$gpname = gpid2gpname($gpid); $error_string = "Fail to make public group `{$gpname}` on your phonebook"; $db_query = "INSERT INTO playsms_tblUserGroupPhonebook_public (gpid,uid) VALUES ('{$gpid}','{$uid}')"; $db_result = @dba_insert_id($db_query); if ($db_result > 0) { $error_string = "Group `{$gpname}` has been published for public view"; } } header("Location: fr_right.php?err=" . urlencode($error_string)); die; break; case "hide_from_public": $pp = $_GET['pp']; $gpid = $_GET['gpid']; if ($gpid) { $gpname = gpid2gpname($gpid); $error_string = "Fail to hide public group `{$gpname}`"; $db_query = "DELETE FROM playsms_tblUserGroupPhonebook_public WHERE gpid='{$gpid}' AND uid='{$uid}'"; $db_result = @dba_affected_rows($db_query); if ($db_result > 0) { $error_string = "Group `{$gpname}` has been removed from public view"; } } if ($pp == 1) { header("Location: menu.php?inc=phonebook_public"); } else { header("Location: fr_right.php?err=" . urlencode($error_string)); } die; break; }
<?php if (!defined('_SECURE_')) { die('Intruder alert'); } $gpid = $_REQUEST['gpid']; switch ($op) { case "edit": if ($err) { $content = "<div class=error_string>{$err}</div>"; } $content .= "\n\t <h2>" . _('Edit group') . "</h2>\n\t <p>\n\t <form action=index.php?app=menu&inc=tools_simplephonebook&route=dir_edit&op=edit_yes&gpid={$gpid} method=POST>\n\t<table width=100% cellpadding=1 cellspacing=2 border=0>\n\t <tr>\n\t\t<td width=75>" . _('Group name') . "</td><td width=5>:</td><td><input type=text name=dir_name value=\"" . gpid2gpname($gpid) . "\" size=50></td>\n\t </tr>\n\t <tr>\n\t\t<td>" . _('Group code') . "</td><td>:</td><td><input type=text name=dir_code value=\"" . phonebook_groupid2code($gpid) . "\" size=10> (" . _('please use uppercase and make it short') . ")</td>\n\t </tr>\t \n\t</table>\n\t <p>" . _('Note') . ": " . _('Group code used by keyword') . " BC (" . _('broadcast SMS from single SMS') . ")\n\t <p><input type=submit class=button value=\"" . _('Save') . "\"> \n\t </form>\n\t"; echo $content; break; case "edit_yes": $dir_name = $_POST['dir_name']; $dir_code = strtoupper(trim($_POST['dir_code'])); if ($dir_name && $dir_code) { $db_query = "SELECT gp_code FROM " . _DB_PREF_ . "_toolsSimplephonebook_group WHERE uid='{$uid}' AND gp_code='{$dir_code}' AND NOT gpid='{$gpid}'"; $db_result = dba_query($db_query); if ($db_row = dba_fetch_array($db_result)) { header("Location: index.php?app=menu&inc=phonebook_list&err=" . urlencode(_('No changes has been made'))); die; } else { $db_query = "UPDATE " . _DB_PREF_ . "_toolsSimplephonebook_group SET c_timestamp='" . mktime() . "',gp_name='{$dir_name}',gp_code='{$dir_code}' WHERE uid='{$uid}' AND gpid='{$gpid}'"; $db_result = dba_query($db_query); header("Location: index.php?app=menu&inc=phonebook_list&err=" . urlencode(_('Group has been edited') . " (" . _('group') . ": `{$dir_name}`, " . _('code') . " `{$dir_code}`)")); die; } } header("Location: index.php?app=menu&inc=tools_simplephonebook&route=dir_edit&op=edit&gpid={$gpid}&err=" . urlencode(_('You must fill all field')));
<?php if (!defined("_SECURE_")) { die("Intruder: IP " . $_SERVER['REMOTE_ADDR']); } $op = $_GET[op]; $gpid = $_GET[gpid]; switch ($op) { case "edit": if ($err) { $content = "<p><font color=red>{$err}</font><p>"; } $content .= "\n\t <h2>Edit group</h2>\n\t <p>\n\t <form action=menu.php?inc=dir_edit&op=edit_yes&gpid={$gpid} method=POST>\n\t <p>Group Name: <input type=text name=dir_name value=\"" . gpid2gpname($gpid) . "\" size=50>\n\t <p>Group Code: <input type=text name=dir_code value=\"" . gpid2gpcode($gpid) . "\" size=10> (please use uppercase and make it short)\n\t <p>Note: Group Code used by code BC (broadcast SMS from single SMS)\n\t <p><input type=submit class=button value=\"Save\"> \n\t </form>\n\t"; echo $content; break; case "edit_yes": $dir_name = $_POST[dir_name]; $dir_code = strtoupper(trim($_POST[dir_code])); if ($dir_name && $dir_code) { $db_query = "SELECT gp_code FROM playsms_tblUserGroupPhonebook WHERE uid='{$uid}' AND gp_code='{$dir_code}' AND NOT gpid='{$gpid}'"; $db_result = dba_query($db_query); if ($db_row = dba_fetch_array($db_result)) { header("Location: fr_right.php?err=" . urlencode("No changes has been made on group `{$dir_name}` code `{$dir_code}`")); die; } else { $db_query = "UPDATE playsms_tblUserGroupPhonebook SET gp_name='{$dir_name}',gp_code='{$dir_code}' WHERE uid='{$uid}' AND gpid='{$gpid}'"; $db_result = dba_query($db_query); header("Location: fr_right.php?err=" . urlencode("Group `{$dir_name}` with code `{$dir_code}` has been edited")); die; } }