-
Notifications
You must be signed in to change notification settings - Fork 1
/
changehomepage.php
88 lines (75 loc) · 2.44 KB
/
changehomepage.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
<?php
require_once('application.inc.php');
if (!authorized()) { exit; }
if (!isset($_POST['cancel']) || !setVar($cancel, $_POST['cancel'], 'cancel')) { unset($cancel); }
if (!isset($_POST['save']) || !setVar($save, $_POST['save'], 'save')) { unset($save); }
if (!isset($_POST['sponsor_url']) || !setVar($sponsor_url, $_POST['sponsor_url'], 'sponsor_url')) { unset($sponsor_url); }
if (isset($cancel)) {
redirect2URL('update.php');
exit;
}
// read sponsor name from DB
$result = DBQuery("
SELECT
name
FROM
" . SCHEMANAME . "vtcal_sponsor
WHERE
calendarid='" . sqlescape($_SESSION['CALENDAR_ID']) . "'
AND
id='" . sqlescape($_SESSION['AUTH_SPONSORID']) . "'
");
$sponsor = $result->fetchRow(DB_FETCHMODE_ASSOC, 0);
if (isset($save)) {
$sponsor['url'] = $sponsor_url;
if (checkURL($sponsor['url'])) { // url is valid
// save url to DB
$result = DBQuery("
UPDATE
" . SCHEMANAME . "vtcal_sponsor
SET
url='" . sqlescape($sponsor_url) . "'
WHERE
calendarid='" . sqlescape($_SESSION['CALENDAR_ID']) . "'
AND
id='" . sqlescape($_SESSION['AUTH_SPONSORID']) . "'
");
// reroute to sponsormenu page
redirect2URL('update.php?fbid=urlchangesuccess&fbparam=' . urlencode(stripslashes($sponsor_url)));
exit;
}
}
else { // read the sponsor's url from the DB
$result = DBQuery("
SELECT
*
FROM
" . SCHEMANAME . "vtcal_sponsor
WHERE
calendarid='" . sqlescape($_SESSION['CALENDAR_ID']) . "'
AND
id='" . sqlescape($_SESSION['AUTH_SPONSORID']) . "'
");
$sponsor = $result->fetchRow(DB_FETCHMODE_ASSOC, 0);
}
pageheader(lang('change_homepage', false), 'Update');
contentsection_begin(lang('change_homepage'));
?>
<form action="changehomepage.php" method="post">
<p><label for="sponsor_url"><strong><?php echo lang('change_homepage_label'); ?></strong></label><br />
<i><?php echo lang('change_homepage_example'); ?></i></p>
<?php
if (!empty($sponsor['url']) && !checkURL($sponsor['url'])) {
feedbackblock(lang('url_invalid'), FEEDBACKNEG);
}
?>
<p><input type="text" id="sponsor_url" name="sponsor_url" value="<?php echo htmlspecialchars($sponsor['url'], ENT_COMPAT, 'UTF-8'); ?>" size="60" maxlength="<?php echo MAXLENGTH_URL; ?>" /></p>
<p><input type="submit" name="save" value="<?php echo htmlspecialchars(lang('ok_button_text', false), ENT_COMPAT, 'UTF-8'); ?>" />
<input type="submit" name="cancel" value="<?php echo htmlspecialchars(lang('cancel_button_text', false), ENT_COMPAT, 'UTF-8'); ?>" /></p>
</form>
<?php
contentsection_end();
pagefooter();
DBclose();
?>