2212 <?php |
2212 <?php |
2213 $output->footer(); |
2213 $output->footer(); |
2214 } |
2214 } |
2215 } |
2215 } |
2216 |
2216 |
2217 function page_Special_EditSidebar() |
2217 function page_Admin_EditSidebar() |
2218 { |
2218 { |
2219 global $db, $session, $paths, $template, $plugins; // Common objects |
2219 global $db, $session, $paths, $template, $plugins; // Common objects |
2220 global $lang; |
2220 global $lang; |
2221 global $cache; |
2221 global $cache; |
2222 |
2222 |
2223 if($session->auth_level < USER_LEVEL_ADMIN) |
2223 if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) |
2224 { |
2224 { |
2225 redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), '', '', false); |
2225 $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true); |
2226 exit; |
2226 echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>'; |
2227 } |
2227 echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>'; |
2228 else |
2228 return; |
2229 { |
2229 } |
2230 if ( isset($_GET['update_order']) ) |
2230 |
2231 { |
2231 if ( isset($_GET['update_order']) ) |
2232 header('Content-type: text/javascript'); |
2232 { |
2233 $order = @$_POST['order']; |
2233 header('Content-type: text/javascript'); |
2234 try |
2234 $order = @$_POST['order']; |
|
2235 try |
|
2236 { |
|
2237 $order = enano_json_decode($order); |
|
2238 } |
|
2239 catch ( Zend_Json_Exception $e ) |
|
2240 { |
|
2241 return print enano_json_encode(array( |
|
2242 'mode' => 'error', |
|
2243 'error' => 'bad order' |
|
2244 )); |
|
2245 } |
|
2246 |
|
2247 foreach ( $order as $sidebar_id => $blocks ) |
|
2248 { |
|
2249 foreach ( $blocks as $order => $block_id ) |
2235 { |
2250 { |
2236 $order = enano_json_decode($order); |
2251 $sbid = intval($sidebar_id); |
|
2252 $order = intval($order); |
|
2253 $block_id = intval($block_id); |
|
2254 $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); |
|
2255 if ( !$q ) |
|
2256 $db->die_json(); |
2237 } |
2257 } |
2238 catch ( Zend_Json_Exception $e ) |
2258 } |
|
2259 |
|
2260 return print enano_json_encode(array( |
|
2261 'mode' => 'success' |
|
2262 )); |
|
2263 } |
|
2264 |
|
2265 // $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); |
|
2266 // $template->add_header('<script type="text/javascript" src="'.cdnPath.'/includes/clientside/sbedit.js"></script>'); |
|
2267 |
|
2268 // $template->header(); |
|
2269 |
|
2270 if(isset($_POST['save'])) |
|
2271 { |
|
2272 // Write the new block order to the database |
|
2273 // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... |
|
2274 // Anyone know a better way to do this? |
|
2275 $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
|
2276 if ( !$q ) |
|
2277 { |
|
2278 $db->_die('The sidebar order data could not be selected.'); |
|
2279 } |
|
2280 $orders = Array(); |
|
2281 while($row = $db->fetchrow()) |
|
2282 { |
|
2283 $orders[] = Array( |
|
2284 count($orders), |
|
2285 $row['item_id'], |
|
2286 $row['sidebar_id'], |
|
2287 ); |
|
2288 } |
|
2289 $db->free_result(); |
|
2290 |
|
2291 // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. |
|
2292 $ol = explode(',', $_POST['order_left']); |
|
2293 $odr = explode(',', $_POST['order_right']); |
|
2294 $om = array_merge($ol, $odr); |
|
2295 unset($ol, $odr); |
|
2296 $queries = Array(); |
|
2297 foreach($orders as $k => $v) |
|
2298 { |
|
2299 $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; |
|
2300 } |
|
2301 foreach($queries as $sql) |
|
2302 { |
|
2303 $q = $db->sql_query($sql); |
|
2304 if(!$q) |
2239 { |
2305 { |
2240 return print enano_json_encode(array( |
2306 $t = $db->get_error(); |
2241 'mode' => 'error', |
2307 echo $t; |
2242 'error' => 'bad order' |
2308 |
2243 )); |
2309 exit; |
2244 } |
2310 } |
2245 |
2311 } |
2246 foreach ( $order as $sidebar_id => $blocks ) |
2312 $cache->purge('anon_sidebar'); |
2247 { |
2313 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_order_update_success') . '</div>'; |
2248 foreach ( $blocks as $order => $block_id ) |
2314 } |
|
2315 elseif(isset($_POST['create'])) |
|
2316 { |
|
2317 switch((int)$_POST['type']) |
|
2318 { |
|
2319 case BLOCK_WIKIFORMAT: |
|
2320 $content = $_POST['wikiformat_content']; |
|
2321 break; |
|
2322 case BLOCK_TEMPLATEFORMAT: |
|
2323 $content = $_POST['templateformat_content']; |
|
2324 break; |
|
2325 case BLOCK_HTML: |
|
2326 $content = $_POST['html_content']; |
|
2327 break; |
|
2328 case BLOCK_PHP: |
|
2329 $content = $_POST['php_content']; |
|
2330 break; |
|
2331 case BLOCK_PLUGIN: |
|
2332 $content = $_POST['plugin_id']; |
|
2333 break; |
|
2334 } |
|
2335 |
|
2336 if ( defined('ENANO_DEMO_MODE') ) |
|
2337 { |
|
2338 // Sanitize the HTML |
|
2339 $content = sanitize_html($content, true); |
|
2340 } |
|
2341 |
|
2342 if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) |
|
2343 { |
|
2344 echo '<div class="error-box" style="margin: 10px 0 10px 0;">' . $lang->get('sbedit_err_demo_php_disable') . '</div>'; |
|
2345 $_POST['php_content'] = '?><Nulled>'; |
|
2346 $content = $_POST['php_content']; |
|
2347 } |
|
2348 |
|
2349 // Get the value of item_order |
|
2350 |
|
2351 $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); |
|
2352 if(!$q) $db->_die('The order number could not be selected'); |
|
2353 $io = $db->numrows(); |
|
2354 |
|
2355 $db->free_result(); |
|
2356 |
|
2357 $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; |
|
2358 $result = $db->sql_query($q); |
|
2359 if(!$result) |
|
2360 { |
|
2361 echo $db->get_error(); |
|
2362 |
|
2363 exit; |
|
2364 } |
|
2365 |
|
2366 $cache->purge('anon_sidebar'); |
|
2367 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_item_added') . '</div>'; |
|
2368 |
|
2369 } |
|
2370 |
|
2371 if(isset($_GET['action']) && isset($_GET['id'])) |
|
2372 { |
|
2373 if(!preg_match('#^([0-9]*)$#', $_GET['id'])) |
|
2374 { |
|
2375 echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>'; |
|
2376 } |
|
2377 switch($_GET['action']) |
|
2378 { |
|
2379 case 'new': |
|
2380 ?> |
|
2381 |
|
2382 <?php acp_start_form(); ?> |
|
2383 |
|
2384 <p> |
|
2385 <?php echo $lang->get('sbedit_create_intro'); ?> |
|
2386 </p> |
|
2387 <p> |
|
2388 <select name="type" onchange="setType(this)" id="sbedit_create_select_type"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?> |
|
2389 <option value="<?php echo BLOCK_WIKIFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_wiki'); ?></option> |
|
2390 <option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_tpl'); ?></option> |
|
2391 <option value="<?php echo BLOCK_HTML; ?>"><?php echo $lang->get('sbedit_block_type_html'); ?></option> |
|
2392 <option value="<?php echo BLOCK_PHP; ?>"><?php echo $lang->get('sbedit_block_type_php'); ?></option> |
|
2393 <option value="<?php echo BLOCK_PLUGIN; ?>"><?php echo $lang->get('sbedit_block_type_plugin'); ?></option> |
|
2394 </select> |
|
2395 </p> |
|
2396 |
|
2397 <p> |
|
2398 |
|
2399 <?php echo $lang->get('sbedit_field_block_title'); ?> <input name="title" type="text" size="40" /><br /> |
|
2400 <?php echo $lang->get('sbedit_field_block_sidebar'); ?> |
|
2401 <select name="sidebar_id"> |
|
2402 <option value="<?php echo SIDEBAR_LEFT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_left'); ?></option> |
|
2403 <option value="<?php echo SIDEBAR_RIGHT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_right'); ?></option> |
|
2404 </select> |
|
2405 |
|
2406 </p> |
|
2407 |
|
2408 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>"> |
|
2409 <?php echo $lang->get('sbedit_field_wikitext'); ?> |
|
2410 <p> |
|
2411 <textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea> |
|
2412 </p> |
|
2413 </div> |
|
2414 |
|
2415 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>"> |
|
2416 <?php echo $lang->get('sbedit_field_tplcode'); ?> |
|
2417 <p> |
|
2418 <textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea> |
|
2419 </p> |
|
2420 </div> |
|
2421 |
|
2422 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>"> |
|
2423 <?php echo $lang->get('sbedit_field_html'); ?> |
|
2424 <p> |
|
2425 <textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea> |
|
2426 </p> |
|
2427 </div> |
|
2428 |
|
2429 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>"> |
|
2430 <?php if ( defined('ENANO_DEMO_MODE') ) { ?> |
|
2431 <p><?php echo $lang->get('sbedit_field_php_disabled'); ?></p> |
|
2432 <?php } else { ?> |
|
2433 <?php echo $lang->get('sbedit_field_php'); ?> |
|
2434 |
|
2435 <p> |
|
2436 <textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea> |
|
2437 </p> |
|
2438 <?php } ?> |
|
2439 </div> |
|
2440 |
|
2441 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>"> |
|
2442 <?php echo $lang->get('sbedit_field_plugin'); ?> |
|
2443 <p> |
|
2444 <select name="plugin_id"> |
|
2445 <?php |
|
2446 foreach($template->plugin_blocks as $k => $c) |
|
2447 { |
|
2448 echo '<option value="'.$k.'">'.$lang->get($k).'</option>'; |
|
2449 } |
|
2450 ?> |
|
2451 </select> |
|
2452 </p> |
|
2453 </div> |
|
2454 |
|
2455 <p> |
|
2456 |
|
2457 <input type="submit" name="create" value="<?php echo $lang->get('sbedit_btn_create_block'); ?>" style="font-weight: bold;" /> |
|
2458 <input type="submit" name="cancel" value="<?php echo $lang->get('etc_cancel'); ?>" /> |
|
2459 |
|
2460 </p> |
|
2461 |
|
2462 </form> |
|
2463 |
|
2464 <script type="text/javascript"> |
|
2465 addOnloadHook(function() |
|
2466 { |
|
2467 var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2468 for(var i in divs) |
|
2469 { |
|
2470 if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); |
|
2471 } |
|
2472 }); |
|
2473 </script> |
|
2474 |
|
2475 <?php |
|
2476 |
|
2477 return; |
|
2478 break; |
|
2479 case 'move': |
|
2480 $cache->purge('anon_sidebar'); |
|
2481 if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
2249 { |
2482 { |
2250 $sbid = intval($sidebar_id); |
2483 echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
2251 $order = intval($order); |
2484 break; |
2252 $block_id = intval($block_id); |
|
2253 $q = $db->sql_query('UPDATE ' . table_prefix . "sidebar SET sidebar_id = $sbid, item_order = $order WHERE item_id = $block_id;"); |
|
2254 if ( !$q ) |
|
2255 $db->die_json(); |
|
2256 } |
2485 } |
2257 } |
2486 $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); |
2258 |
2487 if(!$query) |
2259 return print enano_json_encode(array( |
2488 { |
2260 'mode' => 'success' |
2489 echo $db->get_error(); |
2261 )); |
2490 |
2262 } |
2491 exit; |
2263 |
2492 } |
2264 $template->preload_js(array('l10n', 'jquery', 'jquery-ui')); |
2493 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_moved') . '</div>'; |
2265 $template->add_header('<script type="text/javascript" src="'.cdnPath.'/includes/clientside/sbedit.js"></script>'); |
2494 break; |
2266 |
2495 case 'delete': |
2267 $template->header(); |
2496 $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) |
2268 |
2497 if(!$query) |
2269 if(isset($_POST['save'])) |
2498 { |
2270 { |
2499 echo $db->get_error(); |
2271 // Write the new block order to the database |
2500 |
2272 // The only way to do this is with tons of queries (one per block + one select query at the start to count everything) but afaik its safe... |
2501 exit; |
2273 // Anyone know a better way to do this? |
2502 } |
2274 $q = $db->sql_query('SELECT item_order,item_id,sidebar_id FROM '.table_prefix.'sidebar ORDER BY sidebar_id ASC, item_order ASC;'); |
2503 $cache->purge('anon_sidebar'); |
2275 if ( !$q ) |
2504 if(isset($_GET['ajax'])) |
2276 { |
2505 { |
2277 $db->_die('The sidebar order data could not be selected.'); |
2506 die('GOOD'); |
2278 } |
2507 } |
2279 $orders = Array(); |
2508 echo '<div class="error-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_deleted') . '</div>'; |
2280 while($row = $db->fetchrow()) |
2509 break; |
2281 { |
2510 case 'disenable'; |
2282 $orders[] = Array( |
2511 $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
2283 count($orders), |
|
2284 $row['item_id'], |
|
2285 $row['sidebar_id'], |
|
2286 ); |
|
2287 } |
|
2288 $db->free_result(); |
|
2289 |
|
2290 // We now have an array with each sidebar ID in its respective order. Explode the order string in $_POST['order_(left|right)'] and use it to build a set of queries. |
|
2291 $ol = explode(',', $_POST['order_left']); |
|
2292 $odr = explode(',', $_POST['order_right']); |
|
2293 $om = array_merge($ol, $odr); |
|
2294 unset($ol, $odr); |
|
2295 $queries = Array(); |
|
2296 foreach($orders as $k => $v) |
|
2297 { |
|
2298 $queries[] = 'UPDATE '.table_prefix.'sidebar SET item_order='.intval($om[$k]).' WHERE item_id='.intval($v[1]).';'; |
|
2299 } |
|
2300 foreach($queries as $sql) |
|
2301 { |
|
2302 $q = $db->sql_query($sql); |
|
2303 if(!$q) |
2512 if(!$q) |
2304 { |
2513 { |
2305 $t = $db->get_error(); |
2514 echo $db->get_error(); |
2306 echo $t; |
2515 |
2307 $template->footer(); |
|
2308 exit; |
2516 exit; |
2309 } |
2517 } |
2310 } |
2518 $r = $db->fetchrow(); |
2311 $cache->purge('anon_sidebar'); |
2519 $db->free_result(); |
2312 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_order_update_success') . '</div>'; |
2520 $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
2313 } |
2521 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); |
2314 elseif(isset($_POST['create'])) |
2522 if(!$q) |
2315 { |
2523 { |
2316 switch((int)$_POST['type']) |
2524 echo $db->get_error(); |
2317 { |
|
2318 case BLOCK_WIKIFORMAT: |
|
2319 $content = $_POST['wikiformat_content']; |
|
2320 break; |
|
2321 case BLOCK_TEMPLATEFORMAT: |
|
2322 $content = $_POST['templateformat_content']; |
|
2323 break; |
|
2324 case BLOCK_HTML: |
|
2325 $content = $_POST['html_content']; |
|
2326 break; |
|
2327 case BLOCK_PHP: |
|
2328 $content = $_POST['php_content']; |
|
2329 break; |
|
2330 case BLOCK_PLUGIN: |
|
2331 $content = $_POST['plugin_id']; |
|
2332 break; |
|
2333 } |
|
2334 |
|
2335 if ( defined('ENANO_DEMO_MODE') ) |
|
2336 { |
|
2337 // Sanitize the HTML |
|
2338 $content = sanitize_html($content, true); |
|
2339 } |
|
2340 |
|
2341 if ( defined('ENANO_DEMO_MODE') && intval($_POST['type']) == BLOCK_PHP ) |
|
2342 { |
|
2343 echo '<div class="error-box" style="margin: 10px 0 10px 0;">' . $lang->get('sbedit_err_demo_php_disable') . '</div>'; |
|
2344 $_POST['php_content'] = '?><Nulled>'; |
|
2345 $content = $_POST['php_content']; |
|
2346 } |
|
2347 |
|
2348 // Get the value of item_order |
|
2349 |
|
2350 $q = $db->sql_query('SELECT * FROM '.table_prefix.'sidebar WHERE sidebar_id='.intval($_POST['sidebar_id']).';'); |
|
2351 if(!$q) $db->_die('The order number could not be selected'); |
|
2352 $io = $db->numrows(); |
|
2353 |
|
2354 $db->free_result(); |
|
2355 |
|
2356 $q = 'INSERT INTO '.table_prefix.'sidebar(block_name, block_type, sidebar_id, block_content, item_order) VALUES ( \''.$db->escape($_POST['title']).'\', \''.$db->escape($_POST['type']).'\', \''.$db->escape($_POST['sidebar_id']).'\', \''.$db->escape($content).'\', '.$io.' );'; |
|
2357 $result = $db->sql_query($q); |
|
2358 if(!$result) |
|
2359 { |
|
2360 echo $db->get_error(); |
|
2361 $template->footer(); |
|
2362 exit; |
|
2363 } |
|
2364 |
|
2365 $cache->purge('anon_sidebar'); |
|
2366 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_item_added') . '</div>'; |
|
2367 |
|
2368 } |
|
2369 |
|
2370 if(isset($_GET['action']) && isset($_GET['id'])) |
|
2371 { |
|
2372 if(!preg_match('#^([0-9]*)$#', $_GET['id'])) |
|
2373 { |
|
2374 echo '<div class="warning-box">Error with action: $_GET["id"] was not an integer, aborting to prevent SQL injection</div>'; |
|
2375 } |
|
2376 switch($_GET['action']) |
|
2377 { |
|
2378 case 'new': |
|
2379 ?> |
|
2380 <script type="text/javascript"> |
|
2381 function setType(input) |
|
2382 { |
|
2383 val = input.value; |
|
2384 if(!val) |
|
2385 { |
|
2386 return false; |
|
2387 } |
|
2388 var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
|
2389 for(var i in divs) |
|
2390 { |
|
2391 if(divs[i].id == 'blocktype_'+val) divs[i].style.display = 'block'; |
|
2392 else divs[i].style.display = 'none'; |
|
2393 } |
|
2394 } |
|
2395 </script> |
|
2396 |
2525 |
2397 <form action="<?php echo makeUrl($paths->page); ?>" method="post"> |
2526 exit; |
|
2527 } |
|
2528 if(isset($_GET['ajax'])) |
|
2529 { |
|
2530 die('GOOD'); |
|
2531 } |
|
2532 break; |
|
2533 case 'rename'; |
|
2534 $newname = $db->escape($_POST['newname']); |
|
2535 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2536 if(!$q) |
|
2537 { |
|
2538 echo $db->get_error(); |
2398 |
2539 |
2399 <p> |
2540 exit; |
2400 <?php echo $lang->get('sbedit_create_intro'); ?> |
2541 } |
2401 </p> |
2542 if(isset($_GET['ajax'])) |
2402 <p> |
2543 { |
2403 <select name="type" onchange="setType(this)"> <?php /* (NOT WORKING, at least in firefox 2) onload="var thingy = this; setTimeout('setType(thingy)', 500);" */ ?> |
2544 die('GOOD'); |
2404 <option value="<?php echo BLOCK_WIKIFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_wiki'); ?></option> |
2545 } |
2405 <option value="<?php echo BLOCK_TEMPLATEFORMAT; ?>"><?php echo $lang->get('sbedit_block_type_tpl'); ?></option> |
2546 break; |
2406 <option value="<?php echo BLOCK_HTML; ?>"><?php echo $lang->get('sbedit_block_type_html'); ?></option> |
2547 case 'getsource': |
2407 <option value="<?php echo BLOCK_PHP; ?>"><?php echo $lang->get('sbedit_block_type_php'); ?></option> |
2548 $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
2408 <option value="<?php echo BLOCK_PLUGIN; ?>"><?php echo $lang->get('sbedit_block_type_plugin'); ?></option> |
2549 if(!$q) |
2409 </select> |
2550 { |
2410 </p> |
2551 echo $db->get_error(); |
2411 |
|
2412 <p> |
|
2413 |
|
2414 <?php echo $lang->get('sbedit_field_block_title'); ?> <input name="title" type="text" size="40" /><br /> |
|
2415 <?php echo $lang->get('sbedit_field_block_sidebar'); ?> |
|
2416 <select name="sidebar_id"> |
|
2417 <option value="<?php echo SIDEBAR_LEFT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_left'); ?></option> |
|
2418 <option value="<?php echo SIDEBAR_RIGHT; ?>"><?php echo $lang->get('sbedit_field_block_sidebar_right'); ?></option> |
|
2419 </select> |
|
2420 |
|
2421 </p> |
|
2422 |
|
2423 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_WIKIFORMAT; ?>"> |
|
2424 <?php echo $lang->get('sbedit_field_wikitext'); ?> |
|
2425 <p> |
|
2426 <textarea style="width: 98%;" name="wikiformat_content" rows="15" cols="50"></textarea> |
|
2427 </p> |
|
2428 </div> |
|
2429 |
|
2430 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_TEMPLATEFORMAT; ?>"> |
|
2431 <?php echo $lang->get('sbedit_field_tplcode'); ?> |
|
2432 <p> |
|
2433 <textarea style="width: 98%;" name="templateformat_content" rows="15" cols="50"></textarea> |
|
2434 </p> |
|
2435 </div> |
|
2436 |
|
2437 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_HTML; ?>"> |
|
2438 <?php echo $lang->get('sbedit_field_html'); ?> |
|
2439 <p> |
|
2440 <textarea style="width: 98%;" name="html_content" rows="15" cols="50"></textarea> |
|
2441 </p> |
|
2442 </div> |
|
2443 |
|
2444 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PHP; ?>"> |
|
2445 <?php if ( defined('ENANO_DEMO_MODE') ) { ?> |
|
2446 <p><?php echo $lang->get('sbedit_field_php_disabled'); ?></p> |
|
2447 <?php } else { ?> |
|
2448 <?php echo $lang->get('sbedit_field_php'); ?> |
|
2449 |
|
2450 <p> |
|
2451 <textarea style="width: 98%;" name="php_content" rows="15" cols="50"></textarea> |
|
2452 </p> |
|
2453 <?php } ?> |
|
2454 </div> |
|
2455 |
|
2456 <div class="sbadd_block" id="blocktype_<?php echo BLOCK_PLUGIN; ?>"> |
|
2457 <?php echo $lang->get('sbedit_field_plugin'); ?> |
|
2458 <p> |
|
2459 <select name="plugin_id"> |
|
2460 <?php |
|
2461 foreach($template->plugin_blocks as $k => $c) |
|
2462 { |
|
2463 echo '<option value="'.$k.'">'.$lang->get($k).'</option>'; |
|
2464 } |
|
2465 ?> |
|
2466 </select> |
|
2467 </p> |
|
2468 </div> |
|
2469 |
|
2470 <p> |
|
2471 |
|
2472 <input type="submit" name="create" value="<?php echo $lang->get('sbedit_btn_create_block'); ?>" style="font-weight: bold;" /> |
|
2473 <input type="submit" name="cancel" value="<?php echo $lang->get('etc_cancel'); ?>" /> |
|
2474 |
|
2475 </p> |
|
2476 |
|
2477 </form> |
|
2478 |
2552 |
2479 <script type="text/javascript"> |
2553 exit; |
2480 addOnloadHook(function() |
2554 } |
2481 { |
2555 $r = $db->fetchrow(); |
2482 var divs = getElementsByClassName(document, 'div', 'sbadd_block'); |
2556 $db->free_result(); |
2483 for(var i in divs) |
2557 $cache->purge('anon_sidebar'); |
2484 { |
2558 |
2485 if(divs[i].id != 'blocktype_<?php echo BLOCK_WIKIFORMAT; ?>') setTimeout("document.getElementById('"+divs[i].id+"').style.display = 'none';", 500); |
2559 if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); |
2486 } |
2560 die($r['block_content']); |
2487 }); |
2561 break; |
2488 </script> |
2562 case 'save': |
2489 |
2563 if ( defined('ENANO_DEMO_MODE') ) |
2490 <?php |
2564 { |
2491 $template->footer(); |
2565 $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
2492 return; |
|
2493 break; |
|
2494 case 'move': |
|
2495 $cache->purge('anon_sidebar'); |
|
2496 if( !isset($_GET['side']) || ( isset($_GET['side']) && !preg_match('#^([0-9]+)$#', $_GET['side']) ) ) |
|
2497 { |
|
2498 echo '<div class="warning-box" style="margin: 10px 0;">$_GET[\'side\'] contained an SQL injection attempt</div>'; |
|
2499 break; |
|
2500 } |
|
2501 $query = $db->sql_query('UPDATE '.table_prefix.'sidebar SET sidebar_id=' . $db->escape($_GET['side']) . ' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2502 if(!$query) |
|
2503 { |
|
2504 echo $db->get_error(); |
|
2505 $template->footer(); |
|
2506 exit; |
|
2507 } |
|
2508 echo '<div class="info-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_moved') . '</div>'; |
|
2509 break; |
|
2510 case 'delete': |
|
2511 $query = $db->sql_query('DELETE FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); // Already checked for injection attempts ;-) |
|
2512 if(!$query) |
|
2513 { |
|
2514 echo $db->get_error(); |
|
2515 $template->footer(); |
|
2516 exit; |
|
2517 } |
|
2518 $cache->purge('anon_sidebar'); |
|
2519 if(isset($_GET['ajax'])) |
|
2520 { |
|
2521 die('GOOD'); |
|
2522 } |
|
2523 echo '<div class="error-box" style="margin: 10px 0;">' . $lang->get('sbedit_msg_block_deleted') . '</div>'; |
|
2524 break; |
|
2525 case 'disenable'; |
|
2526 $q = $db->sql_query('SELECT item_enabled FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2527 if(!$q) |
|
2528 { |
|
2529 echo $db->get_error(); |
|
2530 $template->footer(); |
|
2531 exit; |
|
2532 } |
|
2533 $r = $db->fetchrow(); |
|
2534 $db->free_result(); |
|
2535 $e = ( $r['item_enabled'] == 1 ) ? '0' : '1'; |
|
2536 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET item_enabled='.$e.' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2537 if(!$q) |
|
2538 { |
|
2539 echo $db->get_error(); |
|
2540 $template->footer(); |
|
2541 exit; |
|
2542 } |
|
2543 if(isset($_GET['ajax'])) |
|
2544 { |
|
2545 die('GOOD'); |
|
2546 } |
|
2547 break; |
|
2548 case 'rename'; |
|
2549 $newname = $db->escape($_POST['newname']); |
|
2550 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_name=\''.$newname.'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2551 if(!$q) |
|
2552 { |
|
2553 echo $db->get_error(); |
|
2554 $template->footer(); |
|
2555 exit; |
|
2556 } |
|
2557 if(isset($_GET['ajax'])) |
|
2558 { |
|
2559 die('GOOD'); |
|
2560 } |
|
2561 break; |
|
2562 case 'getsource': |
|
2563 $q = $db->sql_query('SELECT block_content,block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2564 if(!$q) |
|
2565 { |
|
2566 echo $db->get_error(); |
|
2567 $template->footer(); |
|
2568 exit; |
|
2569 } |
|
2570 $r = $db->fetchrow(); |
|
2571 $db->free_result(); |
|
2572 $cache->purge('anon_sidebar'); |
|
2573 |
|
2574 if($r['block_type'] == BLOCK_PLUGIN) die('HOUSTON_WE_HAVE_A_PLUGIN'); |
|
2575 die($r['block_content']); |
|
2576 break; |
|
2577 case 'save': |
|
2578 if ( defined('ENANO_DEMO_MODE') ) |
|
2579 { |
|
2580 $q = $db->sql_query('SELECT block_type FROM '.table_prefix.'sidebar WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2581 if(!$q) |
|
2582 { |
|
2583 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
2584 exit; |
|
2585 } |
|
2586 $row = $db->fetchrow(); |
|
2587 if ( $row['block_type'] == BLOCK_PHP ) |
|
2588 { |
|
2589 $_POST['content'] = '?><Nulled>'; |
|
2590 } |
|
2591 else |
|
2592 { |
|
2593 $_POST['content'] = sanitize_html($_POST['content'], true); |
|
2594 } |
|
2595 } |
|
2596 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2597 if(!$q) |
2566 if(!$q) |
2598 { |
2567 { |
2599 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
2568 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
2600 exit; |
2569 exit; |
2601 } |
2570 } |
2602 echo 'GOOD'; |
2571 $row = $db->fetchrow(); |
2603 return; |
2572 if ( $row['block_type'] == BLOCK_PHP ) |
2604 |
2573 { |
2605 break; |
2574 $_POST['content'] = '?><Nulled>'; |
|
2575 } |
|
2576 else |
|
2577 { |
|
2578 $_POST['content'] = sanitize_html($_POST['content'], true); |
|
2579 } |
|
2580 } |
|
2581 $q = $db->sql_query('UPDATE '.table_prefix.'sidebar SET block_content=\''.$db->escape(rawurldecode($_POST['content'])).'\' WHERE item_id=' . intval($_GET['id']) . ';'); |
|
2582 if(!$q) |
|
2583 { |
|
2584 echo 'var status=unescape(\''.hexencode($db->get_error()).'\');'; |
|
2585 exit; |
|
2586 } |
|
2587 echo 'GOOD'; |
|
2588 return; |
|
2589 |
|
2590 break; |
|
2591 } |
|
2592 } |
|
2593 |
|
2594 ?> |
|
2595 <p> |
|
2596 <?php echo $lang->get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Admin', 'EditSidebar', 'action=new&id=0', true) )); ?> |
|
2597 </p> |
|
2598 <?php |
|
2599 |
|
2600 $q = $db->sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); |
|
2601 if ( !$q ) |
|
2602 $db->_die(); |
|
2603 |
|
2604 $switched_to_right = false; |
|
2605 |
|
2606 echo '<table border="0" cellspacing="4" cellpadding="0"><tr><td class="sbedit-column">'; |
|
2607 while ( $row = $db->fetchrow() ) |
|
2608 { |
|
2609 if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) |
|
2610 { |
|
2611 echo '</td><td class="sbedit-column">'; |
|
2612 $switched_to_right = true; |
|
2613 } |
|
2614 $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; |
|
2615 echo '<div class="sbedit-block' . $disabled_class . '" id="block:' . $row['item_id'] . '"> |
|
2616 <div class="sbedit-handle"> |
|
2617 <span>' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . '</span> |
|
2618 <input type="text" id="block_name:' . $row['item_id'] . '" value="' . htmlspecialchars($row['block_name']) . '" /> |
|
2619 </div>'; |
|
2620 ?> |
|
2621 <div class="sbedit-metainfo"> |
|
2622 <?php |
|
2623 $toolbarvars = $template->extract_vars('toolbar.tpl'); |
|
2624 $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); |
|
2625 echo $parser_start->run(); |
|
2626 |
|
2627 $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); |
|
2628 $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); |
|
2629 |
|
2630 $type = '<b>'; |
|
2631 switch($row['block_type']) |
|
2632 { |
|
2633 case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; |
|
2634 case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; |
|
2635 case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; |
|
2636 case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; |
|
2637 case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; |
|
2638 default: $type .= '$&#@'; break; |
2606 } |
2639 } |
2607 } |
2640 $type .= '</b>'; |
2608 |
2641 if ( $row['block_type'] == BLOCK_PLUGIN ) |
2609 ?> |
|
2610 <p> |
|
2611 <?php echo $lang->get('sbedit_header_msg', array( 'create_link' => makeUrlNS('Special', 'EditSidebar', 'action=new&id=0', true) )); ?> |
|
2612 </p> |
|
2613 <?php |
|
2614 |
|
2615 $q = $db->sql_query('SELECT item_id, sidebar_id, block_name, block_type, block_content, item_enabled FROM ' . table_prefix . "sidebar ORDER BY sidebar_id ASC, item_order ASC;"); |
|
2616 if ( !$q ) |
|
2617 $db->_die(); |
|
2618 |
|
2619 $switched_to_right = false; |
|
2620 |
|
2621 echo '<table border="0" cellspacing="4" cellpadding="0"><tr><td class="sbedit-column">'; |
|
2622 while ( $row = $db->fetchrow() ) |
|
2623 { |
|
2624 if ( $row['sidebar_id'] == SIDEBAR_RIGHT && !$switched_to_right ) |
|
2625 { |
2642 { |
2626 echo '</td><td class="sbedit-column">'; |
2643 $type .= ': ' . $lang->get($row['block_content']); |
2627 $switched_to_right = true; |
|
2628 } |
2644 } |
2629 $disabled_class = ( $row['item_enabled'] ) ? '' : ' disabled'; |
2645 |
2630 echo '<div class="sbedit-block' . $disabled_class . '" id="block:' . $row['item_id'] . '"> |
2646 $label->assign_vars(array( |
2631 <div class="sbedit-handle"> |
2647 'TITLE' => $type |
2632 <span>' . htmlspecialchars($template->compile_template_text_post($row['block_name'])) . '</span> |
2648 )); |
2633 <input type="text" id="block_name:' . $row['item_id'] . '" value="' . htmlspecialchars($row['block_name']) . '" /> |
2649 echo $label->run(); |
2634 </div>'; |
2650 |
2635 ?> |
2651 // edit |
2636 <div class="sbedit-metainfo"> |
2652 if ( $row['block_type'] != BLOCK_PLUGIN ) |
2637 <?php |
2653 { |
2638 $toolbarvars = $template->extract_vars('toolbar.tpl'); |
|
2639 $parser_start = $template->makeParserText($toolbarvars['toolbar_vert_start']); |
|
2640 echo $parser_start->run(); |
|
2641 |
|
2642 $button = $template->makeParserText($toolbarvars['toolbar_vert_button']); |
|
2643 $label = $template->makeParserText($toolbarvars['toolbar_vert_label']); |
|
2644 |
|
2645 $type = '<b>'; |
|
2646 switch($row['block_type']) |
|
2647 { |
|
2648 case BLOCK_WIKIFORMAT: $type .= $lang->get('sbedit_block_type_wiki'); break; |
|
2649 case BLOCK_TEMPLATEFORMAT: $type .= $lang->get('sbedit_block_type_tpl'); break; |
|
2650 case BLOCK_HTML: $type .= $lang->get('sbedit_block_type_html'); break; |
|
2651 case BLOCK_PHP: $type .= $lang->get('sbedit_block_type_php'); break; |
|
2652 case BLOCK_PLUGIN: $type .= $lang->get('sbedit_block_type_plugin'); break; |
|
2653 default: $type .= '$&#@'; break; |
|
2654 } |
|
2655 $type .= '</b>'; |
|
2656 if ( $row['block_type'] == BLOCK_PLUGIN ) |
|
2657 { |
|
2658 $type .= ': ' . $lang->get($row['block_content']); |
|
2659 } |
|
2660 |
|
2661 $label->assign_vars(array( |
|
2662 'TITLE' => $type |
|
2663 )); |
|
2664 echo $label->run(); |
|
2665 |
|
2666 // edit |
|
2667 if ( $row['block_type'] != BLOCK_PLUGIN ) |
|
2668 { |
|
2669 $button->assign_vars(array( |
|
2670 'TITLE' => $lang->get('sbedit_tip_edit'), |
|
2671 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', |
|
2672 'IMAGE' => cdnPath . '/images/edit.png' |
|
2673 )); |
|
2674 echo $button->run(); |
|
2675 } |
|
2676 |
|
2677 // delete |
|
2678 $button->assign_vars(array( |
2654 $button->assign_vars(array( |
2679 'TITLE' => $lang->get('sbedit_tip_delete'), |
2655 'TITLE' => $lang->get('sbedit_tip_edit'), |
2680 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', |
2656 'FLAGS' => 'href="#" onclick="sbedit_open_editor(this); return false;"', |
2681 'IMAGE' => cdnPath . '/images/delete.png' |
2657 'IMAGE' => cdnPath . '/images/edit.png' |
2682 )); |
2658 )); |
2683 echo $button->run(); |
2659 echo $button->run(); |
2684 |
2660 } |
2685 // rename |
2661 |
2686 $button->assign_vars(array( |
2662 // delete |
2687 'TITLE' => $lang->get('sbedit_tip_rename'), |
2663 $button->assign_vars(array( |
2688 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', |
2664 'TITLE' => $lang->get('sbedit_tip_delete'), |
2689 'IMAGE' => cdnPath . '/images/rename.png' |
2665 'FLAGS' => 'href="#" onclick="sbedit_delete_block(this); return false;"', |
2690 )); |
2666 'IMAGE' => cdnPath . '/images/delete.png' |
2691 echo $button->run(); |
2667 )); |
2692 |
2668 echo $button->run(); |
2693 // disenable |
2669 |
2694 $button->assign_vars(array( |
2670 // rename |
2695 'TITLE' => $lang->get('sbedit_tip_disenable'), |
2671 $button->assign_vars(array( |
2696 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', |
2672 'TITLE' => $lang->get('sbedit_tip_rename'), |
2697 'IMAGE' => cdnPath . '/images/disenable.png' |
2673 'FLAGS' => 'href="#" onclick="sbedit_rename_block(this); return false;"', |
2698 )); |
2674 'IMAGE' => cdnPath . '/images/rename.png' |
2699 echo $button->run(); |
2675 )); |
2700 |
2676 echo $button->run(); |
2701 $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); |
2677 |
2702 echo $parser_end->run(); |
2678 // disenable |
2703 ?> |
2679 $button->assign_vars(array( |
2704 </div> |
2680 'TITLE' => $lang->get('sbedit_tip_disenable'), |
2705 <?php |
2681 'FLAGS' => 'href="#" onclick="sbedit_disenable_block(this); return false;"', |
2706 echo '</div>'; |
2682 'IMAGE' => cdnPath . '/images/disenable.png' |
2707 } |
2683 )); |
2708 |
2684 echo $button->run(); |
2709 if ( !$switched_to_right ) |
2685 |
2710 echo '</td><td class="sbedit-column">'; |
2686 $parser_end = $template->makeParserText($toolbarvars['toolbar_vert_end']); |
2711 |
2687 echo $parser_end->run(); |
2712 echo '</td></tr></table>'; |
2688 ?> |
2713 } |
2689 </div> |
2714 |
2690 <?php |
2715 $template->footer(); |
2691 echo '</div>'; |
|
2692 } |
|
2693 |
|
2694 if ( !$switched_to_right ) |
|
2695 echo '</td><td class="sbedit-column">'; |
|
2696 |
|
2697 echo '</td></tr></table>'; |
2716 } |
2698 } |
2717 |
|
2718 ?> |
|