications = '".mysql_escape_string($row[coach_certifications])."',
coach_services = '".mysql_escape_string($row[coach_services])."',
coach_degrees = '".mysql_escape_string($row[coach_degrees])."',
coach_cost = '".mysql_escape_string($row[coach_cost])."',
coach_info = '".mysql_escape_string($row[coach_info])."',
coach_camps = '".mysql_escape_string($row[coach_camps])."'
WHERE coach_id = '".mysql_escape_string($row[coach_id_fk])."'";
//echo $sql;
//exit();
mysql_query($sql) OR die(mysql_error());
$sql = "INSERT INTO ".$prefix."CoachesEditors (coach_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[coach_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
mysql_query($sql) OR die(mysql_error());
$sql = "DELETE FROM ".$prefix."CoachesEdits WHERE edit_id = $row[edit_id]";
mysql_query($sql) OR die(mysql_error());
}
}
header('Location: '.$site_url.'/wiki_validate.php');
?>