Файл: style_edit.php
Строк: 188
<?php
define('IN_PHPBB', true);
$phpbb_root_path = './';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
if ( isset($HTTP_GET_VARS['style']) || isset($HTTP_POST_VARS['style']) )
{
$style = ( isset($HTTP_POST_VARS['style']) ) ? intval($HTTP_POST_VARS['style']) : intval($HTTP_GET_VARS['style']);
}
else
{
$style = '';
}
$delete = ( isset($HTTP_GET_VARS['delete']) ) ? TRUE : FALSE;
$cancel = ( isset($HTTP_POST_VARS['cancel']) ) ? TRUE : FALSE;
$confirm = ( isset($HTTP_POST_VARS['confirm']) ) ? TRUE : FALSE;
if ( !$userdata['session_logged_in'] )
{
redirect(append_sid("login.$phpEx?redirect=style_edit.$phpEx&s=$style_id", true));
}
if ( $cancel )
{
redirect(append_sid("styles.$phpEx?style=$style", TRUE));
}
if ($style != '')
{
$sql = "SELECT * FROM " . $table_prefix . "css_style
WHERE style_id = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Таблицы в базе поломаны!', '', __LINE__, __FILE__, $sql);
}
if ( !($style_info = $db->sql_fetchrow($result)) )
{
message_die(GENERAL_MESSAGE, 'Такого стиля не существует!');
}
if ( $userdata['user_id'] != $style_info['user_id'] && $userdata['user_level'] != ADMIN )
{
message_die(GENERAL_MESSAGE, 'Чужой стиль не возможно изменить/удалить!');
}
}
$error = FALSE;
$error_msg = '';
if ( isset($HTTP_POST_VARS['submit']))
{
$style_name = ( isset($HTTP_POST_VARS['style_name']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['style_name'])) : '';
$body_background = ( isset($HTTP_POST_VARS['body_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['body_background'])) : '';
$body_color = ( isset($HTTP_POST_VARS['body_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['body_color'])) : '';
$body_border = ( isset($HTTP_POST_VARS['body_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['body_border'])) : '';
$body_width = ( isset($HTTP_POST_VARS['body_width']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['body_width'])) : '';
$body_max = ( isset($HTTP_POST_VARS['body_max']) ) ? ( ($HTTP_POST_VARS['body_max']) ? TRUE : 0 ) : 1;
$a_link = ( isset($HTTP_POST_VARS['a_link']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['a_link'])) : '';
$a_hower = ( isset($HTTP_POST_VARS['a_hower']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['a_hower'])) : '';
$top_background = ( isset($HTTP_POST_VARS['top_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['top_background'])) : '';
$top_color = ( isset($HTTP_POST_VARS['top_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['top_color'])) : '';
$top_border = ( isset($HTTP_POST_VARS['top_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['top_border'])) : '';
$tab_background = ( isset($HTTP_POST_VARS['tab_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['tab_background'])) : '';
$tab_color = ( isset($HTTP_POST_VARS['tab_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['tab_color'])) : '';
$tab_border = ( isset($HTTP_POST_VARS['tab_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['tab_border'])) : '';
$row1_background = ( isset($HTTP_POST_VARS['row1_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row1_background'])) : '';
$row1_color = ( isset($HTTP_POST_VARS['row1_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row1_color'])) : '';
$row1_border = ( isset($HTTP_POST_VARS['row1_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row1_border'])) : '';
$row_hard_background = ( isset($HTTP_POST_VARS['row_hard_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_hard_background'])) : '';
$row_hard_color = ( isset($HTTP_POST_VARS['row_hard_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_hard_color'])) : '';
$row_hard_border = ( isset($HTTP_POST_VARS['row_hard_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_hard_border'])) : '';
$row_easy_background = ( isset($HTTP_POST_VARS['row_easy_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_easy_background'])) : '';
$row_easy_color = ( isset($HTTP_POST_VARS['row_easy_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_easy_color'])) : '';
$row_easy_border = ( isset($HTTP_POST_VARS['row_easy_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['row_easy_border'])) : '';
$buttom_background = ( isset($HTTP_POST_VARS['buttom_background']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['buttom_background'])) : '';
$buttom_color = ( isset($HTTP_POST_VARS['buttom_color']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['buttom_color'])) : '';
$buttom_border = ( isset($HTTP_POST_VARS['buttom_border']) ) ? trim(htmlspecialchars($HTTP_POST_VARS['buttom_border'])) : '';
if ( $style_name == '' )
{
$error = true;
$error_msg .= 'Введите название!';
}
if( $body_background == '' || $body_color == '' || $a_link == '' || $a_hower = '')
{
$error = true;
$error_msg .= 'Заполните поля: цвет фона, цвет текста и цвета ссылок!';
}
if ( $style != '' )
{
$user_id = $style_info['user_id'];
if($userdata['user_id'] == $style_info['user_id'] || $userdata['user_level'] == ADMIN)
{
if( !$error )
{
$sql = "UPDATE " . $table_prefix . "css_style SET
style_name = '" . str_replace("'", "''", $style_name) . "',
user_id = $user_id,
body_background = '" . str_replace("'", "''", $body_background) . "',
body_color = '" . str_replace("'", "''", $body_color) . "',
body_border = '" . str_replace("'", "''", $body_border) . "',
body_width = '" . str_replace("'", "''", $body_width) . "',
body_max = '" . $body_max . "',
a_link = '" . str_replace("'", "''", $a_link) . "',
a_hower = '" . str_replace("'", "''", $a_hower) . "',
top_background = '" . str_replace("'", "''", $top_background) . "',
top_color = '" . str_replace("'", "''", $top_color) . "',
top_border = '" . str_replace("'", "''", $top_border) . "',
tab_background = '" . str_replace("'", "''", $tab_background) . "',
tab_color = '" . str_replace("'", "''", $tab_color) . "',
tab_border = '" . str_replace("'", "''", $tab_border) . "',
row1_background = '" . str_replace("'", "''", $row1_background) . "',
row1_color = '" . str_replace("'", "''", $row1_color) . "',
row1_border = '" . str_replace("'", "''", $row1_border) . "',
row_hard_background = '" . str_replace("'", "''", $row_hard_background) . "',
row_hard_color = '" . str_replace("'", "''", $row_hard_color) . "',
row_hard_border = '" . str_replace("'", "''", $row_hard_border) . "',
row_easy_background = '" . str_replace("'", "''", $row_easy_background) . "',
row_easy_color = '" . str_replace("'", "''", $row_easy_color) . "',
row_easy_border = '" . str_replace("'", "''", $row_easy_border) . "',
buttom_background = '" . str_replace("'", "''", $buttom_background) . "',
buttom_color = '" . str_replace("'", "''", $buttom_color) . "',
buttom_border = '" . str_replace("'", "''", $buttom_border) . "'
WHERE style_id = $style";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Could not update users table', '', __LINE__, __FILE__, $sql);
}
$message = 'Информация стиля обновлена.<br /><br /><a href="' .append_sid("styles.$phpEx?style=$style") . '">К стилю</a>';
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("styles.$phpEx?style=$style") . '">')
);
message_die(GENERAL_MESSAGE, $message);
}
}
}
else if( $userdata['session_logged_in'] )
{
if( !$error )
{
$user_id = (int)$userdata['user_id'];
$sql = "INSERT INTO " . $table_prefix . "css_style (
style_name,
user_id,
body_background,
body_color,
body_border,
body_width,
body_max,
a_link,
a_hower,
top_background,
top_color,
top_border,
tab_background,
tab_color,
tab_border,
row1_background,
row1_color,
row1_border,
row_hard_background,
row_hard_color,
row_hard_border,
row_easy_background,
row_easy_color,
row_easy_border,
buttom_background,
buttom_color,
buttom_border)
VALUES (
'" . str_replace("'", "''", $style_name) . "',
'" . $user_id . "',
'" . str_replace("'", "''", $body_background) . "',
'" . str_replace("'", "''", $body_color) . "',
'" . str_replace("'", "''", $body_border) . "',
'" . str_replace("'", "''", $body_width) . "',
'" . $body_max . "',
'" . str_replace("'", "''", $a_link) . "',
'" . str_replace("'", "''", $a_hower) . "',
'" . str_replace("'", "''", $top_background) . "',
'" . str_replace("'", "''", $top_color) . "',
'" . str_replace("'", "''", $top_border) . "',
'" . str_replace("'", "''", $tab_background) . "',
'" . str_replace("'", "''", $tab_color) . "',
'" . str_replace("'", "''", $tab_border) . "',
'" . str_replace("'", "''", $row1_background) . "',
'" . str_replace("'", "''", $row1_color) . "',
'" . str_replace("'", "''", $row1_border) . "',
'" . str_replace("'", "''", $row_hard_background) . "',
'" . str_replace("'", "''", $row_hard_color) . "',
'" . str_replace("'", "''", $row_hard_border) . "',
'" . str_replace("'", "''", $row_easy_background) . "',
'" . str_replace("'", "''", $row_easy_color) . "',
'" . str_replace("'", "''", $row_easy_border) . "',
'" . str_replace("'", "''", $buttom_background) . "',
'" . str_replace("'", "''", $buttom_color) . "',
'" . str_replace("'", "''", $buttom_border) . "')";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not insert new group', '', __LINE__, __FILE__, $sql);
}
message_die(GENERAL_MESSAGE, 'Стиль успешно создан!<br/><a href="styles.php">К стилям</a>');
}
}
if($error)
{
$template->set_filenames(array(
'reg_header' => 'error_body.tpl')
);
$template->assign_vars(array(
'ERROR_MESSAGE' => $error_msg)
);
$template->assign_var_from_handle('ERROR_BOX', 'reg_header');
}
}
if ($delete)
{
if ( empty($HTTP_GET_VARS['style']) && empty($HTTP_POST_VARS['style']) )
{
message_die(GENERAL_MESSAGE, 'Нихера, пусто!');
}
if ( $userdata['user_id'] != $style_info['user_id'] && $userdata['user_level'] != ADMIN )
{
message_die(GENERAL_MESSAGE, 'Не свой стиль не возможно удалить!');
}
if ( !$confirm )
{
$s_hidden_fields = '<input type="hidden" name="delete" value="true" />';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'confirm_body' => 'confirm_body.tpl')
);
$template->assign_vars(array(
'MESSAGE_TITLE' => $lang['Information'],
'MESSAGE_TEXT' => 'Вы уверены что хотите удалить стиль?',
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'S_CONFIRM_ACTION' => append_sid("style_edit.$phpEx?style=$style&delete"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('confirm_body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
}
else
{
$sql = "DELETE FROM " . $table_prefix . "css_style WHERE style_id = $style";
if ( !$db->sql_query($sql) )
{
message_die(GENERAL_ERROR, 'Could not delete style text', '', __LINE__, __FILE__, $sql);
}
$template->assign_vars(array(
"META" => '<meta http-equiv="refresh" content="2;url=' . append_sid("index.$phpEx") . '">')
);
message_die(GENERAL_MESSAGE, 'Стиль успешно удалён!');
}
}
$page_title = 'Редактор стилей';
include($phpbb_root_path . 'includes/page_header.'.$phpEx);
$template->set_filenames(array(
'body' => 'style_edit.tpl')
);
$s_hidden_fields = '<input type="hidden" name="style" value="' . $style . '" />';
$template->assign_vars(array(
'L_SUBMIT' => $lang['Submit'],
'L_RESET' => $lang['Reset'],
'L_YES' => $lang['Yes'],
'L_NO' => $lang['No'],
'STYLE_NAME' => str_replace('"', '"', strip_tags($style_info['style_name'])),
'BODY_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['body_background'])),
'BODY_COLOR' => str_replace('"', '"', strip_tags($style_info['body_color'])),
'BODY_BORDER' => str_replace('"', '"', strip_tags($style_info['body_border'])),
'BODY_WIDTH' => str_replace('"', '"', strip_tags($style_info['body_width'])),
'BODY_MAX_NO' => ( !$userdata['body_max'] ) ? 'checked="checked"' : '',
'BODY_MAX_YES' => ( $userdata['body_max'] ) ? 'checked="checked"' : (($style == '') ? 'checked="checked"' : ''),
'A_LINK' => str_replace('"', '"', strip_tags($style_info['a_link'])),
'A_HOVER' => str_replace('"', '"', strip_tags($style_info['a_hower'])),
'TOP_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['top_background'])),
'TOP_COLOR' => str_replace('"', '"', strip_tags($style_info['top_color'])),
'TOP_BORDER' => str_replace('"', '"', strip_tags($style_info['top_border'])),
'TAB_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['tab_background'])),
'TAB_COLOR' => str_replace('"', '"', strip_tags($style_info['tab_color'])),
'TAB_BORDER' => str_replace('"', '"', strip_tags($style_info['tab_border'])),
'ROW1_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['row1_background'])),
'ROW1_COLOR' => str_replace('"', '"', strip_tags($style_info['row1_color'])),
'ROW1_BORDER' => str_replace('"', '"', strip_tags($style_info['row1_border'])),
'ROW_HARD_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['row_hard_background'])),
'ROW_HARD_COLOR' => str_replace('"', '"', strip_tags($style_info['row_hard_color'])),
'ROW_HARD_BORDER' => str_replace('"', '"', strip_tags($style_info['row_hard_border'])),
'ROW_EASY_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['row_easy_background'])),
'ROW_EASY_COLOR' => str_replace('"', '"', strip_tags($style_info['row_easy_color'])),
'ROW_EASY_BORDER' => str_replace('"', '"', strip_tags($style_info['row_easy_border'])),
'BUTTOM_BACKGROUND' => str_replace('"', '"', strip_tags($style_info['buttom_background'])),
'BUTTOM_COLOR' => str_replace('"', '"', strip_tags($style_info['buttom_color'])),
'BUTTOM_BORDER' => str_replace('"', '"', strip_tags($style_info['buttom_border'])),
'S_FORM_ENCTYPE' => $form_enctype,
'S_GROUP_ACTION' => ( $style == '' ) ? append_sid("style_edit.$phpEx") : append_sid("style_edit.$phpEx?style=$style"),
'S_HIDDEN_FIELDS' => $s_hidden_fields)
);
$template->pparse('body');
include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
?>