diff admajax.php @ 209:3870601c17c3

More work.
author Matti Hamalainen <ccr@tnsp.org>
date Sun, 17 Nov 2013 20:20:54 +0200
parents 8985d2bdb29b
children cafc05949a19
line wrap: on
line diff
--- a/admajax.php	Sun Nov 17 20:04:50 2013 +0200
+++ b/admajax.php	Sun Nov 17 20:20:54 2013 +0200
@@ -416,77 +416,6 @@
     //
     // Update existing entry
     //
-    if ($type == "attendees" && stCheckRequestUserData(TRUE))
-    {
-      $sql = stPrepareSQLUpdate("attendees",
-        "WHERE id=".intval(stGetRequestItem("id")),
-        array(
-          "name" => "S",
-          "groups" => "S",
-          "email" => "S",
-          "oneliner" => "S",
-        ));
-
-      stExecSQLCond($sql, "OK, attendee updated.");
-    }
-    else
-    if ($type == "news" && stChkRequestItem("id") &&
-      stChkRequestItem("text") && stChkRequestItem("author") &&
-      stChkRequestItem("title"))
-    {
-      $sql = stPrepareSQLUpdate("news",
-        "WHERE id=".intval(stGetRequestItem("id")),
-        array(
-          "title" => "S",
-          "text" => "Q",
-          "author" => "S"
-        ));
-
-      stExecSQLCond($sql, "OK, news item updated.");
-    }
-    else
-    if ($type == "compo" && stChkRequestItem("id") &&
-      stChkRequestItem("name") && stChkRequestItem("description") &&
-      stChkRequestItem("visible") && stChkRequestItem("voting") &&
-      stChkRequestItem("showAuthors"))
-    {
-      $sql = stPrepareSQLUpdate("compos",
-        "WHERE id=".intval(stGetRequestItem("id")),
-        array(
-          "name" => "S",
-          "description" => "Q",
-          "visible" => "B",
-          "voting" => "B",
-          "showAuthors" => "B",
-        ));
-
-      stExecSQLCond($sql, "OK, compo updated.");
-    }
-    else
-    if ($type == "entry" && stChkRequestItem("id") &&
-      stChkRequestItem("name") && stChkRequestItem("author") &&
-      stChkRequestItem("compo_id"))
-    {
-      $cid = stGetRequestItem("compo_id");
-      if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$cid) === FALSE)
-      {
-        stError("No such compo id.");
-      }
-      else
-      {
-        $sql = stPrepareSQLUpdate("entries",
-          "WHERE id=".intval(stGetRequestItem("id")),
-          array(
-            "name" => "S",
-            "author" => "S",
-            "filename" => "S",
-            "compo_id" => "D",
-          ));
-
-        stExecSQLCond($sql, "OK, entry updated.");
-      }
-    }
-    else
     if ($type == "settings")
     {
       foreach (stExecSQL("SELECT * FROM settings") as $item)
@@ -496,6 +425,79 @@
         stExecSQLCond($sql, "OK, setting updated.");
       }
     }
+    if (stChkRequestItem("id", $id, array(CHK_TYPE, VT_INT, "Invalid data.")))
+    {
+      if ($type == "attendees" && stCheckRequestUserData(TRUE))
+      {
+        $sql = stPrepareSQLUpdate("attendees",
+          "WHERE id=".intval(stGetRequestItem("id")),
+          array(
+            "name" => "S",
+            "groups" => "S",
+            "email" => "S",
+            "oneliner" => "S",
+          ));
+
+        stExecSQLCond($sql, "OK, attendee updated.");
+      }
+      else
+      if ($type == "news" &&
+        stChkRequestItem("text") && stChkRequestItem("author") &&
+        stChkRequestItem("title"))
+      {
+        $sql = stPrepareSQLUpdate("news",
+          "WHERE id=".intval(stGetRequestItem("id")),
+          array(
+            "title" => "S",
+            "text" => "Q",
+            "author" => "S"
+          ));
+
+        stExecSQLCond($sql, "OK, news item updated.");
+      }
+      else
+      if ($type == "compo" &&
+        stChkRequestItem("name") && stChkRequestItem("description") &&
+        stChkRequestItem("visible") && stChkRequestItem("voting") &&
+        stChkRequestItem("showAuthors"))
+      {
+        $sql = stPrepareSQLUpdate("compos",
+          "WHERE id=".intval(stGetRequestItem("id")),
+          array(
+            "name" => "S",
+            "description" => "Q",
+            "visible" => "B",
+            "voting" => "B",
+            "showAuthors" => "B",
+          ));
+
+        stExecSQLCond($sql, "OK, compo updated.");
+      }
+      else
+      if ($type == "entry" &&
+        stChkRequestItem("name") && stChkRequestItem("author") &&
+        stChkRequestItem("compo_id"))
+      {
+        $cid = stGetRequestItem("compo_id");
+        if (stFetchSQLColumn("SELECT id FROM compos WHERE id=".$cid) === FALSE)
+        {
+          stError("No such compo id.");
+        }
+        else
+        {
+          $sql = stPrepareSQLUpdate("entries",
+            "WHERE id=".intval(stGetRequestItem("id")),
+            array(
+              "name" => "S",
+              "author" => "S",
+              "filename" => "S",
+              "compo_id" => "D",
+            ));
+
+          stExecSQLCond($sql, "OK, entry updated.");
+        }
+      }
+    }
     break;
 
   default: