Project

General

Profile

« Previous | Next » 

Revision 1486

Added by DarkViper over 13 years ago

database::field_modify() there was a bug to fix
all other files: fixed SQL-statements to SQL-strict

View differences:

class.admin.php
57 57 
		}
58 58 

  		




  59
  59
  
    
		// Check if the backend language is also the selected language. If not, send headers again.


  		




  60
  
  
    
		$get_user_language = @$database->query("SELECT language FROM ".TABLE_PREFIX.


  		




  61
  
  
    
			"users WHERE user_id = '" .(int) $this->get_user_id() ."'");


  		




  
  60
  
    
		$sql  = 'SELECT `language` FROM `'.TABLE_PREFIX.'users` ';


  		




  
  61
  
    
		$sql .= 'WHERE `user_id`='.(int)$this->get_user_id();


  		




  
  62
  
    
		$get_user_language = @$database->query($sql);


  		




  62
  63
  
    
		$user_language = ($get_user_language) ? $get_user_language->fetchRow() : '';


  		




  63
  64
  
    
		// prevent infinite loop if language file is not XX.php (e.g. DE_du.php)


  		




  64
  65
  
    
		$user_language = substr($user_language[0],0,2);


  		




  ......




  94
  95
  
    
		global $database;


  		




  95
  96
  
    
		// $GLOBALS['FTAN'] = $this->getFTAN();


  		




  96
  97
  
    
		$this->createFTAN();


  		




  97
  
  
    
		$get_title = $database->query("SELECT value FROM ".TABLE_PREFIX."settings WHERE name = 'website_title'");


  		




  
  98
  
    
		$sql = 'SELECT `value` FROM `'.TABLE_PREFIX.'settings` WHERE `name`=\'website_title\'';


  		




  
  99
  
    
		$get_title = $database->query($sql);


  		




  98
  100
  
    
		$title = $get_title->fetchRow();


  		




  99
  101
  
    
		$header_template = new Template(THEME_PATH.'/templates');


  		




  100
  102
  
    
		$header_template->set_file('page', 'header.htt');


  		




  ......




  110
  112
  
    
		$view_url = WB_URL;


  		




  111
  113
  
    
		if(isset($_GET['page_id'])) {


  		




  112
  114
  
    
			// extract page link from the database


  		




  113
  
  
    
			$result = @$database->query("SELECT link FROM " .TABLE_PREFIX ."pages WHERE page_id = '" .(int) addslashes($_GET['page_id']) ."'");


  		




  
  115
  
    
			$sql  = 'SELECT `link` FROM `'.TABLE_PREFIX.'pages` ';


  		




  
  116
  
    
			$sql .= 'WHERE `page_id`='.intval($_GET['page_id']);


  		




  
  117
  
    
			$result = @$database->query($sql);


  		




  114
  118
  
    
			$row = @$result->fetchRow();


  		




  115
  119
  
    
			if($row) $view_url .= PAGES_DIRECTORY .$row['link']. PAGE_EXTENSION;


  		




  116
  120
  
    
		}


  		




  ......




  247
  251
  
    
  $retval = array('username'=>'unknown','display_name'=>'Unknown','email'=>'');


  		




  248
  252
  
    
  $sql  = 'SELECT `username`,`display_name`,`email` ';


  		




  249
  253
  
    
  $sql .= 'FROM `'.TABLE_PREFIX.'users` ';


  		




  250
  
  
    
  $sql .= 'WHERE `user_id`='.(int)$user_id.' ';


  		




  251
  
  
    
  // $sql .= 'AND (`statusflags` & '.USERS_DELETED.') > 0';


  		




  
  254
  
    
  $sql .= 'WHERE `user_id`='.(int)$user_id;


  		




  252
  255
  
    
  if( ($resUsers = $database->query($sql)) ) {


  		




  253
  256
  
    
   if( ($recUser = $resUsers->fetchRow()) ) {


  		




  254
  257
  
    
    $retval = $recUser;


  		




  ......




  261
  264
  
    
	function get_section_details( $section_id, $backLink = 'index.php' ) {


  		




  262
  265
  
    
	global $database, $TEXT;


  		




  263
  266
  
    
		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'sections` ';


  		




  264
  
  
    
		$sql .= 'WHERE `section_id`='.intval($section_id).' LIMIT 1';


  		




  
  267
  
    
		$sql .= 'WHERE `section_id`='.intval($section_id);


  		




  265
  268
  
    
		if(($resSection = $database->query($sql))){


  		




  266
  269
  
    
			if(!($recSection = $resSection->fetchRow())) {


  		




  267
  270
  
    
				$this->print_header();


  		




  ......




  275
  278
  
    
	}


  		




  276
  279
  
    

  		




  277
  280
  
    
	function get_page_details( $page_id, $backLink = 'index.php' ) {


  		




  278
  
  
    
	  global $database, $TEXT;


  		




  279
  
  
    
	  $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';


  		




  280
  
  
    
	  $sql .= 'WHERE `page_id`='.(int)$page_id.' LIMIT 1';


  		




  281
  
  
    
	  if(($resPages = $database->query($sql))){


  		




  282
  
  
    
	   if(!($recPage = $resPages->fetchRow())) {


  		




  283
  
  
    
	    $this->print_header();


  		




  284
  
  
    
	    $this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true);


  		




  285
  
  
    
	   }


  		




  286
  
  
    
	  } else {


  		




  287
  
  
    
	   $this->print_header();


  		




  288
  
  
    
	   $this->print_error($database->get_error(), $backLink, true);


  		




  289
  
  
    
	  }


  		




  290
  
  
    
	  return $recPage;


  		




  291
  
  
    
	 }


  		




  292
  
  
    

  		




  293
  
  
    
	/** Function get_page_permission takes either a numerical page_id,


  		




  294
  
  
    
	 * upon which it looks up the permissions in the database,


  		




  295
  
  
    
	 * or an array with keys admin_groups and admin_users


  		




  296
  
  
    
	 */


  		




  297
  
  
    
/*


  		




  298
  
  
    
	function get_page_permission($page,$action='admin') {


  		




  299
  
  
    
		if ($action!='viewing') $action='admin';


  		




  300
  
  
    
		$action_groups=$action.'_groups';


  		




  301
  
  
    
		$action_users=$action.'_users';


  		




  302
  
  
    
		if (is_array($page)) {


  		




  303
  
  
    
				$groups=$page[$action_groups];


  		




  304
  
  
    
				$users=$page[$action_users];


  		




  
  281
  
    
		global $database, $TEXT;


  		




  
  282
  
    
		$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'pages` ';


  		




  
  283
  
    
		$sql .= 'WHERE `page_id`='.intval($page_id);


  		




  
  284
  
    
		if(($resPages = $database->query($sql))){


  		




  
  285
  
    
			if(!($recPage = $resPages->fetchRow())) {


  		




  
  286
  
    
			$this->print_header();


  		




  
  287
  
    
			$this->print_error($TEXT['PAGE'].' '.$TEXT['NOT_FOUND'], $backLink, true);


  		




  
  288
  
    
			}


  		




  305
  289
  
    
		} else {


  		




  306
  
  
    
			global $database;


  		




  307
  
  
    
			$results = $database->query("SELECT $action_groups,$action_users FROM ".TABLE_PREFIX."pages WHERE page_id = '$page'");


  		




  308
  
  
    
			$result = $results->fetchRow();


  		




  309
  
  
    
			$groups = explode(',', str_replace('_', '', $result[$action_groups]));


  		




  310
  
  
    
			$users = explode(',', str_replace('_', '', $result[$action_users]));


  		




  
  290
  
    
			$this->print_header();


  		




  
  291
  
    
			$this->print_error($database->get_error(), $backLink, true);


  		




  311
  292
  
    
		}


  		




  312
  
  
    

  		




  313
  
  
    
		$in_group = FALSE;


  		




  314
  
  
    
		foreach($this->get_groups_id() as $cur_gid){


  		




  315
  
  
    
		    if (in_array($cur_gid, $groups)) {


  		




  316
  
  
    
		        $in_group = TRUE;


  		




  317
  
  
    
		    }


  		




  318
  
  
    
		}


  		




  319
  
  
    
		if((!$in_group) AND !is_numeric(array_search($this->get_user_id(), $users))) {


  		




  320
  
  
    
			return false;


  		




  321
  
  
    
		}


  		




  322
  
  
    
		return true;


  		




  
  293
  
    
		return $recPage;


  		




  323
  294
  
    
	}


  		




  324
  
  
    
*/


  		




  325
  295
  
    

  		




  326
  296
  
    
	function get_page_permission($page,$action='admin') {


  		




  327
  297
  
    
		if($action != 'viewing') { $action = 'admin'; }


  		




  ......




  386
  356
  
    
		if(isset($_GET['tool']))


  		




  387
  357
  
    
			{


  		




  388
  358
  
    
			// check if displayed page contains a installed admin tool


  		




  389
  
  
    
			$result = $database->query("SELECT * FROM " .TABLE_PREFIX ."addons


  		




  390
  
  
    
				WHERE type = 'module' AND function = 'tool' AND directory = '".addslashes($_GET['tool'])."'");


  		




  
  359
  
    
			$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';


  		




  
  360
  
    
			$sql .= 'WHERE `type`=\'module\' AND `function`=\'tool\' AND `directory`=\''.addslashes($_GET['tool']).'\'';


  		




  
  361
  
    
			$result = $database->query($sql);


  		




  391
  362
  
    
			if($result->numRows())


  		




  392
  363
  
    
				{


  		




  393
  364
  
    
				// check if admin tool directory contains a backend_body.js file to include


  		




  ......




  408
  379
  
    
				$page_id = (int) addslashes($_POST['page_id']);


  		




  409
  380
  
    
			}


  		




  410
  381
  
    
			// gather information for all models embedded on actual page


  		




  411
  
  
    
			$query_modules = $database->query("SELECT module FROM " .TABLE_PREFIX ."sections


  		




  412
  
  
    
				WHERE page_id=$page_id");


  		




  
  382
  
    
			$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;


  		




  
  383
  
    
			$query_modules = $database->query($sql);


  		




  413
  384
  
    
			while($row = $query_modules->fetchRow()) {


  		




  414
  385
  
    
				// check if page module directory contains a backend_body.js file


  		




  415
  386
  
    
				if(file_exists(WB_PATH ."/modules/" .$row['module'] ."/$base_file")) {


  		




  ......




  450
  421
  
    
		// check if backend.js or backend.css files needs to be included to the <head></head> section of the backend


  		




  451
  422
  
    
		if(isset($_GET['tool'])) {


  		




  452
  423
  
    
			// check if displayed page contains a installed admin tool


  		




  453
  
  
    
			$result = $database->query("SELECT * FROM " .TABLE_PREFIX ."addons


  		




  454
  
  
    
				WHERE type = 'module' AND function = 'tool' AND directory = '".addslashes($_GET['tool'])."'");


  		




  455
  
  
    

  		




  
  424
  
    
			$sql  = 'SELECT * FROM `'.TABLE_PREFIX.'addons` ';


  		




  
  425
  
    
			$sql .= 'WHERE `type`=\'module\' AND `function`=\'tool\' AND `directory`=\''.addslashes($_GET['tool']).'\'';


  		




  
  426
  
    
			$result = $database->query($sql);


  		




  456
  427
  
    
			if($result->numRows()) {


  		




  457
  428
  
    
				// check if admin tool directory contains a backend.js or backend.css file to include


  		




  458
  429
  
    
				$tool = $result->fetchRow();


  		




  ......




  470
  441
  
    
			}


  		




  471
  442
  
    

  		




  472
  443
  
    
    		// gather information for all models embedded on actual page


  		




  473
  
  
    
			$query_modules = $database->query("SELECT module FROM " .TABLE_PREFIX ."sections


  		




  474
  
  
    
				WHERE page_id=$page_id");


  		




  
  444
  
    
			$sql = 'SELECT `module` FROM `'.TABLE_PREFIX.'sections` WHERE `page_id`='.(int)$page_id;


  		




  
  445
  
    
			$query_modules = $database->query($sql);


  		




  475
  446
  
    

  		




  476
  447
  
    
    		while($row = $query_modules->fetchRow()) {


  		




  477
  448
  
    
				// check if page module directory contains a backend.js or backend.css file


  		












Also available in:  Unified diff