function redirectSingleRecordAuthorsToEditPage() { global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName; $isAuthorOnly = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && !$hasAuthorViewerAccess && $hasAuthorAccess; $onlyAllowedOneRecord = @$schema['_maxRecordsPerUser'] == 1 || @$CURRENT_USER['accessList'][$tableName]['maxRecords'] == 1; if ($isAuthorOnly && $onlyAllowedOneRecord) { $query = "SELECT * FROM `{$escapedTableName}` WHERE createdByUserNum = '{$CURRENT_USER['num']}' LIMIT 1"; $record = mysql_get_query($query); $_REQUEST['num'] = $record['num']; // fake the record num being requested showInterface('default/edit.php', false); } }
<?php // define globals global $APP; //, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX; $APP['selectedMenu'] = 'admin'; // show admin menu as selected // check access level - admin only! if (!$GLOBALS['CURRENT_USER']['isAdmin']) { alert(t("You don't have permissions to access this menu.")); showInterface(''); } // mailer plugin hooks addAction('section_preDispatch', '_cronlog_showModeNotice', null, 2); // Prefix Menu with "Admin" //$GLOBALS['schema']['menuName'] = "Admin > ". $GLOBALS['schema']['menuName']; // Let regular actionHandler run $REDIRECT_FOR_CUSTOM_MENUS_DONT_EXIT = true; return; // function _cronlog_showModeNotice($tableName, $action) { if ($action != 'list') { return; } $notice = sprintf(t("Background Tasks: This menu lists all log entries, view <a href='%s'>current status and scheduled task list</a>."), "?menu=admin&action=general#background-tasks"); notice($notice); }
function resetPassword() { global $CURRENT_USER, $SETTINGS; $GLOBALS['sentEmail'] = false; // error checking if (!@$_REQUEST['userNum']) { die("No 'userNum' value specified!"); } if (!@$_REQUEST['resetCode']) { die("No 'resetCode' value specified!"); } if (!_isValidPasswordResetCode(@$_REQUEST['userNum'], @$_REQUEST['resetCode'])) { alert(t("Password reset code has expired or is not valid. Try resetting your password again.")); showInterface('forgotPassword.php', false); } // load user global $user; $user = mysql_get(accountsTable(), (int) @$_REQUEST['userNum']); // Lookup username or email if (@$_REQUEST['submitForm']) { security_dieUnlessPostForm(); security_dieOnInvalidCsrfToken(); disableInDemoMode('', 'resetPassword.php'); // error checking $textErrors = getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $user['username']); // v2.52 if ($textErrors) { alert(nl2br(htmlencode($textErrors))); showInterface('resetPassword.php'); exit; } // update password $newPassword = getPasswordDigest($_REQUEST['password']); mysql_update(accountsTable(), $user['num'], null, array('password' => $newPassword)); // show login alert(t('Password updated!')); $_REQUEST = array(); showInterface('login.php', false); exit; } // showInterface('resetPassword.php'); exit; }
require_once "lib/init.php"; require_once "lib/login_functions.php"; require_once "lib/user_functions.php"; require_once "lib/admin_functions.php"; ### Security: Disable external referers and form submissions $securityErrors = ''; $securityErrors .= security_disablePostWithoutInternalReferer(); $securityErrors .= security_disableExternalReferers(); $securityErrors .= security_warnOnInputWithNoReferer(); alert($securityErrors); ### pre-login actions $menu = @$_REQUEST['menu']; if ($menu == "forgotPassword") { forgotPassword(); } if ($menu == "resetPassword") { resetPassword(); } if ($menu == 'license') { showInterface('license.php'); } ### Login doAction('admin_prelogin'); adminLoginMenu(); doAction('admin_postlogin'); ### Dispatch actions if ($menu == 'home' || !$menu) { showInterface('home.php'); } else { include "lib/menus/default/actionHandler.php"; }
function disableInDemoMode($message = '', $interface = '', $showHeaderAndFooter = true) { if (!inDemoMode()) { return; } // display message //clearAlertsAndNotices(); // so previous alerts won't display if ($message == '') { alert(t('This feature is disabled in demo mode.')); } else { if ($message == 'settings') { alert(t('Changing settings is disabled in demo mode.')); } else { if ($message == 'plugins') { alert(t('Plugins are disabled in demo mode.')); } else { die("Unknown section name '" . htmlencode($section) . "'!"); } } } // display interface if (!$interface) { showInterface('home.php', $showHeaderAndFooter); } else { if ($interface == 'ajax') { die(t('This feature is disabled in demo mode.')); } else { showInterface($interface, $showHeaderAndFooter); } } // exit; }
function showInterfaceError($alert) { $errors = alert($alert); if (isAjaxRequest()) { die($errors); } else { showInterface('', true); } }
showInterface('database/listTables.php'); } elseif ($action == 'addTable') { include "lib/menus/database/addTable.php"; } elseif ($action == 'addTable_save') { addTable(); } elseif ($action == 'editTable') { include "lib/menus/database/editTable.php"; } elseif ($action == 'adminHome') { showInterface('admin/home.php'); } elseif ($action == 'recreateThumbnails') { recreateThumbnails(); } elseif ($action == 'previewDefaultDate') { previewDefaultDate(); } else { alert("Unknown action '" . htmlencode($action) . "'"); showInterface('admin/home.php'); } // function updateMenuOrder() { // security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // disableInDemoMode('', 'database/listTables.php'); // update table/menu order $orderedTables = explode(',', $_REQUEST['newOrder']); $newOrder = 0; foreach ($orderedTables as $tablenameWithPrefix) { // load schema
function admin_saveSettings($savePagePath) { global $SETTINGS, $APP; // error checking clearAlertsAndNotices(); // so previous alerts won't prevent saving of admin options // security checks security_dieUnlessPostForm(); security_dieUnlessInternalReferer(); security_dieOnInvalidCsrfToken(); // disableInDemoMode('settings', $savePagePath); # license error checking if (array_key_exists('licenseProductId', $_REQUEST)) { if (!isValidProductId($_REQUEST['licenseProductId'])) { alert("Invalid Product License ID!"); } else { if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) { $SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName']; // update settings $SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName']; // ... $SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId']; // ... $isValid = register(); // validate productId (and save new settings) if (!$isValid) { redirectBrowserToURL('?menu=admin', true); exit; } } } } # program url / adminUrl if (array_key_exists('adminUrl', $_REQUEST)) { if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) { alert("Program URL must start with http:// or https://<br/>\n"); } if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) { alert("Program URL can not contain a ?<br/>\n"); } } # webPrefixUrl - v2.53 if (@$_REQUEST['webPrefixUrl'] != '') { if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL must start with /") . "<br/>\n"); } if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) { alert(t("Website Prefix URL cannot end with /") . "<br/>\n"); } } # upload url/dir if (array_key_exists('uploadDir', $_REQUEST)) { # if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); } } if (array_key_exists('uploadUrl', $_REQUEST)) { # if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); } # else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); } # if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); } $_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/'); // remove trailing slashes } # admin email if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) { alert("Admin Email must be a valid email (example: user@example.com)<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) { alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n"); } // error checking - require HTTPS if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) { alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n"); } // error checking - session values $sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']); if ($sessionErrors) { alert($sessionErrors); } # show errors if (alert()) { showInterface('admin/general.php'); exit; } ### update global settings $globalSettings =& $SETTINGS; foreach (array_keys($globalSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $globalSettings[$key] = $_REQUEST[$key]; } } # update subsection settings $subsections = array('advanced', 'wysiwyg'); foreach ($subsections as $subsection) { $sectionSettings =& $SETTINGS[$subsection]; foreach (array_keys($sectionSettings) as $key) { if (array_key_exists($key, $_REQUEST)) { $sectionSettings[$key] = $_REQUEST[$key]; } } } # save to file saveSettings(); # return to admin home notice('Settings have been saved.'); showInterface($savePagePath); }