}
if (!empty($_POST['status_send'])) {
$plugin['order_status'][] = 'SENT';
}
if (!empty($_POST['status_back'])) {
$plugin['order_status'][] = 'RETURN';
}
if (!empty($_POST['status_done'])) {
$plugin['order_status'][] = 'COMPLETED';
}
$plugin['order_status'] = implode('-', $plugin['order_status']);
if ($plugin['order_status'] == '') {
$plugin['order_status'] = 'NEW-ORDER';
}
$sql = 'UPDATE ' . DB_PREPEND . "phpwcms_shop_orders SET order_status='" . aporeplace($plugin['order_status']) . "' ";
$sql .= "WHERE order_id=" . intval($_POST['order_status']);
if (_dbQuery($sql, 'UPDATE')) {
set_status_message($BLM['shopprod_status_msg'], 'success');
}
}
$sql = 'SELECT *, UNIX_TIMESTAMP(order_date) AS order_date_unix FROM ' . DB_PREPEND . 'phpwcms_shop_orders ';
$sql .= "WHERE order_id = " . intval($_GET['show']);
$plugin['data'] = _dbQuery($sql);
if (isset($plugin['data'][0])) {
$plugin['data'] = $plugin['data'][0];
$plugin['data']['order_data'] = @unserialize($plugin['data']['order_data']);
} else {
headerRedirect(shop_url('controller=order', ''));
}
$BLM['shopprod_payby_INVOICE'] = $BLM['shopprod_payby_onbill'];
}
$plugin['data']['shopprod_filecaption'] = array();
$plugin['data']['shopprod_url'] = isset($plugin['data']['shopprod_var']['url']) ? $plugin['data']['shopprod_var']['url'] : '';
} else {
headerRedirect(shop_url('controller=prod', ''));
}
}
$sql = 'SELECT C1.cat_id, C1.cat_name, C1.cat_pid, C1.cat_status, ';
$sql .= "IFNULL(CONCAT(C2.cat_name, '>', C1.cat_name), C1.cat_name) AS category ";
$sql .= 'FROM ' . DB_PREPEND . 'phpwcms_categories C1 ';
$sql .= 'LEFT JOIN ' . DB_PREPEND . 'phpwcms_categories C2 ';
$sql .= 'ON C1.cat_pid=C2.cat_id ';
$sql .= "WHERE C1.cat_type='module_shop' AND C1.cat_status!=9 ";
$sql .= 'ORDER BY category';
$plugin['data']['categories'] = _dbQuery($sql);
} elseif ($action == 'status') {
list($plugin['data']['shopprod_id'], $plugin['data']['shopprod_status']) = explode('-', $_GET['status']);
$plugin['data']['shopprod_id'] = intval($plugin['data']['shopprod_id']);
$plugin['data']['shopprod_status'] = empty($plugin['data']['shopprod_status']) ? 1 : 0;
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_shop_products SET ';
$sql .= "shopprod_status = " . $plugin['data']['shopprod_status'] . " ";
$sql .= "WHERE shopprod_id = " . $plugin['data']['shopprod_id'];
_dbQuery($sql, 'UPDATE');
headerRedirect(shop_url('controller=prod', ''));
} elseif ($action == 'delete') {
$plugin['data']['shopprod_id'] = intval($_GET['delete']);
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_shop_products SET ';
$sql .= "shopprod_status = 9 ";
$sql .= "WHERE shopprod_id = " . $plugin['data']['shopprod_id'];
_dbQuery($sql, 'UPDATE');
headerRedirect(shop_url('controller=prod', ''));
}
mysql_free_result($alias_result);
}
}
//Kategoriebezeichner
$article['cat'] = $content['struct'][$row["article_cid"]]['acat_name'];
//redirection definition
if ($row["article_redirect"]) {
$row["article_redirect"] = str_replace('{SITE}', PHPWCMS_URL, $row["article_redirect"]);
$content["redirect"] = explode(' ', $row["article_redirect"]);
$content["redirect"]["link"] = $content["redirect"][0];
$content["redirect"]["target"] = isset($content["redirect"][1]) ? $content["redirect"][1] : '';
$content["redirect"]["timeout"] = isset($content["redirect"][2]) ? intval($content["redirect"][2]) : 0;
//check how to redirect - new window or self window
if (!$content["redirect"]["target"] || $content["redirect"]["target"] == "_self" || $content["redirect"]["target"] == "_top" || $content["redirect"]["target"] == "_parent") {
// direct redirection in the same window
headerRedirect($content["redirect"]["link"], 301);
} else {
// redirection by using a special <meta><javascript> html head part
$content["redirect"]["code"] = LF . ' <noscript>' . LF;
$content["redirect"]["code"] .= ' <meta http-equiv="refresh" content="' . $content["redirect"]["timeout"] . ';URL=';
$content["redirect"]["code"] .= $content["redirect"]["link"];
$content["redirect"]["code"] .= '" />' . LF . ' </noscript>' . LF;
$content["redirect"]["code"] .= ' <script' . SCRIPT_ATTRIBUTE_TYPE . '>' . LF;
$content["redirect"]["code"] .= ' var redirectWin;' . LF;
if ($content["redirect"]["timeout"]) {
$content["redirect"]["code"] .= ' window.setTimeout(\'window.open("' . $content["redirect"]["link"] . '", redirectWin)\', ';
$content["redirect"]["code"] .= $content["redirect"]["timeout"] * 1000;
$content["redirect"]["code"] .= ');';
} else {
$content["redirect"]["code"] .= ' window.open("' . $content["redirect"]["link"] . '", redirectWin);';
}
if (isset($phpwcms['modules'][$module]['path'])) {
// module default stuff
// load special backend CSS
$BE['HEADER']['module_calendar.css'] = ' <link href="' . $phpwcms['modules'][$module]['dir'] . 'template/backend.calendar.css" rel="stylesheet" type="text/css" />';
// put translation back to have easier access to it - use it as relation
$BLM =& $BL['modules'][$module];
define('MODULE_HREF', 'phpwcms.php?do=modules&module=' . $module);
$glossary = array();
if (isset($_GET['edit'])) {
// handle posts and read data
include_once $phpwcms['modules'][$module]['path'] . 'inc/processing.inc.php';
// edit form
include_once $phpwcms['modules'][$module]['path'] . 'backend.editform.php';
} elseif (isset($_GET['verify'])) {
// active/inactive
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_calendar SET ';
$sql .= "calendar_status=" . (intval($_GET['verify']) ? 1 : 0) . " ";
$sql .= "WHERE calendar_id=" . intval($_GET['editid']);
@_dbQuery($sql, 'UPDATE');
headerRedirect(decode_entities(MODULE_HREF));
} elseif (isset($_GET['delete'])) {
// delete
$sql = 'UPDATE ' . DB_PREPEND . 'phpwcms_calendar SET ';
$sql .= "calendar_status=9 WHERE calendar_id=" . intval($_GET['delete']);
@_dbQuery($sql, 'UPDATE');
headerRedirect(decode_entities(MODULE_HREF));
} else {
// listing
include_once $phpwcms['modules'][$module]['path'] . 'backend.listing.php';
}
}
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if ($_SESSION["wcs_user_admin"] == 1) {
list($do, $id) = explode('|', $_GET['do']);
$do = intval($do);
$id = intval($id);
if ($id) {
if ($do === 1) {
_dbUpdate('phpwcms_pagelayout', array('pagelayout_default' => 0, 'pagelayout_trash' => 9), 'pagelayout_id=' . $id);
} elseif ($do === 2) {
$result = _dbUpdate('phpwcms_template', array('template_default' => 0, 'template_trash' => 9), 'template_id=' . $id);
// Update article categories with new default template ID or to 0 if no default template is defined
if ($result) {
$default = _dbGet('phpwcms_template', 'template_id, template_default', 'template_trash=0 AND template_default=1', '', '', 1);
_dbUpdate('phpwcms_articlecat', array('acat_template' => isset($default[0]['template_id']) ? $default[0]['template_id'] : 0), 'acat_trash=0 AND acat_template=' . $id);
}
}
}
}
headerRedirect($_SESSION['REFERER_URL']);
$sql .= 'glossary_created, glossary_changed, glossary_title, glossary_tag, ';
$sql .= 'glossary_keyword, glossary_text, glossary_highlight, glossary_object, glossary_status';
$sql .= ') VALUES (';
$sql .= "'" . aporeplace($glossary['data']['glossary_created']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_changed']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_title']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_tag']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_keyword']) . "', ";
$sql .= "'" . aporeplace($glossary['data']['glossary_text']) . "', ";
$sql .= aporeplace($glossary['data']['glossary_highlight']) . ', ';
$sql .= "'" . aporeplace(serialize($glossary['data']['glossary_object'])) . "', ";
$sql .= aporeplace($glossary['data']['glossary_status']);
$sql .= ')';
if ($result = @_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(GLOSSARY_HREF));
}
if (!empty($result['INSERT_ID'])) {
$glossary['id'] = $result['INSERT_ID'];
}
} else {
$glossary['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($glossary['id'] && !isset($glossary['error'])) {
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_glossary WHERE glossary_id=' . $glossary['id'];
$glossary['data'] = _dbQuery($sql);
$glossary['data'] = $glossary['data'][0];
// check for multiple entries
if ($value['address_count'] > 1) {
$sql = 'SELECT address_id FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
$sql .= 'ORDER BY address_verified DESC, address_name DESC LIMIT 1';
$dataID = _dbQuery($sql);
if (!empty($dataID[0]['address_id'])) {
$sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_email='" . aporeplace($value['address_email']) . "' ";
$sql .= "AND address_id != " . intval($dataID[0]['address_id']);
@_dbQuery($sql, 'DELETE');
}
}
}
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?do=messages&p=4');
}
// delete susbcriber
if (isset($_GET["del"]) && isset($_GET["s"]) && $_GET["del"] == $_GET["s"]) {
_dbQuery("DELETE FROM " . DB_PREPEND . "phpwcms_address WHERE address_id=" . intval($_GET["del"]) . " LIMIT 1", 'DELETE');
}
// change verification
if (isset($_GET["verify"]) && isset($_GET["s"])) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_address SET address_verified=";
$sql .= intval($_GET["verify"]) ? 1 : 0;
$sql .= " WHERE address_id=" . intval($_GET["s"]) . " LIMIT 1";
_dbQuery($sql, 'UPDATE');
}
echo '<div class="title" style="margin-bottom:10px">' . $BL['be_subnav_msg_subscribers'] . '</div>';
?>
if (!empty($data[0]['address_url1'])) {
headerRedirect($data[0]['address_url1']);
}
if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/subscribe.tmpl'))) {
$page = "The email address <strong>{EMAIL}</strong> was verified.";
}
break;
case 'unsubscribe':
$sql = 'DELETE FROM ' . DB_PREPEND . 'phpwcms_address ';
$sql .= "WHERE address_key='" . aporeplace($hash) . "'";
$result = _dbQuery($sql, 'DELETE');
if (!empty($data[0]['address_url2'])) {
headerRedirect($data[0]['address_url2']);
}
if (!($page = file_get_contents(PHPWCMS_TEMPLATE . 'inc_default/unsubscribe.tmpl'))) {
$page = "All Subscriptions for <strong>{EMAIL}</strong> canceled.";
}
break;
}
} else {
headerRedirect(PHPWCMS_URL);
}
} else {
headerRedirect(PHPWCMS_URL);
}
// some replacements
$page = replaceGlobalRT($page);
$page = str_replace('{EMAIL}', $email, $page);
// send non caching page header
headerAvoidPageCaching();
echo $page;
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
// general wrapper for ajax based queries
session_start();
$phpwcms = array();
require '../../include/config/conf.inc.php';
require '../inc_lib/default.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
require PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
if (empty($_SESSION["wcs_user"])) {
headerRedirect('', 401);
die('Sorry, access forbidden');
}
if (isset($_POST['action'])) {
$action = isset($_POST['action']) ? $_POST['action'] : false;
$method = isset($_POST['method']) ? $_POST['method'] : 'json';
$value = isset($_POST['value']) ? clean_slweg($_POST['value'], 0, false) : '';
$jquery = false;
} elseif ($_GET['action']) {
$action = isset($_GET['action']) ? $_GET['action'] : false;
$method = isset($_GET['method']) ? $_GET['method'] : 'json';
$value = isset($_GET['value']) ? clean_slweg($_GET['value'], 0, false) : '';
$jquery = true;
}
if (empty($value)) {
$action = 'empty';
}
}
$basis = floor($value["max_width"] / $grid);
if (!$basis) {
$basis = 1;
}
$value["max_width"] = $basis * $grid;
$basis = floor($value["max_height"] / $grid);
if (!$basis) {
$basis = 1;
}
$value["max_height"] = $basis * $grid;
}
if (($image = get_cached_image($value, false, false)) && !empty($image[0])) {
// Redirect, the "old" way
if (!empty($phpwcms['cmsimage_redirect'])) {
headerRedirect(PHPWCMS_URL . PHPWCMS_IMAGES . $image[0], 301);
}
if (empty($image['type'])) {
$image['type'] = get_mimetype_by_extension(which_ext($image[0]));
}
header('Content-Type: ' . $image['type']);
header('Content-Disposition: inline');
@readfile(PHPWCMS_THUMB . $image[0]);
exit;
}
}
}
}
// uncached transparent GIF
phpwcms_empty_gif();
//Wenn Benutzer Admin-Rechte hat
//Löschen eines Benutzers
if (isset($_GET["del"])) {
$ui = explode(":", clean_slweg($_GET["del"]));
$user_id = intval($ui[0]);
$user_email = '';
if (isset($ui[1])) {
$user_email = $ui[1];
}
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET " . "usr_login='******', " . "usr_pass='******', " . "usr_email='', " . "usr_admin=0, " . "usr_aktiv=9 " . "WHERE usr_id=" . $user_id . " AND " . "usr_email=" . _dbEscape($user_email);
if ($result = mysql_query($sql, $db)) {
if (is_valid_email($user_email)) {
@mail($user_email, "your account", "YOUR PHPWCMS ACCOUNT WAS DELETED\n \ncontact the admin if you have any question.\n\nSee you at " . $phpwcms["site"], "From: " . $phpwcms["admin_email"] . "\nReply-To: " . $phpwcms["admin_email"] . "\n");
}
}
}
}
if (isset($_GET["aktiv"])) {
$ui = explode(":", clean_slweg($_GET["aktiv"]));
$user_id = intval($ui[0]);
$user_aktiv = !empty($ui[1]) ? 1 : 0;
if ($user_id != $_SESSION["wcs_user_id"]) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_user SET usr_aktiv=" . $user_aktiv . " WHERE usr_id=" . $user_id . ";";
mysql_query($sql, $db) or die("error");
}
}
}
//Ende Abarbeiten Aktion
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin');
<?php
// compare against current domain and redirect to correct if neccessary
//check active Domain
if (isset($LEVEL_ID[1]) && $LEVEL_ID[1] == 1 && strpos(PHPWCMS_URL, 'mydomain1.com') === false) {
headerRedirect('http://www.mydomain1.com/' . rel_url(array(), array(), '', 'urlencode'));
} elseif (isset($LEVEL_ID[1]) && $LEVEL_ID[1] == 2 && strpos(PHPWCMS_URL, 'mydomain2.com') === false) {
headerRedirect('http://www.mydomain2.com/' . rel_url(array(), array(), '', 'urlencode'));
}
$sql = "UPDATE " . DB_PREPEND . "phpwcms_forum SET " . $sqla;
$sql .= " WHERE forum_entry=0 AND forum_id=" . $forum["id"];
$sql .= " LIMIT 1";
} else {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_forum SET ";
$sql .= "forum_entry='0', ";
$sql .= "forum_uid='" . $_SESSION["wcs_user_id"] . "', ";
$sql .= "forum_created = '" . time() . "', ";
$sql .= $sqla;
}
// update or insert data entry
mysql_query($sql, $db) or die("error while updating or inserting forum data");
if (!$forum["id"]) {
$forum["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&' . build_QueryString('&', 'do=messages', 'p=6', 's=' . $forum["id"]));
}
if ($forum["id"]) {
// read the given subscription datas from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_forum WHERE forum_id=" . $forum["id"] . " LIMIT 1;";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_assoc($result)) {
$forum["id"] = $row["forum_id"];
$forum["title"] = html($row["forum_title"]);
$forum["text"] = html($row["forum_text"]);
}
mysql_free_result($result);
}
}
// show form
?>
$sql = "UPDATE " . DB_PREPEND . "phpwcms_template SET " . "template_name='" . aporeplace($template["name"]) . "', " . "template_default=" . $template["default"] . ", " . "template_var='" . aporeplace(serialize($template)) . "' " . "WHERE template_id=" . $template["id"];
} else {
// if ID = 0 then show create new template form
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_template (" . "template_name, template_default, template_var) VALUES ('" . aporeplace($template["name"]) . "', " . $template["default"] . ", '" . aporeplace(serialize($template)) . "')";
}
// update or insert data entry
@mysql_query($sql, $db) or die("error while updating or inserting template datas");
if (empty($template["id"]) || $createcopy == 1) {
$template["id"] = mysql_insert_id($db);
}
//now proof for default template definition
if ($template["default"]) {
mysql_query("UPDATE " . DB_PREPEND . "phpwcms_template SET template_default=0 " . "WHERE template_id != " . $template["id"], $db);
}
update_cache();
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=11&s=' . $template["id"]);
}
if ($template["id"]) {
// read the given template datas from db
$sql = "SELECT * FROM " . DB_PREPEND . "phpwcms_template WHERE template_id=" . $template["id"] . " LIMIT 1";
if ($result = mysql_query($sql, $db)) {
if ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
unset($template);
$template = unserialize($row["template_var"]);
$template["id"] = $row["template_id"];
$template["default"] = $row["template_default"];
// compatibility for older releases where only
// 1 css file could be stored per template
if (is_string($template['css'])) {
$template['css'] = array($template['css']);
}
$sql .= 'adplace_created, adplace_changed, adplace_status, adplace_title, ';
$sql .= 'adplace_format, adplace_width, adplace_height, adplace_prefix, adplace_suffix';
$sql .= ') VALUES (';
$sql .= "'" . aporeplace($plugin['data']['adplace_created']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['adplace_changed']) . "', ";
$sql .= $plugin['data']['adplace_status'] . ", ";
$sql .= "'" . aporeplace($plugin['data']['adplace_title']) . "', ";
$sql .= $plugin['data']['adplace_format'] . ", ";
$sql .= $plugin['data']['adplace_width'] . ", ";
$sql .= $plugin['data']['adplace_height'] . ", ";
$sql .= "'" . aporeplace($plugin['data']['adplace_prefix']) . "', ";
$sql .= "'" . aporeplace($plugin['data']['adplace_suffix']) . "'";
$sql .= ')';
if (@_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&listadplace=1');
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$sql = 'SELECT * FROM ' . DB_PREPEND . 'phpwcms_ads_place WHERE adplace_id=' . $plugin['id'];
$plugin['data'] = _dbQuery($sql);
$plugin['data'] = $plugin['data'][0];
}
// default values
if (empty($plugin['data'])) {
// try browser based language detection
// but only when user has opened the root level
$_DOMAIN_DETECT_BROWSER_LANG = true;
//////////////////////////////////////////////////////////////////////////////////
$_DOMAIN_URI = strtolower($_SERVER['SERVER_NAME']);
if (isset($LEVEL_ID[1])) {
$_DOMAIN_STATUS = true;
foreach ($_DOMAIN_REDIRECT as $key => $value) {
if ($LEVEL_ID[1] == $value['ID'] && strpos($_DOMAIN_URI, strtolower($key)) !== false) {
$_DOMAIN_STATUS = false;
break;
} elseif ($LEVEL_ID[1] == $value['ID'] && strpos($_DOMAIN_URI, strtolower($key)) === false) {
headerRedirect($value['HOME_URL'], 301);
}
}
if ($_DOMAIN_STATUS) {
reset($_DOMAIN_REDIRECT);
$value = current($_DOMAIN_REDIRECT);
headerRedirect($value['HOME_URL'], 301);
}
} elseif ($_DOMAIN_DETECT_BROWSER_LANG && $content['cat_id'] == 0) {
$current_lang = strtoupper(substr(preg_replace('/(;q=\\d+.\\d+)/i', '', $_SERVER['HTTP_ACCEPT_LANGUAGE']), 0, 2));
foreach ($_DOMAIN_REDIRECT as $key => $value) {
if ($value['LANG'] == $current_lang) {
headerRedirect($value['HOME_URL'], 301);
}
}
reset($_DOMAIN_REDIRECT);
$value = current($_DOMAIN_REDIRECT);
headerRedirect($value['HOME_URL'], 301);
}
function checkLogin($mode = 'REDIRECT')
{
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' ";
$sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]);
_dbQuery($sql, 'UPDATE');
checkLoginCount();
if (empty($_SESSION["wcs_user"])) {
@session_destroy();
$ref_url = '';
if (!empty($_SERVER['QUERY_STRING'])) {
$ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING']));
}
if ($mode == 'REDIRECT') {
// check again if user was logged in and this is a valid redirect request
$sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE ';
$sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND ";
$sql .= '( ' . time() . ' - logged_change ) < 3600';
$ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : '';
headerRedirect(PHPWCMS_URL . $ref_url);
} else {
return false;
}
}
return true;
}
function update_404redirect()
{
$data = array('error' => array(), 'data' => array('rid' => intval($_POST['rid']), 'alias' => clean_slweg($_POST['alias']), 'id' => trim($_POST['id']) === '' ? '' : intval($_POST['id']), 'aid' => trim($_POST['aid']) === '' || !intval($_POST['aid']) ? '' : intval($_POST['aid']), 'type' => empty($_POST['type']) || !in_array($_POST['type'], array('alias', 'id', 'aid', 'link')) ? '' : clean_slweg($_POST['type']), 'active' => empty($_POST['active']) ? 0 : 1, 'shortcut' => empty($_POST['shortcut']) ? 0 : 1, 'code' => empty($_POST['code']) || !in_array($_POST['code'], array('301', '307', '404', '401', '503')) ? '' : clean_slweg($_POST['code']), 'target' => clean_slweg($_POST['target']), 'changed' => date('Y-m-d H:i:s')));
if (!$data['data']['aid'] && !$data['data']['alias'] && $data['data']['id'] == '' && !isset($_POST['delete_' . md5($data['data']['rid'])])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error1'];
}
if ($data['data']['type'] && $data['data']['target'] === '') {
$data['error'][] = $GLOBALS['BL']['be_redirect_error2'];
} elseif (($data['data']['type'] == 'id' || $data['data']['type'] == 'aid') && !is_intval($data['data']['target'])) {
$data['error'][] = $GLOBALS['BL']['be_redirect_error3'];
}
if (count($data['error'])) {
$data['data']['active'] = 0;
set_status_message(implode('<br />', $data['error']), 'error');
} else {
$data['error'] = NULL;
$rid = $data['data']['rid'];
unset($data['data']['rid']);
if ($rid) {
// Mark for deletion
if (isset($_POST['delete_' . md5($rid)])) {
$data['data']['active'] = 9;
$result = _dbQuery('DELETE FROM ' . DB_PREPEND . 'phpwcms_redirect WHERE rid=' . $rid, 'DELETE');
} else {
$result = _dbUpdate('phpwcms_redirect', $data['data'], 'rid=' . $rid);
}
} else {
$result = _dbInsert('phpwcms_redirect', $data['data']);
if (isset($result['INSERT_ID'])) {
$rid = $result['INSERT_ID'];
}
}
$data['data']['rid'] = $rid;
if ($result) {
if ($data['data']['active'] == 9) {
set_status_message(str_replace('{ID}', $data['data']['rid'], $GLOBALS['BL']['be_action_deleted']), 'success');
headerRedirect('phpwcms.php?' . get_token_get_string('csrftoken') . '&do=admin&p=14');
} else {
set_status_message($GLOBALS['BL']['be_successfully_saved'], 'success');
}
} else {
set_status_message($GLOBALS['BL']['be_error_while_save'], 'error');
}
}
return $data;
}
$fkey["sort"] = empty($_POST["fkey_sort"]) ? 0 : intval($_POST["fkey_sort"]);
if (isEmpty($fkey["name"])) {
$fkey["error"] = 1;
} else {
if (!$fkey["id"]) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_filekey (fkey_name, fkey_aktiv, fkey_cid, fkey_sort) VALUES ('";
$sql .= aporeplace($fkey["name"]) . "', " . $fkey["active"] . ", " . $fkey["cid"] . ", " . $fkey["sort"] . ")";
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_filekey SET fkey_name='" . aporeplace($fkey["name"]);
$sql .= "', fkey_aktiv=" . $fkey["active"] . ", fkey_cid=" . $fkey["cid"] . ", fkey_sort=" . $fkey["sort"] . " WHERE fkey_id=" . $fkey["id"];
}
if ($result = mysql_query($sql, $db) or die("error while inserting/updating file key")) {
if (!$fkey["id"]) {
$fkey["id"] = mysql_insert_id($db);
}
headerRedirect(PHPWCMS_URL . "phpwcms.php?do=admin&p=7");
}
}
}
?>
<form action="phpwcms.php?do=admin&p=7&fkeyid=<?php
echo $fkey["id"] . "&cid=" . $fkey["cid"];
?>
" method="post" name="filekey" id="filekey">
<tr align="center" bgcolor="#F0F2F4"><td colspan="2"><table border="0" cellpadding="0" cellspacing="0" summary="">
<tr>
<td align="right" class="chatlist"><?php
echo $BL['be_admin_fcat_fcat'];
?>
: </td>
<td><select name="fkey_cid" id="fkey_cid">
function logout_user($reason = '', $type = '')
{
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
$sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
_dbQuery($sql, 'UPDATE');
$_SESSION = array();
@session_destroy();
$login_url = PHPWCMS_URL . get_login_file();
$get_parameter = array();
if ($reason) {
$get_parameter[] = 'reason=' . rawurlencode($reason);
}
if ($type) {
$get_parameter[] = 'type=' . rawurlencode($type);
}
if (count($get_parameter)) {
$login_url .= '?' . implode('&', $get_parameter);
}
headerRedirect($login_url, 401);
}
$mime = empty($_GET['type']) ? '' : clean_slweg($_GET['type'], 100);
if (!is_mimetype_format($mime)) {
$mime = get_mimetype_by_extension(which_ext($file));
}
header('Content-Type: ' . $mime);
if (BROWSER_OS == 'iOS') {
require_once PHPWCMS_ROOT . '/include/inc_lib/functions.file.inc.php';
rangeDownload($file);
} else {
header('Content-Transfer-Encoding: binary');
if (!isset($_GET['ios'])) {
header('Content-Disposition: inline; filename="' . ($phpwcms['sanitize_dlname'] ? phpwcms_remove_accents($filename) : $filename) . '"');
}
header('Content-Length: ' . filesize($file));
readfile($file);
}
$success = true;
}
}
if ($success) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_file SET f_dlfinal=f_dlfinal+1 ";
$sql .= "WHERE f_hash=" . _dbEscape($download["f_hash"]) . " LIMIT 1";
_dbQuery($sql, 'UPDATE');
if ($countonly) {
headerRedirect(PHPWCMS_URL . PHPWCMS_FILES . $fileinfo['filename']);
}
} else {
headerRedirect('', 404);
echo '<h1>404 File Not Found</h1>';
}
exit;
} elseif (isset($POST_ERR)) {
// do on POST_ERROR
if (isset($_FILES)) {
foreach ($_FILES as $file_key => $file_val) {
@unlink($_FILES[$file_key]['tmp_name']);
}
if (isset($POST_val) && count($POST_val)) {
foreach ($POST_val as $file_key => $file_val) {
if (isset($POST_val[$file_key]['name'])) {
@unlink(PHPWCMS_ROOT . '/' . $POST_val[$file_key]['folder'] . $POST_val[$file_key]['name']);
}
}
}
}
if ($cnt_form["onerror_redirect"] === 1) {
headerRedirect(str_replace('{SITE}', PHPWCMS_URL, $cnt_form["onerror"]));
} else {
if ($cnt_form["onerror"]) {
$form_error_text = '<div class="form-error on-send">' . LF;
$form_error_text .= $cnt_form["onerror_redirect"] === 0 ? plaintext_htmlencode($cnt_form["onerror"]) : $cnt_form["onerror"];
$form_error_text .= LF . '</div>' . LF;
}
$POST_ERR = array_diff($POST_ERR, array('', FALSE, TRUE));
$POST_ERR = array_map('html_specialchars', $POST_ERR);
if ($cnt_form['labelpos'] != 2 && count($POST_ERR)) {
if ($cnt_form['labelpos'] == 3) {
$form_error = '<div class="' . trim('form-error ' . $cnt_form["error_class"]) . '">' . LF;
$form_error .= ' <p>' . implode('</p>' . LF . ' <p>', $POST_ERR) . '</p>' . LF;
$form_error .= '</div>' . LF;
} else {
$form_error = "<tr>\n";
if (!@move_uploaded_file($_FILES["file"]["tmp_name"], $usernewfile)) {
$file_error["upload"] = $BL['be_fprivup_err3'] . ' (2)';
}
} else {
$file_error["upload"] = $BL['be_fprivup_err4'];
}
umask($oldumask);
}
if (is_file($usernewfile)) {
@chmod($usernewfile, 0666);
}
if (empty($file_error["upload"])) {
// store tags
_dbSaveCategories($file_tags, 'file', $new_fileId, ',');
//after successful upload go back to clear post (form) var
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=files&f=0&uploaded=1');
} else {
echo $file_error["upload"] . "<br />";
$file_error["upload"] = str_replace('{VAL}', $phpwcms["admin_email"], $BL['be_fprivup_err6']);
mysql_query("DELETE FROM " . DB_PREPEND . "phpwcms_file WHERE f_id=" . $new_fileId . " AND f_uid=" . $_SESSION["wcs_user_id"] . ";", $db);
}
}
}
if (!ini_get('safe_mode') && function_exists('set_time_limit')) {
set_time_limit(30);
}
}
?>
<form action="phpwcms.php?do=files&f=0" method="post" enctype="multipart/form-data" name="uploadfile" id="uploadfile">
<table border="0" cellpadding="0" cellspacing="0" bgcolor="#EBF2F4" summary="">
<tr>
//Undo Normale Message
if ($do == 3) {
if (intval($wert) == 0) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=0, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
mysql_query($sql, $db) or die("error");
}
}
//Undo Sent Message
if ($do == 4) {
if (intval($wert) == 0) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=0, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . ";";
mysql_query($sql, $db) or die("error");
}
}
//Delete Normale Message
if ($do == 5) {
if (intval($wert) == 9) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_deleted=9, msg_tstamp=msg_tstamp WHERE " . "msg_uid=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_deleted=1;";
mysql_query($sql, $db) or die("error");
}
}
//Delete sent message (Set del to 9)
if ($do == 6) {
if (intval($wert) == 9) {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_message SET " . "msg_from_del=9, msg_tstamp=msg_tstamp WHERE " . "msg_from=" . $_SESSION["wcs_user_id"] . " AND " . "msg_id=" . $id . " AND msg_from_del=1;";
mysql_query($sql, $db) or die("error");
}
}
$ref = empty($_SESSION['REFERER_URL']) ? PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') : $_SESSION['REFERER_URL'];
headerRedirect($ref);
function importData($type, $format, $filename)
{
switch ($type) {
case 'ioc':
$iocList = [];
switch ($format) {
case 'json':
$iocList = json_decode(file_get_contents($filename), true);
// foreach ($iocList as &$ioc) $ioc['value'] = json_encode($ioc['value']);
break;
case 'csv':
$iocList = parseCsv(file($filename));
foreach ($iocList as &$ioc) {
unpackValues($ioc['value']);
}
break;
default:
throw new Exception('Unsupported format');
}
if (!is_array($iocList) || isIocData($iocList)) {
$iocList = [$iocList];
}
$iocApi = new Ioc([]);
foreach ($iocList as $ioc) {
if (isIocData($ioc)) {
$ioc['value'] = json_encode($ioc['value']);
$iocApi->setParams($ioc)->addAction();
} else {
throw new Exception('Bad data');
}
}
headerRedirect(1, 'IOC import successful');
case 'set':
$setList = [];
switch ($format) {
case 'json':
$setList = json_decode(file_get_contents($filename), true);
break;
default:
throw new Exception('Unsupported format');
}
if (!is_array($setList) || isSetData($setList)) {
$setList = [$setList];
}
$iocApi = new Ioc([]);
$setApi = new Set([]);
foreach ($setList as $set) {
if (isSetData($set)) {
$goodName = $set['name'];
$iter = 1;
$namePassed = false;
while (!$namePassed) {
$namePassed = true;
try {
$setApi->setParams(['name' => $goodName, 'type' => 'root', 'parent' => -1])->addAction();
} catch (Exception $e) {
$namePassed = false;
$iter++;
$goodName = $set['name'] . ' ' . $iter;
}
}
foreach ($set['data'] as $root) {
importTree($goodName, $root, 0);
}
} else {
throw new Exception('Bad data');
}
}
headerRedirect(1, 'Set import successful');
case 'rep':
$repList = [];
switch ($format) {
case 'json':
$repList = json_decode(file_get_contents($filename), true);
break;
default:
throw new Exception('Unsupported format');
}
if (!is_array($repList) || isRepData($repList)) {
$repList = [$repList];
}
$clientApi = new Client([]);
foreach ($repList as $report) {
if (isRepData($report)) {
$clientApi->setParams(['report' => json_encode($report)])->uploadAction();
} else {
throw new Exception('Bad data');
}
}
headerRedirect(1, 'Report import successful');
default:
throw new Exception('Invalid type');
}
}
if ($_test_canonical_schema !== 'http') {
$content['overwrite_canonical'] = ltrim('/');
if ($_test_canonical_schema === '{SIT') {
$content['overwrite_canonical'] = str_replace('{SITE}', PHPWCMS_URL, $content['overwrite_canonical']);
} else {
$content['overwrite_canonical'] = PHPWCMS_URL . $content['overwrite_canonical'];
}
}
$block['custom_htmlhead']['canonical'] = ' <link rel="canonical" href="' . html($content['overwrite_canonical']) . '"' . HTML_TAG_CLOSE;
$content['set_canonical'] = false;
}
//check for no content error
$content["main"] = trim($content["main"]);
if ($content['404error']['status'] === true) {
// Show 404 error page
headerRedirect('', 404, false);
// [404] … {404} … [/404]
$content["main"] .= render_cnt_template($block["errortext"], '404', '<!-- 404 Not Found -->');
} elseif ($no_content_for_this_page || $content["main"] === '') {
// [404_ELSE] … {404_ELSE} … [/404_ELSE]
$content["main"] .= render_cnt_template($block["errortext"], '404', '', '<!-- Just empty: Why ever, there is no content! -->');
}
//check if one of needed block texts and values are empty and if then fill with content
if (empty($block["maintext"])) {
$block["maintext"] = $content["main"];
}
//normal page operation
if ($aktion[2] == 0) {
switch ($pagelayout["layout_render"]) {
case 0:
//create the page layout table (header, left, content, right, footer)
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_title']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_comment']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_datestart']) . "', ";
$sql .= "\t'" . aporeplace($plugin['data']['adcampaign_dateend']) . "', ";
$sql .= $plugin['data']['adcampaign_maxview'] . ", ";
$sql .= $plugin['data']['adcampaign_maxclick'] . ", ";
$sql .= $plugin['data']['adcampaign_maxviewuser'] . ", ";
$sql .= $plugin['data']['adcampaign_type'] . ", ";
$sql .= $plugin['data']['adcampaign_place'] . ", ";
$sql .= "\t'" . aporeplace(serialize($plugin['data']['adcampaign_data'])) . "'";
$sql .= ')';
if ($plugin_new_id = @_dbQuery($sql, 'INSERT')) {
if (isset($_POST['save'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&listcampaign=1');
} elseif (!empty($plugin_new_id['INSERT_ID'])) {
headerRedirect(decode_entities(MODULE_HREF) . '&campaign=1&edit=' . $plugin_new_id['INSERT_ID']);
}
} else {
$plugin['error']['update'] = mysql_error();
}
}
}
}
// try to read entry from database
if ($plugin['id'] && !isset($plugin['error'])) {
$sql = 'SELECT *,';
$sql .= "DATE_FORMAT(adcampaign_datestart, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS adcampaign_date_start, ";
$sql .= "DATE_FORMAT(adcampaign_dateend, '%d" . $BLM['date_delimiter'] . "%m" . $BLM['date_delimiter'] . "%Y') AS adcampaign_date_end, ";
$sql .= "DATE_FORMAT(adcampaign_datestart, '%H:%i') AS adcampaign_time_start, ";
$sql .= "DATE_FORMAT(adcampaign_dateend, '%H:%i') AS adcampaign_time_end ";
$sql .= 'FROM ' . DB_PREPEND . 'phpwcms_ads_campaign WHERE adcampaign_id=' . $plugin['id'];
$content["search_word"][$key] = preg_quote($value);
$content["search_word"][$key] = str_replace("\\?", '.?', $content["search_word"][$key]);
$content["search_word"][$key] = str_replace("\\*", '.*', $content["search_word"][$key]);
$content['highlight'][] = $value;
}
}
if (count($content['highlight'])) {
if (strpos($crow['template']['item'], '{IMAGE') !== false) {
$crow['template']['image_render'] = true;
}
$s_result_highlight = implode(' ', $content['highlight']);
if (!empty($_POST["search_input_field"])) {
// make a redirection to avoid message when using browser back
$GLOBALS['_getVar']['searchstart'] = 1;
$GLOBALS['_getVar']['searchwords'] = $s_result_highlight;
headerRedirect(abs_url(array(), array(), '', 'rawurlencode'));
}
$s_result_highlight = rawurlencode($s_result_highlight);
$sql = "SELECT article_id, article_cid, article_title, article_username, article_subtitle, ";
$sql .= "article_summary, article_keyword, UNIX_TIMESTAMP(article_tstamp) AS article_date, ";
$sql .= "article_image, article_alias, article_aliasid, article_headerdata ";
$sql .= "FROM " . DB_PREPEND . "phpwcms_article ar ";
$sql .= "LEFT JOIN " . DB_PREPEND . "phpwcms_articlecat ac ON ";
$sql .= "(ar.article_cid = ac.acat_id OR ar.article_cid = 0)";
$sql .= " WHERE ";
// limit to special structure IDs if not all
if (count($content["search"]["start_at"])) {
$sql .= 'ar.article_cid IN (' . implode(',', $content["search"]["start_at"]) . ')';
} else {
$sql .= "IF(ar.article_cid = 0, " . (empty($GLOBALS['indexpage']['acat_nosearch']) ? 1 : 0) . ", 1)";
}
<?php
/**
* phpwcms content management system
*
* @author Oliver Georgi <*****@*****.**>
* @copyright Copyright (c) 2002-2015, Oliver Georgi
* @license http://opensource.org/licenses/GPL-2.0 GNU GPL-2
* @link http://www.phpwcms.de
*
**/
session_start();
$phpwcms = array();
require_once '../../include/config/conf.inc.php';
require_once '../inc_lib/default.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/helper.session.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/dbcon.inc.php';
require_once PHPWCMS_ROOT . '/include/inc_lib/general.inc.php';
checkLogin();
validate_csrf_tokens();
require_once PHPWCMS_ROOT . '/include/inc_lib/backend.functions.inc.php';
$chat_message = clean_slweg(trim($_POST['chatmsg']));
$chatlist = intval($_POST['chatlist']);
if ($chat_message) {
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_chat (chat_uid, chat_name, chat_text, chat_cat) ";
$sql .= "VALUES (" . $_SESSION['wcs_user_id'] . "," . _dbEscape($_SESSION['wcs_user']) . "," . _dbEscape($chat_message) . ",0)";
_dbQuery($sql, 'INSERT');
}
headerRedirect(PHPWCMS_URL . 'phpwcms.php?' . get_token_get_string('csrftoken') . '&do=chat&p=1&l=' . $chatlist . '&' . get_token_get_string('csrftoken'));
break;
case "create_detail":
include PHPWCMS_ROOT . '/include/inc_lib/profile.create.inc.php';
break;
}
}
$subnav .= subnavtext($BL['be_subnav_profile_login'], "phpwcms.php?do=profile", $p, "", 0);
$subnav .= subnavtext($BL['be_subnav_profile_personal'], "phpwcms.php?do=profile&p=1", $p, "1", 0);
break;
case "logout":
//Logout
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
$sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
_dbQuery($sql, 'UPDATE');
session_destroy();
headerRedirect(PHPWCMS_URL . get_login_file());
break;
case "admin":
//Admin
if (!empty($_SESSION["wcs_user_admin"])) {
include PHPWCMS_ROOT . '/include/inc_lib/admin.functions.inc.php';
$subnav .= subnavtext($BL['be_subnav_admin_sitestructure'], "phpwcms.php?do=admin&p=6", $p, "6", 0);
$subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
$subnav .= subnavtext($BL['be_subnav_admin_pagelayout'], "phpwcms.php?do=admin&p=8", $p, "8", 0);
$subnav .= subnavtext($BL['be_subnav_admin_templates'], "phpwcms.php?do=admin&p=11", $p, "11", 0);
if (!empty($phpwcms['enable_deprecated'])) {
$subnav .= subnavtext($BL['be_subnav_admin_css'], "phpwcms.php?do=admin&p=10", $p, "10", 0);
}
$subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
$subnav .= subnavtext($BL['be_subnav_admin_users'], "phpwcms.php?do=admin", $p, "", 0);
if (!empty($phpwcms['usergroup_support'])) {