************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN())) {
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
// Init variable to avoid a notice
$CATS = "";
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
if (isset($_POST['add'])) {
// Add a new category
$result = SQL_QUERY_ESC("SELECT id FROM "._MYSQL_PREFIX."_cats WHERE cat='%s' LIMIT 1",
- array(addslashes($_POST['catname'])), __FILE__, __LINE__);
+ array($_POST['catname']), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 0) {
// Category does not exists, we simply add it...
- $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s', '%s', '%s')",
- array(addslashes($_POST['catname']), $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_cats (cat, visible, sort) VALUES ('%s','%s','%s')",
+ array($_POST['catname'], $_POST['visible'], bigintval($_POST['parent'] + 1)), __FILE__, __LINE__);
$content = "<SPAN class=\"admin_done\">".CATEGORY_ADDED."</SPAN>";
} else {
// Category does already exists
} elseif ((isset($_POST['ok'])) && (isset($_POST['id'])) && (is_array($_POST['id']))) {
// Change or delete categories...
$TEXT = "";
- foreach ($_POST['id'] as $id=>$cat) {
+ foreach ($_POST['id'] as $id => $cat) {
// Secure ID
$id = bigintval($id);
switch ($_GET['do'])
{
case "edit": // Change categories
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%d WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_cats SET cat='%s', visible='%s', sort=%s WHERE id=%s LIMIT 1",
array($cat, $_POST['vis'][$id], $_POST['sort'][$id], $id), __FILE__, __LINE__);
$TEXT = CATEGORIES_SAVED;
break;
case "del": // Delete categories
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array($id), __FILE__, __LINE__);
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%d",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_user_cats WHERE cat_id=%s",
array($id), __FILE__, __LINE__);
$TEXT = CATEGORIES_DELETED;
break;
{
// Delete categories
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$value)
+ foreach ($_POST['sel'] as $id => $value)
{
// Load data of category
- $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT cat FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($cat) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
} elseif ((isset($_POST['edit'])) && ((SELECTION_COUNT($_POST['sel']) > 0) || (isset($_POST['sel'][0])))) {
// Edit categories
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$value)
+ foreach ($_POST['sel'] as $id => $value)
{
// Load data from the category
- $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT cat, visible, sort FROM "._MYSQL_PREFIX."_cats WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($cat, $vis, $sort) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
// Form to add a new category
LOAD_TEMPLATE("admin_add_cat");
}
-CLOSE_TABLE();
+
//
?>
projects / mailer.git / blobdiff