if (preg_match($email_regex, $contact_email)) { $contact_email = trim($contact_email); } else { array_push($bad_fields, 'contact_email'); } $contact_phone = request_param('contact_phone'); $contact_address = request_param('contact_address'); # TBD: additional links $sprink = new Sprinkles(); # TBD: this is expensive; cheapen! $active_username = $sprink->current_username(); if (!$active_username) { redirect($sprink->authorize_url('admin.php', false)); exit(0); } $existing_admin_users = $sprink->get_users(); if (!$sprink->user_is_admin()) { redirect('error.php'); exit(0); } sort($existing_admin_users); $admin_users_str = request_param('admin_users_str'); $admin_users = preg_split('/,\\s*|\\s+/', $admin_users_str); if (!member($active_username, $admin_users)) { array_push($bad_fields, 'admin_users_str'); } else { $admin_users = array_filter($admin_users); $existing_admin_usernames = array(); foreach ($existing_admin_users as $u) { array_push($existing_admin_usernames, $u['username']); }
<?php require_once "Sprinkles.php"; require_once 'admin-fields.php'; $sprink = new Sprinkles(); $user = $sprink->current_user(); $username = $sprink->current_username(); if (!$username) { redirect($sprink->authorize_url('admin.php', false)); exit(0); } $admin_users = $sprink->get_users(); if (!$sprink->user_is_admin()) { $sprink->add_std_hash_elems($smarty); $smarty->display('not-admin.t'); } $company_hcard = $sprink->company_hcard(); $company_name = $company_hcard["fn"]; # TBD: fetch the site_settings row just once per request. $sql = "select background_color, contact_email, contact_phone, " . "contact_address, logo_link, map_url, faq_type from site_settings"; $result = mysql_query($sql); if (!$result) { die("Failed to fetch site settings from database (" . mysql_error() . ")."); } $settings = mysql_fetch_assoc($result); $smarty->assign('admin_users', $admin_users); foreach ($fields as $i => $field) { if (request_param($field)) { $settings[$field] = request_param($field); } }