2 /* $Id: admin_handler.php,v 1.7.4.4 2006/03/23 16:06:06 cknudsen Exp $ */
3 include_once 'includes/init.php';
8 $error = translate("You are not authorized");
12 while ( list ( $key, $value ) = each ( $HTTP_POST_VARS ) ) {
13 $setting = substr ( $key, 6 );
16 // validate key name. should start with "admin_" and not include
17 // any unusual characters that might cause SQL injection
18 if ( ! preg_match ( '/admin_[A-Za-z0-9_]+$/', $key ) ) {
19 die_miserable_death ( 'Invalid admin setting name "' .
22 if ( strlen ( $setting ) > 0 ) {
23 $sql = "DELETE FROM webcal_config WHERE cal_setting = '$setting'";
24 if ( ! dbi_query ( $sql ) ) {
25 $error = translate("Error") . ": " . dbi_error () .
26 "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
29 if ( strlen ( $value ) > 0 ) {
30 $sql = "INSERT INTO webcal_config " .
31 "( cal_setting, cal_value ) VALUES " .
32 "( '$setting', '$value' )";
33 if ( ! dbi_query ( $sql ) ) {
34 $error = translate("Error") . ": " . dbi_error () .
35 "<br /><br /><span style=\"font-weight:bold;\">SQL:</span> $sql";
43 if ( empty ( $error ) ) {
44 if ( empty ( $ovrd ) )
45 do_redirect ( "admin.php" );
47 do_redirect ( "admin.php?ovrd=$ovrd" );
53 <h2><?php etranslate("Error")?></h2>
55 <?php etranslate("The following error occurred")?>:
60 <?php print_trailer(); ?>