in['varname'];
$vars['phrasetext'] = $bugsys->unsanitize($bugsys->in['phrasetext']);
$vars['matchmethod'] = $bugsys->in['matchmethod'];
$vars['do'] = $bugsys->in['do'];
$vars['doneinsert'] = intval($bugsys->in['doneinsert']);
$vars['oldvarname'] = $bugsys->in['oldvarname'];
$use['varname'] = (bool)$_REQUEST['use']['varname'];
$use['phrasetext'] = (bool)$_REQUEST['use']['phrasetext'];
$use['and'] = (($vars['matchmethod'] == 'and') ? true : false);
$use['or'] = (($use['and']) ? false : true);
$use['matcher'] = (($use['and']) ? 'AND' : 'OR');
$select['or'] = (($use['or']) ? SELECTED : '');
$select['and'] = (($use['and']) ? SELECTED : '');
$select['search'] = (($vars['do'] == 'search') ? SELECTED : '');
$select['insert'] = (($vars['do'] == 'insert' OR $vars['doneinsert']) ? SELECTED : '');
$select['delete'] = (($vars['do'] == 'delete') ? SELECTED : '');
function sanitize_name($name)
{
$name = preg_replace('#[^a-zA-Z0-9_]#', '_', $name);
$name = preg_replace('#_{1,}#', '_', $name);
$name = preg_replace('#(^_|_$)#', '', $name);
return $name;
}
// ###################################################################
echo <<Search | Export
HTML;
if ($_REQUEST['do'])
{
echo "\n\n
\n\n";
}
// ###################################################################
if ($_REQUEST['do'] == 'kill')
{
$db->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'");
header("Location: phrasetools.php");
}
// ###################################################################
if ($_REQUEST['do'] == 'delete')
{
$phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'");
if (!$phrase)
{
echo 'Not a valid phrase!';
exit;
}
echo "Delete
\n\nFound: $phrase[varname] ===> $phrase[phrasetext]
";
}
// ###################################################################
if ($_POST['do'] == 'insert')
{
$vars['varname'] = str_replace(' ', '_', $vars['varname']);
$db->query("
INSERT INTO " . TABLE_PREFIX . "phrase
(varname, phrasetext)
VALUES
('" . sanitize_name($vars['varname']) . "', '" . $vars['phrasetext'] . "'
)"
);
header("Location: phrasetools.php?do=edit&doneinsert=1&varname=$vars[varname]");
}
// ###################################################################
if ($_POST['do'] == 'update')
{
$db->query("
UPDATE " . TABLE_PREFIX . "phrase
SET varname = '" . sanitize_name($vars['varname']) . "',
phrasetext = '" . $vars['phrasetext'] . "'
WHERE varname = '" . $vars['oldvarname'] . "'"
);
header("Location: phrasetools.php?do=edit&varname=$vars[varname]");
}
// ###################################################################
if ($_REQUEST['do'] == 'edit')
{
$phrase = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . $vars['varname'] . "'");
if (!$phrase)
{
echo 'Not a valid phrase!';
exit;
}
echo <<Edit
HTML;
}
// ###################################################################
if ($_REQUEST['do'] == 'search')
{
if ($use['varname'] AND !$use['phrasetext'])
{
$where = "varname LIKE '%$vars[varname]%'";
}
else if (!$use['varname'] AND $use['phrasetext'])
{
$where = "phrasetext LIKE '%$vars[phrasetext]%'";
}
else
{
$where = "varname LIKE '%$vars[varname]%' $use[matcher] phrasetext LIKE '%$vars[phrasetext]%'";
}
$phrases = $db->query("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE $where");
$numrows = $db->num_rows($phrases);
if ($numrows < 1)
{
echo 'No results found!';
exit;
}
if ($numrows > 2)
{
while ($phrase = $db->fetch_array($phrases))
{
echo "\$bugsys->language['
$phrase[varname]'] =======> " . $bugsys->sanitize($phrase['phrasetext']) . "
";
}
}
else
{
$phrase = $db->fetch_array($phrases);
header("Location: phrasetools.php?do=edit&varname=$phrase[varname]");
}
}
// ###################################################################
if ($_REQUEST['do'] == 'export')
{
require_once('./includes/class_xml_language.php');
$lang = new XML_Language();
$output = $lang->export(-1);
$output = $bugsys->sanitize($output);
echo <<$output
HTML;
}
?>