-
Notifications
You must be signed in to change notification settings - Fork 0
/
system-maintainSave.php
93 lines (75 loc) · 3.12 KB
/
system-maintainSave.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
<?php
//Function to sanitize values received from the form. Prevents SQL injection
function clean($str) {
$str = @trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
if (isset($_POST['saveHotSpot']) && $_POST['saveHotSpot'] == "true") {
$hotspotid = $_POST['hotspotID'];
$text = $_POST['elm1'];
$hotspotname = $_POST['hotspotDescription'];
//DOCUMENT MANAGEMENT
$filename = $_POST['hotspotFile'];
$desc = "Hotspot (" . $hotspotname . ")" ;
$qry = "SELECT documentid FROM documents WHERE filename = '$filename'";
$result=mysql_query($qry);
$documentid = 0;
$documentversionid = 0;
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($result);
$documentid = $member['documentid'];
}
}
if ($documentid == 0) {
//Create INSERT query
$qry = "INSERT INTO documents (description, documentversionid, filename, createdby, createddate) VALUES ('$desc', 1, '$filename', '" . $_SESSION['SESS_MEMBER_ID'] . "', CURDATE())";
$result = mysql_query($qry);
$documentid = mysql_insert_id();
//Create INSERT query
$qry = "INSERT INTO documentversions (documentid, versionid, remark, image, createdby, createddate, status) VALUES ($documentid, 1, 'Initial version', '" . clean($text) . "', '" . $_SESSION['SESS_MEMBER_ID'] . "', CURDATE(), 'P')";
$result = mysql_query($qry);
$documentversionid = mysql_insert_id();
} else {
$createdby = $_SESSION['SESS_MEMBER_ID'];
/* Look for current pending versions. */
$qry = "SELECT B.image FROM documents A " .
"INNER JOIN documentversions B " .
"ON B.documentid = A.documentid " .
"WHERE A.documentid=$documentid " .
"AND B.status = 'P' " .
"AND B.createdby = '$createdby'";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
//Login Successful
$member = mysql_fetch_assoc($result);
$qry = "UPDATE documentversions SET image = '" . clean($text) . "', remark = 'Amended on ' + CURDATE() WHERE documentid = $documentid";
$result=mysql_query($qry);
} else {
$qry = "SELECT MAX(versionid) AS versionid FROM documentversions WHERE documentid = $documentid";
$result=mysql_query($qry);
//Check whether the query was successful or not
if($result) {
if(mysql_num_rows($result) == 1) {
$member = mysql_fetch_assoc($result);
$documentversionid = $member['versionid'] + 1;
}
}
//Create INSERT query
$qry = "INSERT INTO documentversions (documentid, versionid, remark, image, createdby, createddate, status) VALUES ($documentid, $documentversionid, 'Hotspot change', '" . clean($text) . "', '" . $_SESSION['SESS_MEMBER_ID'] . "', CURDATE(), 'P')";
$result = mysql_query($qry);
$documentversionid = mysql_insert_id();
}
}
}
//Create INSERT query
$qry = "INSERT INTO hotspots (hotspotid, documentid) VALUES ($hotspotid, $documentid)";
$result = @mysql_query($qry);
}
?>