On the admin page of a company’s website, the user is unable to edit the subscribers info (namely the subscription date). The form used to update the information on the website calls index.php, which will execute the following code block:
case 'subscriber-update':
// check if form validates
$_FORMSUBSCRIBER = new formSubscriber();
if ($_FORMSUBSCRIBER->submitted() && $_FORMSUBSCRIBER->validate($_POST)) {
// update database
$_SUBSCRIBER = new subscriber();
[COLOR="#FF0000"]$_SUBSCRIBER->update($_FORMSUBSCRIBER->prepareData($_POST),array("verifySubmit","reset"));[/COLOR]
header("Location: /az/admin/subscriber-list/".$_POST['companyid']);
exit;
}
$content = array('subscriber_update.php');
break;
I then found the code for the update() and prepareData() functions.
Update():
public function update($data, $exceptions = array())
{
if ($this->hasRequiredPermissions()) {
if ($this->hasValidKeyData($data)) {
$this->db->dbUpdate($this->dbtable, $data, $exceptions, "WHERE $this->dbtableKey = '" . $data[$this->dbtableKey] . "'");
}
else {
$data[$this->dbtableKey] = $this->db->dbAdd($this->dbtable, $data, $exceptions);
}
return $data[$this->dbtableKey];
}
else {
exit(_PERMISSION_OP_FAIL);
}
}
And prepareData():
public function prepareData($data, $ignore = array("submit", "image"))
{
$tmp = array();
foreach ($data as $key => $value) {
// get definition for this data element
if (array_key_exists($key, $this->definition)) {
$def = $this->definition[$key];
// handle special types
if (array_key_exists("type", $def)) {
// ignore these
if (in_array($def["type"], $ignore)) {
continue;
}
// different strokes for different blokes
switch ($def["type"]) {
// datetime
case "datetime" :
// if hour == 12 make hour 0 to give standard time
if ($data[$key][3] == 12) {
$data[$key][3] = 0;
}
// add time period (pm = +12)
$data[$key][3] += $data[$key][5];
// format date and return
$data[$key] = $data[$key][2] . "-" . $data[$key][1] . "-" . $data[$key][0] . " " . $data[$key][3] + ":" . $data[$key][4] . ":00";
break;
// datetime
case "date" :
// format date and return
$data[$key] = $data[$key][2] . "-" . $data[$key][1] . "-" . $data[$key][0];
break;
// time
case "time" :
// if hour == 12 make hour 0 to give standard time
if ($data[$key][0] == 12) {
$data[$key][0] = 0;
}
// add time period (pm = +12)
$data[$key][0] += $data[$key][2];
// format date and return
$data[$key] = str_pad($data[$key][0], 2, "0", STR_PAD_LEFT) . ":" . $data[$key][1] . ":00";
break;
}
}
$tmp[$key] = $data[$key];
}
else {
$tmp[$key] = $data[$key];
}
}
return $tmp;
}
Can anyone see a problem with these two functions?