$gpname = gpid2gpname($gpid);
$error_string = "Fail to make public group `{$gpname}` on your phonebook";
$db_query = "INSERT INTO playsms_tblUserGroupPhonebook_public (gpid,uid) VALUES ('{$gpid}','{$uid}')";
$db_result = @dba_insert_id($db_query);
if ($db_result > 0) {
$error_string = "Group `{$gpname}` has been published for public view";
}
}
header("Location: fr_right.php?err=" . urlencode($error_string));
die;
break;
case "hide_from_public":
$pp = $_GET['pp'];
$gpid = $_GET['gpid'];
if ($gpid) {
$gpname = gpid2gpname($gpid);
$error_string = "Fail to hide public group `{$gpname}`";
$db_query = "DELETE FROM playsms_tblUserGroupPhonebook_public WHERE gpid='{$gpid}' AND uid='{$uid}'";
$db_result = @dba_affected_rows($db_query);
if ($db_result > 0) {
$error_string = "Group `{$gpname}` has been removed from public view";
}
}
if ($pp == 1) {
header("Location: menu.php?inc=phonebook_public");
} else {
header("Location: fr_right.php?err=" . urlencode($error_string));
}
die;
break;
}
<?php
if (!defined('_SECURE_')) {
die('Intruder alert');
}
$gpid = $_REQUEST['gpid'];
switch ($op) {
case "edit":
if ($err) {
$content = "<div class=error_string>{$err}</div>";
}
$content .= "\n\t <h2>" . _('Edit group') . "</h2>\n\t <p>\n\t <form action=index.php?app=menu&inc=tools_simplephonebook&route=dir_edit&op=edit_yes&gpid={$gpid} method=POST>\n\t<table width=100% cellpadding=1 cellspacing=2 border=0>\n\t <tr>\n\t\t<td width=75>" . _('Group name') . "</td><td width=5>:</td><td><input type=text name=dir_name value=\"" . gpid2gpname($gpid) . "\" size=50></td>\n\t </tr>\n\t <tr>\n\t\t<td>" . _('Group code') . "</td><td>:</td><td><input type=text name=dir_code value=\"" . phonebook_groupid2code($gpid) . "\" size=10> (" . _('please use uppercase and make it short') . ")</td>\n\t </tr>\t \n\t</table>\n\t <p>" . _('Note') . ": " . _('Group code used by keyword') . " BC (" . _('broadcast SMS from single SMS') . ")\n\t <p><input type=submit class=button value=\"" . _('Save') . "\"> \n\t </form>\n\t";
echo $content;
break;
case "edit_yes":
$dir_name = $_POST['dir_name'];
$dir_code = strtoupper(trim($_POST['dir_code']));
if ($dir_name && $dir_code) {
$db_query = "SELECT gp_code FROM " . _DB_PREF_ . "_toolsSimplephonebook_group WHERE uid='{$uid}' AND gp_code='{$dir_code}' AND NOT gpid='{$gpid}'";
$db_result = dba_query($db_query);
if ($db_row = dba_fetch_array($db_result)) {
header("Location: index.php?app=menu&inc=phonebook_list&err=" . urlencode(_('No changes has been made')));
die;
} else {
$db_query = "UPDATE " . _DB_PREF_ . "_toolsSimplephonebook_group SET c_timestamp='" . mktime() . "',gp_name='{$dir_name}',gp_code='{$dir_code}' WHERE uid='{$uid}' AND gpid='{$gpid}'";
$db_result = dba_query($db_query);
header("Location: index.php?app=menu&inc=phonebook_list&err=" . urlencode(_('Group has been edited') . " (" . _('group') . ": `{$dir_name}`, " . _('code') . " `{$dir_code}`)"));
die;
}
}
header("Location: index.php?app=menu&inc=tools_simplephonebook&route=dir_edit&op=edit&gpid={$gpid}&err=" . urlencode(_('You must fill all field')));
<?php
if (!defined("_SECURE_")) {
die("Intruder: IP " . $_SERVER['REMOTE_ADDR']);
}
$op = $_GET[op];
$gpid = $_GET[gpid];
switch ($op) {
case "edit":
if ($err) {
$content = "<p><font color=red>{$err}</font><p>";
}
$content .= "\n\t <h2>Edit group</h2>\n\t <p>\n\t <form action=menu.php?inc=dir_edit&op=edit_yes&gpid={$gpid} method=POST>\n\t <p>Group Name: <input type=text name=dir_name value=\"" . gpid2gpname($gpid) . "\" size=50>\n\t <p>Group Code: <input type=text name=dir_code value=\"" . gpid2gpcode($gpid) . "\" size=10> (please use uppercase and make it short)\n\t <p>Note: Group Code used by code BC (broadcast SMS from single SMS)\n\t <p><input type=submit class=button value=\"Save\"> \n\t </form>\n\t";
echo $content;
break;
case "edit_yes":
$dir_name = $_POST[dir_name];
$dir_code = strtoupper(trim($_POST[dir_code]));
if ($dir_name && $dir_code) {
$db_query = "SELECT gp_code FROM playsms_tblUserGroupPhonebook WHERE uid='{$uid}' AND gp_code='{$dir_code}' AND NOT gpid='{$gpid}'";
$db_result = dba_query($db_query);
if ($db_row = dba_fetch_array($db_result)) {
header("Location: fr_right.php?err=" . urlencode("No changes has been made on group `{$dir_name}` code `{$dir_code}`"));
die;
} else {
$db_query = "UPDATE playsms_tblUserGroupPhonebook SET gp_name='{$dir_name}',gp_code='{$dir_code}' WHERE uid='{$uid}' AND gpid='{$gpid}'";
$db_result = dba_query($db_query);
header("Location: fr_right.php?err=" . urlencode("Group `{$dir_name}` with code `{$dir_code}` has been edited"));
die;
}
}
