* * Save configuration preferences * */ if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'cfg-news' && checkAuth()) { FbX::SetFeedbackLocation('news.Manage.php'); try { if ($page_id) { FbX::SetFeedbackLocation('news.Manage.php', 'page_id=' . $page_id); // Only if current user has the rights if ($perm->is_level_okay('manageModNews', $_SESSION['ccms_userLevel'])) { $showLocale = getPOSTparam4IdOrNumber('locale'); $showMessage = getPOSTparam4Number('messages'); $showAuthor = getPOSTparam4boolean('author'); $showDate = getPOSTparam4boolean('show_modified'); $showTeaser = getPOSTparam4boolean('show_teaser'); $values = array(); // [i_a] make sure $values is an empty array to start with here $values["page_id"] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER); $values["showLocale"] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT); $values["showMessage"] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER); $values["showAuthor"] = MySQL::SQLValue($showAuthor, MySQL::SQLVALUE_BOOLEAN); $values["showDate"] = MySQL::SQLValue($showDate, MySQL::SQLVALUE_BOOLEAN); $values["showTeaser"] = MySQL::SQLValue($showTeaser, MySQL::SQLVALUE_BOOLEAN); // Execute the insert or update for current page if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgnews', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) { header('Location: ' . makeAbsoluteURI('news.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved']))); exit; } else { throw new FbX($db->MyDyingMessage()); }
} catch (CcmsAjaxFbException $e) { $e->croak(); } } /** * * Edit user level as posted by an authorized user * */ if ($do_action == 'edit-user-level' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) { FbX::SetFeedbackLocation('user-management.Manage.php'); try { // Only if current user has the rights if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) { $userID = getPOSTparam4Number('userID'); $userActive = getPOSTparam4boolean('userActive'); $userLevel = getPOSTparam4Number('userLevel'); if ($userLevel > 0) { $values = array(); // [i_a] make sure $values is an empty array to start with here $values['userLevel'] = MySQL::SQLValue($userLevel, MySQL::SQLVALUE_NUMBER); $values['userActive'] = MySQL::SQLValue($userActive, MySQL::SQLVALUE_BOOLEAN); if ($db->UpdateRow($cfg['db_prefix'] . 'users', $values, array('userID' => MySQL::SQLValue($userID, MySQL::SQLVALUE_NUMBER)))) { if ($userID == $_SESSION['ccms_userID']) { $_SESSION['ccms_userLevel'] = $userLevel; } header('Location: ' . makeAbsoluteURI('user-management.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved']))); exit; } else { throw new FbX($db->MyDyingMessage()); }
exit; } // Step three if ($nextstep == '3' && checkAuth()) { // // Installation actions // - Saving preferences // $version = array('version' => getPOSTparam4boolean('version')); $iframe = array('iframe' => getPOSTparam4boolean('iframe')); $wysiwyg = array('wysiwyg' => getPOSTparam4boolean('wysiwyg')); $protect = array('protect' => getPOSTparam4boolean('protect')); $userPass = array('userPass' => $_POST['userPass']); // must store this in RAW form - will not be displayed anywhere, is only fed to MD5() $authcode = array('authcode' => getPOSTparam4IdOrNumber('authcode')); $do_upgrade = array('do_upgrade' => getPOSTparam4boolean('upgrade')); // Add new data to variable session $_SESSION['variables'] = array_merge($_SESSION['variables'], $version, $iframe, $wysiwyg, $protect, $userPass, $authcode, $do_upgrade); ?> <legend class="installMsg">Step 3 - Collecting your database details</legend> <label for="db_host"><span class="ss_sprite_16 ss_server_database"> </span>Database host</label> <input type="text" class="alt title" name="db_host" value="<?php echo empty($_SESSION['variables']['db_host']) ? 'localhost' : $_SESSION['variables']['db_host']; ?> " id="db_host" /> <br/> <label for="db_user"><span class="ss_sprite_16 ss_drive_user"> </span>Database username</label> <input type="text" class="alt title" name="db_user" value="<?php echo empty($_SESSION['variables']['db_user']) ? '' : $_SESSION['variables']['db_user']; ?> " id="db_user" />