- Update the fair info editor

fair_info.php

@@ -29,31 +29,39 @@ require_once('fair.inc.php');
 
  $fair_type = array('feeder' => 'Feeder Fair', 'sfiab' => 'SFIAB Upstream', 'ysc' => 'YSC/CWSF Upstream');
 
- if($_SESSION['embed'] == true) {
-//	user_auth_required('committee','admin');
- 	$u = user_load($_SESSION['embed_edit_id']);
- } else {
-	user_auth_required('fair');
-	$u = user_load($_SESSION['users_id']);
- }
+/* Sort out who we're editting */
+if($_POST['users_id']) 
+	$eid = intval($_POST['users_id']); /* From a save form */
+else if(array_key_exists('embed_edit_id', $_SESSION))
+	$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
+else 
+	$eid = $_SESSION['users_id'];	/* Regular entry */
+
+if($eid != $_SESSION['users_id']) {
+	/* Not editing ourself, we had better be
+	 * a committee member */
+	user_auth_required('committee','admin');
+}
+
+$u = user_load($eid);
 
 switch($_GET['action']) {
 case 'save':
-	$id = intval($_POST['id']);
-	if(trim($id) == '') {
+	$fairs_id = intval($u['fairs_id']);
+	if($fairs_id == 0) {
 		$q = mysql_query("INSERT INTO fairs(`id`,`name`) VALUES('','new entry')");
 		$id = mysql_insert_id();
 	} else {
-		$id = intval($id);
+		$id = intval($fairs_id);
 	}
 
-	$name = mysql_escape_string(stripslashes($_POST['name']));
-	$abbrv = mysql_escape_string(stripslashes($_POST['abbrv']));
-	$url = mysql_escape_string($_POST['url']);
-	$website = mysql_escape_string($_POST['website']);
+	$name = mysql_real_escape_string(stripslashes($_POST['name']));
+	$abbrv = mysql_real_escape_string(stripslashes($_POST['abbrv']));
+	$url = mysql_real_escape_string($_POST['url']);
+	$website = mysql_real_escape_string($_POST['website']);
 	$type = array_key_exists($_POST['type'], $fair_type) ? $_POST['type'] : '';
-	$username = mysql_escape_string(stripslashes($_POST['username']));
-	$password = mysql_escape_string(stripslashes($_POST['password']));
+	$username = mysql_real_escape_string(stripslashes($_POST['username']));
+	$password = mysql_real_escape_string(stripslashes($_POST['password']));
 	$enable_stats = ($_POST['enable_stats'] == 'yes') ? 'yes' : 'no';
 	$enable_awards = ($_POST['enable_awards'] == 'yes') ? 'yes' : 'no';
 	$enable_winners = ($_POST['enable_winners'] == 'yes') ? 'yes' : 'no';
@@ -109,12 +117,11 @@ if($_SESSION['embed'] == true) {
 		);
 }
 
-$s = ($_SESSION['embed'] == true) ? $_SESSION['embed_submit_url'].'&' : 'fair_info.php?';
 ?>
 <script type="text/javascript">
-function fairinfo_save(id)
+function fairinfo_save()
 {
-	$("#debug").load("<?=$s?>sub=1&action=save", $("#fairinfo_form").serializeArray());
+	$("#debug").load("<?=$config['SFIABDIRECTORY']?>/fair_info.php?action=save", $("#fairinfo_form").serializeArray());
         return false;
 }
 </script>
@@ -129,8 +136,7 @@ function fairinfo_save(id)
  }
 
  echo "<form name=\"fairinfo\" id=\"fairinfo_form\" >\n";
- echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
- echo "<input type=\"hidden\" name=\"id\" value=\"{$f['id']}\" />\n";
+ echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\" />\n";
  echo "<table class=\"tableedit\">\n";
  echo '<tr><td class="left">'.i18n('Fair Type').':</td><td class="right">';
  echo "<select name=\"type\" id=\"type\" >";
@@ -188,7 +194,7 @@ function fairinfo_save(id)
  their own SFIAB to upload data to this SFIAB.'); echo '</div>';
 
  echo "<br />";
-echo "<input type=\"submit\" onclick=\"fairinfo_save({$f['id']});return false;\" value=\"".i18n("Save Fair Information")."\" />\n";
+echo "<input type=\"submit\" onclick=\"fairinfo_save();return false;\" value=\"".i18n("Save Fair Information")."\" />\n";
 echo "</form>";
 
  echo "<br />";

user_personal.php

@@ -169,6 +169,7 @@ case 'save':
  //send the header
  if($_SESSION['embed'] == true) {
  	echo "<br/>";
+	display_messages();
  	echo "<h3>".i18n("Personal Information")."</h3>";
  	echo "<br/>";
  } else {