************************************************************************/
// Some security stuff...
-if ((ereg(basename(__FILE__), $_SERVER['PHP_SELF'])) || (!IS_ADMIN()))
-{
+if ((!defined('__SECURITY')) || (!IS_ADMIN())) {
$INC = substr(dirname(__FILE__), 0, strpos(dirname(__FILE__), "/inc") + 4) . "/security.php";
require($INC);
}
+
// Add description as navigation point
ADD_DESCR("admin", basename(__FILE__));
-global $link;
-
$SEL = 0;
if ((empty($_POST['url'])) || (empty($_POST['alternate'])))
{
}
if (!empty($_POST['sel'])) $SEL = SELECTION_COUNT($_POST['sel']);
-OPEN_TABLE("100%", "admin_content admin_content_align", "");
if (isset($_POST['ok']))
{
// Fix older calls from add-new-banner-form
{
// Add banner
$result = SQL_QUERY_ESC("INSERT INTO "._MYSQL_PREFIX."_refbanner (url, alternate, visible)
-VALUES ('%s', '%s', '%s')",
+VALUES ('%s','%s','%s')",
array($_POST['url'], $_POST['alternate'], $_POST['visible']), __FILE__, __LINE__);
}
else
break;
case "edit": // Update banner
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Secure ID
$id = bigintval($id);
// Update entry
- $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%d LIMIT 1",
- array(stripslashes($_POST['url'][$id]), $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
+ $result = SQL_QUERY_ESC("UPDATE "._MYSQL_PREFIX."_refbanner SET url='%s', alternate='%s', visible='%s' WHERE id=%s LIMIT 1",
+ array($_POST['url'][$id], $_POST['alternate'][$id], $_POST['visible'], $id), __FILE__, __LINE__);
}
break;
}
- if (SQL_AFFECTEDROWS($link, __FILE__, __LINE__) == 1)
+ if (SQL_AFFECTEDROWS() == 1)
{
$content = "<SPAN class=\"admin_done\">".SETTINGS_SAVED."</SPAN>";
}
{
// Edit banner
$SW = ""; $OUT = "";
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
// Load data
- $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("SELECT url, alternate, visible FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
list($url, $alt, $vis) = SQL_FETCHROW($result);
SQL_FREERESULT($result);
if (($SEL > 0) && (isset($_POST['del'])))
{
// Delete banner
- foreach ($_POST['sel'] as $id=>$sel)
+ foreach ($_POST['sel'] as $id => $sel)
{
- $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%d LIMIT 1",
+ $result = SQL_QUERY_ESC("DELETE LOW_PRIORITY FROM "._MYSQL_PREFIX."_refbanner WHERE id=%s LIMIT 1",
array(bigintval($id)), __FILE__, __LINE__);
}
}
// Form for adding new referral levels
LOAD_TEMPLATE("admin_add_banner");
}
-CLOSE_TABLE();
+
//
?>
projects / mailer.git / blobdiff