function replace_glossary_tag($matches)
{
global $content;
$inner = trim($matches[2]);
// search keyword in glossary table
$keyword = trim($matches[1]);
if ($keyword !== '') {
$keyword = html_entity_decode($keyword, ENT_QUOTES, PHPWCMS_CHARSET);
// check against cache
if (!isset($content['glossary_cache'][$keyword])) {
$like = aporeplace($keyword);
$where = 'glossary_status=1 AND glossary_highlight=1 AND (';
$where .= "glossary_keyword LIKE '" . $like . "' OR ";
$where .= "glossary_keyword LIKE '" . $like . ",%' OR ";
$where .= "glossary_keyword LIKE '%, " . $like . ",%' OR ";
$where .= "glossary_keyword LIKE '%, " . $like . "'";
$where .= ')';
// retrieve only single keyword that matches best
$entry = _dbGet('phpwcms_glossary', 'glossary_title, glossary_keyword, glossary_text, COUNT(glossary_id) AS count_all', $where, 'glossary_id', 'count_all DESC', '1');
if (isset($entry[0])) {
// get keywords to store each in cache
$keywords = convertStringToArray($entry[0]['glossary_keyword']);
$title = empty($entry[0]['glossary_title']) ? $inner : html($entry[0]['glossary_title']);
$text = trim(clean_slweg($entry[0]['glossary_text']));
// store glossary item in cache
foreach ($keywords as $key) {
$content['glossary_cache'][$key] = array('title' => $title, 'text' => $text);
}
}
}
// create ABBR
if (isset($content['glossary_cache'][$keyword])) {
$inner = '<abbr class="glossary" title="' . $content['glossary_cache'][$keyword]['title'] . ' :: ' . $content['glossary_cache'][$keyword]['text'] . '">' . $inner . '</abbr>';
}
}
return $inner;
}
if (isset($all[$key]['article_image']['prev']) && !empty($all[$key]['article_image']['id'])) {
//dumpVar($all[$key]);
unset($all[$key]['article_image']['prev']);
unset($all[$key]['article_image']['prev_info']);
unset($all[$key]['article_image']['prev_make']);
unset($all[$key]['article_image']['add']);
unset($all[$key]['article_image']['cname']);
$all[$key]['article_image']['id'] = intval($all[$key]['article_image']['id']);
// retrieve image information
$file = _dbQuery("SELECT f_id, f_hash, f_ext FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $all[$key]['article_image']['id'] . " LIMIT 1");
if (!empty($file[0]['f_id']) && $file[0]['f_id'] == $all[$key]['article_image']['id']) {
$all[$key]['article_image']['hash'] = $file[0]['f_hash'];
$all[$key]['article_image']['ext'] = $file[0]['f_ext'];
$all[$key]['article_image']['list_usesummary'] = 1;
$sql = "UPDATE " . DB_PREPEND . "phpwcms_article SET ";
$sql .= "article_image = '" . aporeplace(serialize($all[$key]['article_image'])) . "',";
$sql .= "article_tstamp = '" . $all[$key]['article_tstamp'] . "' WHERE article_id = " . $all[$key]['article_id'] . " LIMIT 1";
$result = _dbQuery($sql, 'UPDATE');
echo '<pre';
if ($result === false) {
echo ' style="color:#CC3300"';
}
echo '>[ID:' . sprintf('%04s', $all[$key]['article_id']) . '] ' . html_specialchars($all[$key]['article_title']);
echo '</pre>' . LF;
}
} else {
unset($all[$key]);
}
}
}
?>
$_userInfo['csv'] = csvFileToArray($_FILES['cvsfile']['tmp_name'], $_userInfo['delimeter']);
if (is_array($_userInfo['csv'])) {
$_userInfo['nonImported'] = array();
$c = 1;
$_userInfo['csvTime'] = time();
foreach ($_userInfo['csv'] as $row) {
if (!isset($row[1])) {
$row[1] = '';
}
if (!empty($row[0]) && is_valid_email($row[0])) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_address (";
$sql .= "address_email, address_name, address_key, address_subscription, address_verified, address_tstamp) VALUES (";
$sql .= "'" . aporeplace($row[0]) . "', ";
$sql .= "'" . aporeplace($row[1]) . "', ";
$sql .= "'" . aporeplace(shortHash($row[0] . time())) . "', ";
$sql .= "'" . ($_userInfo['subscribe_all'] ? '' : aporeplace(serialize($_userInfo['subscribe_select']))) . "', ";
$sql .= $_userInfo['subscribe_active'] . ", FROM_UNIXTIME(" . $_userInfo['csvTime'] . ") )";
$sql = _dbQuery($sql, 'INSERT');
if (empty($sql['INSERT_ID'])) {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1] . ' (' . mysql_error() . ')';
}
} else {
$_userInfo['nonImported'][$c] = $row[0] . '; ' . $row[1];
}
$c++;
}
}
break;
default:
$_userInfo['csvError'] = 'False MIME TYPE. Be sure to upload CSV file only.';
@unlink($_FILES['cvsfile']['tmp_name']);
$media["media_width"] = intval($media["media"][3]);
$media["media_height"] = intval($media["media"][4]);
$media["media_auto"] = intval($media["media"][8]) ? 1 : 0;
$media["media_transparent"] = isset($media["media"][9]) ? intval($media["media"][9]) : 0;
$media["media_control"] = intval($media["media"][7]) ? 1 : 0;
if ($media["media_src"]) {
// remote Source
$media["media_extern"] = base64_decode($media["media"][6]);
$media["media_id"] = 0;
$media["media_name"] = '';
} else {
//internal source
list($media["media_id"], $media["media_name"]) = explode(':', base64_decode($media["media"][6]));
$media["media_id"] = intval($media["media_id"]);
$media["media_name"] = trim($media["media_name"]);
$media["media_extern"] = '';
}
unset($media["media"]);
$sql = "UPDATE " . DB_PREPEND . "phpwcms_articlecontent SET ";
$sql .= "acontent_form='" . aporeplace(serialize($media)) . "', acontent_media='', ";
$sql .= "acontent_created='" . $var["acontent_created"] . "', acontent_tstamp='" . $var["acontent_tstamp"] . "' ";
$sql .= "WHERE acontent_id = " . $var["acontent_id"];
$upgrade = _dbQuery($sql, 'UPDATE');
echo sprintf('%05d: ', $c) . ' CP-ID: ' . $var['acontent_id'] . LF;
flush();
$c++;
}
if ($c == 1) {
echo 'No content part multimedia found for upgrading!';
}
echo '</pre></body></html>';
if ($fileExt === '') {
$file_error["file"] = sprintf($BL['be_fprivup_err9'], implode(', ', $phpwcms['allowed_upload_ext']));
} elseif (is_array($phpwcms['allowed_upload_ext']) && count($phpwcms['allowed_upload_ext']) && !in_array(strtolower($fileExt), $phpwcms['allowed_upload_ext'])) {
$file_error["file"] = sprintf($BL['be_fprivup_err8'], strtoupper($fileName), implode(', ', $phpwcms['allowed_upload_ext']));
}
}
}
if (empty($file_error)) {
if (isset($file_vars)) {
$fileVarsField = ',f_vars';
$fileVarsValue = ',' . _dbEscape(serialize($file_vars));
} else {
$fileVarsField = '';
$fileVarsValue = '';
}
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_file (" . "f_pid, f_uid, f_kid, f_aktiv, f_public, f_name, f_created, f_size, f_type, f_ext, " . "f_shortinfo, f_longinfo, f_keywords, f_hash, f_copyright, f_tags, f_granted, f_gallerystatus, f_sort" . $fileVarsField . ") VALUES (" . $file_pid . ", " . intval($_SESSION["wcs_user_id"]) . ", 1, " . $file_aktiv . ", " . $file_public . ", '" . $fileName . "', '" . time() . "', '" . $fileSize . "', '" . aporeplace($fileType) . "', '" . $fileExt . "', '" . aporeplace($file_shortinfo) . "', '" . aporeplace($file_longinfo) . "', '" . aporeplace($file_keys) . "', '" . aporeplace($fileHash) . "', '" . aporeplace($file_copyright) . "', '" . aporeplace($file_tags) . "', " . $file_granted . ", " . $file_gallerydownload . ", " . $file_sort . $fileVarsValue . ")";
if ($result = mysql_query($sql, $db) or die("error while insert file information")) {
$new_fileId = mysql_insert_id($db);
//Festlegen der aktuellen File-ID
$wcs_newfilename = $fileExt ? $fileHash . '.' . $fileExt : $fileHash;
// changed for using hashed file names
$useruploadpath = PHPWCMS_ROOT . $phpwcms["file_path"];
$usernewfile = $useruploadpath . $wcs_newfilename;
if ($dir = @opendir($useruploadpath)) {
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
$file_error["upload"] = $BL['be_fprivup_err3'] . ' (1)';
}
} else {
$oldumask = umask(0);
if (@mkdir($useruploadpath, 0777)) {
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
}
if (!empty($_POST["fkey_aktion"])) {
//Formular zum Bearbeiten der Dateischlüssel-Namen
$fkey["name"] = clean_slweg($_POST["fkey_name"], 250);
$fkey["id"] = intval($_POST["fkey_id"]);
$fkey["active"] = intval($_POST["fkey_active"]);
$fkey["cid"] = intval($_POST["fkey_cid"]);
$fkey["sort"] = empty($_POST["fkey_sort"]) ? 0 : intval($_POST["fkey_sort"]);
if (isEmpty($fkey["name"])) {
$fkey["error"] = 1;
} else {
if (!$fkey["id"]) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_filekey (fkey_name, fkey_aktiv, fkey_cid, fkey_sort) VALUES ('";
$sql .= aporeplace($fkey["name"]) . "', " . $fkey["active"] . ", " . $fkey["cid"] . ", " . $fkey["sort"] . ")";
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_filekey SET fkey_name='" . aporeplace($fkey["name"]);
$sql .= "', fkey_aktiv=" . $fkey["active"] . ", fkey_cid=" . $fkey["cid"] . ", fkey_sort=" . $fkey["sort"] . " WHERE fkey_id=" . $fkey["id"];
}
if ($result = mysql_query($sql, $db) or die("error while inserting/updating file key")) {
if (!$fkey["id"]) {
$fkey["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . "phpwcms.php?do=admin&p=7");
}
}
}
?>
<form action="phpwcms.php?do=admin&p=7&fkeyid=<?php
echo $fkey["id"] . "&cid=" . $fkey["cid"];
?>
" method="post" name="filekey" id="filekey">
$newimage .= $frow['f_hash'];
$newimage .= ':';
$newimage .= $frow['f_ext'];
$newimage .= ':';
$newimage .= $image[3];
$newimage .= ':';
$newimage .= $image[4];
$newimage .= ':';
$newimage .= $image[7];
$newimage .= ':';
$newimage .= $image[5];
$newimage .= ':';
$newimage .= isset($image[8]) && intval($image[8]) ? 1 : 0;
// check if this is an updated content part
if ($image[2] != $frow['f_hash'] && $image[3] != $frow['f_ext']) {
$usql = "UPDATE " . DB_PREPEND . "phpwcms_articlecontent SET ";
$usql .= "acontent_image='" . aporeplace($newimage) . "' ";
$usql .= "WHERE acontent_id=" . $row['acontent_id'] . " LIMIT 1";
mysql_query($usql, $db);
echo 'Image ' . sprintf('%05d: ', $linenumber) . html_specialchars($frow['f_name']) . "\n";
}
}
mysql_free_result($fresult);
}
flush();
$linenumber++;
}
if (empty($usql)) {
echo 'None of the content parts "image with text" needs to be upgraded.';
}
echo '</pre></body></html>';
}
} else {
// INSERT
$sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_glossary (';
$sql .= 'glossary_created, glossary_changed, glossary_title, glossary_tag, ';
$sql .= 'glossary_keyword, glossary_text, glossary_highlight, glossary_object, glossary_status';
$sql .= ') VALUES (';
$sql .= "'" . aporeplace($plugin['data']['glossary_created']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['glossary_changed']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['glossary_title']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['glossary_tag']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['glossary_keyword']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['glossary_text']) . "', ";
$sql .= aporeplace($plugin['data']['glossary_highlight']) . ', ';
$sql .= "'" . aporeplace(serialize($plugin['data']['glossary_object'])) . "', ";
$sql .= aporeplace($plugin['data']['glossary_status']);
$sql .= ')';
if (@_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF));
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$sql = 'SELECT *,';
$sql .= "DATE_FORMAT(adcampaign_datestart, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS adcampaign_date_start, ";
$plugin['order_status'][] = 'PAYED';
}
if (!empty($_POST['status_send'])) {
$plugin['order_status'][] = 'SENT';
}
if (!empty($_POST['status_back'])) {
$plugin['order_status'][] = 'RETURN';
}
if (!empty($_POST['status_done'])) {
$plugin['order_status'][] = 'COMPLETED';
}
$plugin['order_status'] = implode('-', $plugin['order_status']);
if ($plugin['order_status'] == '') {
$plugin['order_status'] = 'NEW-ORDER';
}
$sql = 'UPDATE ' . DB_PREPEND . "phpwcms_shop_orders SET order_status='" . aporeplace($plugin['order_status']) . "' ";
$sql .= "WHERE order_id=" . intval($_POST['order_status']);
if (_dbQuery($sql, 'UPDATE')) {
set_status_message($BLM['shopprod_status_msg'], 'success');
}
}
$sql = 'SELECT *, UNIX_TIMESTAMP(order_date) AS order_date_unix FROM ' . DB_PREPEND . 'phpwcms_shop_orders ';
$sql .= "WHERE order_id = " . intval($_GET['show']);
$plugin['data'] = _dbQuery($sql);
if (isset($plugin['data'][0])) {
$plugin['data'] = $plugin['data'][0];
$plugin['data']['order_data'] = @unserialize($plugin['data']['order_data']);
} else {
headerRedirect(shop_url('controller=order', ''));
}
$BLM['shopprod_payby_INVOICE'] = $BLM['shopprod_payby_onbill'];
if (!$_entry['list_active']) {
$_entry['query'] .= 'cat_status=0';
}
if (!$_entry['list_inactive']) {
$_entry['query'] .= 'cat_status=1';
}
} else {
$_entry['query'] .= 'cat_status!=9';
}
$_entry['query'] .= " AND cat_type='module_shop'";
if (isset($_SESSION['filter_shop_category']) && is_array($_SESSION['filter_shop_category']) && count($_SESSION['filter_shop_category'])) {
$_entry['filter_array'] = array();
foreach ($_SESSION['filter_shop_category'] as $_entry['filter']) {
//usr_name, usr_login, usr_email
$_entry['filter_array'][] = "cat_name LIKE '%" . aporeplace($_entry['filter']) . "%'";
$_entry['filter_array'][] = "cat_info LIKE '%" . aporeplace($_entry['filter']) . "%'";
}
if (count($_entry['filter_array'])) {
$_SESSION['filter_shop_category'] = ' AND (' . implode(' OR ', $_entry['filter_array']) . ')';
$_entry['query'] .= $_SESSION['filter_shop_category'];
}
} elseif (isset($_SESSION['filter_shop_category']) && is_string($_SESSION['filter_shop_category'])) {
$_entry['query'] .= $_SESSION['filter_shop_category'];
}
// paginating values
$_entry['count_total'] = _dbQuery('SELECT COUNT(cat_id) FROM ' . DB_PREPEND . 'phpwcms_categories WHERE ' . $_entry['query'], 'COUNT');
$_entry['pages_total'] = ceil($_entry['count_total'] / $_SESSION['list_count']);
if ($_SESSION['detail_page'] > $_entry['pages_total']) {
$_SESSION['detail_page'] = empty($_entry['pages_total']) ? 1 : $_entry['pages_total'];
}
?>
}
$phpwcms['SMTP_MAILER'] = clean_slweg($_POST["smtp_mailer"]);
if (!$phpwcms['SMTP_MAILER']) {
$phpwcms['SMTP_MAILER'] = 'mail';
}
$phpwcms['SMTP_AUTH'] = empty($_POST["smtp_auth"]) ? 0 : 1;
$phpwcms['SMTP_USER'] = slweg($_POST["smtp_user"]);
$phpwcms['SMTP_PASS'] = slweg($_POST["smtp_pass"]);
$phpwcms['SMTP_SECURE'] = clean_slweg($_POST["smtp_secure"]);
write_conf_file($phpwcms);
if (!empty($_POST["admin_create"])) {
$db = mysql_connect($phpwcms["db_host"], $phpwcms["db_user"], $phpwcms["db_pass"]);
mysql_select_db($phpwcms["db_table"], $db);
mysql_query("SET NAMES '" . $phpwcms["charset"] . "'", $db);
$phpwcms["db_prepend"] = $phpwcms["db_prepend"] ? $phpwcms["db_prepend"] . "_" : "";
$sql = "INSERT INTO " . $phpwcms["db_prepend"] . "phpwcms_user (usr_login, usr_pass, usr_email, " . "usr_admin, usr_aktiv, usr_name, usr_fe, usr_wysiwyg ) VALUES ('" . aporeplace($phpwcms["admin_user"]) . "', '" . aporeplace(md5($phpwcms["admin_pass"])) . "', '" . aporeplace($phpwcms["admin_email"]) . "', 1, 1, '" . aporeplace($phpwcms['SMTP_FROM_NAME']) . "', 2, 2);";
mysql_query($sql, $db) or $err = 1;
}
if (!$err) {
header("Location: setup.php?step=3");
exit;
}
}
if ($step == 3 && $do) {
$phpwcms['DOC_ROOT'] = clean_slweg($_POST["doc_root"]);
$phpwcms["root"] = clean_slweg($_POST["root"]);
$phpwcms["file_path"] = clean_slweg($_POST["file_path"]);
$phpwcms["templates"] = clean_slweg($_POST["templates"]);
$phpwcms["ftp_path"] = clean_slweg($_POST["ftp_path"]);
$phpwcms["file_path"] = $phpwcms["file_path"] ? $phpwcms["file_path"] : "phpwcms_filestorage";
$phpwcms["templates"] = $phpwcms["templates"] ? $phpwcms["templates"] : "phpwcms_template";
$_SESSION['filter_seo'] = convertStringToArray($_SESSION['filter_seo'], ' ');
$_POST['filter'] = $_SESSION['filter_seo'];
}
$_SESSION['seolog_page'] = intval($_POST['page']);
}
if (empty($_SESSION['seolog_page'])) {
$_SESSION['seolog_page'] = 1;
}
$_entry['list_active'] = isset($_SESSION['list_active']) ? $_SESSION['list_active'] : 1;
$_entry['list_inactive'] = isset($_SESSION['list_inactive']) ? $_SESSION['list_inactive'] : 1;
$_entry['query'] = '';
if (isset($_SESSION['filter_seo']) && is_array($_SESSION['filter_seo']) && count($_SESSION['filter_seo'])) {
$_entry['filter_array'] = array();
foreach ($_SESSION['filter_seo'] as $_entry['filter']) {
//usr_name, usr_login, usr_email
$_entry['filter_array'][] = "CONCAT(domain,query) LIKE '%" . aporeplace($_entry['filter']) . "%'";
}
if (count($_entry['filter_array'])) {
$_SESSION['filter_seo'] = ' AND (' . implode(' OR ', $_entry['filter_array']) . ')';
$_entry['query'] .= $_SESSION['filter_seo'];
}
} elseif (isset($_SESSION['filter_seo']) && is_string($_SESSION['filter_seo'])) {
$_entry['query'] .= $_SESSION['filter_seo'];
}
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_log_seo ';
if ($_entry['query']) {
$sql .= 'WHERE ' . $_entry['query'] . ' ';
}
$sql .= 'GROUP BY hash';
// paginating values
$_entry['count_total'] = _dbQuery($sql, 'COUNT');
$sql .= "address_subscription\t= '" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "' ";
$sql .= 'WHERE ';
if ($_userInfo['count']) {
// update based on email address
$sql .= "address_email='" . aporeplace($_userInfo['subscriber_data']['address_email']) . "'";
} else {
// update based on email address
$sql .= 'address_id=' . $_userInfo['subscriber_data']['address_id'];
$sql .= ' LIMIT 1';
}
_dbQuery($sql, 'UPDATE');
} else {
// insert
$sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_address ';
$sql .= '(address_key, address_email, address_name, address_verified, address_subscription) VALUES (';
$sql .= "'" . aporeplace(shortHash($_userInfo['subscriber_data']['address_email'] . time())) . "', ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_email']) . "', ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_name']) . "', ";
$sql .= $_userInfo['subscriber_data']['address_verified'] . ", ";
$sql .= "'" . aporeplace($_userInfo['subscriber_data']['address_subscription']) . "')";
$_userInfo['result'] = _dbQuery($sql, 'INSERT');
if (!empty($_userInfo['result']['INSERT_ID'])) {
$_userInfo['subscriber_id'] = $_userInfo['result']['INSERT_ID'];
$_userInfo['subscriber_data']['address_id'] = $_userInfo['result']['INSERT_ID'];
}
}
}
// in case data should be saved and closed then
if ($_userInfo['error']['email'] == 0 && (!empty($_POST['save']) || !empty($_userInfo['count']))) {
$_userInfo['subscriber_data'] = false;
}
}
$_SESSION["structure"][$open_id] = $open_value;
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_user SET usr_var_structure=" . _dbEscape(serialize($_SESSION["structure"])) . " WHERE usr_id=" . aporeplace($_SESSION["wcs_user_id"]), $db);
}
//31-03-2005 Fernando Batista start---------------------------------------------------------------------------
$cut_article_content = isset($_GET["accut"]) ? intval($_GET["accut"]) : 0;
$copy_article_content = isset($_GET["accopy"]) ? intval($_GET["accopy"]) : 0;
if (isset($_GET["opena"])) {
list($open_id, $open_value) = explode(":", $_GET["opena"]);
$open_id = intval($open_id);
if (empty($open_value)) {
unset($_SESSION["structure"]["article"][$open_id]);
} else {
$_SESSION["structure"]["article"][$open_id] = $open_value;
}
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_user SET usr_var_structure=" . _dbEscape(serialize($_SESSION["structure"])) . " WHERE usr_id=" . aporeplace($_SESSION["wcs_user_id"]), $db);
}
//31-03-2005 Fernando Batista end-------------------
$child_count = get_root_childcount(0, $db);
//$an = $BL['be_admin_struct_index'];
$an = $indexpage['acat_name'];
$a = "<tr onMouseOver=\"this.bgColor='#CCFF00';\" onMouseOut=\"this.bgColor='#FFFFFF';\">\n";
$a .= '<td width="461">';
$a .= "<table border=\"0\" cellpadding=\"0\" cellspacing=\"0\" summary=\"\">\n<tr>\n";
$a .= '<td nowrap="nowrap">';
$a .= $child_count ? "<a href=\"phpwcms.php?do=articles&open=0:" . ($_SESSION["structure"][0] ? 0 : 1) . "\">" : "";
$a .= "<img src=\"img/symbole/plus_" . ($child_count ? $_SESSION["structure"][0] ? "close" : "open" : "empty");
$a .= ".gif\" width=\"15\" height=\"15\" border=\"0\" alt=\"\">" . ($child_count ? "</a>" : "");
$a .= "<img src=\"img/symbole/page_1.gif\" width=\"11\" height=\"15\" ";
$info = 'ID: <b>0</b><br />';
$info .= 'ALIAS: ' . html($indexpage["acat_alias"]);
}
if ($_userInfo['list_norm']) {
$_userInfo['list'][] = ' usr_fe=1 ';
}
if ($_userInfo['list_fe']) {
$_userInfo['list'][] = ' usr_fe=0 ';
}
$_userInfo['list'] = trim(implode('OR', $_userInfo['list']));
if ($_userInfo['list']) {
$_userInfo['where_query'] .= ' AND (' . $_userInfo['list'] . ')';
}
if (isset($_SESSION['filter_results']) && count($_SESSION['filter_results'])) {
$_userInfo['filter_array'] = array();
foreach ($_SESSION['filter_results'] as $_userInfo['filter']) {
//usr_name, usr_login, usr_email
$_userInfo['filter_array'][] = "CONCAT(usr_name, usr_login, usr_email) LIKE '%" . aporeplace($_userInfo['filter']) . "%'";
}
if (count($_userInfo['filter_array'])) {
$_userInfo['where_query'] .= ' AND (' . implode('OR', $_userInfo['filter_array']) . ')';
}
}
// paginating values
$_userInfo['count_total'] = _dbQuery("SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_user " . $_userInfo['where_query'], 'COUNT');
$_userInfo['pages_total'] = ceil($_userInfo['count_total'] / $_SESSION['list_user_count']);
if ($_SESSION['list_user_page'] > $_userInfo['pages_total']) {
$_SESSION['list_user_page'] = empty($_userInfo['pages_total']) ? 1 : $_userInfo['pages_total'];
}
?>
<table width="538" border="0" cellpadding="0" cellspacing="0" summary="">
<tr><td colspan="3" class="title"><?php
echo $BL['be_admin_usr_ltitle'];
if ($content['glossary']['filter_run']) {
//$content['glossary']['filters'][] = "TRIM(CONCAT(glossary_tag, glossary_title)) LIKE '".aporeplace($content['glossary']['char'])."%'";
$content['glossary']['filters'][] = "glossary_title LIKE '" . aporeplace($content['glossary']['char']) . "%'";
}
if ($content['glossary']['char'] == $content['glossary']['filter'][1]) {
break;
}
}
if (count($content['glossary']['filters'])) {
$content['glossary']['where'] = ' AND (' . implode(' OR ', $content['glossary']['filters']) . ')';
}
}
} else {
//$content['glossary']['where'] = " AND TRIM(CONCAT(glossary_tag, glossary_title)) LIKE '".aporeplace($content['glossary']['glossary_filter_active'])."%'";
if ($content['glossary']['glossary_filter_active'] != '*' && strlen($content['glossary']['glossary_filter_active']) == 1) {
$content['glossary']['where'] = " AND glossary_title LIKE '" . aporeplace($content['glossary']['glossary_filter_active']) . "%'";
}
}
}
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_glossary WHERE glossary_status=1' . $content['glossary']['where'] . ' ORDER BY glossary_title';
$content['glossary']['entries'] = _dbQuery($sql);
$_filter_link = array();
$_filter_c = 0;
foreach ($content['glossary']['glossary_filter'] as $content['glossary']['filter_value']) {
$_filter_link[$_filter_c] = '<a href="' . rel_url(array('glossary' => $content['glossary']['filter_value']));
// yes - this is the active part
if ($content['glossary']['filter_value'] == $content['glossary']['glossary_filter_active']) {
$_filter_link[$_filter_c] .= ' class="active"';
}
$_filter_entities = html_specialchars($content['glossary']['filter_value']);
$_filter_link[$_filter_c] .= ' title="' . $_filter_entities . '">';
if ($check_anzahl["anzahl"]) {
$user_err .= $BL['be_admin_usr_err1'] . "\n";
}
}
mysql_free_result($result);
}
}
if (isEmpty($new_password)) {
$user_err .= $BL['be_admin_usr_err3'] . "\n";
}
if (!is_valid_email($new_email) && $send_verification) {
$user_err .= $BL['be_admin_usr_err4'] . "\n";
}
if (empty($user_err)) {
//Insert new User
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_user (usr_login, usr_pass, usr_email, " . "usr_admin, usr_aktiv, usr_name, usr_wysiwyg, usr_fe ) VALUES ('" . aporeplace($new_login) . "', '" . aporeplace(md5(makeCharsetConversion($new_password, PHPWCMS_CHARSET, 'utf-8'))) . "', '" . aporeplace($new_email) . "', '" . $set_user_admin . "', '" . $set_user_aktiv . "', '" . aporeplace($new_name) . "', 1, '" . $set_user_fe . "')";
if (mysql_query($sql, $db) or die('error while creating new user')) {
$new_user_id = mysql_insert_id($db);
$user_ok = 1;
if ($send_verification) {
$emailbody = str_replace('{LOGIN}', $new_login, $BL['be_admin_usr_mailbody']);
$emailbody = str_replace('{PASSWORD}', $new_password, $emailbody);
$emailbody = str_replace('{SITE}', PHPWCMS_URL, $emailbody);
$emailbody = str_replace('{LOGIN_PAGE}', PHPWCMS_URL . get_login_file(), $emailbody);
sendEmail(array('recipient' => $new_email, 'toName' => $new_name, 'subject' => $BL['be_admin_usr_mailsubject'], 'isHTML' => 0, 'text' => $emailbody, 'from' => $phpwcms["admin_email"], 'sender' => $phpwcms["admin_email"]));
}
}
}
}
if (empty($user_ok)) {
?>
$template['frontendjs'] = empty($_POST["template_frontendjs"]) ? 0 : 1;
$template['googleapi'] = empty($_POST["template_googleapi"]) ? 0 : 1;
// now browse custom blocks if available
if (!empty($_POST['customblock'])) {
$template['customblock'] = clean_slweg($_POST["customblock"]);
$temp_customblock = explode(',', $template['customblock']);
foreach ($temp_customblock as $value) {
$template['customblock_' . $value] = slweg($_POST['template_customblock_' . $value]);
}
}
if ($template["id"] && empty($createcopy)) {
// if ID <> 0 then get template info from database
$sql = "UPDATE " . DB_PREPEND . "phpwcms_template SET " . "template_name='" . aporeplace($template["name"]) . "', " . "template_default=" . $template["default"] . ", " . "template_var='" . aporeplace(serialize($template)) . "' " . "WHERE template_id=" . $template["id"];
} else {
// if ID = 0 then show create new template form
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_template (" . "template_name, template_default, template_var) VALUES ('" . aporeplace($template["name"]) . "', " . $template["default"] . ", '" . aporeplace(serialize($template)) . "')";
}
// update or insert data entry
@mysql_query($sql, $db) or die("error while updating or inserting template datas");
if (empty($template["id"]) || $createcopy == 1) {
$template["id"] = mysql_insert_id($db);
}
//now proof for default template definition
if ($template["default"]) {
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_template SET template_default=0 " . "WHERE template_id != " . $template["id"], $db);
}
update_cache();
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=11&s=' . $template["id"]);
}
if ($template["id"]) {
// read the given template datas from db
}
} else {
// INSERT
$sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_ads_place (';
$sql .= 'adplace_created, adplace_changed, adplace_status, adplace_title, ';
$sql .= 'adplace_format, adplace_width, adplace_height, adplace_prefix, adplace_suffix';
$sql .= ') VALUES (';
$sql .= "'" . aporeplace($plugin['data']['adplace_created']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['adplace_changed']) . "', ";
$sql .= $plugin['data']['adplace_status'] . ", ";
$sql .= "'" . aporeplace($plugin['data']['adplace_title']) . "', ";
$sql .= $plugin['data']['adplace_format'] . ", ";
$sql .= $plugin['data']['adplace_width'] . ", ";
$sql .= $plugin['data']['adplace_height'] . ", ";
$sql .= "'" . aporeplace($plugin['data']['adplace_prefix']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['adplace_suffix']) . "'";
$sql .= ')';
if (@_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&listadplace=1');
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_ads_place WHERE adplace_id=' . $plugin['id'];
$plugin['data'] = _dbQuery($sql);
$sql .= ' AND (';
$sql .= "shopprod_category = '" . $selected_product_cat . "' OR ";
$sql .= "shopprod_category LIKE '%," . $selected_product_cat . ",%' OR ";
$sql .= "shopprod_category LIKE '" . $selected_product_cat . ",%' OR ";
$sql .= "shopprod_category LIKE '%," . $selected_product_cat . "'";
$sql .= ')';
} elseif ($shop_detail_id) {
$sql .= ' AND shopprod_id=' . $shop_detail_id;
} else {
$sql .= ' AND shopprod_listall=1';
}
// FE language
$sql .= SHOP_FELANG_SQL;
$_tmpl['config']['cat_list_sort_by'] = trim($_tmpl['config']['cat_list_sort_by']);
if ($_tmpl['config']['cat_list_sort_by'] !== '') {
$sql .= ' ORDER BY ' . aporeplace($_tmpl['config']['cat_list_sort_by']);
}
$data = _dbQuery($sql);
if (isset($data[0])) {
$x = 0;
$entry = array();
$shop_prod_detail = rel_url(array(), array('shop_detail'));
$_tmpl['config']['init_lightbox'] = false;
foreach ($data as $row) {
$row['vat'] = (double) $row['shopprod_vat'];
$row['vat_decimals'] = dec_num_count($row['vat']);
if ($row['vat_decimals'] < $_tmpl['config']['vat_decimals']) {
$row['vat_decimals'] = $_tmpl['config']['vat_decimals'];
}
if ($row['shopprod_netgross'] == 1) {
// price given is GROSS price, including VAT
}
} else {
// INSERT
$sql = 'INSERT INTO ' . DB_PREPEND . 'phpwcms_glossary (';
$sql .= 'glossary_created, glossary_changed, glossary_title, glossary_tag, ';
$sql .= 'glossary_keyword, glossary_text, glossary_highlight, glossary_object, glossary_status';
$sql .= ') VALUES (';
$sql .= "'" . aporeplace($glossary['data']['glossary_created']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_changed']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_title']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_tag']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_keyword']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_text']) . "', ";
$sql .= aporeplace($glossary['data']['glossary_highlight']) . ', ';
$sql .= "'" . aporeplace(serialize($glossary['data']['glossary_object'])) . "', ";
$sql .= aporeplace($glossary['data']['glossary_status']);
$sql .= ')';
if ($result = @_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(GLOSSARY_HREF));
}
if (!empty($result['INSERT_ID'])) {
$glossary['id'] = $result['INSERT_ID'];
}
} else {
$glossary['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
<?php
/**
* phpwcms content management system
* This script is a module for PHPWCMS Copyright (c) 2002-2013, Oliver Georgi http://www.phpwcms.de
*
* SliderJS Module
* @version v1.3
* @author breitsch - webrealisierung gmbh <*****@*****.**>
* @copyright Copyright (c) 2013, webrealisierung gmbh
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
*
**/
// obligate check for phpwcms constants
if (!defined('PHPWCMS_ROOT')) {
die("You Cannot Access This Script Directly, Have a Nice Day.");
}
// SliderJS module content part SQL UPDATE/INSERT
if (isset($content['br_sliderjs']) && is_array($content['br_sliderjs'])) {
$SQL .= "acontent_form = '" . aporeplace(serialize($content['br_sliderjs'])) . "'";
}
} else {
$_userInfo['channel'] = false;
}
$_userInfo['list'] = array();
// if admin user should be listed
$_userInfo['where_query'] = '';
if ($_userInfo['list_active'] != $_userInfo['list_inactive'] && $_userInfo['list_active']) {
$_userInfo['where_query'] = ' WHERE address_verified=1';
} elseif ($_userInfo['list_active'] != $_userInfo['list_inactive'] && $_userInfo['list_inactive']) {
$_userInfo['where_query'] = ' WHERE address_verified=0';
}
if (isset($_SESSION['filter_subscriber']) && count($_SESSION['filter_subscriber'])) {
$_userInfo['filter_array'] = array();
foreach ($_SESSION['filter_subscriber'] as $_userInfo['filter']) {
//usr_name, usr_login, usr_email
$_userInfo['filter_array'][] = "CONCAT(address_email, address_name) LIKE '%" . aporeplace($_userInfo['filter']) . "%'";
}
if (count($_userInfo['filter_array'])) {
$_userInfo['where_query'] .= $_userInfo['where_query'] ? ' AND ' : ' WHERE ';
$_userInfo['where_query'] .= '(' . implode(' OR ', $_userInfo['filter_array']) . ')';
}
}
// paginating values
$_userInfo['count_total'] = _dbQuery("SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_address" . $_userInfo['where_query'], 'COUNT');
$_userInfo['pages_total'] = ceil($_userInfo['count_total'] / $_SESSION['list_user_count']);
if ($_SESSION['subscriber_page'] > $_userInfo['pages_total']) {
$_SESSION['subscriber_page'] = empty($_userInfo['pages_total']) ? 1 : $_userInfo['pages_total'];
}
?>
<form action="phpwcms.php?do=messages&p=4" method="post" name="paginate" id="paginate"><input type="hidden" name="do_pagination" value="1" />
<table width="100%" border="0" cellpadding="0" cellspacing="0" class="paginate" summary="">
</tr>
</table>
<?php
} else {
// should the edit forum dialog
$forum["id"] = !empty($_GET["s"]) ? intval($_GET["s"]) : 0;
if (isset($_POST["forum_id"])) {
// read the create or edit forum form data
$forum["id"] = intval($_POST["forum_id"]);
$forum["title"] = clean_slweg($_POST["forum_title"]);
if (!$forum["title"]) {
$forum["title"] = "Forum " . date('Y/m/d H:i');
}
$forum["text"] = clean_slweg($_POST["forum_text"]);
$sqla = "forum_title = '" . aporeplace($forum["title"]) . "', ";
$sqla .= "forum_text = '" . aporeplace($forum["text"]) . "'";
if ($forum["id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_forum SET " . $sqla;
$sql .= " WHERE forum_entry=0 AND forum_id=" . $forum["id"];
$sql .= " LIMIT 1";
} else {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_forum SET ";
$sql .= "forum_entry='0', ";
$sql .= "forum_uid='" . $_SESSION["wcs_user_id"] . "', ";
$sql .= "forum_created = '" . time() . "', ";
$sql .= $sqla;
}
// update or insert data entry
mysql_query($sql, $db) or die("error while updating or inserting forum data");
if (!$forum["id"]) {
$forum["id"] = mysql_insert_id($db);
$sql .= "'" . aporeplace($plugin['data']['shopprod_tag']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_vat']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_netgross']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_price']) . "', ";
$sql .= "'" . aporeplace('0') . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_description0']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_description1']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_description2']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_description3']) . "', ";
$sql .= "'" . aporeplace(serialize(array('images' => $plugin['data']['shopprod_images'], 'url' => $plugin['data']['shopprod_url'], 'files' => $plugin['data']['shopprod_files']))) . "', ";
$sql .= "'" . aporeplace(implode(',', $plugin['data']['shopprod_category'])) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_weight']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_size']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_color']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_listall']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['shopprod_lang']) . "', ";
$sql .= $plugin['data']['shopprod_overwrite_meta'] . ', ';
$sql .= $plugin['data']['shopprod_opengraph'];
$sql .= ')';
$result = _dbQuery($sql, 'INSERT');
if (!empty($result['INSERT_ID'])) {
$plugin['data']['shopprod_id'] = $result['INSERT_ID'];
}
}
// save and back to listing mode
if (isset($_POST['save'])) {
headerRedirect(shop_url('controller=prod', ''));
} else {
headerRedirect(shop_url(array('controller=prod', 'edit=' . $plugin['data']['shopprod_id']), ''));
}
}
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_address ';
$sql .= 'SET address_verified=1 ';
$sql .= "WHERE address_key='" . aporeplace($hash) . "'";
if (empty($data[0]['address_verified'])) {
$result = _dbQuery($sql, 'UPDATE');
}
if (!empty($data[0]['address_url1'])) {
headerRedirect($data[0]['address_url1']);
}
if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/subscribe.tmpl'))) {
$page = "The email address <strong>{EMAIL}</strong> was verified.";
}
break;
case 'unsubscribe':
$sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_key='" . aporeplace($hash) . "'";
$result = _dbQuery($sql, 'DELETE');
if (!empty($data[0]['address_url2'])) {
headerRedirect($data[0]['address_url2']);
}
if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/unsubscribe.tmpl'))) {
$page = "All Subscriptions for <strong>{EMAIL}</strong> canceled.";
}
break;
}
} else {
headerRedirect(PHPWCMS_URL);
}
} else {
headerRedirect(PHPWCMS_URL);
}
$sql .= "\tadcampaign_maxview, adcampaign_maxclick, adcampaign_maxviewuser, ";
$sql .= "\tadcampaign_type, adcampaign_place, adcampaign_data";
$sql .= ') VALUES (';
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_created']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_changed']) . "', ";
$sql .= $plugin['data']['adcampaign_status'] . ", ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_title']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_comment']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_datestart']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_dateend']) . "', ";
$sql .= $plugin['data']['adcampaign_maxview'] . ", ";
$sql .= $plugin['data']['adcampaign_maxclick'] . ", ";
$sql .= $plugin['data']['adcampaign_maxviewuser'] . ", ";
$sql .= $plugin['data']['adcampaign_type'] . ", ";
$sql .= $plugin['data']['adcampaign_place'] . ", ";
$sql .= "\t'" . aporeplace(serialize($plugin['data']['adcampaign_data'])) . "'";
$sql .= ')';
if ($plugin_new_id = @_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&listcampaign=1');
} elseif (!empty($plugin_new_id['INSERT_ID'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&campaign=1&edit=' . $plugin_new_id['INSERT_ID']);
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$file_error["keywords"][$key] = 1;
}
}
}
//if(isEmpty($file_shortinfo)) $file_error["shortinfo"] = 1;
if (empty($file_name)) {
$file_error["name"] = 1;
} else {
//Wenn Dateiname keine Erweiterung hat, dann Extension anhängen
if (trim(strtolower(FileExtension($file_name))) != trim($file_ext)) {
$file_name .= "." . $file_ext;
}
}
//Eintragen der aktualisierten Verzeichnisinfos
if (!isset($file_error)) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . "f_name='" . aporeplace($file_name) . "', " . "f_pid=" . $file_pid . ", " . "f_aktiv=" . $file_aktiv . ", " . "f_public=" . $file_public . ", " . "f_shortinfo='" . aporeplace($file_shortinfo) . "', " . "f_longinfo='" . aporeplace($file_longinfo) . "', " . "f_keywords='" . $file_keys . "', " . "f_created='" . time() . "', " . "f_copyright='" . aporeplace($file_copyright) . "', " . "f_tags='" . aporeplace($file_tags) . "', " . "f_granted=" . $file_granted . ", " . "f_gallerystatus=" . $file_gallerydownload . ", " . (isset($file_vars) ? 'f_vars=' . _dbEscape(serialize($file_vars)) . ',' : '') . "f_sort=" . $file_sort . " " . "WHERE f_kid=1 AND f_id=" . $file_id;
if (empty($_SESSION["wcs_user_admin"])) {
$sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]);
}
if ($result = mysql_query($sql, $db)) {
// store tags
_dbSaveCategories($file_tags, 'file', $file_id, ',');
//headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0");
} else {
$file_error["save_failed"] = 1;
}
}
}
//Ende Auswerten Formular
//Wenn ID angegeben, dann -> oder aber Root Verzeichnis
if ($file_id) {
switch ($dir_gallery) {
case 2:
case 3:
break;
default:
$dir_gallery = 0;
}
if ($dir_id == $dir_pid) {
$dir_error += 2;
}
if (empty($dir_newname)) {
$dir_error += 1;
}
//Eintragen der aktualisierten Verzeichnisinfos
if (empty($dir_error)) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET " . 'f_pid=' . $dir_pid . ', ' . "f_name='" . aporeplace($dir_newname) . "', " . "f_aktiv=" . $dir_aktiv . ", " . "f_public=" . $dir_public . ", " . "f_longinfo='" . aporeplace($dir_longinfo) . "', " . "f_created='" . time() . "', " . "f_gallerystatus=" . $dir_gallery . ", " . 'f_sort=' . $dir_sort . ' ' . "WHERE f_kid=0 AND f_id=" . $dir_id;
if (empty($_SESSION["wcs_user_admin"])) {
$sql .= " AND f_uid=" . intval($_SESSION["wcs_user_id"]);
}
if ($result = mysql_query($sql, $db)) {
//headerRedirect(PHPWCMS_URL."phpwcms.php?do=files&f=0");
}
}
} else {
//Editieren des Verzeichnisses
$dir_id = empty($_GET["editdir"]) ? 0 : intval($_GET["editdir"]);
}
//Ende Auswerten Formular
//Wenn ID angegeben, dann -> oder aber Root Verzeichnis
if ($dir_id) {
$sql = "SELECT f_id, f_name, f_aktiv, f_public, f_longinfo, f_gallerystatus, f_sort, f_pid FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $dir_id;
if (isset($_POST["keyword_aktion"]) && intval($_POST["keyword_aktion"])) {
// show form for editing keywords
$keyword["name"] = clean_slweg($_POST["keyword_name"], 250);
$keyword["id"] = intval($_POST["keyword_id"]);
$keyword["name"] = str_replace(';', ' ', $keyword["name"]);
$keyword["name"] = str_replace(',', ' ', $keyword["name"]);
$keyword["name"] = preg_replace('/\\s{1,}/', ' ', $keyword["name"]);
if (empty($keyword["name"])) {
$keyword["error"] = 1;
} else {
if (!$keyword["id"]) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name = '" . aporeplace($keyword["name"]) . "'";
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_keyword SET ";
$sql .= "keyword_name='" . aporeplace($keyword["name"]);
$sql .= "' WHERE keyword_id=" . $keyword["id"];
}
if ($result = mysql_query($sql, $db) or die("error while inserting/updating keyword")) {
if (!$keyword["id"]) {
$keyword["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . "phpwcms.php?do=admin&p=5");
}
}
}
?>
<form action="phpwcms.php?do=admin&p=5&keyid=<?php
echo $keyword["id"];
?>
" method="post" name="keywords">
