/branches/2.8.x/wb/admin/pages/sections_save.php - Annotate - WB 2.08.x - Tracking

wb-archiv283/branches/2.8.x/wb/admin/pages/sections_save.php @ 1358

-            stefan
+<?php
 // $Id$
 /*
  Website Baker Project <http://www.websitebaker.org/>
-            Ruebenwurz
+ Copyright (C) 2004-2009, Ryan Djurovich
             stefan
  Website Baker is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.
  Website Baker is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.
  You should have received a copy of the GNU General Public License
  along with Website Baker; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */
-            ryan
+// Include config file
-            stefan
+require('../../config.php');
-            ryan
+// Make sure people are allowed to access this page
-            stefan
+if(MANAGE_SECTIONS != 'enabled') {
 	header('Location: '.ADMIN_URL.'/pages/index.php');
-            stefan
+	exit(0);
             stefan
-            thorn
+require_once(WB_PATH."/include/jscalendar/jscalendar-functions.php");
-            ryan
+// Get page id
-            stefan
+if(!isset($_GET['page_id']) OR !is_numeric($_GET['page_id'])) {
 	header("Location: index.php");
-            stefan
+	exit(0);
-            stefan
+} else {
 	$page_id = $_GET['page_id'];
+}
-            ryan
+// Create new admin object
-            stefan
+require_once(WB_PATH.'/framework/class.admin.php');
 $admin = new admin('Pages', 'pages_modify');
-            FrankH
+if (!$admin->checkFTAN())
+{
-            Luisehahne
+	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
-            FrankH
+	exit();
+}
-            ryan
+// Get perms
-            Luisehahne
+// $database = new database();
-            stefan
+$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
 $results_array = $results->fetchRow();
 $old_admin_groups = explode(',', $results_array['admin_groups']);
 $old_admin_users = explode(',', $results_array['admin_users']);
-            doc
+$in_old_group = FALSE;
 foreach($admin->get_groups_id() as $cur_gid){
     if (in_array($cur_gid, $old_admin_groups)) {
         $in_old_group = TRUE;
+    }
+}
 if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
-            stefan
+	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
+}
-            ryan
+// Get page details
-            stefan
+$database = new database();
 $query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
 $results = $database->query($query);
 if($database->is_error()) {
 	$admin->print_header();
 	$admin->print_error($database->get_error());
+}
 if($results->numRows() == 0) {
 	$admin->print_header();
 	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
+}
 $results_array = $results->fetchRow();
-            ryan
+// Set module permissions
-            stefan
+$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
-            ryan
+// Loop through sections
-            stefan
+$query_sections = $database->query("SELECT section_id,module,position FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id' ORDER BY position ASC");
 if($query_sections->numRows() > 0) {
 	$num_sections = $query_sections->numRows();
 	while($section = $query_sections->fetchRow()) {
-            stefan
+		if(!is_numeric(array_search($section['module'], $module_permissions))) {
 			// Update the section record with properties
 			$section_id = $section['section_id'];
-            thorn
+			$sql = ''; $publ_start = 0; $publ_end = 0;
 			$dst = date("I")?" DST":""; // daylight saving time?
-            stefan
+			if(isset($_POST['block'.$section_id]) AND $_POST['block'.$section_id] != '') {
 				$sql = "block = '".$admin->add_slashes($_POST['block'.$section_id])."'";
             thorn
 			// update publ_start and publ_end, trying to make use of the strtotime()-features like "next week", "+1 month", ...
 			if(isset($_POST['start_date'.$section_id]) AND isset($_POST['end_date'.$section_id])) {
 				if(trim($_POST['start_date'.$section_id]) == '0' OR trim($_POST['start_date'.$section_id]) == '') {
 					$publ_start = 0;
 				} else {
-            thorn
+					$publ_start = jscalendar_to_timestamp($_POST['start_date'.$section_id]);
             stefan
-            thorn
+				if(trim($_POST['end_date'.$section_id]) == '0' OR trim($_POST['end_date'.$section_id]) == '') {
 					$publ_end = 0;
 				} else {
-            thorn
+					$publ_end = jscalendar_to_timestamp($_POST['end_date'.$section_id], $publ_start);
             thorn
 				if($sql != '')
 					$sql .= ",";
-            thorn
+				$sql .= " publ_start = '".$admin->add_slashes($publ_start)."'";
 				$sql .= ", publ_end = '".$admin->add_slashes($publ_end)."'";
             stefan
-            thorn
+			$query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id' LIMIT 1";
 			if($sql != '') {
 				$database->query($query);
+			}
             stefan
+	}
+}
 // Check for error or print success message
-            ryan
+if($database->is_error()) {
 	$admin->print_error($database->get_error(), ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
 } else {
-            Luisehahne
+	$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
             ryan
             stefan
-            ryan
+// Print admin footer
-            stefan
+$admin->print_footer();
-            thorn
+?>

Project

General

Profile

WB 2.08.x

wb-archiv283/branches/2.8.x/wb/admin/pages/sections_save.php @ 1358