public function getpage() { global $q, $tpl; $sql = new MySQLObject(); if ($sql->query("\r\nSELECT `pid`,`header`,`content`,`parent`\r\nFROM " . $q->table('pages') . "\r\nWHERE (`slug` = '" . $sql->escape($_GET['slug']) . "')")) { if ($sql->num() > 0) { $tpl->assign('PAGE', true, 'if'); $tpl->assign('ERROR', false, 'if'); } else { $tpl->assign('PAGE', false, 'if'); $tpl->assign('ERROR', true, 'if'); } $page = $sql->fetch_one(); $tpl->assign(array('PAGE.HEADER' => $page->header, 'PAGE.CONTENT' => $page->content)); $this->actual = array('parent' => $page->parent, 'id' => $page->pid, 'slug' => $_GET['slug']); } }
public function acp_tag_edit() { if (isset($_GET['tag'])) { $sql = new MySQLObject(); if ($sql->query("SELECT `header`,`tag` FROM " . $sql->table('blog_tags') . " WHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')") && $sql->num() > 0) { $tag = $sql->fetch_one(); global $tpl; $tpl->assign(array('TAG.HEADER' => $tag->header, 'TAG.TAG' => $tag->tag)); } } }
public function group_edit() { global $cfg, $q; // the total count of all permissions $count = 0; // get the changed permissions foreach ($cfg['permissions'] as $module => $names) { foreach ($names as $name => $values) { if (isset($_POST['group_permissions'][$module][$name])) { $out[$module][$name] = implode(';', $_POST['group_permissions'][$module][$name]); } else { $out[$module][$name] = ''; } $count++; } } // get the old permissions $sql = new MySQLObject(); $sql->query("SELECT `name`,`module` FROM " . $q->table('permissions') . " WHERE (`group` = " . intval($_GET['gid']) . ")"); $to_update = array(); $to_update_count = 0; foreach ($sql->fetch() as $perm) { $to_update[$perm->module][$perm->name] = true; $to_update_count++; } // update/insert the changed permissions $query = "INSERT INTO " . $q->table('permissions') . " (`name`,`group`,`module`,`value`) VALUES"; $i = 0; foreach ($out as $module => $names) { foreach ($names as $name => $value) { if (isset($to_update[$module][$name])) { $sql->query("UPDATE " . $q->table('permissions') . " SET `value` = '" . $sql->escape($value) . "' WHERE (`module` = '" . $module . "' AND `name` = '" . $name . "' AND `group` = " . intval($_GET['gid']) . ")"); } else { $query .= " ('" . $name . "'," . intval($_GET['gid']) . ",'" . $module . "','" . $sql->escape($value) . "')"; if ($i != $count - $to_update_count) { $query .= ","; } # !! echo($i . $count . $to_update_count); $i++; } } } if ($i != 0) { $sql->query($query); } global $syslog, $tpl, $action; if (!$action) { $action = true; $tpl->assign('REDIRECT_LOCATION', './acp.php?c=users'); $tpl->load('alert_success'); $tpl->inc('alert_success'); $tpl->assign('ALERT_SUCCESS_MESSAGE', '{L_ALERT_USERS_GROUP_EDIT_SUCCESS}'); } }
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu'); $syslog->alert_success('{L_ALERT_MENU_ITEM_ADD_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_MENU_ITEM_ADD_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_ADD}'); die; } break; case 'edit': if (permissions('menu', 'items', 'edit')) { $sql = new MySQLObject(); if ($sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET\r\n\t`header` = '" . $sql->escape($_POST['item']['header']) . "',\r\n\t`link` = '" . $sql->escape($_POST['item']['link']) . "',\r\n\t`show` = " . intval($_POST['item']['show']) . "\r\nWHERE (`iid` = " . intval($_GET['iid']) . ")")) { // -- OK -- $tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu'); $syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}'); die; } else { $syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}'); die; } } else { $syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_EDIT}'); die; } break; case 'delete': if (permissions('menu', 'items', 'delete')) {