<?php
/************************************
* Cadence
* Remotely Hosted Guestbook Script.
* (c) 2006, Dennis Pedrie
* www.CadenceBook.com
* options.php
***********************************
* Cadence Guestbook is licensed under
* a Creative Commons License.
* More information is available by visiting
* http://creativecommons.org/licenses/by/3.0/
* or the LICENSE file in the Cadence Root Folder
***********************************/
if(!defined('IN_CADENCE')) {
trigger_error("You may not access this file directly",E_USER_ERROR);
}
$do = $_GET['do'];
if(!$do) {
$do = "settings";
}
if($do == "settings") {
if(!$_POST['submit']) {
$options = ($val_type == 0) ? "<option value=\"0\" selected>No Validation</option>" : "<option value=\"0\">No Validation</option>";
$options .= ($val_type == 1) ? "<option value=\"1\" selected>Email Validation</option>" : "<option value=\"1\">Email Validation</option>";
$options .= ($val_type == 2) ? "<option value=\"2\" selected>Admin Validation</option>" : "<option value=\"2\">Admin Validation</option>";
$options .= ($val_type == 3) ? "<option value=\"3\" selected>Email and Admin Validation</option>" : "<option value=\"3\">Email and Admin Validation</option>";
$values = array(
"title" => $gbook->title,
"email" => $gbook->email,
"val_type" => $gbook->val_type,
"flood" => $gbook->flood,
"about" => $gbook->about,
"options" => $options);
$tpl->assign("values",$values);
$tpl->display("system/admin/options.tpl");
}
else {
if($_GET['book'] == $book && $_POST['id'] == $book) {
$values = array(
"title" => $post->clean_var($_POST['title']),
"email" => $post->clean_var($_POST['email']),
"val_type" => $post->clean_var($_POST['val_type']),
"flood" => $post->clean_var($_POST['flood']),
"about" => $post->clean_var($_POST['about'],true));
}
else {
$gbook->kill("Incorrect Access");
}
foreach($values as $key=>$var) {
if(strlen($var) == 0 && $key != "about") {
$gbook->kill("All fields except About must be completed.");
}
}
$db->query("UPDATE ". TABLE_PREFIX ."gbooks SET gbook_title = '". $values['title'] ."',
gbook_email = '". $values['email'] ."',
gbook_val_type = '". $values['val_type'] ."',
gbook_flood = '". $values['flood'] ."',
gbook_about = '". $values['about'] ."'
WHERE gbook_id = '". intval($_GET['book']) ."'");
echo "Settings updated.";
}
}
if($do == "profile") {
if(!$_POST['submit']) {
$tpl->assign("name",$gbook->display_name);
$tpl->display("system/admin/profile.tpl");
}
else {
if($_GET['book'] == $book && $_POST['id'] == $book) {
$values = array(
"name" => $post->clean_var($_POST['name']),
"current_pass" => $post->clean_var($_POST['current_pass']),
"new_pass" => $post->clean_var($_POST['new_pass']),
"confirm_pass" => $post->clean_var($_POST['confirm_pass']));
}
else {
$gbook->kill("Incorrect Access");
}
if(strlen($values['name']) == 0) {
$gbook->kill("Display Name may not be left blank.");
}
if(strlen($values['current_pass']) > 0) {
if($values['new_pass'] == $values['confirm_pass']) {
$changepass = true;
}
else {
$gbook->kill("The New Password field must be identical to the Confirm Password field.");
}
}
$sql = "UPDATE ". TABLE_PREFIX ."gbooks SET gbook_display_name = '". $values['name'] ."'";
$sql .= ($changepass) ? ", gbook_pass = password('". $values['new_pass'] ."')" : '';
$sql .= " WHERE gbook_id = '". intval($_GET['book']) ."'";
// Update Record
$db->query($sql);
// Get new Password Hash
$hash = $db->get_var("SELECT gbook_pass FROM ". TABLE_PREFIX ."gbooks WHERE gbook_id = '". intval($_GET['book']) ."'");
header("location:index.php?book=". intval($_GET['book']));
}
}
?>