deeemm-cms /admin/includes/save_link.php

Language PHP Lines 136
MD5 Hash 81345cd1794a5671083837a448c89242 Estimated Cost $2,231 (why?)
Repository https://bitbucket.org/mpercy/deeemm-cms View Raw File View Project SPDX
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
<?php

defined( '_INDM' ) or die( 'POSSIBLE HACK ATTEMPT!' );

/*===========================================================================
Check user priviledges
===========================================================================*/
require VALIDATE;

if ($user != 'ADMIN') header("Location: " . $default_url . "index.php");



//get data entered in form and propogate variables
$parent = mysql_escape_string(stripslashes($_REQUEST['parent']));
//$child = mysql_escape_string(stripslashes($_REQUEST['child']));
$link_url = $_REQUEST['link_url'];
$title_lan_1 = mysql_escape_string(stripslashes($_REQUEST['title_lan_1']));
$title_lan_2 = mysql_escape_string(stripslashes($_REQUEST['title_lan_2']));
$title_lan_3 = mysql_escape_string(stripslashes($_REQUEST['title_lan_3']));
$title_lan_4 = mysql_escape_string(stripslashes($_REQUEST['title_lan_4']));
$tool_tip_lan_1 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_1']));
$tool_tip_lan_2 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_2']));
$tool_tip_lan_3 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_3']));
$tool_tip_lan_4 = mysql_escape_string(stripslashes($_REQUEST['tool_tip_lan_4']));


//get parent field data from database entry if available
$sql_query = mysql_query("SELECT * FROM " . $db_table_prefix . 'cat_' . "$page WHERE `id` = $id");
while($sql_result = @mysql_fetch_array($sql_query)){
	$old_parent = $sql_result[parent];
	$old_image = $sql_result[image];
	$old_date = $sql_result[date];
}


// calculate icon type from url (if url is local)
$link_type = $link_url;
$icon_type = '';


//get number of entries in new parent table
$sql_result = mysql_query("select count(*) from '$parent'");
$order = @mysql_result($sql_result,0) + 1;
if ($order < 1) $order = 1;

//if $page does not exist add data to database
if ($page == '' || !isset($page) || $page == 'admin') {

	mysql_query("INSERT INTO `" . $db_table_prefix . $parent . "` VALUES(NULL,
  (now()),
  '$order',
  '$parent',
  '$title_lan_1',
  '$title_lan_1',
  '$icon_path',
	'$link_url',
	'on',
  '$title_lan_1',
  '$tool_tip_lan_1',
  '',
  '$title_lan_2',
  '$tool_tip_lan_2',
  '',
  '$title_lan_3',
  '$tool_tip_lan_3',
  '',
  '$title_lan_4',
  '$tool_tip_lan_4',
  '')") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());;

	$sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$parent` WHERE `description_lan_1` = '$description_lan_1'");
	while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];

	//$page already exists - update data in database
} else {

	//new and old parent fields are the same - update existing entry
	if ($old_parent == $parent){

		//breakpoint($description_lan_1);

		// sort out order and type fields
		mysql_query("UPDATE `" . $db_table_prefix . "$parent` SET
		`date` = '$old_date',
		`order` = '$order',
		`child` = '$title_lan_1',
		`category` = '$title_lan_1',
		`link_url` = '$link_url',
		`title_lan_1` = '$title_lan_1',
		`tool_tip_lan_1` = '$tool_tip_lan_1',
		`title_lan_2` = '$title_lan_2',
		`tool_tip_lan_2` = '$tool_tip_lan_2',
		`title_lan_3` = '$title_lan_3',
		`tool_tip_lan_3` = '$tool_tip_lan_3',
		`title_lan_4` = '$title_lan_4',
		`tool_tip_lan_4` = '$tool_tip_lan_4' WHERE `id` = '$id'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());;


		//else parent fields are different
	} else {
		//so delete data from old table
		mysql_query("DELETE FROM `" . $db_table_prefix . "$old_parent` WHERE `id` = '$id'");

		//reorder id of old table by recreating field
		mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_parent` DROP `id`");
		mysql_query("ALTER TABLE `" . $db_table_prefix . "$old_parent` ADD `id` MEDIUMINT( 16 ) NOT NULL AUTO_INCREMENT PRIMARY KEY FIRST");

		//add data to new table
		mysql_query("INSERT INTO `" . $db_table_prefix . "$parent` VALUES(NULL,
    '$old_date',
    '$order',
    '$parent',
    '$title_lan_1',
    '$title_lan_1',
    '$old_image',
		'$link_url',
		'on',
    '$title_lan_1',
    '$tool_tip_lan_1',
    '',
    '$title_lan_2',
    '$tool_tip_lan_2',
    '',
    '$title_lan_3',
    '$tool_tip_lan_3',
    '',
    '$title_lan_4',
    '$tool_tip_lan_4',
    '')") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());

		$sql_query = mysql_query("SELECT * FROM `" . $db_table_prefix . "$parent` WHERE `description_lan_1` = '$description_lan_1'") or die ("<b>A fatal MySQL error occured</b>.\n<br />Query: " . $sql_query . "<br />\nError: (" . mysql_errno() . ") " . mysql_error());
		while($sql_result = mysql_fetch_array($sql_query)) $id = $sql_result[id];
	}
}
?>
Back to Top