STR, 'phrasetext' => STR, 'matchmethod' => STR, 'do' => STR, 'doneinsert' => INT, 'oldvarname' => STR));
$use['varname'] = (bool)$_REQUEST['use']['varname'];
$use['phrasetext'] = (bool)$_REQUEST['use']['phrasetext'];
$use['and'] = iff($vars['matchmethod'] == 'and', true, false);
$use['or'] = iff($use['and'], false, true);
$use['matcher'] = iff($use['and'], 'AND', 'OR');
$select['or'] = iff($use['or'], SELECTED);
$select['and'] = iff($use['and'] , SELECTED);
$select['search'] = iff($vars['do'] == 'search', SELECTED);
$select['insert'] = iff($vars['do'] == 'insert' OR $vars['doneinsert'], SELECTED);
$select['delete'] = iff($vars['do'] == 'delete', SELECTED);
function sanitize_name($name)
{
$name = preg_replace('#[^a-zA-Z0-9_]#', '_', $name);
$name = preg_replace('#_{1,}#', '_', $name);
$name = preg_replace('#(^_|_$)#', '', $name);
return $name;
}
// ###################################################################
echo <<Search
HTML;
if ($_REQUEST['do'])
{
echo "\n\n
\n\n";
}
// ###################################################################
if ($_REQUEST['do'] == 'kill')
{
$DB_sql->query("DELETE FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'");
header("Location: phrasetools.php");
}
// ###################################################################
if ($_REQUEST['do'] == 'delete')
{
$phrase = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'");
if (!$phrase)
{
echo 'Not a valid phrase!';
exit;
}
echo "Delete
\n\nFound: $phrase[varname] ===> $phrase[phrasetext]
";
}
// ###################################################################
if ($_POST['do'] == 'insert')
{
$vars['varname'] = str_replace(' ', '_', $vars['varname']);
$DB_sql->query("
INSERT INTO " . TABLE_PREFIX . "phrase
(varname, phrasetext)
VALUES
('" . addslasheslike(sanitize_name($vars['varname'])) . "', '" . addslasheslike($vars['phrasetext']) . "'
)"
);
header("Location: phrasetools.php?do=edit&doneinsert=1&varname=$vars[varname]");
}
// ###################################################################
if ($_POST['do'] == 'update')
{
$DB_sql->query("
UPDATE " . TABLE_PREFIX . "phrase
SET varname = '" . addslasheslike(sanitize_name($vars['varname'])) . "',
phrasetext = '" . addslasheslike($vars['phrasetext']) . "'
WHERE varname = '" . addslasheslike($vars['oldvarname']) . "'"
);
header("Location: phrasetools.php?do=edit&varname=$vars[varname]");
}
// ###################################################################
if ($_REQUEST['do'] == 'edit')
{
$phrase = $DB_sql->query_first("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE varname = '" . addslasheslike($vars['varname']) . "'");
if (!$phrase)
{
echo 'Not a valid phrase!';
exit;
}
echo <<Edit
HTML;
}
// ###################################################################
if ($_REQUEST['do'] == 'search')
{
if ($use['varname'] AND !$use['phrasetext'])
{
$where = "varname LIKE '%$vars[varname]%'";
}
else if (!$use['varname'] AND $use['phrasetext'])
{
$where = "phrasetext LIKE '%$vars[phrasetext]%'";
}
else
{
$where = "varname LIKE '%$vars[varname]%' $use[matcher] phrasetext LIKE '%$vars[phrasetext]%'";
}
$phrases = $DB_sql->query("SELECT * FROM " . TABLE_PREFIX . "phrase WHERE $where");
$numrows = $DB_sql->num_rows($phrases);
if ($numrows < 1)
{
echo 'No results found!';
exit;
}
if ($numrows > 2)
{
while ($phrase = $DB_sql->fetch_array($phrases))
{
echo "\$bugsys->language['
$phrase[varname]'] =======> " . htmlspecialcharslike($phrase['phrasetext']) . "
";
}
}
else
{
$phrase = $DB_sql->fetch_array($phrases);
header("Location: phrasetools.php?do=edit&varname=$phrase[varname]");
}
}
?>