maketank/Froxlor
2
0
Fork 0
Code Pull Requests Releases Activity

migrate admin_message, admin_phpsettings and admin_templates to PDO, refs #1287

Browse Source 
Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
This commit is contained in:
Michael Kaufmann (d00p)
2013-11-02 12:07:34 +01:00
parent 111804b665
commit 3ec08a8f48
3 changed files with 421 additions and 279 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
admin_message.php
View File

@@ -18,10 +18,6 @@
*/
define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require('./lib/init.php');
if (isset($_POST['id'])) {
@@ -41,14 +37,18 @@ if ($page == 'message') {
&& $userinfo['customers_see_all'] == '1'
) {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to admins');
$result = $db->query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
$result = Database::query('SELECT `name`, `email` FROM `' . TABLE_PANEL_ADMINS . "`");
} elseif ($_POST['receipient'] == 1) {
if ($userinfo['customers_see_all'] == '1') {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to ALL customers');
$result = $db->query('SELECT `firstname`, `name`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
$result = Database::query('SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`");
} else {
$log->logAction(ADM_ACTION, LOG_NOTICE, 'sending messages to customers');
$result = $db->query('SELECT `firstname`, `name`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "` WHERE `adminid`='" . $userinfo['adminid'] . "'");
$result = Database::prepare('
SELECT `firstname`, `name`, `company`, `email` FROM `' . TABLE_PANEL_CUSTOMERS . "`
WHERE `adminid` = :adminid"
);
Database::pexecute($result, array('adminid' => $userinfo['adminid']));
}
} else {
standard_error('noreceipientsgiven');
@@ -62,8 +62,11 @@ if ($page == 'message') {
$mail->Body = $message;
$mail->Subject = $subject;
while ($row = $db->fetch_array($result)) {
$mail->AddAddress($row['email'], (isset($row['firstname']) ? $row['firstname'] . ' ' : '') . $row['name']);
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$row['firstname'] = isset($row['firstname']) ? $row['firstname'] : '';
$row['company'] = isset($row['company']) ? $row['company'] : '';
$mail->AddAddress($row['email'], getCorrectUserSalutation(array('firstname' => $row['firstname'], 'name' => $row['name'], 'company' => $row['company'])));
$mail->From = $userinfo['email'];
$mail->FromName = (isset($userinfo['firstname']) ? $userinfo['firstname'] . ' ' : '') . $userinfo['name'];
@@ -82,7 +85,7 @@ if ($page == 'message') {
$mail->ClearAddresses();
}
redirectTo($filename, Array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter));
redirectTo($filename, array('page' => $page, 's' => $s, 'action' => 'showsuccess', 'sentitems' => $mailcounter));
} else {
standard_error('nomessagetosend');
}
@@ -90,6 +93,7 @@ if ($page == 'message') {
}
if ($action == 'showsuccess') {
$success = 1;
$sentitems = isset($_GET['sentitems']) ? (int)$_GET['sentitems'] : 0;
@@ -98,13 +102,14 @@ if ($page == 'message') {
} else {
$successmessage = str_replace('%s', $sentitems, $lng['message']['success']);
}
} else {
$success = 0;
$sentitems = 0;
$successmessage = '';
}
$action = '';
$action = '';
$receipients = '';
if ($userinfo['customers_see_all'] == '1') {

208
admin_phpsettings.php
View File

@@ -18,11 +18,6 @@
*/
define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require ("./lib/init.php");
if (isset($_POST['id'])) {
@@ -37,27 +32,27 @@ if ($page == 'overview') {
$tablecontent = '';
$count = 0;
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
$result = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "`");
while ($row = $db->fetch_array($result)) {
while ($row = $result->fetch(PDO::FETCH_ASSOC)) {
$domainresult = false;
$query = "SELECT * FROM `".TABLE_PANEL_DOMAINS."`
WHERE `phpsettingid` = '".(int)$row['id']."'
WHERE `phpsettingid` = :id
AND `parentdomainid` = '0'";
if ((int)$userinfo['domains_see_all'] == 0) {
$query .= " AND `adminid` = '".(int)$userinfo['userid']."'";
$query .= " AND `adminid` = :adminid";
}
if ((int)$settings['panel']['phpconfigs_hidestdsubdomain'] == 1) {
$query2 = "SELECT DISTINCT `standardsubdomain`
FROM `".TABLE_PANEL_CUSTOMERS."`
WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;";
$ssdids_res = $db->query($query2);
$ssdids_res = Database::query("
SELECT DISTINCT `standardsubdomain` FROM `".TABLE_PANEL_CUSTOMERS."`
WHERE `standardsubdomain` > 0 ORDER BY `standardsubdomain` ASC;"
);
$ssdids = array();
while ($ssd = $db->fetch_array($ssdids_res)) {
while ($ssd = $ssdids_res->fetch(PDO::FETCH_ASSOC)) {
$ssdids[] = $ssd['standardsubdomain'];
}
if (count($ssdids) > 0) {
@@ -65,17 +60,17 @@ if ($page == 'overview') {
}
}
$domainresult = $db->query($query);
$domainresult_stmt = Database::prepare($query);
Database::pexecute($domainresult_stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
$domains = '';
if ($db->num_rows($domainresult) > 0) {
while ($row2 = $db->fetch_array($domainresult)) {
if (Database::num_rows() > 0) {
while ($row2 = $domainresult_stmt->fetch(PDO::FETCH_ASSOC)) {
$domains.= $row2['domain'] . '<br/>';
}
} else {
$domains = $lng['admin']['phpsettings']['notused'];
}
$count ++;
eval("\$tablecontent.=\"" . getTemplate("phpconfig/overview_overview") . "\";");
}
@@ -84,13 +79,13 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview") . "\";");
}
if($action == 'add')
{
if((int)$userinfo['change_serversettings'] == 1)
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
if ($action == 'add') {
if ((int)$userinfo['change_serversettings'] == 1) {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$description = validate($_POST['description'], 'description');
$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
@@ -98,20 +93,39 @@ if ($page == 'overview') {
$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
if(strlen($description) == 0
|| strlen($description) > 50)
{
if (strlen($description) == 0
|| strlen($description) > 50
) {
standard_error('descriptioninvalid');
}
$db->query("INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "'");
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_PHPCONFIGS . "` SET
`description` = :desc,
`binary` = :binary,
`file_extensions` = :fext,
`mod_fcgid_starter` = :starter,
`mod_fcgid_maxrequests` = :mreq,
`phpsettings` = :phpsettings"
);
$ins_data = array(
'desc' => $description,
'binary' => $binary,
'fext' => $file_extensions,
'starter' => $mod_fcgid_starter,
'mreq' => $mod_fcgid_maxrequests,
'phpsettings' => $phpsettings
);
Database::pexecute($ins_stmt, $ins_data);
inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been created by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$result_stmt = Database::query("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = 1");
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$phpconfig_add_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_add.php';
$phpconfig_add_form = htmlform::genHTMLForm($phpconfig_add_data);
@@ -121,53 +135,70 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview_add") . "\";");
}
}
else
{
} else {
standard_error('nopermissionsorinvalidid');
}
}
if($action == 'delete')
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
if ($action == 'delete') {
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
);
Database::pexecute($result_stmt, array('id' => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
&& $id != 1 // cannot delete the default php.config
) {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
// set php-config to default for all domains using the
// config that is to be deleted
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_DOMAINS . "` SET
`phpsettingid` = 1 WHERE `phpsettingid` = :id"
);
Database::pexecute($upd_stmt, array('id' => $id));
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
);
Database::pexecute($del_stmt, array('id' => $id));
if($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
&& $id != 1)
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$db->query("UPDATE `" . TABLE_PANEL_DOMAINS . "` SET `phpsettingid` = 1 WHERE `phpsettingid` = " . (int)$id);
$db->query("DELETE FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with id #" . (int)$id . " has been deleted by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
ask_yesno('phpsetting_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['description']);
}
}
else
{
} else {
standard_error('nopermissionsorinvalidid');
}
}
if($action == 'edit')
{
$result = $db->query_first("SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = " . (int)$id);
if ($action == 'edit') {
if($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1)
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_PHPCONFIGS . "` WHERE `id` = :id"
);
Database::pexecute($result_stmt, array('id' => $id));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
if ($result['id'] != 0
&& $result['id'] == $id
&& (int)$userinfo['change_serversettings'] == 1
) {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$description = validate($_POST['description'], 'description');
$binary = makeCorrectFile(validate($_POST['binary'], 'binary'));
$file_extensions = validate($_POST['file_extensions'], 'file_extensions', '/^[a-zA-Z0-9\s]*$/');
@@ -175,19 +206,39 @@ if ($page == 'overview') {
$mod_fcgid_starter = validate($_POST['mod_fcgid_starter'], 'mod_fcgid_starter', '/^[0-9]*$/', '', array('-1', ''));
$mod_fcgid_maxrequests = validate($_POST['mod_fcgid_maxrequests'], 'mod_fcgid_maxrequests', '/^[0-9]*$/', '', array('-1', ''));
if(strlen($description) == 0
|| strlen($description) > 50)
{
if (strlen($description) == 0
|| strlen($description) > 50
) {
standard_error('descriptioninvalid');
}
$db->query("UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET `description` = '" . $db->escape($description) . "', `binary` = '" . $db->escape($binary) . "', `file_extensions` = '" . $db->escape($file_extensions) . "', `mod_fcgid_starter` = '" . $db->escape($mod_fcgid_starter) . "', `mod_fcgid_maxrequests` = '" . $db->escape($mod_fcgid_maxrequests) . "', `phpsettings` = '" . $db->escape($phpsettings) . "' WHERE `id` = " . (int)$id);
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_PHPCONFIGS . "` SET
`description` = :desc,
`binary` = :binary,
`file_extensions` = :fext,
`mod_fcgid_starter` = :starter,
`mod_fcgid_maxrequests` = :mreq,
`phpsettings` = :phpsettings
WHERE `id` = :id"
);
$upd_data = array(
'desc' => $description,
'binary' => $binary,
'fext' => $file_extensions,
'starter' => $mod_fcgid_starter,
'mreq' => $mod_fcgid_maxrequests,
'phpsettings' => $phpsettings,
'id' => $id
);
Database::pexecute($upd_stmt, $upd_data);
inserttask('1');
$log->logAction(ADM_ACTION, LOG_INFO, "php.ini setting with description '" . $description . "' has been changed by '" . $userinfo['loginname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$phpconfig_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/phpconfig/formfield.phpconfig_edit.php';
$phpconfig_edit_form = htmlform::genHTMLForm($phpconfig_edit_data);
@@ -196,12 +247,9 @@ if ($page == 'overview') {
eval("echo \"" . getTemplate("phpconfig/overview_edit") . "\";");
}
}
else
{
} else {
standard_error('nopermissionsorinvalidid');
}
}
}
?>

465
admin_templates.php
View File

@@ -18,30 +18,21 @@
*/
define('AREA', 'admin');
/**
* Include our init.php, which manages Sessions, Language etc.
*/
require ("./lib/init.php");
if(isset($_POST['subjectid']))
{
if (isset($_POST['subjectid'])) {
$subjectid = intval($_POST['subjectid']);
$mailbodyid = intval($_POST['mailbodyid']);
}
elseif(isset($_GET['subjectid']))
{
} elseif(isset($_GET['subjectid'])) {
$subjectid = intval($_GET['subjectid']);
$mailbodyid = intval($_GET['mailbodyid']);
}
if(isset($_POST['id']))
{
if (isset($_POST['id'])) {
$id = intval($_POST['id']);
}
elseif(isset($_GET['id']))
{
} elseif(isset($_GET['id'])) {
$id = intval($_GET['id']);
}
@@ -60,6 +51,7 @@ if ((int)$settings['system']['report_enable'] == 1) {
'diskmaxpercent'
);
}
if ((int)$settings['ticket']['enabled'] == 1) {
array_push($available_templates,
'new_ticket_by_customer',
@@ -74,32 +66,31 @@ $file_templates = array(
'index_html'
);
if($action == '')
{
if ($action == '') {
//email templates
$log->logAction(ADM_ACTION, LOG_NOTICE, "viewed admin_templates");
if($settings['panel']['sendalternativemail'] == 1)
{
if ($settings['panel']['sendalternativemail'] == 1) {
$available_templates[] = 'pop_success_alternative';
}
$templates_array = array();
$result = $db->query("SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='mails' ORDER BY `language`, `varname`");
$result_stmt = Database::prepare("
SELECT `id`, `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='mails'
ORDER BY `language`, `varname`"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
while($row = $db->fetch_array($result))
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$parts = array();
preg_match('/^([a-z]([a-z_]+[a-z])*)_(mailbody|subject)$/', $row['varname'], $parts);
$templates_array[$row['language']][$parts[1]][$parts[3]] = $row['id'];
}
$templates = '';
foreach($templates_array as $language => $template_defs)
{
foreach($template_defs as $action => $email)
{
foreach ($templates_array as $language => $template_defs) {
foreach ($template_defs as $action => $email) {
$subjectid = $email['subject'];
$mailbodyid = $email['mailbody'];
$template = $lng['admin']['templates'][$action];
@@ -108,115 +99,137 @@ if($action == '')
}
$add = false;
while (list($language_file, $language_name) = each($languages)) {
while(list($language_file, $language_name) = each($languages))
{
$templates_done = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language`= :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));
while(($row = $db->fetch_array($result)) != false)
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$templates_done[] = str_replace('_subject', '', $row['varname']);
}
if(count(array_diff($available_templates, $templates_done)) > 0)
{
if (count(array_diff($available_templates, $templates_done)) > 0) {
$add = true;
}
}
//filetemplates
$filetemplates = '';
$filetemplateadd = false;
$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'");
$result_stmt = Database::prepare("
SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='files'"
);
Database::pexecute($result_stmt, array('adminid' => $adminid));
if($db->num_rows($result) != count($file_templates))$filetemplateadd = true;
while($row = $db->fetch_array($result))
{
eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
if (Database::num_rows() != count($file_templates)) {
$filetemplateadd = true;
}
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
eval("\$filetemplates.=\"" . getTemplate("templates/templates_filetemplate") . "\";");
}
eval("echo \"" . getTemplate("templates/templates") . "\";");
}
elseif($action == 'delete'
&& $subjectid != 0
&& $mailbodyid != 0)
{
} elseif($action == 'delete'
&& $subjectid != 0
&& $mailbodyid != 0
) {
//email templates
$result_stmt = Database::prepare("
SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $subjectid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = $db->query_first("SELECT `language`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
if($result['varname'] != '')
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND (`id`='" . (int)$subjectid . "' OR `id`='" . (int)$mailbodyid . "')");
if ($result['varname'] != '') {
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid
AND (`id` = :ida OR `id` = :idb)"
);
Database::pexecute($del_stmt, array(
'adminid' => $userinfo['adminid'],
'ida' => $subjectid,
'idb' => $mailbodyid
));
$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
ask_yesno('admin_template_reallydelete', $filename, array('subjectid' => $subjectid, 'mailbodyid' => $mailbodyid, 'page' => $page, 'action' => $action), $result['language'] . ' - ' . $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])]);
}
}
}
elseif($action == 'deletef'
&& $id != 0)
{
} elseif($action == 'deletef'
&& $id != 0
) {
//file templates
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
if (Database::num_rows() > 0) {
if($db->num_rows($result) > 0)
{
$row = $db->fetch_array($result);
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
$db->query("DELETE FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`=" . (int)$userinfo['adminid'] . " AND `id`=" . (int)$id . "");
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$del_stmt = Database::prepare("
DELETE FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($del_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$log->logAction(ADM_ACTION, LOG_INFO, "deleted template '" . $lng['admin']['templates'][$row['varname']] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
ask_yesno('admin_template_reallydelete', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $lng['admin']['templates'][$row['varname']]);
}
}
else
{
} else {
standard_error('templatenotfound');
exit;
}
}
elseif($action == 'add')
{
if($settings['panel']['sendalternativemail'] == 1)
{
} elseif($action == 'add') {
if ($settings['panel']['sendalternativemail'] == 1) {
$available_templates[] = 'pop_success_alternative';
}
if(isset($_POST['prepare'])
&& $_POST['prepare'] == 'prepare')
{
if (isset($_POST['prepare'])
&& $_POST['prepare'] == 'prepare'
) {
//email templates
$language = validate($_POST['language'], 'language');
$templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid`= :adminid AND `language`= :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject\'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
while(($row = $db->fetch_array($result)) != false)
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$templates[] = str_replace('_subject', '', $row['varname']);
}
$templates = array_diff($available_templates, $templates);
$template_options = '';
foreach($templates as $template)
{
foreach ($templates as $template) {
$template_options.= makeoption($lng['admin']['templates'][$template], $template, NULL, true);
}
@@ -227,105 +240,143 @@ elseif($action == 'add')
$image = $template_add_data['template_add']['image'];
eval("echo \"" . getTemplate("templates/templates_add_2") . "\";");
}
elseif(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
//email templates
} elseif(isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
//email templates
$language = validate($_POST['language'], 'language', '/^[^\r\n\0"\']+$/', 'nolanguageselect');
$template = validate($_POST['template'], 'template');
$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language));
while(($row = $db->fetch_array($result)) != false)
{
while($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$templates[] = str_replace('_subject', '', $row['varname']);
}
$templates = array_diff($available_templates, $templates);
if(array_search($template, $templates) === false)
{
if (array_search($template, $templates) === false) {
standard_error('templatenotfound');
}
else
{
$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_subject','" . $db->escape($subject) . "')");
$result = $db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '" . $db->escape($language) . "', 'mails', '" . $db->escape($template) . "_mailbody','" . $db->escape($mailbody) . "')");
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
}
elseif(isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend')
{
//file templates
} else {
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
`adminid` = :adminid,
`language` = :lang,
`templategroup` = 'mails',
`varname` = :var,
`value` = :value"
);
// mail-subject
$ins_data = array(
'adminid' => $userinfo['adminid'],
'lang' => $language,
'var' => $template.'_subject',
'value' => $subject
);
Database::pexecute($ins_stmt, $ins_data);
// mail-body
$ins_data = array(
'adminid' => $userinfo['adminid'],
'lang' => $language,
'var' => $template.'_mailbody',
'value' => $mailbody
);
Database::pexecute($ins_stmt, $ins_data);
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $language . ' - ' . $template . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
}
} elseif(isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend'
) {
//file templates
$template = validate($_POST['template'], 'template');
$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$db->query("INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` (`adminid`, `language`, `templategroup`, `varname`, `value`)
VALUES ('" . (int)$userinfo['adminid'] . "', '', 'files', '" . $db->escape($template) . "','" . $db->escape($filecontent) . "')");
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
elseif(!isset($_GET['files']))
{
//email templates
$ins_stmt = Database::prepare("
INSERT INTO `" . TABLE_PANEL_TEMPLATES . "` SET
`adminid` = :adminid,
`language` = '',
`templategroup` = 'files,
`varname` = :var,
`value` = :value"
);
$ins_data = array(
'adminid' => $userinfo['adminid'],
'var' => $template,
'value' => $filecontent
);
Database::pexecute($ins_stmt, $ins_data);
$log->logAction(ADM_ACTION, LOG_INFO, "added template '" . $template . "'");
redirectTo($filename, array('page' => $page, 's' => $s));
} elseif(!isset($_GET['files'])) {
//email templates
$add = false;
$language_options = '';
while(list($language_file, $language_name) = each($languages))
{
while (list($language_file, $language_name) = each($languages)) {
$templates = array();
$result = $db->query('SELECT `varname` FROM `' . TABLE_PANEL_TEMPLATES . '` WHERE `adminid`=\'' . (int)$userinfo['adminid'] . '\' AND `language`=\'' . $db->escape($language_name) . '\' AND `templategroup`=\'mails\' AND `varname` LIKE \'%_subject\'');
$result_stmt = Database::prepare("
SELECT `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `language` = :lang
AND `templategroup` = 'mails' AND `varname` LIKE '%_subject'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'lang' => $language_name));
while(($row = $db->fetch_array($result)) != false)
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$templates[] = str_replace('_subject', '', $row['varname']);
}
if(count(array_diff($available_templates, $templates)) > 0)
{
if (count(array_diff($available_templates, $templates)) > 0) {
$add = true;
$language_options.= makeoption($language_name, $language_file, $userinfo['language'], true);
}
}
if($add)
{
if ($add) {
eval("echo \"" . getTemplate("templates/templates_add_1") . "\";");
}
else
{
} else {
standard_error('alltemplatesdefined');
exit;
}
}
else
{
} else {
//filetemplates
$result_stmt = Database::prepare("
SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `templategroup`='files'"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid']));
$result = $db->query("SELECT `id`, `varname` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `templategroup`='files'");
if($db->num_rows($result) == count($file_templates))
{
if (Database::num_rows() == count($file_templates)) {
standard_error('alltemplatesdefined');
exit;
}
else
{
} else {
$templatesdefined = array();
$free_templates = '';
while($row = $db->fetch_array($result))$templatesdefined[] = $row['varname'];
foreach(array_diff($file_templates, $templatesdefined) as $template)
{
while ($row = $result_stmt->fetch(PDO::FETCH_ASSOC)) {
$templatesdefined[] = $row['varname'];
}
foreach (array_diff($file_templates, $templatesdefined) as $template) {
$free_templates.= makeoption($lng['admin']['templates'][$template], $template, '', true);
}
@@ -338,33 +389,61 @@ elseif($action == 'add')
eval("echo \"" . getTemplate("templates/filetemplates_add") . "\";");
}
}
}
elseif($action == 'edit'
&& $subjectid != 0
&& $mailbodyid != 0)
{
} elseif($action == 'edit'
&& $subjectid != 0
&& $mailbodyid != 0
) {
//email templates
$result_stmt = Database::prepare("
SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :subjectid"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'subjectid' => $subjectid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
if ($result['varname'] != '') {
if($result['varname'] != '')
{
if(isset($_POST['send'])
&& $_POST['send'] == 'send')
{
if (isset($_POST['send'])
&& $_POST['send'] == 'send'
) {
$subject = validate($_POST['subject'], 'subject', '/^[^\r\n\0]+$/', 'nosubjectcreate');
$mailbody = validate($_POST['mailbody'], 'mailbody', '/^[^\0]+$/', 'nomailbodycreate');
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($subject) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$subjectid . "'");
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($mailbody) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$mailbodyid . "'");
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value
WHERE `adminid` = :adminid AND `id` = :id"
);
// subject
Database::pexecute($upd_stmt, array(
'value' => $subject,
'adminid' => $userinfo['adminid'],
'id' => $subjectid
));
// same query but mailbody
Database::pexecute($upd_stmt, array(
'value' => $mailbody,
'adminid' => $userinfo['adminid'],
'id' => $mailbodyid
));
$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $result['varname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$result = htmlentities_array($result);
$template = $lng['admin']['templates'][str_replace('_subject', '', $result['varname'])];
$subject = $result['value'];
$result = $db->query_first("SELECT `language`, `varname`, `value` FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `id`='$mailbodyid'");
$result_stmt = Database::prepare("
SELECT `language`, `varname`, `value`
FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `id` = :id"
);
Database::pexecute($result_stmt, array('id' => $mailbodyid));
$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
$result = htmlentities_array($result);
$mailbody = $result['value'];
@@ -377,30 +456,41 @@ elseif($action == 'edit'
eval("echo \"" . getTemplate("templates/templates_edit") . "\";");
}
}
}
elseif($action == 'editf'
&& $id != 0)
{
} elseif($action == 'editf'
&& $id != 0
) {
//file templates
$result_stmt = Database::prepare("
SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "`
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($result_stmt, array('adminid' => $userinfo['adminid'], 'id' => $id));
$result = $db->query("SELECT * FROM `" . TABLE_PANEL_TEMPLATES . "` WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
if(Database::num_rows() > 0) {
if($db->num_rows($result) > 0)
{
$row = $db->fetch_array($result);
$row = $result_stmt->fetch(PDO::FETCH_ASSOC);
//filetemplates
if(isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend')
{
if (isset($_POST['filesend'])
&& $_POST['filesend'] == 'filesend'
) {
$filecontent = validate($_POST['filecontent'], 'filecontent', '/^[^\0]+$/', 'filecontentnotset');
$db->query("UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET `value`='" . $db->escape($filecontent) . "' WHERE `adminid`='" . (int)$userinfo['adminid'] . "' AND `id`='" . (int)$id . "'");
$upd_stmt = Database::prepare("
UPDATE `" . TABLE_PANEL_TEMPLATES . "` SET
`value` = :value
WHERE `adminid` = :adminid AND `id` = :id"
);
Database::pexecute($upd_stmt, array(
'value' => $filecontent,
'adminid' => $userinfo['adminid'],
'id' => $id
));
$log->logAction(ADM_ACTION, LOG_INFO, "edited template '" . $row['varname'] . "'");
redirectTo($filename, Array('page' => $page, 's' => $s));
}
else
{
redirectTo($filename, array('page' => $page, 's' => $s));
} else {
$row = htmlentities_array($row);
$filetemplate_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/templates/formfield.filetemplate_edit.php';
@@ -411,9 +501,8 @@ elseif($action == 'editf'
eval("echo \"" . getTemplate("templates/filetemplates_edit") . "\";");
}
}
else
{
} else {
standard_error('templatenotfound');
exit;
}