*
* Save configuration preferences
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'cfg-news' && checkAuth()) {
FbX::SetFeedbackLocation('news.Manage.php');
try {
if ($page_id) {
FbX::SetFeedbackLocation('news.Manage.php', 'page_id=' . $page_id);
// Only if current user has the rights
if ($perm->is_level_okay('manageModNews', $_SESSION['ccms_userLevel'])) {
$showLocale = getPOSTparam4IdOrNumber('locale');
$showMessage = getPOSTparam4Number('messages');
$showAuthor = getPOSTparam4boolean('author');
$showDate = getPOSTparam4boolean('show_modified');
$showTeaser = getPOSTparam4boolean('show_teaser');
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values["page_id"] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
$values["showLocale"] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
$values["showMessage"] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
$values["showAuthor"] = MySQL::SQLValue($showAuthor, MySQL::SQLVALUE_BOOLEAN);
$values["showDate"] = MySQL::SQLValue($showDate, MySQL::SQLVALUE_BOOLEAN);
$values["showTeaser"] = MySQL::SQLValue($showTeaser, MySQL::SQLVALUE_BOOLEAN);
// Execute the insert or update for current page
if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgnews', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
header('Location: ' . makeAbsoluteURI('news.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
/**
*
* Edit user level as posted by an authorized user
*
*/
if ($do_action == 'edit-user-level' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
FbX::SetFeedbackLocation('user-management.Manage.php');
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
$userID = getPOSTparam4Number('userID');
$userActive = getPOSTparam4boolean('userActive');
$userLevel = getPOSTparam4Number('userLevel');
if ($userLevel > 0) {
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['userLevel'] = MySQL::SQLValue($userLevel, MySQL::SQLVALUE_NUMBER);
$values['userActive'] = MySQL::SQLValue($userActive, MySQL::SQLVALUE_BOOLEAN);
if ($db->UpdateRow($cfg['db_prefix'] . 'users', $values, array('userID' => MySQL::SQLValue($userID, MySQL::SQLVALUE_NUMBER)))) {
if ($userID == $_SESSION['ccms_userID']) {
$_SESSION['ccms_userLevel'] = $userLevel;
}
header('Location: ' . makeAbsoluteURI('user-management.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($db->MyDyingMessage());
}
exit;
}
// Step three
if ($nextstep == '3' && checkAuth()) {
//
// Installation actions
// - Saving preferences
//
$version = array('version' => getPOSTparam4boolean('version'));
$iframe = array('iframe' => getPOSTparam4boolean('iframe'));
$wysiwyg = array('wysiwyg' => getPOSTparam4boolean('wysiwyg'));
$protect = array('protect' => getPOSTparam4boolean('protect'));
$userPass = array('userPass' => $_POST['userPass']);
// must store this in RAW form - will not be displayed anywhere, is only fed to MD5()
$authcode = array('authcode' => getPOSTparam4IdOrNumber('authcode'));
$do_upgrade = array('do_upgrade' => getPOSTparam4boolean('upgrade'));
// Add new data to variable session
$_SESSION['variables'] = array_merge($_SESSION['variables'], $version, $iframe, $wysiwyg, $protect, $userPass, $authcode, $do_upgrade);
?>
<legend class="installMsg">Step 3 - Collecting your database details</legend>
<label for="db_host"><span class="ss_sprite_16 ss_server_database"> </span>Database host</label>
<input type="text" class="alt title" name="db_host" value="<?php
echo empty($_SESSION['variables']['db_host']) ? 'localhost' : $_SESSION['variables']['db_host'];
?>
" id="db_host" />
<br/>
<label for="db_user"><span class="ss_sprite_16 ss_drive_user"> </span>Database username</label>
<input type="text" class="alt title" name="db_user" value="<?php
echo empty($_SESSION['variables']['db_user']) ? '' : $_SESSION['variables']['db_user'];
?>
" id="db_user" />
