Security fix (sqli)
[mirrors/Kyberia-bloodline.git] / trash / configure_parent.inc
1 <?php
2 function configure_parent() {
3 global $db,$error,$node;
4 $user_id=$_SESSION['user_id'];
5
6 if (empty($_POST['node_creator'])) {
7 $owner_id=$node['node_creator'];
8 }
9
10 else {
11 $node_creator=$_POST['node_creator'];
12 $q="select user_id from users where login like '$node_creator'";
13 $ownerset=$db->query($q);
14 if (!$ownerset->getNumRows()) {
15 $error="user $node_creator does not exist";
16 return false;
17 }
18 else {
19 $ownerset->next();
20 $owner_id=$ownerset->getString('user_id');
21 }
22 }
23
24 $node_vector=$_POST['node_vector'];
25 $old_vector=$node['node_vector'];
26 if (is_numeric($_POST['template_id'])) $template_id=$_POST['template_id'];
27 $node_parent=$_POST['node_parent'];
28 $node_created=$_POST['node_created'];
29 $node_id=$node['node_id'];
30
31
32 $permissions=permissions::checkPermissions($node_parent);
33 if (!$permissions['w']) {
34 $error="you don't have permissions for writing into $node_parent";
35 return false;
36 }
37
38 if ($node_parent) {
39 // $set=$db->query("select node_vector from nodes where node_id='$node_parent'");
40 // $set->next();
41 // $node_vector=$set->getString('node_vector');
42 $parent_node=nodes::getNodeById($node_parent,$_SESSION['user_id']);
43 $node_vector=$parent_node['node_vector'].";".$parent_node['node_id'];;
44 }
45
46 if ($node_vector!=$old_vector) {
47 $q="update nodes set node_vector=replace(node_vector,'$old_vector','$node_vector') where node_vector like '%$old_vector;$node_id%'";
48 $changed=$db->update($q);
49 $q="update nodes set node_children_count=node_children_count+1 where node_id='$node_parent'";
50 $db->update($q);
51 $q="update nodes set node_children_count=node_children_count-1 where node_id='$old_parent'";
52 $db->update($q);
53 logger::log('vector change',$changed,$old_vector,$node_vector);
54 }
55 return true;
56 ?>
This page took 0.307972 seconds and 4 git commands to generate.