Viewing file:  admin_handler.php (1.61 KB) -rw-rw-rw-
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
/* $Id: admin_handler.php,v 1.7.4.3 2005/11/29 15:28:25 cknudsen Exp $ */
include_once 'includes/init.php';
$error = "";
if ( ! $is_admin ) {
$error = translate("You are not authorized");
}
if ( $error == "" ) {
while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) {
$setting = substr ( $key, 6 );
// validate key name. should start with "admin_" and not include
// any unusual characters that might cause SQL injection
if ( ! preg_match ( '/admin_[A-Za-z0-9_]+$/', $key ) ) {
die_miserable_death ( 'Invalid admin setting name "' .
$key . '"' );
}
if ( strlen ( $setting ) > 0 ) {
$sql = "DELETE FROM webcal_config WHERE cal_setting = '$setting'";
if ( ! dbi_query ( $sql ) ) {
$error = translate("Error") . ": " . dbi_error () .
"<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
break;
}
if ( strlen ( $value ) > 0 ) {
$sql = "INSERT INTO webcal_config " .
"( cal_setting, cal_value ) VALUES " .
"( '$setting', '$value' )";
if ( ! dbi_query ( $sql ) ) {
$error = translate("Error") . ": " . dbi_error () .
"<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
break;
}
}
}
}
}
if ( empty ( $error ) ) {
if ( empty ( $ovrd ) )
do_redirect ( "admin.php" );
else
do_redirect ( "admin.php?ovrd=$ovrd" );
}
print_header();
?>
<h2><?php etranslate("Error")?></h2>
<?php etranslate("The following error occurred")?>:
<blockquote>
<?php echo $error; ?>
</blockquote>
<?php print_trailer(); ?>
</body>
</html>
|