示例#1
0
     }
     break;
 case 'group':
     if (isset($_GET['mode'])) {
         switch ($_GET['mode']) {
             case 'add':
                 if (permissions('users', 'group', 'add')) {
                     $sql = new MySQLObject();
                     if ($sql->query("INSERT INTO " . $q->table('users_groups') . " (`name`,`description`) VALUES ('" . $sql->escape($_POST['group_header']) . "','" . $sql->escape($_POST['group_description']) . "')")) {
                         if (isset($_POST['group_permissions']) && is_array($_POST['group_permissions'])) {
                             $query = "INSERT INTO " . $q->table('permissions') . " (`name`,`group`,`module`,`value`) VALUES";
                             foreach ($_POST['group_permissions'] as $module => $names) {
                                 if (is_array($names)) {
                                     $o = 0;
                                     foreach ($names as $name => $values) {
                                         $query .= " ('" . $sql->escape($name) . "'," . $sql->insert_id() . ",'" . $sql->escape($module) . "','";
                                         if (is_array($values)) {
                                             $query .= implode(';', $values);
                                         }
                                         $query .= "')";
                                         if ($o != count($names) - 1) {
                                             $query .= ",";
                                         }
                                         $o++;
                                     }
                                 }
                             }
                             if (!$sql->query($query)) {
                                 $syslog->alert_error('{L_ALERT_USERS_PERMISSIONS_SET}');
                                 die;
                             }
示例#2
0
 switch ($_GET['mode']) {
     case 'add':
         if (permissions('blog', 'post', 'add') && isset($_POST['post_slug_generate'])) {
             // -- slug --
             switch (intval($_POST['post_slug_generate'])) {
                 case 0:
                     $slug = $_POST['post']['slug'];
                     break;
                 case 1:
                     $slug = generate_slug($_POST['post']['header']);
                     break;
             }
             // -- update the posts table --
             $sql = new MySQLObject();
             if ($sql->query("\r\nINSERT INTO " . $sql->table('blog_posts') . "\r\n(`category`,`date`,`header`,`slug`,`prologue`,`content`)\r\nVALUES\r\n(\r\n\t" . intval($_POST['post']['category']) . ",\r\n\t" . time() . ",\r\n\t'" . $sql->escape($_POST['post']['header']) . "',\r\n\t'" . $sql->escape($slug) . "',\r\n\t'" . $sql->escape($_POST['page']['prologue']) . "',\r\n\t'" . $sql->escape($_POST['page']['content']) . "'\r\n)")) {
                 $post_id = $sql->insert_id();
                 // -- get the new tags --
                 $tags = array_rmempty(explode(', ', $_POST['post']['tags']));
                 // -- insert the new tags --
                 $tags_insert = array();
                 $tags_used = array();
                 foreach ($tags as $tag) {
                     if (!in_array($tag, $tags_used)) {
                         $tags_insert[] = array('tag' => generate_slug($tag), 'header' => $tag);
                         $tags_used[] = $tag;
                     }
                 }
                 if (count($tags_insert) != 0) {
                     $query = "\r\nINSERT INTO " . $sql->table('blog_tags') . "\r\n(`tag`,`header`,`post`)\r\nVALUES";
                     $i = 0;
                     foreach ($tags_insert as $tag) {