Gazelle/sections/tools/managers/dnu_alter.php

60 lines
1.6 KiB
PHP
Raw Normal View History

2011-03-28 14:21:28 +00:00
<?
2013-04-24 08:00:23 +00:00
if (!check_perms('admin_dnu')) {
error(403);
}
2011-03-28 14:21:28 +00:00
authorize();
2013-09-15 08:00:53 +00:00
if ($_POST['submit'] == 'Reorder') { // Reorder
2013-10-19 08:01:09 +00:00
foreach ($_POST['item'] as $Position => $Item) {
$Position = db_string($Position);
$Item = db_string($Item);
2015-12-25 08:00:29 +00:00
$DB->query("
2013-10-19 08:01:09 +00:00
UPDATE `do_not_upload`
2015-12-25 08:00:29 +00:00
SET `Sequence` = '" . $Position . "'
WHERE `id` = '" . $Item . "'");
2013-10-19 08:01:09 +00:00
}
2013-08-09 08:00:53 +00:00
2013-09-15 08:00:53 +00:00
} elseif ($_POST['submit'] == 'Delete') { //Delete
2013-04-24 08:00:23 +00:00
if (!is_number($_POST['id']) || $_POST['id'] == '') {
error(0);
}
2013-06-17 08:01:02 +00:00
$DB->query('
DELETE FROM do_not_upload
WHERE ID = '.$_POST['id']);
2011-03-28 14:21:28 +00:00
} else { //Edit & Create, Shared Validation
2013-10-19 08:01:09 +00:00
$Val->SetFields('name', '1', 'string', 'The name must be set, have a maximum length of 100 characters, and have a minimum length of 5 characters.', array('maxlength' => 100, 'minlength' => 5));
2013-06-17 08:01:02 +00:00
$Val->SetFields('comment', '0', 'string', 'The description has a maximum length of 255 characters.', array('maxlength' => 255));
2013-04-24 08:00:23 +00:00
$Err = $Val->ValidateForm($_POST); // Validate the form
if ($Err) {
error($Err);
}
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
$P = array();
$P = db_array($_POST); // Sanitize the form
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
if ($_POST['submit'] == 'Edit') { //Edit
if (!is_number($_POST['id']) || $_POST['id'] == '') {
error(0);
}
$DB->query("
UPDATE do_not_upload
SET
2013-06-17 08:01:02 +00:00
Name = '$P[name]',
Comment = '$P[comment]',
UserID = '$LoggedUser[ID]',
Time = '".sqltime()."'
WHERE ID = '$P[id]'");
2011-03-28 14:21:28 +00:00
} else { //Create
2013-06-17 08:01:02 +00:00
$DB->query("
INSERT INTO do_not_upload
2013-08-09 08:00:53 +00:00
(Name, Comment, UserID, Time, Sequence)
2013-06-17 08:01:02 +00:00
VALUES
2013-08-09 08:00:53 +00:00
('$P[name]','$P[comment]','$LoggedUser[ID]','".sqltime()."', 9999)");
2011-03-28 14:21:28 +00:00
}
}
// Go back
header('Location: tools.php?action=dnu')
?>