define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
class FbX extends CcmsAjaxFbException
{
}
// nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-|
/**
*
* Either INSERT or UPDATE preferences
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
FbX::SetFeedbackLocation('content-owners.Manage.php');
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageOwners', $_SESSION['ccms_userLevel'])) {
/*
* Since the number of items to process is PAGES x USERS, this number can become rather large, even for moderately small sites.
*
* Hence we do this in two phases:
*
* 1) first we collect the user=owner set per page in an associative array.
*
* 2) next, we update the database for each page collected in phase 1.
*
* This is different from the original approach in that:
*
* a) it cuts down the number of queries by a factor of USERS
define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
class FbX extends CcmsAjaxFbException
{
}
// nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-|
/**
*
* Either INSERT or UPDATE preferences
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST) && checkAuth()) {
FbX::SetFeedbackLocation("permissions.Manage.php");
try {
// (!) Only administrators can change these values
if ($_SESSION['ccms_userLevel'] >= 4) {
// Execute UPDATE
$values = array();
// [i_a] make sure $values is an empty array to start with here
foreach ($_POST as $key => $value) {
$key = filterParam4IdOrNumber($key);
$setting = filterParam4Number($value);
if (empty($key) || empty($setting) && $value !== "0") {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
$perm->set($key, $value);
}
if ($perm->SavePermissions($db, $cfg['db_prefix'], false)) {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
} else {
throw new FbX($ccms['lang']['auth']['featnotallowed']);
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
/**
*
* Delete a user as posted by an authorized user
*
*/
if ($do_action == 'delete-user' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
FbX::SetFeedbackLocation('user-management.Manage.php');
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
$total = isset($_POST['userID']) ? count($_POST['userID']) : 0;
if ($total == 0) {
throw new FbX($ccms['lang']['system']['error_selection']);
}
// Delete details from the database
$i = 0;
foreach ($_POST['userID'] as $user_num) {
$user_num = filterParam4Number($user_num);
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['userID'] = MySQL::SQLValue($user_num, MySQL::SQLVALUE_NUMBER);
$result = $db->DeleteRows($cfg['db_prefix'] . 'users', $values);
// assert(!empty($error));
echo '<h2>' . $ccms['lang']['guestbook']['error'] . '</h2>';
echo '<div id="sent-comment-fail">' . $error . '</div>';
exit;
}
/**
*
* Save configuration
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'save-cfg' && checkAuth()) {
$page_id = getPOSTparam4IdOrNumber('page_id');
FbX::SetFeedbackLocation('comment.Manage.php');
try {
if (!empty($page_id)) {
FbX::SetFeedbackLocation('comment.Manage.php', 'page_id=' . $page_id);
// Only if current user has the rights
if ($perm->is_level_okay('manageModComment', $_SESSION['ccms_userLevel'])) {
$showMessage = getPOSTparam4Number('messages');
$showLocale = getPOSTparam4IdOrNumber('locale');
if (!empty($showMessage) && !empty($showLocale)) {
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values['page_id'] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
$values['showMessage'] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
$values['showLocale'] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
// Insert or update configuration
if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgcomment', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
header('Location: ' . makeAbsoluteURI('comment.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
exit;
} else {
throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
}
} catch (CcmsAjaxFbException $e) {
$e->croak();
}
}
/**
*
* Save configuration preferences
*
*/
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'cfg-news' && checkAuth()) {
FbX::SetFeedbackLocation('news.Manage.php');
try {
if ($page_id) {
FbX::SetFeedbackLocation('news.Manage.php', 'page_id=' . $page_id);
// Only if current user has the rights
if ($perm->is_level_okay('manageModNews', $_SESSION['ccms_userLevel'])) {
$showLocale = getPOSTparam4IdOrNumber('locale');
$showMessage = getPOSTparam4Number('messages');
$showAuthor = getPOSTparam4boolean('author');
$showDate = getPOSTparam4boolean('show_modified');
$showTeaser = getPOSTparam4boolean('show_teaser');
$values = array();
// [i_a] make sure $values is an empty array to start with here
$values["page_id"] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
$values["showLocale"] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
$values["showMessage"] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
$values["showAuthor"] = MySQL::SQLValue($showAuthor, MySQL::SQLVALUE_BOOLEAN);
$values["showDate"] = MySQL::SQLValue($showDate, MySQL::SQLVALUE_BOOLEAN);
$values["showTeaser"] = MySQL::SQLValue($showTeaser, MySQL::SQLVALUE_BOOLEAN);
} else {
header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=error&msg=' . rawurlencode($return['error'] . (!empty($return['code']) ? ' (' . $return['code'] . ')' : ''))));
}
}
// }
exit;
}
/**
* Regenerate all thumbnails. This will delete any existing thumbnails!
*/
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'confirm_regen') {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id);
try {
$album_name = getGETparam4Filename('album');
if (!empty($album_name)) {
FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name);
// Only if current user has the rights
if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) {
$dest = BASE_PATH . '/media/albums/' . $album_name;
if (!is_dir($dest) && is_writable_ex($dest)) {
throw new FbX($ccms['lang']['system']['error_dirwrite']);
}
if (!is_dir($dest . '/_thumbs')) {
if (!@mkdir($dest . '/_thumbs')) {
throw new FbX($ccms['lang']['system']['error_dirwrite']);
}
}
foreach (array_diff(scandir($dest), array('.', '..', 'index.html', 'info.txt')) as $f) {
if (is_file($dest . '/' . $f)) {
$extension = pathinfo($f, PATHINFO_EXTENSION);
$uploadedfile = $dest . '/' . $f;
} catch (CcmsAjaxFbException $e) {
if ($fd) {
fclose($fd);
}
if (!empty($progressfile)) {
@unlink($progressfile);
}
$e->croak_json();
}
}
/**
* Report the progress on the current backup in JSON format.
*/
if ($do_action == 'report_backup_progress') {
header('Content-type: application/json; charset=UTF-8');
FbX::SetFeedbackLocation('backup-restore.Manage.php');
try {
session_write_close();
// as per http://stackoverflow.com/questions/6405658/long-request-blocks-other-requests-in-apache-and-php
$current_user = '******' . preg_replace('/[^a-zA-Z0-9\\-]/', '_', $_SESSION['ccms_userFirst'] . '_' . $_SESSION['ccms_userLast']);
$progressfile = BASE_PATH . '/' . BACKUP_DIRECTORY . 'progress-data' . $current_user . '.json';
$json = @file_get_contents($progressfile);
if (empty($json)) {
throw new FbX($ccms['lang']['system']['error_openfile'] . ": " . $progressfile);
}
die($json);
} catch (CcmsAjaxFbException $e) {
$e->croak_json(array('state' => 'error'));
}
}
// when we get here, an illegal command was fed to us!
// Some security functions
/* make darn sure only authenticated users can get past this point in the code */
if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userName']) || !checkAuth()) {
// this situation should've caught inside sitemap.php-->security.inc.php above! This is just a safety measure here.
die_with_forged_failure_msg(__FILE__, __LINE__);
// $ccms['lang']['auth']['featnotallowed']
}
// Prevent PHP warning by setting default (null) values
$do_action = getGETparam4IdOrNumber('action');
/**
*
* Save the edited template and check for authority
*
*/
if ($do_action == 'save-template' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
FbX::SetFeedbackLocation('template-editor.Manage.php');
try {
// Only if current user has the rights
if ($perm->is_level_okay('manageTemplate', $_SESSION['ccms_userLevel'])) {
$filenoext = getGETparam4FullFilePath('template');
$filename = BASE_PATH . '/lib/templates/' . $filenoext;
$content = getPOSTparam4RAWCONTENT('content');
// RAW CONTENT: the template may contain ANYTHING.
if (is_writable_ex($filename)) {
if (!($handle = fopen($filename, 'w'))) {
throw new FbX($ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
}
if (fwrite($handle, $content) === FALSE) {
fclose($handle);
throw new FbX($ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
}