function _getAdminMenus(&$menuOrder)
{
global $CURRENT_USER;
if (!@$CURRENT_USER['isAdmin']) {
return array();
}
$menu = @$_REQUEST['menu'];
$action = getRequestedAction();
$adminMenus = array();
$adminMenus[] = array('menuType' => 'menugroup', 'menuName' => t('Admin'), 'menuOrder' => ++$menuOrder, 'tableName' => '', 'link' => '', 'isSelected' => '');
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('General Settings'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=general', 'isSelected' => $menu == 'admin' && ($action == 'general' || $action == 'vendor' || $action == 'adminSave'));
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Section Editors'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=database', 'isSelected' => $menu == 'database');
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Code Generator'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_codeGenerator', 'isSelected' => $menu == '_codeGenerator');
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Plugins'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=admin&action=plugins', 'isSelected' => $menu == 'admin' && $action == 'plugins');
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Email Templates'), 'menuOrder' => ++$menuOrder, 'link' => '?menu=_email_templates', 'isSelected' => $menu == '_email_templates');
if (@$GLOBALS['SETTINGS']['advanced']['outgoingMail'] != 'sendOnly') {
// only show outgoing mail menu if logging is enabled
$count = mysql_count('_outgoing_mail');
$countText = $count ? " ({$count})" : "";
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Outgoing Mail') . $countText, 'menuOrder' => ++$menuOrder, 'link' => '?menu=_outgoing_mail', 'isSelected' => $menu == '_outgoing_mail');
}
//
$errorCount = mysql_count('_error_log');
$adminMenus[] = array('menuType' => 'custom', 'menuName' => t('Error Log') . " ({$errorCount})", 'menuOrder' => ++$menuOrder, 'link' => '?menu=_error_log', 'isSelected' => $menu == '_error_log', 'tableName' => '_error_log', 'recordCount' => $errorCount);
//array_pop($adminMenus); // remove "Error Log" from menu
//
return $adminMenus;
}
<?php
# set globals
global $APP, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX;
$APP['selectedMenu'] = 'admin';
### check access level
if (!$GLOBALS['CURRENT_USER']['isAdmin']) {
alert(t("You don't have permissions to access this menu."));
showInterface('');
}
### Dispatch actions
$action = getRequestedAction();
if (!$action || $action == 'listTables') {
if (@$_REQUEST['newOrder']) {
updateMenuOrder();
}
if (@$action == '' && !alert()) {
createMissingSchemaTablesAndFields();
}
// skip if action specified or alerts, such as when user is redirected back to this page
showInterface('database/listTables.php');
} elseif ($action == 'addTable') {
include "lib/menus/database/addTable.php";
} elseif ($action == 'addTable_save') {
addTable();
} elseif ($action == 'editTable') {
include "lib/menus/database/editTable.php";
} elseif ($action == 'adminHome') {
showInterface('admin/home.php');
} elseif ($action == 'recreateThumbnails') {
recreateThumbnails();
function isFlashUploader()
{
if (!@$_REQUEST['_FLASH_UPLOADER_'] && !@$_REQUEST['_FLASH_COOKIE_BUG_FIX_']) {
return false;
}
// test for both so cookie bug fix can only be used by flash uploader and upload submissions
// Past this line and we're dealing with the flash uploader (or someone pretending to be the flash uploader)
// debug - log flash uploader requests
$logRequests = false;
// for debugging
if ($logRequests) {
$log = "HTTP_USER_AGENT: " . $_SERVER['HTTP_USER_AGENT'] . "\n";
if ($_POST) {
$log .= "_POST: " . print_r($_POST, true) . "\n";
}
if ($_FILES) {
$log .= "_FILES: " . print_r($_FILES, true) . "\n";
}
//if ($_SERVER) { $log .= "_SERVER: " .print_r($_SERVER, true). "\n"; }
if ($_COOKIE) {
$log .= "_COOKIE: " . print_r($_COOKIE, true) . "\n";
}
$log .= "\n";
file_put_contents(SCRIPT_DIR . "/data/debug_flash_uploader.log", $log, FILE_APPEND);
}
// error checking: test for required and unique flash uploader fields
$errors = '';
if ($_SERVER['REQUEST_METHOD'] != 'POST') {
die("REQUEST_METHOD must be POST\n");
} else {
if (!@$_POST['_FLASH_COOKIE_BUG_FIX_']) {
die("No _FLASH_COOKIE_BUG_FIX_ value submitted!\n");
}
if (!@$_POST['_FLASH_UPLOADER_']) {
die("No _FLASH_UPLOADER_ value submitted!\n");
}
if (getRequestedAction() != 'uploadForm') {
die("getRequestedAction() must be 'uploadForm'!\n");
}
// SECURITY: this prevents _FLASH_COOKIE_BUG_FIX_ flash login from being used for anything but uploads
if (!@$_POST['submitUploads']) {
die("No submitUploads value submitted!\n");
}
// SECURITY: This prevents anything but saving of uploads (won't even allow displaying upload form)
//if (!@$_FILES) { die("Nothing is in _FILES array!\n"); }
//elseif (!@$_FILES['Filedata']) { die("Nothing is in _FILES['Filedata'] array!\n"); }
}
if ($errors) {
die(__FUNCTION__ . ": Flash Uploader Errors\n{$errors}!\n");
}
//
return true;
}
$escapedTableName = mysql_escape($TABLE_PREFIX . $tableName);
$hasEditorAccess = userSectionAccess($tableName) >= 9;
$hasAuthorAccess = userSectionAccess($tableName) >= 6;
$hasViewerAccess = userSectionAccess($tableName) >= 3;
$hasViewerAccessOnly = userSectionAccess($tableName) == 3;
$hasAuthorViewerAccess = userSectionAccess($tableName) >= 7;
$isSingleMenu = @$schema['menuType'] == 'single';
// get action
if ($isSingleMenu && $hasAuthorAccess) {
$_defaultAction = 'edit';
} elseif ($isSingleMenu && $hasViewerAccess) {
$_defaultAction = 'view';
} else {
$_defaultAction = 'list';
}
$action = getRequestedAction($_defaultAction);
//
doAction('section_init', $tableName, $action);
//
_redirectForCustomMenus();
// If file exists, call: /lib/menus/$menu/actionHandler.php
_myAccountMenuOverrides();
// override menuName, recordNum, selectedRecords and action
// error checking
_displayRequiredPluginErrors();
displaySectionAccessErrors($action);
_displayRecordAccessErrors($action);
// display alerts
$message = '';
if (@$_REQUEST['saved']) {
$recordNum = (int) @$_REQUEST['saved'];
