************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
ADD_DESCR("admin", basename(__FILE__));
$OUT = ""; $SW = 2;
// Edit selected modules
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load module data
- $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT module, title, locked, hidden, admin_only, mem_only FROM "._MYSQL_PREFIX."_mod_reg WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($mod, $title, $locked, $hidden, $admin, $mem) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
elseif (isset($_POST['change']))
{
// Change modules
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Secure ID number
$id = bigintval($id);
// Update module
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_mod_reg SET title='%s', locked='%s', hidden='%s', admin_only='%s', mem_only='%s' WHERE id=%s LIMIT 1",
array($_POST['title'][$id], $_POST['locked'][$id], $_POST['hidden'][$id], $_POST['admin'][$id], $_POST['member'][$id], $id), __FILE__, __LINE__);
}
projects / mailer.git / blobdiff