function strip_gpc_slashes($input) { if (!get_magic_quotes_gpc() || !is_string($input) && !is_array($input)) { return $input; } if (is_string($input)) { $output = stripslashes($input); } elseif (is_array($input)) { $output = array(); foreach ($input as $key => $val) { $new_key = stripslashes($key); $new_val = strip_gpc_slashes($val); $output[$new_key] = $new_val; } } return $output; }
public function handleInput($get, $post) { // todo: přidat práva $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (array_key_exists('sqs', $get)) { $this->sqs = $get['sqs']; } if (isset($get['nl'])) { if (($nl = (int) $get['nl']) < 1) { throw new Excenlion("Neplatná hodnota parametru \"nl\": {$nl}"); } $this->id = $nl; $anchor = new CurrentKiwiAnchor(); $anchor->set_key_value(KIWI_NEWSLETTERS, $this->id); } if (isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } if (!$this->productsEnabled()) { throw new Exception("Neplatný vstup - produkty newsletterů nejsou aktivovány"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadProducts(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveProduct($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $cp; $qs = $this->consQS(); $this->redirection = KIWI_EDIT_NEWSLETTER . $qs . '#zmena'; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); $this->all_checked = isset($xpost['checkall']); if (isset($xpost['check']) && is_array($xpost['check'])) { foreach ($xpost['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } switch ($post['cmd']) { case 'speichern': $this->title = $xpost['Nazev']; if ($this->title == '') { throw new Exception('Název newsletteru nebyl vyplněn'); } $this->content = $this->parseFckEditorInput($xpost['knlrfc_content']); $this->start = $xpost['Start']; $this->active = array_key_exists('Aktivni', $xpost) && $xpost['Aktivni'] == 'on' ? 1 : 0; $this->saveData(); $qs = $this->consQS(); $this->redirection = $self . $qs . '#stred'; break; case 'Artikel hinzufügen': if ($this->productsEnabled()) { $qs = $this->consQS(); $this->redirection = KIWI_ADD_EXISTING_PRODUCT . $qs; } break; case 'entfernen': $id_list = implode(',', $post['check']); if ($id_list) { $nlid = (int) $this->id; mysql_query("DELETE FROM nlproducts WHERE NLID={$nlid} AND ID IN ({$id_list})"); $this->loadLastChange(false); $this->lastchange->register(); } $qs = $this->consQS(); $this->redirection = $self . $qs . '#stred'; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { if (!empty($get)) { if (array_key_exists('l', $get)) { if ($get['l'] == 'all') { $this->letter = null; } else { $ltr = strtoupper(substr($get['l'], 0, 2)); if ($ltr != 'CH') { $ltr = substr($ltr, 0, 1); } $this->letter = $ltr; } } if (array_key_exists('pg', $get)) { $pg = (int) $get['pg']; if ($pg > 0) { $this->page = $pg; } } } if (!$this->read_only && !empty($post)) { $this->all_checked = isset($post['checkall']); if (isset($post['check']) && is_array($post['check'])) { foreach ($post['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } switch ($post['cmd']) { case 'speichern': $this->saveData(strip_gpc_slashes($post)); $qs = $this->consQS(); $this->redirection = KIWI_PRODUCTS_SEO . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (array_key_exists('a', $get)) { if (($a = (int) $get['a']) < 1) { throw new Exception("Neplatná hodnota parametru \"a\": {$a}"); } $this->id = $a; } if (isset($get['ag'])) { if (($ag = (int) $get['ag']) < 1) { throw new Exception("Neplatná hodnota parametru \"ag\": {$ag}"); } $this->agid = $ag; } if ($this->id == 0 && $this->agid == 0) { throw new Exception("Minimálně jeden z parametrů \"a\" a \"ag\" je povinný!"); } if (!$this->read_only && array_key_exists('rp', $get)) { $qs = $this->constructQueryString(); $this->removeActionPicture(); $this->redirection = $self . $qs; return; } } if (!$this->read_only && !empty($post)) { $xpost = strip_gpc_slashes($post); switch ($post['cmd']) { case 'speichern': $this->title = $xpost['Nazev_akce']; if ($this->title == '') { throw new Exception('Název akce nebyl vyplněn'); } $this->description = $xpost['Popis_akce']; $this->link = $xpost['Odkaz_akce']; $this->handleUploads(); $this->saveData(); $qs = $this->constructQueryString(); $this->redirection = $self . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $self = basename($_SERVER['PHP_SELF']); $qs = ''; if (!empty($get)) { if (isset($get['ei'])) { if (($ei = (int) $get['ei']) < 1) { throw new Exception("Neplatné ID záznamu: {$ei}"); } $this->id = $ei; $qs = "?ei={$this->id}"; } if (isset($get['sg'])) { if (($this->parent = (int) $get['sg']) < 1) { throw new Exception("Neplatné ID nadřazené skupiny: {$this->parent}"); } } if (isset($get['gp'])) { if (($this->grouped_product = (int) $get['gp']) < 1) { throw new Exception("Neplatné ID sdruženého produktu: {$this->grouped_product}"); } if (!$this->id) { throw new Exception("V případě použití parametru gp je povinný i parametr ei"); } $qs .= '&gp=' . $this->grouped_product; } if (isset($get['ri']) && $this->id != 1) { $this->removeGroupIcon(); $this->redirection = $self . $qs; return; } if (isset($get['asa']) || isset($get['asd'])) { $nas = isset($get['asa']) ? 1 : 0; if ($nas && isset($get['asd'])) { throw new Exception("Současná přítomnost parametrů asa a asd není přípustná"); } $qsv = 'as' . ($nas ? 'a' : 'd'); $this->loadRecord(); if (($as = (int) $get[$qsv]) < 1 || !isset($this->index[$as])) { throw new Exception("Neplatné ID záznamu: {$as}"); } if ($nas && !$this->record->Active) { throw new Exception("Pokud o nepřípustnou aktivaci záznamu: {$as}"); } mysql_query("UPDATE prodbinds SET Active='{$nas}', LastChange=CURRENT_TIMESTAMP WHERE ID={$as}"); /* $this->products[$this->index[$as]]->Active = $nas; $this->products[$this->index[$as]]->LastChange = date('Y-m-d H:i', time()); */ $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $as; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } if (isset($get['tn'])) { $this->loadRecord(); if (($tn = (int) $get['tn']) < 1 || !isset($this->index[$tn])) { throw new Exception("Neplatné ID záznamu: {$tn}"); } $prod = $this->products[$this->index[$tn]]; $ntn = !$prod->Novelty; mysql_query("UPDATE products SET Novelty='{$ntn}', LastChange=CURRENT_TIMESTAMP WHERE ID={$prod->PID}"); mysql_query("UPDATE prodbinds SET LastChange=CURRENT_TIMESTAMP WHERE ID={$tn}"); $this->products[$this->index[$tn]]->Novelty = $ntn; $this->products[$this->index[$tn]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $tn; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } if (isset($get['ta'])) { $this->loadRecord(); if (($ta = (int) $get['ta']) < 1 || !isset($this->index[$ta])) { throw new Exception("Neplatné ID záznamu: {$ta}"); } $prod = $this->products[$this->index[$ta]]; $nta = !$prod->Action; mysql_query("UPDATE products SET Action='{$nta}', LastChange=CURRENT_TIMESTAMP WHERE ID={$prod->PID}"); mysql_query("UPDATE prodbinds SET LastChange=CURRENT_TIMESTAMP WHERE ID={$ta}"); $this->products[$this->index[$ta]]->Action = $nta; $this->products[$this->index[$ta]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $ta; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } if (isset($get['td'])) { $this->loadRecord(); if (($td = (int) $get['td']) < 1 || !isset($this->index[$td])) { throw new Exception("Neplatné ID záznamu: {$td}"); } $prod = $this->products[$this->index[$td]]; $ntd = !$prod->Discount; mysql_query("UPDATE products SET Discount='{$ntd}', LastChange=CURRENT_TIMESTAMP WHERE ID={$prod->PID}"); mysql_query("UPDATE prodbinds SET LastChange=CURRENT_TIMESTAMP WHERE ID={$td}"); $this->products[$this->index[$td]]->Discount = $ntd; $this->products[$this->index[$td]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $td; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } if (isset($get['ts'])) { $this->loadRecord(); if (($ts = (int) $get['ts']) < 1 || !isset($this->index[$ts])) { throw new Exception("Neplatné ID záznamu: {$ts}"); } $prod = $this->products[$this->index[$ts]]; $nts = !$prod->Sellout; mysql_query("UPDATE products SET Sellout='{$nts}', LastChange=CURRENT_TIMESTAMP WHERE ID={$prod->PID}"); mysql_query("UPDATE prodbinds SET LastChange=CURRENT_TIMESTAMP WHERE ID={$ts}"); $this->products[$this->index[$ts]]->Sellout = $nts; $this->products[$this->index[$ts]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $ts; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } if (isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadRecord(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveProduct($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $cp; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs . '#zmena'; } } else { throw new Exception("Chybějící ID nadřazené skupiny"); } if (!empty($post)) { $xpost = strip_gpc_slashes($post); $this->all_checked = isset($xpost['checkall']); if (isset($xpost['check']) && is_array($xpost['check'])) { foreach ($xpost['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } $act = 0; switch ($xpost['cmd']) { case 'speichern': $this->handleUploads(); $this->title = $xpost['Nazev']; if ($this->title == '') { throw new Exception('Název řady nebyl vyplněn'); } $this->description = $xpost['Popis']; $this->auto = array_key_exists('Auto', $xpost); if (array_key_exists('URL_rady', $xpost)) { $this->url = $xpost['URL_rady']; } if (array_key_exists('htitle_rady', $xpost)) { $this->htitle = $xpost['htitle_rady']; } $ue = $this->rights === true || $this->rights['EditURLs']; $flds = array('title', 'description', 'icon', 'flags'); if ($ue || !$this->id) { $flds[] = 'url'; $flds[] = 'htitle'; if ($this->auto || !$this->id && !$ue) { $this->generateURL(); $this->generateTitle(); } } $this->flags = (int) array_key_exists('mainmenu_flag', $xpost); foreach ($flds as $fld) { ${$fld} = mysql_real_escape_string($this->{$fld}); } if ($this->id) { $ue_sql = $ue ? ", URL='{$url}', PageTitle='{$htitle}'" : ''; $icon_sql = $icon !== '' ? ", Icon='{$icon}'" : ''; mysql_query("UPDATE eshop SET Name='{$title}', Description='{$description}'{$ue_sql}{$icon_sql}, Flags={$flags}, LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); } else { if ($this->parent == null) { throw new Exception("Chybějící ID nadřazené skupiny"); } $result = mysql_query("SELECT Count(ID) FROM eshop WHERE ID={$this->parent} AND Subgroup=1"); $row = mysql_fetch_row($result); if ($row[0] != 1) { throw new Exception("Neplatné ID nadřazené skupiny"); } $result = mysql_query("SELECT MAX(Priority) FROM eshop WHERE Parent={$this->parent}"); $row = mysql_fetch_row($result); $priority = (int) $row[0] + 1; if ($ue) { $ue_sql1 = ', URL, PageTitle'; $ue_sql2 = ",'{$url}', '{$htitle}'"; } else { $ue_sql1 = $ue_sql2 = ''; } if ($icon) { $icon_sql1 = ', Icon'; $icon_sql2 = ",'{$icon}'"; } else { $icon_sql1 = $icon_sql2 = ''; } mysql_query("INSERT INTO eshop(Name, Description{$ue_sql1}{$icon_sql1}, Parent, Flags, Priority) VALUES ('{$title}', '{$description}'{$ue_sql2}{$icon_sql2}, {$this->parent}, {$flags}, {$priority})"); $this->id = mysql_insert_id(); Kiwi_EShop_Indexer::index($this->id, $this->parent); $qs = "?ei={$this->id}"; $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = KIWI_EDIT_ESHOPITEM . $qs; break; case 'Zurück': $this->loadRecord(); $this->redirection = $this->getBackLink(); break; case 'aktivieren': $act = 1; case 'deaktivieren': $this->loadRecord(); if ($act && !$this->record->Active) { throw new Exception("Pokud o nepřípustnou aktivaci záznamů"); } $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("UPDATE prodbinds SET Active={$act}, LastChange=CURRENT_TIMESTAMP WHERE ID IN ({$id_list})"); } $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = KIWI_EDIT_ESHOPITEM . $qs; break; case 'neuer Artikel hinzufügen': $this->redirection = KIWI_ADD_PRODUCT . $qs; break; case 'vorhandene Artikel hinzufügen': $this->redirection = KIWI_ADD_EXISTING_PRODUCT . $qs; break; case 'entfernen': $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("DELETE FROM prodbinds WHERE ID IN ({$id_list})"); $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = KIWI_EDIT_ESHOPITEM . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { // todo: přidat práva $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (array_key_exists('ei', $get)) { if (($ei = (int) $get['ei']) < 1) { throw new Exception("Neplatná hodnota parametru \"ei\": {$ei}"); } $this->eshop_item = $ei; } if (array_key_exists('sei', $get)) { if ($this->eshop_item) { throw new Exception("Souběžné použití parametrů \"ei\" a \"sei\""); } if (($sei = (int) $get['sei']) < 1) { throw new Exception("Neplatná hodnota parametru \"sei\": {$sei}"); } $this->s_eshop_item = $sei; } if (isset($get['gp'])) { if (($this->grouped_product = (int) $get['gp']) < 1) { throw new Exception("Neplatné ID sdruženého produktu: {$this->grouped_product}"); } } if (array_key_exists('sqs', $get)) { $this->sqs = $get['sqs']; } if (isset($get['p'])) { if (($p = (int) $get['p']) < 1) { throw new Exception("Neplatná hodnota parametru \"p\": {$p}"); } $this->id = $p; $anchor = new CurrentKiwiAnchor(); $anchor->set_key_value(KIWI_PRODUCTS, $this->id); } if (isset($get['rp'])) { $qs = $this->consQS(); $this->removeProductPhoto(); $this->redirection = $self . $qs . '#stred'; return; } if (isset($get['rpe'])) { if (($rpe = (int) $get['rpe']) < 1) { throw new Exception("Neplatná hodnota parametru \"rpe\": {$rpe}"); } $qs = $this->consQS(); $this->removeExtraPhoto($rpe); $this->redirection = $self . $qs . '#stred'; return; } if (isset($get['rpi'])) { if (($rpi = (int) $get['rpi']) < 1) { throw new Exception("Neplatná hodnota parametru \"rpi\": {$rpi}"); } $qs = $this->consQS(); $this->removeIllustrativePhoto($rpi); $this->redirection = $self . $qs . '#stred'; return; } if (isset($get['rpv'])) { $qs = $this->consQS(); if (($rpv = (int) $get['rpv']) < 1) { throw new Exception("Neplatná hodnota parametru \"rpv\": {$rpv}"); } $propid = $this->removePropertyValue($rpv); $this->redirection = $self . $qs . '#prp' . $propid; return; } if (isset($get['apv'])) { $qs = $this->consQS(); if (($apv = (int) $get['apv']) < 1) { throw new Exception("Neplatná hodnota parametru \"apv\": {$apv}"); } $propid = $this->addPropertyValue($apv); $this->redirection = $self . $qs . '#prp' . $propid; return; } if (isset($get['anpv'])) { $qs = $this->consQS(); $anpv = explode(':', $get['anpv'], 2); try { if (sizeof($anpv) != 2) { throw new Exception(); } $propid = $anpv[0]; if ($propid < 1) { throw new Exception(); } $pval = $anpv[1]; } catch (Exception $e) { throw new Exception("Neplatná hodnota parametru \"anpv\": {$anpv}"); } $this->addNewPropertyValue($propid, $pval); $this->redirection = $self . $qs . '#prp' . $propid; return; } if (array_key_exists('eg', $get)) { if ($this->id == 0) { throw new Exception('Pokus o editaci sdružených produktů s dosud nevytvořeným produktem'); } $group = $this->acquireGroupedProductsGroup(); $this->redirection = KIWI_EDIT_ESHOPITEM . "?ei={$group}&gp={$this->id}"; return; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); switch ($post['cmd']) { case 'speichern': $this->title = $xpost['Nazev_vyrobku']; if ($this->title == '') { throw new Exception('Název výrobku nebyl vyplněn'); } $this->code = $xpost['Kod_vyrobku']; $this->shortdesc = $xpost['ZkracenyPopis']; $this->longdesc = $this->parseFckEditorInput($xpost['kprofc_ldsc']); //$this->longdesc = $xpost['Popis']; $this->auto = array_key_exists('Auto', $xpost); if (array_key_exists('URL_vyrobku', $xpost)) { $this->url = $xpost['URL_vyrobku']; } if (array_key_exists('htitle_vyrobku', $xpost)) { $this->htitle = $xpost['htitle_vyrobku']; } $this->collection = $xpost['Kolekce']; $this->original_cost = (double) $xpost['Puvodni_cena']; $this->new_cost = (double) $xpost['Nova_cena']; $this->ws_cost = (double) $xpost['VO_cena']; $this->novelty = array_key_exists('Novinka', $xpost) && $xpost['Novinka'] == 'on' ? 1 : 0; $this->action = array_key_exists('Akce', $xpost) && $xpost['Akce'] == 'on' ? 1 : 0; $this->discount = array_key_exists('Sleva', $xpost) && $xpost['Sleva'] == 'on' ? 1 : 0; $this->sellout = array_key_exists('Vyprodej', $xpost) && $xpost['Vyprodej'] == 'on' ? 1 : 0; $this->exposed = array_key_exists('Exponovany', $xpost) && $xpost['Exponovany'] == 'on' ? 1 : 0; $this->active = array_key_exists('Aktivni', $xpost) && $xpost['Aktivni'] == 'on' ? 1 : 0; $this->handleUploads(); $this->saveData(); $qs = $this->consQS(); $this->redirection = $self . $qs . '#stred'; break; case 'kopieren': if ($this->id === 0) { throw new Exception('Pokus kopírovat dosud nevytvořený produkt!'); } $copy = new Kiwi_Product_Copy($this->id); $this->redirection = $self . "?p=" . $copy->getCopyPID(); break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { // todo: přidat práva $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (isset($get['o'])) { if (($o = (int) $get['o']) < 1) { throw new Exception("Neplatná hodnota parametru \"o\": {$o}"); } $this->id = $o; } else { $this->redirection = KIWI_ORDERS; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); switch ($post['cmd']) { case 'speichern': $this->loadData(); $this->handleFormData($xpost); $this->saveData(); if ($this->data->Status != 1 && $this->formdata['Status'] == 1) { $this->redirection = KIWI_ESHOPMAIL_FORM . "?mt=odeslano&o=" . $this->id; } else { $this->redirection = KIWI_ORDERS; } break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $qs = ''; if (!empty($get)) { if (isset($get['pp'])) { if (($pp = (int) $get['pp']) < 1) { throw new Exception("Neplatné ID záznamu: {$pp}"); } $this->id = $pp; $qs = "?pp={$this->id}"; } if (isset($get['as'])) { $this->loadRecord(); if (($as = (int) $get['as']) < 1 || !isset($this->index[$as])) { throw new Exception("Neplatné ID záznamu: {$as}"); } $nas = !$this->values[$this->index[$as]]->Active; mysql_query("UPDATE prodpvals SET Active='{$nas}', LastChange=CURRENT_TIMESTAMP WHERE ID={$as}"); $this->values[$this->index[$as]]->Active = $nas; $this->values[$this->index[$as]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $as; $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs . '#zmena'; } if (isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadRecord(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveValue($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $cp; $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs . '#zmena'; } } if (!empty($post)) { $this->all_checked = isset($post['checkall']); if (isset($post['check']) && is_array($post['check'])) { foreach ($post['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } $act = 0; switch ($post['cmd']) { case 'speichern': $nazev = mysql_real_escape_string(strip_gpc_slashes($post['Nazev_vlastnosti'])); if ($nazev == '') { throw new Exception('Některá z povinných položek nebyla vyplněna'); } $typ = mysql_real_escape_string($post['Charakter_vlastnosti']); if ($typ != 1 && $typ != 2) { throw new Exception("Nekorektní vstup - charakter vlastnosti: {$typ}"); } $datatyp = mysql_real_escape_string($post['DataTyp_vlastnosti']); if ($datatyp != 1 && $datatyp != 2 && $datatyp != 3) { throw new Exception("Nekorektní vstup - datový typ vlastnosti: {$datatyp}"); } if ($this->id) { mysql_query("UPDATE prodprops SET Name='{$nazev}', Type={$typ}, DataType={$datatyp}, LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); } else { mysql_query("START TRANSACTION"); $result = mysql_query("SELECT MAX(Priority) FROM prodprops"); $row = mysql_fetch_row($result); $priority = (int) $row[0] + 1; mysql_query("INSERT INTO prodprops(Name, Type, DataType, Priority) VALUES ('{$nazev}', {$typ}, {$datatyp}, {$priority})"); $this->id = mysql_insert_id(); mysql_query("COMMIT"); $qs = "?pp={$this->id}"; $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs; break; case 'aktivieren': $act = 1; case 'deaktivieren': $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("UPDATE prodpvals SET Active={$act}, LastChange=CURRENT_TIMESTAMP WHERE ID IN ({$id_list})"); } $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs; break; case 'neuer Wert hinzufügen': $this->redirection = KIWI_ADD_PRODUCT_PROPERTY_VALUE . $qs; break; case 'entfernen': $id_list = implode(',', $post['check']); if ($id_list) { $this->deletePictureFiles($id_list); $this->deleteIcons($id_list); mysql_query("DELETE FROM prodpbinds WHERE PPVID IN ({$id_list})"); mysql_query("DELETE FROM prodpvals WHERE ID IN ({$id_list})"); $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
function handleInput($get, $post) { // todo: přidat práva $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (isset($get['ei'])) { if (($ei = (int) $get['ei']) < 1) { throw new Exception("Neplatná hodnota parametru \"ei\": {$ei}"); } $this->eshop_item = $ei; } if (isset($get['sei'])) { if ($this->eshop_item) { throw new Exception("Souběžné použití parametrů \"ei\" a \"sei\""); } if (($sei = (int) $get['sei']) < 1) { throw new Exception("Neplatná hodnota parametru \"sei\": {$sei}"); } $this->s_eshop_item = $sei; } if (isset($get['p'])) { if (($p = (int) $get['p']) < 1) { throw new Exception("Neplatná hodnota parametru \"p\": {$p}"); } $this->product_id = $p; } if (isset($get['pv'])) { if (($pv = (int) $get['pv']) < 1) { throw new Exception("Neplatná hodnota parametru \"pv\": {$pv}"); } $this->propertyvalue_id = $pv; } if (isset($get['rp'])) { $qs = $this->constructQueryString(); $this->removeProductPhoto(); $this->redirection = $self . $qs; return; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); switch ($post['cmd']) { case 'speichern': $this->handleUploads(); // handle tocost $this->saveData(); // upravi lastchange produktu $qs = $this->constructQueryString(); $this->redirection = $self . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $self = basename($_SERVER['PHP_SELF']); $qs = ''; if (!empty($get)) { if (isset($get['mi'])) { if (($mi = (int) $get['mi']) < 1) { throw new Exception("Neplatné ID záznamu: {$mi}"); } $this->id = $mi; $qs = "?mi={$this->id}"; } if (isset($get['sm'])) { if (($this->parent = (int) $get['sm']) < 1) { throw new Exception("Neplatné ID nadřazeného menu: {$this->parent}"); } } if (isset($get['as']) && !$this->read_only) { $this->loadRecord(); if (($as = (int) $get['as']) < 1 || !isset($this->index[$as])) { throw new Exception("Neplatné ID záznamu: {$as}"); } $nas = !$this->modules[$this->index[$as]]->Active; mysql_query("UPDATE modbinds SET Active='{$nas}', LastChange=CURRENT_TIMESTAMP WHERE ID={$as}"); // $this->modules[$this->index[$as]]->Active = $nas; // $this->modules[$this->index[$as]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; } if ((isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) && !$this->read_only) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadRecord(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveModule($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; } } else { throw new Exception("Chybějící ID nadřazeného menu"); } if (!empty($post) && !$this->read_only) { $this->all_checked = isset($post['checkall']); if (isset($post['check']) && is_array($post['check'])) { foreach ($post['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } $act = 0; switch ($post['cmd']) { case 'speichern': $nazev_v_menu = mysql_real_escape_string(strip_gpc_slashes($post['Nazev_v_menu'])); $web_nazev = mysql_real_escape_string(strip_gpc_slashes($post['Web_nazev'])); if ($nazev_v_menu == '' || $web_nazev == '') { throw new Exception('Některá z povinných položek nebyla vyplněna'); } if ($this->id) { mysql_query("UPDATE menuitems SET Name='{$nazev_v_menu}', WebPage='{$web_nazev}', LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); } else { if ($this->parent == null) { throw new Exception("Chybějící ID nadřazeného menu"); } $result = mysql_query("SELECT Count(ID) FROM menuitems WHERE ID={$this->parent} AND Submenu=1"); $row = mysql_fetch_row($result); if ($row[0] != 1) { throw new Exception("Neplatné ID nadřazeného menu"); } $result = mysql_query("SELECT MAX(Priority) FROM menuitems WHERE Parent={$this->parent}"); $row = mysql_fetch_row($result); $priority = (int) $row[0] + 1; mysql_query("INSERT INTO menuitems(Name, WebPage, Parent, Priority) VALUES ('{$nazev_v_menu}', '{$web_nazev}', {$this->parent}, {$priority})"); $this->id = mysql_insert_id(); $qs = "?mi={$this->id}"; $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = $self . $qs; break; case 'Náhled stránky': throw new Exception('Funkce není implementována'); break; case 'aktivieren': $act = 1; case 'deaktivieren': $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("UPDATE modbinds SET Active={$act}, LastChange=CURRENT_TIMESTAMP WHERE ID IN ({$id_list})"); } $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; break; case 'neu Modul hinzufügen:': $mtype = (int) $post['kmifc_modules']; $qs .= "&t={$mtype}"; $this->redirection = KIWI_ADD_MODULE . $qs; break; case 'vorhandene Modul hinzufügen': $this->redirection = KIWI_ADD_EXISTING_MODULE . $qs; break; case 'entfernen': $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("DELETE FROM modbinds WHERE ID IN ({$id_list})"); $this->loadLastChange(false); $this->lastchange->register(); $this->redirection = $self . $qs; } break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { if (!empty($get)) { if (isset($get['ni'])) { if (($ni = (int) $get['ni']) < 1) { throw new Exception("Neplatná hodnota parametru \"ni\": {$ni}"); } $this->id = $ni; } if (isset($get['ng'])) { if (($ng = (int) $get['ng']) < 1) { throw new Exception("Neplatná hodnota parametru \"ng\": {$ng}"); } $this->ngid = $ng; } if (isset($get['error'])) { $this->error = true; } } if ($this->id == 0 && $this->ngid == 0) { throw new Exception("Minimálně jeden z parametrů \"ni\" a \"ng\" je povinný!"); } if (!empty($post) && !$this->read_only) { switch ($post['cmd']) { case 'speichern': $xpost = strip_gpc_slashes($post); $this->name = $xpost['nazev']; $this->author = $xpost['autor']; $this->sample = $this->parseFckEditorInput($xpost['kni_ta1']); $this->content = $this->parseFckEditorInput($xpost['kni_ta2']); $this->when = $xpost['kdy']; $this->start = $xpost['od']; $this->end = $xpost['do']; if ($this->name == '') { $this->name = 'Unbenannt'; $this->error = true; } if (!isDateValid($this->when)) { $this->when = date('j.n.Y'); $this->error = true; } if (!isDateValid($this->start)) { $this->start = date('j.n.Y'); $this->error = true; } if (!isDateValid($this->end)) { $this->end = date('j.n.Y'); $this->error = true; } $this->saveData(); if ($this->id) { $qs1 = "&ni={$this->id}"; } elseif ($this->ngid) { $qs1 = "&ng={$this->ngid}"; } $qs2 = "?ng={$this->ngid}"; $this->redirection = $this->error ? KIWI_EDIT_NEWSITEM . "?error{$qs1}" : KIWI_NEWS . $qs2; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $self = basename($_SERVER['PHP_SELF']); $qs = ''; if (!empty($get)) { if (isset($get['sm'])) { if (($sm = (int) $get['sm']) < 1) { throw new Exception("Neplatné ID záznamu: {$sm}"); } $this->id = $sm; $qs = "?sm={$sm}"; } if (isset($get['n'])) { $result = mysql_query("SELECT Count(ID) FROM menuitems WHERE ID={$this->id} AND Submenu=1"); if ($row = mysql_fetch_row($result)) { if ($row[0] == 1) { $this->new_submenu = true; } } if (!$this->new_submenu) { throw new Exception("Neplatné ID záznamu: {$this->id}"); } } if (isset($get['as']) && !$this->read_only) { $this->loadRecord(); $this->loadMenuItems(); if (($as = (int) $get['as']) < 1 || !isset($this->index[$as])) { throw new Exception("Neplatné ID záznamu: {$as}"); } $nas = !$this->records[$this->index[$as]]->Active; mysql_query("UPDATE menuitems SET Active='{$nas}', LastChange=CURRENT_TIMESTAMP WHERE ID={$as}"); // $this->records[$this->index[$as]]->Active = $nas; // $this->records[$this->index[$as]]->LastChange = date('Y-m-d H:i', time()); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; } if ((isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) && !$this->read_only) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadRecord(); $this->loadMenuItems(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveItem($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; } } if (!empty($post) && !$this->read_only) { $this->all_checked = isset($post['checkall']); if (isset($post['check']) && is_array($post['check'])) { foreach ($post['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } $act = 0; switch ($post['cmd']) { case 'speichern': $nazev_v_menu = mysql_real_escape_string(strip_gpc_slashes($post['Nazev_v_menu'])); if (!$this->id) { throw new Exception("Neplatné ID záznamu: {$this->id}"); } if (!$this->new_submenu) { if ($this->id == 1) { throw new Exception('Neplatná operace: editace nastavení hlavního menu'); } else { mysql_query("UPDATE menuitems SET Name='{$nazev_v_menu}', LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); } } elseif ($nazev_v_menu != '') { $result = mysql_query("SELECT Max(Priority) FROM menuitems WHERE Parent={$this->id}"); if ($row = mysql_fetch_row($result)) { $priority = (int) $row[0] + 1; } else { throw new Exception("Chyba při načítání priority položek menu"); } mysql_query("INSERT INTO menuitems(Name, Submenu, Parent, Priority, Active) VALUES ('{$nazev_v_menu}', 1, {$this->id}, {$priority}, 1)"); $this->id = mysql_insert_id(); $qs = "?sm={$this->id}"; $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = $self . $qs; break; case 'aktivieren': $act = 1; case 'deaktivieren': $id_list = implode(',', $post['check']); if ($id_list) { mysql_query("UPDATE menuitems SET Active={$act}, LastChange=CURRENT_TIMESTAMP WHERE ID IN ({$id_list}) AND ID > 1"); } // ID 1 odpovídá hlavnímu menu, které nelze deaktivovat $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; break; case 'Seite zugeben': $this->redirection = KIWI_ADD_MENUITEM . "?sm={$this->id}"; break; case 'Untermenü zugeben': $this->redirection = KIWI_ADD_SUBMENU . "?sm={$this->id}&n"; break; case 'entfernen': if (sizeof($post['check']) > 0) { $id_list_rec = implode(',', $this->getRecursiveIdList($post['check'])); mysql_query("DELETE FROM menuitems WHERE ID IN ({$id_list_rec}) AND ID > 1"); // ID 1 odpovídá hlavnímu menu, které nelze odstranit mysql_query("DELETE FROM modbinds WHERE MIID IN ({$id_list_rec})"); $this->loadLastChange(false); $this->lastchange->register(); $this->redirection = $self . $qs; } break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
function handleInput($get, $post) { parent::handleInput($get, $post); if (!empty($post) && !$this->read_only) { switch ($post['cmd']) { case 'speichern': $this->name = strip_gpc_slashes($post['nazev']); if ($this->name == '') { throw new Exception('Název nebyl vyplněn'); } $this->content = strip_gpc_slashes($post['km_text_ta1']); $this->saveData(); $this->redirectLevelUp(); break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { parent::handleInput($get, $post); if (!empty($post) && !$this->read_only) { switch ($post['cmd']) { case 'speichern': $this->ngid = $post['skupina']; $this->name = strip_gpc_slashes($post['nazev']); if ($this->name == '') { throw new Exception('Název nebyl vyplněn'); } $this->perpage = strip_gpc_slashes($post['pocet']); if ($this->perpage == '') { throw new Exception('Počet novinek na stránku nebyl vyplněn'); } if (!(ctype_digit($this->perpage) && $this->perpage > 0 && $this->perpage <= MAX_NEWS_PER_PAGE)) { throw new Exception('Počet novinek není korektní'); } $this->listmode = $post['listmod']; $this->showpages = array_key_exists('stranky', $post) && $post['stranky'] == 'on'; $this->detaillink = strip_gpc_slashes($post['detaillink']); $this->saveData(); $this->redirectLevelUp(); break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
function handleInput($get, $post) { // todo: přidat práva $self = basename($_SERVER['PHP_SELF']); if (!empty($get)) { if (isset($get['c'])) { if (($c = (int) $get['c']) < 1) { throw new Exception("Neplatná hodnota parametru \"c\": {$c}"); } $this->id = $c; } else { $this->redirection = KIWI_CLIENTS; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); switch ($post['cmd']) { case 'speichern': $this->handleFormData(); $this->saveData(); $this->redirection = KIWI_CLIENTS; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { $qsa = array(); if (!empty($get)) { if (isset($get['pv'])) { if (($pv = (int) $get['pv']) < 1) { throw new Exception("Neplatné ID záznamu: {$pv}"); } $this->id = $pv; $qsa[] = "pv={$this->id}"; } if (isset($get['pp'])) { if (($pp = (int) $get['pp']) < 1) { throw new Exception("Neplatné ID záznamu: {$pp}"); } $this->pid = $pp; $qsa[] = "pp={$this->pid}"; } if ($this->id == 0 && $this->pid == 0) { throw new Exception("Nedostatek vstupních parametrů query stringu"); } $qs = empty($qsa) ? '' : '?' . implode('&', $qsa); if (isset($get['ri'])) { $this->removeIcon(); $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY_VALUE . $qs; return; } } else { throw new Exception("Chybějící ID vlastnosti produktu"); } if (!empty($post)) { $act = 0; switch ($post['cmd']) { case 'speichern': $this->handleUploads(); if ($this->pid == 0) { throw new Exception("Chybějící ID vlastnosti produktu"); } $value = mysql_real_escape_string(strip_gpc_slashes($post['Hodnota_vlastnosti'])); $popis = mysql_real_escape_string(strip_gpc_slashes($post['Popis_hodnoty'])); if ($value == '') { throw new Exception('Některá z povinných položek nebyla vyplněna'); } if ($this->icon !== null) { $extra = mysql_real_escape_string($this->icon); $extra_sql = array('update' => ", ExtraData='{$extra}'", 'insert' => ", '{$extra}'"); } elseif (array_key_exists('Extra_data', $post)) { $extra = mysql_real_escape_string(strip_gpc_slashes($post['Extra_data'])); if ($extra == '') { throw new Exception('Některá z povinných položek nebyla vyplněna'); } if ($post['Datovy_typ'] == PT_COLOR) { if ($this->isColorValid($extra)) { $this->createColorImage($extra); } else { throw new Exception('Nekorektní zápis barvy'); } } $extra_sql = array('update' => ", ExtraData='{$extra}'", 'insert' => ", '{$extra}'"); } else { $extra_sql = array('update' => '', 'insert' => ", ''"); } if ($this->id) { mysql_query("UPDATE prodpvals SET Value='{$value}'{$extra_sql['update']}, Description='{$popis}', LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); mysql_query("UPDATE prodprops SET LastChange=CURRENT_TIMESTAMP WHERE ID={$this->pid}"); } else { mysql_query("LOCK TABLES prodpvals WRITE, prodprops WRITE"); $result = mysql_query("SELECT MAX(Priority) FROM prodpvals WHERE PID={$this->pid}"); $row = mysql_fetch_row($result); $priority = (int) $row[0] + 1; mysql_query("INSERT INTO prodpvals(PID, Value, ExtraData, Description, Priority) VALUES ({$this->pid}, '{$value}'{$extra_sql['insert']}, '{$popis}', {$priority})"); $this->id = mysql_insert_id(); mysql_query("UPDATE prodprops SET LastChange=CURRENT_TIMESTAMP WHERE ID={$this->pid}"); mysql_query("UNLOCK TABLES"); } $qs = "?pp={$this->pid}"; $this->redirection = KIWI_EDIT_PRODUCT_PROPERTY . $qs; break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }
public function handleInput($get, $post) { // todo: ohlidat prava $self = basename($_SERVER['PHP_SELF']); $qs = ''; if (!empty($get)) { if (isset($get['sg'])) { if (($sg = (int) $get['sg']) < 1) { throw new Exception("Neplatné ID záznamu: {$sg}"); } $this->id = $sg; $qs = "?sg={$sg}"; } if (isset($get['n'])) { $result = mysql_query("SELECT Count(*) FROM eshop WHERE ID={$this->id} AND Subgroup=1"); if ($row = mysql_fetch_row($result)) { if ($row[0] == 1) { $this->new_subgroup = true; } } if (!$this->new_subgroup) { throw new Exception("Neplatné ID záznamu: {$this->id}"); } } if (isset($get['ri']) && $this->id != 1) { $this->removeGroupIcon(); $this->redirection = $self . $qs; return; } if (isset($get['asa']) || isset($get['asd'])) { $nas = isset($get['asa']) ? 1 : 0; if ($nas && isset($get['asd'])) { throw new Exception("Současná přítomnost parametrů asa a asd není přípustná"); } $qsv = 'as' . ($nas ? 'a' : 'd'); $this->loadRecord(); $this->loadEShopItems(); if (($as = (int) $get[$qsv]) < 1 || !isset($this->index[$as])) { throw new Exception("Neplatné ID záznamu: {$as}"); } if ($nas && !$this->record->Active) { throw new Exception("Pokud o nepřípustnou aktivaci záznamu: {$as}"); } $id_list_rec = implode(',', $this->getRecursiveIdList(array($as))); $this->activateGroupsAndLines($id_list_rec, $nas); /* $this->records[$this->index[$as]]->Active = $nas; $this->records[$this->index[$as]]->LastChange = date('Y-m-d H:i', time()); */ $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $as; $this->redirection = $self . $qs . '#zmena'; } if (isset($get['d']) || isset($get['dd']) || isset($get['u']) || isset($get['uu'])) { if ((int) isset($get['d']) + (int) isset($get['dd']) + (int) isset($get['u']) + (int) isset($get['uu']) != 1) { throw new Exception("Neplatný vstup - více než jeden příkaz pro přesun položky"); } $dow = isset($get['d']) || isset($get['dd']); $tot = isset($get['dd']) || isset($get['uu']); $qv = $dow ? 'd' : 'u'; if ($tot) { $qv .= $qv; } $this->loadRecord(); $this->loadEShopItems(); if (($cp = (int) $get[$qv]) < 1 || !isset($this->index[$cp])) { throw new Exception("Neplatné ID záznamu: {$cp}"); } $this->moveItem($cp, $dow, $tot); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->anchor->ID = $cp; $this->redirection = $self . $qs . '#zmena'; } } if (!empty($post)) { $xpost = strip_gpc_slashes($post); $this->all_checked = isset($xpost['checkall']); if (isset($xpost['check']) && is_array($xpost['check'])) { foreach ($xpost['check'] as $value) { if (!is_numeric($value)) { throw new Exception("Nepovolený vstup: check[]"); } $this->checked[$value] = true; } } $act = 0; switch ($xpost['cmd']) { case 'speichern': $this->handleUploads(); $this->title = $xpost['Nazev']; if ($this->title == '') { throw new Exception('Název skupiny nebyl vyplněn'); } $this->description = $xpost['Popis']; $this->auto = array_key_exists('Auto', $xpost); if (array_key_exists('URL_skupiny', $xpost)) { $this->url = $xpost['URL_skupiny']; } if (array_key_exists('htitle_skupiny', $xpost)) { $this->htitle = $xpost['htitle_skupiny']; } $ue = $this->rights === true || $this->rights['EditURLs']; $flds = array('title', 'description', 'icon', 'flags'); if ($ue || !$this->id) { $flds[] = 'url'; $flds[] = 'htitle'; if ($this->auto || !$this->id && !$ue) { $this->generateURL(); $this->generateTitle(); } } $this->flags = array_key_exists('mainmenu_flag', $xpost) ? $this->flags | self::FLAG_FRONTMENU : $this->flags & ~self::FLAG_FRONTMENU; foreach ($flds as $fld) { ${$fld} = mysql_real_escape_string($this->{$fld}); } if (!$this->id) { throw new Exception("Neplatné ID záznamu: {$this->id}"); } if (!$this->new_subgroup) { if ($this->id == 1) { throw new Exception('Neplatná operace: editace nastavení hlavní skupiny'); } else { $ue_sql = $ue ? ", URL='{$url}', PageTitle='{$htitle}'" : ''; $icon_sql = $icon !== '' ? ", Icon='{$icon}'" : ''; mysql_query("UPDATE eshop SET Name='{$title}', Description='{$description}'{$ue_sql}{$icon_sql}, Flags={$flags}, LastChange=CURRENT_TIMESTAMP WHERE ID={$this->id}"); } } elseif ($title != '') { $result = mysql_query("SELECT Max(Priority) FROM eshop WHERE Parent={$this->id}"); if ($row = mysql_fetch_row($result)) { $priority = (int) $row[0] + 1; } else { throw new Exception("Chyba při načítání priority položek eshopu"); } if ($ue) { $ue_sql1 = ', URL, PageTitle'; $ue_sql2 = ",'{$url}', '{$htitle}'"; } else { $ue_sql1 = $ue_sql2 = ''; } if ($icon) { $icon_sql1 = ', Icon'; $icon_sql2 = ",'{$icon}'"; } else { $icon_sql1 = $icon_sql2 = ''; } mysql_query("INSERT INTO eshop(Name, Description{$ue_sql1}{$icon_sql1}, Subgroup, Parent, Flags, Priority) VALUES ('{$title}', '{$description}'{$ue_sql2}{$icon_sql2}, 1, {$this->id}, {$flags}, {$priority})"); $new_id = mysql_insert_id(); Kiwi_EShop_Indexer::index($new_id, $this->id); $qs = "?sg={$new_id}"; $this->loadLastChange(false); $this->lastchange->register(); } $this->redirection = $self . $qs; break; case 'Zurück': $this->loadRecord(); $this->redirection = $this->getBackLink(); break; case 'aktivieren': $act = 1; case 'deaktivieren': $this->loadRecord(); if ($act && !$this->record->Active) { throw new Exception("Pokud o nepřípustnou aktivaci záznamů"); } $id_list_rec = implode(',', $this->getRecursiveIdList($xpost['check'])); $this->activateGroupsAndLines($id_list_rec, $act); $this->loadLastChange(false); $this->lastchange->register(); $this->lastchange = null; $this->redirection = $self . $qs; break; case 'Serie hinzufügen': $this->redirection = KIWI_ADD_ESHOPITEM . "?sg={$this->id}"; break; case 'Gruppe hinzufügen': $this->redirection = KIWI_ADD_ESHOPGROUP . "?sg={$this->id}&n"; break; case 'entfernen': if (sizeof($xpost['check']) > 0) { $id_list_rec = implode(',', $this->getRecursiveIdList($xpost['check'])); $this->deleteGroupsAndLines($id_list_rec); $this->loadLastChange(false); $this->lastchange->register(); $this->redirection = $self . $qs; } break; default: throw new Exception('Neočekávaný příkaz formuláře: ' . __CLASS__); } } }