function transformKeywords($table, $tagtable)
{
    global $db;
    $data = $db->fetch("SELECT id, keywords FROM " . $table . " WHERE keywords!=''");
    foreach ($data as $res) {
        $tagids = produceTagIds($res['keywords']);
        foreach ($tagids as $tagid) {
            $db->query("\n\t\t\t\tINSERT IGNORE INTO " . $tagtable . "\n\t\t\t\tVALUES ('" . $res['id'] . "', '" . $tagid . "')\n\t\t\t");
        }
    }
    $db->query("\n\t\tALTER TABLE `" . $table . "`\n\t  DROP `keywords`\n\t");
}
Example #2
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     if ($_POST['send']) {
         //Mindestens zwei Felder belegt?
         for ($i = 1; $i <= 20; $i++) {
             if ($_POST['a' . $i]) {
                 ++$ac;
             }
             if ($ac == 2) {
                 break;
             }
         }
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['question'] || !$_POST['days'] || $ac < 2) {
             infoNotComplete();
         } else {
             for ($i = 1; $i <= 20; $i++) {
                 if ($_POST['a' . $i] && $_POST['color' . $i]) {
                     $qcache[] = array($_POST['a' . $i], $_POST['color' . $i], $_POST['a' . $i . '_c']);
                 }
             }
             for ($i = 1; $i <= 20; $i++) {
                 $_POST['a' . $i] = $qcache[$i - 1][0];
                 $_POST['color' . $i] = $qcache[$i - 1][1];
                 $_POST['a' . $i . '_c'] = $qcache[$i - 1][2];
             }
             $_POST['secid'] = serialize_section($_POST['secid']);
             //Veröffentlichung
             if ($apx->user->has_right('poll.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfields = ',starttime,endtime';
                 }
             }
             $db->dupdate(PRE . '_poll', 'secid,question,meta_description,a1,a2,a3,a4,a5,a6,a7,a8,a9,a10,a11,a12,a13,a14,a15,a16,a17,a18,a19,a20,color1,color2,color3,color4,color5,color6,color7,color8,color9,color10,color11,color12,color13,color14,color15,color16,color17,color18,color19,color20,a1_c,a2_c,a3_c,a4_c,a5_c,a6_c,a7_c,a8_c,a9_c,a10_c,a11_c,a12_c,a13_c,a14_c,a15_c,a16_c,a17_c,a18_c,a19_c,a20_c,days,multiple,searchable,allowcoms' . $addfields, "WHERE ( id='" . $_REQUEST['id'] . "' ) LIMIT 1");
             logit('POLL_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_poll_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_poll_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('poll.show'));
         }
     } else {
         $res = $db->first("SELECT * FROM " . PRE . "_poll WHERE ( id='" . $_REQUEST['id'] . "' ) LIMIT 1");
         foreach ($res as $key => $val) {
             $_POST[$key] = $val;
         }
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         //Sektionen auflisten
         if (is_array($apx->sections) && count($apx->sections)) {
             $seclist = '<option value="all" style="font-weight:bold;"' . iif(in_array('all', $_POST['secid']), ' selected="selected"') . '>' . $apx->lang->get('ALLSEC') . '</option>';
             foreach ($apx->sections as $id => $info) {
                 $seclist .= '<option value="' . $id . '"' . iif(in_array($id, $_POST['secid']), ' selected="selected"') . '>' . replace($info['title']) . '</option>';
             }
         }
         //Antwortmöglichkeiten
         for ($i = 1; $i <= 20; $i++) {
             if ($i > 1 && !$_POST['a' . $i]) {
                 continue;
             }
             $answerdata[$i]['TEXT'] = compatible_hsc($_POST['a' . $i]);
             $answerdata[$i]['VOTES'] = intval($_POST['a' . $i . '_c']);
             $answerdata[$i]['COLOR'] = iif($_POST['color' . $i], $_POST['color' . $i], $this->colors[0]);
             $answerdata[$i]['DISPLAY'] = 1;
         }
         //Felder auffüllen
         while (count($answerdata) < 20) {
             $answerdata[] = array('COLOR' => $this->colors[0]);
         }
         //Veröffentlichung
         if ($apx->user->has_right('poll.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Farben
         foreach ($this->colors as $color) {
             $colordata[]['ID'] = $color;
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_poll_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('COLOR', $colordata);
         $apx->tmpl->assign('ANSWER', $answerdata);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('SECLIST', $seclist);
         $apx->tmpl->assign('QUESTION', compatible_hsc($_POST['question']));
         $apx->tmpl->assign('DAYS', intval($_POST['days']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('MULTIPLE', (int) $_POST['multiple']);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->parse('edit');
     }
 }
Example #3
0
 function edit_book($info)
 {
     global $set, $db, $apx;
     $thistype = 'book';
     //Aktualisieren
     if ($_POST['send'] == 2) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['text']) {
             infoNotComplete();
         } elseif (!$this->update_pic()) {
             /*DO NOTHING*/
         } elseif (!$this->update_teaserpic()) {
             /*DO NOTHING*/
         } else {
             //Website-URLs clean
             if (substr($_POST['website'], 0, 4) == 'www.') {
                 $_POST['website'] = 'http://' . $_POST['website'];
             }
             $_POST['picture'] = $this->picpath;
             $_POST['teaserpic'] = $this->teaserpicpath;
             $_POST['media'] = dash_serialize(array_map('intval', $_POST['media']));
             $db->dupdate(PRE . '_products', 'prodid,title,text,meta_description,picture,teaserpic,website,manufacturer,publisher,isbn,genre,media,custom1,custom2,custom3,custom4,custom5,custom6,custom7,custom8,custom9,custom10,buylink,price,recprice,guarantee,allowcoms,allowrating,restricted,top,searchable', "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             logit('PRODUCTS_EDIT', 'ID #' . $_REQUEST['id']);
             //Release eintragen
             $db->query("DELETE FROM " . PRE . "_products_releases WHERE prodid='" . $_REQUEST['id'] . "'");
             for ($i = 1; $i <= 10; $i++) {
                 if (!isset($_POST['release'][$i])) {
                     continue;
                 }
                 $element = $_POST['release'][$i];
                 if ($element['year']) {
                     list($reldata, $relstamp, $relsystem) = $this->generate_release($element);
                     $db->query("INSERT INTO " . PRE . "_products_releases (prodid,system,data,stamp) VALUES ('" . $_REQUEST['id'] . "','" . $relsystem . "','" . addslashes(serialize($reldata)) . "','" . $relstamp . "')");
                 }
             }
             //Tags
             $db->query("DELETE FROM " . PRE . "_products_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_products_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('products.show'));
         }
     } else {
         //Variablen freigeben
         foreach ($info as $key => $value) {
             $_POST[$key] = $value;
         }
         //Media
         $_POST['media'] = dash_unserialize($info['media']);
         if (!is_array($_POST['media'])) {
             $_POST['media'] = array();
         }
         //Releases auslesen
         $_POST['release'] = array();
         $data = $db->fetch("SELECT system,data FROM " . PRE . "_products_releases WHERE prodid='" . $_REQUEST['id'] . "' ORDER BY ord ASC");
         if (count($data)) {
             $ri = 1;
             foreach ($data as $res) {
                 $res['data'] = unserialize($res['data']);
                 if (is_array($res['data'])) {
                     $_POST['release'][$ri] = $res['data'];
                     $_POST['release'][$ri]['system'] = $res['system'];
                     ++$ri;
                 }
             }
         }
         //Benutzerdefinierte Felder
         for ($i = 1; $i <= 10; $i++) {
             $fieldname = $set['products']['custom_' . $thistype][$i - 1];
             $apx->tmpl->assign('CUSFIELD' . $i . '_NAME', replace($fieldname));
             $apx->tmpl->assign('CUSTOM' . $i, compatible_hsc($_POST['custom' . $i]));
         }
         //Bild
         $picture = '';
         if ($info['picture']) {
             $picturepath = $info['picture'];
             $poppicpath = str_replace('-thumb.', '.', $picturepath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $picture = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $picture = '../' . getpath('uploads') . $picturepath;
             }
         }
         //Bild
         $teaserpic = '';
         if ($info['teaserpic']) {
             $teaserpicpath = $info['teaserpic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_products_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('PRODID', intval($_POST['prodid']));
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('PICTURE', $picture);
         $apx->tmpl->assign('TEASERPIC', $teaserpic);
         $apx->tmpl->assign('PIC_COPY', compatible_hsc($_POST['pic_copy']));
         $apx->tmpl->assign('TEASERPIC_COPY', compatible_hsc($_POST['teaserpic_copy']));
         $apx->tmpl->assign('WEBSITE', compatible_hsc($_POST['website']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('MANUFACTURER', $this->get_units($_POST['manufacturer'], iif($set['products']['filtermanu'], 'person')));
         $apx->tmpl->assign('PUBLISHER', $this->get_units($_POST['publisher'], iif($set['products']['filtermanu'], 'company')));
         $apx->tmpl->assign('ISBN', compatible_hsc($_POST['isbn']));
         $apx->tmpl->assign('GENRELIST', $this->get_genre($thistype, $_POST['genre']));
         $apx->tmpl->assign('MEDIALIST', $this->get_media($thistype, $_POST['media']));
         $apx->tmpl->assign('RELEASE', $this->get_release($thistype));
         $apx->tmpl->assign('BUYLINK', compatible_hsc($_POST['buylink']));
         $apx->tmpl->assign('PRICE', compatible_hsc($_POST['price']));
         $apx->tmpl->assign('RECPRICE', compatible_hsc($_POST['recprice']));
         $apx->tmpl->assign('GUARANTEE', compatible_hsc($_POST['guarantee']));
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->parse('add_edit_' . $thistype);
     }
 }
Example #4
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     if ($_POST['send'] == 1) {
         list($source) = $db->first("SELECT source FROM " . PRE . "_videos WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['catid'] || !$_POST['text']) {
             infoNotComplete();
         } elseif ($source == 'apexx' && !$_POST['select_flv']) {
             infoNotComplete();
         } elseif ($source != 'apexx' && $_POST['embed_url'] && !($extInfo = $this->getEmbedVideo($_POST['embed_url']))) {
             info($apx->lang->get('INFO_EMBED_NOTFOUND'));
         } elseif ($source == 'apexx' && !file_exists(BASEDIR . getpath('uploads') . $_POST['select_flv'])) {
             info($apx->lang->get('INFO_NOTEXISTS', array('FILE' => $_POST['select_flv'])));
         } elseif ($source == 'apexx' && $_POST['select_file'] && !file_exists(BASEDIR . getpath('uploads') . $_POST['select_file'])) {
             info($apx->lang->get('INFO_NOTEXISTS', array('FILE' => $_POST['select_file'])));
         } elseif ($source == 'external' && (!$_POST['external_flv'] || $_POST['external_file'] && !$_POST['external_filesize'])) {
             infoNotComplete();
         } elseif (!$this->category_is_open($_POST['catid'])) {
             die('you are not allowed to add videos to this category!');
         } elseif (!$this->update_teaserpic()) {
             /*DO NOTHING*/
         } else {
             $addfield = '';
             //Veröffentlichung
             if ($apx->user->has_right('videos.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfield .= ',starttime,endtime';
                 }
             }
             $_POST['secid'] = serialize_section($_POST['secid']);
             $_POST['teaserpic'] = $this->teaserpicpath;
             $_POST['regonly'] = 0;
             $_POST['limit'] = 0;
             $_POST['filesize'] = 0;
             $_POST['password'] = '';
             //Autor
             if ($apx->user->has_spright('videos.edit') && $_POST['userid']) {
                 $_POST['userid'] = $_POST['userid'];
                 $addfield .= ',userid';
             }
             //Auswahl
             if ($source == 'apexx') {
                 $_POST['source'] = 'apexx';
                 $_POST['flvfile'] = $_POST['select_flv'];
                 $_POST['file'] = $_POST['select_file'];
                 $addfield .= ',file,flvfile,source';
                 //Download-Optionen
                 if ($_POST['select_file']) {
                     $_POST['regonly'] = (int) $_POST['select_regonly'];
                     $_POST['limit'] = (int) $_POST['select_limit'];
                     $_POST['password'] = $_POST['select_password'];
                 }
             } elseif ($source == 'external') {
                 $_POST['source'] = 'external';
                 $_POST['flvfile'] = $_POST['external_flv'];
                 $_POST['file'] = $_POST['external_file'];
                 $_POST['status'] = 'finished';
                 //Download-Optionen
                 if ($_POST['external_file']) {
                     $_POST['regonly'] = (int) $_POST['external_regonly'];
                     $_POST['limit'] = (int) $_POST['external_limit'];
                     $_POST['password'] = $_POST['external_password'];
                     if ($_POST['external_filesize_format'] == 'kb') {
                         $_POST['filesize'] = (int) 1024 * (double) str_replace(',', '.', $_POST['external_filesize']);
                     } elseif ($_POST['external_filesize_format'] == 'mb') {
                         $_POST['filesize'] = (int) 1024 * 1024 * (double) str_replace(',', '.', $_POST['external_filesize']);
                     } elseif ($_POST['external_filesize_format'] == 'gb') {
                         $_POST['filesize'] = (int) 1024 * 1024 * 1024 * (double) str_replace(',', '.', $_POST['external_filesize']);
                     } else {
                         $_POST['filesize'] = $_POST['external_filesize'];
                     }
                 }
                 $addfield .= ',file,flvfile,source';
             } elseif ($_POST['embed_url']) {
                 $_POST['source'] = $extInfo['source'];
                 $_POST['flvfile'] = $extInfo['identifier'];
                 $_POST['file'] = '';
                 $addfield .= ',file,flvfile,source';
             }
             $db->dupdate(PRE . '_videos', 'secid,prodid,catid,title,text,meta_description,teaserpic,filesize,password,limit,top,regonly,searchable,allowcoms,allowrating,restricted' . $addfield, "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             logit('VIDEOS_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_videos_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_videos_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('videos.show'));
         }
     } else {
         require BASEDIR . getmodulepath('videos') . 'plattforms.php';
         $res = $db->first("SELECT * FROM " . PRE . "_videos WHERE id='" . $_REQUEST['id'] . "' LIMIT 1", 1);
         foreach ($res as $key => $val) {
             $_POST[$key] = $val;
         }
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Autor
         if (!$res['userid']) {
             $_POST['userid'] = 'send';
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         mediamanager('videos');
         //Autor
         if ($apx->user->has_spright('videos.edit')) {
             $apx->tmpl->assign('USERLIST', $this->get_userlist());
         }
         //Teaserpic
         $teaserpic = '';
         if ($_POST['teaserpic']) {
             $teaserpicpath = $_POST['teaserpic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Veröffentlichung
         if ($apx->user->has_right('videos.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_videos_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('PRODID', $_POST['prodid']);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('TEASERPIC', $teaserpic);
         $apx->tmpl->assign('PIC_COPY', compatible_hsc($_POST['pic_copy']));
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('PUBNOW', (int) $_POST['pubnow']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('CAN_CONVERT', $set['videos']['ffmpeg'] && $set['videos']['flvtool2']);
         $apx->tmpl->assign('SOURCE', compatible_hsc($_POST['source']));
         $apx->tmpl->assign('SOURCE_NAME', compatible_hsc($plattforms[$_POST['source']][4]));
         $apx->tmpl->assign('FLVFILE', compatible_hsc($_POST['flvfile']));
         $apx->tmpl->assign('FILE', compatible_hsc($_POST['file']));
         if ($_POST['source'] == 'apexx' && $_POST['file']) {
             $apx->tmpl->assign('PASSWORD', compatible_hsc($_POST['password']));
             $apx->tmpl->assign('REGONLY', $_POST['regonly']);
             $apx->tmpl->assign('LIMIT', $_POST['limit']);
         } elseif ($_POST['source'] == 'external' && $_POST['file']) {
             $apx->tmpl->assign('PASSWORD', compatible_hsc($_POST['password']));
             $apx->tmpl->assign('REGONLY', $_POST['regonly']);
             $apx->tmpl->assign('LIMIT', $_POST['limit']);
             $apx->tmpl->assign('FILESIZE', compatible_hsc($_POST['filesize']));
             $apx->tmpl->assign('FILESIZE_FORMAT', $_POST['filesize_format']);
         }
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->parse('add_edit');
     }
 }
Example #5
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     //News aktualisieren
     if ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['catid'] || !$_POST['text']) {
             infoNotComplete();
         } elseif ($_POST['catid'] != 'newcat' && !$this->category_is_open($_POST['catid'])) {
             die('you are not allowed to add news to this category!');
         } elseif (!$this->update_newspic()) {
             /*DO NOTHING*/
         } else {
             //Links
             for ($i = 1; $i <= 40; $i++) {
                 if (!$_POST['link' . $i . '_title'] || !$_POST['link' . $i . '_text'] || !$_POST['link' . $i . '_url']) {
                     continue;
                 }
                 $links[] = array('title' => $_POST['link' . $i . '_title'], 'text' => $_POST['link' . $i . '_text'], 'url' => $_POST['link' . $i . '_url'], 'popup' => intval($_POST['link' . $i . '_popup']));
             }
             //Veröffentlichung
             if ($apx->user->has_right('news.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfields = ',starttime,endtime';
                 }
             }
             //Sticky Ende
             if ($_POST['sticky'] && ($stickyend = maketime(3)) != 0) {
                 $_POST['sticky'] = $stickyend;
             } elseif ($_POST['sticky']) {
                 $_POST['sticky'] = 3000000000;
             }
             //Autor
             if ($apx->user->has_spright('news.edit') && $_POST['userid']) {
                 if ($_POST['userid'] == 'send') {
                     $_POST['userid'] = 0;
                 } else {
                     $_POST['userid'] = $_POST['userid'];
                 }
                 $addfields .= ',userid';
             }
             $_POST['secid'] = serialize_section($_POST['secid']);
             $_POST['links'] = serialize($links);
             $_POST['newspic'] = $this->newspicpath;
             $db->dupdate(PRE . '_news', 'secid,prodid,catid,title,subtitle,newspic,teaser,text,meta_description,galid,links,top,sticky,searchable,restricted,allowcoms,allowrating' . $addfields, "WHERE ( id='" . $_REQUEST['id'] . "' " . iif(!$apx->user->has_spright('news.edit'), " AND userid='" . $apx->user->info['userid'] . "'") . " )");
             logit('NEWS_EDIT', "ID #" . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_news_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_news_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             if ($_POST['catid'] == 'newcat' && $apx->user->has_right('news.catadd')) {
                 printJSRedirect('action.php?action=news.catadd&addid=' . $_REQUEST['id']);
             } else {
                 printJSRedirect(get_index('news.show'));
             }
         }
     } else {
         $res = $db->first("SELECT secid,prodid,userid,send_username,send_email,catid,newspic,title,subtitle,teaser,text,meta_description,galid,links,top,sticky,searchable,restricted,allowcoms,allowrating,starttime,endtime FROM " . PRE . "_news WHERE ( id='" . $_REQUEST['id'] . "' " . iif(!$apx->user->has_spright('news.edit'), " AND userid='" . $apx->user->info['userid'] . "'") . " ) LIMIT 1", 1);
         //Umsetzung zu POST
         foreach ($res as $key => $val) {
             if ($key == 'links') {
                 continue;
             }
             $_POST[$key] = $val;
         }
         //Keine Benutzer-ID gesetzt => Eingesendete News
         if (!$res['userid']) {
             $_POST['userid'] = 'send';
         }
         //Links umformen
         $_POST['link1_popup'] = 1;
         $links = unserialize($res['links']);
         if (is_array($links) && count($links)) {
             foreach ($links as $link) {
                 ++$i;
                 $_POST['link' . $i . '_title'] = $link['title'];
                 $_POST['link' . $i . '_text'] = $link['text'];
                 $_POST['link' . $i . '_url'] = $link['url'];
                 $_POST['link' . $i . '_popup'] = $link['popup'];
             }
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         //Sticky Ende
         if ($res['sticky'] < 2147483647) {
             maketimepost(3, $res['sticky']);
         }
         $_POST['secid'] = unserialize_section($_POST['secid']);
         mediamanager('news');
         //Normale Links
         if (!$_POST['link1_title']) {
             $_POST['link1_title'] = $apx->lang->get('LLINK');
         }
         for ($i = 1; $i <= 40; $i++) {
             if ($i > 1 && (!$_POST['link' . $i . '_title'] || $_POST['link' . $i . '_title'] == $apx->lang->get('LLINK')) && !$_POST['link' . $i . '_text'] && !$_POST['link' . $i . '_url']) {
                 continue;
             }
             $linklist[] = array('TITLE' => compatible_hsc($_POST['link' . $i . '_title']), 'TEXT' => compatible_hsc($_POST['link' . $i . '_text']), 'URL' => compatible_hsc($_POST['link' . $i . '_url']), 'POPUP' => (int) $_POST['link' . $i . '_popup'], 'DISPLAY' => 1);
         }
         while (count($linklist) < 40) {
             $linklist[] = array('TITLE' => $apx->lang->get('LLINK'), 'POPUP' => 1);
         }
         //Veröffentlichung
         if ($apx->user->has_right('news.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Einsende-User beachten
         $send = $db->first("SELECT send_username,send_email FROM " . PRE . "_news WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         if ($send['send_username']) {
             $usersend = '<option value="send"' . iif($_POST['userid'] == 'send', ' selected="selected"') . '>' . $apx->lang->get('GUEST') . ': ' . $send['send_username'] . iif($send['send_email'], ' (' . $send['send_email'] . ')') . '</option>';
         }
         //Newspic
         $teaserpic = '';
         if ($_POST['newspic']) {
             $teaserpicpath = $_POST['newspic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_news_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('PRODID', $_POST['prodid']);
         $apx->tmpl->assign('USER_SEND', $usersend);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('GALID', $_POST['galid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('SUBTITLE', compatible_hsc($_POST['subtitle']));
         $apx->tmpl->assign('TEASER', compatible_hsc($_POST['teaser']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('NEWSPIC', $teaserpic);
         $apx->tmpl->assign('PIC_COPY', compatible_hsc($_POST['pic_copy']));
         $apx->tmpl->assign('LINK', $linklist);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('STICKY', (int) $_POST['sticky']);
         $apx->tmpl->assign('STICKYTIME', choosetime(3, 1, maketime(3)));
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->parse('edit');
     }
 }
Example #6
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     if ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['catid'] || !$_POST['text']) {
             infoNotComplete();
         } else {
             $db->dupdate(PRE . '_glossar', 'catid,title,spelling,text,meta_description,searchable,allowcoms,allowrating', "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             $nid = $db->insert_id();
             logit('GLOSSAR_ADD', 'ID #' . $nid);
             //Inlinescreens
             mediamanager_setinline($nid);
             //Tags
             $db->query("DELETE FROM " . PRE . "_glossar_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_glossar_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('glossar.show'));
         }
     } else {
         $res = $db->first("SELECT * FROM " . PRE . "_glossar WHERE id='" . $_REQUEST['id'] . "' LIMIT 1", 1);
         foreach ($res as $key => $value) {
             $_POST[$key] = $value;
         }
         mediamanager('glossar');
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_glossar_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('CATLIST', $this->get_catlist($_POST['catid']));
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('SPELLING', compatible_hsc($_POST['spelling']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->parse('add_edit');
     }
 }
Example #7
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     //Anfrage abesenden
     if ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['url'] || !$_POST['catid'] || !$_POST['text']) {
             infoNotComplete();
         } elseif (!$this->update_linkpic()) {
             /*DO NOTHING*/
         } else {
             $_POST['secid'] = serialize_section($_POST['secid']);
             $_POST['linkpic'] = $this->linkpicpath;
             //Autor
             if ($apx->user->has_spright('links.edit') && $_POST['userid']) {
                 if ($_POST['userid'] == 'send') {
                     $_POST['userid'] = 0;
                 } else {
                     $_POST['userid'] = $_POST['userid'];
                 }
                 $addfields .= ',userid';
             }
             //Veröffentlichung
             if ($apx->user->has_right('links.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfields .= ',starttime,endtime';
                 }
             }
             $db->dupdate(PRE . '_links', 'secid,catid,userid,title,url,linkpic,text,meta_description,galid,searchable,restricted,allowcoms,allowrating,top' . $addfield, "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             logit('LINKS_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_links_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_links_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             if ($_POST['catid'] == 'newcat' && $apx->user->has_right('links.catadd')) {
                 return printJSRedirect('action.php?action=links.catadd&addid=' . $_REQUEST['id']);
             } else {
                 printJSRedirect(get_index('links.show'));
             }
         }
     } else {
         $res = $db->first("SELECT * FROM " . PRE . "_links WHERE id='" . $_REQUEST['id'] . "' LIMIT 1", 1);
         foreach ($res as $key => $val) {
             $_POST[$key] = $val;
         }
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Keine Benutzer-ID gesetzt => Eingesendeter Link
         if (!$res['userid']) {
             $_POST['userid'] = 'send';
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         mediamanager('links');
         //Veröffentlichung
         if ($apx->user->has_right('links.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Einsende-User beachten
         $send = $db->first("SELECT send_username,send_email FROM " . PRE . "_links WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         if ($send['send_username']) {
             $usersend = '<option value="send"' . iif($_POST['userid'] == 'send', ' selected="selected"') . '>' . $apx->lang->get('GUEST') . ': ' . $send['send_username'] . iif($send['send_email'], ' (' . $send['send_email'] . ')') . '</option>';
         }
         //Bild
         $teaserpic = '';
         if ($_POST['linkpic']) {
             $teaserpicpath = $_POST['linkpic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_links_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('USER_SEND', $usersend);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('GALID', $_POST['galid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('URL', compatible_hsc($_POST['url']));
         $apx->tmpl->assign('LINKPIC', $teaserpic);
         $apx->tmpl->assign('PIC_COPY', compatible_hsc($_POST['pic_copy']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->parse('add_edit');
     }
 }
Example #8
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!in_array($_REQUEST['pageid'], array('new', 'conclusion', 'pics'))) {
         $_REQUEST['pageid'] = (int) $_REQUEST['pageid'];
     }
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Artikelseiten
     if ($_REQUEST['pageid']) {
         $this->pagecontent();
         return;
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     //Artikel aktualisieren
     if ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title'] || !$_POST['catid']) {
             infoNotComplete();
         } elseif ($_POST['catid'] != 'newcat' && !$this->category_is_open($_POST['catid'])) {
             die('you are not allowed to add articles to this category!');
         } elseif (!$this->update_artpic()) {
             /*DO NOTHING*/
         } else {
             //Links
             for ($i = 1; $i <= 20; $i++) {
                 if (!$_POST['link' . $i . '_title'] || !$_POST['link' . $i . '_text'] || !$_POST['link' . $i . '_url']) {
                     continue;
                 }
                 $links[] = array('title' => $_POST['link' . $i . '_title'], 'text' => $_POST['link' . $i . '_text'], 'url' => $_POST['link' . $i . '_url'], 'popup' => intval($_POST['link' . $i . '_popup']));
             }
             //Veröffentlichung
             if ($apx->user->has_right('article.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfields = ',starttime,endtime';
                 }
             }
             //Sticky Ende
             if ($_POST['sticky'] && ($stickyend = maketime(3)) != 0) {
                 $_POST['sticky'] = $stickyend;
             } elseif ($_POST['sticky']) {
                 $_POST['sticky'] = 3000000000;
             }
             //Autor
             if ($apx->user->has_spright('article.edit') && $_POST['userid']) {
                 $addfields .= ',userid';
             }
             $_POST['secid'] = serialize_section($_POST['secid']);
             $_POST['artpic'] = $this->artpicpath;
             $_POST['teaser'] = $_POST['text'];
             $_POST['links'] = serialize($links);
             $db->dupdate(PRE . '_articles', $addfield . 'secid,prodid,catid,title,subtitle,artpic,teaser,meta_description,galid,links,top,sticky,searchable,restricted,allowcoms,allowrating' . $addfields, "WHERE ( id='" . $_REQUEST['id'] . "' " . iif(!$apx->user->has_spright('articles.edit'), " AND userid='" . $apx->user->info['userid'] . "'") . " )");
             logit('ARTICLES_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_articles_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_articles_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             if ($_POST['catid'] == 'newcat' && $apx->user->has_right('articles.catadd')) {
                 header("HTTP/1.1 301 Moved Permanently");
                 header('location:action.php?action=articles.catadd&addid=' . $_REQUEST['id'] . '&from=edit' . iif($_POST['submit_finish'], '&finish=1'));
             } elseif ($_POST['submit_finish']) {
                 $this->finish_article();
             } else {
                 list($pageid) = $db->first("SELECT id FROM " . PRE . "_articles_pages WHERE artid='" . $_REQUEST['id'] . "' ORDER BY ord ASC LIMIT 1");
                 if (!$pageid) {
                     $pageid = 'new';
                 }
                 printJSRedirect('action.php?action=articles.edit&id=' . $_REQUEST['id'] . '&pageid=' . $pageid);
             }
             return;
         }
     } else {
         $res = $_POST = $db->first("SELECT userid,secid,prodid,catid,artpic,title,subtitle,teaser,links,meta_description,galid,top,sticky,searchable,restricted,allowcoms,allowrating,starttime,endtime FROM " . PRE . "_articles WHERE ( id='" . $_REQUEST['id'] . "' " . iif(!$apx->user->has_spright('articles.edit'), " AND userid='" . $apx->user->info['userid'] . "'") . " ) LIMIT 1", true);
         $_POST['text'] = $_POST['teaser'];
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Links umformen
         $_POST['link1_popup'] = 1;
         $links = unserialize($res['links']);
         if (is_array($links) && count($links)) {
             foreach ($links as $link) {
                 ++$i;
                 $_POST['link' . $i . '_title'] = $link['title'];
                 $_POST['link' . $i . '_text'] = $link['text'];
                 $_POST['link' . $i . '_url'] = $link['url'];
                 $_POST['link' . $i . '_popup'] = $link['popup'];
             }
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         //Sticky Ende
         if ($res['sticky'] < 2147483647) {
             maketimepost(3, $res['sticky']);
         }
         mediamanager('articles');
         //Links
         if (!$_POST['link1_title']) {
             $_POST['link1_title'] = $apx->lang->get('LLINK');
         }
         for ($i = 1; $i <= 20; $i++) {
             if ($i > 1 && (!$_POST['link' . $i . '_title'] || $_POST['link' . $i . '_title'] == $apx->lang->get('LLINK')) && !$_POST['link' . $i . '_text'] && !$_POST['link' . $i . '_url']) {
                 continue;
             }
             $linklist[] = array('TITLE' => compatible_hsc($_POST['link' . $i . '_title']), 'TEXT' => compatible_hsc($_POST['link' . $i . '_text']), 'URL' => compatible_hsc($_POST['link' . $i . '_url']), 'POPUP' => (int) $_POST['link' . $i . '_popup'], 'DISPLAY' => 1);
         }
         while (count($linklist) < 20) {
             $linklist[] = array('TITLE' => $apx->lang->get('LLINK'), 'POPUP' => 1);
         }
         //Veröffentlichung
         if ($apx->user->has_right('articles.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Artpicpic
         $teaserpic = '';
         if ($_POST['artpic']) {
             $teaserpicpath = $_POST['artpic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_articles_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('PRODID', $_POST['prodid']);
         $apx->tmpl->assign('GALID', $_POST['galid']);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('SUBTITLE', compatible_hsc($_POST['subtitle']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('ARTPIC', $teaserpic);
         $apx->tmpl->assign('PIC_COPY', compatible_hsc($_POST['pic_copy']));
         $apx->tmpl->assign('LINK', $linklist);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('STICKY', (int) $_POST['sticky']);
         $apx->tmpl->assign('STICKYTIME', choosetime(3, 1, maketime(3)));
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->parse('edit');
     }
 }
Example #9
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     //Sendfile
     list($tempfile, $filename) = $db->first("SELECT tempfile,file FROM " . PRE . "_downloads WHERE id='" . intval($_REQUEST['id']) . "' LIMIT 1");
     //DATEI AKTIVIEREN
     if ($_POST['enablefile'] && $tempfile) {
         if (!checkToken()) {
             infoInvalidToken();
         } else {
             $this->edit_enable($tempfile, $filename);
             printJSRedirect('action.php?action=downloads.edit&id=' . $_REQUEST['id']);
         }
     } elseif ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif ($_FILES['file_upload']['error'] == 1) {
             info($apx->lang->get('INFO_TOOBIG'));
         } elseif (!$_POST['title'] || !$_POST['catid'] || !$_POST['text'] || !$_POST['file'] && !$_FILES['file_upload']['tmp_name'] || !$_POST['local'] && !$_POST['filesize']) {
             infoNotComplete();
         } elseif (!$this->category_is_open($_POST['catid'])) {
             die('you are not allowed to add downloads to this category!');
         } elseif (!$this->update_file()) {
             /*do nothing*/
         } elseif (!$this->update_teaserpic()) {
             /*DO NOTHING*/
         } else {
             //Dateigröße
             if ($_POST['local']) {
                 $_POST['filesize'] = 0;
             } else {
                 if ($_POST['filesize_format'] == 'kb') {
                     $_POST['filesize'] = (int) 1024 * (double) str_replace(',', '.', $_POST['filesize']);
                 } elseif ($_POST['filesize_format'] == 'mb') {
                     $_POST['filesize'] = (int) 1024 * 1024 * (double) str_replace(',', '.', $_POST['filesize']);
                 } elseif ($_POST['filesize_format'] == 'gb') {
                     $_POST['filesize'] = (int) 1024 * 1024 * 1024 * (double) str_replace(',', '.', $_POST['filesize']);
                 }
             }
             //Mirrors
             $mirrorlist = array();
             for ($i = 1; $i <= 20; $i++) {
                 if (!$_POST['mirror' . $i . '_title'] || !$_POST['mirror' . $i . '_url']) {
                     continue;
                 }
                 $mirrorlist[] = array('title' => $_POST['mirror' . $i . '_title'], 'url' => $_POST['mirror' . $i . '_url']);
             }
             //Autor
             if ($apx->user->has_spright('downloads.edit') && $_POST['userid']) {
                 if ($_POST['userid'] == 'send') {
                     $_POST['userid'] = 0;
                 } else {
                     $_POST['userid'] = $_POST['userid'];
                 }
                 $addfields .= ',userid';
             }
             //Veröffentlichung
             if ($apx->user->has_right('downloads.enable') && isset($_POST['t_day_1'])) {
                 $_POST['starttime'] = maketime(1);
                 $_POST['endtime'] = maketime(2);
                 if ($_POST['starttime']) {
                     if (!$_POST['endtime'] || $_POST['endtime'] <= $_POST['starttime']) {
                         $_POST['endtime'] = 3000000000;
                     }
                     $addfields .= ',starttime,endtime';
                 }
             }
             $_POST['secid'] = serialize_section($_POST['secid']);
             $_POST['mirrors'] = serialize($mirrorlist);
             $_POST['file'] = $this->filepath;
             $_POST['tempfile'] = $this->tempfile;
             $_POST['teaserpic'] = $this->teaserpicpath;
             $db->dupdate(PRE . '_downloads', 'secid,prodid,catid,file,tempfile,filesize,format,local,title,text,teaserpic,meta_description,galid,author,author_link,mirrors,allowcoms,allowrating,top,regonly,searchable,restricted,limit,password' . $addfields, "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             logit('DOWNLOADS_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_downloads_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_downloads_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('downloads.show'));
         }
     } else {
         $res = $db->first("SELECT * FROM " . PRE . "_downloads WHERE id='" . $_REQUEST['id'] . "' LIMIT 1", 1);
         foreach ($res as $key => $val) {
             $_POST[$key] = $val;
         }
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Autor
         if (!$res['userid']) {
             $_POST['userid'] = 'send';
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         //Mirrors
         $mirrors = unserialize($res['mirrors']);
         if (is_array($mirrors) && count($mirrors)) {
             foreach ($mirrors as $res) {
                 ++$i;
                 $_POST['mirror' . $i . '_title'] = $res['title'];
                 $_POST['mirror' . $i . '_url'] = $res['url'];
             }
         }
         mediamanager('downloads');
         //Mirrors
         $mirrorlist = array();
         for ($i = 1; $i <= 20; $i++) {
             if ($i > 1 && (!$_POST['mirror' . $i . '_title'] || !$_POST['mirror' . $i . '_url'])) {
                 continue;
             }
             $mirrorlist[] = array('TITLE' => compatible_hsc($_POST['mirror' . $i . '_title']), 'URL' => compatible_hsc($_POST['mirror' . $i . '_url']), 'DISPLAY' => 1);
         }
         while (count($mirrorlist) < 20) {
             $mirrorlist[] = array('TITLE' => '', 'URL' => '');
         }
         //Autor
         if ($apx->user->has_spright('downloads.edit')) {
             $apx->tmpl->assign('USERLIST', $this->get_userlist());
         }
         //Veröffentlichung
         if ($apx->user->has_right('downloads.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Einsende-User beachten
         $send = $db->first("SELECT send_username,send_email FROM " . PRE . "_downloads WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         if ($send['send_username']) {
             $usersend = '<option value="send"' . iif($_POST['userid'] == 'send', ' selected="selected"') . '>' . $apx->lang->get('GUEST') . ': ' . $send['send_username'] . iif($send['send_email'], ' (' . $send['send_email'] . ')') . '</option>';
         }
         //Teaserpic
         $teaserpic = '';
         if ($_POST['teaserpic']) {
             $teaserpicpath = $_POST['teaserpic'];
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_downloads_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('PRODID', $_POST['prodid']);
         $apx->tmpl->assign('USER_SEND', $usersend);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('GALID', $_POST['galid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('TEASERPIC', $teaserpic);
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('AUTHOR', compatible_hsc($_POST['author']));
         $apx->tmpl->assign('AUTHOR_LINK', compatible_hsc($_POST['author_link']));
         $apx->tmpl->assign('FILE', compatible_hsc($_POST['file']));
         $apx->tmpl->assign('TEMPFILE', $tempfile);
         $apx->tmpl->assign('TEMPFILE_URL', '../' . getpath('uploads') . $tempfile);
         $apx->tmpl->assign('FILESIZE', compatible_hsc($_POST['filesize']));
         $apx->tmpl->assign('FILESIZE_FORMAT', $_POST['filesize_format']);
         $apx->tmpl->assign('FORMAT', compatible_hsc($_POST['format']));
         $apx->tmpl->assign('MIRROR', $mirrorlist);
         $apx->tmpl->assign('LOCAL', (int) $_POST['local']);
         $apx->tmpl->assign('PASSWORD', compatible_hsc($_POST['password']));
         $apx->tmpl->assign('LIMIT', (int) $_POST['limit']);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWRATING', (int) $_POST['allowrating']);
         $apx->tmpl->assign('TOP', (int) $_POST['top']);
         $apx->tmpl->assign('REGONLY', (int) $_POST['regonly']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->parse('add_edit');
     }
 }
Example #10
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     //Aktualisieren
     if ($_POST['send']) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['catid'] || !$_POST['title'] || !$_POST['text'] || !$_POST['start_day'] || !$_POST['start_month'] || !$_POST['start_year']) {
             infoNotComplete();
         } elseif (!$this->update_pic()) {
             /*DO NOTHING*/
         } else {
             $_POST['picture'] = $this->picpath;
             $_POST['startday'] = $this->generate_stamp($_POST['start_day'], $_POST['start_month'], $_POST['start_year']);
             //Startzeit
             $_POST['starttime'] = -1;
             if ($_POST['start_hour'] !== '' && $_POST['start_minute'] !== '') {
                 $_POST['starttime'] = sprintf('%02d%02d', $_POST['start_hour'], $_POST['start_minute']);
             }
             //Termin Ende
             $_POST['endday'] = 0;
             if ($_POST['end_day'] !== '' && $_POST['end_month'] !== '' && $_POST['end_year'] !== '') {
                 $_POST['endday'] = $this->generate_stamp($_POST['end_day'], $_POST['end_month'], $_POST['end_year']);
                 $_POST['endtime'] = -1;
                 if ($_POST['end_hour'] !== '' && $_POST['end_minute'] !== '') {
                     $_POST['endtime'] = sprintf('%02d%02d', $_POST['end_hour'], $_POST['end_minute']);
                 }
             } else {
                 $_POST['endday'] = $_POST['startday'];
                 $_POST['endtime'] = -1;
             }
             //Links
             for ($i = 1; $i <= 20; $i++) {
                 if (!$_POST['link' . $i . '_title'] || !$_POST['link' . $i . '_text'] || !$_POST['link' . $i . '_url']) {
                     continue;
                 }
                 $links[] = array('title' => $_POST['link' . $i . '_title'], 'text' => $_POST['link' . $i . '_text'], 'url' => $_POST['link' . $i . '_url'], 'popup' => (int) $_POST['link' . $i . '_popup']);
             }
             $_POST['links'] = serialize($links);
             //Autor
             if ($_POST['userid'] == 'send') {
                 $_POST['userid'] = 0;
             } else {
                 $_POST['userid'] = $_POST['userid'];
             }
             //Sektion
             $_POST['secid'] = serialize_section($_POST['secid']);
             $db->dupdate(PRE . '_calendar_events', 'secid,catid,userid,title,text,location,location_link,picture,priority,meta_description,galid,links,startday,starttime,endday,endtime,searchable,restricted,allowcoms,allownote', "WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
             $nid = $db->insert_id();
             logit('CALENDAR_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_calendar_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_calendar_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('calendar.show'));
             return;
         }
     } else {
         $res = $db->first("SELECT * FROM " . PRE . "_calendar_events WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         foreach ($res as $key => $value) {
             $_POST[$key] = $value;
         }
         //Start
         $start = $this->explode_stamp($res['startday']);
         $_POST['start_day'] = $start['day'];
         $_POST['start_month'] = $start['month'];
         $_POST['start_year'] = $start['year'];
         if ($res['starttime'] != -1) {
             $starttime = sprintf('%04d', $res['starttime']);
             $_POST['start_hour'] = substr($starttime, 0, 2);
             $_POST['start_minute'] = substr($starttime, 2, 2);
         }
         //Ende
         if ($res['endday'] != $res['startday'] || $res['endtime'] != -1) {
             $end = $this->explode_stamp($res['endday']);
             $_POST['end_day'] = $end['day'];
             $_POST['end_month'] = $end['month'];
             $_POST['end_year'] = $end['year'];
             if ($res['endtime'] != -1) {
                 $endtime = sprintf('%04d', $res['endtime']);
                 $_POST['end_hour'] = substr($endtime, 0, 2);
                 $_POST['end_minute'] = substr($endtime, 2, 2);
             }
         }
         //Links umformen
         $_POST['link1_popup'] = 1;
         $links = unserialize($res['links']);
         if (is_array($links) && count($links)) {
             foreach ($links as $link) {
                 ++$i;
                 $_POST['link' . $i . '_title'] = $link['title'];
                 $_POST['link' . $i . '_text'] = $link['text'];
                 $_POST['link' . $i . '_url'] = $link['url'];
                 $_POST['link' . $i . '_popup'] = $link['popup'];
             }
         }
         //Sektionen
         $_POST['secid'] = unserialize_section($_POST['secid']);
         //Aktuelles Bild
         list($picture) = $db->first("SELECT picture FROM " . PRE . "_calendar_events WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         $teaserpic = '';
         if ($picture) {
             $teaserpicpath = $picture;
             $poppicpath = str_replace('-thumb.', '.', $teaserpicpath);
             if (file_exists(BASEDIR . getpath('uploads') . $poppicpath)) {
                 $teaserpic = '../' . getpath('uploads') . $poppicpath;
             } else {
                 $teaserpic = '../' . getpath('uploads') . $teaserpicpath;
             }
         }
         //Einsende-User beachten
         $send = $db->first("SELECT send_username,send_email FROM " . PRE . "_calendar_events WHERE id='" . $_REQUEST['id'] . "' LIMIT 1");
         if ($send['send_username']) {
             $usersend = '<option value="send"' . iif($_POST['userid'] == 'send', ' selected="selected"') . '>' . $apx->lang->get('GUEST') . ': ' . $send['send_username'] . iif($send['send_email'], ' (' . $send['send_email'] . ')') . '</option>';
         }
         //Normale Links
         if (!$_POST['link1_title']) {
             $_POST['link1_title'] = $apx->lang->get('LLINK');
         }
         for ($i = 1; $i <= 20; $i++) {
             if ($i > 1 && (!$_POST['link' . $i . '_title'] || $_POST['link' . $i . '_title'] == $apx->lang->get('LLINK')) && !$_POST['link' . $i . '_text'] && !$_POST['link' . $i . '_url']) {
                 continue;
             }
             $linklist[] = array('TITLE' => compatible_hsc($_POST['link' . $i . '_title']), 'TEXT' => compatible_hsc($_POST['link' . $i . '_text']), 'URL' => compatible_hsc($_POST['link' . $i . '_url']), 'POPUP' => (int) $_POST['link' . $i . '_popup'], 'DISPLAY' => 1);
         }
         while (count($linklist) < 20) {
             $linklist[] = array('TITLE' => $apx->lang->get('LLINK'), 'POPUP' => 1);
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_calendar_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('USERID', $_POST['userid']);
         $apx->tmpl->assign('USER_SEND', $usersend);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('CATLIST', $this->get_catlist());
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('TEXT', compatible_hsc($_POST['text']));
         $apx->tmpl->assign('PICTURE', $teaserpic);
         $apx->tmpl->assign('LOCATION', compatible_hsc($_POST['location']));
         $apx->tmpl->assign('LOCATION_LINK', compatible_hsc($_POST['location_link']));
         $apx->tmpl->assign('START_DAY', (int) $_POST['start_day']);
         $apx->tmpl->assign('START_MONTH', (int) $_POST['start_month']);
         $apx->tmpl->assign('START_YEAR', (int) $_POST['start_year']);
         $apx->tmpl->assign('START_HOUR', $_POST['start_hour']);
         $apx->tmpl->assign('START_MINUTE', $_POST['start_minute']);
         $apx->tmpl->assign('END_DAY', (int) $_POST['end_day']);
         $apx->tmpl->assign('END_MONTH', (int) $_POST['end_month']);
         $apx->tmpl->assign('END_YEAR', (int) $_POST['end_year']);
         $apx->tmpl->assign('END_HOUR', $_POST['end_hour']);
         $apx->tmpl->assign('END_MINUTE', $_POST['end_minute']);
         $apx->tmpl->assign('GALID', (int) $_POST['galid']);
         $apx->tmpl->assign('PRIORITY', (int) $_POST['priority']);
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('LINK', $linklist);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->assign('ALLOWNOTE', (int) $_POST['allownote']);
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('ACTION', 'edit');
         $apx->tmpl->parse('add_edit');
     }
 }
Example #11
0
 function edit()
 {
     global $set, $db, $apx;
     $_REQUEST['id'] = (int) $_REQUEST['id'];
     if (!$_REQUEST['id']) {
         die('missing ID!');
     }
     //Sektions-Liste
     if (!is_array($_POST['secid']) || $_POST['secid'][0] == 'all') {
         $_POST['secid'] = array('all');
     }
     if ($_POST['send'] == 1) {
         if (!checkToken()) {
             infoInvalidToken();
         } elseif (!$_POST['title']) {
             infoNotComplete();
         } else {
             $update = array('prodid' => $_POST['prodid'], 'title' => $_POST['title'], 'description' => $_POST['description'], 'meta_description' => $_POST['meta_description'], 'searchable' => $_POST['searchable'], 'restricted' => $_POST['restricted'], 'allowcoms' => $_POST['allowcoms']);
             //Veröffentlichung
             if ($apx->user->has_right('gallery.enable') && isset($_POST['t_day_1'])) {
                 $update['starttime'] = maketime(1);
                 $update['endtime'] = maketime(2);
                 if ($update['starttime']) {
                     if (!$update['endtime'] || $update['endtime'] <= $_POST['starttime']) {
                         $update['endtime'] = 3000000000;
                     }
                 }
             }
             //Prüfen, ob der neue Elternknoten deaktiviert ist => falls ja den Knoten deaktivieren
             if (intval($_POST['parent'])) {
                 list($parentEnabled) = $db->first("SELECT starttime FROM " . PRE . "_gallery WHERE id='" . intval($_POST['parent']) . "' LIMIT 1");
                 if (!$parentEnabled) {
                     $update['starttime'] = 0;
                     $update['endtime'] = 0;
                 }
             }
             //Unter-Galerien werden verwendet
             if ($set['gallery']['subgals']) {
                 $nodeInfo = $this->cat->getNode($_REQUEST['id']);
                 $currentParentId = array_pop($nodeInfo['parents']);
                 //Dieser Knoten wird ein Unter-Knoten
                 //Übernehme secid vom neuen Parent, password löschen
                 if (intval($_POST['parent'])) {
                     $_POST['parent'] = intval($_POST['parent']);
                     //Parent hat sich geändert => Daten übernehmen
                     if ($currentParentId != $_POST['parent']) {
                         $rootNode = $this->cat->getNode($_POST['parent'], array('secid', 'password', 'restricted'));
                         $update['secid'] = $rootNode['secid'];
                         $update['password'] = '';
                         $update['restricted'] = '';
                         //Unter-Galerien des Knotens anpassen
                         $childrenIds = $nodeInfo['children'];
                         if ($childrenIds) {
                             $db->query("\n\t\t\t\t\t\t\t\tUPDATE " . PRE . "_gallery\n\t\t\t\t\t\t\t\tSET secid='" . addslashes($update['secid']) . "', password = '', restricted=0\n\t\t\t\t\t\t\t\tWHERE id IN (" . implode(',', $childrenIds) . ")\n\t\t\t\t\t\t\t");
                         }
                     }
                 } else {
                     $update['secid'] = serialize_section($_POST['secid']);
                     $update['password'] = $_POST['password'];
                     $update['restricted'] = $_POST['restricted'];
                     //Unter-Galerien des Knotens anpassen
                     $childrenIds = $nodeInfo['children'];
                     if ($childrenIds) {
                         $db->query("\n\t\t\t\t\t\t\tUPDATE " . PRE . "_gallery\n\t\t\t\t\t\t\tSET secid='" . addslashes($update['secid']) . "', password = '', restricted=0\n\t\t\t\t\t\t\tWHERE id IN (" . implode(',', $childrenIds) . ")\n\t\t\t\t\t\t");
                     }
                 }
             } else {
                 $update['secid'] = serialize_section($_POST['secid']);
                 $update['password'] = $_POST['password'];
                 $update['restricted'] = $_POST['restricted'];
             }
             $this->cat->moveNode($_REQUEST['id'], intval($_POST['parent']), $update);
             logit('GALLERY_EDIT', 'ID #' . $_REQUEST['id']);
             //Tags
             $db->query("DELETE FROM " . PRE . "_gallery_tags WHERE id='" . $_REQUEST['id'] . "'");
             $tagids = produceTagIds($_POST['tags']);
             foreach ($tagids as $tagid) {
                 $db->query("INSERT IGNORE INTO " . PRE . "_gallery_tags VALUES('" . $_REQUEST['id'] . "', '" . $tagid . "')");
             }
             printJSRedirect(get_index('gallery.show'));
         }
     } else {
         $res = $this->cat->getNode($_REQUEST['id'], array('secid', 'prodid', 'title', 'description', 'meta_description', 'password', 'starttime', 'endtime', 'searchable', 'restricted', 'allowcoms'));
         $_POST['secid'] = unserialize_section($res['secid']);
         $_POST['prodid'] = $res['prodid'];
         $_POST['title'] = $res['title'];
         $_POST['description'] = $res['description'];
         $_POST['meta_description'] = $res['meta_description'];
         $_POST['password'] = $res['password'];
         $_POST['searchable'] = $res['searchable'];
         $_POST['restricted'] = $res['restricted'];
         $_POST['allowcoms'] = $res['allowcoms'];
         if (!$res['parents']) {
             $_POST['parent'] = 'root';
         } else {
             $_POST['parent'] = array_pop($res['parents']);
         }
         //Veröffentlichung
         if ($res['starttime']) {
             maketimepost(1, $res['starttime']);
             if ($res['endtime'] < 2147483647) {
                 maketimepost(2, $res['endtime']);
             }
         }
         //Baum
         if ($set['gallery']['subgals']) {
             $gallist = '<option value="root" style="font-weight:bold;"' . iif($_POST['parent'] == 'root', ' selected="selected"') . '>' . $apx->lang->get('ROOT') . '</option>';
             $data = $this->cat->getTree(array('title'));
             if (count($data)) {
                 $gallist .= '<option value=""></option>';
                 foreach ($data as $res) {
                     if ($jumplevel && $res['level'] > $jumplevel) {
                         continue;
                     } else {
                         $jumplevel = 0;
                     }
                     if ($_REQUEST['id'] == $res['id']) {
                         $jumplevel = $res['level'];
                         continue;
                     }
                     $gallist .= '<option value="' . $res['id'] . '"' . iif($_POST['parent'] === $res['id'], ' selected="selected"') . '>' . str_repeat('&nbsp;&nbsp;', $res['level'] - 1) . replace($res['title']) . '</option>';
                 }
             }
         }
         //Veröffentlichung
         if ($apx->user->has_right('gallery.enable') && isset($_POST['t_day_1'])) {
             $apx->tmpl->assign('STARTTIME', choosetime(1, 0, maketime(1)));
             $apx->tmpl->assign('ENDTIME', choosetime(2, 1, maketime(2)));
         }
         //Tags
         $tags = array();
         $tagdata = $db->fetch("\n\t\t\tSELECT t.tag\n\t\t\tFROM " . PRE . "_gallery_tags AS n\n\t\t\tLEFT JOIN " . PRE . "_tags AS t USING(tagid)\n\t\t\tWHERE n.id='" . $_REQUEST['id'] . "'\n\t\t\tORDER BY t.tag ASC\n\t\t");
         $tags = get_ids($tagdata, 'tag');
         $_POST['tags'] = implode(', ', $tags);
         $apx->tmpl->assign('PARENT', $gallist);
         $apx->tmpl->assign('ID', $_REQUEST['id']);
         $apx->tmpl->assign('SECID', $_POST['secid']);
         $apx->tmpl->assign('PRODID', $_POST['prodid']);
         $apx->tmpl->assign('TITLE', compatible_hsc($_POST['title']));
         $apx->tmpl->assign('DESCRIPTION', compatible_hsc($_POST['description']));
         $apx->tmpl->assign('PASSWORD', compatible_hsc($_POST['password']));
         $apx->tmpl->assign('META_DESCRIPTION', compatible_hsc($_POST['meta_description']));
         $apx->tmpl->assign('TAGS', compatible_hsc($_POST['tags']));
         $apx->tmpl->assign('SEARCHABLE', (int) $_POST['searchable']);
         $apx->tmpl->assign('RESTRICTED', (int) $_POST['restricted']);
         $apx->tmpl->assign('ALLOWCOMS', (int) $_POST['allowcoms']);
         $apx->tmpl->parse('edit');
     }
 }