<?php
/**
* CMS module: Download Gallery 3
* Copyright and more information see file info.php
**/
require realpath(dirname(__FILE__) . '/../../config.php');
// check permissions
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
$dlgmodname = str_replace(str_replace('\\', '/', WB_PATH) . '/modules/', '', str_replace('\\', '/', dirname(__FILE__)));
if (!($admin->is_authenticated() && $admin->get_permission($dlgmodname, 'module'))) {
header('Location: ../../index.php');
}
require_once WB_PATH . '/framework/class.order.php';
// if there's no item_id, it should be a group
if (!isset($_POST['item_id'])) {
if (!isset($_POST['group_id'])) {
} else {
$group_id = is_numeric($_POST['group_id']) ? $_POST['group_id'] : NULL;
$prev_id = is_numeric($_POST['prev_id']) ? $_POST['prev_id'] : NULL;
// new position
$o = new order(TABLE_PREFIX . $tablename . '_groups', 'position', 'group_id', 'section_id');
if ($group_id) {
if ($prev_id) {
$pos = $database->get_one('SELECT `position` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $prev_id . "'");
} else {
$pos = 0;
}
$database->query("UPDATE `" . TABLE_PREFIX . $tablename . "_groups` SET `position` = '" . $pos++ . "' WHERE `group_id` = '" . $group_id . "'");
$section_id = $database->get_one('SELECT `section_id` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $group_id . "'");
if (!file_exists(WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php')) {
// no module language file exists for the language set by the user, include default module language file DE.php
require_once WB_PATH . '/modules/foldergallery/languages/DE.php';
} else {
// a module language file exists for the language defined by the user, load it
require_once WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php';
}
// First we prevent direct access and check for variables
if (!isset($_POST['action']) or !isset($_POST['recordsArray'])) {
// now we redirect to index, if you are in subfolder use ../index.php
header('Location: ../../index.php');
} else {
// check if user has permissions to access the module
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('foldergallery', 'module'))) {
die(header('Location: ../../index.php'));
}
// Sanitized variables
$action = $admin->add_slashes($_POST['action']);
$updateRecordsArray = isset($_POST['recordsArray']) ? $_POST['recordsArray'] : array();
// This line verifies that in &action is not other text than "updateRecordsListings", if something else is inputed (to try to HACK the DB), there will be no DB access..
if ($action == "updateRecordsListings") {
$listingCounter = 1;
$output = "";
foreach ($updateRecordsArray as $recordIDValue) {
$database->query("UPDATE `" . TABLE_PREFIX . "mod_foldergallery_categories` SET position = " . $listingCounter . " WHERE `id` = " . $recordIDValue);
$listingCounter++;
}
echo '<img src="' . WB_URL . '/modules/jsadmin/images/success.gif" style="vertical-align:middle;"/> <span style="font-size: 80%">' . $MOD_FOLDERGALLERY['REORDER_INFO_SUCESS'] . '</span>';
}
<?php
/*
Drag'N'Drop Position
*/
if (!isset($_POST['action']) || !isset($_POST['row'])) {
header('Location: ../../index.php');
} else {
require '../../config.php';
// Check if user has permissions to access the Bakery module
require_once '../../framework/class.admin.php';
$admin = new admin('Modules', 'module_view', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('bakery', 'module'))) {
die(header('Location: ../../index.php'));
}
// Sanitize variable
$action = $admin->add_slashes($_POST['action']);
// We just get the array here, and few lines below we sanitize it
$row = $_POST['row'];
$sID = $database->get_one("SELECT section_id FROM " . TABLE_PREFIX . "mod_bakery_items WHERE item_id = " . intval($row[0]));
/*
Bakery isn't using ordering (ASC/DESC) so we comment this code
$sorting = $database->get_one("SELECT ordering FROM ".TABLE_PREFIX."bakery_settings WHERE section_id = ".$sID." ");
if($sorting == 1) // DESC == new first
{
$row = array_reverse($row);
}
*/
// For security reasons (to prevent db hacks) this line verifies that
// in the $action var there is no other text than "updatePosition"
require_once dirname(__FILE__) . '/../../../config.php';
if (!defined('WB_PATH')) {
die("sorry, no access..");
}
//Das muss hier so gemacht werden:
require_once '../info.php';
$mod_dir = $module_directory;
$tablename = $module_directory;
$mpath = WB_PATH . '/modules/' . $mod_dir . '/';
require_once $mpath . '/functions.php';
// Include WB functions file
require WB_PATH . '/framework/functions.php';
$theauto_header = false;
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('Pages', 'pages_modify', $theauto_header, TRUE);
if (!$admin->is_authenticated()) {
die;
}
if ($admin->get_user_id() > 1) {
echo '<h1>Access for admin 1 only</h1>';
}
// Get id
$copysection = '';
if (isset($_GET['copysection']) and is_numeric($_POST['copysection'])) {
$copysection = ' AND section_id = ' . $_GET['copysection'] . ' ';
//Nur diese Section copieren
}
// Einen Datensatz abfragen unf ggf Feld 'is_topic_id' einfügen.
$sql = 'SELECT * FROM `' . TABLE_PREFIX . 'mod_news_posts` WHERE active=1 ' . $copysection . ' AND is_topic_id = 0 LIMIT 1';
$query_post = $database->query($sql);
if ($database->is_error()) {
// load outputfilter-functions
require_once dirname(dirname(__FILE__)) . "/functions.php";
$aJsonRespond = array();
$aJsonRespond['success'] = false;
$aJsonRespond['message'] = '';
$aJsonRespond['icon'] = '';
if (!isset($_POST['action']) || !isset($_POST['id'])) {
$aJsonRespond['message'] = 'one of the parameters does not exist';
exit(json_encode($aJsonRespond));
} else {
$aRows = $_POST['id'];
require_once '../../../config.php';
// check if user has permissions to access the outputfilter_dashboard module
require_once WB_PATH . '/framework/class.admin.php';
$admin = new admin('admintools', 'admintools', false, false);
if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) {
$aJsonRespond['message'] = 'insuficcient rights';
exit(json_encode($aJsonRespond));
}
// Sanitize variables
$action = $admin->add_slashes($_POST['action']);
if ($action == "updatePosition") {
$i = array();
$i_keys = array();
foreach (opf_get_types() as $type => $typename) {
$i[$type] = 1;
$i_keys[] = $type;
}
foreach ($aRows as $recID) {
$id = $admin->checkIDKEY($recID, 0, 'key', true);
$filter = opf_get_data($id);