equal
deleted
inserted
replaced
184 break; |
184 break; |
185 case 'acljson': |
185 case 'acljson': |
186 $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; |
186 $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false; |
187 echo PageUtils::acl_json($parms); |
187 echo PageUtils::acl_json($parms); |
188 break; |
188 break; |
|
189 case "change_theme": |
|
190 if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) ) |
|
191 { |
|
192 die('Invalid input'); |
|
193 } |
|
194 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) ) |
|
195 { |
|
196 die('Invalid input'); |
|
197 } |
|
198 if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') ) |
|
199 { |
|
200 die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css'); |
|
201 } |
|
202 if ( !$session->user_logged_in ) |
|
203 { |
|
204 die('You must be logged in to change your theme'); |
|
205 } |
|
206 // Just in case something slipped through... |
|
207 $theme_id = $db->escape($_POST['theme_id']); |
|
208 $style_id = $db->escape($_POST['style_id']); |
|
209 $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;"); |
|
210 if ( !$e ) |
|
211 die( $db->get_error() ); |
|
212 die('GOOD'); |
|
213 break; |
189 default: |
214 default: |
190 die('Hacking attempt'); |
215 die('Hacking attempt'); |
191 break; |
216 break; |
192 } |
217 } |
193 |
218 |