Ejemplo n.º 1
0
define('CST_ADMIN_OPML_IMPORT_WIPE', 1);
define('CST_ADMIN_OPML_IMPORT_FOLDER', 2);
define('CST_ADMIN_OPML_IMPORT_MERGE', 3);
$auth = rss_user_check_user_level(RSS_USER_LEVEL_ADMIN);
if (!$auth) {
    // check whether the admin password has been set.
    $sql = "select uname,password from " . getTable('users') . " where ulevel=99";
    list($dummy, $__pw__) = rss_fetch_row(rss_query($sql));
    if ($__pw__ == '') {
        $admin_uname = null;
        $admin_pass = null;
        if (isset($_POST['username']) && isset($_POST['password'])) {
            $admin_uname = $_POST['username'];
            $admin_pass = $_POST['password'];
        }
        set_admin_pass($admin_uname, $admin_pass);
    } else {
        rss_login_form();
        exit;
    }
}
admin_header();
admin_main($auth);
admin_footer();
///////////////////////////////////////////////////////////////////////////////////////////
/**
 * main function. checks for authorization and renders the
 * required admin section.
 */
function admin_main($authorised)
{
Ejemplo n.º 2
0
        echo "</form>\n</div>\n";
        closetable();
    }
}
if (isset($_POST['update_admin']) && (isset($_GET['user_id']) && isnum($_GET['user_id']) && $_GET['user_id'] != 1)) {
    if (check_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "")) {
        if (isset($_POST['rights'])) {
            $user_rights = "";
            for ($i = 0; $i < count($_POST['rights']); $i++) {
                $user_rights .= ($user_rights != "" ? "." : "") . stripinput($_POST['rights'][$i]);
            }
            $result = dbquery("UPDATE " . DB_USERS . " SET user_rights='{$user_rights}' WHERE user_id='" . $_GET['user_id'] . "' AND user_level>='102'");
        } else {
            $result = dbquery("UPDATE " . DB_USERS . " SET user_rights='' WHERE user_id='" . $_GET['user_id'] . "' AND user_level>='102'");
        }
        set_admin_pass(isset($_POST['admin_password']) ? stripinput($_POST['admin_password']) : "");
        redirect(FUSION_SELF . $aidlink . "&status=su", true);
    } else {
        redirect(FUSION_SELF . $aidlink . "&status=pw");
    }
}
if (isset($_GET['edit']) && isnum($_GET['edit']) && $_GET['edit'] != 1) {
    $result = dbquery("SELECT user_name, user_rights FROM " . DB_USERS . " WHERE user_id='" . $_GET['edit'] . "' AND user_level>='102' ORDER BY user_id");
    if (dbrows($result)) {
        $data = dbarray($result);
        $user_rights = explode(".", $data['user_rights']);
        $result2 = dbquery("SELECT admin_rights, admin_title, admin_page FROM " . DB_ADMIN . " ORDER BY admin_page ASC,admin_title");
        opentable($locale['440'] . " [" . $data['user_name'] . "]");
        $columns = 2;
        $counter = 0;
        $page = 1;
Ejemplo n.º 3
0
        $download_types = form_sanitizer($_POST['download_types'], '', 'download_types');
        $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_types}' WHERE settings_name='download_types'") : '';
        $download_screen_max_w = form_sanitizer($_POST['download_screen_max_w'], 0, 'download_screen_max_w');
        $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_w}' WHERE settings_name='download_screen_max_w'") : '';
        $download_screen_max_h = form_sanitizer($_POST['download_screen_max_h'], 0, 'download_screen_max_h');
        $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_h}' WHERE settings_name='download_screen_max_h'") : '';
        $download_screen_max_b = form_sanitizer($_POST['calc_bb'], 200, 'calc_bb') * form_sanitizer($_POST['calc_cc'], 1000, 'calc_cc');
        $result = !defined('FUSION_NULL') ? dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screen_max_b}' WHERE settings_name='download_screen_max_b'") : '';
        $download_thumb_max_h = form_sanitizer($_POST['download_thumb_max_h'], 100, 'download_thumb_max_h');
        $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['download_thumb_max_h']) ? $_POST['download_thumb_max_h'] : "100") . "' WHERE settings_name='download_thumb_max_h'");
        $download_thumb_max_w = form_sanitizer($_POST['download_thumb_max_w'], 100, 'download_thumb_max_w');
        $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='" . (isnum($_POST['download_thumb_max_w']) ? $_POST['download_thumb_max_w'] : "100") . "' WHERE settings_name='download_thumb_max_w'");
        $download_screenshot = form_sanitizer($_POST['download_screenshot'], 0, 'download_screenshot');
        $result = dbquery("UPDATE " . DB_SETTINGS . " SET settings_value='{$download_screenshot}' WHERE settings_name='download_screenshot'");
        if (!defined('FUSION_NULL')) {
            set_admin_pass($admin_password);
            redirect(FUSION_SELF . $aidlink . "&amp;error=0");
        }
    }
}
$settings2 = array();
$result = dbquery("SELECT * FROM " . DB_SETTINGS);
while ($data = dbarray($result)) {
    $settings2[$data['settings_name']] = $data['settings_value'];
}
function calculate_byte($download_max_b)
{
    $calc_opts = array(1 => 'Bytes (bytes)', 1000 => 'KB (Kilobytes)', 1000000 => 'MB (Megabytes)');
    foreach ($calc_opts as $byte => $val) {
        if ($download_max_b / $byte <= 999) {
            return $byte;