Fifth pass at adding key files
This commit is contained in:
dsainty
189
site/fitters/wiki_edit_X.php
Normal file
189
site/fitters/wiki_edit_X.php
Normal file
@@ -0,0 +1,189 @@
|
||||
<?PHP
|
||||
|
||||
if (!$_POST){ header('Location: '.$site_url.'/?error=no_post'); }
|
||||
|
||||
/*
|
||||
|
||||
FIELD NAMES:
|
||||
fitter_id
|
||||
fitter_name
|
||||
fitter_name_tag
|
||||
fitter_address
|
||||
fitter_address_two
|
||||
fitter_city
|
||||
fitter_state
|
||||
fitter_state_tag
|
||||
fitter_zip
|
||||
fitter_phone
|
||||
fitter_fax
|
||||
fitter_email
|
||||
fitter_website
|
||||
fitter_certifications
|
||||
fitter_fitbikes
|
||||
fitter_motioncapture
|
||||
fitter_cost
|
||||
fitter_info
|
||||
fitter_directions
|
||||
fitter_submitted_by
|
||||
fitter_valid
|
||||
fitter_user_tags
|
||||
|
||||
*/
|
||||
|
||||
/* Need to ltrim and rtrim commas before insertion */
|
||||
|
||||
//Insert into database
|
||||
$errmsg = NULL;
|
||||
//Check for blank fields
|
||||
if ((!$_POST[fitter_name])) $errmsg = $errmsg."Shop name, ";
|
||||
if (!$_POST[fitter_city]) $errmsg = $errmsg."City, ";
|
||||
if (!$_POST[fitter_state]) $errmsg = $errmsg."State, ";
|
||||
if (!$_POST[fitter_address]) $errmsg = $errmsg."Address, ";
|
||||
if ((!$_POST[fitter_lat] || !$_POST[fitter_lng]) && $_POST[latlng_override] == true) $errmsg = $errmsg."Lat/Lng cannot be left blank if you wish to override address, ";
|
||||
if (!$_POST[fitter_phone]) $errmsg = $errmsg."Phone, ";
|
||||
if (!$_POST[fitter_email]) $errmsg = $errmsg."Email, ";
|
||||
if (!$_POST[fitter_website]) $errmsg = $errmsg."Website, ";
|
||||
if (!$_POST[fitter_cost]) $errmsg = $errmsg."Cost, ";
|
||||
if (strlen($_POST[fitter_info]) < 4) $errmsg = $errmsg."General Info, ";
|
||||
if (strlen($_POST[fitter_directions]) < 4) $errmsg = $errmsg."Directions, ";
|
||||
if (isset($errmsg)) {
|
||||
$errmsg = "The following fields cannot be left blank: ".$errmsg."<br />";
|
||||
$errmsg = rtrim($errmsg, ", ");
|
||||
}
|
||||
|
||||
$start_url = "(http(s)?\:\/\/)?"; // start url
|
||||
$dots = "([\w_-]{2,}\.)+"; // one or more parts containing a '.' at the end
|
||||
$last_part = "([\w_-]{2,})"; // last part doesn't contain a dot
|
||||
$user = "((\/)(\~)[\w_=-]+)?((\/)[\w_=-]+)*"; // maybe subdirectories - possibly with user ~
|
||||
$end = "((\/)|(\/)[\w_-]+\.[\w]{2,})?"; // maybe a slash at the end or slash+file+extension
|
||||
$qstring1 = "((\?[\w_-]+\=([^\#]+)){0,1}"; // querystring - first argument (?a=b)
|
||||
$qstring2 = "(\&[\w_-]+\=([^\#]+))*)?"; // querystring - following arguments (&c=d)
|
||||
$bkmrk = "(#[\w_-]+)?"; // bookmark
|
||||
|
||||
$exp = "/^".$start_url.$dots.$last_part.$user.$end.$qstring1.$qstring2.$bkmrk."$/i";
|
||||
if( !preg_match($exp, $_POST[fitter_website]) ) {
|
||||
// Contains invalid characters.
|
||||
$errmsg = $errmsg."Invalid Web Address<br />";
|
||||
}
|
||||
if($_POST[fitter_portfolio] != "" && !preg_match($exp, $_POST[fitter_portfolio]) ) {
|
||||
// Contains invalid characters.
|
||||
$errmsg = $errmsg."Invalid Portfolio Address<br />";
|
||||
}
|
||||
if( preg_match('/[^a-zA-Z0-9\. ]/', $_POST[fitter_name]) ) {
|
||||
// Contains invalid characters.
|
||||
$errmsg = $errmsg."Please use only letters and numbers in the name<br />";
|
||||
}
|
||||
|
||||
if(!$errmsg){
|
||||
|
||||
$name = trim($_POST[fitter_name]);
|
||||
$name_tag = strtolower(str_replace(" ","", $name));
|
||||
if(strlen($nametag) > 12){ //Shorten it
|
||||
$name_tag = substr($nametag, 0, 12);
|
||||
}
|
||||
$address = mysql_escape_string(trim($_POST[fitter_address]));
|
||||
$full_address = $address;
|
||||
if (isset($_POST['fitter_address_two'])) { $address_two = mysql_escape_string(trim($_POST[fitter_address_two])); } else { $address_two = NULL; $full_address = $full_address.", ".$address_two; }
|
||||
$city = mysql_escape_string(trim($_POST[fitter_city]));
|
||||
$full_address = $full_address.", ".$city;
|
||||
$state = $_POST[fitter_state];
|
||||
$full_address = $full_address.", ".$state;
|
||||
$state_tag = strtolower(str_replace(" ","", $state));
|
||||
$zip = mysql_escape_string(trim($_POST[fitter_zip]));
|
||||
$full_address = $full_address." ".$zip;
|
||||
$latlng_override = $_POST[latlng_override];
|
||||
if ($latlng_override == true) {
|
||||
$lat = $_POST[fitter_lat];
|
||||
$lng = $_POST[fitter_lng];
|
||||
} else {
|
||||
//geocode
|
||||
//echo ($full_address);
|
||||
$geocode_status = geocode($full_address);
|
||||
//echo (is_array($geocode_status));
|
||||
if (is_array($geocode_status)) {
|
||||
$geocode_error = false;
|
||||
$lat = $geocode_status[0];
|
||||
$_POST[fitter_lat] = $lat;
|
||||
$lng = $geocode_status[1];
|
||||
$_POST[fitter_lng] = $lng;
|
||||
//echo ($lat.", ".$lng);
|
||||
} else {
|
||||
$geocode_error = true;
|
||||
$lat = 0;
|
||||
$_POST[fitter_lat] = $lat;
|
||||
$lng = 0;
|
||||
$_POST[fitter_lng] = $lng;
|
||||
$geocode_message = $geocode_status;
|
||||
}
|
||||
}
|
||||
$phone = trim($_POST[fitter_phone]);
|
||||
$fax = trim($_POST[fitter_fax]);
|
||||
$email = mysql_escape_string(trim($_POST[fitter_email]));
|
||||
$website = mysql_escape_string(trim($_POST[fitter_website]));
|
||||
$portfolio = mysql_escape_string(trim($_POST[fitter_portfolio]));
|
||||
$method = mysql_escape_string(trim($_POST[fitter_method]));
|
||||
$certifications = mysql_escape_string(trim($_POST[fitter_certifications]));
|
||||
$fitbikes = mysql_escape_string(trim($_POST[fitter_fitbikes]));
|
||||
$motioncapture = mysql_escape_string(trim($_POST[fitter_motioncapture]));
|
||||
$brandfriendly = mysql_escape_string(trim($_POST[fitter_brandfriendly]));
|
||||
$cost = mysql_escape_string(trim($_POST[fitter_cost]));
|
||||
$info = mysql_escape_string(nl2br(substr(trim($_POST[fitter_info]), 0, 4096)));
|
||||
$directions = mysql_escape_string(nl2br(substr(trim($_POST[fitter_directions]), 0, 4096)));
|
||||
$submitted_by = mysql_escape_string(trim($_POST[fitter_submitted_by]));
|
||||
$id = mysql_escape_string(trim($_POST[fitter_id]));
|
||||
$edited_by = mysql_escape_string(trim($_POST[edited_by]));
|
||||
$edit_timestamp = time();
|
||||
|
||||
// BEGIN CONFIRM ENTRY CHECK
|
||||
if($_POST[insert_fitter] == true){
|
||||
if(isset($_POST[new_fitter])){
|
||||
$sql = "INSERT INTO ".$prefix."Fitters (fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')";
|
||||
//echo("fitter entered!");
|
||||
//echo($sql);
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
header('Location: '.$site_url.'/add.php?confirmed=yes');
|
||||
} elseif(isset($_POST[save_changes]) && $submitted_by != $edited_by) {
|
||||
$sql = "INSERT INTO ".$prefix."FittersEdits (fitter_id_fk, editor_user_id_fk, edit_timestamp, fitter_name, fitter_name_tag, fitter_address, fitter_address_two, fitter_city, fitter_state, fitter_state_tag, fitter_zip, fitter_lat, fitter_lng, fitter_phone, fitter_fax, fitter_email, fitter_website, fitter_method, fitter_certifications, fitter_fitbikes, fitter_motioncapture, fitter_brandfriendly, fitter_cost, fitter_info, fitter_directions, fitter_submitted_by, fitter_valid, fitter_portfolio) VALUES ('$id', '$edited_by', '$edit_timestamp', '$name', '$name_tag', '$address', '$address_two', '$city', '$state', '$state_tag', '$zip', '$lat', '$lng', '$phone', '$fax', '$email', '$website', '$method', ',$certifications,', ',$fitbikes,', ',$motioncapture,', ',$brandfriendly,', '$cost', '$info', '$directions', $submitted_by, 0, '$portfolio')";
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=edit_success');
|
||||
} elseif(isset($_POST[save_changes]) && $submitted_by == $edited_by) {
|
||||
$sql = "UPDATE ".$prefix."Fitters
|
||||
SET fitter_name = '".$name."',
|
||||
fitter_name_tag = '".$name_tag."',
|
||||
fitter_address = '".$address."',
|
||||
fitter_address_two = '".$address_two."',
|
||||
fitter_city = '".$city."',
|
||||
fitter_state = '".$state."',
|
||||
fitter_state_tag = '".$state_tag."',
|
||||
fitter_phone = '".$phone."',
|
||||
fitter_fax = '".$fax."',
|
||||
fitter_zip = '".$zip."',
|
||||
fitter_lat = '".$lat."',
|
||||
fitter_lng = '".$lng."',
|
||||
fitter_email = '".$email."',
|
||||
fitter_website = '".$website."',
|
||||
fitter_method = '".$method."',
|
||||
fitter_certifications = ',".$certifications.",',
|
||||
fitter_fitbikes = ',".$fitbikes.",',
|
||||
fitter_motioncapture = ',".$motioncapture.",',
|
||||
fitter_brandfriendly = ',".$brandfriendly.",',
|
||||
fitter_cost = '".$cost."',
|
||||
fitter_info = '".$info."',
|
||||
fitter_directions = '".$directions."',
|
||||
fitter_portfolio = '".$portfolio."'
|
||||
WHERE fitter_id = $id";
|
||||
//echo $sql;
|
||||
//exit();
|
||||
mysql_query($sql) OR die(mysql_error());
|
||||
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&wiki_change=update_success');
|
||||
} else {
|
||||
header('Location: '.$site_url.'/individual.php?fitter_id='.$id.'&changes=failure');
|
||||
}
|
||||
} else {
|
||||
//echo("fitter NOT entered.");
|
||||
$confirm_fitter = true;
|
||||
}
|
||||
// END CONFIRM ENTRY CHECK
|
||||
}
|
||||
// END ERROR MESSAGE CHECK
|
||||
?>
|
||||
Reference in New Issue
Block a user