/branches/2.8.x/wb/admin/pages/sections_save.php - Annotate - WB 2.08.x - Tracking

wb-archiv283/branches/2.8.x/wb/admin/pages/sections_save.php @ 1388

-            stefan
+<?php
-            Luisehahne
+/**
+ *
  * @category        admin
  * @package         pages
  * @author          WebsiteBaker Project
  * @copyright       2004-2009, Ryan Djurovich
  * @copyright       2009-2011, Website Baker Org. e.V.
  * @link			http://www.websitebaker2.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
  * @filesource		$HeadURL: http://svn.websitebaker2.org/branches/2.8.x/wb/admin/pages/sections.php $
  * @lastmodified    $Date: 2011-01-10 13:14:10 +0100 (Mo, 10. Jan 2011) $
+ *
  */
             stefan
-            ryan
+// Include config file
-            stefan
+require('../../config.php');
-            ryan
+// Make sure people are allowed to access this page
-            stefan
+if(MANAGE_SECTIONS != 'enabled') {
 	header('Location: '.ADMIN_URL.'/pages/index.php');
-            stefan
+	exit(0);
             stefan
-            thorn
+require_once(WB_PATH."/include/jscalendar/jscalendar-functions.php");
-            ryan
+// Get page id
-            Luisehahne
+if(!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) {
-            stefan
+	header("Location: index.php");
-            stefan
+	exit(0);
-            stefan
+} else {
 	$page_id = $_GET['page_id'];
+}
-            ryan
+// Create new admin object
-            stefan
+require_once(WB_PATH.'/framework/class.admin.php');
 $admin = new admin('Pages', 'pages_modify');
             Luisehahne
-            FrankH
+if (!$admin->checkFTAN())
+{
-            Luisehahne
+	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],'index.php');
-            FrankH
+	exit();
+}
-            ryan
+// Get perms
-            Luisehahne
+// $database = new database();
-            stefan
+$results = $database->query("SELECT admin_groups,admin_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'");
 $results_array = $results->fetchRow();
 $old_admin_groups = explode(',', $results_array['admin_groups']);
 $old_admin_users = explode(',', $results_array['admin_users']);
-            doc
+$in_old_group = FALSE;
 foreach($admin->get_groups_id() as $cur_gid){
     if (in_array($cur_gid, $old_admin_groups)) {
         $in_old_group = TRUE;
+    }
+}
-            Luisehahne
+if((!$in_old_group) && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) {
-            stefan
+	$admin->print_error($MESSAGE['PAGES']['INSUFFICIENT_PERMISSIONS']);
+}
-            ryan
+// Get page details
-            Luisehahne
+// $database = new database();
-            stefan
+$query = "SELECT * FROM ".TABLE_PREFIX."pages WHERE page_id = '$page_id'";
 $results = $database->query($query);
 if($database->is_error()) {
 	$admin->print_header();
 	$admin->print_error($database->get_error());
+}
 if($results->numRows() == 0) {
 	$admin->print_header();
 	$admin->print_error($MESSAGE['PAGES']['NOT_FOUND']);
+}
 $results_array = $results->fetchRow();
-            ryan
+// Set module permissions
-            stefan
+$module_permissions = $_SESSION['MODULE_PERMISSIONS'];
-            ryan
+// Loop through sections
-            stefan
+$query_sections = $database->query("SELECT section_id,module,position FROM ".TABLE_PREFIX."sections WHERE page_id = '$page_id' ORDER BY position ASC");
 if($query_sections->numRows() > 0) {
 	$num_sections = $query_sections->numRows();
 	while($section = $query_sections->fetchRow()) {
-            stefan
+		if(!is_numeric(array_search($section['module'], $module_permissions))) {
 			// Update the section record with properties
 			$section_id = $section['section_id'];
-            thorn
+			$sql = ''; $publ_start = 0; $publ_end = 0;
 			$dst = date("I")?" DST":""; // daylight saving time?
-            Luisehahne
+			if(isset($_POST['block'.$section_id]) && $_POST['block'.$section_id] != '') {
-            stefan
+				$sql = "block = '".$admin->add_slashes($_POST['block'.$section_id])."'";
             thorn
 			// update publ_start and publ_end, trying to make use of the strtotime()-features like "next week", "+1 month", ...
-            Luisehahne
+			if(isset($_POST['start_date'.$section_id]) && isset($_POST['end_date'.$section_id])) {
 				if(trim($_POST['start_date'.$section_id]) == '0' || trim($_POST['start_date'.$section_id]) == '') {
-            thorn
+					$publ_start = 0;
 				} else {
-            thorn
+					$publ_start = jscalendar_to_timestamp($_POST['start_date'.$section_id]);
             stefan
-            Luisehahne
+				if(trim($_POST['end_date'.$section_id]) == '0' || trim($_POST['end_date'.$section_id]) == '') {
-            thorn
+					$publ_end = 0;
 				} else {
-            thorn
+					$publ_end = jscalendar_to_timestamp($_POST['end_date'.$section_id], $publ_start);
             thorn
 				if($sql != '')
 					$sql .= ",";
-            thorn
+				$sql .= " publ_start = '".$admin->add_slashes($publ_start)."'";
 				$sql .= ", publ_end = '".$admin->add_slashes($publ_end)."'";
             stefan
-            thorn
+			$query = "UPDATE ".TABLE_PREFIX."sections SET $sql WHERE section_id = '$section_id' LIMIT 1";
 			if($sql != '') {
 				$database->query($query);
+			}
             stefan
+	}
+}
 // Check for error or print success message
-            ryan
+if($database->is_error()) {
 	$admin->print_error($database->get_error(), ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
 } else {
-            Luisehahne
+	$admin->print_success($MESSAGE['PAGES']['SECTIONS_PROPERTIES_SAVED'], ADMIN_URL.'/pages/sections.php?page_id='.$page_id);
             ryan
             stefan
-            ryan
+// Print admin footer
-            stefan
+$admin->print_footer();

Project

General

Profile

WB 2.08.x