source: npc_save.php@ 17

Last change on this file since 17 was 17, checked in by maron, 17 years ago

automatické zrušení zkontrolování při editování textu
File size: 2.8 KB
Line 
1<?php
2
3 include('includes/global.php');
4
5 // SQL injection hack protection
6 foreach($_POST as $Index => $Item) $_POST[$Index] = addslashes($Item);
7 foreach($_GET as $Index => $Item) $_GET[$Index] = addslashes($Item);
8
9 //ochrana proti neoprávnìnému pøístupu
10 if (Licence(0) == false) { die('Nemáte pøístup do této sekce! Pøihla¹te se...'); }
11
12 if (array_key_exists('entry', $_POST)) {
13
14 $entry = mysql_escape_string($_POST['entry']);
15
16 for ($i=0; $i<count($npc_text); ++$i) {
17 $npc_text_save[$i] = @$_POST[$npc_text[$i]];
18 }
19
20 $UserID = mysql_escape_string($_SESSION['UserID']);
21 $npc_ID = mysql_escape_string($_POST['ID']);
22 $Language = mysql_escape_string($_POST['Language']);
23 if (array_key_exists('End', $_POST))
24 $complete = 1;
25 else
26 $complete = 0;
27
28 if (array_key_exists('Repair', $_POST) and Licence(1)) {
29 $Line = mysql_fetch_array($Database->SQLCommand("SELECT user FROM npc_text Where ID = '$npc_ID'"));
30 $UserID = $Line['user'];
31 $complete = 1;
32 WriteLog('NPC_text: '.$entry.' Opraven moderátorem! <a href="npc_form.php?ID='.$npc_ID.'">'.$npc_ID.'</a>', 4);
33 }
34
35 $Line = mysql_fetch_array($Database->SQLCommand("SELECT * FROM npc_text WHERE user='$UserID' AND entry = '$entry'"));
36 if (!$Line) {
37
38 $sql = "INSERT INTO `npc_text` (";
39 for ($i=0; $i<count($npc_text); ++$i) {
40 $sql .= " `".$npc_text[$i]."` , ";
41 }
42 $sql .= " `Complete` , `Take` , `User` , `Vote` , `CountVote` , `Language` , `entry` ) VALUES(";
43 for ($i=0; $i<count($npc_text); ++$i) {
44 $sql .= "'".$npc_text_save[$i]."',";
45 }
46 $sql .= " '$complete' , '$npc_ID' , '$UserID' , '3' , '1' , '$Language' , '$entry')";
47
48 echo 'NPC_text: '.$entry.' ulo¾en!<br />';
49 WriteLog('NPC_text: '.$entry.' ulo¾en! Pøevzat z: <a href="npc_form.php?ID='.$npc_ID.'">Aj npc_text'.$npc_ID.'</a>', 6);
50 } else {
51 $sql = "UPDATE npc_text SET ";
52 for ($i=0; $i<count($npc_text); ++$i) {
53 $sql .= " ".$npc_text[$i]." = '".$npc_text_save[$i]."' , ";
54 }
55 $sql .= " Language = '$Language' , Complete = '$complete' , Take = '$npc_ID' , User = '$UserID' ,
56 Vote = '3' , CountVote = '1' , entry = '$entry', admin_check = '0' WHERE ID = ".$npc_ID." AND Language <> 0 ";
57
58 echo 'Zmìny v Npc_textu: '.$entry.' ulo¾eny!<br />';
59 WriteLog('Zmìny v npc_textu: '.$entry.' ulo¾eny!
60 <a href="npc_form.php?ID='.$npc_ID.'">'.$npc_ID.'</a>', 6);
61 $Database->SQLCommand("DELETE FROM `npc_vote` WHERE `npc_vote`.`IDnpc` = ".$npc_ID);
62 }
63 //echo $sql;
64 $Database->SQLCommand($sql);
65
66 echo 'Pøekládat: <a href="npc_list.php?notran">Nepøelo¾ené</a> ';
67
68 }
69
70 ShowFooter();
71?>
Note: See TracBrowser for help on using the repository browser.