public function getpage()
{
global $q, $tpl;
$sql = new MySQLObject();
if ($sql->query("\r\nSELECT `pid`,`header`,`content`,`parent`\r\nFROM " . $q->table('pages') . "\r\nWHERE (`slug` = '" . $sql->escape($_GET['slug']) . "')")) {
if ($sql->num() > 0) {
$tpl->assign('PAGE', true, 'if');
$tpl->assign('ERROR', false, 'if');
} else {
$tpl->assign('PAGE', false, 'if');
$tpl->assign('ERROR', true, 'if');
}
$page = $sql->fetch_one();
$tpl->assign(array('PAGE.HEADER' => $page->header, 'PAGE.CONTENT' => $page->content));
$this->actual = array('parent' => $page->parent, 'id' => $page->pid, 'slug' => $_GET['slug']);
}
}
public function acp_tag_edit()
{
if (isset($_GET['tag'])) {
$sql = new MySQLObject();
if ($sql->query("SELECT `header`,`tag` FROM " . $sql->table('blog_tags') . " WHERE (`tag` = '" . $sql->escape($_GET['tag']) . "')") && $sql->num() > 0) {
$tag = $sql->fetch_one();
global $tpl;
$tpl->assign(array('TAG.HEADER' => $tag->header, 'TAG.TAG' => $tag->tag));
}
}
}
public function group_edit()
{
global $cfg, $q;
// the total count of all permissions
$count = 0;
// get the changed permissions
foreach ($cfg['permissions'] as $module => $names) {
foreach ($names as $name => $values) {
if (isset($_POST['group_permissions'][$module][$name])) {
$out[$module][$name] = implode(';', $_POST['group_permissions'][$module][$name]);
} else {
$out[$module][$name] = '';
}
$count++;
}
}
// get the old permissions
$sql = new MySQLObject();
$sql->query("SELECT `name`,`module` FROM " . $q->table('permissions') . " WHERE (`group` = " . intval($_GET['gid']) . ")");
$to_update = array();
$to_update_count = 0;
foreach ($sql->fetch() as $perm) {
$to_update[$perm->module][$perm->name] = true;
$to_update_count++;
}
// update/insert the changed permissions
$query = "INSERT INTO " . $q->table('permissions') . " (`name`,`group`,`module`,`value`) VALUES";
$i = 0;
foreach ($out as $module => $names) {
foreach ($names as $name => $value) {
if (isset($to_update[$module][$name])) {
$sql->query("UPDATE " . $q->table('permissions') . " SET `value` = '" . $sql->escape($value) . "' WHERE (`module` = '" . $module . "' AND `name` = '" . $name . "' AND `group` = " . intval($_GET['gid']) . ")");
} else {
$query .= " ('" . $name . "'," . intval($_GET['gid']) . ",'" . $module . "','" . $sql->escape($value) . "')";
if ($i != $count - $to_update_count) {
$query .= ",";
}
# !! echo($i . $count . $to_update_count);
$i++;
}
}
}
if ($i != 0) {
$sql->query($query);
}
global $syslog, $tpl, $action;
if (!$action) {
$action = true;
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=users');
$tpl->load('alert_success');
$tpl->inc('alert_success');
$tpl->assign('ALERT_SUCCESS_MESSAGE', '{L_ALERT_USERS_GROUP_EDIT_SUCCESS}');
}
}
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu');
$syslog->alert_success('{L_ALERT_MENU_ITEM_ADD_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_MENU_ITEM_ADD_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_ADD}');
die;
}
break;
case 'edit':
if (permissions('menu', 'items', 'edit')) {
$sql = new MySQLObject();
if ($sql->query("\r\nUPDATE " . $sql->table('menu') . "\r\nSET\r\n\t`header` = '" . $sql->escape($_POST['item']['header']) . "',\r\n\t`link` = '" . $sql->escape($_POST['item']['link']) . "',\r\n\t`show` = " . intval($_POST['item']['show']) . "\r\nWHERE (`iid` = " . intval($_GET['iid']) . ")")) {
// -- OK --
$tpl->assign('REDIRECT_LOCATION', './acp.php?c=menu');
$syslog->alert_success('{L_ALERT_MENU_ITEM_EDIT_SUCCESS}');
die;
} else {
$syslog->alert_error('{L_ALERT_MENU_ITEM_EDIT_ERROR}');
die;
}
} else {
$syslog->permissions_error('{L_PERMISSIONS_MENU_ITEM_EDIT}');
die;
}
break;
case 'delete':
if (permissions('menu', 'items', 'delete')) {
