diff options
Diffstat (limited to 'update.php')
| -rw-r--r-- | update.php | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/update.php b/update.php new file mode 100644 index 0000000..e0e738a --- /dev/null +++ b/update.php @@ -0,0 +1,95 @@ +<?php +/* + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + */ +?> +<?php +/* vim: set ts=4 sw=4 et : */ + +require_once __DIR__ . "/check_auth.php"; +require_once __DIR__ . "/../includes/common.php"; + +if (!isset($_POST['table']) || !isset($_POST['n']) || !isset($_POST['v']) || !isset($_POST['id'])) { + echo "false"; + $mysqli->close(); + exit(0); +} + +$t = filter_input(INPUT_POST, 'table', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_BACKTICK); +$n = filter_input(INPUT_POST, 'n', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_BACKTICK); + +$bps = "si"; +if (isset($_POST['num']) && $_POST['num'] == 'true') + $bps = "ii"; + +if ($n === 'etfav' && $t === 'email_templates') { + if ($_POST['v'] < 1) { + $sql = "DELETE FROM email_templates_fav WHERE tid=? AND userid=?"; + $stmt = $mysqli->prepare($sql); + $stmt->bind_param("ii", $_POST['id'], $_SESSION['auth_userid']); + $stmt->execute(); + $stmt->reset(); + } else { + $sql = "INSERT INTO email_templates_fav (tid, userid) VALUES (?, ?)"; + $stmt = $mysqli->prepare($sql); + $stmt->bind_param("ii", $_POST['id'], $_SESSION['auth_userid']); + $stmt->execute(); + $stmt->reset(); + } + + echo "true"; + + $mysqli->close(); + exit(0); +} + +if ($n === 'salutation' && $t === 'Personen') { + $sql = "INSERT INTO Personen_Prefs (persid, userid, salutation) VALUES (?, ?, ?)"; + $stmt = $mysqli->prepare($sql); + $stmt->bind_param("iii", $_POST['id'], $_SESSION['auth_userid'], $_POST['v']); + $stmt->execute(); + $stmt->reset(); + + $sql = "UPDATE Personen_Prefs SET salutation=? WHERE persid=? AND userid=?"; + $stmt = $mysqli->prepare($sql); + $stmt->bind_param("iii", $_POST['v'], $_POST['id'], $_SESSION['auth_userid']); + $stmt->execute(); + $stmt->reset(); + + echo "true"; + + $mysqli->close(); + exit(0); +} + +$sql = "UPDATE `" . $t . "` SET `" . $n . "`=? WHERE ID=? LIMIT 1;"; +if (isset($_POST['idcell']) && $_POST['idcell'] != 'false') { + $idcell = filter_input(INPUT_POST, 'idcell', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_BACKTICK); + $sql = "UPDATE `" . $t . "` SET `" . $n . "`=? WHERE `" . $idcell . "`=? LIMIT 1;"; + $bps = 'ss'; + if (isset($_POST['num']) && $_POST['num'] == 'true') + $bps = 'is'; +} +$stmt = $mysqli->prepare($sql); +#echo $sql . "|" . $bps . "|" . $_POST['v'] . "|" . $_POST['id'] . "@"; + +$stmt->bind_param($bps, $_POST['v'], $_POST['id']); +$stmt->execute(); + +preg_match_all('!\d+!', $mysqli->info, $m); +if ($m[0][0] == 1 || $m[0][1] == 1 || $stmt->affected_rows == 1) + echo "true"; +else + echo "false"; + +$stmt->reset(); +$mysqli->close(); +exit(0); |