Project

General

Profile

« Previous | Next » 

Revision 1358

Added by Dietmar almost 14 years ago

validation fixes in pages backend theme

View differences:

save.php
1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2011, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 5.2.2 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
// Get page & section id
20
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
21
	header("Location: index.php");
22
	exit(0);
23
} else {
24
	$page_id = intval($_POST['page_id']);
25
}
26
if(!isset($_POST['section_id']) OR !is_numeric($_POST['section_id'])) {
27
	header("Location: index.php");
28
	exit(0);
29
} else {
30
	$section_id = intval($_POST['section_id']);
31
}
32

  
33
// Create new admin object
34
require('../../config.php');
35
require_once(WB_PATH.'/framework/class.admin.php');
36
$admin = new admin('Pages', 'pages_modify');
37

  
38
if (!$admin->checkFTAN())
39
{
40
	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
41
	exit();
42
}
43

  
44
// Get perms
45
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
46
$sql .= 'WHERE `page_id` = '.$page_id;
47
$results = $database->query($sql);
48
$results_array = $results->fetchRow();
49
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
50
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
51
$in_old_group = FALSE;
52
foreach($admin->get_groups_id() as $cur_gid)
53
{
54
    if (in_array($cur_gid, $old_admin_groups))
55
    {
56
        $in_old_group = TRUE;
57
    }
58
}
59
if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
60
{
61
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
62
}
63
// Get page module
64
$sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
65
$sql .= 'WHERE `page_id`='.$page_id.' AND `section_id`='.$section_id;
66
$module = $database->get_one($sql);
67
if(!$module)
68
{
69
	$admin->print_error( $database->is_error() ? $database->get_error() : $MESSAGE['PAGES']['NOT_FOUND']);
70
}
71
//$results = $database->query($sql);
72
//if($database->is_error()) {
73
//	$admin->print_error($database->get_error());
74
//}
75
//if($results->numRows() == 0) {
76
//	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
77
//}
78
//$results_array = $results->fetchRow();
79
//$module = $results_array['module'];
80

  
81
// Update the pages table
82
$now = time();
83
$sql  = 'UPDATE `'.TABLE_PREFIX.'pages` SET ';
84
$sql .= '`modified_when` = '.$now.', `modified_by` = '.$admin->get_user_id().' ';
85
$sql .= 'WHERE `page_id` = '.$page_id;
86
$database->query($sql);
87

  
88
// Include the modules saving script if it exists
89
if(file_exists(WB_PATH.'/modules/'.$module.'/save.php'))
90
{
91
	include_once(WB_PATH.'/modules/'.$module.'/save.php');
92
}
93
// Check if there is a db error, otherwise say successful
94
if($database->is_error())
95
{
96
	$admin->print_error($database->get_error(), $js_back);
97
} else {
98
	$ftan2 = $admin->getFTAN(2);
99
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL."/pages/modify.php?page_id=$page_id&amp;$ftan2");
100
}
101

  
102
// Print admin footer
103
$admin->print_footer();
104

  
1
<?php
2
/**
3
 *
4
 * @category        admin
5
 * @package         pages
6
 * @author          WebsiteBaker Project
7
 * @copyright       2004-2009, Ryan Djurovich
8
 * @copyright       2009-2010, Website Baker Org. e.V.
9
 * @link			http://www.websitebaker2.org/
10
 * @license         http://www.gnu.org/licenses/gpl.html
11
 * @platform        WebsiteBaker 2.8.x
12
 * @requirements    PHP 4.3.4 and higher
13
 * @version         $Id$
14
 * @filesource		$HeadURL$
15
 * @lastmodified    $Date$
16
 *
17
 */
18

  
19
// Get page & section id
20
if(!isset($_POST['page_id']) OR !is_numeric($_POST['page_id'])) {
21
	header("Location: index.php");
22
	exit(0);
23
} else {
24
	$page_id = intval($_POST['page_id']);
25
}
26
if(!isset($_POST['section_id']) OR !is_numeric($_POST['section_id'])) {
27
	header("Location: index.php");
28
	exit(0);
29
} else {
30
	$section_id = intval($_POST['section_id']);
31
}
32

  
33
// Create new admin object
34
require('../../config.php');
35
require_once(WB_PATH.'/framework/class.admin.php');
36
$admin = new admin('Pages', 'pages_modify');
37
if (!$admin->checkFTAN())
38
{
39
	$admin->print_error($MESSAGE['PAGES_NOT_SAVED'],'index.php');
40
	exit();
41
}
42

  
43
// Get perms
44
$sql  = 'SELECT `admin_groups`,`admin_users` FROM `'.TABLE_PREFIX.'pages` ';
45
$sql .= 'WHERE `page_id` = '.$page_id;
46
$results = $database->query($sql);
47
$results_array = $results->fetchRow();
48
$old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups']));
49
$old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users']));
50
$in_old_group = FALSE;
51
foreach($admin->get_groups_id() as $cur_gid)
52
{
53
    if (in_array($cur_gid, $old_admin_groups))
54
    {
55
        $in_old_group = TRUE;
56
    }
57
}
58
if((!$in_old_group) AND !is_numeric(array_search($admin->get_user_id(), $old_admin_users)))
59
{
60
	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
61
}
62
// Get page module
63
$sql  = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` ';
64
$sql .= 'WHERE `page_id`='.$page_id.' AND `section_id`='.$section_id;
65
$module = $database->get_one($sql);
66
if(!$module)
67
{
68
	$admin->print_error( $database->is_error() ? $database->get_error() : $MESSAGE['PAGES']['NOT_FOUND']);
69
}
70
//$results = $database->query($sql);
71
//if($database->is_error()) {
72
//	$admin->print_error($database->get_error());
73
//}
74
//if($results->numRows() == 0) {
75
//	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
76
//}
77
//$results_array = $results->fetchRow();
78
//$module = $results_array['module'];
79

  
80
// Update the pages table
81
$now = time();
82
$sql  = 'UPDATE `'.TABLE_PREFIX.'pages` SET ';
83
$sql .= '`modified_when` = '.$now.', `modified_by` = '.$admin->get_user_id().' ';
84
$sql .= 'WHERE `page_id` = '.$page_id;
85
$database->query($sql);
86

  
87
// Include the modules saving script if it exists
88
if(file_exists(WB_PATH.'/modules/'.$module.'/save.php'))
89
{
90
	include_once(WB_PATH.'/modules/'.$module.'/save.php');
91
}
92
// Check if there is a db error, otherwise say successful
93
if($database->is_error())
94
{
95
	$admin->print_error($database->get_error(), $js_back);
96
} else {
97
	$admin->print_success($MESSAGE['PAGES']['SAVED'], ADMIN_URL.'/pages/modify.php?page_id='.$page_id);
98
}
99

  
100
// Print admin footer
101
$admin->print_footer();
102

  
105 103
?>

Also available in: Unified diff