Kyberia v2.3 - 1st revision from SVN (Without patches of kyberia.sk team)

[mirrors/Kyberia-bloodline.git] / inc / eventz / set_header_template.inc

diff --git a/inc/eventz/set_header_template.inc b/inc/eventz/set_header_template.inc
index 425f603f789fc3575c9428f75103acdce70bd6a2..6743687d3e86ed0dcc4343981ccfca37b48777a2 100644 (file)
--- a/inc/eventz/set_header_template.inc
+++ b/inc/eventz/set_header_template.inc
@@ -1,21 +1,24 @@
 <?php
-/* This program is free software. It comes without any warranty, to
- * the extent permitted by applicable law. You can redistribute it
- * and/or modify it under the terms of the Do What The Fuck You Want
- * To Public License, Version 2, as published by Sam Hocevar. See
- * http://sam.zoy.org/wtfpl/COPYING for more details. */
-
-
+// modifikacia ktora dovoli natiahnut iba spravny header template
 function set_header_template() {
-       global $db,$error;
-       $header_id=$_POST['header_id'];
-       $user_id=$_SESSION['user_id'];
-       if (!$user_id) {
-               return false;
-       }
+global $db,$error;
+$header_id=mysql_real_escape_string($_POST['header_id']);
+$user_id=$_SESSION['user_id'];
+
+if (!$user_id) {
+return false;
+}
+if ($header_id !=''){
+$header_id = (int) $header_id; //integer only..[a odsekne medzery]
+$set=$db->query("select * from nodes where external_link='template://$header_id'");
+if($set->getNumRows()!=1) {
+global $error;
+$error="dana noda bud neexistuje alebo neni nakonfigurovana ako template";
+return false;        }
+}
 
-       $db->query("update users set header_id='$header_id' where user_id='$user_id'");
-       $_SESSION['header_id']=$header_id;
+$db->query("update users set header_id='$header_id' where user_id='$user_id'");
+$_SESSION['header_id']=$header_id;
 }
 
-?>
+?>
\ No newline at end of file