Location: PHPKode > projects > Buzzword > buzzword-0.8.12/admin/preferences.php
<?php

/*
 * buzzword
 * Copyright (c) 2003 Jon Tai
 *
 * $Id: preferences.php 350 2004-04-21 08:48:45Z jon $
 *
 * This file is part of buzzword.
 *
 * buzzword is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * buzzword is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with buzzword; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

/*
 * I hate the design of this page, but if we want to stay consistant with the
 * installer, this will have to be how it is.
 */
require_once './config.inc';
force_admin_login();

if (get_request_var('update-prefs')) {
    // Not sure if this is the most sane way to do this, but it seems to make
    // sense and it disallows garbage values from entering.
    $sql = 'SELECT preference_key, name, type ';
    $sql .= 'FROM '.DB_PREFIX.'preferences ';
    $sql .= 'ORDER BY name';
    $result = mysql_query($sql);

    while ($row = mysql_fetch_assoc($result)) {
        $value = get_request_var('pref_'.$row['preference_key']);
        if ($value) {
            set_pref($row['name'], $row['type'], $value);
        } else if ($row['type'] == 'b') {
	    // HTML spec states that when a checkbox isnt checked, no data
	    // gets sent to us.  We assume that if a checkbox is not set in
	    // the request data but exists in the database, that it should
	    // be set to false.  This could be _quite bad_ in the case where
	    // someone tries to spoof GET data and misses some boolean
	    // prefs, but tough cookies.  Truthfully, are we writing this
	    // software for GET spoofers?  I think not.
            set_pref($row['name'], $row['type'], FALSE);
        }
    }
}

include '../includes/header.inc';

// FIXME: This table inside the form doesnt W3C validate.
?>
<table cellpadding=0 cellspacing=0 border=0 width="100%">
<tr>
<td id="content">
<h1>edit preferences</h1>
<div class="content-container">
<form name="entry" method="post" action="preferences.php">
<?php

$sql = 'SELECT preference_key, name, type ';
$sql .= 'FROM '.DB_PREFIX.'preferences ';
$sql .= 'ORDER BY name';
$result = mysql_query($sql);

while ($row = mysql_fetch_assoc($result)) {

?>
<p>
<?php

echo htmlspecialchars($row['name']).':';

// Now we do type checking
if ($row['type'] == 'b') {
    echo '<input type="checkbox" name="pref_'.$row['preference_key'].'" value="true"';
    if (get_pref($row['name']))
        echo ' checked';
    echo '>';
} else {
    // we'll treat everything thats not a boolean as a string
    echo '<br><input type="text" name="pref_'.$row['preference_key']
        .'" class="input"'
        .' value="'.htmlspecialchars(get_pref($row['name'])).'">';
}

?>
</p>
<?php

}

?>
<p>
<input type="hidden" name="update-prefs" value="1">
<input type="submit" value="save" class="submit">
</p>
</form>
</div>
</td>
<td id="sidebar">
<h1>administration</h1>
<div class="sidebar-container">
<p>
<a href="../admin/preferences.php">preferences</a><br>
<a href="../admin/index.php?admin-logout=1">log out</a><br>
</p>
</div>
</td>
</tr>
</table>
<?php

include '../includes/footer.inc';

?>
Return current item: Buzzword