header('location: ./mn-templates.php?back=deleted'); exit; } else { overal_header($lang['tmpl_templates'], $lang['tmpl_msg_put_contents_error'], 'error'); } } else { if (unlink($dir['templates'] . 'mn_default_' . $_POST['id'] . '.html')) { header('location: ./mn-templates.php?back=deleted'); exit; } else { overal_header($lang['tmpl_templates'], $lang['tmpl_msg_put_contents_error'], 'error'); } } } elseif (isset($_GET['action']) && $_GET['action'] == 'default') { foreach ($default_template as $d_num => $d_tmpl) { mn_put_contents($dir['templates'] . 'mn_default_' . $d_num . '.html', $d_tmpl); } header('location: ./mn-templates.php?defaults'); exit; } else { $templates_result = ''; foreach ($templates as $i) { if (!file_exists($dir['templates'] . 'mn_default_' . $i . '.html')) { continue; } else { $delete_link = in_array($i, $default_templates) ? '' : ' · <a href="./mn-templates.php?action=delete&id=' . $i . '" class="fancy">' . $lang['uni_delete'] . '</a>'; $templates_result .= '<tr><td><a href="./mn-templates.php?action=edit&id=' . $i . '" class="main-link">' . $lang['tmpl_tmpl_name_' . $i] . '</a><br /> <span class="links hide"><a href="./mn-templates.php?action=edit&id=' . $i . '">' . $lang['uni_edit'] . '</a>' . $delete_link . '</span></td><td><span class="trivial">mn_default</span></td><td>' . $lang['tmpl_tmpl_type_' . $i] . '</td></tr>'; } } if (file_exists($file['templates'])) { $t_file = file($file['templates']);
exit; } else { overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error'); } } else { overall_header($lang['folders_folders'], $lang['folders_msg_empty_folder_name'], 'error'); } } elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) { $var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']); overall_header($lang['folders_edit_folder'] . ' » ' . $var['folder_name'], $lang['folders_edit_folder'], 'main'); } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && array_key_exists($_GET['id'], $folders)) { $var = array('folder_name' => $folders[$_GET['id']]['name'], 'folder_id' => $_GET['id'], 'folder_parent' => $folders[$_GET['id']]['parent_id']); $admin_tmpl['folders_main'] = false; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && array_key_exists($_POST['id'], $folders)) { unset($folders[$_POST['id']]); if (mn_put_contents($file['folders'], DIE_LINE . serialize($folders))) { if (empty($folders)) { unlink($file['folders']); } header('location: ./mn-folders.php?back=deleted'); exit; } else { overal_header($lang['folders_folders'], $lang['folders_msg_put_contents_error'], 'error'); } } else { if (isset($_GET['back']) && $_GET['back'] == 'added') { overall_header($lang['folders_folders'], $lang['folders_msg_folder_added'], 'ok'); } elseif (isset($_GET['back']) && $_GET['back'] == 'canceled') { overall_header($lang['folders_folders'], $lang['folders_msg_folder_canceled'], 'info'); } elseif (isset($_GET['back']) && $_GET['back'] == 'deleted') { overall_header($lang['folders_folders'], $lang['folders_msg_folder_deleted'], 'ok');
$c_posts = array_unique($_POST['posts']); foreach ($c_posts as $c_post) { if (file_exists($dir['comments'] . 'comments_' . $c_post . '.php')) { $c_file = file($dir['comments'] . 'comments_' . $c_post . '.php'); $c_content = ''; foreach ($c_file as $c_line) { $c_data = explode(DELIMITER, $c_line); if ($_POST['a'] == 'delete' && in_array($c_data[0], $_POST['comments'])) { continue; } elseif (strlen($_POST['a']) == 7 && substr($_POST['a'], 0, 6) == 'status' && in_array($c_data[0], $_POST['comments'])) { $c_content .= $c_data[0] . DELIMITER . $c_data[1] . DELIMITER . $c_data[2] . DELIMITER . substr($_POST['a'], -1) . DELIMITER . $c_data[4] . DELIMITER . $c_data[5] . DELIMITER . $c_data[6] . DELIMITER . $c_data[7] . DELIMITER . $c_data[8] . DELIMITER . $c_data[9] . DELIMITER . $c_data[10] . DELIMITER . $c_data[11] . DELIMITER . $c_data[12] . DELIMITER . $c_data[13] . DELIMITER . trim($c_data[14]) . "\n"; } else { $c_content .= $c_line; } } mn_put_contents($dir['comments'] . 'comments_' . $c_post . '.php', $c_content); } } if ($_POST['a'] == 'delete') { header('location: ./mn-comments.php?trash&back=bulk-deleted'); exit; } elseif ($_POST['a'] == 'status1') { header('location: ./mn-comments.php?back=bulk-status1'); exit; } else { header('location: ./mn-comments.php?back=bulk-edited'); exit; } } else { header('location: ./mn-comments.php'); exit;
$f_gal_arr = array_unique($f_gal_arr); $file_galleries = implode(',', $f_gal_arr); $file_folder = $f_data[10]; } elseif (is_numeric($_POST['a'])) { $file_galleries = $f_data[9]; $file_folder = is_numeric($_POST['a']) ? $_POST['a'] : $f_data[10]; } else { $file_galleries = $f_data[9]; $file_folder = $f_data[10]; } $files_lines .= $f_data[0] . DELIMITER . $f_data[1] . DELIMITER . $f_data[2] . DELIMITER . $f_data[3] . DELIMITER . $f_data[4] . DELIMITER . $f_data[5] . DELIMITER . $f_data[6] . DELIMITER . $f_data[7] . DELIMITER . $f_data[8] . DELIMITER . $file_galleries . DELIMITER . $file_folder . DELIMITER . $f_data[11] . DELIMITER . $f_data[12] . DELIMITER . $f_data[13] . DELIMITER . $f_data[14] . DELIMITER . $f_data[15] . DELIMITER . $f_data[16] . DELIMITER . trim($f_data[17]) . "\n"; } else { $files_lines .= $single_line; } } mn_put_contents($file['files'], $files_lines); if ($_POST['a'] == 'delete') { header('Location: ./mn-files.php?back=bulk-deleted'); exit; } else { header('location: ./mn-files.php?back=bulk-ok&hl=' . implode(',', $_POST['files'])); exit; } } else { if (isset($_GET['ajaxcall'])) { echo ''; } elseif (isset($_GET['back']) && $_GET['back'] == 'success') { overall_header($lang['files_files'], $lang['files_msg_upload_successful'], 'ok'); } elseif (isset($_GET['back']) && $_GET['back'] == 'edited') { overall_header($lang['files_files'], $lang['files_msg_file_edited'], 'ok'); } elseif (isset($_GET['back']) && $_GET['back'] == 'bulk-ok') {
} } else { overall_header($lang['backup_backup'], $lang['backup_msg_not_supported'], 'error'); echo '<p class="disclaimer">' . $lang['backup_not_supported_text'] . '</p>'; } } elseif (isset($_POST['action']) && $_POST['action'] == 'backup') { $auth = user_auth('11'); $backup_timestamp = time(); $backup_hash = md5(rand(1, 1000) . microtime() . $_SERVER['REMOTE_ADDR']); if (class_exists('ZipArchive')) { $backup = new backup('data/', $dir['backups'] . 'backup-' . date('Y-m-d') . '-' . substr($backup_hash, 6, 9) . '.zip'); } else { $backup = false; } if ($backup) { mn_put_contents($file['last_backup'], "<?php\n\t\$backup['timestamp'] = '" . $backup_timestamp . "';\n\t\$backup['hash'] = '" . $backup_hash . "';\n?" . ">"); header('location: ./mn-tools.php?action=backup&back=done'); exit; } else { overall_header($lang['backup_backup'], $lang['backup_msg_not_supported'], 'error'); } } elseif (isset($_GET['action']) && $_GET['action'] == 'integration') { $auth = user_auth('12'); overall_header($lang['int_integration'], $lang['int_integration'], 'main'); $admin_tmpl['integration'] = true; } elseif (isset($_GET['action']) && $_GET['action'] == 'wizard') { $auth = user_auth('12'); overall_header($lang['wiz_wizard'], $lang['wiz_wizard'], 'main'); $admin_tmpl['wizard'] = true; $mn_users = load_basic_data('users'); $mn_categories = load_basic_data('categories');
$var = get_values('users', $_GET['id']); $posts_count = get_posts_count('users'); $admin_tmpl['user_delete'] = true; $admin_tmpl['form_users'] = false; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && $_POST['id'] != 1) { $u_file = file($file['users']); $u_content = ''; foreach ($u_file as $u_line) { $u_data = explode(DELIMITER, $u_line); if ($u_data[0] == $_POST['id']) { continue; } else { $u_content .= $u_line; } } if (mn_put_contents($file['users'], $u_content)) { header('location: ./mn-users.php?back=deleted'); exit; } else { overal_header($lang['cats_categories'], $lang['users_msg_put_contents_error'], 'error'); } } else { $u_file = file($file['users']); array_shift($u_file); $users_result = ''; $users = array(); $groups = load_basic_data('groups'); $posts_count = get_posts_count('users'); foreach ($u_file as $single_line) { $temp_data = explode(DELIMITER, $single_line); $users[$temp_data[0]] = $temp_data[1] . DELIMITER . $temp_data[3] . DELIMITER . $temp_data[4];
} else { $post_slugs = get_post_slugs(); if (in_array(check_text($_GET['mn_post'], true), $post_slugs)) { $mn_post_id = array_search(check_text($_GET['mn_post'], true), $post_slugs); } else { $mn_post_id = 0; } } if (file_exists(MN_ROOT . $dir['posts'] . 'post_' . $mn_post_id . '.php')) { $p = get_post_data($mn_post_id); if ($p['timestamp'] <= mn_time() && $p['status'] <= '2') { $detail_tmpl = isset($mn_tmpl) && file_exists(MN_ROOT . $dir['templates'] . $mn_tmpl . '_10.html') ? $mn_tmpl : DEFAULT_TMPL; $post_result = posts_tmpl($p['id'], $detail_tmpl . '_10', $mn_url); echo encoding($post_result); if ($conf['web_counter'] && empty($_COOKIE['mn_user_name'])) { mn_put_contents(MN_ROOT . $dir['posts'] . 'post_' . $p['id'] . '.php', SAFETY_LINE . DELIMITER . "\n" . $p['id'] . DELIMITER . $p['timestamp'] . DELIMITER . $p['title'] . DELIMITER . $p['friendly_url'] . DELIMITER . $p['author'] . DELIMITER . $p['cat'] . DELIMITER . $p['status'] . DELIMITER . $p['comments'] . DELIMITER . ($p['views'] + 1) . DELIMITER . $p['tags'] . DELIMITER . $p['image'] . DELIMITER . '' . DELIMITER . '' . DELIMITER . $p['xfields'] . DELIMITER . "\n" . $p['short_story'] . DELIMITER . "\n" . $p['full_story']); } if ($conf['comments'] === true || $conf['comments'] >= 1) { $mn_comm_users = load_complex_data('users'); if ($p['comments'] != 2 && file_exists(MN_ROOT . $dir['comments'] . 'comments_' . $p['id'] . '.php')) { $comment_tmpl = isset($mn_tmpl) && file_exists(MN_ROOT . $dir['templates'] . $mn_tmpl . '_12.html') ? $mn_tmpl : DEFAULT_TMPL; $c_result = ''; $c_file = file(MN_ROOT . $dir['comments'] . 'comments_' . $p['id'] . '.php'); array_shift($c_file); if ($conf['comments_order'] == 'reverse') { $c_i = count($c_file); $c_file = array_reverse($c_file); } else { $c_i = 1; } if (!empty($c_file)) {
if (isset($_POST['x_fields']) && file_exists(MN_ROOT . $file['xfields'])) { $xfields = get_unserialized_array('xfields'); $post_xfields = array(); foreach ($xfields as $xVar => $x) { if ($x['section'] != 'pages') { continue; } else { $post_xfields[$xVar] = check_text($_POST['x' . $xVar], true, 'xf'); } } $xfields_serialized = serialize($post_xfields); } else { $xfields_serialized = ''; } $p_content = SAFETY_LINE . "\n" . DELIMITER . $_POST['id'] . DELIMITER . mn_time() . DELIMITER . check_text($_POST['title']) . DELIMITER . friendly_url($_POST['title']) . DELIMITER . $var['author'] . DELIMITER . $_POST['visible'] . DELIMITER . $p_order . DELIMITER . $p_pass . DELIMITER . '' . DELIMITER . $xfields_serialized . DELIMITER . "\n" . check_text($_POST['text']); if (mn_put_contents($dir['pages'] . 'page_' . $_POST['id'] . '.php', $p_content)) { header('location: ./mn-pages.php?action=edit&id=' . $_POST['id'] . '&back=edited'); exit; } else { overall_header($lang['pages_edit_page'] . ' » ' . $var['title'], $lang['pages_msg_put_contents_error'], 'error', true); } } else { $var['title'] = check_text($_POST['title']); $var['text'] = check_text($_POST['text']); $var['id'] = check_text($_POST['id']); overall_header($lang['pages_edit_page'] . ' » ' . $var['title'], $lang['pages_msg_empty_values'], 'error', true); $admin_tmpl['form'] = true; } } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && file_exists($dir['pages'] . 'page_' . $_GET['id'] . '.php')) { $var = get_page_data($_GET['id']); if ($auth != 1 && $var['author'] != $_SESSION['mn_user_id']) {
} elseif (!file_exists('./' . $file['pages'])) { $p_dir = dir($dir['pages']); $pages = array(); while ($p_file = $p_dir->read()) { if (!is_file($dir['pages'] . $p_file)) { continue; } else { $var = get_page_data($p_file, false); if (isset($var['author']) && !empty($var['author'])) { $pages[$var['id']] = array('id' => $var['id'], 'timestamp' => $var['timestamp'], 'title' => $var['title'], 'friendly_url' => $var['friendly_url'], 'author' => $var['author'], 'parent_id' => 0, 'order' => $var['order']); } else { continue; } } } mn_put_contents($file['pages'], DIE_LINE . serialize($pages)); } $auth = user_auth('0'); if (!isset($conf['admin_update_check']) || $conf['admin_update_check'] == true) { if (isset($_GET['check-version']) || !isset($_COOKIE['mn_latest_version'])) { $latest_version = get_latest_version(); if (!empty($latest_version)) { setcookie('mn_latest_version', $latest_version, time() + 60 * 60 * 24 * MN_VERSION_CHECK); } } else { $latest_version = $_COOKIE['mn_latest_version']; } if (!empty($latest_version) && str_replace('.', '', $latest_version) > str_replace('.', '', MN_VERSION)) { $info['new_version'] = true; } else { $info['new_version'] = false;
$c_content .= "\$conf['comments_field_preview'] = " . $field_preview . ";\n\n\t"; $c_content .= "// Users:\n\t"; $c_content .= "\$conf['users_registration'] = " . $_POST['users_registration'] . ";\n\t"; $c_content .= "\$conf['users_default_group'] = " . (int) $_POST['users_default_group'] . ";\n\t"; $c_content .= "\$conf['users_perm_login'] = "******";\n\t"; $c_content .= "\$conf['users_avatar_standard'] = " . $avatar_standard . ";\n\t"; $c_content .= "\$conf['users_avatar_small'] = " . $avatar_small . ";\n\t"; $c_content .= "\$conf['users_avatar_mini'] = " . $avatar_mini . ";\n\n\t"; $c_content .= "// Friendly URLs:\n\t"; $c_content .= "\$conf['url_base'] = '" . $url_base . "';\n\t"; $c_content .= "\$conf['url_post'] = " . $url_post . ";\n\t"; $c_content .= "\$conf['url_page'] = " . $url_page . ";\n\t"; $c_content .= "\$conf['url_cat_base'] = '" . check_text($_POST['url_cat_base']) . "';\n\t"; $c_content .= "\$conf['url_tag_base'] = '" . check_text($_POST['url_tag_base']) . "';\n\n"; $c_content .= "?" . ">"; if (mn_put_contents($file['config'], $c_content)) { $tid = !empty($_POST['t-id']) || $_POST['t-id'] == '1' ? 't=' . $_POST['t-id'] . '&' : ''; header('location: ./mn-config.php?' . $tid . 'back=saved'); exit; } else { overall_header($lang['config_config'], $lang['config_msg_put_contents_error'], 'error'); } } elseif (isset($_GET['back']) && $_GET['back'] == 'saved') { overall_header($lang['config_config'], $lang['config_msg_saved'], 'ok'); } else { overall_header($lang['config_config'], $lang['config_config'], 'main'); } $server_port = $_SERVER['SERVER_PORT'] != '80' ? ':' . $_SERVER['SERVER_PORT'] : ''; $url_path = str_replace('mn-config.php', '', 'http://' . $_SERVER['SERVER_NAME'] . $server_port . $_SERVER['PHP_SELF']); if (substr($url_path, -1) == '/') { $url_path = substr($url_path, 0, -1);
if ($u_data[5] == '1') { $continue = true; $m_name = $u_data[1]; $m_email = $u_data[3]; $m_pass = PasswordGenerator(7) . rand(1, 99); $u_lines .= $u_data[0] . DELIMITER . $u_data[1] . DELIMITER . sha1($m_pass) . DELIMITER . $u_data[3] . DELIMITER . $u_data[4] . DELIMITER . $u_data[5] . DELIMITER . $u_data[6] . DELIMITER . $u_data[7] . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . $u_data[9] . DELIMITER . $u_data[10] . DELIMITER . $u_data[11] . DELIMITER . $u_data[12] . DELIMITER . $u_data[13] . DELIMITER . $u_data[14] . DELIMITER . $u_data[15] . DELIMITER . $u_data[16] . DELIMITER . $u_data[17] . DELIMITER . $u_data[18] . DELIMITER . $u_data[19] . DELIMITER . $u_data[20] . DELIMITER . $u_data[21] . DELIMITER . $u_data[22] . DELIMITER . $u_data[23] . DELIMITER . $u_data[24] . DELIMITER . $u_data[25] . DELIMITER . $u_data[26] . DELIMITER . $u_data[27] . DELIMITER . trim($u_data[28]) . DELIMITER . $u_data[29] . DELIMITER . $u_data[30] . DELIMITER . $u_data[31] . DELIMITER . $u_data[32] . DELIMITER . trim($u_data[33]) . "\n"; } else { $continue = false; $status_error = $u_data[5]; } } else { $u_lines .= $single_line; } } if ($continue) { if (@mail($m_email, $lang['login_lost_pass_mail_subject'], str_replace('%link%', $conf['admin_url'] . '/', $lang['login_lost_pass_mail_text']) . ' ' . $m_pass, "From: robot@mnewscms.com") && mn_put_contents($file['users'], $u_lines)) { header('location: ./mn-login.php?back=pass-sent'); exit; } else { login_screen($lang['login_msg_pass_not_sent'], $lang['login_msg_pass_not_sent'], 'error'); } } else { login_screen($lang['login_lost_pass_wrong_values'], $lang['login_lost_pass_wrong_values'], 'error'); } } elseif (isset($_GET['back']) && $_GET['back'] == 'loggedout') { login_screen($lang['login_login'], $lang['login_msg_logged_out'], 'info'); } elseif (isset($_GET['back']) && $_GET['back'] == 'auto-loggedout') { login_screen($lang['login_login'], $lang['login_msg_auto_logged_out'], 'info'); } elseif (isset($_GET['back']) && $_GET['back'] == 'pass-sent') { login_screen($lang['login_msg_pass_sent'], $lang['login_msg_pass_sent'], 'ok'); } else {
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id']) && file_exists($file['categories']) && !empty($var['cat_name'])) { overall_header($lang['cats_edit_category'] . ' » ' . $var['cat_name'], $lang['cats_edit_category'], 'main'); } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && file_exists($file['categories']) && !empty($var['cat_name'])) { $admin_tmpl['cats_main'] = false; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && file_exists($file['categories'])) { $cats_file = file($file['categories']); $cats_file_content = ''; foreach ($cats_file as $single_line) { $cat_data = explode(DELIMITER, $single_line); if ($cat_data[0] == $_POST['id']) { continue; } else { $cats_file_content .= $single_line; } } if (mn_put_contents($file['categories'], $cats_file_content)) { if (file_exists($file['categories_order'])) { $order_arr = unserialize(file_get_contents($file['categories_order'])); $new_order = array(); foreach ($order_arr as $n => $id) { if ($id == $_POST['id']) { continue; } else { $new_order[$n] = $id; } } file_put_contents($file['categories_order'], serialize($new_order)); } header('location: ./mn-categories.php?back=deleted'); exit; } else {
} elseif (isset($_GET['action']) && $_GET['action'] == 'edit' && isset($_GET['id']) && file_exists($file['galleries']) && !empty($var['gallery_name'])) { overall_header($lang['galleries_edit_gallery'] . ' » ' . $var['gallery_name'], $lang['galleries_edit_gallery'], 'main'); } elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && isset($_GET['id']) && file_exists($file['galleries']) && !empty($var['gallery_name'])) { $admin_tmpl['galleries_main'] = false; } elseif (isset($_POST['action']) && $_POST['action'] == 'delete' && isset($_POST['id']) && file_exists($file['galleries'])) { $galleries_file = file($file['galleries']); $galleries_file_content = ''; foreach ($galleries_file as $single_line) { $gallery_data = explode(DELIMITER, $single_line); if ($gallery_data[0] == $_POST['id']) { continue; } else { $galleries_file_content .= $single_line; } } if (mn_put_contents($file['galleries'], $galleries_file_content)) { header('location: ./mn-galleries.php?back=deleted'); exit; } else { overal_header($lang['galleries_galleries'], $lang['galleries_msg_put_contents_error'], 'error'); } } elseif (isset($_GET['action']) && $_GET['action'] == 'code' && isset($_GET['gal']) && is_numeric($_GET['gal'])) { $admin_tmpl['galleries_main'] = false; $admin_tmpl['code'] = true; } else { if (isset($_GET['back']) && $_GET['back'] == 'added') { overall_header($lang['galleries_galleries'], $lang['galleries_msg_gallery_added'], 'ok'); } elseif (isset($_GET['back']) && $_GET['back'] == 'deleted') { overall_header($lang['galleries_galleries'], $lang['galleries_msg_gallery_deleted'], 'ok'); } elseif (isset($_GET['back']) && $_GET['back'] == 'edited') { overall_header($lang['galleries_galleries'], $lang['galleries_msg_gallery_edited'], 'ok');
@unlink($dir['comments'] . 'comments_' . $_POST['id'] . '.php'); $post_img = explode(';', $var['image']); if (isset($post_img[0]) && !empty($post_img[0])) { @unlink($dir['images'] . $post_img[0]); } $posts_file = file($file['posts']); $p_lines = ''; foreach ($posts_file as $single_line) { $p_data = explode(DELIMITER, $single_line); if (isset($p_data[1]) && $p_data[1] == $_POST['id']) { continue; } else { $p_lines .= $single_line; } } mn_put_contents($file['posts'], $p_lines); if (!file_exists($dir['posts'] . 'post_' . $_POST['id'] . '.php')) { header('location: ./mn-posts.php?i-ok=post-deleted'); exit; } else { header('location: ./mn-posts.php?i-error=error'); exit; } } } else { header('location: ./mn-posts.php?i-error=error'); exit; } } elseif (isset($_GET['action']) && $_GET['action'] == 'show-post' && file_exists($dir['posts'] . 'post_' . $_GET['id'] . '.php')) { $var = get_post_data($_GET['id']); $story = preg_replace('#\\[mn_gallery=(.*?)\\]#ie', 'mn_gallery(\'$1\')', $var['short_story'] . $var['full_story']);
function permanent_login() { global $conf, $file; $users_file = file($file['users']); $u_lines = ''; $mn_user_hash = ''; $do_login = false; foreach ($users_file as $single_line) { $user_data = explode(DELIMITER, $single_line); if ($_COOKIE['mn_user_name'] == $user_data[1] && $_COOKIE['mn_user_hash'] == $user_data[6]) { if ($_COOKIE['mn_user_hash'] == sha1($_SERVER['HTTP_USER_AGENT'] . $user_data[2] . $user_data[7] . $_SERVER['REMOTE_ADDR'])) { $do_login = true; $auth_data = get_values('groups', $user_data[4]); $time = time() - 10; session_regenerate_id(); $_SESSION['mn_logged'] = true; $_SESSION['mn_check_hash'] = md5(__FILE__); $_SESSION['mn_token'] = rand(1, 1000000000.0); $_SESSION['mn_last_login'] = $user_data[7]; $_SESSION['mn_registered'] = $user_data[9]; $_SESSION['mn_user_name'] = $user_data[1]; $_SESSION['mn_user_id'] = $user_data[0]; $_SESSION['mn_user_auth'] = $auth_data['permissions']; $_SESSION['mn_user_time'] = $time; setcookie('mn_logged', true, time() + 60 * 60 * MAX_LOGGED_TIME, '/', $_SERVER['SERVER_NAME']); setcookie('mn_user_name', $user_data[1], time() + 60 * 60 * 24 * 14, '/', $_SERVER['SERVER_NAME']); $mn_user_hash = sha1($_SERVER['HTTP_USER_AGENT'] . $user_data[2] . $time . $_SERVER['REMOTE_ADDR']); setcookie('mn_user_hash', $mn_user_hash, time() + 60 * 60 * 24 * 14, '/', $_SERVER['SERVER_NAME']); $u_lines .= $user_data[0] . DELIMITER . $user_data[1] . DELIMITER . $user_data[2] . DELIMITER . $user_data[3] . DELIMITER . $user_data[4] . DELIMITER . $user_data[5] . DELIMITER . $mn_user_hash . DELIMITER . $time . DELIMITER . $_SERVER['REMOTE_ADDR'] . DELIMITER . $user_data[9] . DELIMITER . $user_data[10] . DELIMITER . $user_data[11] . DELIMITER . $user_data[12] . DELIMITER . $user_data[13] . DELIMITER . $user_data[14] . DELIMITER . $user_data[15] . DELIMITER . $user_data[16] . DELIMITER . $user_data[17] . DELIMITER . $user_data[18] . DELIMITER . $user_data[19] . DELIMITER . $user_data[20] . DELIMITER . $user_data[21] . DELIMITER . $user_data[22] . DELIMITER . $user_data[23] . DELIMITER . $user_data[24] . DELIMITER . $user_data[25] . DELIMITER . $user_data[26] . DELIMITER . $user_data[27] . DELIMITER . $user_data[28] . DELIMITER . $user_data[29] . DELIMITER . $user_data[30] . DELIMITER . $user_data[31] . DELIMITER . $user_data[32] . DELIMITER . trim($user_data[33]) . "\n"; } else { $u_lines .= $single_line; } } else { $u_lines .= $single_line; } } if ($do_login == true && $_SESSION['mn_logged'] && mn_put_contents($file['users'], $u_lines)) { return true; } else { @session_destroy(); setcookie('mn_user_hash', '', time() - 3600, '/', $_SERVER['SERVER_NAME']); header('location: ./mn-login.php'); exit; } }
continue; } else { $g_content .= $g_line; } } $u_file = file($file['users']); $u_content = ''; foreach ($u_file as $u_line) { $u_data = explode(DELIMITER, $u_line); if (isset($u_data[4]) && $u_data[4] == $_POST['id']) { $u_content .= $u_data[0] . DELIMITER . $u_data[1] . DELIMITER . $u_data[2] . DELIMITER . $u_data[3] . DELIMITER . trim($_POST['group_alt']) . DELIMITER . $u_data[5] . DELIMITER . $u_data[6] . DELIMITER . $u_data[7] . DELIMITER . $u_data[8] . DELIMITER . $u_data[9] . DELIMITER . $u_data[10] . DELIMITER . $u_data[11] . DELIMITER . $u_data[12] . DELIMITER . $u_data[13] . DELIMITER . $u_data[14] . DELIMITER . $u_data[15] . DELIMITER . $u_data[16] . DELIMITER . $u_data[17] . DELIMITER . $u_data[18] . DELIMITER . $u_data[19] . DELIMITER . $u_data[20] . DELIMITER . $u_data[21] . DELIMITER . $u_data[22] . DELIMITER . $u_data[23] . DELIMITER . $u_data[24] . DELIMITER . $u_data[25] . DELIMITER . $u_data[26] . DELIMITER . $u_data[27] . DELIMITER . trim($u_data[28]) . DELIMITER . $u_data[29] . DELIMITER . $u_data[30] . DELIMITER . $u_data[31] . DELIMITER . $u_data[32] . DELIMITER . trim($u_data[33]) . "\n"; } else { $u_content .= $u_line; } } if (mn_put_contents($file['groups'], $g_content) && mn_put_contents($file['users'], $u_content)) { header('location: ./mn-groups.php?back=deleted'); exit; } else { overal_header($lang['groups_groups'], $lang['groups_msg_put_contents_error'], 'error'); } } else { $g_file = file($file['groups']); array_shift($g_file); $groups_result = ''; foreach ($g_file as $g_line) { $g_data = explode(DELIMITER, $g_line); $group_id = trim($g_data[0]); if ($group_id == 1) { $groups_result .= '<tr><td><span class="main-link tooltip" title="' . $lang['groups_msg_not_editable'] . '">' . $lang['groups_default_group_1'] . '</span><br /> </td>'; } else {