<?PHP 

// do I need to do additional security checks to make sure the script is being called appropriately?

include("config.php");

if (!$_POST){ header('Location: https://slowtwitch.com/calendar/'); }

// error checking
if(!isset($_POST)) exit();

if (isset($_POST[delete])) {	
	// convert the array to a SQL friendly format
	$deleteList = "(".implode(",", $_POST[delete]).")";
	
	// build the SQL query to delete the edits that are bad
	$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id IN $deleteList";
			  
	mysql_query($sql) or die(mysql_error());
}

if (isset($_POST[validate])) {
	// convert the array to a SQL friendly format
	$validateList = "(".implode(",", $_POST[validate]).")";
	
	$sql = "SELECT * FROM gforum_TriathlonsEdits WHERE edit_id IN $validateList";
	
	$results = mysql_query($sql) OR die(mysql_error());
	
	// Loop through races shifting edits over
	while($row = mysql_fetch_array($results)) {
		$sql = "UPDATE gforum_Triathlons
					SET onetype = '".mysql_escape_string($row[onetype])."', 
						twotype = '".mysql_escape_string($row[twotype])."',
						threetype = '".mysql_escape_string($row[threetype])."',
						oneunit = '".mysql_escape_string($row[oneunit])."',
						twounit = '".mysql_escape_string($row[twounit])."',
						threeunit = '".mysql_escape_string($row[threeunit])."',
						name = '".mysql_real_escape_string($row[name])."',
						nametag = '".mysql_real_escape_string($row[nametag])."',
						date = '".mysql_escape_string($row[date])."',
						type = '".mysql_escape_string($row[type])."',
						indivfee = '".mysql_real_escape_string($row[indivfee])."',
						teamfee = '".mysql_real_escape_string($row[teamfee])."',
						swim = ".mysql_real_escape_string($row[swim]).",
						bike = ".mysql_real_escape_string($row[bike]).",
						bike_surface = ".mysql_real_escape_string($row[bike_surface]).",
						draft_legal = ".mysql_real_escape_string($row[draft_legal]).",
						kids_race = ".mysql_real_escape_string($row[kids_race]).",
						registration = ".mysql_real_escape_string($row[registration]).",
						run = ".mysql_real_escape_string($row[run]).",
						state= '".mysql_real_escape_string($row[state])."',
						statetag = '".mysql_real_escape_string($row[statetag])."',
						city = '".mysql_real_escape_string($row[city])."',
						address = '".mysql_real_escape_string($row[address])."',
						phone = '".mysql_real_escape_string($row[phone])."',
						email = '".mysql_real_escape_string($row[email])."',
						courseinfo = '".mysql_real_escape_string($row[courseinfo])."',
						moreinfo = '".mysql_real_escape_string($row[moreinfo])."',
						directions = '".mysql_real_escape_string($row[directions])."',
						register = '".mysql_real_escape_string($row[register])."',
						website = '".mysql_real_escape_string($row[website])."',
						one_points = ".mysql_real_escape_string($row[one_points]).",
						two_points = ".mysql_real_escape_string($row[two_points]).",
						three_points = ".mysql_real_escape_string($row[three_points]).",
						points = ".mysql_real_escape_string($row[points]).",
						pointclass = ".mysql_real_escape_string($row[pointclass])."
						WHERE uid = '".($row[race_uid_fk])."'";
		//echo $sql;
		//exit();
		mysql_query($sql) OR die(mysql_error());
		
		$sql = "INSERT INTO gforum_TriathlonsEditors (race_uid_fk, user_id_fk, edit_timestamp) VALUES ('$row[race_uid_fk]', '$row[editor_user_id_fk]', '$row[edit_timestamp]')";
		mysql_query($sql) OR die(mysql_error());
		
		$sql = "DELETE FROM gforum_TriathlonsEdits WHERE edit_id = $row[edit_id]";
		mysql_query($sql) OR die(mysql_error());
		
	}
	
}


header('Location: https://slowtwitch.com/calendar/wiki_validate.php');

?>