<?php /** * CMS module: Download Gallery 3 * Copyright and more information see file info.php **/ require realpath(dirname(__FILE__) . '/../../config.php'); // check permissions require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); $dlgmodname = str_replace(str_replace('\\', '/', WB_PATH) . '/modules/', '', str_replace('\\', '/', dirname(__FILE__))); if (!($admin->is_authenticated() && $admin->get_permission($dlgmodname, 'module'))) { header('Location: ../../index.php'); } require_once WB_PATH . '/framework/class.order.php'; // if there's no item_id, it should be a group if (!isset($_POST['item_id'])) { if (!isset($_POST['group_id'])) { } else { $group_id = is_numeric($_POST['group_id']) ? $_POST['group_id'] : NULL; $prev_id = is_numeric($_POST['prev_id']) ? $_POST['prev_id'] : NULL; // new position $o = new order(TABLE_PREFIX . $tablename . '_groups', 'position', 'group_id', 'section_id'); if ($group_id) { if ($prev_id) { $pos = $database->get_one('SELECT `position` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $prev_id . "'"); } else { $pos = 0; } $database->query("UPDATE `" . TABLE_PREFIX . $tablename . "_groups` SET `position` = '" . $pos++ . "' WHERE `group_id` = '" . $group_id . "'"); $section_id = $database->get_one('SELECT `section_id` FROM `' . TABLE_PREFIX . $tablename . "_groups` WHERE `group_id` = '" . $group_id . "'");
if (!file_exists(WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php')) { // no module language file exists for the language set by the user, include default module language file DE.php require_once WB_PATH . '/modules/foldergallery/languages/DE.php'; } else { // a module language file exists for the language defined by the user, load it require_once WB_PATH . '/modules/foldergallery/languages/' . LANGUAGE . '.php'; } // First we prevent direct access and check for variables if (!isset($_POST['action']) or !isset($_POST['recordsArray'])) { // now we redirect to index, if you are in subfolder use ../index.php header('Location: ../../index.php'); } else { // check if user has permissions to access the module require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); if (!($admin->is_authenticated() && $admin->get_permission('foldergallery', 'module'))) { die(header('Location: ../../index.php')); } // Sanitized variables $action = $admin->add_slashes($_POST['action']); $updateRecordsArray = isset($_POST['recordsArray']) ? $_POST['recordsArray'] : array(); // This line verifies that in &action is not other text than "updateRecordsListings", if something else is inputed (to try to HACK the DB), there will be no DB access.. if ($action == "updateRecordsListings") { $listingCounter = 1; $output = ""; foreach ($updateRecordsArray as $recordIDValue) { $database->query("UPDATE `" . TABLE_PREFIX . "mod_foldergallery_categories` SET position = " . $listingCounter . " WHERE `id` = " . $recordIDValue); $listingCounter++; } echo '<img src="' . WB_URL . '/modules/jsadmin/images/success.gif" style="vertical-align:middle;"/> <span style="font-size: 80%">' . $MOD_FOLDERGALLERY['REORDER_INFO_SUCESS'] . '</span>'; }
<?php /* Drag'N'Drop Position */ if (!isset($_POST['action']) || !isset($_POST['row'])) { header('Location: ../../index.php'); } else { require '../../config.php'; // Check if user has permissions to access the Bakery module require_once '../../framework/class.admin.php'; $admin = new admin('Modules', 'module_view', false, false); if (!($admin->is_authenticated() && $admin->get_permission('bakery', 'module'))) { die(header('Location: ../../index.php')); } // Sanitize variable $action = $admin->add_slashes($_POST['action']); // We just get the array here, and few lines below we sanitize it $row = $_POST['row']; $sID = $database->get_one("SELECT section_id FROM " . TABLE_PREFIX . "mod_bakery_items WHERE item_id = " . intval($row[0])); /* Bakery isn't using ordering (ASC/DESC) so we comment this code $sorting = $database->get_one("SELECT ordering FROM ".TABLE_PREFIX."bakery_settings WHERE section_id = ".$sID." "); if($sorting == 1) // DESC == new first { $row = array_reverse($row); } */ // For security reasons (to prevent db hacks) this line verifies that // in the $action var there is no other text than "updatePosition"
require_once dirname(__FILE__) . '/../../../config.php'; if (!defined('WB_PATH')) { die("sorry, no access.."); } //Das muss hier so gemacht werden: require_once '../info.php'; $mod_dir = $module_directory; $tablename = $module_directory; $mpath = WB_PATH . '/modules/' . $mod_dir . '/'; require_once $mpath . '/functions.php'; // Include WB functions file require WB_PATH . '/framework/functions.php'; $theauto_header = false; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify', $theauto_header, TRUE); if (!$admin->is_authenticated()) { die; } if ($admin->get_user_id() > 1) { echo '<h1>Access for admin 1 only</h1>'; } // Get id $copysection = ''; if (isset($_GET['copysection']) and is_numeric($_POST['copysection'])) { $copysection = ' AND section_id = ' . $_GET['copysection'] . ' '; //Nur diese Section copieren } // Einen Datensatz abfragen unf ggf Feld 'is_topic_id' einfügen. $sql = 'SELECT * FROM `' . TABLE_PREFIX . 'mod_news_posts` WHERE active=1 ' . $copysection . ' AND is_topic_id = 0 LIMIT 1'; $query_post = $database->query($sql); if ($database->is_error()) {
// load outputfilter-functions require_once dirname(dirname(__FILE__)) . "/functions.php"; $aJsonRespond = array(); $aJsonRespond['success'] = false; $aJsonRespond['message'] = ''; $aJsonRespond['icon'] = ''; if (!isset($_POST['action']) || !isset($_POST['id'])) { $aJsonRespond['message'] = 'one of the parameters does not exist'; exit(json_encode($aJsonRespond)); } else { $aRows = $_POST['id']; require_once '../../../config.php'; // check if user has permissions to access the outputfilter_dashboard module require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('admintools', 'admintools', false, false); if (!($admin->is_authenticated() && $admin->get_permission('outputfilter_dashboard', 'module'))) { $aJsonRespond['message'] = 'insuficcient rights'; exit(json_encode($aJsonRespond)); } // Sanitize variables $action = $admin->add_slashes($_POST['action']); if ($action == "updatePosition") { $i = array(); $i_keys = array(); foreach (opf_get_types() as $type => $typename) { $i[$type] = 1; $i_keys[] = $type; } foreach ($aRows as $recID) { $id = $admin->checkIDKEY($recID, 0, 'key', true); $filter = opf_get_data($id);