maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

migrate admin_message, admin_phpsettings and admin_templates to PDO, refs #1287

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-11-02 12:07:34 +01:00
parent 111804b665
commit 3ec08a8f48
3 changed files with 421 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
admin_message.php
View File

@@ -18,10 +18,6 @@
*/ */
define('AREA', 'admin'); define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require('./lib/init.php'); require('./lib/init.php');
if (isset($_POST['id'])) { if (isset($_POST['id'])) {
@@ -41,14 +37,18 @@ if ($page == 'message') {
&& $userinfo['customers_see_all'] == '1' && $userinfo['customers_see_all'] == '1'
) { ) {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to admins'); $log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
$result = $db->query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`"); $result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
} elseif ($_POST['receipient'] == 1) { } elseif ($_POST['receipient'] == 1) {
if ($userinfo['customers_see_all'] == '1') { if ($userinfo['customers_see_all'] == '1') {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers'); $log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
$result = $db->query('SELECT `firstname`, `name`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`"); $result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
} else { } else {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to customers'); $log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to customers');
$result = $db->query('SELECT `firstname`, `name`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "` WHERE `adminid`='" . $userinfo['adminid'] . "'"); $result = Database::prepare('
SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`
WHERE `adminid` = :adminid"
);
Database::pexecute($result, array('adminid' => $userinfo['adminid']));
} }
} else { } else {
standard_error('noreceipientsgiven'); standard_error('noreceipientsgiven');
@@ -62,8 +62,11 @@ if ($page == 'message') {
$mail->Body = $message; $mail->Body = $message;
$mail->Subject = $subject; $mail->Subject = $subject;
while ($row = $db->fetch_array($result)) { while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$mail->AddAddress($row['email'], (isset($row['firstname']) ? $row['firstname'] . ' ' : '') . $row['name']);
$row['firstname'] = isset($row['firstname']) ? $row['firstname'] : '';
$row['company'] = isset($row['company']) ? $row['company'] : '';
$mail->AddAddress($row['email'], getCorrectUserSalutation(array('firstname' => $row['firstname'], 'name' => $row['name'], 'company' => $row['company'])));
$mail->From = $userinfo['email']; $mail->From = $userinfo['email'];
$mail->FromName = (isset($userinfo['firstname']) ? $userinfo['firstname'] . ' ' : '') . $userinfo['name']; $mail->FromName = (isset($userinfo['firstname']) ? $userinfo['firstname'] . ' ' : '') . $userinfo['name'];
@@ -82,7 +85,7 @@ if ($page == 'message') {
$mail->ClearAddresses(); $mail->ClearAddresses();
} }
redirectTo($filename, Array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter)); redirectTo($filename, array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter));
} else { } else {
standard_error('nomessagetosend'); standard_error('nomessagetosend');
} }
@@ -90,6 +93,7 @@ if ($page == 'message') {
} }
if ($action == 'showsuccess') { if ($action == 'showsuccess') {
$success = 1; $success = 1;
$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0; $sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0;
@@ -98,13 +102,14 @@ if ($page == 'message') {
} else { } else {
$successmessage = str_replace('%s', $sentitems, $lng['message']['success']); $successmessage = str_replace('%s', $sentitems, $lng['message']['success']);
} }
} else { } else {
$success = 0; $success = 0;
$sentitems = 0; $sentitems = 0;
$successmessage = ''; $successmessage = '';
} }
$action = '';
$action = '';
$receipients = ''; $receipients = '';
if ($userinfo['customers_see_all'] == '1') { if ($userinfo['customers_see_all'] == '1') {

208
admin_phpsettings.php
View File

@@ -18,11 +18,6 @@
*/ */
define('AREA', 'admin'); define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require ("./lib/init.php"); require ("./lib/init.php");
if (isset($_POST['id'])) { if (isset($_POST['id'])) {
@@ -37,27 +32,27 @@ if ($page == 'overview') {
$tablecontent = ''; $tablecontent = '';
$count = 0; $count = 0;
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`"); $result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
while ($row = $db->fetch_array($result)) { while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$domainresult = false; $domainresult = false;
$query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."` $query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."`
WHERE `phpsettingid` = '".(int)$row['id']."' WHERE `phpsettingid` = :id
AND `parentdomainid` = '0'"; AND `parentdomainid` = '0'";
if ((int)$userinfo['domains_see_all'] == 0) { if ((int)$userinfo['domains_see_all'] == 0) {
$query .= " AND `adminid` = '".(int)$userinfo['userid']."'"; $query .= " AND `adminid` = :adminid";
} }
if ((int)$settings['panel']['phpconfigs_hidestdsubdomain'] == 1) { if ((int)$settings['panel']['phpconfigs_hidestdsubdomain'] == 1) {
$query2 = "SELECT DISTINCT `standardsubdomain` $ssdids_res = Database::query("
FROM `".TABLE_PANEL_CUSTOMERS."` SELECT DISTINCT `standardsubdomain` FROM `".TABLE_PANEL_CUSTOMERS."`
WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"; WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
$ssdids_res = $db->query($query2); );
$ssdids = array(); $ssdids = array();
while ($ssd = $db->fetch_array($ssdids_res)) { while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
$ssdids[] = $ssd['standardsubdomain']; $ssdids[] = $ssd['standardsubdomain'];
} }
if (count($ssdids) > 0) { if (count($ssdids) > 0) {
@@ -65,17 +60,17 @@ if ($page == 'overview') {
} }
} }
$domainresult = $db->query($query); $domainresult_stmt = Database::prepare($query);
Database::pexecute($domainresult_stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
$domains = ''; $domains = '';
if ($db->num_rows($domainresult) > 0) { if (Database::num_rows() > 0) {
while ($row2 = $db->fetch_array($domainresult)) { while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
$domains.= $row2['domain'] . '<br/>'; $domains.= $row2['domain'] . '<br/>';
} }
} else { } else {
$domains = $lng['admin']['phpsettings']['notused']; $domains = $lng['admin']['phpsettings']['notused'];
} }
$count ++; $count ++;
eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";"); eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
} }
@@ -84,13 +79,13 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview") . "\";"); eval("echo \"" . getTemplate("phpconfig/overview") . "\";");
} }
if($action == 'add') if ($action == 'add') {
{
if((int)$userinfo['change_serversettings'] == 1) if ((int)$userinfo['change_serversettings'] == 1) {
{
if(isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send') && $_POST['send'] == 'send'
{ ) {
$description = validate($_POST['description'], 'description'); $description = validate($_POST['description'], 'description');
$binary = makeCorrectFile(validate($_POST['binary'], 'binary')); $binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/'); $file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
@@ -98,20 +93,39 @@ if ($page == 'overview') {
$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', '')); $mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', '')); $mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
if(strlen($description) == 0 if (strlen($description) == 0
|| strlen($description) > 50) || strlen($description) > 50
{ ) {
standard_error('descriptioninvalid'); standard_error('descriptioninvalid');
} }
$db->query("INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "'"); $ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET
`description` = :desc,
`binary` = :binary,
`file_extensions` = :fext,
`mod_fcgid_starter` = :starter,
`mod_fcgid_maxrequests` = :mreq,
`phpsettings` = :phpsettings"
);
$ins_data = array(
'desc' => $description,
'binary' => $binary,
'fext' => $file_extensions,
'starter' => $mod_fcgid_starter,
'mreq' => $mod_fcgid_maxrequests,
'phpsettings' => $phpsettings
);
Database::pexecute($ins_stmt, $ins_data);
inserttask('1'); inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1"); $result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php'; $phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data); $phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
@@ -121,53 +135,70 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";"); eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
} }
}
else } else {
{
standard_error('nopermissionsorinvalidid'); standard_error('nopermissionsorinvalidid');
} }
} }
if($action == 'delete') if ($action == 'delete') {
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id); $result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
);
Database::pexecute($result_stmt, array('id' => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
&& $id != 1 // cannot delete the default php.config
) {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
// set php-config to default for all domains using the
// config that is to be deleted
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`phpsettingid` = 1 WHERE `phpsettingid` = :id"
);
Database::pexecute($upd_stmt, array('id' => $id));
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
);
Database::pexecute($del_stmt, array('id' => $id));
if($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
&& $id != 1)
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `phpsettingid` = 1 WHERE `phpsettingid` = " . (int)$id);
$db->query("DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
inserttask('1'); inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']); ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
} }
} } else {
else
{
standard_error('nopermissionsorinvalidid'); standard_error('nopermissionsorinvalidid');
} }
} }
if($action == 'edit') if ($action == 'edit') {
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
if($result['id'] != 0 $result_stmt = Database::prepare("
&& $result['id'] == $id SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
&& (int)$userinfo['change_serversettings'] == 1) );
{ Database::pexecute($result_stmt, array('id' => $id));
if(isset($_POST['send']) $result = $result_stmt->fetch(PDO::FETCH_ASSOC);
&& $_POST['send'] == 'send')
{ if ($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
) {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$description = validate($_POST['description'], 'description'); $description = validate($_POST['description'], 'description');
$binary = makeCorrectFile(validate($_POST['binary'], 'binary')); $binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/'); $file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
@@ -175,19 +206,39 @@ if ($page == 'overview') {
$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', '')); $mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', '')); $mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
if(strlen($description) == 0 if (strlen($description) == 0
|| strlen($description) > 50) || strlen($description) > 50
{ ) {
standard_error('descriptioninvalid'); standard_error('descriptioninvalid');
} }
$db->query("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "' WHERE `id` = " . (int)$id); $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
`description` = :desc,
`binary` = :binary,
`file_extensions` = :fext,
`mod_fcgid_starter` = :starter,
`mod_fcgid_maxrequests` = :mreq,
`phpsettings` = :phpsettings
WHERE `id` = :id"
);
$upd_data = array(
'desc' => $description,
'binary' => $binary,
'fext' => $file_extensions,
'starter' => $mod_fcgid_starter,
'mreq' => $mod_fcgid_maxrequests,
'phpsettings' => $phpsettings,
'id' => $id
);
Database::pexecute($upd_stmt, $upd_data);
inserttask('1'); inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
$phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php'; $phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data); $phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);
@@ -196,12 +247,9 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";"); eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
} }
}
else } else {
{
standard_error('nopermissionsorinvalidid'); standard_error('nopermissionsorinvalidid');
} }
} }
} }
?>

465
admin_templates.php
View File

@@ -18,30 +18,21 @@
*/ */
define('AREA', 'admin'); define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require ("./lib/init.php"); require ("./lib/init.php");
if(isset($_POST['subjectid'])) if (isset($_POST['subjectid'])) {
{
$subjectid = intval($_POST['subjectid']); $subjectid = intval($_POST['subjectid']);
$mailbodyid = intval($_POST['mailbodyid']); $mailbodyid = intval($_POST['mailbodyid']);
}
elseif(isset($_GET['subjectid'])) } elseif(isset($_GET['subjectid'])) {
{
$subjectid = intval($_GET['subjectid']); $subjectid = intval($_GET['subjectid']);
$mailbodyid = intval($_GET['mailbodyid']); $mailbodyid = intval($_GET['mailbodyid']);
} }
if(isset($_POST['id'])) if (isset($_POST['id'])) {
{
$id = intval($_POST['id']); $id = intval($_POST['id']);
}
elseif(isset($_GET['id'])) } elseif(isset($_GET['id'])) {
{
$id = intval($_GET['id']); $id = intval($_GET['id']);
} }
@@ -60,6 +51,7 @@ if ((int)$settings['system']['report_enable'] == 1) {
'diskmaxpercent' 'diskmaxpercent'
); );
} }
if ((int)$settings['ticket']['enabled'] == 1) { if ((int)$settings['ticket']['enabled'] == 1) {
array_push($available_templates, array_push($available_templates,
'new_ticket_by_customer', 'new_ticket_by_customer',
@@ -74,32 +66,31 @@ $file_templates = array(
'index_html' 'index_html'
); );
if($action == '') if ($action == '') {
{
//email templates //email templates
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_templates"); $log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_templates");
if($settings['panel']['sendalternativemail'] == 1) if ($settings['panel']['sendalternativemail'] == 1) {
{
$available_templates[] = 'pop_success_alternative'; $available_templates[] = 'pop_success_alternative';
} }
$templates_array = array(); $templates_array = array();
$result = $db->query("SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='mails' ORDER BY `language`, `varname`"); $result_stmt = Database::prepare("
SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='mails'
ORDER BY `language`, `varname`"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
while($row = $db->fetch_array($result)) while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{
$parts = array(); $parts = array();
preg_match('/^([a-z]([a-z_]+[a-z])*)_(mailbody|subject)$/', $row['varname'], $parts); preg_match('/^([a-z]([a-z_]+[a-z])*)_(mailbody|subject)$/', $row['varname'], $parts);
$templates_array[$row['language']][$parts[1]][$parts[3]] = $row['id']; $templates_array[$row['language']][$parts[1]][$parts[3]] = $row['id'];
} }
$templates = ''; $templates = '';
foreach($templates_array as $language => $template_defs) foreach ($templates_array as $language => $template_defs) {
{ foreach ($template_defs as $action => $email) {
foreach($template_defs as $action => $email)
{
$subjectid = $email['subject']; $subjectid = $email['subject'];
$mailbodyid = $email['mailbody']; $mailbodyid = $email['mailbody'];
$template = $lng['admin']['templates'][$action]; $template = $lng['admin']['templates'][$action];
@@ -108,115 +99,137 @@ if($action == '')
} }
$add = false; $add = false;
while (list($language_file, $language_name) = each($languages)) {
while(list($language_file, $language_name) = each($languages))
{
$templates_done = array(); $templates_done = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\''); $result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language`= :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));
while(($row = $db->fetch_array($result)) != false) while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{
$templates_done[] = str_replace('_subject', '', $row['varname']); $templates_done[] = str_replace('_subject', '', $row['varname']);
} }
if(count(array_diff($available_templates, $templates_done)) > 0) if (count(array_diff($available_templates, $templates_done)) > 0) {
{
$add = true; $add = true;
} }
} }
//filetemplates //filetemplates
$filetemplates = ''; $filetemplates = '';
$filetemplateadd = false; $filetemplateadd = false;
$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'"); $result_stmt = Database::prepare("
SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='files'"
);
Database::pexecute($result_stmt, array('adminid' => $adminid));
if($db->num_rows($result) != count($file_templates))$filetemplateadd = true; if (Database::num_rows() != count($file_templates)) {
$filetemplateadd = true;
while($row = $db->fetch_array($result))
{
eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
} }
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
}
eval("echo \"" . getTemplate("templates/templates") . "\";"); eval("echo \"" . getTemplate("templates/templates") . "\";");
}
elseif($action == 'delete' } elseif($action == 'delete'
&& $subjectid != 0 && $subjectid != 0
&& $mailbodyid != 0) && $mailbodyid != 0
{ ) {
//email templates //email templates
$result_stmt = Database::prepare("
SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $subjectid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = $db->query_first("SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'"); if ($result['varname'] != '') {
if (isset($_POST['send'])
if($result['varname'] != '') && $_POST['send'] == 'send'
{ ) {
if(isset($_POST['send']) $del_stmt = Database::prepare("
&& $_POST['send'] == 'send') DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
{ WHERE `adminid` = :adminid
$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND (`id`='" . (int)$subjectid . "' OR `id`='" . (int)$mailbodyid . "')"); AND (`id` = :ida OR `id` = :idb)"
);
Database::pexecute($del_stmt, array(
'adminid' => $userinfo['adminid'],
'ida' => $subjectid,
'idb' => $mailbodyid
));
$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
ask_yesno('admin_template_reallydelete', $filename, array('subjectid' => $subjectid, 'mailbodyid' => $mailbodyid, 'page' => $page, 'action' => $action), $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])]); ask_yesno('admin_template_reallydelete', $filename, array('subjectid' => $subjectid, 'mailbodyid' => $mailbodyid, 'page' => $page, 'action' => $action), $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])]);
} }
} }
}
elseif($action == 'deletef' } elseif($action == 'deletef'
&& $id != 0) && $id != 0
{ ) {
//file templates //file templates
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'"); if (Database::num_rows() > 0) {
if($db->num_rows($result) > 0) $row = $result_stmt->fetch(PDO::FETCH_ASSOC);
{
$row = $db->fetch_array($result);
if(isset($_POST['send']) if (isset($_POST['send'])
&& $_POST['send'] == 'send') && $_POST['send'] == 'send'
{ ) {
$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`=" . (int)$userinfo['adminid'] . " AND `id`=" . (int)$id . ""); $del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($del_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
ask_yesno('admin_template_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $lng['admin']['templates'][$row['varname']]); ask_yesno('admin_template_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $lng['admin']['templates'][$row['varname']]);
} }
}
else } else {
{
standard_error('templatenotfound'); standard_error('templatenotfound');
exit; exit;
} }
}
elseif($action == 'add') } elseif($action == 'add') {
{
if($settings['panel']['sendalternativemail'] == 1) if ($settings['panel']['sendalternativemail'] == 1) {
{
$available_templates[] = 'pop_success_alternative'; $available_templates[] = 'pop_success_alternative';
} }
if(isset($_POST['prepare']) if (isset($_POST['prepare'])
&& $_POST['prepare'] == 'prepare') && $_POST['prepare'] == 'prepare'
{ ) {
//email templates //email templates
$language = validate($_POST['language'], 'language'); $language = validate($_POST['language'], 'language');
$templates = array(); $templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\''); $result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid AND `language`= :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject\'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
while(($row = $db->fetch_array($result)) != false) while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{
$templates[] = str_replace('_subject', '', $row['varname']); $templates[] = str_replace('_subject', '', $row['varname']);
} }
$templates = array_diff($available_templates, $templates); $templates = array_diff($available_templates, $templates);
$template_options = ''; $template_options = '';
foreach($templates as $template) foreach ($templates as $template) {
{
$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true); $template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true);
} }
@@ -227,105 +240,143 @@ elseif($action == 'add')
$image = $template_add_data['template_add']['image']; $image = $template_add_data['template_add']['image'];
eval("echo \"" . getTemplate("templates/templates_add_2") . "\";"); eval("echo \"" . getTemplate("templates/templates_add_2") . "\";");
}
elseif(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
//email templates
} elseif(isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
//email templates
$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect'); $language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
$template = validate($_POST['template'], 'template'); $template = validate($_POST['template'], 'template');
$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate'); $subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate'); $mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$templates = array(); $templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\''); $result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
while(($row = $db->fetch_array($result)) != false) while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{
$templates[] = str_replace('_subject', '', $row['varname']); $templates[] = str_replace('_subject', '', $row['varname']);
} }
$templates = array_diff($available_templates, $templates); $templates = array_diff($available_templates, $templates);
if (array_search($template, $templates) === false) {
if(array_search($template, $templates) === false)
{
standard_error('templatenotfound'); standard_error('templatenotfound');
}
else
{
$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_subject','" . $db->escape($subject) . "')");
$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_mailbody','" . $db->escape($mailbody) . "')");
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
}
elseif(isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend')
{
//file templates
} else {
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
`adminid` = :adminid,
`language` = :lang,
`templategroup` = 'mails',
`varname` = :var,
`value` = :value"
);
// mail-subject
$ins_data = array(
'adminid' => $userinfo['adminid'],
'lang' => $language,
'var' => $template.'_subject',
'value' => $subject
);
Database::pexecute($ins_stmt, $ins_data);
// mail-body
$ins_data = array(
'adminid' => $userinfo['adminid'],
'lang' => $language,
'var' => $template.'_mailbody',
'value' => $mailbody
);
Database::pexecute($ins_stmt, $ins_data);
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
}
} elseif(isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend'
) {
//file templates
$template = validate($_POST['template'], 'template'); $template = validate($_POST['template'], 'template');
$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset'); $filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '', 'files', '" . $db->escape($template) . "','" . $db->escape($filecontent) . "')");
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
elseif(!isset($_GET['files']))
{
//email templates
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
`adminid` = :adminid,
`language` = '',
`templategroup` = 'files,
`varname` = :var,
`value` = :value"
);
$ins_data = array(
'adminid' => $userinfo['adminid'],
'var' => $template,
'value' => $filecontent
);
Database::pexecute($ins_stmt, $ins_data);
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
} elseif(!isset($_GET['files'])) {
//email templates
$add = false; $add = false;
$language_options = ''; $language_options = '';
while(list($language_file, $language_name) = each($languages)) while (list($language_file, $language_name) = each($languages)) {
{
$templates = array(); $templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\''); $result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));
while(($row = $db->fetch_array($result)) != false) while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
{
$templates[] = str_replace('_subject', '', $row['varname']); $templates[] = str_replace('_subject', '', $row['varname']);
} }
if(count(array_diff($available_templates, $templates)) > 0) if (count(array_diff($available_templates, $templates)) > 0) {
{
$add = true; $add = true;
$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true); $language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
} }
} }
if($add) if ($add) {
{
eval("echo \"" . getTemplate("templates/templates_add_1") . "\";"); eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
} } else {
else
{
standard_error('alltemplatesdefined'); standard_error('alltemplatesdefined');
exit; exit;
} }
}
else } else {
{
//filetemplates //filetemplates
$result_stmt = Database::prepare("
SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='files'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'"); if (Database::num_rows() == count($file_templates)) {
if($db->num_rows($result) == count($file_templates))
{
standard_error('alltemplatesdefined'); standard_error('alltemplatesdefined');
exit; exit;
}
else } else {
{
$templatesdefined = array(); $templatesdefined = array();
$free_templates = ''; $free_templates = '';
while($row = $db->fetch_array($result))$templatesdefined[] = $row['varname']; while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
foreach(array_diff($file_templates, $templatesdefined) as $template) $templatesdefined[] = $row['varname'];
{ }
foreach (array_diff($file_templates, $templatesdefined) as $template) {
$free_templates.= makeoption($lng['admin']['templates'][$template], $template, '', true); $free_templates.= makeoption($lng['admin']['templates'][$template], $template, '', true);
} }
@@ -338,33 +389,61 @@ elseif($action == 'add')
eval("echo \"" . getTemplate("templates/filetemplates_add") . "\";"); eval("echo \"" . getTemplate("templates/filetemplates_add") . "\";");
} }
} }
}
elseif($action == 'edit' } elseif($action == 'edit'
&& $subjectid != 0 && $subjectid != 0
&& $mailbodyid != 0) && $mailbodyid != 0
{ ) {
//email templates //email templates
$result_stmt = Database::prepare("
SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :subjectid"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'subjectid' => $subjectid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'"); if ($result['varname'] != '') {
if($result['varname'] != '') if (isset($_POST['send'])
{ && $_POST['send'] == 'send'
if(isset($_POST['send']) ) {
&& $_POST['send'] == 'send')
{
$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate'); $subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate'); $mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($subject) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($mailbody) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$mailbodyid . "'"); $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value
WHERE `adminid` = :adminid AND `id` = :id"
);
// subject
Database::pexecute($upd_stmt, array(
'value' => $subject,
'adminid' => $userinfo['adminid'],
'id' => $subjectid
));
// same query but mailbody
Database::pexecute($upd_stmt, array(
'value' => $mailbody,
'adminid' => $userinfo['adminid'],
'id' => $mailbodyid
));
$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
$result = htmlentities_array($result); $result = htmlentities_array($result);
$template = $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])]; $template = $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])];
$subject = $result['value']; $subject = $result['value'];
$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `id`='$mailbodyid'"); $result_stmt = Database::prepare("
SELECT `language`, `varname`, `value`
FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `id` = :id"
);
Database::pexecute($result_stmt, array('id' => $mailbodyid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = htmlentities_array($result); $result = htmlentities_array($result);
$mailbody = $result['value']; $mailbody = $result['value'];
@@ -377,30 +456,41 @@ elseif($action == 'edit'
eval("echo \"" . getTemplate("templates/templates_edit") . "\";"); eval("echo \"" . getTemplate("templates/templates_edit") . "\";");
} }
} }
}
elseif($action == 'editf' } elseif($action == 'editf'
&& $id != 0) && $id != 0
{ ) {
//file templates //file templates
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'"); if(Database::num_rows() > 0) {
if($db->num_rows($result) > 0) $row = $result_stmt->fetch(PDO::FETCH_ASSOC);
{
$row = $db->fetch_array($result);
//filetemplates //filetemplates
if (isset($_POST['filesend'])
if(isset($_POST['filesend']) && $_POST['filesend'] == 'filesend'
&& $_POST['filesend'] == 'filesend') ) {
{
$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset'); $filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($filecontent) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'"); $upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($upd_stmt, array(
'value' => $filecontent,
'adminid' => $userinfo['adminid'],
'id' => $id
));
$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'"); $log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s)); redirectTo($filename, array('page' => $page, 's' => $s));
}
else } else {
{
$row = htmlentities_array($row); $row = htmlentities_array($row);
$filetemplate_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.filetemplate_edit.php'; $filetemplate_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.filetemplate_edit.php';
@@ -411,9 +501,8 @@ elseif($action == 'editf'
eval("echo \"" . getTemplate("templates/filetemplates_edit") . "\";"); eval("echo \"" . getTemplate("templates/filetemplates_edit") . "\";");
} }
}
else } else {
{
standard_error('templatenotfound'); standard_error('templatenotfound');
exit; exit;
} }