Mercurial > hg > fapweb
diff admajax.php @ 651:ad266a57eb23
Improve compo data updates.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Mon, 03 Nov 2014 04:09:05 +0200 |
parents | a9d10fa6c890 |
children | 1a49315995e3 |
line wrap: on
line diff
--- a/admajax.php Mon Nov 03 04:08:31 2014 +0200 +++ b/admajax.php Mon Nov 03 04:09:05 2014 +0200 @@ -10,32 +10,47 @@ require_once "msession.inc.php"; -function stValidateRequestCompoData($full) +function stValidateRequestCompoData($full, $ctype) { + $res = TRUE; + if (!stChkRequestItem("name", $fake, array(CHK_ISGT, VT_STR, 0, "Compo name too short"), - array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_NAME, "Compo name too long.")) || - !stChkRequestItem("description", $fake, + array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_NAME, "Compo name too long."))) + $res = FALSE; + + if (!stChkRequestItem("description", $fake, array(CHK_ISGT, VT_STR, 10, "Compo description too short"), array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_DESC, "Compo description too long."))) - return FALSE; - + $res = FALSE; + + // Not a full check? if (!$full) - return TRUE; + return $res; - return - stChkRequestItem("visible", $fake, - array(CHK_TYPE, VT_BOOL, "Invalid data.") - ) && - stChkRequestItem("voting", $fake, - array(CHK_TYPE, VT_BOOL, "Invalid data.") - ) && - stChkRequestItem("show_authors", $fake, - array(CHK_TYPE, VT_BOOL, "Invalid data.") - ) && - stChkRequestItem("cpath", $fake, - array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_PATH, "Compo file path too long.") - ); + // Check by compo type + switch ($ctype) + { + case COMPO_NORMAL: + if (!stChkRequestItem("voting", $fake, + array(CHK_TYPE, VT_BOOL, "Invalid data."))) + $res = FALSE; + break; + } + + if (!stChkRequestItem("visible", $fake, + array(CHK_TYPE, VT_BOOL, "Invalid data."))) + $res = FALSE; + + if (!stChkRequestItem("show_authors", $fake, + array(CHK_TYPE, VT_BOOL, "Invalid data."))) + $res = FALSE; + + if (!stChkRequestItem("cpath", $fake, + array(CHK_LTEQ, VT_STR, SET_LEN_COMPO_PATH, "Compo file path too long."))) + $res = FALSE; + + return $res; } @@ -101,8 +116,7 @@ return " <h2>#".$id." - ".chentities($item["name"])."</h2>\n". - " Type: ".stGetOptionListFromArray("cotype".$id, " ", FALSE, $compoModeData, $item["ctype"], 0)." ". - stGetFormButtonInput("change", $id, $prefix, "Change", "updateCompoType(".$id.")"). + " Type: ".stGetOptionListFromArray("cotype".$id, " ", FALSE, $compoModeData, $item["ctype"], 0, "updateCompoType(".$id.")"). " - ".$compoModeData[$item["ctype"]][1]."<br />\n". " Name: ".stGetFormTextInput(40, SET_LEN_COMPO_NAME, "name", $id, $prefix, $item["name"])."<br />\n". " File path: ".stGetFormTextInput(40, SET_LEN_COMPO_PATH, "cpath", $id, $prefix, $item["cpath"])."<br />\n". @@ -1525,20 +1539,34 @@ stExecSQLCond($sql, "OK, compo updated."); } else - if ($type == "compo" && stValidateRequestCompoData(TRUE)) + if ($type == "compo") { - $sql = stPrepareSQLUpdate("compos", - "WHERE id=".$id, - array( - "name" => "S", - "description" => "Q", - "visible" => "B", - "voting" => "B", - "show_authors" => "B", - "cpath" => "S", - )); - - stExecSQLCond($sql, "OK, compo updated."); + if (($compo = stFetchSQL("SELECT * FROM compos WHERE id=".$id)) !== false) + { + if (stValidateRequestCompoData(TRUE, $compo["ctype"])) + { + $skeys = array( + "name" => "S", + "description" => "Q", + "visible" => "B", + "show_authors" => "B", + "cpath" => "S", + ); + + switch ($compo["ctype"]) + { + case COMPO_NORMAL: + $skeys["voting"] = "B"; + break; + } + + $sql = stPrepareSQLUpdate("compos", "WHERE id=".$id, $skeys); + error_log("XXX: ".$sql); +// stExecSQLCond($sql, "OK, compo updated."); + } + } + else + stError("No such compo ID."); } else if ($type == "entry" && stValidateRequestEntryData($compo_id))