Location: PHPKode > projects > TheoPlan > pm/admin/post.php
<?php
	/*
		Copyright (C) 2003-2004 MJG/04-Inconceivable.org
		See file LICENSE for licensing details.
		See file VERSION for versioning/author/source details
		See file CHANGELOG for changes from version to version
	*/
	// Include configuration data
	include("../dbaccess.inc");
	include("../global_config.inc.php");

	// connect to the database
	$CONF['dbConn']= OpenDB();

	// Authenticate via the set cookie from index.php
	if ( md5($CONF['adm_user'] . $CONF['adm_pass']) != $_COOKIE['mcal_adm_auth'] )
	{
		header("Location: index.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today'] . "\n\n");
		exit(1);
	}

	// Clean up event input
	if ( isset($FORM['day_title']))
		$day_title	= $FORM['day_title'];
	else
		$day_title = "";

	if ( isset($FORM['day_event']))
		$day_event	= $FORM['day_event'];
	else
		$day_event = "";

	if (isset($FORM['html']) )
		$show_html	= intval($FORM['html']);

	// Setup an sql-style date
	$sql_date = mktime(0, 0, 0, $month, $today, $year);

	if ( (isset($_GET['del'])) && ($_GET['del'] == 1) )
	{
		$eventQuery = "DELETE FROM calendar WHERE ca_date = '$sql_date';";
		$eventExec = TQueryDB($CONF['dbConn'], $eventQuery);
		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
		exit();
	}



	//no title, no comply
	if ( strlen($day_title) < 1 )
	{
		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
		exit();
	}

	// Check to see if we're inserting new or updating entry
	$Q = "SELECT ca_num FROM calendar WHERE ca_date = $sql_date";
	$STH = QueryDB($CONF['dbConn'], $Q);

	if ( $STH )
	{
		$update=0;

		if ( pg_num_rows($STH) > 0 )
		{
			$update = 1;
		}
	}
	else { }

	$day_title_safe = addslashes($day_title);
	$day_event_safe = addslashes($day_event);
	if ( $show_html ) { $show_html = 1; } else { $show_html = 0; }

	if ( $update == 1 )
	{
		// UPDATE
//		$postQuery = "UPDATE " . $CONF['tbl_cal'] . " SET title = '$day_title_safe', event = '$day_event_safe', html = '$show_html' WHERE date = '$sql_date';";
		$postQuery = "UPDATE calendar SET ca_title = '$day_title_safe', ca_text = '$day_event_safe' WHERE ca_date = $sql_date";
//		$postExec = mysql_query($postQuery) or die("Could not Post UPDATE Cal Event to database!");
		TQueryDB($CONF['dbConn'], $postQuery);
		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
	}
	else
	{
		// INSERT
//		$postQuery = "INSERT INTO " . $CONF['tbl_cal'] . " (date,title,event,html) VALUES ('$sql_date','$day_title_safe','$day_event_safe','$show_html');";
		$postQuery = "SELECT co_calendar FROM COUNTER";
		$result = QueryDB($CONF['dbConn'], $postQuery);

		if ( $result) {
		   $data = pg_fetch_row($result, 0);
		   $co_calendar = $data[0] + 1;
		} else {
		   $co_calendar = 0;
		}

		if ($co_calendar > 0) {
		   $postQuery = "INSERT INTO calendar (ca_num, ca_date, ";
		   $postQuery .= "ca_title, ca_text, ca_status) VALUES ";
		   $postQuery .= "($co_calendar, $sql_date, ";
		   $postQuery .= "'$day_title_safe', '$day_event_safe', 1)";

		   QueryDB($CONF['dbConn'], "begin");

		   if (!QueryDB($CONF['dbConn'], $postQuery)) {
		      QueryDB($CONF['dbConn'], "rollback");
		      pg_close($CONF['dbConn']);
		      return;
		   }

		   $postQuery = "UPDATE counter SET co_calendar = $co_calendar";

		   if (!QueryDB($CONF['dbConn'], $postQuery)) {
		      QueryDB($CONF['dbConn'], "rollback");
		      pg_close($CONF['dbConn']);
		      return;
		   }

		   QueryDB($CONF['dbConn'], "commit");
		}

		header("Location: admin.php?year=" . $FORM['year'] . "&month=" . $FORM['month'] . "&today=" . $FORM['today']);
	}
?>
Return current item: TheoPlan