/** * GetPostOrGet * * This function make it easier to catch a variable which is send by GET or POST * if the variable dosen't exist this function returns null * @return mixed * @var Name $Name is the name of the variable wthich value is to return */ function GetPostOrGet($Name) { global $_POST, $_GET; $value = null; // no GET- or POST-variable available if (isset($_POST[$Name])) { // exists an POST-value? $value = $_POST[$Name]; } else { if (isset($_GET[$Name])) { // exists an GET-value? $value = $_GET[$Name]; } } $value = MakeSecure($value); return $value; }
function Save($page_id) { global $user, $admin_lang; $page_edit_comment = GetPostOrGet('pageEditComment'); $page_title = GetPostOrGet('pageTitle'); $page_text = GetPostOrGet('pageText'); if (GetPostOrGet('pagePreview') != '') { return $this->Edit($page_id, $page_title, $page_text, $page_edit_comment); } if (GetPostOrGet('pageAbort') != '') { header('Location: admin.php?page=pagestructure'); die; } if ($page_title != '' && $page_id != '' && $page_text != '') { $sql = "SELECT struct.*, text.*\r\n\t\t\t\tFROM ( " . DB_PREFIX . "pages struct\r\n\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text text ON text.page_id = struct.page_id )\r\n\t\t\t\tWHERE struct.page_id='{$page_id}' AND struct.page_type='text'"; $old_result = db_result($sql); $html = TextActions::ConvertToPreHTML($page_text); if ($old = mysql_fetch_object($old_result)) { // exists the page? if ($old->page_title != $page_title || MakeSecure($old->text_page_html) != $html) { if (!($page_title == $old->page_title && $old->text_page_text == '')) { $sql = "INSERT INTO " . DB_PREFIX . "pages_history (page_id, page_type, page_name, page_title, page_parent_id, page_lang, page_creator, page_date, page_edit_comment)\r\n\t\t\t\t\t\t\t\tVALUES({$old->page_id}, '{$old->page_type}', '{$old->page_name}', '{$old->page_title}', {$old->page_parent_id}, '{$old->page_lang}', {$old->page_creator}, {$old->page_date}, '{$old->page_edit_comment}')"; db_result($sql); $lastid = mysql_insert_id(); $sql = "INSERT INTO " . DB_PREFIX . "pages_text_history (page_id, text_page_text)\r\n\t\t\t\t\t\t\t\tVALUES ({$lastid}, '{$old->text_page_text}')"; db_result($sql); } //$html = TextActions::ConvertToPreHTML($page_text); $sql = "UPDATE " . DB_PREFIX . "pages_text\r\n\t\t\t\t\t\t\tSET text_page_text='{$page_text}', text_page_html='{$html}'\r\n\t\t\t\t\t\t\tWHERE page_id='{$old->page_id}'"; db_result($sql); $sql = "UPDATE " . DB_PREFIX . "pages\r\n\t\t\t\t\t\t\tSET page_creator={$user->ID}, page_date=" . mktime() . ", page_title='{$page_title}', page_edit_comment='{$page_edit_comment}'\r\n\t\t\t\t\t\t\tWHERE page_id={$page_id}"; db_result($sql); header("Location: admin.php?page=pagestructure"); return "Die Seite sollte gespeichert sein!"; } else { // no changes // TODO: Show it to the user return "keine Veränderungen!!"; } } else { // it dosen't // TODO: Show it to the user return "error2!!"; } } else { //restore the old version if $change is given $change = GetPostOrGet('change'); $sure = GetPostOrGet('sure'); if (is_numeric($change)) { //load old version //load actual version $sql = "SELECT struct.*, text.*\r\n\t\t\t\t\t\tFROM ( " . DB_PREFIX . "pages struct\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text text ON text.page_id = struct.page_id )\r\n\t\t\t\t\t\tWHERE struct.page_id='{$page_id}' AND struct.page_type='text'"; $actual_result = db_result($sql); $sql = "SELECT *\r\n\t\t\t\t\t\tFROM (" . DB_PREFIX . "pages_history page\r\n\t\t\t\t\t\tLEFT JOIN " . DB_PREFIX . "pages_text_history text ON text.page_id = page.id ) \r\n\t\t\t\t\t\tWHERE page.page_id={$page_id}\r\n\t\t\t\t\t\tORDER BY page.page_date ASC\r\n\t\t\t\t\t\tLIMIT " . ($change - 1) . ",1"; $old_result = db_result($sql); if (($old = mysql_fetch_object($old_result)) && ($actual = mysql_fetch_object($actual_result))) { if ($sure == 1) { $sql = "INSERT INTO " . DB_PREFIX . "pages_history (page_id, page_type, page_name, page_title, page_parent_id, page_lang, page_creator, page_date, page_edit_comment)\r\n\t\t\t\t\t\t\t\tVALUES({$actual->page_id}, '{$actual->page_type}', '{$actual->page_name}', '{$actual->page_title}', {$actual->page_parent_id}, '{$actual->page_lang}', {$actual->page_creator}, {$actual->page_date}, '{$actual->page_edit_comment}')"; db_result($sql); $lastid = mysql_insert_id(); $sql = "INSERT INTO " . DB_PREFIX . "pages_text_history (page_id, text_page_text)\r\n\t\t\t\t\t\t\t\tVALUES ({$lastid}, '{$actual->text_page_text}')"; db_result($sql); $html = TextActions::ConvertToPreHTML($old->text_page_text); $sql = "UPDATE " . DB_PREFIX . "pages_text\r\n\t\t\t\t\t\t\t\tSET text_page_text='{$old->text_page_text}', text_page_html='{$html}'\r\n\t\t\t\t\t\t\t\tWHERE page_id='{$page_id}'"; db_result($sql); $page_edit_comment = sprintf($admin_lang['restored_from_version'], $change); $sql = "UPDATE " . DB_PREFIX . "pages\r\n\t\t\t\t\t\t\t\tSET page_creator={$user->ID}, page_date=" . mktime() . ", page_title='{$old->page_title}', page_edit_comment='{$page_edit_comment}'\r\n\t\t\t\t\t\t\t\tWHERE page_id={$page_id}"; db_result($sql); header("Location: admin.php?page=pagestructure"); } else { $out = ''; $out .= "Möchten Sie diesen Text:<pre class=\"code\">{$actual->text_page_text}</pre>wirklich durch diesen Text:<pre class=\"code\">{$old->text_page_text}</pre>ersetzen?<br />\r\n\t\t\t\t\t\t\t\t<a href=\"admin.php?page=pagestructure&action=savePage&pageID={$page_id}&change={$change}&sure=1\" class=\"button\">" . $admin_lang['yes'] . "</a>\r\n\t\t \t\t\t\t\t\t<a href=\"admin.php?page=pagestructure&action=pageInfo&pageID={$page_id}\" class=\"button\">" . $admin_lang['no'] . "</a>"; return $out; } } } // TODO: Manage Errors and show them to the user return "error!!"; } }