[Summary view] [Print] [Text view]

   1  <?php
   2  include ("connect.php");
   3  include ("loggedin.php");
   4  include ("functions.php");
   5  echo '<title>Edit Project</title></head><body>';
   6  include ("table.php");
   7  
   8  if (isset($_GET['id']) && $_SERVER['REQUEST_METHOD'] != 'POST')
   9  {
  10      $id = clean($_GET['id']);
  11      if (empty($id) || !is_numeric($id))
  12      die("Please only follow the links on the page.");
  13      
  14      $link = "SELECT * FROM projects WHERE id='$id'";
  15      $res = mysql_query($link) or die(mysql_error());
  16      $total = mysql_num_rows($res);
  17      $row = mysql_fetch_assoc($res);
  18      $priv = $row['private'];
  19      //print_r(array_values($row)); die;

  20      //ho $_SESSOIN['admin'];

  21      if ($priv == 1 && $_SESSION['admin'] != 1)
  22      die("An admin has marked this project un-editable.");
  23      
  24      
  25      if ($total == 0)
  26      die("No project exists by this id.");
  27      
  28      
  29      echo '<br />
  30      <form action="" method="POST">'
  31      . $tablehead . '
  32      <tr>
  33      <td colspan="2" class="heading">
  34      edit project
  35      </td>
  36      </tr>
  37      <tr>
  38      <td>name</td>
  39      <td><input type="text" name="name" value="' . $row['name'] . '">
  40      </td>
  41      </tr>
  42      <tr>
  43      <td>date</td>
  44      <td><input type="text" name="date" value="' . $row['date'] . '">
  45      </td>
  46      </tr>
  47      <tr>
  48      <td valign="top">description</td>
  49      <td><textarea name="des" rows="10" cols="40">' . $row['des'] . '</textarea>' . '
  50      </td>
  51      </tr>
  52      <tr>
  53      <td>category</td>
  54      <td><select name="cat">';
  55      $link1 = "SELECT * FROM category";
  56      $res1 = mysql_query($link1);
  57      $cur = $row['cat'];
  58      $x = 0;
  59      while ($row1 = mysql_fetch_row($res1))
  60      {    
  61          $cat = $row1[0];
  62          if ($cat == $cur && $x != 1)
  63          {
  64          echo '<option value="' . $cat . '" selected>' . $cat;
  65          $x = 1;        
  66          }
  67          else
  68          echo '<option value="' . $cat . '">' . $cat;
  69      }    
  70      echo '</select></td></tr>
  71      <tr><td>status</td>
  72      <td><select name="status">';
  73      
  74      $link2 = "SELECT * FROM status";
  75      $res2 = mysql_query($link2);
  76      $stat = $row['status'];
  77      $x = 0;
  78      while ($row2 = mysql_fetch_row($res2))
  79      {    
  80          $status = $row2[0];
  81          if ($stat == $status && $x != 1)
  82          {
  83          echo '<option value="' . $status . '" selected>' . $status;
  84          $x = 1;
  85          }
  86          else
  87          echo '<option value="' . $status . '">' . $status;
  88      }
  89      echo '</select><br />
  90      <tr><td>sort</td>
  91      <td><input type="text" name="sort" value="' . $row['sort'] . '"></td></tr>
  92      <tr><td>private</td>';
  93      if ($priv == 1)
  94      echo '<td><input type="checkbox" name="private" checked></td></tr>';
  95      else
  96      echo '<td><input type="checkbox" name="private"></td></tr>';
  97      echo '
  98      <tr><td>last changed</td>
  99      <td>' . $row['last_changed'] . '</td></tr>
 100      <tr><td>last user</td>
 101      <td>' . $row['last_user'] . '</td></tr>
 102      <tr>
 103      <td>Delete</td>
 104      <td><input type="checkbox" name="delete"></td>
 105      </tr>
 106      <tr>
 107      <td colspan="2">
 108      <input type="hidden" name="id" value="' . $id . '">
 109      <input type="submit" value="Update"></td></tr></form></table>';
 110      
 111  }
 112  elseif ($_SERVER['REQUEST_METHOD'] == 'POST')
 113  {
 114      $id = clean($_POST['id']);    
 115      $status = clean($_POST['status']);    
 116      $name = clean($_POST['name']);
 117      $date = $_POST['date'];
 118      $des = clean($_POST['des']);
 119      $cat = clean($_POST['cat']);
 120      @$delete = $_POST['delete'];    
 121      $sort = clean($_POST['sort']);
 122      @$priv = clean($_POST['private']);    
 123      $time = date("h:i:s A");
 124      $d = date("n/j/Y");
 125      $change = $d . " " . $time;    
 126      $n = $_SESSION['user'];
 127      
 128      $need = array($status,$name,$date,$des,$cat,$sort);
 129      foreach ($need as $val)
 130      {
 131          if (empty($val))
 132          die("You did not fill out all required fields.");
 133      }
 134      if (!is_numeric($sort))
 135      die("The sort value must be a whole number.");
 136  
 137      
 138      if ($priv == 'on')
 139      $priv = 1;
 140      else
 141      $priv = 0;
 142      
 143      //echo "priv is " . $priv; die;

 144      
 145      $set = "name='$name',`date`='$date',des='$des',cat='$cat',sort='$sort',last_changed='$change',private='$priv',last_user='$n',status='$status'";
 146      
 147      
 148      $link = "SELECT * FROM projects WHERE id='$id'";
 149      $res = mysql_query($link) or die(mysql_error());
 150      $total = mysql_num_rows($res);
 151      if ($total == 0)
 152      die("No Projects exist by this id.");
 153      
 154      if ($delete == 'on')
 155      {
 156          admin();
 157          $link = "DELETE FROM projects WHERE id='$id'";
 158          $res = mysql_query($link) or die(mysql_error());
 159          if ($res)
 160          die('<br /><br />Project Succesfully Deleted.<br />Click <a href="index.php">here</a> to go back.');
 161      }    
 162      
 163      $link = "UPDATE projects SET $set WHERE id='$id'";
 164      $res = mysql_query($link) or die(mysql_error());
 165      if ($res)
 166      die('<p>succesfully updated.<br />click <a href="projects.php">here</a> to continue.</p>');
 167  }
 168  else
 169  die('You should not be seeing this.<br />Click <a href="index.php">here</a> to go back.');
 170  ?>
 171      
 172