function op_revaluetok()
{
if (!welcome_here()) {
return;
}
if (!get_input_string('tokname', 'token name', $tokname)) {
return;
}
if (!get_input_int('newval', 'new token value', $newval)) {
return;
}
if (!get_input_string('extname', 'extension name', $extname)) {
return;
}
if (!get_input_int('extid', 'extension id', $extid)) {
return;
}
// see if it's already in the database...
$sqlnewval = db_escape_string($newval);
$sql = 'select tok.*, ext.extname from alextreg_tokens as tok' . ' left outer join alextreg_extensions as ext' . ' on tok.extid=ext.id' . " where (tokenval={$newval})";
$query = do_dbquery($sql);
if ($query == false) {
return;
}
// error output is handled in database.php ...
if (db_num_rows($query) > 0) {
write_error('Please note the new token value is in use, which may be okay. Below is what a search turned up.');
render_token_list(false, $query);
}
// if
db_free_result($query);
$hex = '';
if (sscanf($newval, "0x%X", &$dummy) != 1) {
$hex = sprintf(" (0x%X hex)", $newval);
}
// !!! FIXME: faster way to do this?
// Just a small sanity check.
$cookie = $_REQUEST['iamsure'];
if (!empty($cookie) and $cookie == $_SERVER['REMOTE_ADDR']) {
$sqltokname = db_escape_string($tokname);
$sqlauthor = db_escape_string($_SERVER['REMOTE_USER']);
// ok, nuke it.
$sql = "update alextreg_tokens set tokenval={$newval}," . " lastedit=NOW(), lasteditauthor='{$sqlauthor}'" . " where tokenname='{$sqltokname}'";
if (do_dbupdate($sql) == 1) {
update_papertrail("Token '{$tokname}' revalued to '{$newval}'{$hex}", $sql, $extid);
do_showext($extname);
}
// if
} else {
$form = get_form_tag();
$htmlnewval = htmlentities($newval, ENT_QUOTES);
$htmlextname = htmlentities($extname, ENT_QUOTES);
$htmltokname = htmlentities($tokname, ENT_QUOTES);
echo "About to change the value of a token named '{$htmltokname}' to {$newval}{$hex}.<br>\n";
echo "...if you're sure, click 'Confirm'...<br>\n";
echo "{$form}\n";
echo "<input type='hidden' name='iamsure' value='{$_SERVER['REMOTE_ADDR']}'>\n";
echo "<input type='hidden' name='extid' value='{$extid}'>\n";
echo "<input type='hidden' name='newval' value='{$htmlnewval}'>\n";
echo "<input type='hidden' name='tokname' value='{$htmltokname}'>\n";
echo "<input type='hidden' name='extname' value='{$htmlextname}'>\n";
echo "<input type='hidden' name='operation' value='op_revaluetok'>\n";
echo "<input type='submit' name='form_submit' value='Confirm'>\n";
echo "</form>\n";
}
// else
}
function do_showext($extname)
{
$sqlextname = db_escape_string($extname);
$sql = "select * from alextreg_extensions" . " where extname='{$sqlextname}'";
if (!is_authorized_vendor()) {
$sql .= " and (public=1)";
}
$query = do_dbquery($sql);
if ($query == false) {
return;
} else {
if (db_num_rows($query) == 0) {
write_error('No such extension.');
} else {
// just in case there's more than one for some reason...
while (($row = db_fetch_array($query)) != false) {
show_one_extension($row);
}
}
}
// else
db_free_result($query);
}
