Fifth pass at adding key files

site/runshops/wiki_validate_X.php

@@ -0,0 +1,75 @@
+<?PHP
+
+include("config.php");
+
+if (!$_POST || !is_admin()){ header('Location: '.$site_url.'/'); }
+
+// error checking
+if(!isset($_POST['delete']) && !isset($_POST['validate'])) exit();
+
+if (isset($_POST['delete'])) {	
+	// convert the array to a SQL friendly format
+	$deleteList = "(".implode(",", $_POST[delete]).")";
+	
+	// build the SQL query to delete the edits that are bad
+	$sql = "DELETE FROM ".$prefix."RunshopsEdits WHERE edit_id IN $deleteList";
+			  
+	mysql_query($sql) or die(mysql_error());
+}
+
+if (isset($_POST['validate'])) {
+	// convert the array to a SQL friendly format
+	$validateList = "(".implode(",", $_POST['validate']).")";
+	
+	$sql = "SELECT * FROM ".$prefix."RunshopsEdits WHERE edit_id IN $validateList";
+	
+	$results = mysql_query($sql) OR die(mysql_error());
+	
+	// Loop through running store edits shifting edits over
+	while($row = mysql_fetch_array($results)) {
+		$sql = "UPDATE ".$prefix."Runshops 
+					SET runshop_name = '".mysql_escape_string($row[runshop_name])."',
+						runshop_name_tag = '".mysql_escape_string($row[runshop_name_tag])."',
+						runshop_address = '".mysql_escape_string($row[runshop_address])."',
+						runshop_address_two = '".mysql_escape_string($row[runshop_address_two])."',
+						runshop_city = '".mysql_escape_string($row[runshop_city])."',
+						runshop_state = '".mysql_escape_string($row[runshop_state])."',
+						runshop_state_tag = '".mysql_escape_string($row[runshop_state_tag])."',
+						runshop_zip = '".mysql_escape_string($row[runshop_zip])."',
+						runshop_phone = '".mysql_escape_string($row[runshop_phone])."',
+						runshop_fax = '".mysql_escape_string($row[runshop_fax])."',
+						runshop_email = '".mysql_escape_string($row[runshop_email])."',
+						runshop_website = '".mysql_escape_string($row[runshop_website])."',
+						runshop_cart = '".mysql_escape_string($row[runshop_cart])."',
+						runshop_contact = '".mysql_escape_string($row[runshop_contact])."',
+						runshop_contact_names = '".mysql_escape_string($row[runshop_contact_names])."',
+						runshop_diagnostics = ',".mysql_escape_string($row[runshop_diagnostics])."',
+						runshop_shoes = ',".mysql_escape_string($row[runshop_shoes])."',
+						runshop_swimgear = ',".mysql_escape_string($row[runshop_swimgear])."',
+						runshop_wetsuits = ',".mysql_escape_string($row[runshop_wetsuits])."',
+						runshop_socks = ',".mysql_escape_string($row[runshop_socks])."',
+						runshop_apparel_run = ',".mysql_escape_string($row[runshop_apparel_run])."',
+						runshop_apparel_tri = ',".mysql_escape_string($row[runshop_apparel_tri])."',
+						runshop_hours = '".mysql_escape_string($row[runshop_hours])."',
+						runshop_classes = '".mysql_escape_string($row[runshop_classes])."',
+						runshop_info = '".mysql_escape_string($row[runshop_info])."',
+						runshop_directions = '".mysql_escape_string($row[runshop_directions])."'
+						WHERE runshop_id = '$row[runshop_id_fk]'";
+		//echo $sql;
+		//exit();
+		mysql_query($sql) OR die(mysql_error());
+		
+		$sql = "INSERT INTO ".$prefix."RunshopsEditors (runshop_id_fk, user_id_fk, edit_timestamp) VALUES ('$row[runshop_id_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
+		mysql_query($sql) OR die(mysql_error());
+		
+		$sql = "DELETE FROM ".$prefix."RunshopsEdits WHERE edit_id = $row[edit_id]";
+		mysql_query($sql) OR die(mysql_error());
+		
+	}
+	
+}
+
+
+header('Location: '.$site_url.'/wiki_validate.php');
+
+?>