/
classi_save.php
120 lines (107 loc) · 3.2 KB
/
classi_save.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
<?php
$debug=0;
require_once("include/config.php");
$classID=$_POST[id]*1;
if($debug){
xmp($_POST);
xmp($_FILES);
}
function arrayValuesAreNotNumeric($arr){
foreach($arr as $v)if(!is_numeric($v))return true;
return false;
}
function redirectToDetailPage(){
header("location: classi.php?id=".$_POST[id]);exit;
}
function extractNumberFromString($q){
return preg_replace('/\D/', '', $q);
}
if(
(isset($_POST[skills])&&!is_array($_POST[skills]))
||
(isset($_POST[classTypes])&&!is_array($_POST[classTypes]))
||
(isset($_POST[languages])&&!is_array($_POST[languages]))
){
redirectToDetailPage();
}
if(arrayValuesAreNotNumeric($_POST[skills])||arrayValuesAreNotNumeric(array_keys($_POST[languages]))){
redirectToDetailPage();
}
$canIedit=$_SESSION[user_type]=="admin"||$_POST[what]=="crea";
if(!$canIedit){
redirectToDetailPage();
}
$query="SELECT * FROM srd35_class WHERE id=".$classID;
$result=mysql_query($query);
while($row=mysql_fetch_assoc($result)){
$autore=$row[autore];
$canIedit=$canIedit||$_SESSION[user_id]==$autore;
}
if(!$canIedit){
redirectToDetailPage();
}
switch($_POST[what]){
case"modifica":
//languages
$query="DELETE FROM srd35_class_lang WHERE fk_classe = ".$classID;
$result=mysql_query($query);
$values=array();
foreach($_POST[languages] as $lang_id=>$availability){
switch($availability){
case"A":
case"B":
$values[]="(".$classID.",".$lang_id.",'".$availability."')";
break;
}
}
if(count($values)){
$query="INSERT INTO srd35_class_lang (fk_classe,fk_lang,lang_availability) VALUES ".implode(",",$values);
$result=mysql_query($query);
}
// class skills
$query="DELETE FROM srd35_class_skill WHERE fk_classe = ".$classID;
$result=mysql_query($query);
$values=array();
foreach($_POST[skills] as $v)$values[]="(".$classID.",".$v.")";
if(count($values)){
$query="INSERT INTO srd35_class_skill (fk_classe,fk_abilita) VALUES ".implode(",",$values);
$result=mysql_query($query);
}
// levels
$query="DELETE FROM srd35_class_level WHERE fk_classe = ".$classID;
$result=mysql_query($query);
$values=array();
foreach($_POST[levels] as $level=>$v)$values[]="(".implode(",",array(
$classID,
"'".mysql_real_escape_string($level)."'",
"'".mysql_real_escape_string($v[bab])."'",
"'".mysql_real_escape_string($v["for"])."'",
"'".mysql_real_escape_string($v[ref])."'",
"'".mysql_real_escape_string($v[wil])."'",
"'".mysql_real_escape_string($v[hd])."'",
"'".mysql_real_escape_string($v[sp])."'",
"'".mysql_real_escape_string($v[special])."'",
)).")";
if(count($values)){
$query="INSERT INTO srd35_class_level (fk_classe,level,base_attack_bonus,fort_save,ref_save,will_save,dv,pa,special) VALUES ".implode(",",$values);
$result=mysql_query($query);
}
// types
if(in_array("martial",$_POST[classTypes])){
$psion=0;
$divine=0;
$arcane=0;
}else{
$psion=in_array("psionic",$_POST[classTypes])?1:0;
$divine=in_array("divine",$_POST[classTypes])?1:0;
$arcane=in_array("arcane",$_POST[classTypes])?1:0;
}
$query="UPDATE srd35_class SET psion=".$psion.",divine=".$divine.",arcane=".$arcane.", WHERE id=".$classID;
$result=mysql_query($query);
break;
}
if(!$debug){
redirectToDetailPage();
}
?>