From 45bbf95972777e9499996d56a873c2a304815b3f Mon Sep 17 00:00:00 2001
From: msquare <msquare@notrademark.de>
Date: Tue, 27 Sep 2016 17:24:18 +0200
Subject: fix settings validation

---
 includes/model/Settings_model.php | 63 ++++++++++++++++++++-------------------
 1 file changed, 33 insertions(+), 30 deletions(-)

(limited to 'includes/model')

diff --git a/includes/model/Settings_model.php b/includes/model/Settings_model.php
index 2351e8c7..07e3b677 100644
--- a/includes/model/Settings_model.php
+++ b/includes/model/Settings_model.php
@@ -1,40 +1,43 @@
 <?php
+
 /**
- * Update Setting.
- *
- * @param string $event_name          
- * @param int $buildup_start_date
- * @param int $event_start_date
- * @param int $event_end_date
- * @param int $teardown_end_date                   
- * @param string $event_welcome_msg 
+ * Get settings.
  */
-function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
-  return sql_query("UPDATE `Settings` SET
-      `event_name`='" . sql_escape($event_name) . "', 
-      `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
-      `event_start_date`='" . sql_escape($event_start_date) . "',
-      `event_end_date`='" . sql_escape($event_end_date) . "',
-      `teardown_end_date`='" . sql_escape($teardown_end_date) . "',        
-      `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings() {
+  $settings = sql_select("SELECT * FROM `Settings` LIMIT 1");
+  if ($settings === false)
+    return false;
+  if (count($settings) > 0)
+    return $settings[0];
+  return null;
 }
+
 /**
- * Create Settings.
+ * Update Settings.
  *
  * @param string $event_name          
- * @param int $buildup_start_date
- * @param int $event_start_date
- * @param int $event_end_date
- * @param int $teardown_end_date                   
- * @param string $event_welcome_msg 
+ * @param int $buildup_start_date          
+ * @param int $event_start_date          
+ * @param int $event_end_date          
+ * @param int $teardown_end_date          
+ * @param string $event_welcome_msg          
  */
-function Settings_create($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
-  return sql_query("INSERT INTO `Settings` SET
-      `event_name`='" . sql_escape($event_name) . "', 
-      `buildup_start_date`='" . sql_escape($buildup_start_date) . "',
-      `event_start_date`='" . sql_escape($event_start_date) . "',
-      `event_end_date`='" . sql_escape($event_end_date) . "',
-      `teardown_end_date`='" . sql_escape($teardown_end_date) . "',        
-      `event_welcome_msg`='" . sql_escape($event_welcome_msg) . "'");
+function Settings_update($event_name, $buildup_start_date, $event_start_date, $event_end_date, $teardown_end_date, $event_welcome_msg) {
+  if (Settings() == null) {
+    return sql_query("INSERT INTO `Settings` SET
+      `event_name`=" . sql_null($event_name) . ",
+      `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+      `event_start_date`=" . sql_null($event_start_date) . ",
+      `event_end_date`=" . sql_null($event_end_date) . ",
+      `teardown_end_date`=" . sql_null($teardown_end_date) . ",
+      `event_welcome_msg`=" . sql_null($event_welcome_msg));
+  }
+  return sql_query("UPDATE `Settings` SET
+      `event_name`=" . sql_null($event_name) . ", 
+      `buildup_start_date`=" . sql_null($buildup_start_date) . ",
+      `event_start_date`=" . sql_null($event_start_date) . ",
+      `event_end_date`=" . sql_null($event_end_date) . ",
+      `teardown_end_date`=" . sql_null($teardown_end_date) . ",        
+      `event_welcome_msg`=" . sql_null($event_welcome_msg));
 }
 ?>
-- 
cgit v1.2.3-54-g00ecf