2011-03-28 14:21:28 +00:00
< ?
2013-04-24 08:00:23 +00:00
if ( ! check_perms ( 'admin_dnu' )) {
error ( 403 );
}
2011-03-28 14:21:28 +00:00
authorize ();
2013-09-15 08:00:53 +00:00
if ( $_POST [ 'submit' ] == 'Reorder' ) { // Reorder
2013-10-19 08:01:09 +00:00
foreach ( $_POST [ 'item' ] as $Position => $Item ) {
$Position = db_string ( $Position );
$Item = db_string ( $Item );
2015-12-25 08:00:29 +00:00
$DB -> query ( "
2013-10-19 08:01:09 +00:00
UPDATE `do_not_upload`
2015-12-25 08:00:29 +00:00
SET `Sequence` = '" . $Position . "'
WHERE `id` = '" . $Item . "' " );
2013-10-19 08:01:09 +00:00
}
2013-08-09 08:00:53 +00:00
2013-09-15 08:00:53 +00:00
} elseif ( $_POST [ 'submit' ] == 'Delete' ) { //Delete
2013-04-24 08:00:23 +00:00
if ( ! is_number ( $_POST [ 'id' ]) || $_POST [ 'id' ] == '' ) {
error ( 0 );
}
2013-06-17 08:01:02 +00:00
$DB -> query ( '
DELETE FROM do_not_upload
WHERE ID = '.$_POST[' id ' ]);
2011-03-28 14:21:28 +00:00
} else { //Edit & Create, Shared Validation
2013-10-19 08:01:09 +00:00
$Val -> SetFields ( 'name' , '1' , 'string' , 'The name must be set, have a maximum length of 100 characters, and have a minimum length of 5 characters.' , array ( 'maxlength' => 100 , 'minlength' => 5 ));
2013-06-17 08:01:02 +00:00
$Val -> SetFields ( 'comment' , '0' , 'string' , 'The description has a maximum length of 255 characters.' , array ( 'maxlength' => 255 ));
2013-04-24 08:00:23 +00:00
$Err = $Val -> ValidateForm ( $_POST ); // Validate the form
if ( $Err ) {
error ( $Err );
}
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
$P = array ();
$P = db_array ( $_POST ); // Sanitize the form
2011-03-28 14:21:28 +00:00
2013-04-24 08:00:23 +00:00
if ( $_POST [ 'submit' ] == 'Edit' ) { //Edit
if ( ! is_number ( $_POST [ 'id' ]) || $_POST [ 'id' ] == '' ) {
error ( 0 );
}
$DB -> query ( "
UPDATE do_not_upload
SET
2013-06-17 08:01:02 +00:00
Name = '$P[name]' ,
Comment = '$P[comment]' ,
UserID = '$LoggedUser[ID]' ,
Time = '".sqltime()."'
WHERE ID = '$P[id]' " );
2011-03-28 14:21:28 +00:00
} else { //Create
2013-06-17 08:01:02 +00:00
$DB -> query ( "
INSERT INTO do_not_upload
2013-08-09 08:00:53 +00:00
( Name , Comment , UserID , Time , Sequence )
2013-06-17 08:01:02 +00:00
VALUES
2013-08-09 08:00:53 +00:00
( '$P[name]' , '$P[comment]' , '$LoggedUser[ID]' , '".sqltime()."' , 9999 ) " );
2011-03-28 14:21:28 +00:00
}
}
// Go back
header ( 'Location: tools.php?action=dnu' )
?>