Security line in all includes changed
[mailer.git] / inc / modules / admin / what-edit_emails.php
1 <?php
2 /************************************************************************
3  * MXChange v0.2.1                                    Start: 09/28/2003 *
4  * ===============                              Last change: 04/09/2004 *
5  *                                                                      *
6  * -------------------------------------------------------------------- *
7  * File              : what-edit_emails.php                             *
8  * -------------------------------------------------------------------- *
9  * Short description : Edit ordered mails e.g. redirecting the URL      *
10  * -------------------------------------------------------------------- *
11  * Kurzbeschreibung  : Werbebuchungen aendern (z.B. umleiten der URL)   *
12  * -------------------------------------------------------------------- *
13  *                                                                      *
14  * -------------------------------------------------------------------- *
15  * Copyright (c) 2003 - 2008 by Roland Haeder                           *
16  * For more information visit: http://www.mxchange.org                  *
17  *                                                                      *
18  * This program is free software; you can redistribute it and/or modify *
19  * it under the terms of the GNU General Public License as published by *
20  * the Free Software Foundation; either version 2 of the License, or    *
21  * (at your option) any later version.                                  *
22  *                                                                      *
23  * This program is distributed in the hope that it will be useful,      *
24  * but WITHOUT ANY WARRANTY; without even the implied warranty of       *
25  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the        *
26  * GNU General Public License for more details.                         *
27  *                                                                      *
28  * You should have received a copy of the GNU General Public License    *
29  * along with this program; if not, write to the Free Software          *
30  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,               *
31  * MA  02110-1301  USA                                                  *
32  ************************************************************************/
33
34 // Some security stuff...
35 if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
36         $INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
37         require($INC);
38 }
39
40 // Add description as navigation point
41 ADD_DESCR("admin", basename(__FILE__));
42
43 if ((isset($_POST['ok'])) && (empty($_POST['id']))) {
44         unset($_POST['ok']);
45 }
46
47 $result = SQL_QUERY("SELECT id, sender, subject, payment_id, cat_id FROM "._MYSQL_PREFIX."_pool ORDER BY timestamp", __FILE__, __LINE__);
48 if (SQL_NUMROWS($result) > 0)
49 {
50         if (isset($_POST['ok']))
51         {
52                 // Make mail editable...
53                 $result = SQL_QUERY_ESC("SELECT subject, text, url FROM "._MYSQL_PREFIX."_pool WHERE id=%s LIMIT 1",
54                  array(bigintval($_POST['id'])), __FILE__, __LINE__);
55                 list($subj, $text, $url) = SQL_FETCHROW($result);
56                 SQL_FREERESULT($result);
57                 define('__ID_VALUE'  , $_POST['id']);
58                 define('__URL_VALUE' , $url);
59                 define('__SUBJ_VALUE', $subj);
60                 define('__TEXT_VALUE', $text);
61
62                 // Load template
63                 LOAD_TEMPLATE("admin_edit_email");
64         }
65          elseif (!empty($_POST['save']))
66         {
67                 // Save changes
68                 if (!empty($SQL))
69                 {
70                         $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_pool SET
71 subject='%s',
72 text='%s',
73 url='%s'
74 WHERE id=%s LIMIT 1",
75  array(
76         addslashes($_POST['subj']),
77         addslashes($_POST['text']),
78         addslashes($_POST['url']),
79         bigintval($_POST['id']),
80 ), __FILE__, __LINE__);
81                         if (SQL_AFFECTEDROWS() == 1)
82                         {
83                                 $content = "<SPAN class=\"admin_done\">".SETTINGS_SAVED."</SPAN>";
84                         }
85                          else
86                         {
87                                 $content = "<SPAN class=\"admin_failed\">".SETTINGS_NOT_SAVED."</SPAN>";
88                         }
89                 }
90                  else
91                 {
92                         $content = "<SPAN class=\"admin_failed\">".SETTINGS_NOT_SAVED."</SPAN>";
93                 }
94
95                 // Display message
96                 LOAD_TEMPLATE("admin_settings_saved", false, $content);
97         }
98          else
99         {
100                 // There are mail orders available
101                 $SW = 2; $OUT = "";
102                 while (list($id, $sender, $subj, $pay, $cat) = SQL_FETCHROW($result))
103                 {
104                         // Prepare data for the row template
105                         $content = array(
106                                 'sw'   => $SW,
107                                 'id'   => $id,
108                                 'subj' => $subj,
109                                 'uid'  => ADMIN_USER_PROFILE_LINK($sender),
110                                 'pay'  => GET_PAYMENT($pay),
111                                 'cat'  => GET_CATEGORY($cat),
112                         );
113
114                         // Load row template and switch colors
115                         $OUT .= LOAD_TEMPLATE("admin_edit_email_row", true, $content);
116                         $SW = 3 - $SW;
117                 }
118
119                 // Free memory
120                 SQL_FREERESULT($result);
121                 define('__EMAIL_SELECT_ROWS', $OUT);
122
123                 // Load email template
124                 LOAD_TEMPLATE("admin_edit_email_select");
125         }
126 } else {
127         // No mail orders left in pool
128         OUTPUT_HTML("<SPAN class=\"admin_failed\">".ADMIN_NO_MAILS_IN_POOL."</SPAN>");
129 }
130
131 //
132 ?>