<?php session_start(); include_once dirname(__FILE__) . "/config.inc.php"; include_once INCLUDE_PATH . "connection.php"; $stringutil = new String(); $all_url_vars = $stringutil->parse_all(); //error_log(print_r($all_url_vars,true)); if ($all_url_vars['do'] == "change") { $table = $all_url_vars['table']; $idname = $all_url_vars['idname']; $idvalue = $all_url_vars['idvalue']; $columnname = $all_url_vars['columnname']; $value = $all_url_vars['value']; $securestring = $all_url_vars['securestring']; $securestringserver = md5("#{$table}#{$idname}#{$idvalue}#{$columnname}#" . USER . "#" . PASSWORD . "#"); if ($securestringserver != $securestring) { print "0"; error_log("ERROR: Wrong securestring\n" . print_r($all_url_vars, true)); exit; } $table = mysql_real_escape_string($table); $idname = mysql_real_escape_string($idname); $idvalue = mysql_real_escape_string($idvalue); $columnname = mysql_real_escape_string($columnname); $value = mysql_real_escape_string($value); $SQL = "UPDATE `{$table}` SET `{$columnname}` = '{$value}' WHERE `{$idname}`='{$idvalue}' LIMIT 1"; $result = mysql_query($SQL); if ($result) { print 1; exit;
File name config.php File purpose Configuration Script File created by GraFX (webmaster@grafxsoftware.com) ############################################################ */ // $Id: config.php 10280 2008-09-20 06:03:38Z lvalics $ include_once "../config.inc.php"; include_once INCLUDE_PATH . "cls_fast_template.php"; include_once INCLUDE_LANGUAGE_PATH . $LANG . ".inc.php"; include_once INCLUDE_LANGUAGE_PATH . $LANG . ".admintool.inc.php"; include_once INCLUDE_PATH . "connection.php"; $util = new Authenticate(); $util->check_authentification(); $st = new String(""); $all_url_vars = array(); $all_url_vars = $st->parse_all(); if (empty($all_url_vars['action'])) { $all_url_vars['action'] = "form"; } if ($all_url_vars['action'] == "index") { $ft = new FastTemplate(ADMIN_TEMPLATE_CONTENT_PATH); $ft->define(array("main" => "template_index.html", "leftmenu" => "left_menu.html", "content" => "config_index.html")); if (SHOP == 1) { $ft->assign("SHOP", 1); } if (!strstr(PHP_OS, 'WIN')) { if (!is_writable(INDEX_PATH . "tmp/extraconfig.inc.php")) { $ft->assign("MESSAGE", "<div class=\"mError\">" . LANG_CONF_ERROR_NOMOD . "</div>"); } else { $ft->assign("MESSAGE", "<div class=\"mError\">" . LANG_CONF_ERROR_SECURITY . "</div>"); }