diff --git a/MainPreloader.swf b/MainPreloader.swf index f7fa526d6c..fb049edb2e 100644 Binary files a/MainPreloader.swf and b/MainPreloader.swf differ diff --git a/XMLEngine.swf b/XMLEngine.swf index abb0a826bf..8dc187a7b3 100644 Binary files a/XMLEngine.swf and b/XMLEngine.swf differ diff --git a/config.php b/config.php index be4802e942..401d789fb7 100644 --- a/config.php +++ b/config.php @@ -22,9 +22,6 @@ global $development; $development = false; -if(php_uname('n') == 'orange') { - $development = true; -} ini_set('error_reporting', 0); if($development) { ini_set('error_reporting', E_ALL); diff --git a/modules/xerte/preview.php b/modules/xerte/preview.php index d0b9c41555..c1830b86db 100644 --- a/modules/xerte/preview.php +++ b/modules/xerte/preview.php @@ -50,6 +50,8 @@ function show_preview_code($row, $row_username){ $dimension = explode("~",get_template_screen_size($row['template_name'],$row['template_framework'])); + require_once("config.php"); + _load_language_file("/modules/xerte/preview.inc"); ?> diff --git a/preview.php b/preview.php index 9035d2a558..53a943a0c5 100644 --- a/preview.php +++ b/preview.php @@ -21,83 +21,89 @@ * Check the ID is numeric */ -if(is_numeric($_GET['template_id'])){ +if(isset($_SESSION['toolkits_logon_id'])){ - $safe_template_id = mysql_real_escape_string($_GET['template_id']); + if(is_numeric($_GET['template_id'])){ - $mysql_id=database_connect("Preview database connect successful","Preview database connect failed"); + $safe_template_id = mysql_real_escape_string($_GET['template_id']); - /* - * Standard query - */ + $mysql_id=database_connect("Preview database connect successful","Preview database connect failed"); - $query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); + /* + * Standard query + */ - $query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip); + $query_for_preview_content_strip = str_replace("\" . \$xerte_toolkits_site->database_table_prefix . \"", $xerte_toolkits_site->database_table_prefix, $xerte_toolkits_site->play_edit_preview_query); - $query_for_preview_content_response = mysql_query($query_for_preview_content); + $query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip); - if(mysql_num_rows($query_for_preview_content_response)!=0){ + $query_for_preview_content_response = mysql_query($query_for_preview_content); - $row = mysql_fetch_array($query_for_preview_content_response); + if(mysql_num_rows($query_for_preview_content_response)!=0){ - /* - * Check users has some rights to this template - */ + $row = mysql_fetch_array($query_for_preview_content_response); - if(has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])){ + /* + * Check users has some rights to this template + */ - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; + if(has_rights_to_this_template($row['template_id'], $_SESSION['toolkits_logon_id'])){ - $query_for_username_response = mysql_query($query_for_username); + $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; - $row_username = mysql_fetch_array($query_for_username_response); + $query_for_username_response = mysql_query($query_for_username); - require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php"; + $row_username = mysql_fetch_array($query_for_username_response); - show_preview_code($row, $row_username); + require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php"; - /* - * User might be admin so show code then - */ + show_preview_code($row, $row_username); - }else if(is_user_admin()){ + /* + * User might be admin so show code then + */ - $mysql_id=database_connect("Preview database connect successful","Preview database connect failed"); + }else if(is_user_admin()){ - $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; + $mysql_id=database_connect("Preview database connect successful","Preview database connect failed"); - $query_for_username_response = mysql_query($query_for_username); + $query_for_username = "select username from " . $xerte_toolkits_site->database_table_prefix . "logindetails where login_id=\"" . $row['user_id'] . "\""; - $row_username = mysql_fetch_array($query_for_username_response); + $query_for_username_response = mysql_query($query_for_username); - require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php"; + $row_username = mysql_fetch_array($query_for_username_response); - show_preview_code($row, $row_username); + require $xerte_toolkits_site->root_file_path . "modules/" . $row['template_framework'] . "/preview.php"; - } + show_preview_code($row, $row_username); - }else{ + } - /* - * No rights, show error - */ + }else{ - echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . PREVIEW_RESOURCE_FAIL . ""; + /* + * No rights, show error + */ - die(); + echo PREVIEW_RESOURCE_FAIL; - } + die(); -}else{ + } + + }else{ + + echo PREVIEW_RESOURCE_FAIL; - /* - * No rights, show error - */ + die(); - echo file_get_contents($xerte_toolkits_site->website_code_path . "error_top") . PREVIEW_RESOURCE_FAIL . ""; + } + +}else{ + + echo PREVIEW_RESOURCE_FAIL; - die(); + die(); }