$Logs = new cLogs("addcapability.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['add_capab'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('name', 'preg_match("' . $namePat . '",$test)', 'The NAME must be without whitespaces and diacritical marks and max. 50 symbols!')) {
$Check->check('name', '$test==false', 'This capability already exists!', admin_capabExists($_POST['name']));
}
$Check->check('description', 'strlen($test) > 0 && strlen($test) < 266', 'The description of capability is required with max length 255 symbols!');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
$aVals[] = array('name', $_POST['name']);
$aVals[] = array('description', $_POST['description']);
/// insert values ///
if (!$DB->insert('core_capabilities', $aVals)) {
throw new cException("Some error during insert operation!");
}
$aAlerts[] = "New capability waw added.";
} catch (cException $e) {
/**
* adds msg to logs(passes msg to parent cLogs with prefix DB_LOG);
* if second parameter is true adds also the msg to static logs in this class
* @param mixxed $value
* @param string $name
*/
public function addLog($value, $name = "--", $dbLog = "_dbLog")
{
parent::addLog($value, $name, $dbLog);
}
private function insert($aUser)
{
$time = getDateToDb(time() + AUTH_TIMEOUT);
$sess = session_id();
$res = cDb::insert('core_authentications', array(array('timeinit', $time), array('user', $aUser['id'], false), array('session', $sess), array('ip', $_SERVER['REMOTE_ADDR'])));
if (!$res) {
cLogs::addLog("#### AuthInsert: false");
$this->aErrors[] = getString("Some error during login process!", 'core');
$this->aErrors[] = getString("Contact your admin to solve this problem!", 'core');
$this->clearSessions();
$this->clearCookies();
return false;
}
$this->setSessions($aUser);
$this->setCookies($aUser);
return true;
}
<?php
if (!session_id()) {
@session_start();
}
require_once "../core/core_defines.inc.php";
require_once ROOT_PATH . "core/global_fce.php";
requireFile("admin/admin_fce.php");
$DB = new cDb();
$DB->connect();
$CFG = new cCfg();
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$_aErrors = array();
$_aAlerts = array();
$Authent = new cAuthentication();
$bAut = $Authent->authenticate();
if (!$bAut && ADMIN_PAGE_ACCESS_AUTHORIZIED || $bAut && !$CFG->hasCapability('superadmin')) {
header("Location: " . HTTP_PATH);
}
$_index_rights = true;
foreach ($_GET as $k => $v) {
$_GET[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
/// update capabilities ///
if (isset($_POST['update_capab'])) {
_updateCapabilities();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
}
$Check = new cCheckForm();
$Check->check('name', 'strlen($test)>0 && strlen($test)<101', 'The name is required with max 100 symbols including whitespaces!');
$Check->check('surname', 'strlen($test)>0 && strlen($test)<101', 'The surname is required with max 100 symbols including whitespaces!');
$Check->check('role', 'is_numeric($test)', 'The role is required!');
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
$Check->check('login', '$test==false', 'This login already exists!', admin_userLoginExists($_POST['login']));
}
$passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
$Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
}
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
$aVals[] = array('name', $_POST['name']);
$aVals[] = array('surname', $_POST['surname']);
$aVals[] = array('login', $_POST['login']);
$aVals[] = array('password', cAuthentication::cyphrePassword($_POST['passw']));
$aVals[] = array('role', $_POST['role'], false);
/// insert values ///
if (!$DB->insert('core_users', $aVals)) {
throw new cException("Some error during insert operation!");
###################################### code ##############################################
$Logs = new cLogs("add.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
if (isset($_POST['add_template'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$namePat = '/^([a-z]+[a-z0-9_-]+){1,50}$/';
/// existing templates wasn't selected ///
if ($Check->check('newtemp', 'preg_match("' . $namePat . '",$test)', 'The name of TEMPLATE must be in lowercase letters without whitespaces and diacritical marks and max. 50 symbols! (e.g.: newhomepage or new_home-page1')) {
$Check->check('newtemp', '$test==false', 'The name of TEMPLATE already exists!', admin_tempExists($_POST['newtemp']));
}
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
$result = false;
} else {
$result = add_insertNewTemplate();
}
if ($result) {
$aAlerts[] = "Template was added.";
} else {
$aErrors[] = "Template wasn't added.";
}
$Logs->addLog($result, 'new template RESULT');
$aAlerts = array();
global $DB;
if (isset($_POST['add_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// max. 100 symbols ///
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
$Check->check('name', '$test==false', 'The name of role already exists!', admin_roleExists($_POST['name']));
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'add new one valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
try {
$aVals = array();
$aVals[] = array('name', $_POST['name']);
$aVals[] = array('description', $_POST['description']);
$sort = $_POST['sort'];
$db_sorts = $DB->select('core_roles', array('id', 'sort'), null, 'sort');
$aSort = array();
foreach ($db_sorts as $dbsort) {
$aSort[] = array($dbsort['id'], (int) $dbsort['sort']);
}
if (isset($_POST['submit']) && (isset($_POST['pageid']) && is_numeric($_POST['pageid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
/// existing templates wasn't selected ///
$Check->check('temp', '$test !== "null"', 'TEMPLATE is required!');
$bTitle = false;
foreach ($_POST as $k => $v) {
if (substr($k, 0, 3) == 'lng') {
$Check->check('title' . substr($k, 3), 'strlen($test)>0', 'Title of PAGE' . strtoupper(substr($k, 3)) . ' is required!');
$bTitle = true;
}
}
$Check->check('page_title', '$test == true', 'Title of PAGE is required!', $bTitle);
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
$result = false;
} else {
$result = editpage_alterPage($_POST['pageid']);
}
if ($result) {
$aAlerts[] = "Template was succesfully saved.";
} else {
$aErrors[] = "Template wasn't saved.";
}
$Logs->addLog($result, 'alter page RESULT');
}
$Logs = new cLogs("editroles.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['update_role'])) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['roleid'] == $_GET['id']), 'There is no correct role!', $_POST['roleid']);
if ($Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name of role must be max. 100 symbols!')) {
/// check if name already exists ///
if ($exists = admin_roleExists($_POST['name'])) {
$Logs->addLog($exists, 'role EXISTS');
$exists = !($exists['id'] == $_POST['roleid']);
}
$Logs->addLog($exists, 'role EXISTS');
$Check->check('name', '$test==false', 'The name of role already exists!', $exists);
}
$Check->check('description', '$test != "" && strlen($test) <= 255', 'Description of role is required; with a maximum length 255!');
$Check->check('parentid', 'is_numeric($test) || $test=="null"', 'The parent role is in wrong type');
$Check->check('sort', 'is_numeric($test) || strlen($test)==0', 'The parent role is in wrong type');
$Logs->addLog($Check->isValid(), 'form valid');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
//throw new cException("Form is not valid!");
} else {
<?php
if (!session_id()) {
@session_start();
}
require_once "core/core_defines.inc.php";
require_once "core/global_fce.php";
require_once "custom_defines.inc.php";
$Logs = new cLogs("index.php");
$Logs->on();
$Logs->addLog($_POST, "POST");
$DB = new cDb();
$connection = $DB->connect();
if ($connection) {
$CFG = new cCfg();
if (!isset($_GET['_pageAction_'])) {
if (is_string($CFG->getDefaultPage('path'))) {
header("Location: " . $CFG->getDefaultPage('path'));
} else {
if (!ADMIN_PAGE_ACCESS_AUTHORIZIED) {
header("Location: " . HTTP_PATH . "admin");
}
}
}
$action = get_magic_quotes_gpc() ? $_GET['_pageAction_'] : addslashes($_GET['_pageAction_']);
//$Logs->addLog($action,"_pageAction_");
$CORE = new cBuildIndex($action);
if (MK_DEBUG) {
$CORE->addCssToHead("core/logs.css");
}
$Authent = new cAuthentication();
}
##########################################################################################
###################################### code ##############################################
$Logs = new cLogs("edittemplate.php");
$Logs->on();
$aErrors = array();
$aAlerts = array();
global $DB;
if (isset($_POST['submit']) && (isset($_POST['tempid']) && is_numeric($_POST['tempid']))) {
foreach ($_POST as $k => $v) {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$Check = new cCheckForm();
$Check->check('js', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in JS field!');
$Check->check('css', 'preg_match("/^(([a-zA-Z0-9_-]+(\\.)?[a-zA-Z0-9_-]+)+(,([a-zA-Z0-9_-]+((\\.)?[a-zA-Z0-9_-]+)*)+)*)?$/",$test)', 'The wrong type of string in CSS field!');
$Logs->addLog($Check->isValid(), 'valid');
//$Logs->addLog($Check->getErrors(),'errors');
if (!$Check->isValid()) {
foreach ($Check->getErrors() as $k => $error) {
$aErrors[] = admin_getErrorToPrint($k, $error);
}
} else {
if ($_POST['parent_temp'] != 'null') {
$aVals[] = array('parentid', intval($_POST['parent_temp']), false);
} else {
$aVals[] = array('parentid', 'NULL', false);
}
$aVals[] = array('js', $_POST['js']);
$aVals[] = array('css', $_POST['css']);
$aVals[] = array('timemodified', getDateToDb());
try {
$_POST[$k] = get_magic_quotes_gpc() ? trim($v) : trim(addslashes($v));
}
$aVals = array();
$Check = new cCheckForm();
$Check->check('General', 'is_numeric($test) && ' . ($_POST['userid'] == $_GET['id']), 'There is no correct user!', $_POST['userid']);
$Check->check('name', 'strlen($test) > 0 && strlen($test) < 101', 'The name must be max. 100 symbols!');
$Check->check('surname', 'strlen($test) > 0 && strlen($test) < 101', 'The surname must be max. 100 symbols!');
$Check->check('role', 'is_numeric($test)', 'The role is in wrong format!');
/// change login ///
if (strlen($_POST['login'])) {
/// max. 50 symbols ///
$loginPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('login', 'preg_match("' . $loginPat . '",$test)', 'The login must be without whitespaces and diacritical marks and max. 50 symbols!')) {
/// check if login already exists ///
if ($exists = admin_roleExists($_POST['login'])) {
$Logs->addLog($exists, 'user login EXISTS');
$exists = !($exists['id'] == $_POST['userid']);
}
$Logs->addLog($exists, 'user login EXISTS');
$Check->check('login', '$test==false', 'This login already exists!', $exists);
}
$aVals[] = array('login', $_POST['login']);
}
/// change password ///
if (strlen($_POST['passw'])) {
$passwPat = '/^[a-zA-Z0-9_-]{1,50}$/';
if ($Check->check('password', 'strlen($test)>5 && strlen($test)<51', 'The password must have at least 6 symbols and max. 50, without diacritical marks and whitespaces!', $_POST['passw'])) {
$Check->check('password', '$test==true', 'Verification of password is not correct!', $_POST['passw'] == $_POST['passw_ver']);
}
$aVals[] = array('password', cAuthentication::cyphrePassword($_POST['passw']));
}