<?php
if (!defined("SHARE_INC")) {
include "dbapi/share.inc";
}
if (!defined("SUBSCRIPTIONS_INC")) {
include "dbapi/subscriptions.inc";
}
page_open(array("sess" => "Linktrail_Session", "auth" => "Linktrail_Auth", "perm" => "Linktrail_Perm", "user" => "Linktrail_User"));
if (!isset($actionstring)) {
die("OOps.. wrong call @ " . __FILE__ . " on line " . __LINE__ - 1);
}
$actionstring = base64_decode($actionstring);
parse_str($actionstring);
if ($expert == "" or $trail == "" or $action == "") {
die("OOps.. wrong call @ " . __FILE__ . " on line " . __LINE__ - 1);
}
$affected = delete_suggestion($trail, $expert);
if ($action == "subscribe" and $affected > 0) {
subscribe($expert, $trail, 0);
}
Header("Location: " . $sess->url("/Experts/" . rawurlencode($expert) . "?ob={$ob}&ci={$ci}"));
page_close();
break;
case "sorting_manage_review_rating":
manage_review_s($option, "rating");
break;
case "sorting_manage_review_approve":
manage_review_s($option, "published");
break;
//*************** end for manage reviews *************************/
//********** begin for manage suggestion *************************/
//*************** end for manage reviews *************************/
//********** begin for manage suggestion *************************/
case "manage_suggestion":
manage_suggestion($option);
break;
case "delete_suggestion":
delete_suggestion($option, $bid);
manage_suggestion($option);
break;
case "view_suggestion":
$bid = mosGetParam($_POST, 'bid');
view_suggestion($option, $bid);
break;
//********** end for manage suggestion ***************************/
//********** end for manage suggestion ***************************/
case "config_backend":
configure_backend($option);
break;
case "config_save_frontend":
configure_save_frontend($option);
break;
case "config_save_backend":
<?php
require('lib/db_info.php');
require('authentication.php');
//require('mysqlnd_polyfill.php');
//make switch case to do get, post, delete from $_GET array
$action = $_GET['action'];
switch($action)
{
case 'get_suggestion': get_suggestion(); break;
case 'post_suggestion': post_suggestion(); break;
case 'edit_suggestion': edit_suggestion(); break;
case 'delete_suggestion': delete_suggestion(); break;
default: break;
}
//get_suggestion();
function get_suggestion(){
global $conn;
//sanatize tho
$table_name = $_GET['tableName'];
$suggestion_id = $_GET['id'];
//make sure the table being requested in the right table name and not something like an injection command
$accepted_tables = get_tables();
if(in_array($table_name, $accepted_tables)){
$table_name = htmlspecialchars($table_name);
