/** * Конструктор. */ public function __construct() { if ($this->Started == false) { if (isset($_GET['PHPSESSID'])) { // Установка ИД сессии session_id($_GET['PHPSESSID']); } elseif (isset($_POST['PHPSESSID'])) { session_id($_POST['PHPSESSID']); } elseif (isset($_COOKIE['PHPSESSID'])) { session_id($_COOKIE['PHPSESSID']); } session_set_cookie_params(0, GetSiteDir(true)); if (!session_start()) { echo $this->errors[] = '<b>Внимание!</b>: User->User(): Ошибка при запуске сессии.<br />'; } else { $this->Started = true; } } if (!isset($_SESSION['u_ip']) || $_SESSION['u_ip'] != getip()) { // сессия привязывается к ip адресу $_SESSION = array(); } $this->session = $_SESSION; $this->Auth = $this->Get('u_auth'); // Пишем свой http_referer. Брать реферер из $_SERVER['HTTP_REFERER']. if (!IsAjax()) { // Не Ajax запрос if ($this->isDef('REFERER')) { $_SERVER['HTTP_REFERER'] = $this->Get('REFERER'); // Пишем свой HTTP_REFERER // Модуль History if ($this->isDef('HISTORY')) { $history = $this->Get('HISTORY'); $history[] = $_SERVER['HTTP_REFERER']; if (count($history) > 10) { // Максимальное число шагов которое сохраняется в сессии array_shift($history); } $this->Def('HISTORY', $history); } else { $this->Def('HISTORY', array($_SERVER['HTTP_REFERER'])); } } else { if (isset($_SERVER['HTTP_REFERER']) && trim($_SERVER['HTTP_REFERER']) != '') { $this->Def('FIRST_REFERER', SafeEnv(trim($_SERVER['HTTP_REFERER']), 255, str)); } } $this->Def('REFERER', GetSiteHost() . $_SERVER['REQUEST_URI']); } }
function DetectAttacks($a_fields) { $s_info = $s_attack = ""; $b_attacked = false; $s_user_info = ""; if (Settings::get('ATTACK_DETECTION_MIME')) { if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_DUPS')) { if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && Settings::get('ATTACK_DETECTION_SPECIALS')) { if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && (Settings::get('ATTACK_DETECTION_MANY_URLS') || Settings::get('ATTACK_DETECTION_MANY_URL_FIELDS'))) { if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (Settings::get('ATTACK_DETECTION_JUNK')) { if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !Settings::isEmpty('ATTACK_DETECTION_REVERSE_CAPTCHA')) { if (DetectRevCaptchaAttack(Settings::get('ATTACK_DETECTION_REVERSE_CAPTCHA'), $a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if ($b_attacked) { if (function_exists('FMHookAttacked')) { FMHookAttacked(''); } /* in the future, pass the type of attack */ if (Settings::get('ALERT_ON_ATTACK_DETECTION')) { SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false); } if (!IsAjax() && Settings::get('ATTACK_DETECTION_URL') !== "") { Redirect(Settings::get('ATTACK_DETECTION_URL'), GetMessage(MSG_FORM_ERROR)); } else { global $SERVER; CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR)); } exit; } }
function AdminConfigGroupDelete() { $back_url = ''; if (!AdminConfigPlugins()) { $back_url = ADMIN_FILE . '?exe=config_admin&a=view_groups&delok'; } else { $back_url = ADMIN_FILE . '?exe=config_admin&a=view_groups_plugins&plugins=1&delok'; } if (!isset($_GET['id'])) { GO($back_url); } else { $id = SafeEnv($_GET['id'], 11, int); } if (isset($_GET['ok']) && $_GET['ok'] == '1' || IsAjax()) { System::database()->Select(AdminConfigGroupTable(), "`id`='{$id}'"); $conf = System::database()->FetchRow(); System::database()->Delete(AdminConfigGroupTable(), "`id`='{$id}'"); System::database()->Delete(AdminConfigConfigTable(), "`group_id`='{$id}'"); Audit('Управление настройками: Удаление группы настроек "' . $conf['hname'] . '(' . $conf['name'] . ')" в "' . AdminConfigGroupTable() . '"'); GO($back_url); } else { $r = System::database()->Select(AdminConfigGroupTable(), "`id`='{$id}'"); AddCenterBox('Удаление группы навтроек'); System::admin()->HighlightConfirm('Это может повлиять на работу системы. Нажмите отмена, если не уверены. Удалить группу настроек "' . SafeDB($r[0]['hname'], 255, str) . '"?', ADMIN_FILE . '?exe=config_admin&a=delete&id=' . $id . '&ok=1' . (AdminConfigPlugins() ? '&plugins=1' : '')); } }
function AdminNewsDelete() { global $news_access_editnews; if (!$news_access_editnews) { System::admin()->AccessDenied(); } if (!isset($_REQUEST['id'])) { exit('ERROR'); } if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') { $id = SafeEnv($_REQUEST['id'], 11, int); System::database()->Select('news', "`id`='{$id}'"); $news = System::database()->FetchRow(); System::database()->Delete('news', "`id`='{$id}'"); System::database()->Delete('news_comments', "`object_id`='{$id}'"); if ($news['enabled']) { CalcNewsCounter(SafeDB($news['topic_id'], 11, int), false); } AdminNewsClearBlockCache(); Audit('Удаление новости "' . $news['title'] . '"'); if (isset($_GET['back'])) { GoRefererUrl($_GET['back']); } GO(ADMIN_FILE . '?exe=news'); } else { System::admin()->AddCenterBox('Удаление новости'); System::database()->Select('news', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'"); $news = System::database()->FetchRow(); $id = SafeDB($_REQUEST['id'], 11, int); $back = SafeDB($_REQUEST['back'], 255, str); System::admin()->HighlightConfirmNoAjax('Удалить новость "' . SafeDB($news['title'], 255, str) . '"?', ADMIN_FILE . '?exe=news&a=delete&id=' . $id . '&back=' . $back . '&ok=1'); } }
function AdminArticlesDelete() { global $editarticles; if (!$editarticles) { System::admin()->AccessDenied(); } if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') { $id = SafeEnv($_GET['id'], 11, int); $r = System::database()->Select('articles', "`id`='" . $id . "'"); AdminArticlesGetTree()->CalcFileCounter($r[0]['cat_id'], false); System::database()->Delete('articles', "`id`='{$id}'"); System::database()->Delete('articles_comments', "`object_id`='{$id}'"); Audit('Статьи: Удаление статьи "' . $r['title'] . '"'); GoRefererUrl($_REQUEST['back']); } else { System::admin()->AddCenterBox('Удаление статьи'); System::database()->Select('articles', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'"); $article = System::database()->FetchRow(); $id = SafeDB($_REQUEST['id'], 11, int); $back = SafeDB($_REQUEST['back'], 255, str); System::admin()->HighlightConfirmNoAjax('Удалить статью "' . SafeDB($article['title'], 255, str) . '"?', ADMIN_FILE . '?exe=articles&a=delete&id=' . $id . '&ok=1&back=' . $back); } }
function AdminUserDelUser() { if (isset($_GET['ok']) && $_GET['ok'] == '1') { $userid = SafeEnv($_GET['id'], 11, int); System::database()->Select('users', "`id`='{$userid}'"); $guser = System::database()->FetchRow(); if (isset($_POST['del_comments']) && $_POST['del_comments'] == '1') { DeleteAllUserComments($userid); } else { UpdateUserComments($userid, '0', SafeEnv($guser['name'], 50, str), SafeEnv($guser['email'], 50, str), SafeEnv($guser['hideemail'], 1, bool), SafeEnv($guser['url'], 250, str)); } System::database()->Delete('users', "`id`='{$userid}'"); Audit('Пользователи: Удаление пользователя "' . $guser['name'] . '"'); // Очищаем кэш пользователей System::cache()->Delete(system_cache, 'users'); if (IsAjax()) { exit("OK"); } GO(ADMIN_FILE . '?exe=user'); } else { $userid = SafeEnv($_GET['id'], 11, int); $r = System::database()->Select('users', "`id`='" . $userid . "'"); $userid = SafeDB($_GET['id'], 11, int); System::admin()->AddJS(' AjaxDeleteUser = function(){ Admin.ShowSplashScreen("Удаление пользователя"); var del = $("#del_comments:checked").val(); if(del == null){ del = "0"; } $.ajax({ type: "POST", url: "' . ADMIN_FILE . '?exe=user&a=deluser&id=' . $userid . '&ok=1", data: {del_comments: del}, success: function(data){ Admin.LoadPage("' . ADMIN_FILE . '?exe=user", undefined, "Обновление страницы"); Admin.HideSplashScreen(); } }); }; '); AddCenterBox('Удаление пользователя'); $Text = 'Вы действительно хотите удалить пользователя "' . $r[0]['name'] . '"?'; $Text .= '<br /><br />' . System::admin()->Check('del_comments', '1', false, 'id="del_comments"') . '<label for="del_comments" style="cursor: pointer;">Удалить все комментарии этого пользователя</label><br /><br />' . System::admin()->SpeedButton('Отмена', 'javascript:history.go(-1)', 'images/admin/delete.png', false, true) . ' ' . System::admin()->SpeedConfirmJs('Да', 'AjaxDeleteUser();', 'images/admin/accept.png', '', true); System::admin()->Highlight($Text); } }
function AdminMailChangeTopicStatus() { System::database()->Select('mail_topics', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); $r = System::database()->FetchRow(); if ($r['status'] == 1) { $status = '0'; } else { $status = '1'; } System::database()->Update('mail_topics', "status='{$status}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); Audit('Рассылки: Закрытие рассылки "' . $r['title'] . '"'); System::cache()->Delete('block', 'mail'); if (IsAjax()) { exit("OK"); } GO(ADMIN_FILE . '?exe=mail'); }
function AdminFeedBackChangeStatus() { System::database()->Select('feedback', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); if (System::database()->NumRows() > 0) { $r = System::database()->FetchRow(); if ($r['active'] == 1) { $en = '0'; } else { $en = '1'; } System::database()->Update('feedback', "active='{$en}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); Audit('Обратная связь: Изменение статуса департамента "' . $r['name'] . '"'); } if (IsAjax()) { exit("OK"); } else { GO(ADMIN_FILE . '?exe=feedback'); } }
// Проверка логина и пароля $admin_name = $_POST['admin_name']; $admin_password = $_POST['admin_password']; $admin_template = $_POST['admin_template']; $a = System::user()->Login($admin_name, $admin_password, false, true); if ($a === true && System::user()->SecondLoginAdmin) { System::user()->Data('admin_template', $admin_template); Audit('Вход в админ-панель'); } else { System::user()->UnsetCookie(System::user()->AdminCookieName); System::admin()->Login('Неверный логин или пароль.'); // exit } } else { // Форма авторизации if (IsAjax()) { exit(JsonEncode(array('auth' => GetPageUri(true)))); } System::admin()->Login(); // exit } } System::admin()->InitPage(); define('INDEX_PHP', false); // Получаем имя модуля $ModuleName = ''; if (!isset($_GET['exe'])) { $ModuleName = 'adminpanel'; } else { $ModuleName = $_GET['exe']; if ($ModuleName == 'exit') {
function AdminForumChangeStatus() { $id = SafeEnv($_GET['id'], 11, int); System::database()->Select('forums', "`id`='{$id}'"); $r = System::database()->FetchRow(); if ($r['status'] == 1) { $en = '0'; } else { $en = '1'; } System::database()->Update('forums', "status='{$en}'", "`id`='{$id}'"); Audit('Форум: Изменение статуса форума "' . $r['title'] . '"'); ForumCacheClear(); if (IsAjax()) { exit("OK"); } GO(ADMIN_FILE . '?exe=forum'); }
function AdminSiteMessagesChangeStatus() { $msg_id = SafeEnv($_GET['id'], 11, int); System::database()->Select('messages', "`id`='{$msg_id}'"); if (System::database()->NumRows() > 0) { $message = System::database()->FetchRow(); if ($message['active'] == 1) { $en = '0'; } else { $en = '1'; } System::database()->Update('messages', "active='{$en}'", "`id`='{$msg_id}'"); Audit('Сообщения: Изменение статуса сообщения "' . $message['title'] . '"'); } if (IsAjax()) { exit("OK"); } GO(ADMIN_FILE . '?exe=messages'); }
/** * Изменения статуса отображения страницы или ссылки в меню * @return void */ function AdminPagesChangeMenu() { $page_id = SafeEnv($_GET['id'], 11, int); System::database()->Select('pages', "`id`='{$page_id}'"); $page = System::database()->FetchRow(); if ($page['showinmenu'] == 1) { $en = '0'; } else { $en = '1'; } System::database()->Update('pages', "showinmenu='{$en}'", "`id`='{$page_id}'"); Audit('Страницы: Изменение статуса показа в меню для "' . $page['title'] . '"'); AdminPagesClearCache(); if (IsAjax()) { echo 'OK'; exit; } else { GO(ADMIN_FILE . '?exe=pages'); } }
function AdminDownloadsDeleteFile() { if (!System::user()->CheckAccess2('downloads', 'edit_files')) { System::admin()->AccessDenied(); } if (IsAjax() || isset($_GET['ok']) && SafeEnv($_GET['ok'], 1, int) == '1') { $id = SafeEnv($_GET['id'], 11, int); $r = System::database()->Select('downloads', "`id`='{$id}'"); AdminDownloadsGetTree()->CalcFileCounter(SafeDB($r[0]['category'], 11, int), false); if (is_file(RealPath2($r[0]['url']))) { unlink(RealPath2($r[0]['url'])); } System::database()->Delete('downloads', "`id`='{$id}'"); System::database()->Delete('downloads_comments', "`object_id`='{$id}'"); Audit('Архив файлов: Удаление файла "' . $r['title'] . '"'); GoRefererUrl($_REQUEST['back']); } else { System::admin()->AddCenterBox('Удаление файла'); System::database()->Select('downloads', "`id`='" . SafeEnv($_REQUEST['id'], 11, int) . "'"); $file = System::database()->FetchRow(); $id = SafeDB($_REQUEST['id'], 11, int); $back = SafeDB($_REQUEST['back'], 255, str); System::admin()->HighlightConfirmNoAjax('Удалить файл "' . SafeDB($file['title'], 255, str) . '"?', ADMIN_FILE . '?exe=downloads&a=deletefile&id=' . $id . '&ok=1&back=' . $back); } }
function AdminBlocksChangeStatus() { System::database()->Select('blocks', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); if (System::database()->NumRows() > 0) { $r = System::database()->FetchRow(); if (SafeDB($r['enabled'], 1, int) == 1) { $en = '0'; } else { $en = '1'; } System::database()->Update('blocks', "enabled='{$en}'", "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); Audit('Блока: Изменение статуса блока "' . $r['title'] . '"'); } if (IsAjax()) { exit("OK"); } GO(ADMIN_FILE . '?exe=blocks'); }
function AdminGuestBookDeleteMessage() { if (!System::user()->CheckAccess2('guestbook', 'edit')) { System::admin()->AccessDenied(); } if (IsAjax() || isset($_GET['ok']) && $_GET['ok'] == '1') { System::database()->Delete('guestbook', "`id`='" . SafeEnv($_GET['id'], 11, int) . "'"); Audit('Гостевая книга: Удаление сообщения'); if (isset($_GET['back'])) { GoRefererUrl($_GET['back']); } else { GO(ADMIN_FILE . '?exe=guestbook'); } } else { System::admin()->AddCenterBox('Удаление сообщения'); System::admin()->HighlightConfirmNoAjax('Удалить сообщение?', ADMIN_FILE . '?exe=guestbook&a=delete&id=' . SafeDB($_REQUEST['id'], 11, int) . '&ok=1' . '&back=' . SafeDB($_REQUEST['back'], 255, str)); } }
function DetectAttacks($a_fields) { global $ATTACK_DETECTION_DUPS, $ATTACK_DETECTION_REVERSE_CAPTCHA; $s_info = $s_attack = ""; $b_attacked = false; $s_user_info = ""; if (ATTACK_DETECTION_MIME) { if (DetectMimeAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !empty($ATTACK_DETECTION_DUPS)) { if (DetectDupAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && ATTACK_DETECTION_SPECIALS) { if (DetectSpecialsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && (ATTACK_DETECTION_MANY_URLS || ATTACK_DETECTION_MANY_URL_FIELDS)) { if (DetectManyURLsAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (ATTACK_DETECTION_JUNK) { if (DetectJunkAttack($a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if (!$b_attacked && !empty($ATTACK_DETECTION_REVERSE_CAPTCHA)) { if (DetectRevCaptchaAttack($ATTACK_DETECTION_REVERSE_CAPTCHA, $a_fields, $s_attack, $s_info, $s_user_info)) { $b_attacked = true; } } if ($b_attacked) { if (ALERT_ON_ATTACK_DETECTION) { SendAlert(GetMessage(MSG_ATTACK_DETECTED, array("ATTACK" => $s_attack, "INFO" => $s_info)), false); } if (!IsAjax() && ATTACK_DETECTION_URL !== "") { Redirect(ATTACK_DETECTION_URL, GetMessage(MSG_FORM_ERROR)); } else { global $SERVER; CreatePage(GetMessage(MSG_ATTACK_PAGE, array("SERVER" => $SERVER, "USERINFO" => $s_user_info)), GetMessage(MSG_FORM_ERROR)); } exit; } }
function AdminPollsChangeStatus() { global $editpolls; if (!$editpolls) { System::admin()->AccessDenied(); } $id = SafeEnv($_GET['id'], 11, int); System::database()->Select('polls', "`id`='{$id}'"); $poll = System::database()->FetchRow(); if ($poll['active'] == '1') { $en = '0'; } else { $en = '1'; } System::database()->Update('polls', "active='{$en}'", "`id`='{$id}'"); Audit('Опросы: Изменение статуса опроса "' . $poll['question'] . '"'); if (IsAjax()) { exit("OK"); } else { GO(ADMIN_FILE . '?exe=polls'); } }