If anyone could help me out I would really appreciate it. I have just a snippet of the code of the event add form. It does include check.php even though it is not in the code. Here is what I have so far:
CHECK.PHP
Code: Select all
<?php
session_start();
if(isset('username')){
$_Session['username'];
// Session exists, allow the user to view the page.
} else {
// Session doesn't exist, redirect to login and exit the page.
header( "Location: login.php" );
exit();
}
?> Code: Select all
if(isset($_POST['add_event']) && $_GET['add'] == 'new') {
// Get POST vars.
$username = unserialize(base64_decode(stripslashes($_POST['$_Session['username']')));
$name = unserialize(base64_decode(stripslashes($_POST['name'])));
$desc = unserialize(base64_decode(stripslashes($_POST['desc'])));
$location = unserialize(base64_decode(stripslashes($_POST['location'])));
$date = unserialize(base64_decode(stripslashes($_POST['date'])));
$from = unserialize(base64_decode(stripslashes($_POST['from']))).unserialize(base64_decode(stripslashes($_POST['from2'])));
$until = unserialize(base64_decode(stripslashes($_POST['until']))).unserialize(base64_decode(stripslashes($_POST['until2'])));
$d_for = explode('/', $date);
$day = $d_for[0];
$month = $d_for[1];
$year = $d_for[2];
if(!$name) { echo "<div class='error_message'>You must enter an event name</div>"; exit(); }
if(!$desc) { echo "<div class='error_message'>Please enter an event description</div>"; exit(); }
if(!$location) { echo "<div class='error_message'>You must enter a location for your event</div>"; exit(); }
if(!$date) { echo "<div class='error_message'>Your event must have a date</div>"; exit(); }
$sql = "INSERT INTO calendar_event (user, event, description, location, day, month, year, time_from, time_until)
VALUES (
'".mysql_real_escape_string($username)."',
'".mysql_real_escape_string($name)."',
'".mysql_real_escape_string($desc)."',
'".mysql_real_escape_string($location)."',
'".mysql_real_escape_string($day)."',
'".mysql_real_escape_string($month)."',
'".mysql_real_escape_string($year)."',
'".mysql_real_escape_string($from)."',
'".mysql_real_escape_string($until)."'
)";