Viewing file: admin_handler.php (1.61 KB) -rw-rw-rw- Select action/file-type: (+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php /* $Id: admin_handler.php,v 1.7.4.3 2005/11/29 15:28:25 cknudsen Exp $ */ include_once 'includes/init.php';
$error = "";
if ( ! $is_admin ) { $error = translate("You are not authorized"); }
if ( $error == "" ) { while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) { $setting = substr ( $key, 6 ); // validate key name. should start with "admin_" and not include // any unusual characters that might cause SQL injection if ( ! preg_match ( '/admin_[A-Za-z0-9_]+$/', $key ) ) { die_miserable_death ( 'Invalid admin setting name "' . $key . '"' ); } if ( strlen ( $setting ) > 0 ) { $sql = "DELETE FROM webcal_config WHERE cal_setting = '$setting'"; if ( ! dbi_query ( $sql ) ) { $error = translate("Error") . ": " . dbi_error () . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql"; break; } if ( strlen ( $value ) > 0 ) { $sql = "INSERT INTO webcal_config " . "( cal_setting, cal_value ) VALUES " . "( '$setting', '$value' )"; if ( ! dbi_query ( $sql ) ) { $error = translate("Error") . ": " . dbi_error () . "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql"; break; } } } } }
if ( empty ( $error ) ) { if ( empty ( $ovrd ) ) do_redirect ( "admin.php" ); else do_redirect ( "admin.php?ovrd=$ovrd" ); }
print_header(); ?>
<h2><?php etranslate("Error")?></h2>
<?php etranslate("The following error occurred")?>: <blockquote> <?php echo $error; ?> </blockquote>
<?php print_trailer(); ?>
</body> </html>
|