default: break; } Flash::store('Admin Update Successful', true); // redirect kills form resubmission } catch (MyException $e) { Flash::store('Admin Update FAILED !', true); // redirect kills form resubmission } } if (isset($_POST['setup_action'])) { test_token(); try { switch ($_POST['setup_action']) { case 'delete': Setup::delete($_POST['ids']); break; default: break; } Flash::store('Admin Update Successful', true); // redirect kills form resubmission } catch (MyException $e) { Flash::store('Admin Update FAILED !', true); // redirect kills form resubmission } } if (isset($_POST['submit'])) { test_token(); try { // clear the submit and token fields
\t\t\t\t</div> \t\t\t\t<div><input type="submit" value="{$create} Setup" /></div> \t\t\t</div></form> EOF; break; case 'delete': if (isset($_POST['id'])) { test_token(); // make sure this user can delete this setup $Setup = new Setup((int) $_POST['id']); if (!$GLOBALS['Player']->is_admin && (!$Setup->creator || (string) $_SESSION['player_id'] !== (string) $Setup->creator)) { Flash::store('You are not allowed to perform this action', 'setups.php'); } Setup::delete($Setup->id); Flash::store('Setup deleted successfully', 'setups.php'); } elseif (isset($_GET['id'])) { // make sure this user can edit / delete this setup $Setup = new Setup((int) $_GET['id']); if (!$GLOBALS['Player']->is_admin && (!$Setup->creator || (string) $_SESSION['player_id'] !== (string) $Setup->creator)) { Flash::store('You are not allowed to perform this action', 'setups.php'); } // we need to confirm the delete request via a safer method (no XSRF here) $meta['title'] = 'Delete Game Setup'; $meta['head_data'] = ' <link rel="stylesheet" type="text/css" media="screen" href="css/board.css" /> <script type="text/javascript"> var invert = false; var board = "' . expandFEN($Setup->board) . '";
* * You should have received a copy of the GNU General Public License * along with FireOpal. If not, see <http://www.gnu.org/licenses/>. */ ini_set('include_path', ini_get('include_path') . PATH_SEPARATOR . dirname(__DIR__) . DIRECTORY_SEPARATOR . 'include'); require_once 'Setup.class.php'; if (!isset($_SESSION)) { session_start(); } $setup = new Setup(); if (!empty($_REQUEST)) { $setup->store($_REQUEST); $setup->storeInDB($_SESSION['sess_idUser'], $_REQUEST); if (isset($_REQUEST['delete']) && !empty($_REQUEST['delete'])) { $setup->deleteFromDB($_SESSION['sess_idUser'], $_REQUEST['delete']); $setup->delete($_REQUEST['delete']); } } $content = $setup->display(); $form = $content['form']; // $form = $setup->displayUserConf($_SESSION['sess_idUser']); $info = ""; if (!empty($content['info'])) { $info = '<ul class="feedback_info" >'; foreach ($content['info'] as $message) { $info .= "<li>" . $message . "</li>"; } $info .= '</ul>'; } $error = ""; if (!empty($content['error'])) {