Index: trunk/kernel/action.php
===================================================================
--- trunk/kernel/action.php	(revision 919)
+++ trunk/kernel/action.php	(revision 920)
@@ -1,2486 +1,2486 @@
 <?php
 
 $ro_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
 
 // ====== Debugger related: begin ======
 $script = basename($_SERVER['PATH_TRANSLATED']);
 $skipDebug = Array('index.php','tree.php','head.php','credits.php');
 if( admin_login() && !in_array($script, $skipDebug) )
 {
 	if( IsDebugMode() )
 	{
 		if($Action) $debugger->setHTMLByIndex(1,'Kernel Action: <b>'.$Action.'</b>','append');
 		echo '<a href="javascript:self.location.reload();">Reload Frame</a> || ';
 		echo '<a href="javascript:toggleDebugLayer();">Show Debugger</a><br>';
 	}
 }
 unset($script, $skipDebug);
 // ====== Debugger related: end ======
 
 // Session expiration related
 
-if (!admin_login())
+if (!admin_login() && strlen($Action) > 0)
 {            
     if(!headers_sent())
       setcookie("sid"," ",time()-3600);
     $objSession->Logout();
     header("Location: ".$adminURL."/login.php?expired=1");
     die();
 	//require_once($pathtoroot."admin/login.php");
 }
 
 // End session exipration related
 
 	switch($Action)
 	{
 		case "m_save_import_config":
          	// Set New Import Category
          	if( GetVar('categorylist', true) !== false )
          	{
    		 		$cat_id = $_POST['categorylist'];
 			  	$objSession->SetVariable('categoryid', $cat_id); 		  	
    			  	
 			  	if($cat_id > 0)
 			  	{
 				  	$cat = $objCatList->GetByResource($cat_id);
 	    			if(is_object($cat))
 				    {    
 	      				$navbar = $cat->Get('CachedNavbar');
 	      				$objSession->SetVariable('catnavbar', $navbar);
 	      				$objSession->SetVariable('import_category_id', $cat->UniqueId() );
 				    }
 			  	}elseif($cat_id == 0)
 			  	{
 			  		global $objConfig;
 	      			$objSession->SetVariable('import_category_id', 0);
 			  	}
 			    
 			    $objSession->SetVariable('categorylist', $_POST['categorylist']);
 			}
 			
 			// Set Import Admin Group
 			if( GetVar('grouplist1', true) )
 			{              
 				$group_id = $_POST['grouplist1'];
 				$group = $objGroups->GetItemByField('ResourceId',$group_id);
                 $objSession->SetVariable('user_admin_names', $group->Get('Name')); 
                 $objSession->SetVariable('user_admin_values', $group->Get('GroupId'));
                 $objSession->SetVariable('grouplist1', $_POST['grouplist1']);
 			}   
               
 			// Set Import User Group
 			if( GetVar('grouplist2', true) )
 			{              
             	$group_id = $_POST['grouplist2'];
 				$group = $objGroups->GetItemByField('ResourceId', $group_id);
                 $objSession->SetVariable('user_regular_names', $group->Get('Name')); 
                 $objSession->SetVariable('user_regular_values', $group->Get('GroupId'));
                 $objSession->SetVariable('grouplist2', $_POST['grouplist2']);
 			}
         	break;
 		
 		case "m_add_user":		  
 	  	  	$dupe_user = '';
 			//$user_pending = (int)$_POST["user_pending"];
 			//$user_enabled = (int)$_POST["user_enabled"];
 			$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat()); 
          	$CreatedOn += SecondsSinceMidnight($_POST["user_time"]);
          
 			$dob = DateTimestamp($_POST["user_dob"],GetDateFormat());
 			
 		  	$objEditItems = new clsUserManager();
 		  	$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
 
 		  	if(strlen($_POST["user_login"]))
           		$id = $objUsers->GetUserId($_POST["user_login"]);
 		  	else
 		    	$dob = 0;
 		    
           	if($id)
           	{
               	$lvErrorString = language('la_error_duplicate_username');
               	$dupe_user = $_POST["user_login"];
               	$_POST["user_login"] = '';
             }
           	         
           		$password = md5($_POST["password"]);
 		    	$u = $objEditItems->Add_User($_POST["user_login"], $password,
                 	                    $_POST["user_email"], $CreatedOn, $_POST["user_firstname"], 
                     	                $_POST["user_lastname"], $_POST["status"], 
                         	            $_POST["user_phone"], 
                             	        $_POST["user_street"], $_POST["user_city"], 
                                 	    $_POST["user_state"], $_POST["user_zip"], $_POST["user_country"], $dob);
      
             	$objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
             	$objCustomEdit->SetTable('edit');
             	$objCustomEdit->LoadResource($u->Get("ResourceId"));
             	$CustomFields = new clsCustomFieldList(6);
             	$DataChanged = FALSE;
             	foreach($_POST as $key=>$value)
             	{
             		if(substr($key,0,1)=="_")
             		{
             			$field = substr($key,1);
             			$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
             		
             			if(is_object($cvalue))
             			{
             				$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
             				$DataChanged = TRUE;
             			}
             		}
             	}          	
             	if($DataChanged) $objCustomEdit->SaveData();
             	$objCustomEdit->SetTable('live');
           	
           	
 			break;
 			    
 		case "m_edit_user":
 		    //$CreatedOn = DateTimestamp($_POST["user_date"],GetDateFormat()); 
          	//$CreatedOn += SecondsSinceMidnight($_POST["user_time"]);
             $dob = DateTimestamp($_POST["user_dob"],GetDateFormat());
 			$objEditItems = new clsUserManager();
 			$objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
 			//$user_pending = (int)$_POST["user_pending"];
             //$user_enabled = (int)$_POST["user_enabled"];
             $UserId = (int)$_POST["user_id"];
             //echo $UserId."<br>\n";
             if(!strlen($_POST["user_login"]))
               $dob = 0;
             if(strlen($_POST["password"]))
             {
               $password = md5($_POST["password"]);	
             }  
             else
               $password = "";
 			$u = $objEditItems->Edit_User($UserId, $_POST["user_login"], $password,
                                      $_POST["user_email"], $CreatedOn, $_POST["user_firstname"], 
                                      $_POST["user_lastname"], $_POST["status"], 
                                      $_POST["user_phone"], 
                                      $_POST["user_street"], $_POST["user_city"], 
                                      $_POST["user_state"], $_POST["user_zip"], $_POST["user_country"],
                                      $dob);
            
             $objCustomEdit = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));
             $objCustomEdit->SetTable('edit');
            	$DataChanged = false;
            	
             $objCustomEdit->LoadResource($u->Get("ResourceId"));
             $CustomFields = new clsCustomFieldList(6);
             
             foreach($_POST as $key=>$value)
             {
             	if(substr($key,0,1)=="_")
             	{
             		$field = substr($key,1);
             		$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
             		
             		if(is_object($cvalue))
             		{
             			//echo "Saving CF: (".$cvalue->Get("CustomFieldId")." ; ".$u->Get("ResourceId")." ; $value)<br>";
             			$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$u->Get("ResourceId"),$value);
             			$DataChanged = TRUE;
             		}
             	}
             }
         	
             if($DataChanged)
             	$objCustomEdit->SaveData();
             $objCustomEdit->SetTable('live');
 			break;
 			
 		case "m_user_primarygroup":		 
 		  	if($ro_perm) break;
 		  	$users = explode(',', $_POST["userlist"]);
 		  	$GroupResourceId = $_POST['grouplist'];
 		  	$g = $objGroups->GetItemByField("ResourceId", $GroupResourceId);
 		  	$GroupId = $g->UniqueId();
 		  	
 		  	if( is_array($users) )
 		  		foreach($users as $user_id)
 		  		{
 		  			$u = $objUsers->GetItemByField("ResourceId", $user_id);
 		  			$g->AddUser($u->Get("PortalUserId"), 1);
 		  		}
      		break;
      		
 		case "m_edit_group":		   
 			$objEditItems = new clsGroupList();
 			$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
 			$objEditItems->Edit_Group($_POST["group_id"], $_POST["group_name"],$_POST["group_comments"]);
 		break;
         case "m_add_group":
 			$objEditItems = new clsGroupList();
 			$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
 			$objEditItems->Add_Group($_POST["group_name"], $_POST["group_comments"],0);
 		break;
      case "m_group_sysperm":
 	     if($ro_perm) break;
 	     if($_POST["GroupEditStatus"]==0)
 	     {
 	     	$objSession->ResetSysPermCache();
 	     	$GroupId = $_POST["GroupId"];
 	     	if($GroupId)
 	     	{
 	     		$objEditItems = new clsGroupList();
 	     		$objEditItems->SourceTable = $objSession->GetEditTable("PortalGroup");
 	     		$g = $objEditItems->GetItemByField("ResourceId",$GroupId);
 	     		if(is_object($g))
 	     		{
 	
 	     			$PermList = explode(",",$_POST["PermList"]);
 	     			for($i=0;$i<count($PermList);$i++)
 	     			{
 	     				if(@in_array($PermList[$i],$_POST["inherit"]))
 	     				{
 	     					$value = -1;
 	     				}
 	     				else
 	     				{
 	     					$value = 0;
 	     					if(@in_array($PermList[$i],$_POST["permvalue"]))
 	     					$value = 1;
 	     				}
 	     				$g->SetSystemPermission($PermList[$i],$value);
 	     			}
 	     		}
 	     	}
 	     }
 	     break;
 	     
         case "m_user_sysperm":
           if($ro_perm) break;
           if($_POST["UserEditStatus"]==0)
           {
 		    $UserId = $_POST["ItemId"];
 			if($UserId)
 			{
 			  $objEditItems = new clsUserManager();
 			  $objEditItems->SourceTable = $objSession->GetEditTable("PortalUser");
 			  $u = $objEditItems->GetItemByField("ResourceId",$UserId);
 			  unset($g);
               if(is_object($u))
 			  {
                 $objSession->ResetSysPermCache();
 			    $g = $u->GetPersonalGroup(FALSE);
 			    $PermList = explode(",",$_POST["PermList"]);
 				for($i=0;$i<count($PermList);$i++)
 				{
 				  if(!@in_array($PermList[$i],$_POST["inherit"]))
 				  {
                     if(!is_object($g))
 					  $g = $u->GetPersonalGroup(TRUE);
 
 					$value = 0;					
 					if(is_array($_POST["permvalue"]))
 					{
 				      if(in_array($PermList[$i],$_POST["permvalue"]))
 				        $value =1;
 					  $g->SetSystemPermission($PermList[$i],$value);
 					}
 					else {
 					  $g->SetSystemPermission($PermList[$i], 0);
 					}
 				  }
 				  else
                   {
 				    if(is_object($g))
 					  $g->SetSystemPermission($PermList[$i],-1);
 				  }
 				}
 			  }
 			}
           }
 	    break;
 	    
 		case "m_approve_user":
 			if($ro_perm) break;
 			foreach($_POST["itemlist"] as $userid)
 			{
 				$user = $objUsers->GetItemByField("ResourceId",$userid);
 				$user->Approve();
 			}
             $objUsers->Clear();
 		break;
 
         case "m_deny_user":
             if($ro_perm) break;
             foreach($_POST["itemlist"] as $userid)
             {
                 $user = $objUsers->GetItemByField("ResourceId",$userid);
                 $user->Deny();
             }
             $objUsers->Clear();
         break;
         
 		case "m_delete_user":
 				if($ro_perm) break;
 				foreach($_POST["itemlist"] as $userid)
 					$objUsers->Delete_User($userid);
 		break;
 		
 		case "m_delete_group":
             if($ro_perm) break;
             foreach($_POST["itemlist"] as $groupid)
             {            
 			  	$objGroups->Delete_Group($groupid);
 			}
 		break;
 		
 		case "m_user_assign": // not sure if action is used anywhere
 			if($ro_perm) break;
 			$useridlist = implode("-", $userlist);
 			$objSession->SetUserStatus($useridlist, "g_usergroup_status");
 			$g_usergroup_status = $useridlist;
 			break;
 			
 		case "m_group_assign": // not sure if action is used anywhere
 			if($ro_perm) break;
 			foreach($grouplist as $group) $objGroups->Add_Users_To_Group($group);
 			break;
 			
 		case "m_remove_group":
 			if($ro_perm) break;
 			$adodbConnection = &GetADODBConnection();
 			$adodbConnection->Execute("DELETE FROM UserGroup where UserId='$UserId' AND GroupId='$GroupId'");
 			break;
 
         case "m_SetVariable":  
             $objSession->SetPersistantVariable($_POST["fieldname"], $_POST["varvalue"]);
         	break;
         	
         case "m_SetSessionVariable":
             $objSession->SetVariable($_POST["fieldname"], $_POST["varvalue"]);
             //echo "Setting $fieldname to $varvalue<br>\n";
             if($_POST["fieldname"]=="SearchType")
                 $objSession->SetVariable("SearchWord","");
         	break;
  
        case "m_edit_permissions":           
           if($ro_perm) break;
           
           if($_POST["CatEditStatus"] != -1)
           {
           	$objSession->SetVariable('PermCache_UpdateRequired', 1);
             $GroupId = $_POST["GroupId"];
             $CatId = $_POST["CategoryId"];
             $Module = $_POST["Module"];
             $ado = &GetADODBConnection();
             $sql = "SELECT * FROM ".GetTablePrefix()."PermissionConfig WHERE ModuleId='$Module'";
             $rs = $ado->Execute($sql);
             $PermNames = array();
             while($rs && !$rs->EOF)
             {
                 $data = $rs->fields;
                 $PermNames[] = $data["PermissionName"];
                 $rs->MoveNext();
             }
             
             $inherit = array();
             if(is_array($_POST["inherit"]))
             {            
               foreach($_POST["inherit"] as $perm)
               {
                 $inherit[$perm] = 1;
               }
             }
             $access = array();
             if(is_array($_POST["permvalue"]))
             {            
               foreach($_POST["permvalue"] as $perm)
               {
                 $access[$perm] = 1;
               }
             }
             $objPermList = new clsPermList($CatId,$GroupId);
             $objPermList->LoadCategory($CatId);
 
             for($i=0;$i<count($PermNames);$i++)
             {                 
                if(!array_key_exists($PermNames[$i],$inherit))
                {
                    $PermValue = (int)$access[$PermNames[$i]];
                    
                    $Perm = $objPermList->GetPermByName($PermNames[$i]);                   
                    if($Perm)
                    {
                        $Id = $Perm->Get("PermissionId");
                        //echo "Editing $Id<br>\n";
                        $objPermList->Edit_Permission($Id,$CatId,$GroupId,$PermNames[$i],$PermValue,0);
                    }
                    else
                    {
                        //echo "Adding ".$PermNames[$i];
                        $objPermList->Add_Permission($CatId,$GroupId,$PermNames[$i],$PermValue,0);
                    }
                }
                else
                {        
                   $Perm = $objPermList->GetPermByName($PermNames[$i]);
                   if($Perm)
                   {
                       $Id = $Perm->Get("PermissionId");
                       $objPermList->Delete_Permission($Id);
                   }
                }
             }
             //$c = $objCatList->GetItem($CatId);
             //$glist = $objGroups->GetAllGroupList();
             //$ViewList = $objPermList->GetGroupPermList($c,"CATEGORY.VIEW",$glist );
             //$c->SetViewPerms("CATEGORY.VIEW",$ViewList,$glist);
             //$c->Update();
           }
         break; 
      	case "m_perm_delete_group":
 			if($ro_perm) break;
 			$ado = &GetADODBConnection();
 			$CatId = $_POST["CategoryId"];
 			foreach($_POST["itemlist"] as $groupid)
 			{
 			$g = $objGroups->GetItemByField("ResourceId",$groupid);
 			if(is_object($g))
 			{                
 			    $sql = "DELETE FROM ".GetTablePrefix()."Permissions WHERE CatId=$CatId AND GroupId=".$g->Get("GroupId");
 			    if($objSession->HasSystemPermission("DEBUG.LIST"))
 			        echo $sql."<br>\n";
 			    $ado->Execute($sql);                  
 			}
 			}
         	break;
 
       case "m_user_addto_group":      	
 	      if($ro_perm) break;
 	      $objSession->SetVariable("HasChanges", 1);
 	      $user = $_POST["UserId"];
 	      if(is_numeric($user))
 	      {
 	      	if(strlen($_POST["grouplist"]))
 	      	{
 	      		$groups = explode(",",$_POST["grouplist"]);
 	      		if(is_array($groups))
 	      		{
 	      			for($i=0; $i<count($groups);$i++)
 	      			{
 	      				$g = $objGroups->GetItemByField("ResourceId",$groups[$i]);
 	      				$g->AddUser($user);
 	      			}
 	      		}
 	      		else
 	      		{
 	      			$g = $objGroups->GetItem($groups);
 	      			$g->AddUser($user);
 	      		}
 	      	}
 	      }
 	      break;
 	      
      case "m_group_add_user":       
          if($ro_perm) break;
          $objSession->SetVariable("HasChanges", 1);
          $group = $_POST["GroupId"];
          $EditGroups = new clsGroupList();
          $EditGroups->SourceTable = $objSession->GetEditTable($objGroups->SourceTable);
          $g = $EditGroups->GetItem($group);
 //         echo "Group: $group <br>\n";
          if(is_numeric($group))
          {
              $users = explode(",",$_POST["userlist"]);
              foreach($users as $userid)
              {
                 $u = $objUsers->GetItemByField("ResourceId",$userid);
                 $g->AddUser($u->Get("PortalUserId"));
              }
          }
 
       break;
       case "m_group_removeuser":
           if($ro_perm) break;
           $objSession->SetVariable("HasChanges", 1);
           $group = $_POST["GroupId"];
           $g =  $objGroups->GetItem($group);
           //if($group>0)
           //{
               foreach($_POST["itemlist"] as $user_id)
               {
                   $u = $objUsers->GetItemByField("ResourceId",$user_id);
                   $g->DeleteUser($u->Get("PortalUserId"));
               }
           //}
       break;    
       case "m_user_removegroup":
            if($ro_perm) break;
            $objSession->SetVariable("HasChanges", 1);
            $user = $_POST["UserId"];
            //if($user>0)
            //{  
              foreach($_POST["itemlist"] as $groupid)
              {
                 $g = $objGroups->GetItem($groupid);
                 $g->DeleteUser($user);
              }
            //}
       break;
       case "m_sendmail":
           if($ro_perm) break;
 	      $idlist = explode(",",$_POST["idlist"]);
 	      $html = (int)$_POST["html_enable"];
 	      $body = inp_escape($_POST["email_body"],$html);
 	      $subject = inp_escape($_POST["email_body"],$html);
 	      $Email = new clsEmailMessage();
 	      $Email->Set("Subject",$subject);
 	      $Email->Set("Template",$body);
 	      if($html)
 	      $Email->Set("MessageType","HTML");
 	      if(count($idlist)>0)
 	      {
 	      	switch($_POST["IdType"])
 	      	{
 	      		case "group":
 	      		foreach($idlist as $id)
 	      		$Email->SendToGroup($id);
 	      		break;
 	      		case "user":
 	      		foreach($idlist as $id)
 	      		$Email->SendToUser($id);
 	      		break;
 	      	}/*switch*/
 	      }
      	break;
      	
      case "m_item_recount":
       	if($ro_perm) break;
      	RunDown($m_var_list["cat"],"UpdateCacheCounts");
      	break;
      	
      case "m_cat_delete":         
         if($ro_perm) break; 
      	if($objSession->HasCatPermission("CATEGORY.DELETE",$objCatList->CurrentCategoryID()))
          {         
            if(isset($_POST["catlist"]))
            {
              if(is_array($_POST["catlist"]))
                foreach($_POST["catlist"]  as $catid)
                {
                   $objCatList->Delete_Category($catid);
 
                }
            }
          }
      break;
      case "m_cat_cut":
      	if($ro_perm) break;    
      	if(isset($_POST["catlist"]))
         { 
         	if($objSession->HasCatPermission("CATEGORY.DELETE",$catid))
         	{
         		$objCatList->CopyToClipboard("CUT","CategoryId",$_POST["catlist"]);
         	}
         	else
         	$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
         }
      	break;
      	
      case "m_cat_copy":
      	if($ro_perm) break;    
      	if(isset($_POST["catlist"]))
         {
 			$objCatList->CopyToClipboard("COPY","CategoryId",$_POST["catlist"]);
         }
      break;
 
      case "m_paste":
 	    if($ro_perm) break; 
      	if($objCatList->ItemsOnClipboard()>0)
      	{
      		/* category's paste function populates a sparse array where array[old_id]=new_id */
      		$PastedCatIds = array();
      		$objCatList->PasteFromClipboard($objCatList->CurrentCategoryID(),"Name");
      	}
      	else
      	{
      		$clip = $objSession->GetVariable("ClipBoard");
      		if(strlen($clip))
      		{
      			$ClipBoard = ParseClipboard($clip);
      			$Action= strtolower($ClipBoard["table"])."_paste";
      		}
      	}
        	break;
        	
      case "m_cat_move_up":
         if($ro_perm) break; 
      	if (isset($_POST["catlist"]))
          {         
              foreach($_POST["catlist"] as $catid)
              {
                  $cat =& $objCatList->GetCategory($catid);
                  $cat->MoveUp();
              }
          }
      	break;
      	
      case "m_cat_move_down":
         if($ro_perm) break; 
      	if (isset($_POST["catlist"]))
          {
              $catlist=array_reverse($_POST["catlist"]);
              foreach($catlist as $catid)
              {
                  $cat =& $objCatList->GetCategory($catid);
                  $cat->MoveDown();
              }
          }
      break;
      case "m_cat_approve":
      	if($ro_perm) break;
      	if (isset($_POST["catlist"]))
      	{
      		foreach($_POST["catlist"] as $catid)
      		{
      			$cat =& $objCatList->GetCategory($catid);
      			$cat->Approve();
      		}
      	}
      break;
      case "m_cat_decline":
 	     if($ro_perm) break;
 	     if (isset($_POST["catlist"]))
 	     {
 	     	foreach($_POST["catlist"] as $catid)
 	     	{
 	     		$cat =& $objCatList->GetCategory($catid);
 	     		//$cat->Deny();
 	     		RunDown($catid,"Deny");
 	     	}
 	     }
      break;     
 
      case "m_rel_delete":
          $adodbConnection= &GetADODBConnection();
          $table = $objSession->GetEditTable("Relationship");
          if(isset($_POST["itemlist"]))
          {
            if(is_array($_POST["itemlist"]))
            {
              foreach($_POST["itemlist"] as $id)
              {
                $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$id;
                $adodbConnection->Execute($sql);
                if($objSession->HasSystemPermission("DEBUG.LIST"))
                    echo $sql."<br>\n";
              }
            }
            else
            {
               $sql = "DELETE FROM ".$table." WHERE RelationshipId=".$_POST["itemlist"];
               $adodbConnection->Execute($sql);
               if($objSession->HasSystemPermission("DEBUG.LIST"))
                   echo $sql."<br>\n";
            }
          }
          break;
      case "m_add_relation":
          $RelList = new clsRelationshipList();
          $RelList->SourceTable = $objSession->GetEditTable("Relationship");
 
          //$r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
            //               0,(int)$_POST["Enabled"],$_POST["RelType"], $Rel);
          $ado = &GetADODBConnection();
          $NewId = intval($ado->GetOne('SELECT MIN(RelationshipId) as MinValue FROM '.$RelList->SourceTable));
          if($NewId > 0) $NewId = 0;
          $NewId--;
          
          $r = $RelList->Add($_POST["SourceId"],$_POST["SourceType"],$_POST["TargetId"],$_POST["TargetType"],
                           0,(int)$_POST["Enabled"],$_POST["RelType"], $NewId);         
          
          $sql = "UPDATE ".$RelList->SourceTable." SET RelationshipId=".$NewId." WHERE RelationshipId=".$r->Get("RelationshipId");         
          if($objSession->HasSystemPermission("DEBUG.LIST"))
              echo $sql."<br>\n";
          $ado->Execute($sql);
        
      break;
      case "m_edit_relation":
        if($_POST["CatEditStatus"]==0)
        {
          $RelList = new clsRelationshipList();
          $RelList->SourceTable = $objSession->GetEditTable("Relationship");
 
          $r = $RelList->GetItem($_POST["RelationshipId"]);
          if(is_object($r))
          {
            $r->Set("Enabled",(int)$_POST["Enabled"]);
            $r->Set("Type",(int)$_POST["RelType"]);
            $r->Set("Priority",(int)$_POST["priority"]);
            $r->Update();
          }
        }
      break;
      case "m_rel_move_up":
          $objRelList = new clsRelationshipList();
          $objRelList->SourceTable = $objSession->GetEditTable("Relationship");
          if (isset($_POST["itemlist"]))
          {         
              foreach($_POST["itemlist"] as $id)
              {
                  $r = $objRelList->GetItem($id);
                  $r->MoveUp($_POST["SourceId"]);
              }
          }
      break;
      case "m_rel_move_down":
          $objRelList = new clsRelationshipList();
          $objRelList->SourceTable = $objSession->GetEditTable("Relationship");
          if (isset($_POST["itemlist"]))
          {
              $itemlist=array_reverse($_POST["itemlist"]);
              foreach($itemlist as $id)
              {
                  $r = $objRelList->GetItem($id);
                  $r->MoveDown($_POST["SourceId"]);
              }
          }
      break;
 
 
      case "m_add_category":
          if(ValidDate($_POST["cat_date"],GetDateFormat()))
          {         
            $CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat());
          }
          else
            $CreatedOn = time();
          $html = (int)$_POST["html_enable"];
 
          $cat_pick = $_POST["cat_pick"];
          $Status = (int)$_POST["status"];
          $Hot=(int)$_POST["itemhot"];
          $Pop = (int)$_POST["itempop"];      
          $New = (int)$_POST["itemnew"];
 
          $objEditItems = new clsCatList();
          $objEditItems->SourceTable = $objSession->GetEditTable("Category");
          $cat = $objEditItems->Add($_POST["ParentId"], $_POST["cat_name"], inp_escape($_POST["cat_desc"],$html), $CreatedOn, 
                             $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], 
                             $_POST["meta_keywords"],$_POST["meta_desc"]);
             $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
             $objCustomEdit->LoadResource($cat->Get("ResourceId"));
             $CustomFields = new clsCustomFieldList(1);
             $DataChanged = FALSE;
             foreach($_POST as $key=>$value)
             {
             	if(substr($key,0,1)=="_")
             	{
             		$field = substr($key,1);
             		$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
             		
             		if(is_object($cvalue))
             		{
             			$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
             			$DataChanged = TRUE;
             		}
             	}
             }          	
             if($DataChanged)
             	$objCustomEdit->SaveData();                            
                          
      break;              
 
      case "m_edit_category":                 
          $CreatedOn = DateTimestamp($_POST["cat_date"],GetDateFormat());
          $cat_pick = GetVar('cat_pick', true);
          $Status = (int)$_POST["status"];
          $Hot = false; //(int)$_POST["itemhot"];
          $Pop = false; //(int)$_POST["itempop"];      
          $New = (int)$_POST["itemnew"];
 
          $html = (int)$_POST["html_enable"];
          $objEditItems = new clsCatList();
          $objEditItems->SourceTable = $objSession->GetEditTable("Category");
          
          // check if name of cat isn't changed: begin
          if( GetVar('CategoryId') > 0 )
          {
 	         $original_cats = new clsCatList();
 	         $original_cat = $original_cats->GetItemByField('CategoryId', GetVar('CategoryId'));
 	         if( $original_cat->Get('Name') != stripslashes($_POST['cat_name'] )) 
 	         	$objSession->SetVariable('PermCache_UpdateRequired', 1);
 	         unset($original_cat, $original_cats);
          }
          else
          {
          	$objSession->SetVariable('PermCache_UpdateRequired', 1);
          }
          // check if name of cat isn't changed: end
          
          $cat = $objEditItems->Edit_Category($_POST["CategoryId"],inp_escape($_POST["cat_name"],$html), inp_escape($_POST["cat_desc"],$html), $CreatedOn, $cat_pick, $Status, $Hot, $New, $Pop, $_POST["Priority"], $_POST["meta_keywords"], $_POST["meta_desc"]);         
                                       
          $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
          $objCustomEdit->LoadResource($cat->Get("ResourceId"));
          $CustomFields = new clsCustomFieldList(1);
          $DataChanged = FALSE;
          foreach($_POST as $key=>$value)
          {
 	       	if(substr($key,0,1)=="_")
             	{
             		$field = substr($key,1);
             		$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
             		
             		if(is_object($cvalue))
             		{
             			$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$cat->Get("ResourceId"),$value);
             			$DataChanged = TRUE;
             		}
             	}
          }          	
          if($DataChanged)
          	$objCustomEdit->SaveData();  
          	                                      
      break;
      case "m_edit_custom_data":
 	     	$id = $_POST["ItemId"];                   
 
             $objCustomEdit = new clsCustomDataList($objSession->GetEditTable("CustomMetaData"));
             $objCustomEdit->LoadResource($id);
             $CustomFields = new clsCustomFieldList($_POST['CustomType']);
             $DataChanged = FALSE;
             foreach($_POST as $key=>$value)
             {
             	if(substr($key,0,1)=="_")
             	{
             		$field = substr($key,1);
             		$cvalue = $CustomFields->GetItemByField("FieldName",$field,FALSE);
             		
             		if(is_object($cvalue))
             		{
             			$objCustomEdit->SetFieldValue($cvalue->Get("CustomFieldId"),$id,$value);
             			$DataChanged = TRUE;
             		}
             	}
             }          	
             if($DataChanged)
             	$objCustomEdit->SaveData();                            
 /*		
      	$id = $_POST["ItemId"];                   
         $objEditData = new clsCustomDataList(); //$objSession->GetEditTable("CustomMetaData"));		
         $objEditData->SetTable('edit');
         $ado = &GetADODBConnection();
 
         if($id && is_array($_POST["CustomData"]))
         {
             foreach($_POST["CustomData"] as $FieldId => $Value)
             {                                
                 $sql = "SELECT count(*) as reccount FROM ".$objEditData->SourceTable." WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
                 $rs = $ado->Execute($sql);            
                 $intable = $rs->fields["reccount"];
                 if(!$intable)
                 {                
                     $sql = "INSERT INTO ".$objEditData->SourceTable." (ResourceId,CustomFieldId,Value) VALUES ('".$id."','$FieldId','$Value')";
                     $ado->Execute($sql);
                     //echo $sql."<br>\n";
                 }
                 else
                 {
                   $sql = "UPDATE ".$objEditData->SourceTable." SET Value='".$Value."' WHERE CustomFieldId=$FieldId AND ResourceId=".$_POST["ItemId"];
                   $ado->Execute($sql);
                   //echo $sql."<br>\n";
                 }
             }            
         }
         $objEditData->SetTable('live');
 */
      break;
      case "m_customfield_edit":
        	if($ro_perm) break;
         $DataType = $_POST["DataType"];
         $FieldId = $_POST["CustomFieldId"];
         $FieldName = $_POST["fieldname"];
         //$FieldLabel = $_POST["fieldlabel"];
         if(strlen($FieldName))
         {        
         	$objCustomFields = new clsCustomFieldList($DataType);
         	$objCustomFields->EditField($FieldId,$DataType,$FieldName,"",(int)$_POST["generaltab"],
           							    $_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
           							    $_POST["valuelist"]);
         }
         unset($objCustomFields);
      break;
      case "m_customfield_add":
         if($ro_perm) break;
         $DataType = $_POST["DataType"];        
         $FieldName = $_POST["fieldname"];
         //$FieldLabel = $_POST["fieldlabel"];
         if(strlen($FieldName))
         {
           $objCustomFields = new clsCustomFieldList($DataType);
           $objCustomFields->AddField($DataType,$FieldName,"",(int)$_POST["generaltab"],
           							 $_POST["heading"],$_POST["fieldprompt"],$_POST["input_type"],
           							 $_POST["valuelist"]);
           unset($objCustomFields);
         }
      break;
      case "m_customfield_delete":
      	if($ro_perm) break;
         $DataType = $_POST["DataType"];        
         $objCustomFields = new clsCustomFieldList($DataType);
 
         foreach($_POST["itemlist"] as $f)
         {
             $objCustomFields->DeleteField($f);
         	//$c = $objCustomFields->GetItem($f);
             //$c->Delete();
         }
         unset($objCustomFields);
      break;
      case "m_SearchConfig_Edit":
      	if($ro_perm) break;
         $SimpleValues = $_POST["simple"];
         $AdvValues = $_POST["advanced"];
         $module = $_POST["module"];
         $priority = $_POST["pri"];
         //phpinfo(INFO_VARIABLES);
         $objSearchConfig = new clsSearchConfigList($module);
         foreach($objSearchConfig->Items as $i)
         {
           $id = $i->Get("SearchConfigId");
           $objSearchConfig->EditFieldSettings($id,(int)$SimpleValues[$id],(int)$AdvValues[$id],$priority[$id]);       
         }
         $objSearchConfig->Clear();
         /* save relevence settings */
         $vals = $_POST["req_increase"];
         foreach($vals as $var=>$value)
         {
             $cfg = "SearchRel_Increase_".$var;
             $objConfig->Set($cfg,$value);
         }
         $vals = $_POST["rel_keyword"];
         foreach($vals as $var=>$value)
         {
             $cfg = "SearchRel_Keyword_".$var;
             $objConfig->Set($cfg,$value);
         }
         $vals = $_POST["rel_pop"];
         foreach($vals as $var=>$value)
         {
             $cfg = "SearchRel_Pop_".$var;
             $objConfig->Set($cfg,$value);
         }
         $vals = $_POST["rel_rating"];
         foreach($vals as $var=>$value)
         {
             $cfg = "SearchRel_Rating_".$var;
             $objConfig->Set($cfg,$value);
         }
         
         $vals = $_POST["multiple"];
 
         if (count($vals) > 0) {
 	        foreach($vals as $var=>$value)
 	        {
 	            $cfg = "Search_ShowMultiple_".$var;
 	            $objConfig->Set($cfg,$value);
 	        }
 		}
 		else {
 			$cfg = "Search_ShowMultiple_".$_POST['cfg_var'];
 			$objConfig->Set($cfg, 0);
 		}
 		
 		if (isset($_POST['minkeyword'])) {
 			$objConfig->Set("Search_MinKeyword_Length", $_POST['minkeyword']);
 		}
         
         $objConfig->Save();
      break;
      case "m_keyword_reset":
          if($ro_perm) break;
          $objSearchList = new clsSearchLogList();
          foreach($_POST["itemlist"] as $k)
          {
              $c = $objSearchList->GetItem($k);
              $c->Delete();
          }
      break;
      case "m_review_add":     
        $post_info = GetSubmitVariable($_POST, 'EditStatus');
        if($post_info['variable'] > -1)
        {
          $objReviews = new clsItemReviewList();
          $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
          $Pending = (int)$_POST["review_pending"];
          $Enabled = (int)$_POST["review_enabled"];
          $Status = (int)$_POST["status"];
          $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat()); 
          $CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
          $html = (int)$_POST["html_enable"];         
          $ReviewText = inp_escape($_POST["review_body"],1);
          
          $CreatedById = 0;
          if(strlen($_POST["createdby"])>0)
          {
          	if(strtolower($_POST["createdby"])=="root")
          	{
          	  $CreatedById = -1;
          	}
          	else 
          	{
            	  $u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
            	  if(is_object($u))
            	  {
            	    $CreatedById = $u->Get("PortalUserId");
            	    if($CreatedById<1)
            	    {
            	  	  $CreatedById = $objSession->Get("PortalUserId");
            	    }
            	  }
            	  else
            	    $CreatedById = $objSession->Get("PortalUserId");
          	}
          }
          else
            $CreatedById = $objSession->Get("PortalUserId");
          
          $r = $objReviews->AddReview($CreatedOn,$ReviewText,$Status, $IPAddress, 
                                      (int)$_POST["review_priority"], $_POST["ItemId"],$_POST["ItemType"],
                                      $CreatedById,$html, $post_info['Module']);                                    
          $ado = &GetADODBConnection();
          $rs = $ado->Execute("SELECT MIN(ReviewId) as MinValue FROM ".$objReviews->SourceTable);
          $NewId = $rs->fields["MinValue"]-1;
          $sql = "UPDATE ".$objReviews->SourceTable." SET ReviewId=".$NewId." WHERE ReviewId=".$r->Get("ReviewId");
          if($objSession->HasSystemPermission("DEBUG.LIST"))
              echo $sql."<br>\n";
          $ado->Execute($sql);
        }
      break;
      case "m_review_edit":     
        $post_info = GetSubmitVariable($_POST, 'EditStatus');
        if($post_info['variable'] > -1)
        {
          $objReviews = new clsItemReviewList();
          $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
          $Status = (int)$_POST["status"];
          $CreatedOn = DateTimestamp($_POST["review_date"],GetDateFormat()); 
          $CreatedOn += SecondsSinceMidnight($_POST["review_time"]);
          $html = (int)$_POST["html_enable"];
          $ReviewText = inp_escape($_POST["review_body"],1);
          $ReviewId = $_POST["ReviewId"];         
          $CreatedById = 0;
          if(strlen($_POST["createdby"])>0)
          {
          	if(strtolower($_POST["createdby"])=="root")
          	{
          	  $CreatedById = -1;
          	}
          	else 
          	{
            	  $u = $objUsers->GetItemByField("Login",$_POST["createdby"]);
            	  if(is_object($u))
            	  {
            	    $CreatedById = $u->Get("PortalUserId");
            	    if($CreatedById<1)
            	    {
            	  	  $CreatedById = $objSession->Get("PortalUserId");
            	    }
            	  }
            	  else
            	    $CreatedById = $objSession->Get("PortalUserId");
          	}
          }         
          $r = $objReviews->EditReview($ReviewId,$CreatedOn,$ReviewText,$Status, $IPAddress, 
                                       (int)$_POST["review_priority"],$_POST["ItemId"],$_POST["ItemType"],
                                       $CreatedById,$html, $post_info['Module']);  
        }
      break;
      case "m_review_delete":
          $objReviews = new clsItemReviewList();
          $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
          foreach($_POST["itemlist"] as $id)
          {
              $objReviews->DeleteReview($id);
          }         
      break;
      case "m_review_approve":
          if (isset($_POST["itemlist"]))
          {   
              $objReviews = new clsItemReviewList();
              $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
              foreach($_POST["itemlist"] as $id)
              {
                  $i = $objReviews->GetItem($id);
                  $i->Set("Status",1);
                  $i->Update();
              }
          }
      break;
      case "m_review_deny":
          if (isset($_POST["itemlist"]))
          {   
              $objReviews = new clsItemReviewList();
              $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
              foreach($_POST["itemlist"] as $id)
              {
                  $i = $objReviews->GetItem($id);
                  $i->Set("Status",0);
                  $i->Update();
              }
          }
      break;     
      case "m_review_move_up":
          if (isset($_POST["itemlist"]))
          {   
              $objReviews = new clsItemReviewList();
              $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
              foreach($_POST["itemlist"] as $id)
              {
                  $i = $objReviews->GetItem($id);
                  $i->MoveUp();
              }
          }
      break;
      case "m_review_move_down":
          if (isset($_POST["itemlist"]))
          {
              $objReviews = new clsItemReviewList();
              $objReviews->SourceTable = $objSession->GetEditTable("ItemReview");
              $itemlist=array_reverse($_POST["itemlist"]);
              foreach($itemlist as $id)
              {
                  $i = $objReviews->GetItem($id);
                  $i->MoveDown();
              }
          }
      break;
      case "m_theme_add":
          $ado = &GetADODBConnection();
          $rs = $ado->Execute("SELECT COUNT(*) as c FROM ".GetTablePrefix().'Theme WHERE Name="'.$_POST["name"].'"');
          if(!$rs->fields["c"])
          {
 	         $objEditItems = new clsThemeList();
 	         $objEditItems->SourceTable = $objSession->GetEditTable("Theme");
 	         $Primary = (int)$_POST["primary"];
 	         if(!(int)$_POST["enabled"])
 	           $Primary = 0;
 	         $t = $objEditItems->AddTheme($_POST["name"],$_POST["description"],(int)$_POST["enabled"],$Primary,
 	                                      (int)$_POST["CacheTimeout"]);
 	         $t->Files->ThemeId=$t->Get("ThemeId");
 	
 	         $rs = $ado->Execute("SELECT MIN(ThemeId) as MinValue FROM ".$objEditItems->SourceTable);
 	         $NewId = $rs->fields["MinValue"]-1;
 	         $sql = "UPDATE ".$objEditItems->SourceTable." SET ThemeId=".$NewId." WHERE ThemeId=".$t->Get("ThemeId");
 	         if($objSession->HasSystemPermission("DEBUG.LIST"))
 	             echo $sql."<br>\n";
 	         $ado->Execute($sql);
         }
      break;
      case "m_theme_edit":        
          $objEditItems = new clsThemeList();
          $objEditItems->SourceTable = $objSession->GetEditTable("Theme");
          $Primary = (int)$_POST["primary"];
          if(!(int)$_POST["enabled"])
            $Primary = 0;         
            
          $objEditItems->EditTheme($_POST["ThemeId"],$_POST["name"],$_POST["description"],
                                   (int)$_POST["enabled"],$Primary,(int)$_POST["CacheTimeout"]);
 //         if ($Primary==1) 
 //         {
 //             $objEditItems->SetPrimaryTheme($_POST["ThemeId"]);
 //         }
          
      break;
      case "m_theme_delete":
      	if($ro_perm) break;    
      	if (isset($_POST["itemlist"]))
          {   
              $Themes = new clsThemeList();
              foreach($_POST["itemlist"] as $id)
              {
                  $Themes->DeleteTheme($id);
              }
          }
      break;
      case "m_theme_primary":
      	if($ro_perm) break;
      	if( count($_POST['itemlist']) )
      	{
      		$ThemeId = array_shift( $_POST['itemlist'] );
      		$t = new clsThemeList();
      		$t->SetPrimaryTheme($ThemeId);
      	}
      	break;
      
      case "m_template_edit":
        	if($ro_perm) break;
        	$objSession->SetVariable("HasChanges", 1);
        	$ThemeId = $_POST["ThemeId"];
        	$FileId = $_POST["FileId"];
        	$f = new clsThemeFile($FileId);
        
        	$f->Set("Description", $_POST["Description"] );
        	$f->Update();
        	$c = stripslashes($_POST["contents"]);
        	$f->SaveFileContents($c);
        	break;    
      case "m_template_add":
       	if($ro_perm) break;
       	$objSession->SetVariable("HasChanges", 1);
       	$ThemeId = $_POST["ThemeId"];
       	if( !is_object($f) ) $f = new clsThemeFile();
        	
        	$FilePath = $_POST['name'];
       
        	if(!$FilePath)
        	{
        		$f->SetError('Template Name is required',3);
        		break;
        	}
        	else
        	{
        		if( substr($FilePath,1) != '/' ) $FilePath = '/'.$FilePath;
        		if( substr($FilePath,-3) != '.tpl' ) $FilePath .= '.tpl';
        		$FileName = basename($FilePath);
        		$FilePath = dirname($FilePath);
  			
  			// test if such file not already created
        		
        		$f->LoadFromDataBase( Array($FilePath,$FileName), Array('FilePath','FileName') );      	
        		if( !$f->Get('FileId') )
        		{
        			$f->Set( 	Array('FilePath','FileName','ThemeId', 'Description'),
        						Array($FilePath, $FileName,$_POST['ThemeId'], $_POST["Description"])
        					);
        			
        			if( $f->IsWriteablePath(true) )
        			{	
        				$f->Create();
        				$c = stripslashes($_POST["contents"]);
        				$f->SaveFileContents($c, true);
        			}
        		}
        		else
        			$f->SetError('Template with this name already exists',4);
 		}
      	break;
      case "m_template_delete":
      	if($ro_perm) break;
      	$objSession->SetVariable("HasChanges", 1);
 		$dummy = new clsThemeFile();
 		foreach($_POST["itemlist"] as $FileId)
         {            
 			$dummy->LoadFromDatabase($FileId);
 			$dummy->Delete();
 		}		
      	break;
      	
      case "m_lang_add":        
          $objEditItems = new clsLanguageList();
          $objEditItems->SourceTable = $objSession->GetEditTable("Language");
          $l = $objEditItems->AddLanguage($_POST["packname"],$_POST["localname"],
                                          (int)$_POST["enabled"],(int)$_POST["primary"],
                                          $_POST["icon"],$_POST["date_format"],$_POST["time_format"],
                                          $_POST["decimal"],$_POST["thousand"],$_POST['charset']);
 
          $ado = &GetADODBConnection();
          $rs = $ado->Execute("SELECT MIN(LanguageId) as MinValue FROM ".$objEditItems->SourceTable);
          $NewId = $rs->fields["MinValue"]-1;
          $sql = "UPDATE ".$objEditItems->SourceTable." SET LanguageId=".$NewId." WHERE LanguageId=".$l->Get("LanguageId");
          if($objSession->HasSystemPermission("DEBUG.LIST"))
              echo $sql."<br>\n";
          $ado->Execute($sql);         
          if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
          {         	
             // Phrase import
 /*
          	$sql = "SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"];
             if($objSession->HasSystemPermission("DEBUG.LIST"))
                 echo $sql."<br>\n";
 
             $rs = $ado->Execute($sql);            
             $plist = new clsPhraseList();
             $plist->SourceTable = $objSession->GetEditTable("Phrase");
             $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
             $as = $ado->Execute($sql);
             if($as && !$as->EOF)
             {
             	$MinId = (int)$as->fields["MinId"];
             }
             else
               $MinId = 0;
             $MinId--;
             while($rs && !$rs->EOF)
             {
                 $data = $rs->fields;
                 $plist->AddPhrase($data["Phrase"],$NewId,$data["Translation"],$data["PhraseType"]);
                 $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
                 $ado->Execute($sql);
                 $MinId--;
                 $rs->MoveNext();
             }
 */            
 			$sql='INSERT INTO '.$objSession->GetEditTable('Phrase').' SELECT Phrase, Translation, PhraseType, 0-PhraseId, '.$NewId.' FROM '.GetTablePrefix().'Phrase WHERE LanguageId='.$_POST['srcpack'];
             $ado->Execute($sql);
             // Events import
             $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
             if($objSession->HasSystemPermission("DEBUG.LIST"))
                 echo $sql."<br>\n";
 
             $rs = $ado->Execute($sql); 
             
             $eList = new clsEmailMessageList();
             //$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
             
        		if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
        			$eList->CreateEmptyEditTable("EmailMessageId", true);
        			$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
        		}
        		else {
        			$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
        		}
             
             $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
             $as = $ado->Execute($sql);
             
             if($as && !$as->EOF)
             {
             	$MinId = (int)$as->fields["MinId"];
             }
             else {
               $MinId = 0;
             }
             
             $MinId--;
 
             while($rs && !$rs->EOF)
             {
                 $data = $rs->fields;
                 $eList->AddEmailEvent($data["Template"], $data["MessageType"], $NewId, $data["EventId"]);
                 
                 $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
                 $ado->Execute($sql);
                 
                 $MinId--;
                 
                 $rs->MoveNext();
             }            
          }
      break;
      case "m_lang_export":
      	if($ro_perm) break;
      	include_once($pathtoroot."kernel/include/xml.php");
      	$Ids = $_POST["LangList"]; // language ids list to export phrases from
 
      	$phrase_types = GetVar('langtypes');
      	$phrase_types = ($phrase_types !== false) ? implode(',',$phrase_types) : null;
 
      	$filename=$_POST["filename"];
      	if(strlen($filename)>0)
      	{
      		$ExportFilename = $pathtoroot.$admin."/export/".$filename;
      		$ExportResult = $objLanguages->ExportPhrases($ExportFilename,$Ids, $phrase_types);
      	}
      	break;
      	
      case "m_lang_edit":
          $objEditItems = new clsLanguageList();
          $objEditItems->SourceTable = $objSession->GetEditTable("Language");
          $objEditItems->EditLanguage($_POST["LanguageId"],$_POST["packname"],
                                      $_POST["localname"],(int)$_POST["enabled"],
                                      (int)$_POST["primary"], $_POST["icon"],$_POST["date_format"],
                                      $_POST["time_format"], $_POST["decimal"],$_POST["thousand"],
                                      $_POST['charset']);
                                      
          if($_POST["importlabels"]==1 && $_POST["srcpack"]>0)
          {
             $ado = &GetADODBConnection();
             $rs = $ado->Execute("SELECT * FROM ".GetTablePrefix()."Phrase WHERE LanguageId=".$_POST["srcpack"]);
             $plist = new clsPhraseList();
             $plist->SourceTable = $objSession->GetEditTable("Phrase");
             $sql = "SELECT MIN(PhraseId) as MinId FROM ".$plist->SourceTable;
             $as = $ado->Execute($sql);
             if($as && !$as->EOF)
             {
             	$MinId = (int)$as->fields["MinId"];
             }
             else
               $MinId = 0;
             $MinId--;  
             while($rs && !$rs->EOF)
             {
                 $data = $rs->fields;
                 $plist->AddPhrase($data["Phrase"],$_POST["LanguageId"],$data["Translation"],$data["PhraseType"]);
                 $sql = "UPDATE ".$plist->SourceTable." SET PhraseId=$MinId WHERE PhraseId=0 LIMIT 1";
                 $ado->Execute($sql);
                 $MinId--;
                 $rs->MoveNext();
             }
             unset($plist);
             
             // Events import
             $sql = "SELECT * FROM ".GetTablePrefix()."EmailMessage WHERE LanguageId=".$_POST["srcpack"];
             if($objSession->HasSystemPermission("DEBUG.LIST"))
                 echo $sql."<br>\n";
 
             $rs = $ado->Execute($sql); 
             
             $eList = new clsEmailMessageList();
             //$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
             $l = new clsEmailMessage();
        		if (!$l->TableExists($objSession->GetEditTable("EmailMessage"))) {
        			$eList->CreateEmptyEditTable("EmailMessageId", true);
        			$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
        		}
        		else {
        			$eList->SourceTable = $objSession->GetEditTable("EmailMessage");
        		}
             
             $sql = "SELECT MIN(EmailMessageId) as MinId FROM ".$eList->SourceTable;
             $as = $ado->Execute($sql);
             
             if($as && !$as->EOF)
             {
             	$MinId = (int)$as->fields["MinId"];
             }
             else {
               $MinId = 0;
             }
             
             $MinId--;
             
             while($rs && !$rs->EOF)
             {
                 $data = $rs->fields;
                 $eList->AddEmailEvent($data["Template"], $data["MessageType"], $_POST["LanguageId"], $data["EventId"]);
                 
                 $sql = "UPDATE ".$eList->SourceTable." SET EmailMessageId=$MinId WHERE EmailMessageId=0 LIMIT 1";
                 $ado->Execute($sql);
                 
                 $MinId--;
                 
                 $rs->MoveNext();
             }
             unset($eList);
          }
 
      break;
      case "m_lang_delete":
 	     if($ro_perm) break;
 	     if (isset($_POST["itemlist"]))
 	     {
 	     	$Phrases = new clsPhraseList();
 	     	$Messages = new clsEmailMessageList();
 	     	foreach($_POST["itemlist"] as $id)
 	     	{
 	     		$objLanguages->DeleteLanguage($id);
 	     		$Phrases->DeleteLanguage($id);
 	     		$Messages->DeleteLanguage($id);
 	     	}
 	     	unset($Phrases);
 	     	unset($Messages);
 	     }
 	     break;
 	     
      case "m_lang_select":
         if($ro_perm) break; 
      	$LangId = (int)$_POST["langselect"];         
      	if($LangId)
      	{
      		if($objSession->Get("PortalUserId")>0)
      		{
      			//echo "$LangId";
      			$objSession->SetPersistantVariable("Language",$LangId);
      		}
      		$objSession->Set("Language",$LangId);
      		$objSession->Update();
      		$m_var_list_update["lang"] = $LangId;
      		$m_var_list["lang"] = $LangId;
      	}
      	break;     
      	
      case "m_phrase_edit": 
      	 $objSession->SetVariable("HasChanges", 1);    
          $objPhraseList = new clsPhraseList();
          if((int)$_POST["direct"] != 1)                 	
          	$objPhraseList->SourceTable = $objSession->GetEditTable("Phrase");
          $Phrases = $_POST["name"];
          foreach($Phrases as $PhraseId =>$name)
          {
            if($PhraseId>0)
            {         
            		$objPhraseList->EditPhrase($PhraseId,$_POST["name"][$PhraseId],$_POST["LanguageId"],$_POST["translation"][$PhraseId],$_POST["phrasetype"][$PhraseId]);
            }
          }
          
          if(strlen($_POST["name"][0]) && strlen($_POST["translation"][0]) && $_POST['Action1'] == "new")
          {
            		$r = $objPhraseList->AddPhrase($_POST["name"][0],$_POST["LanguageId"],$_POST["translation"][0],$_POST["phrasetype"][0]);           
            		if ($r != "Error") {
 	           		$ado = &GetADODBConnection();
 	           		$rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objPhraseList->SourceTable);
 	           		$NewId = $rs->fields["MinValue"]-1;
 	           		$sql = "UPDATE ".$objPhraseList->SourceTable." SET PhraseId=".$NewId." WHERE PhraseId=$PhraseId";
 	           		if($objSession->HasSystemPermission("DEBUG.LIST"))
 	               		echo $sql."<br>\n";
 	           		$ado->Execute($sql);    
            		}
            		else {
            			$add_error = "Language tag with the same name already exists!";
            		}
          }
          else if ($_POST['Action1'] == "new") {
          	$add_error = "Fields name and translation are required!";
          }
          unset($objPhraseList);
      break;
      case "m_config_missing_phrase":
         if($ro_perm) break;
         $LangId = $_POST["LangId"];
         $ThemeId = $_POST["ThemeId"];
         if(is_array($_POST["Phrase"]))
         {
             $objPhraseList = new clsPhraseList();
             $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
 
             foreach($_POST["Phrase"] as $p => $value)
             {
                 if(strlen($value))
                 {           
                   $obj = $objPhraseList->GetItemByField("Phrase",$p,TRUE);
                   if(is_object($obj))
                   {                  
                       if($obj->Get("Phrase")==$p)
                       {
                           $obj->Set("Translation",$value);
                           $obj->Update();
                       }
                       else
                           $objPhraseList->AddPhrase($p,$LangId,$value,1);
                   }
                   else
                     $objPhraseList->AddPhrase($p,$LangId,$value,1);
                 }
             }
         }
      break;
      case "m_phrase_delete":
      	$objSession->SetVariable("HasChanges", 1);
      	if (isset($_POST["itemlist"]))
         {   
            foreach($_POST["itemlist"] as $id)
            {
            	 $sql = "UPDATE ".$objSession->GetEditTable("Phrase")." SET LanguageId = 0 WHERE PhraseId = ".$id;
            	 $ado = &GetADODBConnection();
            	 $ado->Execute($sql);
            }
         }
         unset($objPhraseList);
      break;
      case "m_emailevent_disable":
         if($ro_perm) break;
         $objEvents = new clsEventList();
         if (isset($_POST["itemlist"]))
          {   
             foreach($_POST["itemlist"] as $id)
             {
               $m =& $objEvents->GetItem($id);
               $m->Set("Enabled",0);
               $m->Update();
             }
          }
          unset($objEvents);
      break;
      case "m_emailevent_enable":
          if($ro_perm) break;
          $objEvents = new clsEventList();
          if (isset($_POST["itemlist"]))
          {   
             foreach($_POST["itemlist"] as $id)
             {
               $m =& $objEvents->GetItem($id);
               $m->Set("Enabled",1);
               $m->Update();
             }
          }
          unset($objEvents);
      break;
      case "m_emailevent_frontonly":
         if($ro_perm) break;
         $objEvents = new clsEventList();
         if (isset($_POST["itemlist"]))
          {   
             foreach($_POST["itemlist"] as $id)
             {
               $m =& $objEvents->GetItem($id);
               $m->Set("Enabled",2);
               $m->Update();
             }
          }
          unset($objEvents);
      break;     
      case "m_dlid":
          echo $Action.":".$DownloadId;
          die();
      break;
      case "m_emailevent_user":
          if($ro_perm) break;
          $objEvents = new clsEventList();
          //phpinfo(INFO_VARIABLES);
          //$objEvents->SourceTable = $objSession->GetEditTable("Events");
          $ids = $_POST["EventId"];
 		 $ids = str_replace("[","",$ids);
 		 $ids = str_replace("]","",$ids);
 		 $ids = str_replace("\"","",$ids);
 		 $ids = str_replace("\\","",$ids);
 		 
          
          $idlist = explode(",",$ids);
          foreach($idlist as $EventId)
          {
          	$id = (int)stripslashes($EventId);
              $e =& $objEvents->GetItem((int)$EventId);
              $e->Set("FromUserId", $_POST["FromUserId"]);
              $e->Update();
          }
          $objEvents->Clear();
          unset($objEvents);
      break;
      case "m_emailevent_edit":         
          $Template = $_POST["headers"];
          if(strlen($Template))
          {
          	$Template .= "\n";
          }
 		 $Template = str_replace("\n\n","",$Template);                     
          $Template .= "Subject: "._unhtmlentities($_POST['subject'])."\n\n";
          $Template .= $_POST["messageBody"];
          $objMessages = new clsEmailMessageList();
          $objMessages->SourceTable = $objSession->GetEditTable("EmailMessage");
          $m =& $objMessages->GetItem($_POST["MessageId"]);
          if(is_object($m))
          {
              if($_POST["sendhtml"]==1)
              {             
                $m->Set("MessageType","html");
              }
              else
                $m->Set("MessageType","text");
 
              $m->Set("Template",$Template);
              $m->Update();
          }
      break;
      case "m_config_edit":
      	 //phpinfo(INFO_VARIABLES);
          if($ro_perm) break;
          $objAdmin = new clsConfigAdmin();
          $objAdmin->module = $_POST["module"];
          $objAdmin->section = $_POST["section"];
          if($objAdmin->section=="in-portal:configure_users")
          {
          	if(strlen($_POST["RootPass"]) && strlen($_POST["RootPassVerify"]))
          	{
          	  if($_POST["RootPass"]==$_POST["RootPassVerify"])
          	  {
          	  	$_POST["RootPass"] = md5($_POST["RootPass"]);
          	  }	
          	}
          	else
          	{
          	  $_POST["RootPass"] = $objConfig->Get("RootPass");
          	  $_POST["RootPassVerify"] = $objConfig->Get("RootPassVerify");         	  
          	}
          }
          $objAdmin->LoadItems(FALSE);
          $objAdmin->SaveItems($_POST);
      break;
 
      case "m_mod_enable":
         if($ro_perm) break;
          if (isset($_POST["itemlist"]))
          {   
              foreach($_POST["itemlist"] as $id)
              {
                  $m =& $objModules->GetItemByField("Name",$id);
                  if(is_object($m))
                  {
                    $m->Set("Loaded",1);
                    $m->Update();                 
                  }                
              }
              $_GET["Refresh"] = 1;
          }
      break;
      case "m_mod_disable":
      	if($ro_perm) break;
          if (isset($_POST["itemlist"]))
          {   
              foreach($_POST["itemlist"] as $id)
              {
              	if($id != "In-Portal")
              	{
                    $m =& $objModules->GetItemByField("Name",$id);
                    if(is_object($m))
                    {
                      $m->Set("Loaded",0);
                      $m->Update();                 
                    }
              	}
              }
              $_GET["Refresh"] = 1;
          }
      break;
 
      case "m_img_add":
        $objImageList = new clsImageList();
 	   $objImageList->SourceTable = $objSession->GetEditTable("Images");
        $LocalImage=0;
        $LocalThumb=0;
        $DestDir = "kernel/images/";
        
        $UserThumbSource = (int)$_POST["imgLocalThumb"];
 	   $LocalThumb = $UserThumbSource;
        
 	   $thumb_url = !$LocalThumb? $_POST["imgThumbUrl"] : "";
               
        if($_POST["imgSameImages"])
        {
            	$LocalImage = $LocalThumb;
            	$full_url = $thumb_url;
        }
        else
        {
        		$LocalImage = (int)$_POST["imgLocalFull"];
          	$file = $_FILES["imgFullFile"];
          	$full_url = $LocalImage? "" : $_POST["imgFullUrl"];
        }
 
        if((!strlen($thumb_url) && !$LocalThumb) || (!strlen($full_url) && !$LocalImage))
        {
          break;
        }
        
        $ado = &GetADODBConnection();
        $NewId = $ado->GetOne('SELECT MIN(ImageId) as MinValue FROM '.$objImageList->SourceTable);
        if($NewId > 0) $NewId = 0;
        $NewId--;
        $img = $objImageList->Add($_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImage, $LocalThumb, $full_url, $thumb_url, (int)$_POST["imgEnabled"], 0, (int)$_POST["imgDefault"], 0,(int)$_POST["imgSameImages"], $NewId);
        $img->Set("ImageId", $NewId);
        
 //       $img->debuglevel=1;
        
        /*
        $sql = "UPDATE ".$objImageList->SourceTable." SET ImageId=".$NewId." WHERE ImageId=0";
        $ado->Execute($sql);
        
 //       $img->Update();
        */
 //       echo "SL: $sql $NewId<BR>";
        
 //       $img->debuglevel=1;
         
 	   $img->Pending=TRUE;	                                 
        if($LocalImage)
        {
            $file = $_FILES["imgFullFile"];
            if(is_array($file))
            {
              if($file["size"]>0)
              {
                $img->Set("LocalPath",$img->StoreUploadedImage($file,1, $DestDir,0));
                $uploaded=1;
              }
            }
        }
        
        if($LocalThumb)
        {
            $thumb = $_FILES["imgThumbFile"];
            if(is_array($thumb))
            {
              if($thumb["size"]>0)
              {
                $img->Set("ThumbPath",$img->StoreUploadedImage($thumb,1, $DestDir,1));
                $uploaded=1;
              }
            }
        }  
        if($uploaded==1)
           $img->Update();
        
      break;
      
      case "m_img_edit":
      
        	$objImageList = new clsImageList();
        	$objImageList->SourceTable = $objSession->GetEditTable("Images");
        
 //       $img->debuglevel=1;
        
        	$img = $objImageList->GetItem($_POST["ImageId"]);
 
 	    ## Get original values
        	$LocalImage = $img->Get("LocalImage");
        	$LocalThumb = $img->Get("LocalThumb");
        	$SameImages = $img->Get("SameImages");
        	$ThumbPath = $img->Get("ThumbPath");
        
        	## New values
        	$LocalThumbN = (int)$_POST["imgLocalThumb"];
        	$LocalImageN = (int)$_POST["imgLocalFull"];
        	
  		$FULLFile = $_FILES["imgFullFile"];
         $THFile = $_FILES["imgThumbFile"]; 
         
         $DestDir = "kernel/images/";
         $img->Pending = FALSE;
         
         $SameImagesN = 0;
         $uploaded = 0;
 
        	## Images were the same, but not any more
        	if ($SameImages && !$_POST["imgSameImages"])
        	{	
        		## TH was a local file
         	if ($LocalThumb)
         	{
         		## TH image
         		{	
         			## Try to Delete OLD FULL
 				   	$img->DeleteLocalImage(FALSE, TRUE);
 				   	
 				   	## FULL image select, but field EMPTY - make a copy of old TH as FULL 
         			if ($LocalImageN && !(int)$FULLFile["size"])
         			{   
 //        				echo $pathToPending = $img->GetImageDir();
         				if (!eregi("pending/$", $pathToPending))
 	        				$pathToPending.= "pending/"; 
         					
         				$LocalThumb_File = $img->GetFileName(1);
         				
 //        				echo "<b>CAN'T FIND FILE:</b> ".$pathToPending.$LocalThumb_File."<BR>";
         				
         				if (file_exists($pathToPending.$LocalThumb_File))
 						{							
 				   			$LocalThumb_FileN = eregi_replace("^th_", "", $LocalThumb_File);		   			
 							$LocalThumb_FullFileN = $pathToPending.$LocalThumb_FileN;						
 							@unlink($LocalThumb_FullFileN);
 							@copy($pathToPending.$LocalThumb_File, $LocalThumb_FullFileN);
 					
 			   				$uploaded = 1;
 			   				$copied = 1;
 //			   				echo "COPING: ".$DestDir."pending/".$LocalThumb_FileN." <BR>";
 						}
 						else
 						{
 //							echo "CAN'T FIND FILE: ".$pathToPending.$LocalThumb_File."<BR>";
         				}					
         			}
         			## Upload new FULL image
         			elseif ($LocalImageN && (int)$FULLFile['size'])
         			{
         				$FULL_FileToUpload = $FULLFile;
         				$FULL_URL = "";         
         				
 //        				echo "	Upload new FULL image";				
         			}
         			## Full is URL
         			elseif (!$LocalImageN)
         			{
         				$img->DeleteLocalImage(FALSE, TRUE);
         				$FULL_URL = $_POST['imgFullUrl'];  
         				$FULL_FileToUpload = "";      			
         			}
         			else
         			{
 //        				echo "	## Unknow condition";
         			}
         				
         			## Take care of Thumbnail here
         			if ($LocalThumbN)
         			{     			        			
         				## Delete old if NEW TH image selected
         				if ((int)$THFile['size'])
         				{
         					$img->DeleteLocalImage(TRUE, FALSE);
         					$TH_FileToUpload = $THFile;
         				}
         				else
         					$TH_FileToUpload = "";        			
         			}
         			else
         			{
         				$img->DeleteLocalImage(TRUE, FALSE);
         				$TH_FileToUpload = "";
         				$TH_URL = $_POST['imgThumbUrl'];     
         			}
         		}
         	}
         	## TH was URL
         	else
         	{
         		## Take care of FULL image here
         		if ($LocalImageN && (int)$FULLFile["size"])
         		{
         			$FULL_FileToUpload = $FULLFile; 
         			$FULL_URL = "";        				
         		}
         		## Full is URL (or image size 0)
         		else
         		{
         			$FULL_FileToUpload = "";
         			$FULL_URL = $_POST['imgFullUrl'];        	      		
         		}
         		
         		## Take care of Thumbnail here
         		if ($LocalThumbN)    
         		{ 			        			
         			$TH_FileToUpload = (int)$THFile['size']? $THFile : "";        			
         			$TH_URL = "";
         		}
         		else
         		{
         			$TH_FileToUpload = "";
         			$TH_URL = $_POST['imgThumbUrl'];     
         		}     		
         	}
        	}
       	## Images were the same, and still the same
        	elseif ($SameImages && $_POST['imgSameImages'])
        	{       		
        		## Take care of Thumbnail & FULL here
         	if ($LocalThumbN)
         	{	        			        		
         		if ((int)$THFile['size'])
         		{
         			$img->DeleteLocalImage(TRUE, FALSE);
         			$TH_FileToUpload = $THFile;
         		}
         		else 
         			$TH_FileToUpload = "";
         			
         		$FULL_URL = $TH_URL = "";      			
         	}
         	else
         	{
         		$TH_FileToUpload = $FULL_FileToUpload = "";
         		$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];            		 
         	}
         	
         	## Delete old FULL image    		
        		$img->DeleteLocalImage(FALSE,TRUE);
         	
         	$SameImagesN = 1;        	
        	}
        	## Images were NOT the same, and selected as the same now
        	elseif (!$SameImages && $_POST["imgSameImages"])
        	{
        		## Take care of Thumbnail & FULL here
         	if ($LocalThumbN)
         	{	        			
         		if ((int)$THFile['size'])
         		{
         			$img->DeleteLocalImage(TRUE, FALSE);
         			$TH_FileToUpload = $THFile;
         		}
         		else 
         			$TH_FileToUpload = "";
         		
         		
         		$FULL_URL = $TH_URL = "";        			
         	}
         	else
         	{   
         		$img->DeleteLocalImage(TRUE, FALSE);
         		$TH_FileToUpload = $FULL_FileToUpload = "";
         		$FULL_URL = $TH_URL = $_POST['imgThumbUrl'];         		           		 
         	}
         	
         	## Clean up FULL image
         	$img->DeleteLocalImage(FALSE, TRUE);	
         	
         	$SameImagesN = 1;
        	}
        	## Images were NOT the same, and selected as NOT the same
        	elseif (!$SameImages && !$_POST["imgSameImages"])
        	{
        		## Take care of Thumbnail
         	if ($LocalThumbN)
         	{	        			
         		if ((int)$THFile['size'])
         		{
         			$img->DeleteLocalImage(TRUE, FALSE);
         			$TH_FileToUpload = $THFile;        			
         		}
         		else 
         			$TH_FileToUpload = "";       		
         		
         		$TH_URL = "";
         	}
         	else
         	{
         		$img->DeleteLocalImage(TRUE, FALSE);
         		$TH_FileToUpload = "";
         		$TH_URL = $_POST['imgThumbUrl'];            		 
         	}
         	
         	## Take care of FULL here
         	if ($LocalImageN)
         	{
         		if ((int)$FULLFile['size'])
         		{
         			$img->DeleteLocalImage(FALSE, TRUE);
         			$FULL_FileToUpload = $FULLFile;
         		}
         		else
         			$FULL_FileToUpload = "";       	        	
         		
         		$FULL_URL = "";
         	}
         	else
         	{        		
         		$img->DeleteLocalImage(FALSE, TRUE);        		
         		$FULL_FileToUpload = "";
         		$FULL_URL = $_POST['imgFullUrl'];
         	}        	
        	}
        	## Unknow condition	
        	else
        	{
        		;
        	}
      
 		$img = $objImageList->Edit($_POST["ImageId"],$_POST["imgName"], $_POST["imgAlt"], $_POST["ResourceId"], $LocalImageN, $LocalThumbN, $FULL_URL, $TH_URL, (int)$_POST["imgEnabled"], (int)$_POST["imgPriority"], (int)$_POST["imgDefault"], 0, $SameImagesN);
 		
 //		echo "<B>DATA:</B> <BR> LocalImageN: $LocalImageN, LocalThumbN: $LocalThumbN, FULL_URL: $FULL_URL, TH_URL: $TH_URL, SameImagesN: $SameImagesN <BR>";
        
 	   
 	   	$img->Pending = TRUE;
 	   	
 		if (!empty($FULL_FileToUpload))
 		{
 			$img->Set("LocalPath",$img->StoreUploadedImage($FULL_FileToUpload, 1, $DestDir, 0));
 			$uploaded = 1;
 		}
 		/*
 		elseif (!$LocalImageN)
 		{
 			$img->Set("LocalPath", "");
 			$uploaded = 1;
 		}
 		*/
 		
 		if (!empty($TH_FileToUpload))
 		{
 			$img->Set("ThumbPath", $img->StoreUploadedImage($TH_FileToUpload, 1, $DestDir, 1));
 			$uploaded = 1;
 		}
 		
 		if ($copied)
 		{
 			$img->Set("LocalPath", $DestDir."pending/".$LocalThumb_FileN);	
 			$uploaded = 1;
 		}
 		      
        if($uploaded==1)
           $img->Update();   
               
      break;
      case "m_img_move_up":
          if (isset($_POST["itemlist"]))
          {
              $objImageList = new clsImageList();
              $objImageList->SourceTable = $objSession->GetEditTable("Images");
              foreach($_POST["itemlist"] as $id)
              {
                  $img = $objImageList->GetItem($id);
                  $img->MoveUp();
              }
          }
      break;
      case "m_img_move_down":
          if (isset($_POST["itemlist"]))
          {
              $objImageList = new clsImageList();
              $objImageList->SourceTable = $objSession->GetEditTable("Images");
              $itemlist=array_reverse($_POST["itemlist"]);
              foreach($itemlist as $id)
              {
                  $img = $objImageList->GetItem($id);
                  $img->MoveDown();
              }
          }
      break;
 
      case "m_img_delete":
        if(isset($_POST["itemlist"]))
        {       
          $objImageList = new clsImageList();
          $objImageList->SourceTable = $objSession->GetEditTable("Images");
          foreach($_POST["itemlist"] as $id)
          {
              $img = $objImageList->GetItem($id);             
              $img->Set("ResourceId", 0);
              $img->Update();
              //$img->Delete();
          }
        }
      break;
      case "m_restore_delete":
      	if($ro_perm) break;
      	$bdate = $_POST["backupdate"];
      	if($bdate>0)
      	{
      		$BackupFile = $objConfig->Get("Backup_Path")."/dump".$bdate.".txt";
      		if(file_exists($BackupFile))
      		unlink($BackupFile);
      	}
      	break;
      	
      case "m_taglib":
      	include($pathtoroot."kernel/include/tag-class.php");
      	ParseTagLibrary();
     	break;
     	
     case "m_sql_query":
 		if($ro_perm) break;
     	$SqlQuery = $_POST["sql"];
 		$ado = &GetADODBConnection();
 		if(strlen($sql))
 		{
 		  $SqlResult = $ado->Execute(stripslashes($SqlQuery));
   	  	  $SqlError = $ado->ErrorMsg();
 		  $SqlErrorNum = $ado->ErrorNo();
 		}
     break;
     case "m_purge_email_log":
 	 	 if($ro_perm) break;
 	 	 $ado = &GetADODBConnection();       	
 
 		$sql = "DELETE FROM ".GetTablePrefix()."EmailLog";
 		$ado->Execute($sql);
     break;    
     case "m_session_delete":
 	 	 if($ro_perm) break;
 	 	 $ado = &GetADODBConnection();       	
          if (count($_POST['itemlist']) > 0) {
 	 	 	foreach($_POST["itemlist"] as $id)
          	{
       			$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE SessionKey='$id'";
       			$ado->Execute($sql);
          	}
          }
          else {
       		$sql = "DELETE FROM ".GetTablePrefix()."UserSession WHERE Status='0'";
       		$ado->Execute($sql);         	
          }
     break;
     case "m_add_rule":
     	$objEditItems = new clsBanRuleList();
     	$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
     	//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
     	$objEditItems->AddRule($_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
     				   $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
     				   (int)$_POST["rule_status"], $_POST['rule_error']);
     break;
     case "m_edit_rule":    	
     	$objEditItems = new clsBanRuleList();
     	$objEditItems->SourceTable = $objSession->GetEditTable("BanRules");
     	//$ItemType,$RuleType,$ItemField,$ItemVerb,$ItemValue,$Priority,$Status;
     	$objEditItems->EditRule($_POST["rule_id"],$_POST["rule_itemtype"],$_POST["rule_type"],$_POST["rule_field"],
     				   $_POST["rule_verb"],$_POST["rule_value"],(int)$_POST["rule_priority"],
     				   (int)$_POST["rule_status"], $_POST['rule_error']);
     break;    
     case "m_rule_move_up":
        if($ro_perm) break;
        if(isset($_POST["itemlist"]))
        {                
          foreach($_POST["itemlist"] as $id)
          {
              $i = $objBanList->GetItem($id);
              $i->Increment("Priority");
          }
        }	      
     break;
     case "m_rule_move_down":
        if($ro_perm) break;
        if(isset($_POST["itemlist"]))
        {                
          foreach($_POST["itemlist"] as $id)
          {
              $i = $objBanList->GetItem($id);
              $i->Decrement("Priority");
          }
        }	      
     break;
     
 	case "m_rule_delete":
        if($ro_perm) break;
        if(isset($_POST["itemlist"]))
        {                
          foreach($_POST["itemlist"] as $id)
          {
              $i = $objBanList->GetItem($id);
              $i->Delete();
          }
        }		
     break;    
     case "m_ban_user":
       if($ro_perm) break;
       if($_POST["UserEditStatus"]==1)
       {
         $UserId = $_POST["user_id"];
         $u = $objUsers->GetItem($UserId);
         if(is_object($u))
         {
         	if((int)$_POST["ban_login"])
         	{
         		if(strlen($_POST["user_login"]))
         			$objBanList->AddRule(6,0,"Login",3,$_POST["user_login"],0,1);
         	}
         	if((int)$_POST["ban_email"])
         	{
         		if(strlen($_POST["user_email"]))
         			$objBanList->AddRule(6,0,"Email",3,$_POST["user_email"],0,1);
         	}
         	if((int)$_POST["ban_ip"])
         	{
         		if(strlen($_POST["user_ip"]))
         			$objBanList->AddRule(6,0,"ip",3,$_POST["user_ip"],0,1);
         	}       
         	$u->Deny(); 	
         }
       }
     	break;  
     	
     }
 
 /* image upload management */
 if( isset($_POST['img']) && $_POST['img'] == 1 )
 {
     foreach($_FILES as $img => $FILE)
     {
         $name = $_POST["img_Name_$img"];
         $alt = $_POST["img_Alt_$img"];
         $url = $_POST["img_Url_$img"];
         $res_id = $_POST["img_Res_$img"];
         $relvalue = $_POST["img_Rel_$img"];
         $thumb = (int)$_POST["img_Thumb_$img"];
         $dest = AddSlash($_POST["img_DestDir_$img"]);
         if($_POST["img_Del_$img"]=="Delete")
         {
             $img = $objImageList->GetImageByResource($res_id,$relvalue);
             $img->Delete();
             unset($img);
             $objImageList->Clear();
         }
         else
         {
           if($FILE["size"]>0)
           {
             /* an image was uploaded */
             $objImageList->HandleImageUpload($FILE,$res_id,$relvalue,$dest, $name,$alt,$thumb);
           }
           else
           {    /* remote images handled here */
             if(strlen($url)>0)
             {                   
               if($relvalue>0)
               {                                            
                $img = $objImageList->GetImageByResource($res_id,$relvalue);
                $img->Set("Name",$name);
                $img->Set("AltName", $alt);
                $img->Set("IsThumbnail",$thumb);
                $img->Set("Url",$url);
                $img->Update();
               }
               else
               {
                $relvalue = $objImageList->GetNextRelateValue($res_id);
                $objImageList->NewRemoteImage($url,$res_id,$relvalue, $name, $alt, $thumb);
               }
             }
           }
         }
     }
 }
 
 // ALL Saving Stuff From Temp Tables Heppens Here
 
 //echo "==== BEGIN ==== <br>";
 $has_perm = $objSession->HasSystemPermission("SYSTEM_ACCESS.READONLY");
 //echo "PortalUserID: [".$objSession->Get("PortalUserId")."]<br>";
 //print_pre($objSession);
 //echo "PermSet: [".$has_perm."]<br>";
 
 if( !$has_perm )
 {
 
 	/* category Edit */
 	if( GetVar('CatEditStatus') == 1 )
 	{ 
 	    $adodbConnection = &GetADODBConnection();
 	//    $sql = "SELECT * FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=0";    
 	    $sql = "SELECT ParentId FROM ".$objSession->GetEditTable("Category")." WHERE CategoryId=-1";
 	    
 	    $rs = $adodbConnection->Execute($sql);
 	    while ($rs && !$rs->EOF) 
 	    {
 	        if($rs->fields["ParentId"] > 0) RunUp($rs->fields["ParentId"],"Increment_Count");
 	        $rs->MoveNext();
 	    }
 	  
 	    $objCatList->CopyFromEditTable("CategoryId");
 	    $objCustomDataList->CopyFromEditTable("CustomDataId");
 	    $objCatList->Clear();
 
 	    if($_REQUEST['CategoryId'] > 0) // not root category is updated
 	    {
 	    	$objImages = new clsImageList();
 	    	$objImages->CopyFromEditTable("ImageId");
 		}
 	}
 	
 	if( GetVar('CatEditStatus') == 2 )
 	{ 
 	    $objCatList->PurgeEditTable("CategoryId");
 	    $objCustomDataList->PurgeEditTable("CustomDataId");
 	  	if($_REQUEST['CategoryId'] > 0) // not root category is updated
 	    {
 	    	$objImages = new clsImageList();
 	    	//$objImages->CopyFromEditTable("ImageId");
 	    	$objImages->PurgeEditTable("ImageId");
 	    }
 	    $objCatList->Clear();
 	}
 	
 	/* User Edit */
 	if( GetVar('UserEditStatus') == 1 )
 	{
 		$objUserGroupsList = new clsUserGroupList();
 	    $objUserGroupsList->CopyFromEditTable("PortalUserId");		
 	    $objUsers->CopyFromEditTable("PortalUserId");
 	    $objCustomDataList->CopyFromEditTable("CustomDataId");
 	    $objGroups->Clear();
 	    $objImages = new clsImageList();
 	    $objImages->CopyFromEditTable("ImageId");    
 	}
 	if( GetVar('UserEditStatus') == 2 )
 	{
 		$objUserGroupsList = new clsUserGroupList();
 	    $objGroups->PurgeEditTable("PortalUserId");
 	    $objUserGroupsList->PurgeEditTable("PortalUserId");
 	    $objCustomDataList->PurgeEditTable("CustomDataId");
 	    $objGroups->Clear();
 	}
 	
 	/* Group Edit */
 	if( GetVar('GroupEditStatus') == 1 )
 	{
 		$objUserGroupsList = new clsUserGroupList();
 	    $objUserGroupsList->CopyFromEditTable("GroupId");		
 	    $objGroups->CopyFromEditTable("GroupId");
 	    $objCustomDataList->CopyFromEditTable("CustomDataId");
 	    $objGroups->Clear();
 	}
 	if( GetVar('GroupEditStatus') == 2 )
 	{
 		$objUserGroupsList = new clsUserGroupList();
 	    $objGroups->PurgeEditTable("GroupId");
 	    $objCustomDataList->PurgeEditTable("CustomDataId");
 	    $objUserGroupsList->PurgeEditTable("PortalUserId");
 	    $objGroups->Clear();
 	}
 	
 	/* Theme Edit */
 	if( GetVar('ThemeEditStatus') == 1 )
 	{    
 	    $objThemes->CopyFromEditTable();
 	    $objThemes->Clear();
 	}
 	
 	if( GetVar('ThemeEditStatus') == 2 )
 	{
 	    $objThemes->PurgeEditTable();
 	    $objThemes->Clear();
 	}
 	
 	/* Language Edit */
 	if( GetVar('LangEditStatus') == 1 )
 	{
 	    $objLanguages->CopyFromEditTable();
 	    $objLanguages->Clear();
 	    $objLanguages->PurgeEditTable();
 	
 	    $Phrases = new clsPhraseList();
 	    $Phrases->CopyFromEditTable();
 	    $Phrases->Clear();
 	    $Phrases->PurgeEditTable();
 	    
 	    $Messages = new clsEmailMessageList();
 	    $Messages->CopyFromEditTable();
 	    $Messages->Clear();	    
 	}          
 	if( GetVar('LangEditStatus') == 2 )
 	{
 	    $objLanguages->PurgeEditTable();
 	    $objLanguages->Clear();
 	    $Phrases = new clsPhraseList();
 	    $Phrases->PurgeEditTable();    
 	    $Messages = new clsEmailMessageList();
 	    $Messages->PurgeEditTable();
 	}
 	
 	if( GetVar('MissingLangEditStatus') == 1 )
 	{
 	   $objPhraseList = new clsPhraseList();
 	   $objPhraseList->SourceTable = $objSession->GetSessionKey()."_".$ThemeId."_labels";
 	   
 	   $objEditList = new clsPhraseList();
 	   $objEditList->SourceTable = $objSession->GetEditTable("Phrase");
 	
 	   $ado = &GetADODBConnection();
 	   $rs = $ado->Execute("SELECT MIN(PhraseId) as MinValue FROM ".$objEditList->SourceTable);
 	   $NewId = $rs->fields["MinValue"]-1;
 	   
 	   $objPhraseList->Query_Item("SELECT * FROM ".$objPhraseList->SourceTable);
 	   foreach($objPhraseList->Items as $p)
 	   {
 	       if(strlen($p->Get("Translation"))>0)
 	       {       
 	         $p->tablename = $objEditList->SourceTable;
 	         $p->Dirty();
 	         $p->UnsetIDField();
 	         $p->Set("PhraseId",$NewId);
 	         $NewId--;
 	         $p->Create();
 	       }
 	   }
 	   $ado->Execute("DROP TABLE IF EXISTS ".$objPhraseList->SourceTable);
 	}
 	
 	if( GetVar('MissingLangEditStatus') == 2 )
 	{
 	  $table = $objSession->GetSessionKey()."_".$ThemeId."_labels";
 	  $ado = &GetADODBConnection();
 	  $ado->Execute("DROP TABLE IF EXISTS ".$table);
 	}
 	
 	/* Ban Rule Edit */
 	if( GetVar('RuleEditStatus') == 1 )
 	{    
 	    $objBanList->CopyFromEditTable("RuleId");
 	    $objBanList->Clear();
 	}
 	if( GetVar('RuleEditStatus') == 2 )
 	{
 	    $objBanList->PurgeEditTable("RuleId");
 	    $objBanList->Clear();
 	}
 }
 elseif( defined('DEBUG_ACTIONS') )
 {
 	if( isset($_REQUEST['Action']) && $_REQUEST['Action'] )
 		echo "<b>USER HAS RO-ACCESS</b> on action [<b>".$_REQUEST['Action']."</b>]<br>";
 }
 
 //echo "==== END ==== <br>";
 
 ?>
\ No newline at end of file

Property changes on: trunk/kernel/action.php
___________________________________________________________________
Modified: cvs2svn:cvs-rev
## -1 +1 ##
-1.65
\ No newline at end of property
+1.66
\ No newline at end of property