File: category_handler.php

package info (click to toggle)
webcalendar 0.9.45-4sarge7
  • links: PTS
  • area: main
  • in suites: sarge
  • size: 2,888 kB
  • ctags: 4,775
  • sloc: php: 16,990; sql: 1,272; perl: 777; sh: 120; makefile: 45
file content (92 lines) | stat: -rw-r--r-- 2,756 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
<?php
include_once 'includes/init.php';

// does the category belong to the user?
$is_my_event = false;
if ( empty ( $id ) ) {
  $is_my_event = true; // new event
} else {
  $res = dbi_query ( "SELECT cat_id, cat_owner FROM webcal_categories " .
    "WHERE cat_id = $id" );
  if ( $res ) {
    $row = dbi_fetch_row ( $res );
    if ( $row[0] == $id && $row[1] == $login )
      $is_my_event = true;
    else if ( $row[0] == $id && empty ( $row[1] ) && $is_admin )
      $is_my_event = true; // global category
    dbi_free_result ( $res );
  } else {
    $error = translate("Database error") . ": " . dbi_error ();
  }
}

if ( ! $is_my_event )
  $error = translate ( "You are not authorized" ) . ".";


if ( empty ( $error ) &&
  ( $action == "Delete" || $action == translate ("Delete") ) ) {
  // delete this category
  if ( $is_admin ) {
    if ( ! dbi_query ( "DELETE FROM webcal_categories " .
      "WHERE cat_id = $id AND " .
      "( cat_owner = '$login' OR cat_owner IS NULL )" ) )
      $error = translate ("Database error") . ": " . dbi_error();
  } else {
    if ( ! dbi_query ( "DELETE FROM webcal_categories " .
      "WHERE cat_id = $id AND cat_owner = '$login'" ) )
      $error = translate ("Database error") . ": " . dbi_error();
  }
      
  // Set any events in this category to NULL
  if ( ! dbi_query ( "UPDATE webcal_entry_user SET cal_category = NULL " .
    "WHERE cal_category = $id" ) )
    $error = translate ("Database error") . ": " . dbi_error();
} else if ( empty ( $error ) ) {
  if ( ! empty ( $id ) ) {
    # update (don't let them change global status)
    $sql = "UPDATE webcal_categories SET cat_name = '$catname' " .
      "WHERE cat_id = $id";
    if ( ! dbi_query ( $sql ) ) {
      $error = translate ("Database error") . ": " . dbi_error();
    }
  } else {
    // add new category
    // get new id
    $res = dbi_query ( "SELECT MAX(cat_id) FROM webcal_categories" );
    if ( $res ) {
      $row = dbi_fetch_row ( $res );
      $id = $row[0] + 1;
      dbi_free_result ( $res );
      if ( $is_admin ) {
        if ( $isglobal == "Y" )
          $catowner = "NULL";
        else
          $catowner = "'$login'";
      } else
        $catowner = "'$login'";
      $sql = "INSERT INTO webcal_categories " .
        "( cat_id, cat_owner, cat_name ) " .
        "VALUES ( $id, $catowner, '$catname' )";
      if ( ! dbi_query ( $sql ) ) {
        $error = translate ("Database error") . ": " . dbi_error();
      }
    } else {
      $error = translate ("Database error") . ": " . dbi_error();
    }
  }
}
if ( empty ( $error ) )
  do_redirect ( "category.php" );

print_header();
?>
<h2><?php etranslate("Error")?></h2>

<blockquote>
<?php echo $error; ?>
</blockquote>

<?php print_trailer(); ?>
</body>
</html>