Subversion Repositories public

<?php

	/*

		Copyright (C) 2003-2004 MJG/04-Inconceivable.org

		See file LICENSE for licensing details.

		See file VERSION for versioning/author/source details

		See file CHANGELOG for changes from version to version

	*/

	// Include configuration data

	include("../dbaccess.inc");

	include("../global_config.inc.php");

	// connect to the database

	$CONF['dbConn']= OpenDB();

	// Authenticate via the set cookie from index.php

	if ( md5($CONF['adm_user'] . $CONF['adm_pass']) != $_COOKIE['mcal_adm_auth'] )

	{

		header("Location: index.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today'] . "\n\n");

		exit(1);

	}

	// Clean up event input

	if ( isset($FORM['day_title']))

		$day_title	= $FORM['day_title'];

	else

		$day_title = "";

	if ( isset($FORM['day_event']))

		$day_event	= $FORM['day_event'];

	else

		$day_event = "";

	if (isset($FORM['html']) )

		$show_html	= intval($FORM['html']);

	// Setup an sql-style date

	$sql_date = mktime(0, 0, 0, $month, $today, $year);

	if ( (isset($_GET['del'])) && ($_GET['del'] == 1) )

	{

		$eventQuery = "DELETE FROM calendar WHERE ca_date = '$sql_date';";

		$eventExec = TQueryDB($CONF['dbConn'], $eventQuery);

		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);

		exit();

	}

	//no title, no comply

	if ( strlen($day_title) < 1 )

	{

		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);

		exit();

	}

	// Check to see if we're inserting new or updating entry

	$Q = "SELECT ca_num FROM calendar WHERE ca_date = $sql_date";

	$STH = QueryDB($CONF['dbConn'], $Q);

	if ( $STH )

	{

		$update=0;

		if ( pg_num_rows($STH) > 0 )

		{

			$update = 1;

		}

	}

	else { }

	$day_title_safe = addslashes($day_title);

	$day_event_safe = addslashes($day_event);

	if ( $show_html ) { $show_html = 1; } else { $show_html = 0; }

	if ( $update == 1 )

	{

		// UPDATE

//		$postQuery = "UPDATE " . $CONF['tbl_cal'] . " SET title = '$day_title_safe', event = '$day_event_safe', html = '$show_html' WHERE date = '$sql_date';";

		$postQuery = "UPDATE calendar SET ca_title = '$day_title_safe', ca_text = '$day_event_safe' WHERE ca_date = $sql_date";

//		$postExec = mysql_query($postQuery) or die("Could not Post UPDATE Cal Event to database!");

		TQueryDB($CONF['dbConn'], $postQuery);

		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);

	}

	else

	{

		// INSERT

//		$postQuery = "INSERT INTO " . $CONF['tbl_cal'] . " (date,title,event,html) VALUES ('$sql_date','$day_title_safe','$day_event_safe','$show_html');";

		$postQuery = "SELECT co_calendar FROM COUNTER";

		$result = QueryDB($CONF['dbConn'], $postQuery);

		if ( $result) {

		   $data = pg_fetch_row($result, 0);

		   $co_calendar = $data[0] + 1;

		} else {

		   $co_calendar = 0;

		}

		if ($co_calendar > 0) {

		   $postQuery = "INSERT INTO calendar (ca_num, ca_date, ";

		   $postQuery .= "ca_title, ca_text, ca_status) VALUES ";

		   $postQuery .= "($co_calendar, $sql_date, ";

		   $postQuery .= "'$day_title_safe', '$day_event_safe', 1)";

		   QueryDB($CONF['dbConn'], "begin");

		   if (!QueryDB($CONF['dbConn'], $postQuery)) {

		      QueryDB($CONF['dbConn'], "rollback");

		      pg_close($CONF['dbConn']);

		      return;

		   }

		   $postQuery = "UPDATE counter SET co_calendar = $co_calendar";

		   if (!QueryDB($CONF['dbConn'], $postQuery)) {

		      QueryDB($CONF['dbConn'], "rollback");

		      pg_close($CONF['dbConn']);

		      return;

		   }

		   QueryDB($CONF['dbConn'], "commit");

		}

		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);

	}

?>