include("dbconnect.php");
$locsection_id = 1;
$loccategory_id = 0;
$locphoto_id = 0;
$loctitle = '';
$locdate_text = '';
$loclocation = '';
$locprice_desc = '';
$locabstract = '';
$locfilename = '';
$locorder_num = 50;
if (isset($_GET["category_id"])) {
// set category_id from url
$loccategory_id = $_GET['category_id'];
// are we editing an existing category?
if (isset($_GET["photo_id"])) {
$locphoto_id = $_GET['photo_id'];
}
$qry_section_text = "SELECT section_id FROM tbl_categories WHERE category_id = " .$loccategory_id;
$qry_section = mysql_query($qry_section_text);
While ($row = mysql_fetch_array($qry_section)) {
$locsection_id = $row['section_id'];
}
//file delete
if (isset($_GET["delete"])) {
//get the filename
$qry_filename_text = "SELECT filename FROM tbl_photos WHERE photo_id = " .$locphoto_id;
$qry_filename = mysql_query($qry_filename_text);
if (!$qry_filename) {
die('Invalid query: ' . mysql_error());
}
While ($row = mysql_fetch_array($qry_filename)) {
$filename = $row['filename'];
}
//delete the file
$file = 'photos/'.$filename;
unlink($file);
//clear the filename from the database
$delete_file_text = "UPDATE tbl_photos SET filename = '' WHERE photo_id = ". $locphoto_id;
$delete_file = mysql_query($delete_file_text);
if (!$delete_file) {
die('Invalid query: ' . mysql_error());
}
//redirect to the upload page
header( 'Location:edit_photo.php?photo_id='. $locphoto_id .'&category_id=' . $loccategory_id .'&return=' .$_GET["return"] ) ;
}
//end file delete
}
else if (isset($_POST["category_id"])) {
// set category_id from form variable
$locphoto_id = $_POST['photo_id'];
$loccategory_id = $_POST['category_id'];
//file upload management
if(isset($_FILES['file'])) {
if (($_FILES["file"]["type"] == "image/gif")|| ($_FILES["file"]["type"] == "image/pjpeg")|| ($_FILES["file"]["type"] == "image/jpeg")) {
if ($_FILES["file"]["error"] > 0){
echo "Error: " . $_FILES["file"]["error"] . "
";
}
else{
//echo "Upload: " . $_FILES["file"]["name"] . "
";
//echo "Type: " . $_FILES["file"]["type"] . "
";
//echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb
";
//echo "Stored in: " . $_FILES["file"]["tmp_name"];
$locfilename = $_FILES["file"]["name"];
if (file_exists("photos/" . $_FILES["file"]["name"])){
$locfilename = '';
echo $_FILES["file"]["name"] . " already exists. ";
}
else{
// do another check here to see if there is a record in the database with a matching filename
$qry_filename_text = "SELECT count(*) as filecount FROM tbl_photos WHERE filename = '" .$_FILES["file"]["name"]."'";
$qry_filename = mysql_query($qry_filename_text);
if (!$qry_filename) {
die('Invalid query: ' . mysql_error());
}
While ($row = mysql_fetch_array($qry_filename)) {
$filecount = $row['filecount'];
}
if ($filecount != 0){
$locfilename = '';
echo $_FILES["file"]["name"] . " already exists. ";
}
move_uploaded_file($_FILES["file"]["tmp_name"],"photos/" . $_FILES["file"]["name"]);
//echo "Stored in: " . "photos/" . $_FILES["file"]["name"];
}
}
}
else{
echo "Invalid file of type ". $_FILES["file"]["type"];
}
}
//end file upload
if ($locphoto_id != 0) {
//update the photo
if(trim($locfilename) !==''){
$update_photo_text = "UPDATE tbl_photos SET title = '". $_POST['title'] ."',
date_text = '". $_POST['date_text'] ."',
location = '". $_POST['location'] ."',
price_desc = '". $_POST['price_desc'] ."',
abstract = '". $_POST['abstract'] ."',
filename = '". $locfilename ."',
category_id = '". $_POST['category_id'] ."',
order_num = '". $_POST['order_num'] ."'
WHERE photo_id = " .$locphoto_id;
}
else {
$update_photo_text = "UPDATE tbl_photos SET title = '". $_POST['title'] ."',
date_text = '". $_POST['date_text'] ."',
location = '". $_POST['location'] ."',
price_desc = '". $_POST['price_desc'] ."',
abstract = '". $_POST['abstract'] ."',
category_id = '". $_POST['category_id'] ."',
order_num = '". $_POST['order_num'] ."'
WHERE photo_id = " .$locphoto_id;
}
$update_photo = mysql_query($update_photo_text);
if (!$update_photo) {
die('Invalid query: ' . mysql_error());
}
}
else {
// inset the photo
$insert_photo_text = "INSERT tbl_photos (title,date_text,location,price_desc,abstract,category_id,filename,order_num)
VALUES ('". $_POST['title'] ."',
'". $_POST['date_text'] ."',
'". $_POST['location'] ."',
'". $_POST['price_desc'] ."',
'". $_POST['abstract'] ."',
'". $_POST['category_id'] ."',
'". $locfilename ."',
'". $_POST['order_num'] ."')";
$insert_photo = mysql_query($insert_photo_text);
if (!$insert_photo) {
die('Invalid query: ' . mysql_error());
}
}
if (isset($_POST["return"])) {
header( 'Location: '.$_POST["return"] ) ;
}
}
//get photo details
$qry_photo_text = "SELECT title, date_text, location, price_desc, abstract, filename, order_num FROM tbl_photos WHERE photo_id = " .$locphoto_id;
$qry_photo = mysql_query($qry_photo_text);
if (!$qry_photo) {
die('Invalid query: ' . mysql_error());
}
While ($row = mysql_fetch_array($qry_photo)) {
$loctitle = $row['title'];
$locdate_text = $row['date_text'];
$loclocation = $row['location'];
$locprice_desc = $row['price_desc'];
$locabstract = $row['abstract'];
$locfilename = $row['filename'];
$locorder_num = $row['order_num'];
}
//check to see if you're logged in
if (isset($_COOKIE["user"]))
//set the cookie to continue for another hour
setcookie("user", "Eileen", time()+3600);
else
//redirect to the login page
//header( 'Location: login.php?return=edit_photo.php?photo_id=' .$locphoto_id .'&category_id=' .$loccategory_id ) ;
?>