* Way Better Content Editing. * Visit http://wbce.org to learn more and to join the community. * * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // do not display notices and warnings during installation error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); // Setup admin object require '../../config.php'; $admin = new admin('Addons', 'languages_install', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); // Check if user uploaded a file if (!isset($_FILES['userfile'])) { header("Location: index.php"); exit(0); } // Include the WB functions file // Create temp string $temp_string = ''; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; srand((double) microtime() * 1000000); $i = 0; while ($i <= 7) {
$common_field = 'page_id'; $table = TABLE_PREFIX . 'sections'; } else { $id = $_GET['page_id']; $id_field = 'page_id'; $common_field = 'parent'; $table = TABLE_PREFIX . 'pages'; } } else { header("Location: index.php"); exit(0); } // Create new admin object and print admin header $admin = new admin('Pages', 'pages_settings'); // Create new order object an reorder $order = new order($table, 'position', $id_field, $common_field); if ($id_field == 'page_id') { if ($order->move_up($id)) { $admin->print_success($MESSAGE['PAGES_REORDERED']); } else { $admin->print_error($MESSAGE['PAGES_CANNOT_REORDER']); } } else { if ($order->move_up($id)) { $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id); } else { $admin->print_error($TEXT['ERROR'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id); } } // Print admin footer $admin->print_footer();
// Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('media_browse.htt'))); $template->set_file('page', 'media_browse.htt'); $template->set_block('page', 'main_block', 'main'); // Get the current dir $currentHome = $admin->get_home_folder(); $directory = ($currentHome and !array_key_exists('dir', $_GET)) ? $currentHome : $admin->strip_slashes($admin->get_get('dir')); if ($directory == '/' or $directory == '\\') { $directory = ''; } $dir_backlink = 'browse.php?dir=' . $directory; // Check to see if it contains ../ if (!check_media_path($directory)) { // $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH']); } if (!file_exists(WB_PATH . MEDIA_DIRECTORY . $directory)) { // $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DIR_DOES_NOT_EXIST']); } // Check to see if the user wanted to go up a directory into the parent folder if ($admin->get_get('up') == 1) { $parent_directory = dirname($directory); header("Location: browse.php?dir={$parent_directory}"); exit(0); } if ($_SESSION['GROUP_ID'] != 1 && $pathsettings['global']['admin_only']) { // Only show admin the settings link $template->set_var('DISPLAY_SETTINGS', 'hide'); }
* WebsiteBaker Community Edition (WBCE) * Way Better Content Editing. * Visit http://wbce.org to learn more and to join the community. * * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Setup admin object require '../../config.php'; // suppress to print the header, so no new FTAN will be set $admin = new admin('Addons', 'templates_uninstall', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); // Check if user selected template if (!isset($_POST['file']) or $_POST['file'] == "") { header("Location: index.php"); exit(0); } else { $file = $_POST['file']; } // Extra protection if (trim($file) == '') { header("Location: index.php"); exit(0); }
require dirname(dirname(__DIR__)) . '/config.php'; } if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } // suppress to print the header, so no new FTAN will be set if (!$bAdvanced) { $admin = new admin('Settings', 'settings_basic', false); } else { $admin = new admin('Settings', 'settings_advanced', false); } // Create a javascript back link $js_back = ADMIN_URL . '/settings/index.php?advanced=' . $bAdvanced; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } $admin->print_header(); $TOKENS = unserialize($_SESSION['TOKENS']); $array = $_POST; ksort($array); $aInputs = array(); $aOutputs = array(); $sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings` ' . 'ORDER BY `name`'; if ($oSettings = $database->query($sql)) { while ($aSetting = $oSettings->fetchRow(MYSQLI_ASSOC)) { $aOutputs['_POST'][$aSetting['name']] = $aSetting['value']; } } // After check print the header // Work-out file mode
* * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Print admin header require '../../config.php'; include_once 'resize_img.php'; include_once 'parameters.php'; // require_once(WB_PATH.'/include/pclzip/pclzip.lib.php'); // Required to unzip file. // suppress to print the header, so no new FTAN will be set $admin = new admin('Media', 'media_upload', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); // Target location $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $target = isset(${$requestMethod}['target']) ? ${$requestMethod}['target'] : ''; // Include the WB functions file $directory = $target == '/' ? '' : $target; $dirlink = 'index.php?dir=' . $directory; $rootlink = 'index.php?dir='; // Check to see if target contains ../ if (!check_media_path($target, false)) { $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']); } // Create relative path of the target location for the file
} $admin = new admin('Pages', 'pages_modify', (bool) $admin_header); // get request method $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $aRequestVars = isset(${$requestMethod}) ? ${$requestMethod} : null; // Get page id (on error page_id == 0)) $page_id = intval(isset(${$requestMethod}['page_id']) ? ${$requestMethod}['page_id'] : (isset($page_id) ? $page_id : 0)); $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $section_id = intval(isset(${$requestMethod}['section_id']) ? ${$requestMethod}['section_id'] : (isset($section_id) ? $section_id : 0)); $module_dir = basename(dirname($_SERVER["SCRIPT_NAME"])); // Create js back link $js_back = ADMIN_URL . '/pages/sections.php?page_id=' . $page_id; // Get perms // unset($admin_header); if (!is_numeric($page_id)) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } elseif ($page_id > 0) { $page = $admin->get_page_details($page_id, ADMIN_URL . '/pages/index.php'); } else { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS'], ADMIN_URL); } $old_admin_groups = explode(',', str_replace('_', '', $page['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $page['admin_users'])); $in_group = false; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_group = true; } } if (!$in_group && !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { print $admin->get_group_id() . $admin->get_user_id();
// to show position and section_id if (!defined('DEBUG')) { define('DEBUG', $debug); } // Create new admin object require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify'); // Check if we are supposed to add or delete a section if (isset($_GET['section_id']) and is_numeric($_GET['section_id'])) { // Get more information about this section $section_id = intval($_GET['section_id']); $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` '; $sql .= 'WHERE `section_id` =' . $section_id; $query_section = $database->query($sql); if ($query_section->numRows() == 0) { $admin->print_error('Section not found'); } $section = $query_section->fetchRow(MYSQL_ASSOC); // Include the modules delete file if it exists if (file_exists(LEPTON_PATH . '/modules/' . $section['module'] . '/delete.php')) { require LEPTON_PATH . '/modules/' . $section['module'] . '/delete.php'; } $sql = 'DELETE FROM `' . TABLE_PREFIX . 'sections` '; $sql .= 'WHERE `section_id` =' . $section_id . ' LIMIT 1'; $query_section = $database->query($sql); if ($database->is_error()) { $admin->print_error($database->get_error()); } else { require LEPTON_PATH . '/framework/class.order.php'; $order = new order(TABLE_PREFIX . 'sections', 'position', 'section_id', 'page_id'); $order->clean($page_id);
$sql .= 'WHERE `page_id` = ' . $page_id; $results = $database->query($sql); if ($database->is_error()) { trigger_error($database->get_error(), E_USER_ERROR); } $results_array = $results->fetchRow(MYSQL_ASSOC); $old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users'])); $in_old_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_old_group = TRUE; } } if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page module $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` '; $sql .= 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id; $module = $database->get_one($sql); if ($database->is_error()) { trigger_error($database->get_error(), E_USER_ERROR); } if (!$module) { $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']); } // Update the pages table $now = time(); $sql = 'UPDATE `' . TABLE_PREFIX . 'pages` SET '; $sql .= '`modified_when` = ' . $now . ', `modified_by` = ' . $admin->get_user_id() . ' ';
<?php /* * @version 0.1 * @author Ruud Eisinga (Ruud) * @date 2009-04-10 */ require '../../config.php'; // Get id if (!isset($_GET['slide_id']) or !is_numeric($_GET['slide_id'])) { header("Location: " . ADMIN_URL . "/pages/index.php"); } else { $slide_id = $_GET['slide_id']; } // Include WB admin wrapper script require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider'; $admin = new admin('admintools', 'admintools'); $btable = TABLE_PREFIX . 'mod_capslider_slide'; $database->query("DELETE FROM " . $btable . " WHERE id = '{$slide_id}' LIMIT 1"); // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error(), WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id); } else { $admin->print_success($TEXT['SUCCESS'], $module_edit_link); } // Print admin footer $admin->print_footer();
foreach ($zip_files as $zip_file => $info) { if (basename($info['filename']) == 'info.php') { return '/' . dirname($info['filename']); } } return ''; } // do not display notices and warnings during installation error_reporting(E_ALL ^ E_NOTICE ^ E_WARNING); // Setup admin object require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Addons', 'modules_install', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } $admin->print_header(); // Check if module folder is writable if (!is_writable(WB_PATH . '/modules/')) { if (file_exists($temp_file)) { unlink($temp_file); } // Remove temp file $admin->print_error($MESSAGE['GENERIC_BAD_PERMISSIONS']); } // Check if user uploaded a file if (!isset($_FILES['userfile'])) { header("Location: index.php"); exit(0); }
exit(0); } else { $page_id = $_GET['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_delete'); // Include the functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; // Get perms $results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'"); $results_array = $results->fetchRow(); // Find out more about the page $query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'"; $results = $database->query($query); if ($database->is_error()) { $admin->print_error($database->get_error()); } if ($results->numRows() == 0) { $admin->print_error($MESSAGE['PAGES_NOT_FOUND']); } $results_array = $results->fetchRow(); $old_admin_groups = explode(',', str_replace('_', '', $results_array['admin_groups'])); $old_admin_users = explode(',', str_replace('_', '', $results_array['admin_users'])); $in_old_group = FALSE; foreach ($admin->get_groups_id() as $cur_gid) { if (in_array($cur_gid, $old_admin_groups)) { $in_old_group = TRUE; } } if (!$in_old_group and !is_numeric(array_search($admin->get_user_id(), $old_admin_users))) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']);
* @filesource $HeadURL: svn://isteam.dynxs.de/wb_svn/wb280/tags/2.8.3/wb/modules/droplets/save_droplet.php $ * @lastmodified $Date: 2011-08-18 04:18:59 +0200 (Do, 18. Aug 2011) $ * */ require dirname(dirname(dirname(__DIR__))) . '/config.php'; if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } // Include WB admin wrapper script $admintool_link = ADMIN_URL . '/admintools/index.php'; $ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets'; $admin = new admin('admintools', 'admintools', false); $droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post')); if (!$admin->checkFTAN() || !$droplet_id) { $admin->print_header(); $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl); } $admin->print_header(); // Validate all fields if ($admin->get_post('title') == '') { $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl); } else { $title = $admin->add_slashes($admin->get_post('title')); $active = (int) $admin->get_post('active'); $admin_view = (int) $admin->get_post('admin_view'); $admin_edit = (int) $admin->get_post('admin_edit'); $show_wysiwyg = (int) $admin->get_post('show_wysiwyg'); $description = $admin->add_slashes($admin->get_post('description')); $tags = array('<?php', '?>', '<?'); $content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent'])); $comments = trim($admin->add_slashes($admin->get_post('comments')));
} else { $user_id = $_POST['user_id']; } // Gather details entered $groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : ''; $active = addslashes($_POST['active'][0]); $username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES)); $username = $admin->get_post_escaped($username_fieldname); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES)); $email = $admin->get_post_escaped('email'); $home_folder = $admin->get_post_escaped('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php'); } if (strlen($username) < 3) { $admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php'); } if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php'); } if ($password != "" && $password2 != "") { if (strlen($password) < AUTH_MIN_PASS_LENGTH) { $admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], 'index.php'); } if ($password != $password2) { $admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], 'index.php'); } }
* */ require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages'); // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get page list from database // $database = new database(); $query = "SELECT * FROM " . TABLE_PREFIX . "pages WHERE visibility = 'deleted' ORDER BY level DESC"; $get_pages = $database->query($query); // Insert values into main page list if ($get_pages->numRows() > 0) { while ($page = $get_pages->fetchRow()) { // Delete page subs $sub_pages = get_subs($page['page_id'], array()); foreach ($sub_pages as $sub_page_id) { delete_page($sub_page_id); } // Delete page delete_page($page['page_id']); } } // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error()); } else { $admin->print_success($TEXT['TRASH_EMPTIED']); } // Print admin $admin->print_footer();
} require_once WB_PATH . "/include/jscalendar/jscalendar-functions.php"; /**/ // Create new admin object // suppress to print the header, so no new FTAN will be set $admin = new admin('Pages', 'pages_modify', false); // Get page id if (!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) { header("Location: index.php"); exit(0); } else { $page_id = (int) $_GET['page_id']; } if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL . '/pages/sections.php?page_id=' . $page_id); } // After check print the header $admin->print_header(); /* if( (!($page_id = $admin->checkIDKEY('page_id', 0, $_SERVER['REQUEST_METHOD']))) ) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); exit(); } */ // Get perms // $database = new database(); $results = $database->query("SELECT admin_groups,admin_users FROM " . TABLE_PREFIX . "pages WHERE page_id = '{$page_id}'"); $results_array = $results->fetchRow(); $old_admin_groups = explode(',', $results_array['admin_groups']);
*/ // Create admin object require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Media', 'media_delete', false); // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get the current dir $directory = $admin->get_get('dir'); $directory = $directory == '/' ? '' : $directory; $dirlink = 'browse.php?dir=' . $directory; $rootlink = 'browse.php?dir='; // Check to see if it contains .. if (!check_media_path($directory)) { // $admin->print_header(); $admin->print_error($MESSAGE['MEDIA']['DIR_DOT_DOT_SLASH'], $rootlink, false); } // Get the file id $file_id = $admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD']); if (!$file_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false); } // Get home folder not to show $home_folders = get_home_folders(); $usedFiles = array(); // feature freeze // require_once(ADMIN_PATH.'/media/dse.php'); /* if(!empty($currentdir)) { $usedFiles = $Dse->getMatchesFromDir( $directory, DseTwo::RETURN_USED);
// include WB functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; // load WB language file require_once LEPTON_PATH . '/languages/' . LANGUAGE . '.php'; // create Admin object with admin header $admin = new admin('Addons', '', true, false); $js_back = ADMIN_URL . '/modules/index.php?advanced'; /** * Manually execute the specified module file (install.php, upgrade.php or uninstall.php) */ // check if specified module folder exists $mod_path = LEPTON_PATH . '/modules/' . basename(LEPTON_PATH . '/' . $_POST['file']); // let the old variablename if module use it $module_dir = $mod_path; if (!file_exists($mod_path . '/' . $_POST['action'] . '.php')) { $admin->print_error($TEXT['NOT_FOUND'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt> ', $js_back); } // include modules install.php script require $mod_path . '/' . $_POST['action'] . '.php'; // load module info into database and output status message require $mod_path . "/info.php"; load_module($mod_path, false); $msg = $TEXT['EXECUTE'] . ': <tt>"' . htmlentities(basename($mod_path)) . '/' . $_POST['action'] . '.php"</tt>'; switch ($_POST['action']) { case 'install': case 'upgrade': case 'uninstall': $admin->print_success($msg, $js_back); break; default: $admin->print_error($TEXT["ACTION_NOT_SUPPORTED"], $js_back);
$template->pparse('output', 'page'); } elseif ($_POST['action'] == 'delete') { /** ************************ * Try to delete the selected User */ // Get Admin access to the current page? $admin = new admin('Access', 'users_delete'); /** * Test for user statusflags == 32 */ $result = array(); $database->execute_query("SELECT `statusflags` FROM `" . TABLE_PREFIX . "users` WHERE `user_id`= '" . $_POST['user_id'] . "'", true, $result, false); if ($result['statusflags'] == 32) { /** * NOTICE: Aldus 15.12.2014 Error message is not in the language-file! */ $admin->print_error("Can't delete User - User got statusflags 32."); } else { /** * Delete the user */ $database->query("DELETE FROM `" . TABLE_PREFIX . "users` WHERE `user_id`= '" . $_POST['user_id'] . "'"); if ($database->is_error()) { $admin->print_error($database->get_error()); } else { $admin->print_success($MESSAGE['USERS_DELETED']); } } } // Print admin footer $admin->print_footer();
$admin = new admin('Access', 'groups'); $ftan = $admin->getFTAN(); // Setup template object, parse vars to it, then parse it // Create new template object $template = new Template(dirname($admin->correct_theme_source('groups.htt'))); // $template->debug = true; $template->set_file('page', 'groups.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_block('main_block', 'manage_users_block', 'users'); // insert urls $template->set_var(array('ADMIN_URL' => ADMIN_URL, 'WB_URL' => WB_URL, 'THEME_URL' => THEME_URL, 'FTAN' => $ftan)); // Get existing value from database $query = 'SELECT `group_id`, `name` FROM `' . TABLE_PREFIX . 'groups` WHERE `group_id` != 1'; $results = $database->query($query); if ($database->is_error()) { $admin->print_error($database->get_error(), 'index.php'); } // Insert values into the modify/remove menu $template->set_block('main_block', 'list_block', 'list'); if ($results->numRows() > 0) { // Insert first value to say please select $template->set_var('VALUE', ''); $template->set_var('NAME', $TEXT['PLEASE_SELECT'] . '...'); $template->parse('list', 'list_block', true); // Loop through groups while ($group = $results->fetchRow(MYSQLI_ASSOC)) { $template->set_var('VALUE', $admin->getIDKEY($group['group_id'])); $template->set_var('NAME', $group['name']); $template->parse('list', 'list_block', true); } } else {
<?php /* * @version 0.1 * @author Ruud Eisinga (Ruud) * @date 2009-04-10 */ require '../../config.php'; // Get id if (!isset($_GET['group_id']) or !is_numeric($_GET['group_id'])) { header("Location: " . ADMIN_URL . "/pages/index.php"); } else { $group_id = $_GET['group_id']; } // Include WB admin wrapper script require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider'; $admin = new admin('admintools', 'admintools'); $gtable = TABLE_PREFIX . 'mod_capslider_groups'; $database->query("DELETE FROM " . $gtable . " WHERE group_id = '{$group_id}' LIMIT 1"); // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error(), $module_edit_link); } else { $admin->print_success($TEXT['SUCCESS'], $module_edit_link); } // Print admin footer $admin->print_footer();
header("Location: index.php"); exit(0); } else { $page_id = intval($_POST['page_id']); } if (!isset($_POST['section_id']) || !is_numeric($_POST['section_id'])) { header("Location: index.php"); exit(0); } else { $section_id = intval($_POST['section_id']); } // $js_back = "javascript: history.go(-1);"; $js_back = ADMIN_URL . '/pages/modify.php?page_id=' . $page_id; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // After check print the header $admin->print_header(); // Get perms $sql = 'SELECT `admin_groups`,`admin_users` ' . 'FROM `' . TABLE_PREFIX . 'pages` ' . 'WHERE `page_id` = ' . $page_id; $results = $database->query($sql); $results_array = $results->fetchRow(); if (!$admin->ami_group_member($results_array['admin_users']) && !$admin->is_group_match($admin->get_groups_id(), $results_array['admin_groups'])) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Get page module $sql = 'SELECT `module` FROM `' . TABLE_PREFIX . 'sections` ' . 'WHERE `page_id`=' . $page_id . ' AND `section_id`=' . $section_id; $module = $database->get_one($sql); if (!$module) { $admin->print_error($database->is_error() ? $database->get_error() : $MESSAGE['PAGES_NOT_FOUND']);
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // end include class.secure.php // Get page id if (!isset($_GET['page_id']) || !is_numeric($_GET['page_id'])) { header("Location: index.php"); exit(0); } else { $page_id = $_GET['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify'); // Get perms if (!$admin->get_page_permission($page_id, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } $sectionId = isset($_GET['wysiwyg']) ? htmlspecialchars($admin->get_get('wysiwyg')) : NULL; // Get page details $results_array = $admin->get_page_details($page_id); // Get display name of person who last modified the page $user = $admin->get_user_details($results_array['modified_by']); // Convert the unix ts for modified_when to human a readable form $modified_ts = $results_array['modified_when'] != 0 ? $modified_ts = date(TIME_FORMAT . ', ' . DATE_FORMAT, $results_array['modified_when']) : 'Unknown'; // Include page info script $template = new Template(THEME_PATH . '/templates'); $template->set_file('page', 'pages_modify.htt'); $template->set_block('page', 'main_block', 'main'); $template->set_var(array('PAGE_ID' => $results_array['page_id'], 'PAGE_TITLE' => $results_array['page_title'], 'MENU_TITLE' => $results_array['menu_title'], 'ADMIN_URL' => ADMIN_URL, 'LEPTON_URL' => LEPTON_URL, 'LEPTON_PATH' => LEPTON_PATH, 'THEME_URL' => THEME_URL)); $template->set_var(array('MODIFIED_BY' => $user['display_name'], 'MODIFIED_BY_USERNAME' => $user['username'], 'MODIFIED_WHEN' => $modified_ts, 'LAST_MODIFIED' => $MESSAGE['PAGES_LAST_MODIFIED'])); $template->set_block('main_block', 'show_modify_block', 'show_modify');
$admin = new admin('Access', 'groups_modify'); include_once LEPTON_PATH . '/framework/summary.functions.php'; // Create a javascript back link $js_back = "javascript: history.go(-1);"; // Check if group group_id is a valid number and doesnt equal 1 if (!isset($_POST['group_id']) || !is_numeric($_POST['group_id']) || $_POST['group_id'] == 1) { header("Location: index.php"); exit(0); } else { $group_id = $_POST['group_id']; } // Gather details entered $group_name = $admin->get_post_escaped('group_name'); // Check values if ($group_name == "") { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK']); } // Get system permissions require_once ADMIN_PATH . '/groups/get_permissions.php'; // Update the database $query = "UPDATE " . TABLE_PREFIX . "groups SET name = '{$group_name}', system_permissions = '{$system_permissions}', module_permissions = '{$module_permissions}', template_permissions = '{$template_permissions}' WHERE group_id = '{$group_id}'"; $database->query($query); if ($database->is_error()) { $admin->print_error($database->get_error()); exit; } else { $admin->print_success($MESSAGE['GROUPS_SAVED'], ADMIN_URL . '/groups/index.php'); exit; } // Print admin footer $admin->print_footer();
<?php require '../../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages'); if (!isset($_GET['dd']) || !is_numeric($_GET['dd'])) { exit; } $query_order_pages = sprintf("UPDATE `" . TABLE_PREFIX . "mod_jsadmin` \n\t\t\t\t\t\t\t\tSET `value` = '%d' \n\t\t\t\t\t\t\t\tWHERE `name` = 'mod_jsadmin_ajax_order_pages'", $_GET['dd']); $database->query($query_order_pages); if ($database->is_error()) { $admin->print_error($database->get_error(), ADMIN_URL . '/pages/index.php'); } else { $admin->print_success($TEXT['SUCCESS'], ADMIN_URL . '/pages/index.php'); } $admin->print_footer(); ?>
} // Insert language text and messages $template->set_var(array('TEXT_RESET' => $TEXT['RESET'], 'TEXT_CANCEL' => $TEXT['CANCEL'], 'TEXT_ACTIVE' => $TEXT['ACTIVE'], 'TEXT_DISABLED' => $TEXT['DISABLED'], 'TEXT_PLEASE_SELECT' => $TEXT['PLEASE_SELECT'], 'TEXT_USERNAME' => $TEXT['USERNAME'], 'TEXT_PASSWORD' => $TEXT['PASSWORD'], 'TEXT_RETYPE_PASSWORD' => $TEXT['RETYPE_PASSWORD'], 'TEXT_DISPLAY_NAME' => $TEXT['DISPLAY_NAME'], 'TEXT_EMAIL' => $TEXT['EMAIL'], 'TEXT_GROUP' => $TEXT['GROUP'], 'TEXT_NONE' => $TEXT['NONE'], 'TEXT_HOME_FOLDER' => $TEXT['HOME_FOLDER'], 'USERNAME_FIELDNAME' => $username_fieldname, 'CHANGING_PASSWORD' => $MESSAGE['USERS_CHANGING_PASSWORD'], 'HEADING_MODIFY_USER' => $HEADING['MODIFY_USER'])); // Parse template object $template->parse('main', 'main_block', false); $template->pparse('output', 'page'); // Print admin footer $admin->print_footer(); break; case 'delete': // Print header $admin = new admin('Access', 'users_delete'); $user_id = intval($admin->checkIDKEY('user_id', 0, $_SERVER['REQUEST_METHOD'])); // Check if user id is a valid number and doesnt equal 1 if ($user_id == 0) { $admin->print_error($MESSAGE['GENERIC_FORGOT_OPTIONS']); } if ($user_id < 2) { // if($admin_header) { $admin->print_header(); } $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } $sql = 'SELECT `active` FROM `' . TABLE_PREFIX . 'users` '; $sql .= 'WHERE `user_id` = ' . $user_id . ''; if (($iDeleteUser = $database->get_one($sql)) == 1) { // Delete the user $database->query("UPDATE `" . TABLE_PREFIX . "users` SET `active` = 0 WHERE `user_id` = '" . $user_id . "' "); } else { $database->query("DELETE FROM `" . TABLE_PREFIX . "users` WHERE `user_id` = " . $user_id); } if ($database->is_error()) { $admin->print_error($database->get_error());
* @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Create admin object require '../../config.php'; $admin = new admin('Media', 'media_rename', false); // Include the WB functions file // Get the current dir $directory = $admin->get_get('dir'); $directory = $directory == '/' ? '' : $directory; $dirlink = 'browse.php?dir=' . $directory; $rootlink = 'browse.php?dir='; // $file_id = intval($admin->get_get('id')); // first Check to see if it contains .. if (!check_media_path($directory)) { $admin->print_error($MESSAGE['MEDIA_DIR_DOT_DOT_SLASH'], $rootlink, false); } // Get the temp id $file_id = intval($admin->checkIDKEY('id', false, $_SERVER['REQUEST_METHOD'])); if (!$file_id) { $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $dirlink, false); } // Get home folder not to show $home_folders = get_home_folders(); // Check for potentially malicious files $forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD); // Figure out what folder name the temp id is if ($handle = opendir(WB_PATH . MEDIA_DIRECTORY . '/' . $directory)) { // Loop through the files and dirs an add to list while (false !== ($file = readdir($handle))) { $info = pathinfo($file);
* * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Print admin header require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; // suppress to print the header, so no new FTAN will be set $admin = new admin('Access', 'groups_modify', false); // Create a javascript back link $js_back = ADMIN_URL . '/groups/index.php'; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // Check if group group_id is a valid number and doesnt equal 1 $group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); if ($group_id < 2) { // if($admin_header) { $admin->print_header(); } $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // Gather details entered $group_name = $admin->get_post_escaped('group_name'); // Check values if ($group_name == "") { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back); } // After check print the header
$sql = 'DELETE FROM `' . TABLE_PREFIX . 'addons` WHERE `type` = \'language\''; $database->query($sql); // Reload all languages foreach ($languages['filename'] as &$file) { load_language(LEPTON_PATH . '/languages/' . $file); } // Reload the current language file - otherwise wie've got the last message in e.g. russian. require LEPTON_PATH . '/languages/' . LANGUAGE . '.php'; // Add success message $msg[] = '<span class="normal bold green">' . $MESSAGE['ADDON_LANGUAGES_RELOADED'] . '</span>'; } else { // Add error message $error_msg[] = '<span class="normal bold red">' . $MESSAGE['ADDON_ERROR_RELOAD'] . ' - No languages found!</span>'; } break; } } } } } else { $error_msg[] = '<span class="big bold red">' . $MESSAGE['ADMIN_INSUFFICIENT_PRIVELLIGES'] . '</span> '; } // if (sizeof($error_msg) > 0) { $error_msg = array_merge($error_msg, $msg); $admin->print_error(implode($error_msg, '<br />'), $backlink); } else { // output success message $admin->print_success(implode($msg, '<br />'), $backlink); } // $admin->print_footer();
* WebsiteBaker Community Edition (WBCE) * Way Better Content Editing. * Visit http://wbce.org to learn more and to join the community. * * @copyright Ryan Djurovich (2004-2009) * @copyright WebsiteBaker Org. e.V. (2009-2015) * @copyright WBCE Project (2015-) * @license GNU GPL2 (or any later version) */ // Setup admin object require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; $admin = new admin('Addons', 'languages_uninstall', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } // After check print the header $admin->print_header(); // Check if user selected language if (!isset($_POST['code']) or $_POST['code'] == "") { header("Location: index.php"); exit(0); } // Extra protection if (trim($_POST['code']) == '') { header("Location: index.php"); exit(0); } // Include the WB functions file require_once WB_PATH . '/framework/functions.php';