1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
<?xml version="1.0" encoding="UTF-8" ?>
<page>
<info>
<name>Privileges:Update</name>
<template>phpexec</template>
<access>00</access>
<type>c</type>
</info>
<data>
<code>
<![CDATA[
<?PHP
require_once('code/db.inc.php');
require_once('code/links.inc.php');
require_once('code/pages.inc.php');
if($_POST['type'] != 'c' && $_POST['type'] != 'n' && $_POST['type'] != 'e')
exit();
$groupres = $GLOBALS['db']->Execute('SELECT id FROM groups ORDER by id');
$pages = $GLOBALS['pages']->GetList();
$groups = $groupres->GetArray();
array_unshift($groups, array(0));
$group_max = $groups[count($groups)-1][0];
foreach($pages as $page) {
if($page[strlen($page)-1] != $_POST['type']) continue;
$page = substr($page, 0, -2);
$access = array_fill(0, $group_max/8 + 1, 0);
foreach($groups as $group) {
if(isset($_POST[$page . ':' . $group[0]]))
$access[$group[0]/8] |= (1 << ($group[0]%8));
}
$privileges = join('', array_map('chr', $access));
$GLOBALS['db']->Execute('UPDATE pages SET access = ? WHERE name = ?', array($privileges, $page));
if($GLOBALS['db']->Affected_Rows()) continue;
$pagedata = $GLOBALS['pages']->GetPageData($page, $_POST['type']);
$access = '';
for($i = 0; $i < strlen($pagedata['access']); $i+=2)
$access .= chr(hexdec(substr($pagedata['access'], $i, 2)));
if($access == substr($privileges, 0, strlen($access))) {
for($i = strlen($access); $i < strlen($privileges); $i++)
if($privileges[$i] != 0) break;
if($i == strlen($privileges)) continue;
}
$string = '';
foreach($pagedata['data'] as $key => $val)
$string .= urlencode($key) . '=' . urlencode($val) . '&';
$GLOBALS['db']->Execute('INSERT INTO pages (name, template, access, data, type) VALUES (?, ?, ?, ?, ?)',
array($page, $pagedata['template'], $access, $string, $_POST['type']));
}
header('Location: ' . $GLOBALS['links']->GetNeonLink('Privileges', 'type=' . $_POST['type'], false));
exit();
$GLOBALS['pages']->GetPageData()
?>
]]>
</code>
</data>
</page>
|