Ejemplo n.º 1
0
function op_revaluetok()
{
    if (!welcome_here()) {
        return;
    }
    if (!get_input_string('tokname', 'token name', $tokname)) {
        return;
    }
    if (!get_input_int('newval', 'new token value', $newval)) {
        return;
    }
    if (!get_input_string('extname', 'extension name', $extname)) {
        return;
    }
    if (!get_input_int('extid', 'extension id', $extid)) {
        return;
    }
    // see if it's already in the database...
    $sqlnewval = db_escape_string($newval);
    $sql = 'select tok.*, ext.extname from alextreg_tokens as tok' . ' left outer join alextreg_extensions as ext' . ' on tok.extid=ext.id' . " where (tokenval={$newval})";
    $query = do_dbquery($sql);
    if ($query == false) {
        return;
    }
    // error output is handled in database.php ...
    if (db_num_rows($query) > 0) {
        write_error('Please note the new token value is in use, which may be okay. Below is what a search turned up.');
        render_token_list(false, $query);
    }
    // if
    db_free_result($query);
    $hex = '';
    if (sscanf($newval, "0x%X", &$dummy) != 1) {
        $hex = sprintf(" (0x%X hex)", $newval);
    }
    // !!! FIXME: faster way to do this?
    // Just a small sanity check.
    $cookie = $_REQUEST['iamsure'];
    if (!empty($cookie) and $cookie == $_SERVER['REMOTE_ADDR']) {
        $sqltokname = db_escape_string($tokname);
        $sqlauthor = db_escape_string($_SERVER['REMOTE_USER']);
        // ok, nuke it.
        $sql = "update alextreg_tokens set tokenval={$newval}," . " lastedit=NOW(), lasteditauthor='{$sqlauthor}'" . " where tokenname='{$sqltokname}'";
        if (do_dbupdate($sql) == 1) {
            update_papertrail("Token '{$tokname}' revalued to '{$newval}'{$hex}", $sql, $extid);
            do_showext($extname);
        }
        // if
    } else {
        $form = get_form_tag();
        $htmlnewval = htmlentities($newval, ENT_QUOTES);
        $htmlextname = htmlentities($extname, ENT_QUOTES);
        $htmltokname = htmlentities($tokname, ENT_QUOTES);
        echo "About to change the value of a token named '{$htmltokname}' to {$newval}{$hex}.<br>\n";
        echo "...if you're sure, click 'Confirm'...<br>\n";
        echo "{$form}\n";
        echo "<input type='hidden' name='iamsure' value='{$_SERVER['REMOTE_ADDR']}'>\n";
        echo "<input type='hidden' name='extid' value='{$extid}'>\n";
        echo "<input type='hidden' name='newval' value='{$htmlnewval}'>\n";
        echo "<input type='hidden' name='tokname' value='{$htmltokname}'>\n";
        echo "<input type='hidden' name='extname' value='{$htmlextname}'>\n";
        echo "<input type='hidden' name='operation' value='op_revaluetok'>\n";
        echo "<input type='submit' name='form_submit' value='Confirm'>\n";
        echo "</form>\n";
    }
    // else
}
Ejemplo n.º 2
0
function op_showext()
{
    if (!get_input_string('extname', 'extension name', $extname)) {
        return;
    }
    do_showext($extname);
}