/branches/2.8.x/wb/admin/groups/save.php - Annotate - WB 2.08.x - Tracking

wb-archiv283/branches/2.8.x/wb/admin/groups/save.php @ 1542

-            ryan
+<?php
-            FrankH
+/**
+ *
  * @category        admin
  * @package         groups
  * @author          WebsiteBaker Project
  * @copyright       2004-2009, Ryan Djurovich
  * @copyright       2009-2011, Website Baker Org. e.V.
  * @link			http://www.websitebaker2.org/
  * @license         http://www.gnu.org/licenses/gpl.html
  * @platform        WebsiteBaker 2.8.x
  * @requirements    PHP 5.2.2 and higher
  * @version         $Id$
-            Luisehahne
+ * @filesource		$HeadURL$
  * @lastmodified    $Date$
             FrankH
  */
             ryan
 // Print admin header
 require('../../config.php');
 require_once(WB_PATH.'/framework/class.admin.php');
-            Luisehahne
+// suppress to print the header, so no new FTAN will be set
 $admin = new admin('Access', 'groups_modify', false);
-            Luisehahne
+// Create a javascript back link
 $js_back = ADMIN_URL.'/groups/index.php';
-            FrankH
+if (!$admin->checkFTAN())
+{
-            Luisehahne
+	$admin->print_header();
-            Luisehahne
+	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'],$js_back);
             FrankH
             ryan
 // Check if group group_id is a valid number and doesnt equal 1
-            Luisehahne
+$group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD']));
 if( ($group_id < 2 ) )
+{
 	// if($admin_header) { $admin->print_header(); }
 	$admin->print_header();
 	$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'] );
             ryan
 // Gather details entered
-            thorn
+$group_name = $admin->get_post_escaped('group_name');
             ryan
 // Check values
 if($group_name == "") {
 	$admin->print_error($MESSAGE['GROUPS']['GROUP_NAME_BLANK'], $js_back);
+}
-            Luisehahne
+// After check print the header
 $admin->print_header();
             ryan
 // Get system permissions
 require_once(ADMIN_PATH.'/groups/get_permissions.php');
 // Update the database
-            Luisehahne
+$query = "UPDATE `".TABLE_PREFIX."groups` SET `name` = '$group_name', `system_permissions` = '$system_permissions', `module_permissions` = '$module_permissions', `template_permissions` = '$template_permissions' WHERE `group_id` = '$group_id'";
             ryan
 $database->query($query);
 if($database->is_error()) {
 	$admin->print_error($database->get_error());
 } else {
 	$admin->print_success($MESSAGE['GROUPS']['SAVED'], ADMIN_URL.'/groups/index.php');
+}
 // Print admin footer
 $admin->print_footer();

Project

General

Profile

WB 2.08.x