<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
//Create new profile data if not existing
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_userdetail (" . "detail_pid, detail_title, detail_firstname, detail_lastname, " . "detail_company, detail_street, detail_add, detail_city, " . "detail_zip, detail_region, detail_country, detail_fon, detail_fax, " . "detail_mobile, detail_signature, detail_prof, detail_notes, " . "detail_public, detail_newsletter) VALUES (" . $_SESSION["wcs_user_id"] . ", '" . getpostvar($_POST["form_title"]) . "', '" . getpostvar($_POST["form_firstname"]) . "', '" . getpostvar($_POST["form_lastname"]) . "', '" . getpostvar($_POST["form_company"]) . "', '" . getpostvar($_POST["form_street"]) . "', '" . getpostvar($_POST["form_add"]) . "', '" . getpostvar($_POST["form_city"]) . "', '" . getpostvar($_POST["form_zip"]) . "', '" . getpostvar($_POST["form_region"]) . "', '" . getpostvar($_POST["form_country"]) . "', '" . getpostvar($_POST["form_fon"]) . "', '" . getpostvar($_POST["form_fax"]) . "', '" . getpostvar($_POST["form_mobile"]) . "', '" . getpostvar(mb_substr($_POST["form_signature"], 0, 250)) . "', '" . getpostvar($_POST["form_prof"]) . "', '" . getpostvar(mb_substr($_POST["form_notes"], 0, 3000)) . "', " . check_checkbox($_POST["form_public"]) . ", " . check_checkbox($_POST["form_newsletter"]) . ")";
if (mysql_query($sql, $db)) {
$detail_updated = $BL['be_profile_create_success'];
} else {
$detail_updated = $BL['be_profile_create_error'];
}
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if (empty($_SESSION['REFERER_URL'])) {
die('Goood bye.');
} else {
$ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL'];
}
if ($_SESSION["wcs_user_admin"] == 1) {
//Wenn Benutzer Admin-Rechte hat
if (intval($_POST["scat_new"]) === 1 && intval($_POST["scat_id"]) === 0) {
if (trim($_POST["scat_name"])) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_schedulecat (" . "scat_name, scat_info, scat_aktiv, scat_uid) " . "VALUES ('" . getpostvar($_POST["scat_name"]) . "','" . getpostvar($_POST["scat_info"]) . "'," . intval($_POST["scat_aktiv"]) . "," . $_SESSION["wcs_user_id"] . ");";
if ($result = mysql_query($sql, $db) or die("error")) {
$ref .= "&cat=" . mysql_insert_id($db);
}
}
}
if (!empty($_POST["scat_new"]) && intval($_POST["scat_id"])) {
if (trim($_POST["scat_name"])) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_schedulecat SET " . "scat_name='" . getpostvar($_POST["scat_name"]) . "', " . "scat_info='" . getpostvar($_POST["scat_info"]) . "', " . "scat_aktiv=" . intval($_POST["scat_aktiv"]) . ", " . "scat_uid=" . $_SESSION["wcs_user_id"] . " WHERE scat_id=" . intval($_POST["scat_id"]) . ";";
mysql_query($sql, $db) or die("error");
}
}
}
headerRedirect($ref);
}
//check if cache = Off
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_articlecat (acat_name, acat_info, acat_aktiv, acat_ssl, acat_regonly, " . "acat_struct, acat_template, acat_sort, acat_uid, acat_alias, acat_hidden, acat_topcount, " . "acat_redirect, acat_order, acat_cache, acat_nosearch, acat_nositemap, acat_permit, acat_maxlist, " . "acat_cntpart, acat_pagetitle, acat_paginate, acat_overwrite, acat_archive, acat_class, acat_keywords, " . "acat_cpdefault, acat_lang, acat_lang_type, acat_lang_id, acat_disable301, acat_opengraph, acat_canonical, acat_breadcrumb) VALUES ('" . getpostvar($_POST["acat_name"]) . "','" . getpostvar($_POST["acat_info"], 32000) . "'," . (isset($_POST["acat_aktiv"]) ? 1 : 0) . "," . (isset($_POST["acat_ssl"]) ? 1 : 0) . "," . (isset($_POST["acat_regonly"]) ? 1 : 0) . "," . intval($_POST["acat_struct"]) . "," . intval($_POST["acat_template"]) . "," . $acat_sort_fallback . "," . $_SESSION["wcs_user_id"] . ",'" . proof_alias($_POST["acat_id"], $_POST["acat_alias"]) . "'," . $acat_hidden . ", " . intval($_POST["acat_topcount"]) . ",'" . getpostvar($_POST["acat_redirect"]) . "', " . set_correct_ordersort() . ",'" . $cache_timeout . "', '" . (isset($_POST['acat_nosearch']) ? 1 : '') . "'," . (isset($_POST["acat_nositemap"]) ? 1 : 0) . "," . "'" . $acat_permit . "', " . intval($_POST["acat_maxlist"]) . ", " . _dbEscape($acat_cntpart) . ",'" . getpostvar($_POST["acat_pagetitle"]) . "', " . (isset($_POST["acat_paginate"]) ? 1 : 0) . ", '" . getpostvar($_POST["acat_overwrite"]) . "'," . (empty($_POST["acat_archive"]) ? 0 : 1) . ", " . _dbEscape($acat_class) . ", " . _dbEscape($acat_keywords) . ", " . intval($_POST["acat_cpdefault"]) . "," . _dbEscape($acat_lang) . ',' . _dbEscape($acat_lang_type) . ',' . _dbEscape($acat_lang_id) . ',' . (empty($_POST["acat_disable301"]) ? '0' : '1') . ',' . (empty($_POST["acat_opengraph"]) ? 0 : 1) . ', ' . _dbEscape(clean_slweg($_POST["acat_canonical"], 2000)) . ',' . $acat_breadcrumb . ')';
if ($result = mysql_query($sql, $db) or die("MySQL Error: " . mysql_error())) {
$ref .= "&cat=" . mysql_insert_id($db);
}
}
}
if (isset($_POST["acat_new"]) && isset($_POST["acat_id"]) && intval($_POST["acat_new"]) == 0 && intval($_POST["acat_id"])) {
if (trim($_POST["acat_name"])) {
$cache_timeout = clean_slweg($_POST["acat_timeout"]);
if (isset($_POST['acat_cacheoff']) && intval($_POST['acat_cacheoff'])) {
$cache_timeout = 0;
//check if cache = Off
}
$sql = "UPDATE " . DB_PREPEND . "phpwcms_articlecat SET " . "acat_name='" . getpostvar($_POST["acat_name"]) . "', " . "acat_info='" . getpostvar($_POST["acat_info"], 32000) . "', " . "acat_alias=" . _dbEscape(proof_alias($_POST["acat_id"], $_POST["acat_alias"])) . ", " . "acat_aktiv=" . (isset($_POST["acat_aktiv"]) ? 1 : 0) . ", " . "acat_struct=" . intval($_POST["acat_struct"]) . ", " . "acat_template=" . intval($_POST["acat_template"]) . ", " . "acat_sort=" . $acat_sort_fallback . ", " . "acat_uid=" . $_SESSION["wcs_user_id"] . ", " . "acat_hidden=" . $acat_hidden . ", " . "acat_ssl=" . (isset($_POST["acat_ssl"]) ? 1 : 0) . ", " . "acat_regonly=" . (isset($_POST["acat_regonly"]) ? 1 : 0) . ", " . "acat_topcount=" . intval($_POST["acat_topcount"]) . ", " . "acat_redirect='" . getpostvar($_POST["acat_redirect"]) . "'," . "acat_order=" . set_correct_ordersort() . ", " . "acat_cache=" . _dbEscape($cache_timeout) . ", " . "acat_nosearch='" . (isset($_POST['acat_nosearch']) ? 1 : '') . "', " . "acat_nositemap=" . (isset($_POST["acat_nositemap"]) ? 1 : 0) . ", " . "acat_permit=" . _dbEscape($acat_permit) . ", " . "acat_maxlist=" . intval($_POST["acat_maxlist"]) . ", " . "acat_cntpart=" . _dbEscape($acat_cntpart) . ", " . "acat_pagetitle='" . getpostvar($_POST["acat_pagetitle"]) . "', " . "acat_paginate=" . (isset($_POST["acat_paginate"]) ? 1 : 0) . ", " . "acat_overwrite='" . getpostvar($_POST["acat_overwrite"]) . "', " . "acat_archive=" . (empty($_POST["acat_archive"]) ? 0 : 1) . ", " . "acat_class=" . _dbEscape($acat_class) . ", " . "acat_keywords=" . _dbEscape($acat_keywords) . "," . "acat_cpdefault=" . intval($_POST["acat_cpdefault"]) . ',' . "acat_lang=" . _dbEscape($acat_lang) . ',' . "acat_lang_type=" . _dbEscape($acat_lang_type) . ',' . "acat_lang_id=" . _dbEscape($acat_lang_id) . ',' . "acat_disable301=" . (empty($_POST["acat_disable301"]) ? '0' : '1') . ',' . "acat_opengraph=" . (empty($_POST["acat_opengraph"]) ? '0' : '1') . ',' . "acat_canonical=" . _dbEscape(clean_slweg($_POST["acat_canonical"], 2000)) . ',' . "acat_breadcrumb=" . $acat_breadcrumb . " WHERE acat_id=" . intval($_POST["acat_id"]);
mysql_query($sql, $db) or die(_report_error('DB', $sql));
}
}
//diverse Aktionen
$do = explode("|", isset($_GET["do"]) ? $_GET["do"] : '');
switch (intval($do[0])) {
case 1:
//Einfügen in
$do[1] = intval($do[1]);
//cut ID
$do[2] = intval($do[2]);
//paste ID
$do[3] = intval($do[3]);
//sort Number
if ($do[1]) {
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// ----------------------------------------------------------------
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// ----------------------------------------------------------------
//Updates the profile datas
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userdetail SET " . "detail_title='" . getpostvar($_POST["form_title"]) . "'," . "detail_firstname='" . getpostvar($_POST["form_firstname"]) . "'," . "detail_lastname='" . getpostvar($_POST["form_lastname"]) . "'," . "detail_company='" . getpostvar($_POST["form_company"]) . "'," . "detail_street='" . getpostvar($_POST["form_street"]) . "'," . "detail_add='" . getpostvar($_POST["form_add"]) . "'," . "detail_city='" . getpostvar($_POST["form_city"]) . "'," . "detail_zip='" . getpostvar($_POST["form_zip"]) . "'," . "detail_region='" . getpostvar($_POST["form_region"]) . "'," . "detail_country='" . getpostvar($_POST["form_country"]) . "'," . "detail_fon='" . getpostvar($_POST["form_fon"]) . "'," . "detail_fax='" . getpostvar($_POST["form_fax"]) . "'," . "detail_mobile='" . getpostvar($_POST["form_mobile"]) . "'," . "detail_signature='" . getpostvar(mb_substr($_POST["form_signature"], 0, 250)) . "'," . "detail_prof='" . getpostvar($_POST["form_prof"]) . "'," . "detail_notes='" . getpostvar(mb_substr($_POST["form_notes"], 0, 3000)) . "'," . "detail_public=" . (empty($_POST["form_public"]) ? 0 : 1) . "," . "detail_newsletter=" . (empty($_POST["form_newsletter"]) ? 0 : 1) . " WHERE " . "detail_pid=" . $_SESSION["wcs_user_id"];
if (mysql_query($sql)) {
$detail_updated = $BL['be_profile_update_success'];
} else {
$detail_updated = $BL['be_profile_update_error'];
}
function zone_browser($like = NULL, $highlight = NULL)
{
global $zone_group_size, $soa_table_name, $rr_table_name, $use_pgsql;
echo "<DIV align=center>\n";
if ($zone_group_size == 0) {
$res = sql_query(soa_select() . " ORDER BY origin") or ErrSQL("Error loading SOA record(s).");
} else {
/* Get current offset and total number of zones */
$page = getpostvar('page');
$total = sql_count("SELECT COUNT(*) FROM {$soa_table_name} {$like}", "number of SOA records");
$offset = offset_select($page, $total, $zone_group_size, "action=browse");
$query = soa_select() . " {$like} ORDER BY origin ";
if ($use_pgsql) {
$query .= "LIMIT {$zone_group_size} OFFSET {$offset}";
} else {
$query .= "LIMIT {$offset},{$zone_group_size}";
}
$res = sql_query($query) or ErrSQL("Error loading SOA record(s).");
}
?>
<TABLE class=browserBox cellspacing=0>
<?php
while ($soa = sql_fetch_array($res)) {
$record_count = sql_count("SELECT COUNT(*) FROM {$rr_table_name} WHERE zone={$soa['id']}", "number of resource records in zone {$soa['id']}");
$output_origin = $soa['origin'];
if ($highlight) {
$output_origin = str_replace($highlight, "<span class=highlight>{$highlight}</span>", $output_origin);
}
?>
<TR bgcolor="<?php
echo bgcolor();
?>
">
<TD class=browserCellLeft><A href="<?php
echo $_SERVER['PHP_SELF'];
?>
?zone=<?php
echo $soa['id'];
?>
"
title="Edit zone <?php
echo $soa['id'];
?>
"><?php
echo $output_origin;
?>
</A>
<TD class=browserCellRight><?php
echo nf($record_count);
?>
record(s)
<?php
}
echo "</TABLE>\n";
echo "</DIV>\n";
}
