-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathevent.php
132 lines (112 loc) · 4.43 KB
/
event.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
<?php
require 'lib/function.php';
$meta['noindex'] = true;
$_GET['id'] = filter_int($_GET['id']);
$_GET['action'] = filter_string($_GET['action']);
if (!$loguser['id']) {
errorpage("You are not logged in.",'login.php', 'log in (then try again)');
}
if ($banned) {
errorpage("You are banned and cannot create or edit events.",'calendar.php', 'return to the calendar');
}
//if (!$_GET['id']) {
// errorpage("No event ID specified.",'calendar.php', 'return to the calendar');
//}
// Editing an event?
if ($_GET['id']) {
$event = $sql->fetchq("SELECT * FROM events WHERE id = {$_GET['id']}");
if (!$event) {
errorpage("Event ID #{$_GET['id']} doesn't exist.",'calendar.php', 'return to the calendar');
}
if (!$isadmin && $event['user'] != $loguser['id']) {
errorpage("This isn't your event.",'calendar.php', 'return to the calendar');
}
} else {
$date = getdate(time());
$event = array('title'=>'','text'=>'','private'=>'','m'=>$date['mon'],'d'=>$date['mday'],'y'=>$date['year']);
}
if ($_GET['action'] == "delete") {
if (!$_GET['id']) {
errorpage("No event selected for deletion.",'calendar.php', 'return to the calendar',0);
}
$message = "Are you sure you want to <b>DELETE</b> this event?";
$form_link = "event.php?action=delete&id={$_GET['id']}";
$buttons = array(
0 => ["Delete event"],
1 => ["Cancel", "calendar.php?event={$_GET['id']}"]
);
if (confirmpage($message, $form_link, $buttons)) {
$sql->query("DELETE FROM events WHERE id = {$_GET['id']}");
errorpage("Thank you, {$loguser['name']}, for deleting the event.","calendar.php","return to the calendar",0);
}
}
if (isset($_POST['submit'])) {
check_token($_POST['auth']);
$title = filter_string($_POST['title'], true);
$message = filter_string($_POST['message'], true);
$private = filter_int($_POST['private']);
$m = filter_int($_POST['m']);
$d = filter_int($_POST['d']);
$y = filter_int($_POST['y']);
if (!$title) errorpage("The title of the event cannot be blank.",'calendar.php', 'return to the calendar');
if (!$message) errorpage("The message of the event cannot be blank.",'calendar.php', 'return to the calendar');
if (!checkdate($m,$d,$y)) errorpage("The date you have selected is invalid.",'calendar.php', 'return to the calendar');
$values = array (
'title' => xssfilters($title),
'text' => xssfilters($message),
'private' => $private,
'm' => $m,
'd' => $d,
'y' => $y,
);
if (!$_GET['id'])
$q = "INSERT INTO events SET d=:d,m=:m,y=:y,title=:title,text=:text,private=:private,user={$loguser['id']}";
else
$q = "UPDATE events SET d=:d,m=:m,y=:y,title=:title,text=:text,private=:private WHERE id = {$_GET['id']}";
$sql->queryp($q, $values);
if (!$_GET['id']) {
$_GET['id'] = $sql->insert_id();
}
return header("Location: calendar.php?event={$_GET['id']}");
} else {
pageheader();
?>
<form method="POST" action="event.php?action=edit&id=<?=$_GET['id']?>">
<table class="table">
<tr><td class="tdbgh center" colspan=2><b><?=(!$_GET['id'] ? "New Event" : "Editing Event #{$_GET['id']}")?></b></td></tr>
<tr>
<td class='tdbg1 center b'>Event title:</td>
<td class='tdbg2'><input type="text" name="title" size=80 maxlength=200 value="<?=htmlspecialchars($event['title'])?>"></td>
</tr>
<tr>
<td class='tdbg1 center b'>Message:</td>
<td class='tdbg2'><textarea wrap=virtual name=message ROWS=6 COLS=<?=$numcols?> style="width: 100%; max-width: 800px; resize:vertical;"><?=htmlspecialchars($event['text'])?></textarea></td>
</tr>
<tr>
<td class='tdbg1 center b'>Event date:</td>
<td class='tdbg2'>
<input type="text" name="m" value="<?=$event['m']?>" size=1 maxlength=2 style='text-align: right'>-
<input type="text" name="d" value="<?=$event['d']?>" size=1 maxlength=2 style='text-align: right'>-
<input type="text" name="y" value="<?=$event['y']?>" size=3 maxlength=4 style='text-align: right'>
<span class="fonts">(mm/dd/yyyy)</span>
</td>
</tr>
<tr>
<td class='tdbg1 center'> </td>
<td class='tdbg2'>
<?= auth_tag() ?>
<input type='submit' class=submit name=submit VALUE="Edit event">
</td>
</tr>
<tr>
<td class='tdbg1 center b'>Options:</td>
<td class='tdbg2'>
<input type='checkbox' name="private" id="private" value="1" <?=($event['private'] ? "checked" : "")?>><label for="private">Private</label>
</td>
</tr>
</table>
</form>
<?php
}
pagefooter();
?>