Subversion Repositories public

Rev

Blame | Last modification | View Log | RSS feed

<?php
        /*
                Copyright (C) 2003-2004 MJG/04-Inconceivable.org
                See file LICENSE for licensing details.
                See file VERSION for versioning/author/source details
                See file CHANGELOG for changes from version to version
        */
        // Include configuration data
        include("../dbaccess.inc");
        include("../global_config.inc.php");

        // connect to the database
        $CONF['dbConn']= OpenDB();

        // Authenticate via the set cookie from index.php
        if ( md5($CONF['adm_user'] . $CONF['adm_pass']) != $_COOKIE['mcal_adm_auth'] )
        {
                header("Location: index.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today'] . "\n\n");
                exit(1);
        }

        // Clean up event input
        if ( isset($FORM['day_title']))
                $day_title      = $FORM['day_title'];
        else
                $day_title = "";

        if ( isset($FORM['day_event']))
                $day_event      = $FORM['day_event'];
        else
                $day_event = "";

        if (isset($FORM['html']) )
                $show_html      = intval($FORM['html']);

        // Setup an sql-style date
        $sql_date = mktime(0, 0, 0, $month, $today, $year);

        if ( (isset($_GET['del'])) && ($_GET['del'] == 1) )
        {
                $eventQuery = "DELETE FROM calendar WHERE ca_date = '$sql_date';";
                $eventExec = TQueryDB($CONF['dbConn'], $eventQuery);
                header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
                exit();
        }



        //no title, no comply
        if ( strlen($day_title) < 1 )
        {
                header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
                exit();
        }

        // Check to see if we're inserting new or updating entry
        $Q = "SELECT ca_num FROM calendar WHERE ca_date = $sql_date";
        $STH = QueryDB($CONF['dbConn'], $Q);

        if ( $STH )
        {
                $update=0;

                if ( pg_num_rows($STH) > 0 )
                {
                        $update = 1;
                }
        }
        else { }

        $day_title_safe = addslashes($day_title);
        $day_event_safe = addslashes($day_event);
        if ( $show_html ) { $show_html = 1; } else { $show_html = 0; }

        if ( $update == 1 )
        {
                // UPDATE
//              $postQuery = "UPDATE " . $CONF['tbl_cal'] . " SET title = '$day_title_safe', event = '$day_event_safe', html = '$show_html' WHERE date = '$sql_date';";
                $postQuery = "UPDATE calendar SET ca_title = '$day_title_safe', ca_text = '$day_event_safe' WHERE ca_date = $sql_date";
//              $postExec = mysql_query($postQuery) or die("Could not Post UPDATE Cal Event to database!");
                TQueryDB($CONF['dbConn'], $postQuery);
                header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
        }
        else
        {
                // INSERT
//              $postQuery = "INSERT INTO " . $CONF['tbl_cal'] . " (date,title,event,html) VALUES ('$sql_date','$day_title_safe','$day_event_safe','$show_html');";
                $postQuery = "SELECT co_calendar FROM COUNTER";
                $result = QueryDB($CONF['dbConn'], $postQuery);

                if ( $result) {
                   $data = pg_fetch_row($result, 0);
                   $co_calendar = $data[0] + 1;
                } else {
                   $co_calendar = 0;
                }

                if ($co_calendar > 0) {
                   $postQuery = "INSERT INTO calendar (ca_num, ca_date, ";
                   $postQuery .= "ca_title, ca_text, ca_status) VALUES ";
                   $postQuery .= "($co_calendar, $sql_date, ";
                   $postQuery .= "'$day_title_safe', '$day_event_safe', 1)";

                   QueryDB($CONF['dbConn'], "begin");

                   if (!QueryDB($CONF['dbConn'], $postQuery)) {
                      QueryDB($CONF['dbConn'], "rollback");
                      pg_close($CONF['dbConn']);
                      return;
                   }

                   $postQuery = "UPDATE counter SET co_calendar = $co_calendar";

                   if (!QueryDB($CONF['dbConn'], $postQuery)) {
                      QueryDB($CONF['dbConn'], "rollback");
                      pg_close($CONF['dbConn']);
                      return;
                   }

                   QueryDB($CONF['dbConn'], "commit");
                }

                header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
        }
?>