************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
if (!empty($_GET['rallye']))
{
{
// Ok, new price level entered!
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_rallye_prices (rallye_id, price_level, points, info)
-VALUES ('%s', '%s', '%s', '%s')",
+VALUES ('%s','%s','%s','%s')",
array(
bigintval($_GET['rallye']),
bigintval($_POST['level']),
if ($SEL > 0)
{
// Delete selected entries
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
$result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
elseif (isset($_POST['change']))
{
// Change entries
- foreach ($_POST['level'] as $id=>$level)
+ foreach ($_POST['level'] as $id => $level)
{
// Secure ID
$id = bigintval($id);
{
// Make selected editable
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load data to selected rallye
$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
{
// List all prices
$SW = 2; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load data to selected rallye
$result = SQL_QUERY_ESC("SELECT rallye_id, price_level, points, info FROM "._MYSQL_PREFIX."_rallye_prices WHERE id=%s LIMIT 1",
projects / mailer.git / blobdiff