function redirectSingleRecordAuthorsToEditPage()
{
global $CURRENT_USER, $hasEditorAccess, $hasAuthorAccess, $hasAuthorViewerAccess, $schema, $tableName, $escapedTableName;
$isAuthorOnly = !$CURRENT_USER['isAdmin'] && !$hasEditorAccess && !$hasAuthorViewerAccess && $hasAuthorAccess;
$onlyAllowedOneRecord = @$schema['_maxRecordsPerUser'] == 1 || @$CURRENT_USER['accessList'][$tableName]['maxRecords'] == 1;
if ($isAuthorOnly && $onlyAllowedOneRecord) {
$query = "SELECT * FROM `{$escapedTableName}` WHERE createdByUserNum = '{$CURRENT_USER['num']}' LIMIT 1";
$record = mysql_get_query($query);
$_REQUEST['num'] = $record['num'];
// fake the record num being requested
showInterface('default/edit.php', false);
}
}
<?php
// define globals
global $APP;
//, $SETTINGS, $CURRENT_USER, $TABLE_PREFIX;
$APP['selectedMenu'] = 'admin';
// show admin menu as selected
// check access level - admin only!
if (!$GLOBALS['CURRENT_USER']['isAdmin']) {
alert(t("You don't have permissions to access this menu."));
showInterface('');
}
// mailer plugin hooks
addAction('section_preDispatch', '_cronlog_showModeNotice', null, 2);
// Prefix Menu with "Admin"
//$GLOBALS['schema']['menuName'] = "Admin > ". $GLOBALS['schema']['menuName'];
// Let regular actionHandler run
$REDIRECT_FOR_CUSTOM_MENUS_DONT_EXIT = true;
return;
//
function _cronlog_showModeNotice($tableName, $action)
{
if ($action != 'list') {
return;
}
$notice = sprintf(t("Background Tasks: This menu lists all log entries, view <a href='%s'>current status and scheduled task list</a>."), "?menu=admin&action=general#background-tasks");
notice($notice);
}
function resetPassword()
{
global $CURRENT_USER, $SETTINGS;
$GLOBALS['sentEmail'] = false;
// error checking
if (!@$_REQUEST['userNum']) {
die("No 'userNum' value specified!");
}
if (!@$_REQUEST['resetCode']) {
die("No 'resetCode' value specified!");
}
if (!_isValidPasswordResetCode(@$_REQUEST['userNum'], @$_REQUEST['resetCode'])) {
alert(t("Password reset code has expired or is not valid. Try resetting your password again."));
showInterface('forgotPassword.php', false);
}
// load user
global $user;
$user = mysql_get(accountsTable(), (int) @$_REQUEST['userNum']);
// Lookup username or email
if (@$_REQUEST['submitForm']) {
security_dieUnlessPostForm();
security_dieOnInvalidCsrfToken();
disableInDemoMode('', 'resetPassword.php');
// error checking
$textErrors = getNewPasswordErrors(@$_REQUEST['password'], @$_REQUEST['password:again'], $user['username']);
// v2.52
if ($textErrors) {
alert(nl2br(htmlencode($textErrors)));
showInterface('resetPassword.php');
exit;
}
// update password
$newPassword = getPasswordDigest($_REQUEST['password']);
mysql_update(accountsTable(), $user['num'], null, array('password' => $newPassword));
// show login
alert(t('Password updated!'));
$_REQUEST = array();
showInterface('login.php', false);
exit;
}
//
showInterface('resetPassword.php');
exit;
}
require_once "lib/init.php";
require_once "lib/login_functions.php";
require_once "lib/user_functions.php";
require_once "lib/admin_functions.php";
### Security: Disable external referers and form submissions
$securityErrors = '';
$securityErrors .= security_disablePostWithoutInternalReferer();
$securityErrors .= security_disableExternalReferers();
$securityErrors .= security_warnOnInputWithNoReferer();
alert($securityErrors);
### pre-login actions
$menu = @$_REQUEST['menu'];
if ($menu == "forgotPassword") {
forgotPassword();
}
if ($menu == "resetPassword") {
resetPassword();
}
if ($menu == 'license') {
showInterface('license.php');
}
### Login
doAction('admin_prelogin');
adminLoginMenu();
doAction('admin_postlogin');
### Dispatch actions
if ($menu == 'home' || !$menu) {
showInterface('home.php');
} else {
include "lib/menus/default/actionHandler.php";
}
function disableInDemoMode($message = '', $interface = '', $showHeaderAndFooter = true)
{
if (!inDemoMode()) {
return;
}
// display message
//clearAlertsAndNotices(); // so previous alerts won't display
if ($message == '') {
alert(t('This feature is disabled in demo mode.'));
} else {
if ($message == 'settings') {
alert(t('Changing settings is disabled in demo mode.'));
} else {
if ($message == 'plugins') {
alert(t('Plugins are disabled in demo mode.'));
} else {
die("Unknown section name '" . htmlencode($section) . "'!");
}
}
}
// display interface
if (!$interface) {
showInterface('home.php', $showHeaderAndFooter);
} else {
if ($interface == 'ajax') {
die(t('This feature is disabled in demo mode.'));
} else {
showInterface($interface, $showHeaderAndFooter);
}
}
//
exit;
}
function showInterfaceError($alert)
{
$errors = alert($alert);
if (isAjaxRequest()) {
die($errors);
} else {
showInterface('', true);
}
}
showInterface('database/listTables.php');
} elseif ($action == 'addTable') {
include "lib/menus/database/addTable.php";
} elseif ($action == 'addTable_save') {
addTable();
} elseif ($action == 'editTable') {
include "lib/menus/database/editTable.php";
} elseif ($action == 'adminHome') {
showInterface('admin/home.php');
} elseif ($action == 'recreateThumbnails') {
recreateThumbnails();
} elseif ($action == 'previewDefaultDate') {
previewDefaultDate();
} else {
alert("Unknown action '" . htmlencode($action) . "'");
showInterface('admin/home.php');
}
//
function updateMenuOrder()
{
//
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('', 'database/listTables.php');
// update table/menu order
$orderedTables = explode(',', $_REQUEST['newOrder']);
$newOrder = 0;
foreach ($orderedTables as $tablenameWithPrefix) {
// load schema
function admin_saveSettings($savePagePath)
{
global $SETTINGS, $APP;
// error checking
clearAlertsAndNotices();
// so previous alerts won't prevent saving of admin options
// security checks
security_dieUnlessPostForm();
security_dieUnlessInternalReferer();
security_dieOnInvalidCsrfToken();
//
disableInDemoMode('settings', $savePagePath);
# license error checking
if (array_key_exists('licenseProductId', $_REQUEST)) {
if (!isValidProductId($_REQUEST['licenseProductId'])) {
alert("Invalid Product License ID!");
} else {
if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
$SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
// update settings
$SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
// ...
$SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
// ...
$isValid = register();
// validate productId (and save new settings)
if (!$isValid) {
redirectBrowserToURL('?menu=admin', true);
exit;
}
}
}
}
# program url / adminUrl
if (array_key_exists('adminUrl', $_REQUEST)) {
if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
alert("Program URL must start with http:// or https://<br/>\n");
}
if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
alert("Program URL can not contain a ?<br/>\n");
}
}
# webPrefixUrl - v2.53
if (@$_REQUEST['webPrefixUrl'] != '') {
if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL must start with /") . "<br/>\n");
}
if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
}
}
# upload url/dir
if (array_key_exists('uploadDir', $_REQUEST)) {
# if (!preg_match('/\/$/', $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
}
if (array_key_exists('uploadUrl', $_REQUEST)) {
# if (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
# else if (!preg_match('/^\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
# if (!preg_match('/\/$/', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
$_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
// remove trailing slashes
}
# admin email
if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
}
// error checking - require HTTPS
if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
}
// error checking - session values
$sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
if ($sessionErrors) {
alert($sessionErrors);
}
# show errors
if (alert()) {
showInterface('admin/general.php');
exit;
}
### update global settings
$globalSettings =& $SETTINGS;
foreach (array_keys($globalSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$globalSettings[$key] = $_REQUEST[$key];
}
}
# update subsection settings
$subsections = array('advanced', 'wysiwyg');
foreach ($subsections as $subsection) {
$sectionSettings =& $SETTINGS[$subsection];
foreach (array_keys($sectionSettings) as $key) {
if (array_key_exists($key, $_REQUEST)) {
$sectionSettings[$key] = $_REQUEST[$key];
}
}
}
# save to file
saveSettings();
# return to admin home
notice('Settings have been saved.');
showInterface($savePagePath);
}
