************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
-ADD_DESCR("admin", basename(__FILE__));
+ADD_DESCR("admin", __FILE__);
// Do we edit/delete/change main menus or sub menus?
-$AND = "what = ''"; $SUB = "";
+$AND = "(what = '' OR what IS NULL)"; $SUB = "";
if (!empty($_GET['sub']))
{
if ($confirm == 1)
{
$cnt++;
- $result = SQL_QUERY_ESC("SELECT title, action, what, descr FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT title, action, what FROM "._MYSQL_PREFIX."_member_menu WHERE ".$AND." AND id=%s LIMIT 1",
array(bigintval($sel)), __FILE__, __LINE__);
if (SQL_NUMROWS($result) == 1)
{
// An act is done...
foreach ($_POST['sel'] as $sel => $menu)
{
- $AND = "what = ''";
+ $AND = "(what = '' OR what IS NULL)";
$sel = bigintval($sel);
if (!empty($SUB)) $AND = "action='".$SUB."'";
switch ($_POST['ok'])
{
case "edit": // Edit menu
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s', descr='%s' WHERE ".$AND." AND id=%s LIMIT 1",
- array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $_POST['sel_descr'][$sel], $sel), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_member_menu SET title='%s', action='%s', what='%s' WHERE ".$AND." AND id=%s LIMIT 1",
+ array($menu, $_POST['sel_act'][$sel], $_POST['sel_what'][$sel], $sel), __FILE__, __LINE__);
break;
case "del": // Delete menu
projects / mailer.git / blobdiff