Mercurial > hg > fapweb
diff admajax.php @ 209:3870601c17c3
More work.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Sun, 17 Nov 2013 20:20:54 +0200 |
| parents | 8985d2bdb29b |
| children | cafc05949a19 |
line wrap: on
line diff
--- a/admajax.php Sun Nov 17 20:04:50 2013 +0200 +++ b/admajax.php Sun Nov 17 20:20:54 2013 +0200 @@ -416,77 +416,6 @@ // // Update existing entry // - if ($type == "attendees" && stCheckRequestUserData(TRUE)) - { - $sql = stPrepareSQLUpdate("attendees", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "groups" => "S", - "email" => "S", - "oneliner" => "S", - )); - - stExecSQLCond($sql, "OK, attendee updated."); - } - else - if ($type == "news" && stChkRequestItem("id") && - stChkRequestItem("text") && stChkRequestItem("author") && - stChkRequestItem("title")) - { - $sql = stPrepareSQLUpdate("news", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "title" => "S", - "text" => "Q", - "author" => "S" - )); - - stExecSQLCond($sql, "OK, news item updated."); - } - else - if ($type == "compo" && stChkRequestItem("id") && - stChkRequestItem("name") && stChkRequestItem("description") && - stChkRequestItem("visible") && stChkRequestItem("voting") && - stChkRequestItem("showAuthors")) - { - $sql = stPrepareSQLUpdate("compos", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "description" => "Q", - "visible" => "B", - "voting" => "B", - "showAuthors" => "B", - )); - - stExecSQLCond($sql, "OK, compo updated."); - } - else - if ($type == "entry" && stChkRequestItem("id") && - stChkRequestItem("name") && stChkRequestItem("author") && - stChkRequestItem("compo_id")) - { - $cid = stGetRequestItem("compo_id"); - if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$cid) === FALSE) - { - stError("No such compo id."); - } - else - { - $sql = stPrepareSQLUpdate("entries", - "WHERE id=".intval(stGetRequestItem("id")), - array( - "name" => "S", - "author" => "S", - "filename" => "S", - "compo_id" => "D", - )); - - stExecSQLCond($sql, "OK, entry updated."); - } - } - else if ($type == "settings") { foreach (stExecSQL("SELECT * FROM settings") as $item) @@ -496,6 +425,79 @@ stExecSQLCond($sql, "OK, setting updated."); } } + if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data."))) + { + if ($type == "attendees" && stCheckRequestUserData(TRUE)) + { + $sql = stPrepareSQLUpdate("attendees", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "groups" => "S", + "email" => "S", + "oneliner" => "S", + )); + + stExecSQLCond($sql, "OK, attendee updated."); + } + else + if ($type == "news" && + stChkRequestItem("text") && stChkRequestItem("author") && + stChkRequestItem("title")) + { + $sql = stPrepareSQLUpdate("news", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "title" => "S", + "text" => "Q", + "author" => "S" + )); + + stExecSQLCond($sql, "OK, news item updated."); + } + else + if ($type == "compo" && + stChkRequestItem("name") && stChkRequestItem("description") && + stChkRequestItem("visible") && stChkRequestItem("voting") && + stChkRequestItem("showAuthors")) + { + $sql = stPrepareSQLUpdate("compos", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "description" => "Q", + "visible" => "B", + "voting" => "B", + "showAuthors" => "B", + )); + + stExecSQLCond($sql, "OK, compo updated."); + } + else + if ($type == "entry" && + stChkRequestItem("name") && stChkRequestItem("author") && + stChkRequestItem("compo_id")) + { + $cid = stGetRequestItem("compo_id"); + if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$cid) === FALSE) + { + stError("No such compo id."); + } + else + { + $sql = stPrepareSQLUpdate("entries", + "WHERE id=".intval(stGetRequestItem("id")), + array( + "name" => "S", + "author" => "S", + "filename" => "S", + "compo_id" => "D", + )); + + stExecSQLCond($sql, "OK, entry updated."); + } + } + } break; default: