Fifth pass at adding key files

site/racecalendar/wiki_validate_X.php

@@ -0,0 +1,86 @@
+<?PHP 
+
+// do I need to do additional security checks to make sure the script is being called appropriately?
+
+include("config.php");
+
+if (!$_POST){ header('Location: https://slowtwitch.com/calendar/'); }
+
+// error checking
+if(!isset($_POST)) exit();
+
+if (isset($_POST[delete])) {	
+	// convert the array to a SQL friendly format
+	$deleteList = "(".implode(",", $_POST[delete]).")";
+	
+	// build the SQL query to delete the edits that are bad
+	$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id IN $deleteList";
+			  
+	mysql_query($sql) or die(mysql_error());
+}
+
+if (isset($_POST[validate])) {
+	// convert the array to a SQL friendly format
+	$validateList = "(".implode(",", $_POST[validate]).")";
+	
+	$sql = "SELECT * FROM gforum_TriathlonsEdits WHERE edit_id IN $validateList";
+	
+	$results = mysql_query($sql) OR die(mysql_error());
+	
+	// Loop through races shifting edits over
+	while($row = mysql_fetch_array($results)) {
+		$sql = "UPDATE gforum_Triathlons
+					SET onetype = '".mysql_escape_string($row[onetype])."', 
+						twotype = '".mysql_escape_string($row[twotype])."',
+						threetype = '".mysql_escape_string($row[threetype])."',
+						oneunit = '".mysql_escape_string($row[oneunit])."',
+						twounit = '".mysql_escape_string($row[twounit])."',
+						threeunit = '".mysql_escape_string($row[threeunit])."',
+						name = '".mysql_real_escape_string($row[name])."',
+						nametag = '".mysql_real_escape_string($row[nametag])."',
+						date = '".mysql_escape_string($row[date])."',
+						type = '".mysql_escape_string($row[type])."',
+						indivfee = '".mysql_real_escape_string($row[indivfee])."',
+						teamfee = '".mysql_real_escape_string($row[teamfee])."',
+						swim = ".mysql_real_escape_string($row[swim]).",
+						bike = ".mysql_real_escape_string($row[bike]).",
+						bike_surface = ".mysql_real_escape_string($row[bike_surface]).",
+						draft_legal = ".mysql_real_escape_string($row[draft_legal]).",
+						kids_race = ".mysql_real_escape_string($row[kids_race]).",
+						registration = ".mysql_real_escape_string($row[registration]).",
+						run = ".mysql_real_escape_string($row[run]).",
+						state= '".mysql_real_escape_string($row[state])."',
+						statetag = '".mysql_real_escape_string($row[statetag])."',
+						city = '".mysql_real_escape_string($row[city])."',
+						address = '".mysql_real_escape_string($row[address])."',
+						phone = '".mysql_real_escape_string($row[phone])."',
+						email = '".mysql_real_escape_string($row[email])."',
+						courseinfo = '".mysql_real_escape_string($row[courseinfo])."',
+						moreinfo = '".mysql_real_escape_string($row[moreinfo])."',
+						directions = '".mysql_real_escape_string($row[directions])."',
+						register = '".mysql_real_escape_string($row[register])."',
+						website = '".mysql_real_escape_string($row[website])."',
+						one_points = ".mysql_real_escape_string($row[one_points]).",
+						two_points = ".mysql_real_escape_string($row[two_points]).",
+						three_points = ".mysql_real_escape_string($row[three_points]).",
+						points = ".mysql_real_escape_string($row[points]).",
+						pointclass = ".mysql_real_escape_string($row[pointclass])."
+						WHERE uid = '".($row[race_uid_fk])."'";
+		//echo $sql;
+		//exit();
+		mysql_query($sql) OR die(mysql_error());
+		
+		$sql = "INSERT INTO gforum_TriathlonsEditors (race_uid_fk, user_id_fk, edit_timestamp) VALUES ('$row[race_uid_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
+		mysql_query($sql) OR die(mysql_error());
+		
+		$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id = $row[edit_id]";
+		mysql_query($sql) OR die(mysql_error());
+		
+	}
+	
+}
+
+
+header('Location: https://slowtwitch.com/calendar/wiki_validate.php');
+
+?>