po/src/profile.edit.2.php

121 lines
4.2 KiB
PHP

<?php
// Copyright (C) 2002-2006 Balint Kis (balint@k-i-s.net)
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
include_once "include/config.php";
include_once "include/profile.php";
include_once "include/site.php";
include_once "include/calendar.php";
/* type = flash, filter, scanner, support [lens film camera won't work] */
function profile_update_item($database, $identifier, $user_id, $type,
$sku, $manufacturer_id,
$model, $url, $serial,
$date_of_purchase, $purchased_new,
$access_rights)
{
global $po_user;
global $strings;
$user_id = pg_escape_string($database, $user_id);
$type = pg_escape_string($database, $type);
$identifier = pg_escape_string($database, $identifier);
$model = pg_escape_string($database, $model);
$url = pg_escape_string($database, $url);
$serial = pg_escape_string($database, $serial);
$date_of_purchase = check_date_validity($date_of_purchase);
$purcahsed_new = pg_escape_string($database, $purchased_new);
$access_rights = pg_escape_string($database, $access_rights);
$sku_to_remove = FALSE;
/* Ensure the user owns it !*/
if ($po_user['type'] != PO_USER_TYPE_ADMIN) {
$result = pg_fetch_row(pg_query($database, "select count(identifier) from equipment where identifier=$identifier and users=$user_id"));
if ($result[0] == 0) {
return FALSE;
}
}
pg_query($database, "begin");
if ($sku=='custom') {
/* type has changed */
$sku_to_remove = pg_fetch_row(pg_query($database, "select sku from equipment where identifier='$identifier'"));
$number_of_same_type = pg_fetch_row(pg_query($database, "select count(identifier) from equipment where sku = $sku_to_remove[0]"));
if ($number_of_same_type[0] != 1) {
$sku_to_remove = FALSE;
}
/* create new type */
$new_sku = pg_fetch_row(pg_query($database, "select nextval('equipment_sku_id_seq')"));
$sku = $new_sku[0];
$result = pg_query($database, "insert into equipment_sku (identifier, manufacturer, model, url, type)
values ($sku, $manufacturer_id, '$model', '$url', $type)");
if (!$result) {
pg_query($database, "rollback");
site_push_error($strings['errors_db_insert_failed']);
return FALSE;
}
}
/* add item */
$result = pg_query($database, "update equipment set sku=$sku, serial='$serial', purchase_date=$date_of_purchase, purchased_new='$purchased_new', access_rights='$access_rights' where identifier='$identifier'");
if (!$result) {
pg_query($database, "rollback");
site_push_error($strings['errors_db_insert_failed']);
return FALSE;
}
/* remove old type */
if ($sku_to_remove) {
$result = pg_query($database, "delete from equipment_sku where identifier='$sku_to_remove[0]'");
if (!$result) {
pg_query($database, "rollback");
site_push_error($strings['errors_db_insert_failed']);
return FALSE;
}
}
pg_query($database, "commit");
return TRUE;
}
$database = site_prolog(PO_USER_TYPE_USER);
$type = $_REQUEST['type'];
profile_update_item($database, $_REQUEST['item_id'],
$po_user['id'], $type,
$_REQUEST['sku'],
$_REQUEST['manufacturer_id'],
$_REQUEST['model'],
$_REQUEST['url'],
$_REQUEST['serial'],
$_REQUEST['purchase_timestamp'],
$_REQUEST['purchased_new'],
$_REQUEST['access_rights']);
site_epilog($database);
header("Location: my.profile.php?selector=".$profile_data[$equipment_types[$type]]['idx']);
?>