source: extensions/Copyrights/admin.php @ 10931

Last change on this file since 10931 was 10931, checked in by J.Commelin, 14 years ago

Added banners to php files.
Escaped user data that would be inserted in queries.

File size: 4.2 KB
Line 
1<?php
2// +-----------------------------------------------------------------------+
3// | Piwigo - a PHP based picture gallery                                  |
4// +-----------------------------------------------------------------------+
5// | Copyright(C) 2008-2009 Piwigo Team                  http://piwigo.org |
6// | Copyright(C) 2003-2008 PhpWebGallery Team    http://phpwebgallery.net |
7// | Copyright(C) 2002-2003 Pierrick LE GALL   http://le-gall.net/pierrick |
8// +-----------------------------------------------------------------------+
9// | This program is free software; you can redistribute it and/or modify  |
10// | it under the terms of the GNU General Public License as published by  |
11// | the Free Software Foundation                                          |
12// |                                                                       |
13// | This program is distributed in the hope that it will be useful, but   |
14// | WITHOUT ANY WARRANTY; without even the implied warranty of            |
15// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU      |
16// | General Public License for more details.                              |
17// |                                                                       |
18// | You should have received a copy of the GNU General Public License     |
19// | along with this program; if not, write to the Free Software           |
20// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
21// | USA.                                                                  |
22// +-----------------------------------------------------------------------+
23
24if (!defined("PHPWG_ROOT_PATH")){
25  die("Hacking attempt!");
26}
27
28include_once(PHPWG_ROOT_PATH.'admin/include/functions.php');
29
30// Check access and exit when user status is not ok
31check_status(ACCESS_ADMINISTRATOR);
32
33// Default is to create, if changed to 1, show edit page
34$edit = 0;
35
36// The values for the form fields
37$CRid = 0;
38$CRname = '';
39$CRurl = '';
40$CRvisible = 0;
41
42// Do managing of copyrights
43if (isset($_GET['tab'])) {
44  if ($_GET['tab'] == 'create') {
45    $name = pwg_db_real_escape_string($_REQUEST['name']);
46    $url = pwg_db_real_escape_string($_REQUEST['url']);
47    $visible = (isset($_REQUEST['visible']) ? 1 : 0);
48    $query = sprintf(
49      'INSERT INTO %s
50      (`name`,`url`,`visible`) VALUES
51      ("%s","%s",%d)
52      ;',
53      COPYRIGHTS_ADMIN, $name, $url, $visible);
54    pwg_query($query);
55  }
56
57  if ($_GET['tab'] == 'edit') {
58    $edit = 1;
59    $CRid = $_REQUEST['id'];
60    $query = sprintf(
61      'SELECT *
62      FROM %s
63      WHERE `cr_id`=%d
64      ;',
65      COPYRIGHTS_ADMIN, $CRid);
66    $result = pwg_query($query);
67    $row = pwg_db_fetch_assoc($result);
68    $CRname = $row['name'];
69    $CRurl = $row['url'];
70    $CRvisible = $row['visible'];
71  }
72
73  if ($_GET['tab'] == 'update') {
74    $id = pwg_db_real_escape_string($_REQUEST['id']);
75    $name = pwg_db_real_escape_string($_REQUEST['name']);
76    $url = pwg_db_real_escape_string($_REQUEST['url']);
77    $visible = (isset($_REQUEST['visible']) ? 1 : 0);
78    $query = sprintf(
79      'UPDATE %s
80      SET `name`="%s", `url`="%s", `visible`=%d
81      WHERE `cr_id`=%d
82      ;',
83      COPYRIGHTS_ADMIN, $name, $url, $visible, $id);
84    pwg_query($query);
85  }
86 
87  if ($_GET['tab'] == 'delete') {
88    $id = $_REQUEST['id'];
89    $query = sprintf(
90      'DELETE FROM %s
91      WHERE `cr_id`=%d
92      ;',
93      COPYRIGHTS_ADMIN, $id);
94    pwg_query($query);
95  }
96}
97
98// Create page template
99global $template;
100
101$template->set_filenames(
102  array(
103    'plugin_admin_content' => dirname(__FILE__).'/admin.tpl'
104  )
105);
106
107$query = sprintf(
108  'SELECT *
109  FROM %s
110  ;',
111  COPYTIGHTS_ADMIN);
112$result = pwg_query($query);
113
114while ($row = pwg_db_fetch_assoc($result)) {
115  $template->append(
116    'CRs',
117    array(
118      'cr_id'   => $row['cr_id'],
119      'name'    => $row['name'],
120      'url'     => $row['url'],
121      'visible' => $row['visible']
122    )
123  );
124}
125
126$template->assign(
127  'COPYRIGHTS_PATH',
128  COPYRIGHTS_WEB_PATH
129);
130
131$template->assign('edit', $edit);
132$template->assign('CRid', $CRid);
133$template->assign('CRname', $CRname);
134$template->assign('CRurl', $CRurl);
135$template->assign('CRvisible', $CRvisible);
136
137$template->assign_var_from_handle('ADMIN_CONTENT', 'plugin_admin_content');
138
139?>
Note: See TracBrowser for help on using the repository browser.