function &amGetAttributeManagerInstance($get) { if (!is_numeric($get['products_id']) || AM_ATOMIC_PRODUCT_UPDATES) { // first time visiting the page - delete the session var and start again if ('new_product' == $get[AM_PAGE_ACTION_NAME] && !tep_not_null($get[AM_ACTION_GET_VARIABLE])) { amSessionUnregister(AM_SESSION_VAR_NAME); } amSessionRegister(AM_SESSION_VAR_NAME, array()); $attributeManager = new attributeManagerAtomic(amGetSesssionVariable(AM_SESSION_VAR_NAME)); } else { $attributeManager = new attributeManagerInstant($_GET['products_id']); } return $attributeManager; }
/** * deletes the global session variable * @static deAuthorise() * @access public * @author Sam West aka Nimmit - osc@kangaroopartners.com * @param $sessionVar string session variable name * @return void */ function deAuthorise($sessionVar) { amSessionUnregister($sessionVar); }
Copyright © 2006 Kangaroo Partners http://kangaroopartners.com osc@kangaroopartners.com */ require_once 'attributeManager/classes/attributeManagerConfig.class.php'; require_once 'attributeManager/classes/amDB.class.php'; require_once 'attributeManager/classes/stopDirectAccess.class.php'; // Check the session var exists if (is_array(${AM_SESSION_VAR_NAME}) && is_numeric($products_id)) { foreach (${AM_SESSION_VAR_NAME} as $newAttribute) { $newAttributeData = array('products_id' => $products_id, 'options_id' => amDB::input($newAttribute['options_id']), 'options_values_id' => amDB::input($newAttribute['options_values_id']), 'options_values_price' => amDB::input($newAttribute['options_values_price']), 'price_prefix' => amDB::input($newAttribute['price_prefix'])); // insert it into the database amDB::perform(TABLE_PRODUCTS_ATTRIBUTES, $newAttributeData); } /** * Delete the temporary session var */ amSessionUnregister(AM_SESSION_VAR_NAME); /** * remove the direct access authorization so that if the session is hijacked they wont be able * access the attributeManagerFile directly without first going to the product addition page. * If thats not secured then it doesn't really matter what this script does they have compleate access anyway im not at fault */ stopDirectAccess::deAuthorise(AM_SESSION_VALID_INCLUDE); }