svn commit: r301 - trunk/mapbender/http/php/mod_newGui.php
uli at osgeo.org
uli at osgeo.org
Tue May 16 04:01:12 EDT 2006
Author: uli
Date: 2006-05-16 08:01:12+0000
New Revision: 301
Modified:
trunk/mapbender/http/php/mod_newGui.php
Log:
db_prep_query included
verification of user permissions
Modified: trunk/mapbender/http/php/mod_newGui.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/php/mod_newGui.php?view=diff&rev=301&p1=trunk/mapbender/http/php/mod_newGui.php&p2=trunk/mapbender/http/php/mod_newGui.php&r1=300&r2=301
==============================================================================
--- trunk/mapbender/http/php/mod_newGui.php (original)
+++ trunk/mapbender/http/php/mod_newGui.php 2006-05-16 08:01:12+0000
@@ -17,14 +17,12 @@
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-session_start();
-
import_request_variables("PG");
-require_once("../php/mb_validateSession.php");
require_once("../../conf/mapbender.conf");
-$con = db_connect($DBSERVER,$OWNER,$PW);
+$con = db_connect(DBSERVER,OWNER,PW);
db_select_db(DB,$con);
-$gui_id = $_SESSION["mb_user_gui"];
+require_once("../php/mb_validatePermission.php");
+$self = $PHP_SELF . "?".SID."&guiID=".$_REQUEST["guiID"]."&elementID=".$_REQUEST["elementID"];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -40,45 +38,53 @@
<?php include '../include/dyn_css.php'; ?>
<?php
if(isset($newGui) && $newGui != ""){
- $sql = "SELECT gui_id FROM gui WHERE gui_id ='".$newGui."'";
- $res = db_query($sql);
+ $sql = "SELECT gui_id FROM gui WHERE gui_id = $1";
+ $v = array($newGui);
+ $t = array('s');
+ $res = db_prep_query($sql,$v,$t);
if(db_fetch_row($res)){
echo "<script type='text/javascript'>";
echo "alert('Error: Gui already exists!');";
echo "</script>";
}
else{
- $sql = "INSERT INTO gui (gui_id,gui_name,gui_description,gui_public) VALUES('".$newGui."','".$newGui."','".$newDesc."',1)";
- $res = db_query($sql);
- $sql = "INSERT INTO gui_mb_user (fkey_gui_id,fkey_mb_user_id,mb_user_type) VALUES('".$newGui."',".$_SESSION["mb_user_id"].", 'owner')";
- $res = db_query($sql);
- require_once("mb_getGUIs.php");
- $arrayGUIs = mb_getGUIs( $_SESSION["mb_user_id"]);
- $_SESSION["mb_user_guis"] = $arrayGUIs;
- $guiCreated=true;
+ $sql = "INSERT INTO gui (gui_id,gui_name,gui_description,gui_public) ";
+ $sql .= "VALUES($1, $2, $3, $4)";
+ $v = array($newGui,$newGui,$newDesc,1);
+ $t = array('s','s','s','i');
+ $res = db_prep_query($sql,$v,$t);
+ $sql = "INSERT INTO gui_mb_user (fkey_gui_id,fkey_mb_user_id,mb_user_type) ";
+ $sql .= "VALUES($1, $2, $3)";
+ $v = array($newGui,$_SESSION["mb_user_id"], 'owner');
+ $t = array('s','i','s');
+ $res = db_prep_query($sql,$v,$t);
+ require_once("mb_getGUIs.php");
+ $arrayGUIs = mb_getGUIs( $_SESSION["mb_user_id"]);
+ $_SESSION["mb_user_guis"] = $arrayGUIs;
+ $guiCreated=true;
}
}
?>
<script type="text/javascript">
<!--
function setFocus(){
- document.form1.newGui.focus();
+ document.form1.newGui.focus();
}
function validate(){
- if(document.form1.newGui.value == ""){
- alert("Please enter a GUI-NAME!");
- document.form1.newGui.focus();
- return;
- }
- else{
- document.form1.submit();
- }
+ if(document.form1.newGui.value == ""){
+ alert("Please enter a GUI-NAME!");
+ document.form1.newGui.focus();
+ return;
+ }
+ else{
+ document.form1.submit();
+ }
}
// -->
</script>
</head>
<body onload='setFocus()'>
-<form name='form1' action="<?php echo $PHP_SELF .'?'.SID ?>" method="POST">
+<form name='form1' action="<?php echo $self ?>" method="POST">
<table>
<tr><td>Name: </td><td><input type='text' name='newGui'></td></tr>
<tr><td>Description: </td><td><input type='text' name='newDesc'></td></tr>
@@ -88,13 +94,12 @@
<?php
if(isset($newGui) && $newGui != ""){
if ($guiCreated==true){
- echo "<p class = 'guiList'>";
- echo "The GUI <b>".$newGui."</b> has been created successfully.";
+ echo "<p class = 'guiList'>";
+ echo "The GUI <b>".$newGui."</b> has been created successfully.";
echo "<p>";
- }
+ }
}
?>
-
</form>
</body>
</html>
\ No newline at end of file
More information about the Mapbender_commits
mailing list