/**
* get settings from search table
**/
function getSearchSettings()
{
$backend = CAT_Backend::getInstance('Settings', 'settings_advanced');
$data = array();
$res_search = $backend->db()->query('SELECT * FROM `:prefix:search` WHERE `extra`="" OR `extra` IS NULL');
if (!$backend->db()->isError() && is_object($res_search)) {
foreach ($res_search->fetchAll() as $row) {
$data[$row['name']] = htmlspecialchars($row['value']);
}
}
$r = $backend->db()->query('SELECT `value` FROM `:prefix:settings` WHERE `name`=:name', array('name' => 'search'));
if ($r->rowCount()) {
$row = $r->fetch();
$data['search'] = $row['value'];
}
return $data;
}
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('preferences', 'start');
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$user_id = $val->fromSession('USER_ID', 'numeric');
$group_id = $val->fromSession('GROUP_ID', 'numeric');
global $parser;
$tpl_data = array();
include_once CAT_PATH . '/framework/functions-utf8.php';
$page = $user->get_initial_page($user_id, true);
// initial page
$options = $user->get_init_pages();
$tpl_data['INIT_PAGE_SELECT'] = $options;
// =============================================================
// ! read user-info from table users and assign it to template
// =============================================================
$sql = 'SELECT `display_name`, `username`, `email`, `statusflags` FROM `%susers` WHERE `user_id` = %d';
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$val = CAT_Helper_Validate::getInstance();
$perm = 'users_modify';
if ($val->sanitizePost('addUser')) {
$perm = 'users_add';
}
$backend = CAT_Backend::getInstance('access', $perm, false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', $perm)) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a user.', array('action' => str_replace('users', '', $perm))), 'success' => false);
print json_encode($ajax);
exit;
}
$addUser = trim($val->sanitizePost('addUser', NULL, true));
$saveUser = trim($val->sanitizePost('saveUser', NULL, true));
include_once CAT_PATH . '/framework/functions.php';
// Gather details entered
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($val->sanitizePost('username_fieldname'), ENT_QUOTES));
$username = trim($val->sanitizePost($username_fieldname, NULL, true));
$display_name = trim(str_replace(array('[[', ']]'), '', htmlspecialchars($val->sanitizePost('display_name'), ENT_QUOTES)));
$user_id = $val->sanitizePost('user_id', NULL, true);
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// =================================
// ! Include the WB functions file
// =================================
include_once CAT_PATH . '/framework/functions.php';
$backend = CAT_Backend::getInstance('Media', 'media', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
$ajax['file'] = $val->sanitizePost('file');
$ajax['file_path'] = $val->sanitizePost('file_path');
if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) {
$ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false);
print json_encode($ajax);
exit;
} else {
// ============================
// ! Try to delete file/folder
// ============================
$link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file'];
if (file_exists($link)) {
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_settings');
if (!$users->checkPermission('pages', 'pages_settings')) {
$backend->print_error('You do not have permissions to modify this page');
}
// ===============
// ! Get page id
// ===============
$page_id = $val->sanitizePost('page_id', 'numeric');
if (!$page_id) {
$backend->print_error('Missing page ID!');
}
// Include the WB functions file
require_once CAT_PATH . '/framework/functions.php';
// get form data
$language = $val->sanitizePost('map_language', NULL, true);
$link_page_id = $val->sanitizePost('link_page_id', 'numeric', true);
/**
* let the user manage the available backups
**/
function manage_droplet_backups()
{
global $parser, $settings, $val, $backend;
$groups = CAT_Users::get_groups_id();
if (!CAT_Helper_Droplet::is_allowed('manage_backups', $groups)) {
$backend->print_error(CAT_Backend::getInstance()->lang()->translate("You don't have the permission to do this"));
}
$rows = array();
$info = NULL;
$dirh = CAT_Helper_Directory::getInstance();
// recover
$recover = $val->get('_REQUEST', 'recover');
if ($recover && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover))) {
if (!function_exists('droplets_upload')) {
@(include_once dirname(__FILE__) . '/include.php');
}
$temp_unzip = $dirh->sanitizePath(CAT_PATH . '/temp/unzip/');
$result = droplets_import($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover), $temp_unzip);
$info = $backend->lang()->translate('Successfully imported [{{count}}] Droplet(s)', array('count' => $result['count']));
}
// delete single backup
$delbackup = $val->get('_REQUEST', 'delbackup');
if ($delbackup && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup))) {
@unlink($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup));
$info = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => $delbackup));
}
// delete a list of backups
// get all marked droplets
$marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array();
if (count($marked)) {
$deleted = array();
foreach ($marked as $file) {
$file = $dirh->sanitizePath(dirname(__FILE__) . '/export/' . $file);
if (file_exists($file)) {
@unlink($file);
$deleted[] = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => basename($file)));
}
}
if (count($deleted)) {
$info = implode('<br />', $deleted);
}
}
$backups = $dirh->scanDirectory($dirh->sanitizePath(dirname(__FILE__) . '/export'), true, true, NULL, array('zip'));
if (count($backups) > 0) {
// sort by name
sort($backups);
foreach ($backups as $file) {
// stat
$stat = stat($file);
// get zip contents
$count = CAT_Helper_Zip::getInstance($file)->listContent();
$rows[] = array('name' => basename($file), 'size' => $stat['size'], 'date' => strftime('%c', $stat['ctime']), 'files' => count($count), 'listfiles' => implode(", ", array_map(create_function('$cnt', 'return $cnt["filename"];'), $count)), 'download' => CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . basename($file)));
}
}
$parser->output('backups', array('rows' => $rows, 'info' => $info, 'backups' => count($backups) ? 1 : NULL));
}
if (empty($sub)) {
continue;
}
$dir .= '/' . $sub;
if (file_exists($dir . '/framework/class.secure.php')) {
include $dir . '/framework/class.secure.php';
$inc = true;
break;
}
}
if (!$inc) {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// protect
$backend = CAT_Backend::getInstance('Start', 'start', false, false);
if (!CAT_Users::is_authenticated()) {
exit;
}
// just to be _really_ sure...
require CAT_PATH . '/framework/CAT/ExceptionHandler.php';
// register exception/error handlers
set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler"));
set_error_handler(array("CAT_ExceptionHandler", "errorHandler"));
register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler"));
include dirname(__FILE__) . '/../data/config.inc.php';
$widget_name = 'Version check';
$error = $version = $newer = $last = $last_version = NULL;
$debug = false;
$doit = true;
if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) {
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Access', 'users', false, false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', 'users')) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to view users'), 'success' => false);
print json_encode($ajax);
exit;
}
$user_id = $val->sanitizePost('id', 'numeric');
if (!$user_id || $user_id == 1) {
$ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
print json_encode($ajax);
exit;
}
$user = $users->get_user_details($user_id);
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('admintools', 'blackcatFilter');
$val = CAT_Helper_Validate::getInstance();
$showit = false;
$errors = array();
$upload_error = NULL;
// new filter?
if ($val->sanitizePost('filter_add')) {
$data = array();
foreach (array('module_name', 'name', 'description', 'code', 'active') as $key) {
if (!$val->sanitizePost('filter_' . $key)) {
if ($key == 'code' && isset($_FILES['filter_file'])) {
$data[$key] = '';
continue;
}
$errors[$key] = $backend->lang()->translate('Please fill out the field: {{ name }}', array('name' => $backend->lang()->translate($key)));
} else {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
global $parser;
$backend = CAT_Backend::getInstance('start');
$user = CAT_Users::getInstance();
$lang = CAT_Helper_I18n::getInstance();
$widget = CAT_Helper_Widget::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('start', 'start', false);
// ================================================
// ! Check if installation directory still exists
// ================================================
if (file_exists(CAT_PATH . '/install/')) {
CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/');
}
// exec initial_page
if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) {
$page = $user->get_initial_page();
if ($page) {
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_intro');
$val = CAT_Helper_Validate::getInstance();
// Get page content
$filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION;
if (file_exists($filename)) {
$handle = fopen($filename, "r");
$content = fread($handle, filesize($filename));
fclose($handle);
} else {
$content = '';
}
if ($val->sanitizeGet('wysiwyg') != 'no') {
if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == 'none' || !file_exists(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/include.php')) {
function show_wysiwyg_editor($name, $id, $content, $width, $height)
{
echo '<textarea name="' . $name . '" id="' . $id . '" style="width: ' . $width . '; height: ' . $height . ';">' . $content . '</textarea>';
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Addons', 'modules_uninstall');
$val = CAT_Helper_Validate::getInstance();
$addons = CAT_Helper_Addons::getInstance();
// Get name and type of add on
$type = $val->sanitizePost('type', NULL, true);
$addon_name = $val->sanitizePost('file');
$file = $type == 'language' ? $addon_name . '.php' : $addon_name;
// Check if user selected a module
if (trim($file) == '' || trim($type) == '') {
header("Location: index.php");
exit(0);
}
$js_back = CAT_ADMIN_URL . '/addons/index.php';
// Check if the module exists
if (!$addons->isModuleInstalled($addon_name, NULL, preg_replace('~s$~', '', $type))) {
$backend->print_error('Not installed', $js_back, false);
/**
*
*
**/
public static function createAccessFile($filename, $page_id)
{
$filename = CAT_Helper_Directory::sanitizePath($filename);
// check if $filename is a full path (may be 'link' db value)
if (!preg_match('~^' . CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY) . '~i', $filename)) {
$filename = CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY . '/' . dirname($filename) . '/' . self::getFilename(basename($filename)) . PAGE_EXTENSION);
}
$pages_path = CAT_Helper_Directory::sanitizePath(CAT_PATH . PAGES_DIRECTORY);
$rel_pages_dir = str_replace($pages_path, '', CAT_Helper_Directory::sanitizePath(dirname($filename)));
$rel_filename = str_replace($pages_path, '', CAT_Helper_Directory::sanitizePath($filename));
// prevent system directories and files from being overwritten (level 0)
$denied = false;
if (PAGES_DIRECTORY == '') {
$forbidden_dirs = self::$instance->_config['forbidden_l0'];
$forbidden_files = self::$instance->_config['forbidden_filenames_l0'];
$search = explode('/', $rel_filename);
$denied = in_array($search[1], $forbidden_dirs);
$denied = in_array($search[1], $forbidden_files);
}
if (true === is_writable($pages_path) && false == $denied) {
// First make sure parent folder exists
$parent_folders = explode('/', $rel_pages_dir);
$parents = '';
foreach ($parent_folders as $parent_folder) {
if ($parent_folder != '/' && $parent_folder != '') {
$parents .= '/' . $parent_folder;
if (!file_exists($pages_path . $parents)) {
// create dir; also creates index.php (last param = true)
CAT_Helper_Directory::createDirectory($pages_path . $parents, OCTAL_DIR_MODE, true);
CAT_Helper_Directory::setPerms($pages_path . $parents);
}
}
}
$step_back = str_repeat('../', substr_count($rel_pages_dir, '/') + (PAGES_DIRECTORY == "" ? 0 : 1));
$content = '<?php' . "\n";
$content .= "/**\n *\tThis file is autogenerated by BlackCat CMS Version " . CAT_VERSION . "\n";
$content .= " *\tDo not modify this file!\n */\n";
$content .= "\t" . '$page_id = ' . $page_id . ';' . "\n";
$content .= "\t" . 'require_once \'' . $step_back . 'index.php\';' . "\n";
$content .= '?>';
/**
* write the file
*/
$fp = fopen($filename, 'w');
if ($fp) {
fwrite($fp, $content, strlen($content));
fclose($fp);
/**
* Chmod the file
*/
CAT_Helper_Directory::getInstance()->setPerms($filename);
} else {
CAT_Backend::getInstance()->print_error('Error creating access file in the pages directory, cannot open file');
return false;
}
return true;
} else {
CAT_Backend::getInstance()->print_error('Error creating access file in the pages directory, path not writable or forbidden file / directory name');
return false;
}
}
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Access', 'groups', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
$addGroup = trim($val->sanitizePost('addGroup', NULL, true));
$saveGroup = trim($val->sanitizePost('saveGroup', NULL, true));
if ($addGroup && !$users->checkPermission('Access', 'groups_add') || $saveGroup && !$users->checkPermission('Access', 'groups_modify')) {
$action = $addGroup != '' ? 'add' : 'modify';
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a group.', array('action' => $action)), 'success' => false);
print json_encode($ajax);
exit;
}
// Gather details entered
$group_name = trim($val->sanitizePost('name', NULL, true));
$group_id = $val->sanitizePost('group_id', 'numeric', true);
if ($saveGroup && (!$group_id || $group_id == 1 || $group_id == '') || $addGroup == '' && $saveGroup == '' || $addGroup != '' && $saveGroup != '') {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true;
$backend = CAT_Backend::getInstance('admintools', 'admintools', $header);
$admin =& $backend;
$val = CAT_Helper_Validate::getInstance();
$get_tool = $val->sanitizeGet('tool', NULL, true);
if ($get_tool == '') {
$get_tool = $val->sanitizePost('tool', NULL, true);
}
if ($get_tool == '') {
header("Location: index.php");
exit(0);
}
// check tool permission
if (!CAT_Users::get_permission($get_tool, 'module')) {
header("Location: index.php");
exit(0);
}
/**
* Check if a output filter is already registered
*
* @param string $filter_name
* @param string $module_directory
* @return boolean
*/
function is_filter_registered($filter_name, $module_directory)
{
$backend = CAT_Backend::getInstance('addons', 'modules_install');
$SQL = sprintf("SELECT `filter_name` FROM `:prefix:mod_filter` WHERE " . "`filter_name`='%s' AND `module_name`='%s'", $filter_name, $module_directory);
if (false === ($name = $backend->db()->get_one($SQL, MYSQL_ASSOC))) {
return false;
}
return $name == $filter_name;
}
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$local = array('pages' => 'backend_pages_modify.js', 'access' => 'backend_users_index.js', 'addons' => 'backend_addons.js', 'media' => 'backend_media.js', 'preferences' => 'backend_preferences.js', 'settings' => array('backend_pages_modify.js', 'backend_settings_index.js'), 'login_index' => 'login.js');
$mod_headers = array('backend' => array('meta' => array(array('name' => 'viewport', 'content' => 'width=device-width, initial-scale=1')), 'css' => array(array('media' => 'screen', 'file' => 'templates/freshcat/css/default/index.css'), array('media' => 'screen', 'file' => 'modules/lib_jquery/plugins/qtip2/qtip2.min.css')), 'jquery' => array(array('core' => true, 'ui' => true, 'all' => array('jquery.highlight', 'jquery.cookies', 'tag-it', 'qtip2', 'jquery.form', 'jquery.livesearch', 'jquery.smarttruncation', 'cattranslate'))), 'js' => array(array('debug.js', 'jquery.fc_set_tab_list.js', 'jquery.fc_toggle_element.js', 'jquery.fc_resize_elements.js', 'jquery.fc_show_popup.js', 'general.js', 'pages_tree.js', 'session.js'))));
// get current backend section to add local JS
$page = strtolower(CAT_Backend::getInstance()->section_name);
if (isset($local[$page])) {
if (!is_array($local[$page])) {
$local[$page] = array($local[$page]);
}
$mod_headers['backend']['js'][0] = array_merge($mod_headers['backend']['js'][0], $local[$page]);
}
if ($page == 'addons') {
array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/tabs.css'));
if (CAT_Helper_Addons::isModuleInstalled('lib_dropzone')) {
$mod_headers['backend']['js'][0][] = '/modules/lib_dropzone/vendor/dropzone.min.js';
array_push($mod_headers['backend']['css'], array('file' => 'modules/lib_dropzone/vendor/dropzone.min.css'));
}
array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/addons.css'));
}
// check for custom JS for current backend page
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Addons', 'modules_install', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$success = false;
$message = '';
header('Content-type: application/json');
if (!$users->checkPermission('Addons', 'modules_install')) {
$message = $backend->lang()->translate("Sorry, but you don't have the permissions for this action");
printResult();
}
$type = $val->sanitizePost('new_moduletype');
$name = $val->sanitizePost('new_modulename');
$dir = $val->sanitizePost('new_moduledir');
$desc = $val->sanitizePost('new_moduledesc');
$author = $val->sanitizePost('new_moduleauthor');
$func = 'page';
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
ob_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
$backend = CAT_Backend::getInstance('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id());
if (!$curr_user_is_admin) {
echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
exit;
}
$settings = array();
$sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"';
if ($res = $backend->db()->query($sql)) {
$row = $res->fetchRow(MYSQL_ASSOC);
}
if (!isset($row['value']) || $row['value'] == '') {
@(require_once CAT_PATH . '/framework/CAT/Object.php');
$guid = CAT_Object::createGUID();
$row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL;
$backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_add', false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Pages', 'pages_add')) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to add a page.'), 'success' => false);
print json_encode($ajax);
exit;
}
// note: all pages are listed in the dropdown, even hidden / private AND deleted!
$dropdown_list = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(1), 0);
// template / variant
$template = CAT_Helper_Page::properties($val->sanitizePost('parent_id', 'numeric'), 'template');
$variant = CAT_Helper_Page::getPageSettings($val->sanitizePost('parent_id', 'numeric'), 'internal', 'template_variant');
$variants = array();
$info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($val->sanitizePost('parent_id', 'numeric')));
if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
function print_footer()
{
return CAT_Backend::getInstance('')->print_footer();
}
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
// backend only
$backend = CAT_Backend::getInstance('admintools');
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('admintools', 'admintools');
// check if any editor is set
if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == '') {
$admin->print_error('No WYSIWYG editor set, please set one first (Settings -> Backend settings -> WYSIWYG Editor)', NULL, false);
}
// check for config driver
$cfg_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/c_editor.php');
if (file_exists($cfg_file)) {
require $cfg_file;
} elseif (file_exists(CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php"))) {
require_once dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php";
} else {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$tpl_data = array();
$backend = CAT_Backend::getInstance('Addons', 'addons');
$users = CAT_Users::getInstance();
$addons = CAT_Helper_Addons::get_addons();
$counter = 0;
$seen_dirs = array();
$tpl_data['addons'] = array();
$tpl_data['not_installed_addons'] = array('modules' => array(), 'templates' => array(), 'languages' => array());
$tpl_data['groups'] = $users->get_groups('', '', false);
$tpl_data['username'] = $users->get_display_name();
// for new addons
global $parser;
foreach ($addons as $addon) {
// check if the user is allowed to see this item
if (!$users->get_permission($addon['directory'], $addon['type'])) {
$seen_dirs[] = $addon['directory'];
continue;
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Pages', 'pages_delete', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
// Get perms
if (!$users->checkPermission('pages', 'pages_delete', false)) {
$ajax = array('message' => $backend->lang()->translate('You do not have the permission to delete a page.'), 'success' => false);
print json_encode($ajax);
exit;
}
$page_id = $val->sanitizePost('page_id', 'numeric');
// Get page id
if (!$page_id) {
$ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
print json_encode($ajax);
exit;
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, see <http://www.gnu.org/licenses/>.
*
* @author Black Cat Development
* @copyright 2013, Black Cat Development
* @link http://blackcat-cms.org
* @license http://www.gnu.org/licenses/gpl.html
* @category CAT_Core
* @package CAT_Core
*
*/
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
CAT_Backend::getInstance('Pages', 'pages_modify')->db()->query(sprintf("DELETE FROM `%smod_wysiwyg` WHERE section_id = '%d'", CAT_TABLE_PREFIX, $section_id));
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
header('Content-type: application/json');
$backend = CAT_Backend::getInstance('user', 'preferences', false, false);
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$extended = $user->getExtendedOptions();
$err_msg = array();
// =================================================
// ! remove any dangerouse chars from display_name
// =================================================
$display_name = $val->add_slashes(strip_tags(trim($val->sanitizePost('display_name'))));
$display_name = $display_name == '' ? $user->get_display_name() : $display_name;
// ==================================================================================
// ! check that display_name is unique in whole system (prevents from User-faking)
// ==================================================================================
$sql = 'SELECT COUNT(*) FROM `:prefix:users` WHERE `user_id` <> :id AND `display_name` LIKE :name';
if ($backend->db()->query($sql, array('id' => (int) $user->get_user_id(), 'name' => $display_name))->fetchColumn() > 0) {
$err_msg[] = $backend->lang->translate('The username you entered is already taken');
if (defined('CAT_PATH')) {
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$backend = CAT_Backend::getInstance('Settings', 'settings', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Settings', 'settings')) {
$ajax = array('message' => $backend->lang()->translate("Sorry, but you don't have the permissions for this action"), 'success' => false);
print json_encode($ajax);
exit;
}
global $err_msg;
$err_msg = array();
require_once dirname(__FILE__) . '/functions.php';
$region = $val->sanitizePost('current_page');
switch ($region) {
case 'sysinfo':
// nothing to save here
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$update_when_modified = true;
$val = CAT_Helper_Validate::getInstance();
$user = CAT_Users::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_modify');
// ===============
// ! Get page id
// ===============
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
$section_id = $val->get('_REQUEST', 'section_id', 'numeric');
if (!$page_id) {
header("Location: index.php");
exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
$backend->print_error('You do not have permissions to modify this page!');
}
include CAT_PATH . '/framework/class.secure.php';
} else {
$root = "../";
$level = 1;
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
$root .= "../";
$level += 1;
}
if (file_exists($root . '/framework/class.secure.php')) {
include $root . '/framework/class.secure.php';
} else {
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
}
}
$user = CAT_Users::getInstance();
$backend = CAT_Backend::getInstance('Settings', 'settings_advanced');
global $parser;
$tpl_data = array();
// include local functions file
require_once dirname(__FILE__) . '/functions.php';
// template for default tab (SEO settings)
$tpl = 'backend_settings_index_seo';
// add default form
$tpl_data['INDEX'] = $parser->get($tpl, array('values' => getSettingsTable()));
$tpl_data['MAINTENANCE_MODE'] = CAT_Registry::get('MAINTENANCE_MODE');
// ====================
// ! Parse the site
// ====================
$parser->output('backend_settings_index', $tpl_data);
// ======================
// ! Print admin footer
