+<?php
+function addPlugin() {
+ global $db,$error,$node, $error_messages;
+ $add_plugin_id = $_POST['add_plugin_id'];
+
+ if (!is_numeric($add_plugin_id)) {
+ $error = $error_messages['NOT_NUMERIC'];
+ return false;
+ }
+
+ $set = $db->query("select node_parent, node_system_access, node_creator,
+ template_id, node_content, node_name from nodes where nodes.node_id = '$add_plugin_id'");
+ $set->next();
+ $node_parent = $set->getString('node_parent');
+ $node_system_access = $set->getString('node_system_access');
+ $node_creator = $set->getString('node_creator');
+ $node_template = $set->getString('template_id');
+ $node_content = stripslashes($set->getString('node_content'));
+ $plugin_name = $set->getString('node_name');
+ $fp = fopen (SMARTY_PLUGIN_DIR."function.".$plugin_name.".php","w+");
+ fwrite($fp,$node_content);
+ fclose($fp);
+ chown(SMARTY_PLUGIN_DIR.$plugin_name.".php","wwwedit");
+ $q = "update nodes set external_link = 'plugin://$plugin_name' where node_id = '".$add_plugin_id."'";
+ $db->query($q);
+
+ //logging of every plugin for security reasons
+ $params['node_creator'] = UBIK_ID;
+ $params['node_parent'] = 2019772;
+ $params['node_name'] = "addPlugin execute: node $add_plugin_id";
+ $params['node_content'] = "addPlugin execute: node <a href='$add_plugin_id'>$add_plugin_id</a> by user ".$_SESSION['user_name'];
+ $params['node_content'] .= "<br />plugin_name: ".$plugin_name;
+ $params['node_content'] .= "<br />template_id: <a href='$node_template'>".$node_template."</a>";
+ $params['node_content'] .= "<br />node_parent: <a href='$node_parent'>".$node_parent."</a>";
+ $params['node_content'] .= "<br />node_system_access: ".$node_system_access;
+ $params['node_content'] .= "<br />node_creator: <a href='$node_creator'>".$node_creator."</a>";
+ $params['node_content'] = mysql_real_escape_string($params['node_content']);
+ nodes::addNode($params);
+
+ return true;
+}
+?>
\ No newline at end of file