[ Index ]
 

Code source de WebCalendar 1.0.5
Accédez au Source d'autres logiciels libres

Classes | Fonctions | Variables | Constantes | Tables | Statistiques

title

Body

[fermer]

/ -> pref_handler.php (source)

[Sommaire] [Imprimer] 

   1  <?php
   2  include_once  'includes/init.php';
   3  
   4  $error = "";
   5  
   6  $updating_public = false;;
   7  if ( $is_admin && ! empty ( $public ) && $public_access == "Y" ) {
   8    $updating_public = true;
   9    $prefuser = "__public__";
  10  } elseif (($user != $login) && ($is_admin || $is_nonuser_admin)) {
  11    $prefuser = "$user";
  12  } else {
  13    $prefuser = "$login";
  14  }
  15  
  16  while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) {
  17    $setting = substr ( $key, 5 );
  18    $prefix = substr ( $key, 0, 5 );
  19    if ( $key == 'user' || $key == 'public'  )
  20      continue;
  21    // validate key name.  should start with "pref_" and not include
  22    // any unusual characters that might cause SQL injection
  23    if ( ! preg_match ( '/pref_[A-Za-z0-9_]+$/', $key ) ) {
  24      die_miserable_death ( 'Invalid admin setting name "' .
  25        $key . '"' );
  26    }
  27    //echo "Setting = $setting, key = $key, prefix = $prefix <br />\n";
  28    if ( strlen ( $setting ) > 0 && $prefix == "pref_" ) {
  29      $sql =
  30        "DELETE FROM webcal_user_pref WHERE cal_login = '$prefuser' " .
  31        "AND cal_setting = '$setting'";
  32      dbi_query ( $sql );
  33      if ( strlen ( $value ) > 0 ) {
  34        $sql = "INSERT INTO webcal_user_pref " .
  35          "( cal_login, cal_setting, cal_value ) VALUES " .
  36          "( '$prefuser', '$setting', '$value' )";
  37        if ( ! dbi_query ( $sql ) ) {
  38          $error = "Unable to update preference: " . dbi_error () .
  39      "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
  40          break;
  41        }
  42      }
  43    }
  44  }
  45  
  46  if ( empty ( $error ) ) {
  47    if ( $updating_public ) {
  48      do_redirect ( "pref.php?public=1" );
  49    } elseif (($is_admin || $is_nonuser_admin) && $login != $user ) {
  50      do_redirect ( "pref.php?user=$user" );
  51    } else {
  52      do_redirect ( "pref.php" );
  53    }
  54  }
  55  print_header();
  56  ?>
  57  
  58  <h2><?php etranslate("Error")?></h2>
  59  
  60  <?php etranslate("The following error occurred")?>:
  61  <blockquote>
  62  <?php echo $error; ?>
  63  </blockquote>
  64  
  65  <?php print_trailer(); ?>
  66  
  67  </body>
  68  </html>

Corps

Corps

Corps

Corps


Généré le : Fri Nov 30 19:09:19 2007 par Balluche grâce à PHPXref 0.7
  Clicky Web Analytics