source: quests/npc_save.php@ 263

Last change on this file since 263 was 263, checked in by maron, 17 years ago

Páru oprav
File size: 2.6 KB
Line 
1<?php
2
3 include('includes/global.php');
4
5 // SQL injection hack protection
6 foreach($_POST as $Index => $Item) $_POST[$Index] = addslashes($Item);
7 foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($Item);
8
9 if (array_key_exists('entry', $_POST)) {
10
11 $entry = mysql_escape_string($_POST['entry']);
12
13 for ($i=0; $i<count($npc_text); ++$i) {
14 $npc_text_save[$i] = @$_POST[$npc_text[$i]];
15 }
16
17 $UserID = mysql_escape_string($_SESSION['UserID']);
18 $npc_ID = mysql_escape_string($_POST['ID']);
19 $Language = mysql_escape_string($_POST['Language']);
20 if (array_key_exists('End', $_POST))
21 $complete = 1;
22 else
23 $complete = 0;
24
25 if (array_key_exists('Repair', $_POST) and Licence(1)) {
26 $Line = mysql_fetch_array($Database->SQLCommand("SELECT user FROM npc_text Where ID = '$npc_ID'"));
27 $UserID = $Line['user'];
28 $complete = 1;
29 WriteLog('NPC_text: '.$entry.' Opraven moderátorem! <a href="npc_form.php?ID='.$npc_ID.'">'.$npc_ID.'</a>', 4);
30 }
31
32 $Line = mysql_fetch_array($Database->SQLCommand("SELECT * FROM npc_text WHERE user='$UserID' AND entry = '$entry'"));
33 if (!$Line) {
34
35 $sql = "INSERT INTO `npc_text` (";
36 for ($i=0; $i<count($npc_text); ++$i) {
37 $sql .= " `".$npc_text[$i]."` , ";
38 }
39 $sql .= " `Complete` , `Take` , `User` , `Vote` , `CountVote` , `Language` , `entry` ) VALUES(";
40 for ($i=0; $i<count($npc_text); ++$i) {
41 $sql .= "'".$npc_text_save[$i]."',";
42 }
43 $sql .= " '$complete' , '$npc_ID' , '$UserID' , '3' , '1' , '$Language' , '$entry')";
44
45 echo 'NPC_text: '.$entry.' ulo¾en!<br />';
46 WriteLog('NPC_text: '.$entry.' ulo¾en! Pøevzat z: <a href="npc_form.php?ID='.$npc_ID.'">Aj npc_text'.$npc_ID.'</a>', 6);
47 } else {
48 $sql = "UPDATE npc_text SET ";
49 for ($i=0; $i<count($npc_text); ++$i) {
50 $sql .= " ".$npc_text[$i]." = '".$npc_text_save[$i]."' , ";
51 }
52 $sql .= " Language = '$Language' , Complete = '$complete' , Take = '$npc_ID' , User = '$UserID' ,
53 Vote = '3' , CountVote = '1' , entry = '$entry' WHERE ID = ".$npc_ID." AND Language <> 0 ";
54
55 echo 'Zmìny v Npc_textu: '.$entry.' ulo¾eny!<br />';
56 WriteLog('Zmìny v npc_textu: '.$entry.' ulo¾eny!
57 <a href="npc_form.php?ID='.$npc_ID.'">'.$npc_ID.'</a>', 1);
58 $Database->SQLCommand("DELETE FROM `npc_vote` WHERE `npc_vote`.`IDnpc` = ".$npc_ID);
59 }
60 //echo $sql;
61 $Database->SQLCommand($sql);
62
63 echo 'Pøekládat: <a href="npc_list.php?notran">Nepøelo¾ené</a> ';
64
65 }
66
67 ShowFooter();
68?>
Note: See TracBrowser for help on using the repository browser.