//although if someone gains write access to db, they could comprimise the whole site. $path = "../modules/" . $v['foldername'] . "/" . $v['backend']; include $path; } mysql_free_result($result); $text = ""; $error = ""; $success = ""; switch ($admin->get('currentpage')) { /** * Pages, here we add new pages */ case "pages": if (isset($_GET['mp_id']) && isset($_GET['mp_to']) && isset($_GET['mp_from'])) { //Check if sort and id matches $admin->movePage($_GET['mp_id'], $_GET['mp_from'], $_GET['mp_to']); //Sorting will be made with ajax, so perhaps die here? //die(); } else { if (isset($_POST['addpage'])) { if (!isset($_POST['name']) || $_POST['name'] == "") { $error = "Please fill in the name of the page"; } else { if ($admin->insertNewPage($_POST['name'], $_POST['position'], $_POST['position_item'])) { $success = "Added the page <b>" . $_POST['name'] . "</b> to the site!"; } else { $error = "Could not add page due to unknown error.."; } } } else { if (isset($_POST['editpages'])) {