<?php
// load base functions
require_once '../../../config.php';
// get prioritized sections
$prioritized = get_exts_order();
// and availabe sections too
$exts = ext_available();
$div = "";
foreach ($prioritized as $dirname => $priority) {
// skip deleted sections (do not remove from DB)
if (!in_array($dirname, $exts)) {
continue;
}
$div .= '<div id="' . $dirname . '" class="groupItem">';
$div .= ' <div class="itemHeader">' . filename_to_str($dirname) . '</div>';
$div .= '</div>';
}
echo $div;
<?php
session_start();
require '../../../config.php';
// check root user
if (!is_root()) {
exit;
}
if (isset($_GET['reset'])) {
$ext = ext_available();
foreach ($ext as $dir) {
$success = db_update(TBL_PREFIX . TBL_EXTS, "priority = '0'", "dir = '" . $dir . "'");
}
if ($success) {
echo '<p class="warning">Reset!</p>';
}
} else {
if (isset($_GET['sort'])) {
// update DB
foreach ($_GET['sort'] as $priority => $ext) {
$success = db_update(TBL_PREFIX . TBL_EXTS, "priority = '" . ($priority + 1) . "'", "dir = '" . $ext . "'");
}
if ($success) {
echo '<p class="success">Saved!</p>';
}
}
}
$newext = array_flip($_SESSION['allowed']);
$diff = array_diff_key($newext, $prioritized);
$warn = false;
if ($diff > 1) {
foreach ($diff as $dir => $priority) {
if ($dir != "admin") {
db_insert(TBL_PREFIX . TBL_EXTS, "dir,priority", "'" . $dir . "', '" . (max($prioritized) + 1) . "'");
$warn = true;
}
}
if ($warn) {
echo display_text($_displayType["WARNING"], 'New extensions have been installed. Please reload this page.');
}
}
// should be removed from DB a previously installed extension?
$installed = ext_available();
foreach ($prioritized as $dir => $priority) {
if (!in_array($dir, $installed)) {
db_delete(TBL_PREFIX . TBL_EXTS, "dir = '" . $dir . "'");
}
}
}
// display header title
echo '<h1>Admin panel</h1>';
/* now check for new releases
servers in safe_mode or with open_basedir set will throw a CURL_FOLLOW_LOCATION error
*/
echo check_smt_releases();
/* connection settings ------------------------------------------------------ */
error_reporting(0);
// check if (smt) is installed properly
<?php
// server settings are required - relative path to smt2 root dir
require '../../../config.php';
// protect extension from being browsed by anyone
require SYS_DIR . 'logincheck.php';
// now you have access to all CMS API
include INC_DIR . 'header.php';
// retrieve extensions
$MODULES = ext_available();
// get all roles
$ROLES = db_select_all(TBL_PREFIX . TBL_ROLES, "*", "1");
// query DB once
$ROOT = is_root();
// helper function
function table_row($role, $new = false)
{
global $MODULES, $ROOT;
$self = $role['id'] == $_SESSION['role_id'];
// wrap table row in a form, so each user can be edited separately
$row = '<form action="saveroles.php" method="post">';
$row .= '<tr>';
$row .= ' <td>';
$row .= !$new ? '<strong>' . $role['name'] . '</strong>' : '<input type="text" class="text center" id="newrole" name="name" value="type role name" size="15" maxlength="100" />';
$row .= ' </td>';
$allowed = explode(",", $role['ext_allowed']);
// check available extensions
foreach ($MODULES as $module) {
// disable admin roles (they have wide access)
$disabled = $self || $role['id'] == 1 && !$new ? ' disabled="disabled"' : null;
// look for registered users' roles
if (isset($_COOKIE['smt-login'])) {
$_SESSION['login'] = $_COOKIE['smt-login'];
}
if (empty($_SESSION['login'])) {
// redirect to root dir, where user authentication will prompt
$_SESSION['error'] = "NOT_LOGGED";
header("Location: " . ABS_PATH . "?redirect=" . urlencode(url_get_current(true)));
exit;
} else {
// check current session login
$user = db_select(TBL_PREFIX . TBL_USERS, "role_id", "login='******'login'] . "'");
$role = db_select(TBL_PREFIX . TBL_ROLES, "ext_allowed", "id='" . $user['role_id'] . "'");
// save session
$_SESSION['role_id'] = (int) $user['role_id'];
$_SESSION['allowed'] = explode(",", $role['ext_allowed']);
// root user have wide access
if ($_SESSION['role_id'] === 1) {
$_SESSION['allowed'] = ext_available();
}
// always set available the dashboard!
array_push($_SESSION['allowed'], "admin");
if (!in_array(ext_name(), $_SESSION['allowed'])) {
// redirect to admin dir
$_SESSION['error'] = "NOT_ALLOWED";
header("Location: " . ADMIN_PATH);
exit;
} else {
// update status
db_update(TBL_PREFIX . TBL_USERS, "last_access = NOW()", "login = '******'login'] . "'");
}
}
