X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;ds=sidebyside;f=inc%2Fmodules%2Fadmin%2Fwhat-edit_emails.php;h=a02228e75abf5693ae70f2b1cd3a3f1b7c4e7d1a;hb=5bdeaf8b452206598b6c6cd4f941145b11a0eccc;hp=2a5e85516245aace2150a6d833988b0b2f48e80a;hpb=6032b7018b83778f1592383238f4e0d28f718622;p=mailer.git
diff --git a/inc/modules/admin/what-edit_emails.php b/inc/modules/admin/what-edit_emails.php
index 2a5e855162..a02228e75a 100644
--- a/inc/modules/admin/what-edit_emails.php
+++ b/inc/modules/admin/what-edit_emails.php
@@ -32,25 +32,23 @@
************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
if ((isset($_POST['ok'])) && (empty($_POST['id']))) {
unset($_POST['ok']);
}
-$result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM "._MYSQL_PREFIX."_pool ORDER BY timestamp", __FILE__, __LINE__);
-if (SQL_NUMROWS($result) > 0)
-{
- if (isset($_POST['ok']))
- {
+$result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM `{!_MYSQL_PREFIX!}_pool` ORDER BY timestamp", __FILE__, __LINE__);
+if (SQL_NUMROWS($result) > 0) {
+ if (isset($_POST['ok'])) {
// Make mail editable...
- $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT subject, text, url FROM `{!_MYSQL_PREFIX!}_pool` WHERE id=%s LIMIT 1",
array(bigintval($_POST['id'])), __FILE__, __LINE__);
list($subj, $text, $url) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
@@ -61,46 +59,32 @@ if (SQL_NUMROWS($result) > 0)
// Load template
LOAD_TEMPLATE("admin_edit_email");
- }
- elseif (!empty($_POST['save']))
- {
+ } elseif (!empty($_POST['save'])) {
// Save changes
- if (!empty($SQL))
- {
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
+ SQL_QUERY_ESC("UPDATE `{!_MYSQL_PREFIX!}_pool` SET
subject='%s',
text='%s',
url='%s'
WHERE id=%s LIMIT 1",
array(
- addslashes($_POST['subj']),
- addslashes($_POST['text']),
- addslashes($_POST['url']),
+ $_POST['subj'],
+ $_POST['text'],
+ $_POST['url'],
bigintval($_POST['id']),
), __FILE__, __LINE__);
- if (SQL_AFFECTEDROWS() == 1)
- {
- $content = "".SETTINGS_SAVED."";
- }
- else
- {
- $content = "".SETTINGS_NOT_SAVED."";
- }
- }
- else
- {
- $content = "".SETTINGS_NOT_SAVED."";
+
+ if (SQL_AFFECTEDROWS() == 1) {
+ $content = SETTINGS_SAVED;
+ } else {
+ $content = "".SETTINGS_NOT_SAVED."";
}
// Display message
LOAD_TEMPLATE("admin_settings_saved", false, $content);
- }
- else
- {
+ } else {
// There are mail orders available
$SW = 2; $OUT = "";
- while (list($id, $sender, $subj, $pay, $cat) = SQL_FETCHROW($result))
- {
+ while (list($id, $sender, $subj, $pay, $cat) = SQL_FETCHROW($result)) {
// Prepare data for the row template
$content = array(
'sw' => $SW,
@@ -125,7 +109,7 @@ WHERE id=%s LIMIT 1",
}
} else {
// No mail orders left in pool
- OUTPUT_HTML("".ADMIN_NO_MAILS_IN_POOL."");
+ OUTPUT_HTML("".ADMIN_NO_MAILS_IN_POOL."");
}
//