git-svn-id: https://xerteonlinetoolkits.googlecode.com/svn/trunk@299 …

…912cdd6b-5c7d-d5a7-a2ba-d0f0cdb91641
thexerteproject · Apr 20, 2012 · 81a4998 · 81a4998
1 parent d2fea93
commit 81a4998
Show file tree

Hide file tree

Showing 6 changed files with 460 additions and 153 deletions.
diff --git a/modules/xerte/edit.php b/modules/xerte/edit.php
@@ -95,21 +95,11 @@ function hideunload(){
 
     function bunload(){
 
-        path = "<?PHP
+        path = "<?PHP echo $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/";?>";
 
-    if($version_control){
+		template = "<?PHP  echo $row_edit['template_id']; ?>";
 
-        echo $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/";
-
-    }else{
-
-        echo $row_edit['template_id'] . "-" . $row_username['username'] . "-" . $row_edit['template_name'] . "/";
-
-    }
-
-?>";
-
-window_reference.edit_window_close(path);	
+window_reference.edit_window_close(path,template);	
 
     }
 

diff --git a/preview.php b/preview.php
@@ -21,6 +21,7 @@
  * Check the ID is numeric
  */
 if(isset($_SESSION['toolkits_logon_id'])) {
+
     if(is_numeric($_GET['template_id'])) {
 
         $safe_template_id = (int) $_GET['template_id'];
@@ -34,11 +35,12 @@
 
         $query_for_preview_content = str_replace("TEMPLATE_ID_TO_REPLACE", $safe_template_id, $query_for_preview_content_strip);	
 
-        // get their username from the db which matches their login_id from the $_SESSION
-        $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($_SESSION['toolkits_logon_id']));
-
-        $row = db_query_one($query_for_preview_content);
+		$row = db_query_one($query_for_preview_content);
 
+        // get their username from the db which matches their login_id from the $_SESSION
+        $row_username = db_query_one("select username from {$xerte_toolkits_site->database_table_prefix}logindetails where login_id=?", array($row['user_id']));
+
+
         // is there a matching template?
         if(!empty($row)) {
             // if they're an admin or have rights to see the template, then show it.
@@ -47,8 +49,17 @@
                 show_preview_code($row, $row_username);		
                 exit(0);
             }
+
         }
-    }
-}
+
+    }else{
+
+		echo PREVIEW_RESOURCE_FAIL;
+
+	}
+
+}else{
 
-echo PREVIEW_RESOURCE_FAIL;
+	echo PREVIEW_RESOURCE_FAIL;
+
+}