GlobalStrings_Manager/modify_strings.php at master · instantflorian/GlobalStrings_Manager · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
<?php
/**
 * WBCE CMS AdminTool: global_strings
 *
 * This file defines the obligatory variables required for WBCE CMS
 *
 *
 * @platform    WBCE CMS
 * @package     global_strings
 * @author      Christian M. Stefan (Stefek)
 * @copyright   Christian M. Stefan
 * @license     http://www.gnu.org/licenses/gpl-2.0.html
 */

//no direct file access
if(count(get_included_files()) == 1) die(header("Location: ../index.php", TRUE, 301));


/**
 *	Check if field_id is set and sanitize accordingly
 */
$iFieldID = isset($_GET['field_id']) ? $_GET['field_id'] : NULL;
// in case $iFieldID is set by now but is not numeric, check the ID Key
if($iFieldID != NULL && is_numeric($iFieldID) == false ){
	if ( !($iFieldID = (int) $admin->checkIDKEY('field_id', 0, $_SERVER['REQUEST_METHOD']) )) {
		$admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']);
	}
}

/**
 *	set Action for the Switch
 */
$sAction = '';
if ($iFieldID != NULL && isset($_GET['func'])){
	if(in_array($_GET['func'], array('restore_field', 'delete_field'))){
	// ~~~~~~~~~~~~~~~~~~~~~~
		$sAction = $_GET['func'];
	}
}

// are we saving or updating any records?
if(isset($_POST) || isset($_GET['func'])){
$sNameMatch = '/^[a-zA-Z][a-zA-Z_\-0-9]{2,}$/i';
	$aMsg = array();
	switch(true){

		// ~~~~~~~| add_new_field (when a new string is added in the add string form)
		case (isset($_POST['add_new_field'])):
			if ($admin->checkFTAN()) {
				if(!isset($_POST['field_type']) || $_POST['field_type']== ''){
					$aMsg['error'] = "{TOOL_TEXT:FIELDTYPE_NOT_SELECTED}";
				}
				if(isset($_POST['field_name'])){
					if(!preg_match($sNameMatch, $_POST['field_name'])){
						$aMsg['error'] = "{TOOL_TEXT:NAME_WRONG_REGEX}";
					}else{
						$sFieldName = $_POST['field_name'];
							//preserve for form input in case type was not selected
					}
				}
				if(isset($_POST['field_type']) && isset($sFieldName)){
					if(!in_array($_POST['field_type'], $aStringTypes)){
						$aMsg['error'] = "{TOOL_TEXT:UNKNOWN_FIELDTYPE}";
					}
					if(empty($aMsg)){
						$aMsg = addNewStringEntity($sFieldName, $_POST['field_type']);
						$iID = $database->get_one("SELECT MAX(id) FROM `".STRINGS_FIELDS_TBL."`");
						$params = array(
                                                        'pos' => $pos, //same
                                                        'hilite' => $iID,
                                                        'msg' => $aMsg[key($aMsg)],
                                                        'msgtype' => key($aMsg)
                                                );
						header('Location:'.$toolUrl.'&'.http_build_query($params).'#fields_'.$iID);
					}
				}
			}
		break;

		// ~~~~~~~| save_field_changes (when string group input changes are saved)
		case (isset($_POST['save_field_changes'])):
			$aMsg = array();
			if ($admin->checkFTAN()) {
				$iID = $_POST['field_id'];
				$aTmp = $_POST['save']['content'];
				$sType = key($aTmp);
				$aContents = $_POST['save']['content'][$sType];
				$aContents['restricted'] = (array_key_exists('restricted', $_POST)) ? true : false;
				$aMsg = updateStringContents($aContents, $iID);
				$params = array(
					'pos' => $pos, //same
					'hilite' => $iID,
					'msg' => $aMsg[key($aMsg)],
					'msgtype' => key($aMsg)
				);
				header('Location:'.$toolUrl.'&'.http_build_query($params).'#fields_'.$iID);
			}
		break;

		// ~~~~~~~| change_order_by	(when we select a new order by condition)
		case (isset($_POST['change_order_by'])):
			$aMsg = array();
			if ($admin->checkFTAN()) {
				if(!preg_match($sNameMatch, $_POST['order_by'])){
					$aMsg['error'] = "{TOOL_TEXT:NAME_WRONG_REGEX}";
				}else{
					updateCfg('order_by', $_POST['order_by']);
					$aMsg['success'] = "{TOOL_TEXT:UPDATE_SUCCESS}";
				}
			}
		break;

		// ~~~~~~~| delete_field
		case ($sAction == 'delete_field'):
			$aMsg = removeStringEntity($iFieldID);
			$params = array(
				'pos' => $pos, //same
				'hilite' => $iFieldID,
				'msg' => $aMsg[key($aMsg)],
				'msgtype' => key($aMsg)
			);
			header('Location:'.$toolUrl.'&'.http_build_query($params).'#fields_'.$iFieldID);
		break;

		// ~~~~~~~| restore_field
		case ($sAction == 'restore_field'):
			$aMsg = restoreStringEntity($iFieldID);
			$params = array(
				'pos' => $pos, //same
				'hilite' => $iFieldID,
				'msg' => $aMsg[key($aMsg)],
				'msgtype' => key($aMsg)
			);
			header('Location:'.$toolUrl.'&'.http_build_query($params).'#fields_'.$iFieldID);
		break;

		default:
		break;
	}
}

include __DIR__.'/theme/modify_strings.tpl.php';
// ~~~~~~~~~~~~~~~~~~~~~~~~~~~  TEMPLATE ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|