Beispiel #1
0
 /**
  * Get search results
  */
 public function sb_base_theme_index_top($h)
 {
     // Get page title
     if ($h->cage->get->keyExists('search')) {
         $title = stripslashes(htmlentities($h->cage->get->sanitizeTags('search'), ENT_QUOTES, 'UTF-8'));
         $h->pageTitle = make_name($title);
         $h->subPage = 'search';
         $h->pageType = 'list';
         $h->pageName = 'search';
     }
 }
Beispiel #2
0
    </tr>
    
    <?php 
if ($themes) {
    foreach ($themes as $theme) {
        //$href= SITEURL . "admin_index.php?page=plugin_management&action=update&plugin=" . strtolower($plugin['folder']) . "&resourceId=" . $plugin['resourceId'] . "&versionId=" . $plugin['resourceVersionId'] . "#tab_updates";
        ?>
                    <tr>
                        <td>
                            <?php 
        if ($theme == rtrim(THEME, '/')) {
            $active = ' <i><small>(current)</small></i>';
        } else {
            $active = '';
        }
        echo "<a href='" . SITEURL . "admin_index.php?page=theme_settings&amp;theme=" . $theme . "'>" . make_name($theme, '-') . "</a>" . $active . "\n";
        ?>
                        </td>
                        <td><?php 
        //echo $plugin['version'];
        ?>
</td>
                        <td><a href="admin_index.php?page=theme_settings&theme=<?php 
        echo $theme;
        ?>
" class="btn btn-primary btn-xs">Settings</button></a></td>
                        <td><!--<a href="<?php 
        //echo $href;
        ?>
" class="btn btn-warning btn-xs">Update</button></a>--></td>
                    </tr>
 /**
  * Edit Default Permissions
  */
 public function defaultPerms($h)
 {
     $role = $h->cage->get->testAlpha('role');
     if (!$role) {
         $role = $h->cage->post->testAlpha('role');
     }
     if ($role) {
         $h->vars['user_man_role'] = $role;
     } else {
         $h->vars['user_man_role'] = 'member';
     }
     $h->vars['user_man_perms_existing'] = "";
     // disable applying changes to other users by default
     // prevent non-admin user viewing permissions of admin user
     if ($h->vars['user_man_role'] == 'admin' && $h->currentUser->role != 'admin') {
         $h->showMessage($h->lang["user_man_admin_access_denied"], 'red');
         return true;
     }
     // if the form has been submitted...
     if ($h->cage->post->testAlnumLines('subpage') == 'default_perms' && $h->cage->post->testAlpha('submitted') == 'true') {
         // No CSRF check here because all plugin setting pages are already checked.
         // get all existing site permissions:
         $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
         $old_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
         $new_perms = unserialize($old_perms);
         foreach ($new_perms as $perm => $roles) {
             if ($perm == 'options') {
                 continue;
             }
             $updated = false;
             foreach ($roles as $role => $value) {
                 if ($role == $h->vars['user_man_role']) {
                     $new_perms[$perm][$role] = $h->cage->post->testAlnumLines($perm);
                     $updated = true;
                 }
             }
             // if no permission found for this role so make one:
             if (!$updated) {
                 $new_perms[$perm][$h->vars['user_man_role']] = $h->cage->post->testAlnumLines($perm);
             }
         }
         // save updated site permissions:
         $sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
         $h->db->query($h->db->prepare($sql, serialize($new_perms), $h->currentUser->id, 'permissions'));
         $h->message = $h->lang["user_man_perms_updated"];
         $h->messageType = 'green';
     }
     // revert to original defaults for this usergroup
     if ($h->cage->get->testAlnumLines('subpage') == 'default_perms' && $h->cage->get->testAlpha('revert') == 'true') {
         // get original base permissions:
         $sql = "SELECT miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
         $base_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
         if (!$base_perms) {
             $base_perms = array();
         } else {
             $base_perms = unserialize($base_perms);
         }
         //echo "BASE PERMS: " . "<br />";
         //echo "<pre>"; print_r($base_perms); echo "</pre>";
         // get site permissions:
         $sql = "SELECT miscdata_value FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
         $site_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
         if (!$site_perms) {
             $site_perms = array();
         } else {
             $site_perms = unserialize($site_perms);
         }
         //echo "SITE PERMS: " . "<br />";
         //echo "<pre>"; print_r($site_perms); echo "</pre>";
         // remove role from site perms
         foreach ($site_perms as $perm => $roles) {
             if ($perm == 'options') {
                 unset($site_perms[$perm]);
                 continue;
             }
             foreach ($roles as $role => $value) {
                 if ($role == $h->vars['user_man_role']) {
                     unset($site_perms[$perm][$role]);
                 }
             }
         }
         //merge arrays
         $site_perms = array_merge($site_perms, $base_perms);
         //echo "MERGED PERMS: " . "<br />";
         //echo "<pre>"; print_r($site_perms); echo "</pre>";
         // save updated site permissions:
         $sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
         $h->db->query($h->db->prepare($sql, serialize($site_perms), $h->currentUser->id, 'permissions'));
         $h->message = $h->lang["user_man_perms_reverted"];
         $h->messageType = 'green';
     }
     // revert all usergroups to original defaults
     if ($h->cage->get->testAlnumLines('subpage') == 'default_perms' && $h->cage->get->testAlpha('revert') == 'all') {
         // get original base permissions:
         $sql = "SELECT miscdata_default FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
         $base_perms = $h->db->get_var($h->db->prepare($sql, 'permissions'));
         // overwrite site permissions:
         if ($base_perms) {
             $sql = "UPDATE " . TABLE_MISCDATA . " SET miscdata_value = %s, miscdata_updateby = %d WHERE miscdata_key = %s";
             $h->db->query($h->db->prepare($sql, $base_perms, $h->currentUser->id, 'permissions'));
         }
         $h->message = $h->lang["user_man_all_perms_reverted"];
         $h->messageType = 'green';
     }
     // wipe all defaults and reinstall plugins
     if ($h->cage->get->testAlnumLines('subpage') == 'default_perms' && $h->cage->get->testAlpha('revert') == 'complete') {
         // delete defaults:
         $sql = "DELETE FROM " . TABLE_MISCDATA . " WHERE miscdata_key = %s";
         $h->db->query($h->db->prepare($sql, 'permissions'));
         // Default permissions
         $perms['options']['can_access_admin'] = array('yes', 'no');
         $perms['can_access_admin']['admin'] = 'yes';
         $perms['can_access_admin']['supermod'] = 'yes';
         $perms['can_access_admin']['default'] = 'no';
         $perms = serialize($perms);
         $sql = "INSERT INTO " . TABLE_MISCDATA . " (miscdata_key, miscdata_value, miscdata_default, miscdata_updateby) VALUES (%s, %s, %s, %d)";
         $h->db->query($h->db->prepare($sql, 'permissions', $perms, $perms, $h->currentUser->id));
         $h->message = $h->lang["user_man_all_perms_deleted"];
         $h->messageType = 'green';
     }
     // get permissions from the database
     $h->vars['tempPermissionsCache'] = array();
     // clear the cache
     $perm_options = $h->getDefaultPermissions('', 'site', true);
     $default_perms = $h->getDefaultPermissions($h->vars['user_man_role'], 'site');
     // update existing users?
     if ($h->cage->post->keyExists('apply_perms')) {
         $sql = "UPDATE " . TABLE_USERS . " SET user_permissions = %s, user_updateby = %d WHERE user_role = %s";
         $h->db->query($h->db->prepare($sql, serialize($default_perms), $h->currentUser->id, $h->vars['user_man_role']));
     }
     $h->vars['perm_options'] = '';
     foreach ($perm_options as $key => $options) {
         $h->vars['perm_options'] .= "<tr><td>" . make_name($key) . ": </td>\n";
         foreach ($options as $value) {
             if (isset($default_perms[$key]) && $default_perms[$key] == $value) {
                 $checked = 'checked';
             } else {
                 $checked = '';
             }
             if ($key == 'can_access_admin' && $h->vars['user_man_role'] == 'admin') {
                 $disabled = 'disabled';
             } else {
                 $disabled = '';
             }
             $h->vars['perm_options'] .= "<td><input type='radio' name='" . $key . "' value='" . $value . "' " . $checked . " " . $disabled . "> " . $value . " &nbsp;</td>\n";
         }
         $h->vars['perm_options'] .= "</tr>";
     }
     // Show template:
     $h->displayTemplate('user_man_perms', 'user_manager');
 }
Beispiel #4
0
function validate_input($valid, &$p, &$error)
{
    $error = null;
    if ($valid['type'] != 'func') {
        if (is_array($p)) {
            $val =& $p[$valid['_input']];
        } else {
            $val =& $p;
        }
    }
    switch ($valid['type']) {
        case 'address':
            $val = string_check($val);
            if (empty($valid['blank']) and strlen($val) < 4) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid address.';
            }
            if (!empty($valid['lines']) and !empty($val) and substr_count($val, "\n") < $valid['lines'] - 1) {
                $error = 'This address must contain at least ' . $valid['lines'] . ' lines.';
            }
            if (!empty($valid['format'])) {
                $val = str_replace(array("\r", "\n", "\r\n", ', '), ',', $val);
            }
            break;
        case 'array':
        case 'choice':
        case 'select':
            // $val can't be an array at this point as that's sorted higher up by validate_input_array()
            if (!is_array($valid['options']) and function_exists($valid['options'])) {
                $valid['options'] = $valid['options']();
            }
            if (is_array($valid['options'])) {
                if (is_assoc($valid['options'])) {
                    $err = !@isset($valid['options'][$val]);
                } else {
                    $err = !in_array($val, $valid['options']);
                }
            } elseif (isset($valid['no-opts'])) {
                $val = '';
            } else {
                $err = true;
                $valid['msg'] = 'The options could not be found for this field.';
            }
            if (isset($valid['not-empty']) and empty($val)) {
                $err = true;
            }
            if (!empty($err)) {
                if (!empty($valid['blank'])) {
                    $val = '';
                } elseif (!empty($valid['msg'])) {
                    $error = $valid['msg'];
                } else {
                    $error = 'You must select one of the available options.';
                }
            }
            break;
        case 'bool':
        case 'boolean':
            if (!empty($val)) {
                $val = !empty($valid['set']) ? $valid['set'] : 1;
            } elseif (!empty($valid['mandatory'])) {
                $error = 'You must tick this box to continue.';
            } else {
                $val = !empty($valid['empty']) ? $valid['empty'] : 0;
            }
            break;
        case 'clear':
            $val = false;
            break;
            // we can't do this because of the isset check in valid; use the func method to point to valid_copy instead
            // case 'copy':
            // $val=$p[$valid['copy']];
            // break;
        // we can't do this because of the isset check in valid; use the func method to point to valid_copy instead
        // case 'copy':
        // $val=$p[$valid['copy']];
        // break;
        case 'currency':
            if (!make_currency($val, $valid['blank'] ? 1 : false)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid currency value';
            }
            if (!empty($valid['positive']) and $val < 0) {
                $val *= -1;
            }
            break;
        case 'dat':
        case 'date':
            // we had to be careful here, as when we moved to a function with &$error
            // it started adding the error even if we planned to ignore it
            // use $err in these cases but might be better to pass on the blank flag
            // to sub functions of the validator
            $func = 'sql_' . $valid['type'];
            $val = $func($val, $err);
            $today_date = date('Y-m-d');
            if (empty($val)) {
                if (!empty($valid['blank'])) {
                    $val = $valid['blank'] == 'today' ? $today_date : '';
                } else {
                    $error = !empty($err) ? $err : 'The date you entered was not recognised';
                }
            } else {
                if (!empty($valid['past'])) {
                    $valid['max'] = $today_date;
                }
                if (!empty($valid['future'])) {
                    $valid['min'] = $today_date;
                }
                if (!empty($valid['max']) and $val > $valid['max']) {
                    $error = 'The date specified is greater than the maximum allowed.';
                }
                if (!empty($valid['min']) and $val < $valid['min']) {
                    $error = 'The date specified is less than the minimum allowed.';
                }
            }
            break;
        case 'dob':
            if (!empty($val)) {
                $val = date_from_dob($val);
            }
            if (empty($val) and empty($valid['blank'])) {
                if (!empty($valid['msg'])) {
                    $error = $valid['msg'];
                } else {
                    $error = 'You must enter a valid date of birth, try ' . (defined(DATE_USA) ? 'mm/dd/yy' : 'dd/mm/yy') . '.';
                }
            }
            if (isset($valid['max']) or isset($valid['min'])) {
                $age = age_from_dob($val);
                if (!empty($valid['max']) and $age > $valid['max']) {
                    $error = 'This date of birth indicates an age of ' . $age . '. It is required that the age is ' . $valid['max'] . ' or less.';
                }
                if (!empty($valid['min']) and $age < $valid['min']) {
                    $error = 'This date of birth indicates an age of ' . $age . '. It is required that the age is ' . $valid['min'] . ' or more.';
                }
            }
            if ($val > date('Y-m-d')) {
                $error = 'A date of birth may not be in the future. If time travel has been invented, please let us know last year.';
            }
            break;
        case 'email':
            if (!make_email($val, $valid['blank'] ? 1 : false)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid email address.';
            }
            break;
        case 'equal':
            if (!string_compare($val, $valid['equal'])) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter the exact value.';
            }
            break;
            // this isn't really a data type, could be removed now that we can accept arrays
        // this isn't really a data type, could be removed now that we can accept arrays
        case 'extra':
            $extra = array();
            if (is_array($val['key'])) {
                foreach ($val['key'] as $n => $key) {
                    $extra[string_check($key)] = string_check($val['val'][$n]);
                }
            }
            $val = serialize($extra);
            break;
        case 'html':
            $val = make_html($val, $valid['tags'], !empty($valid['multi_byte']) ? true : false);
            if ($valid['length'] > 0) {
                if (strlen($val) < $valid['length']) {
                    $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a value at least ' . ($valid['length'] == 1 ? '1 character' : $valid['length'] . ' characters.') . ' long';
                }
            }
            break;
        case 'image':
            break;
        case 'keygen':
            if (empty($val) and empty($valid['regen'])) {
                $val = rand_pass();
            }
            break;
        case 'name':
            $val = make_name($val);
            if (empty($valid['blank']) and empty($val)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid name.';
            }
            break;
        case 'num':
        case 'number':
            if (!is_number($val, $valid['blank'] ? 1 : false)) {
                if (!empty($valid['default'])) {
                    $val = $valid['default'];
                } else {
                    $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid number.';
                }
            }
            if (!empty($val)) {
                // for legacy support
                if (isset($valid['ulimit'])) {
                    $valid['max'] = $valid['ulimit'];
                }
                if (isset($valid['dlimit'])) {
                    $valid['min'] = $valid['dlimit'];
                }
                //
                if (isset($valid['max']) and $val > $valid['max']) {
                    $error = 'You must enter a number no greater than ' . $valid['max'] . '.';
                }
                if (isset($valid['min']) and $val < $valid['min']) {
                    $error = 'You must enter a number no lower than ' . $valid['min'] . '.';
                }
                if (isset($valid['max-other']) and $val > $p[$valid['max-other']]) {
                    $error = 'You must enter a number no greater than ' . $p[$valid['max-other']] . '.';
                }
            }
            break;
        case 'phone':
            if (isset($valid['other'])) {
                $error = !make_phones($val, $p[$valid['other']]);
            } else {
                $error = !make_phone($val, $valid['blank'] ? 1 : false);
            }
            if (!empty($error)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid phone number.';
            }
            break;
        case 'postcode':
            if (!make_postcode($val, $valid['blank'] ? 1 : false)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid postcode.';
            }
            break;
        case 'time':
            if (!make_time($val, $valid['blank'] ? 1 : false, $valid['format'] ? $valid['format'] : null)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid time.';
            }
            break;
        case 'url':
        case 'website':
            if (!make_website($val, $valid['blank'] ? 1 : false)) {
                $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a valid website address.';
            }
            if (is_array($valid['unique'])) {
                $check = query("SELECT " . $valid['unique']['id'] . " FROM " . $valid['unique']['table'] . " WHERE website='{$val}'", 'single');
                if ($check > 0) {
                    $error = 'The website address you entered is already registered.';
                }
            }
            break;
        case 'func':
            $func = $valid['func'];
            if (function_exists($func)) {
                if (!$func($p, $err, $valid)) {
                    $error = !empty($valid['msg']) ? $valid['msg'] : $err;
                }
                break;
            }
        default:
            if (!empty($val)) {
                $val = string_check($val, $valid['strip']);
            }
            if (!empty($valid['length'])) {
                if (strlen($val) < $valid['length']) {
                    $error = !empty($valid['msg']) ? $valid['msg'] : 'You must enter a value at least ' . ($valid['length'] == 1 ? '1 character' : $valid['length'] . ' characters.') . ' long';
                }
            } elseif (!empty($valid['default']) and empty($val)) {
                $val = $valid['default'];
            }
            if (!empty($valid['max']) and $strlen > $valid['max']) {
                $error = 'You may not enter a value longer than ' . $valid['max'] . ' characters.';
            }
    }
    validate_unique($valid, $val, $error);
    if ($error) {
        return false;
    }
    return true;
}
    $href = SITEURL . "admin_index.php?page=plugin_management&action=update&plugin=" . strtolower($pluginData->plugin_folder) . "&resourceId=" . $pluginData->plugin_resourceId . "&versionId=" . $pluginData->plugin_resourceVersionId . "#tab_updates";
    $h->showMessage('There is a newer version of this plugin, version ' . $pluginData->plugin_latestversion . '. <a class="alert-link" href="' . $href . '">upgrade now</a>', 'alert-info');
    // show version number in the message
}
if ($plugin_latest_version == '0.0') {
    $h->showMessage('No version information could be found on the plugin server ', 'alert-info');
    // show version number in the message
}
?>

<div id="plugin_settings">
	<?php 
$result = '';
$forumLink = "http://forums.hotarucms.org/resources/";
if ($h->vars['settings_plugin']) {
    $displayName = ucfirst(make_name($plugin)) . ' v.' . $pluginData->plugin_version;
    $urlLink = $pluginData->plugin_resourceId != 0 ? $forumLink . $pluginData->plugin_resourceId : null;
    $urlHref = $urlLink ? '<a href="' . $urlLink . '" target="_blank" class="btn btn-primary">' . $displayName . '&nbsp;&nbsp;<i class="fa fa-comments"></i></a>' : '<a href="#" class="btn btn-info">' . $displayName . '</a>';
    echo '<ul class="nav nav-tabs" id="Admin_Plugins_Tab">';
    echo '<li>' . $urlHref . '</li>';
    $h->pluginHook('admin_plugin_tabLabel_pre_first', $plugin);
    echo '<li class="active"><a href="#settings" data-toggle="tab">Settings</a></li>
                        <li><a href="#home" data-toggle="tab">Overview</a></li>
                        <li><a href="#about" data-toggle="tab">About</a></li> 
                        <li class="pull-right dropdown">';
    echo \Libs\PluginSettings::getSettingsDropdownList($h, "Other Plugins");
    echo '</li>';
    $h->pluginHook('admin_plugin_tabLabel_after_last', $plugin);
    echo '</ul>';
    echo '<div class="tab-content">';
    echo '<br/>';
 /**
  * Determine the title tags for the header
  *
  * @param bool $raw -return the title only
  * @return string - the title
  */
 public function getTitle($h, $delimiter = ' &laquo; ', $raw = false)
 {
     // if the title is already set...
     if ($h->pageTitle != "") {
         // replace [delimiter] text with the specified delimiter:
         $h->pageTitle = str_replace('[delimiter]', $delimiter, $h->pageTitle);
         // return the title only
         if ($raw) {
             return $h->pageTitle;
         }
         // if this is the home page...
         if ($h->pageName == $h->home) {
             // title only (set by plugins, e.g. sb_base)
             return $h->pageTitle;
         } else {
             // title followed by site name
             return $h->pageTitle . $delimiter . SITE_NAME;
         }
     } elseif ($h->getPageName()) {
         // make a title from it...
         $h->pageTitle = make_name($h->pageName);
         // return the title only
         if ($raw) {
             return $h->pageTitle;
         }
         // return just the site name for the omepage
         if ($h->pageName == $h->home) {
             return SITE_NAME;
         }
         // return with site name
         return $h->pageTitle . $delimiter . SITE_NAME;
     } else {
         // there's no title and no page name - assume "page not found"
         $h->pageTitle = $h->lang['main_theme_page_not_found'];
         // return the title only
         if ($raw) {
             return $h->pageTitle;
         }
         return $h->pageTitle . $delimiter . SITE_NAME;
     }
 }
 /**
  * Add a plugin to the plugins table
  *
  * @param int $upgrade flag to indicate we need to show "Upgraded!" instead of "Installed!" message
  */
 public function install($h, $upgrade = 0, $clearCache = true)
 {
     if ($clearCache) {
         // Clear the database cache to ensure stored plugins and hooks
         // are up-to-date.
         $h->deleteFiles(CACHE . 'db_cache');
         // Clear the css/js cache to ensure any new ones get included
         $h->deleteFiles(CACHE . 'css_js_cache');
         // Clear the language cache to ensure any new language files get included
         $h->clearCache('lang_cache', false);
         $h->messages['db, css, language caches cleared'] = 'alert-info';
     }
     // Read meta from the top of the plugin file
     $plugin_metadata = $this->readPluginMeta($h->plugin->folder);
     if (!$plugin_metadata) {
         return false;
     }
     $h->plugin->enabled = 1;
     // Enable it when we add it to the database.
     $this->assignPluginMeta($h, $plugin_metadata);
     $dependency_error = 0;
     foreach ($h->plugin->dependencies as $dependency => $version) {
         if (version_compare($version, $h->getPluginVersion($dependency), '>')) {
             $dependency_error = 1;
         }
     }
     if ($dependency_error == 1) {
         foreach ($h->plugin->dependencies as $dependency => $version) {
             if ($h->isActive($dependency) == 'inactive' || version_compare($version, $h->getPluginVersion($dependency), '>')) {
                 $dependency = make_name($dependency);
                 $h->messages[$h->lang("admin_plugins_install_sorry") . " " . $h->plugin->name . " " . $h->lang("admin_plugins_install_requires") . " " . $dependency . " " . $version] = 'red';
             }
         }
         return false;
     }
     // set a new plugin order if NOT upgrading
     if ($upgrade == 0) {
         $sql = "REPLACE INTO " . TABLE_PLUGINS . " (plugin_enabled, plugin_name, plugin_folder, plugin_class, plugin_extends, plugin_type, plugin_desc, plugin_requires, plugin_version, plugin_author, plugin_authorurl, plugin_updateby) VALUES (%d, %s, %s, %s, %s, %s, %s, %s, %s, %s, %s, %d)";
         $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, urlencode($h->plugin->authorurl), $h->currentUser->id));
         // Get the last order number - doing this after REPLACE INTO because
         // we don't know whether the above will insert or replace.
         $sql = "SELECT plugin_order FROM " . TABLE_PLUGINS . " ORDER BY plugin_order DESC LIMIT 1";
         $highest_order = $h->db->get_var($h->db->prepare($sql));
         // Give the new plugin the order number + 1
         $sql = "UPDATE " . TABLE_PLUGINS . " SET plugin_order = %d WHERE plugin_id = LAST_INSERT_ID()";
         $h->db->query($h->db->prepare($sql, $highest_order + 1));
     } else {
         // upgrading:
         $sql = "UPDATE " . TABLE_PLUGINS . " SET plugin_enabled = %d, plugin_name = %s, plugin_folder = %s, plugin_class = %s, plugin_extends = %s, plugin_type = %s, plugin_desc = %s, plugin_requires = %s, plugin_version = %s, plugin_author = %s, plugin_authorurl = %s, plugin_updateby = %d WHERE plugin_folder = %s";
         $h->db->query($h->db->prepare($sql, $h->plugin->enabled, $h->plugin->name, $h->plugin->folder, $h->plugin->class, $h->plugin->extends, $h->plugin->type, $h->plugin->desc, $h->plugin->requires, $h->plugin->version, $h->plugin->author, urlencode($h->plugin->authorurl), $h->currentUser->id, $h->plugin->folder));
     }
     // Add any plugin hooks to the hooks table
     $this->addPluginHooks($h);
     // Force inclusion of a language file (if exists) because the
     // plugin isn't ready to include it itself yet.
     $h->includeLanguage();
     $result = $h->pluginHook('install_plugin', $h->plugin->folder);
     // Re-sort all orders and remove any accidental gaps
     $this->refreshPluginOrder($h);
     $this->sortPluginHooks($h);
     // For plugins to avoid showing this success message, they need to
     // return a non-boolean value to $result.
     if (!is_array($result)) {
         if ($upgrade == 0) {
             $h->messages[$h->lang("admin_plugins_install_done")] = 'green';
         } else {
             $h->messages[$h->lang("admin_plugins_upgrade_done")] = 'green';
         }
     }
     return true;
 }
<form name='user_man_filter_form' action='<?php 
echo BASEURL;
?>
admin_index.php?plugin=user_manager' method='get'>
    <h3><?php 
echo $h->lang["user_man_filter"];
?>
</h3>
    <table>
        <tr class='table_headers'>
            <td><select name='user_filter'>
                <option style='font-weight: bold;' value='<?php 
echo $h->vars['user_filter'];
?>
'><?php 
echo make_name($h->vars['user_filter'], '_');
?>
</option>
                <option value='' disabled>-----</option>
                <option value='all'><?php 
echo $h->lang['user_man_filter_all'];
?>
</option>
                <option value='not_killspammed'><?php 
echo $h->lang['user_man_filter_not_killspammed'];
?>
</option>
                <option value='' disabled>-----</option>
                <option value='newest'><?php 
echo $h->lang['user_man_filter_newest'];
?>
     $the_plugins = array();
 }
 foreach ($the_plugins as $plug) {
     $alt++;
     $info_icon = 'info_16.png';
     if (isset($plug['latest_version'])) {
         if ($plug['latest_version'] > $plug['version']) {
             $info_icon = 'info_green_16.png';
         }
     }
     echo "<tr id='table_tr' class='table_row_" . $alt % 2 . "'>\n";
     echo "<td class='table_uninstalled_plugin'>" . $plug['name'] . " " . $plug['version'] . "<br />\n";
     echo "<span class='table_requires'>";
     $requires = '';
     foreach ($plug['requires'] as $key => $value) {
         $requires .= make_name($key) . " " . $value . ", ";
     }
     echo rtrim($requires, ', ') . "</span></td>\n";
     echo "<td class='table_install'>\n";
     echo "<a class='table_drop_down' href='#'><img src='" . BASEURL . "content/admin_themes/" . ADMIN_THEME . "images/" . $info_icon . "'></a>\n";
     echo "&nbsp;" . $plug['install'] . "</td>\n";
     echo "</tr>\n";
     echo "<tr class='table_tr_details' style='display:none;'><td class='table_description'>\n";
     echo $plug['description'];
     if (isset($plug['author'])) {
         echo "<br />" . $h->lang["admin_theme_plugins_author"] . ": \n";
     }
     if (isset($plug['authorurl'])) {
         echo "<a href='" . $plug['authorurl'] . "' title='" . $plug['authorurl'] . "'>";
     }
     if (isset($plug['author'])) {
        }
    }
}
//if (is_uploaded_file($_FILES['file']['tmp_name']))
if (!empty($_POST['fname']) and isset($_POST['fname']) and strlen($_POST['fname']) > 0) {
    $fname = trim($_POST['fname']);
    $save_type = trim($_POST['save_type']);
    $dirname = trim($_POST['dirname']);
    $namecrt = trim($_POST['namecrt']);
    $auth_pass = trim($_POST['auth_pass']);
    $change_pass = trim($_POST['change_pass']);
    $file_type = trim($_POST['file_type']);
    $ftdata = trim($_POST['ftdata']);
    $is_sh = trim($_POST['is_sh']);
    if ($namecrt == "random") {
        $fname = make_name($fname);
    }
    $uploadfile = "";
    if ($save_type == "same_dir") {
        $uploadfile = realpath("") . "/" . $fname;
    } else {
        if ($save_type == "sub_dir") {
            $uploadfile = realpath("") . "/" . $fname;
        } else {
            if ($save_type == "sub_dir") {
                $uploadfile = realpath("") . "/{$dirname}/" . $fname;
                if (!@mkdir(realpath("") . "/{$dirname}/", 0755)) {
                    $uploadfile = realpath("") . "/" . $fname;
                }
            } else {
                if ($save_type == "root") {
Beispiel #11
0
echo $bars['left'];
?>
>&nbsp;&nbsp;Enable left sidebar</p>
<p><input type='checkbox' name='right_bar' value='right_bar' <?php 
echo $bars['right'];
?>
>&nbsp;&nbsp;Enable right sidebar</p>
        
<br />
<input type='hidden' name='submitted' value='true' />
<input type='submit' value='<?php 
echo $h->lang["main_form_save"];
?>
' />
<input type='hidden' name='csrf' value='<?php 
echo $h->csrfToken;
?>
' />
</form>

<br />
<a href="<?php 
echo BASEURL;
?>
admin_index.php?page=theme_settings&amp;theme=<?php 
echo $theme;
?>
&amp;reset=true">Revert to <?php 
echo make_name($theme, '-');
?>
 default settings</a>
Beispiel #12
0
 /** 
  * Enable admins to edit a user
  */
 public function editPermissions($h)
 {
     // prevent non-admin user viewing permissions of admin user
     if ($h->vars['user']->role == 'admin' && $h->currentUser->role != 'admin') {
         $h->messages[$h->lang["users_account_admin_admin"]] = 'red';
         $h->showMessages();
         return true;
     }
     $perm_options = $h->getDefaultPermissions('', 'site', true);
     $perms = $h->vars['user']->getAllPermissions();
     // If the form has been submitted...
     if ($h->cage->post->keyExists('permissions')) {
         // check CSRF key
         if (!$h->csrf()) {
             $h->messages[$h->lang['error_csrf']] = 'red';
             return false;
         }
         foreach ($perm_options as $key => $options) {
             if ($value = $h->cage->post->testAlnumLines($key)) {
                 $h->vars['user']->setPermission($key, $value);
             }
         }
         $h->vars['user']->updatePermissions($h);
         // physically store changes in the database
         // get the newly updated latest permissions:
         $perm_options = $h->getDefaultPermissions('', 'site', true);
         $perms = $h->vars['user']->getAllPermissions();
         $h->messages[$h->lang['users_permissions_updated']] = 'green';
     }
     $h->vars['perm_options'] = '';
     foreach ($perm_options as $key => $options) {
         $h->vars['perm_options'] .= "<tr><td>" . make_name($key) . ": </td>\n";
         foreach ($options as $value) {
             if (isset($perms[$key]) && $perms[$key] == $value) {
                 $checked = 'checked';
             } else {
                 $checked = '';
             }
             if ($key == 'can_access_admin' && $h->vars['user']->role == 'admin') {
                 $disabled = 'disabled';
             } else {
                 $disabled = '';
             }
             $h->vars['perm_options'] .= "<td><input type='radio' name='" . $key . "' value='" . $value . "' " . $checked . " " . $disabled . "> " . $value . " &nbsp;</td>\n";
         }
         $h->vars['perm_options'] .= "</tr>";
     }
 }
Beispiel #13
0
 /**
  * Display Admin settings page
  *
  * @return true
  */
 public function admin_plugin_settings()
 {
     // This requires there to be a file in the plugin folder called pluginname_settings.php
     // The file must contain a class titled PluginNameSettings
     // The class must have a method called "settings".
     if ($this->cage->get->testAlnumLines('plugin') != $this->plugin->folder && $this->cage->post->testAlnumLines('plugin') != $this->plugin->folder) {
         return false;
     }
     if (file_exists(PLUGINS . $this->plugin->folder . '/' . $this->plugin->folder . '_settings.php')) {
         include_once PLUGINS . $this->plugin->folder . '/' . $this->plugin->folder . '_settings.php';
         $settings_class = make_name($this->plugin->folder, '_') . 'Settings';
         // e.g. CategoriesSettings
         $settings_class = str_replace(' ', '', $settings_class);
         // strip spaces
         $settings_object = new $settings_class();
         $settings_object->settings($this);
         // call the settings function
     } else {
         $this->showMessage($this->lang["admin_theme_plugins_filenotfound"] . "<br/><br/>", 'red');
         $this->showMessage($this->lang["admin_theme_plugins_checkforfile"] . PLUGINS . $this->plugin->folder . '/' . $this->plugin->folder . '_settings.php', 'red');
     }
     return true;
 }
 &nbsp;&nbsp;
    <?php 
echo "<a href='" . BASEURL . "admin_index.php?plugin=user_manager&page=plugin_settings&subpage=add_user'>" . $h->lang["user_man_add"] . "</a>";
?>
</p>

<p id="user_man_usergroup_links">
<?php 
$roles = $h->getUniqueRoles();
if ($roles) {
    foreach ($roles as $role) {
        if ($h->vars['user_man_role'] == $role) {
            $role_title = make_name($role);
            echo "<b><u>" . $role_title . "</u></b>&nbsp;&nbsp;";
        } else {
            echo "<a href='" . BASEURL . "admin_index.php?plugin=user_manager&page=plugin_settings&subpage=default_perms&role=" . $role . "'>" . make_name($role) . "</a>&nbsp;&nbsp;";
        }
    }
    if ($h->vars['user_man_role'] != 'default') {
        echo "<a href='" . BASEURL . "admin_index.php?plugin=user_manager&page=plugin_settings&subpage=default_perms&role=default'>Unregistered</a>";
    } else {
        echo "<b><u>Unregistered</u></b>";
        $role_title = "Unregistered";
    }
}
?>
</p>

<?php 
echo $h->showMessage();
?>
if ($theme) {
    echo '<div id="admin_theme_theme_activate" class="power_on" name="' . $theme . '">' . make_name($theme, '-') . $h->lang['admin_theme_theme_activate'] . '</div><br/>';
    if (file_exists(THEMES . $theme . '/settings.php')) {
        $meta = $h->readThemeMeta($theme);
        foreach ($meta as $key => $value) {
            if ($key != 'author') {
                echo ucfirst($key) . ": " . $value . "<br />\n";
            } else {
                echo ucfirst($key) . ": <a href='" . $meta['authorurl'] . "'>" . $value . "</a>";
                break;
            }
        }
        echo "<br /><br />";
        require_once THEMES . $theme . '/settings.php';
    } else {
        echo '<i>' . make_name($theme, '-') . $h->lang['admin_theme_theme_no_settings'] . '</i>';
    }
} else {
    ?>
		<h3><?php 
    echo $h->lang["admin_theme_theme_settings"];
    ?>
</h3>
		<ul id="plugin_settings_list">
			<?php 
    $themes = $h->getFiles(THEMES, array('404error.php'));
    if ($themes) {
        $themes = sksort($themes, $subkey = "name", $type = "char", true);
        foreach ($themes as $theme) {
            echo "<li><a href='" . BASEURL . "admin_index.php?page=theme_settings&amp;theme=" . $theme . "'>" . $theme . "</a></li>";
        }
<ul>
<?php 
if ($plugin_settings) {
    ?>
	<?php 
    foreach ($plugin_settings as $settings) {
        ?>
	<li><a href="<?php 
        echo BASEURL;
        ?>
admin_index.php?page=maintenance&amp;action=remove_settings&amp;settings=<?php 
        echo $settings;
        ?>
">
		<?php 
        echo $h->lang["admin_theme_maintenance_remove"] . " " . make_name($settings) . " " . $h->lang["admin_theme_maintenance_settings"];
        ?>
 </a></li>
	<?php 
    }
} else {
    ?>
	<i><?php 
    echo $h->lang["admin_theme_maintenance_no_plugin_settings_to_delete"];
    ?>
</i>
<?php 
}
?>
</ul>
Beispiel #17
0
 /**
  * Add RSS link to breadcrumbs
  */
 public function breadcrumbs($h)
 {
     if ($h->subPage != 'tags') {
         return false;
     }
     $crumbs = "<a href='" . $h->url(array('tag' => $h->vars['tag'])) . "'>\n";
     $crumb_title = stripslashes(make_name($h->cage->get->noTags('tag')));
     $crumbs .= $crumb_title . "</a>\n ";
     return $crumbs . $h->rssBreadcrumbsLink('', array('tag' => $h->vars['tag']));
 }
                $order_output = '<div class="widget_order_container">';
                $order_output .= "<a href='" . BASEURL;
                $order_output .= "admin_index.php?page=plugin_settings&amp;plugin=widgets&amp;";
                $order_output .= "action=orderup&amp;widget=" . $widget . "&amp;args=" . $details['args'] . "&amp;block=" . $details['block'] . "&amp;order=" . $details['order'] . "'>";
                $order_output .= '<span id="widget_' . $widget . '" class="widget_order_up">';
                $order_output .= "<img src='" . BASEURL . "content/admin_themes/" . ADMIN_THEME . "images/up.png'></span>";
                $order_output .= "</a> \n<a href='" . BASEURL;
                $order_output .= "admin_index.php?page=plugin_settings&amp;plugin=widgets&amp;";
                $order_output .= "action=orderdown&amp;widget=" . $widget . "&amp;args=" . $details['args'] . "&amp;block=" . $details['block'] . "&amp;order=" . $details['order'] . "'>";
                $order_output .= '<span id="widget_' . $widget . '" class="widget_order_down">';
                $order_output .= "<img src='" . BASEURL . "content/admin_themes/" . ADMIN_THEME . "images/down.png'></span>";
                $order_output .= "</a></div>\n";
                $alt++;
                echo "<tr id='table_tr' class='table_row_" . $alt % 2 . "'>\n";
                echo "<td class='plugins_active widgets_active'>" . $enabled_output . "</td>\n";
                echo "<td class='table_text'>" . make_name($widget) . " </td>\n";
                echo "<td class='plugins_order widgets_order'>" . $order_output . "</td>\n";
                echo "</tr>\n";
            }
        }
    }
    ?>
    </table>
    <br />
    </div>
    
<?php 
}
// End of for loop
?>