define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
class FbX extends CcmsAjaxFbException
{
}
// nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-|
/**
 *
 * Either INSERT or UPDATE preferences
 *
 */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
    FbX::SetFeedbackLocation('content-owners.Manage.php');
    try {
        // Only if current user has the rights
        if ($perm->is_level_okay('manageOwners', $_SESSION['ccms_userLevel'])) {
            /*
             * Since the number of items to process is PAGES x USERS, this number can become rather large, even for moderately small sites.
             *
             * Hence we do this in two phases:
             *
             * 1) first we collect the user=owner set per page in an associative array.
             *
             * 2) next, we update the database for each page collected in phase 1.
             *
             * This is different from the original approach in that:
             *
             * a) it cuts down the number of queries by a factor of USERS
Ejemplo n.º 2
0
    define('BASE_PATH', $base);
}
// Include general configuration
/*MARKER*/
require_once BASE_PATH . '/lib/sitemap.php';
class FbX extends CcmsAjaxFbException
{
}
// nasty way to do 'shorthand in PHP -- I do miss my #define macros! :'-|
/**
 *
 * Either INSERT or UPDATE preferences
 *
 */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST) && checkAuth()) {
    FbX::SetFeedbackLocation("permissions.Manage.php");
    try {
        // (!) Only administrators can change these values
        if ($_SESSION['ccms_userLevel'] >= 4) {
            // Execute UPDATE
            $values = array();
            // [i_a] make sure $values is an empty array to start with here
            foreach ($_POST as $key => $value) {
                $key = filterParam4IdOrNumber($key);
                $setting = filterParam4Number($value);
                if (empty($key) || empty($setting) && $value !== "0") {
                    throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
                }
                $perm->set($key, $value);
            }
            if ($perm->SavePermissions($db, $cfg['db_prefix'], false)) {
                throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
            }
        } else {
            throw new FbX($ccms['lang']['auth']['featnotallowed']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
/**
 *
 * Delete a user as posted by an authorized user
 *
 */
if ($do_action == 'delete-user' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
    FbX::SetFeedbackLocation('user-management.Manage.php');
    try {
        // Only if current user has the rights
        if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
            $total = isset($_POST['userID']) ? count($_POST['userID']) : 0;
            if ($total == 0) {
                throw new FbX($ccms['lang']['system']['error_selection']);
            }
            // Delete details from the database
            $i = 0;
            foreach ($_POST['userID'] as $user_num) {
                $user_num = filterParam4Number($user_num);
                $values = array();
                // [i_a] make sure $values is an empty array to start with here
                $values['userID'] = MySQL::SQLValue($user_num, MySQL::SQLVALUE_NUMBER);
                $result = $db->DeleteRows($cfg['db_prefix'] . 'users', $values);
Ejemplo n.º 4
0
    // assert(!empty($error));
    echo '<h2>' . $ccms['lang']['guestbook']['error'] . '</h2>';
    echo '<div id="sent-comment-fail">' . $error . '</div>';
    exit;
}
/**
 *
 * Save configuration
 *
 */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'save-cfg' && checkAuth()) {
    $page_id = getPOSTparam4IdOrNumber('page_id');
    FbX::SetFeedbackLocation('comment.Manage.php');
    try {
        if (!empty($page_id)) {
            FbX::SetFeedbackLocation('comment.Manage.php', 'page_id=' . $page_id);
            // Only if current user has the rights
            if ($perm->is_level_okay('manageModComment', $_SESSION['ccms_userLevel'])) {
                $showMessage = getPOSTparam4Number('messages');
                $showLocale = getPOSTparam4IdOrNumber('locale');
                if (!empty($showMessage) && !empty($showLocale)) {
                    $values = array();
                    // [i_a] make sure $values is an empty array to start with here
                    $values['page_id'] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
                    $values['showMessage'] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
                    $values['showLocale'] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
                    // Insert or update configuration
                    if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgcomment', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
                        header('Location: ' . makeAbsoluteURI('comment.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
                        exit;
                    } else {
Ejemplo n.º 5
0
            throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
/**
 *
 * Save configuration preferences
 *
 */
if ($_SERVER['REQUEST_METHOD'] == 'POST' && $do_action == 'cfg-news' && checkAuth()) {
    FbX::SetFeedbackLocation('news.Manage.php');
    try {
        if ($page_id) {
            FbX::SetFeedbackLocation('news.Manage.php', 'page_id=' . $page_id);
            // Only if current user has the rights
            if ($perm->is_level_okay('manageModNews', $_SESSION['ccms_userLevel'])) {
                $showLocale = getPOSTparam4IdOrNumber('locale');
                $showMessage = getPOSTparam4Number('messages');
                $showAuthor = getPOSTparam4boolean('author');
                $showDate = getPOSTparam4boolean('show_modified');
                $showTeaser = getPOSTparam4boolean('show_teaser');
                $values = array();
                // [i_a] make sure $values is an empty array to start with here
                $values["page_id"] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
                $values["showLocale"] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
                $values["showMessage"] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
                $values["showAuthor"] = MySQL::SQLValue($showAuthor, MySQL::SQLVALUE_BOOLEAN);
                $values["showDate"] = MySQL::SQLValue($showDate, MySQL::SQLVALUE_BOOLEAN);
                $values["showTeaser"] = MySQL::SQLValue($showTeaser, MySQL::SQLVALUE_BOOLEAN);
Ejemplo n.º 6
0
        } else {
            header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=error&msg=' . rawurlencode($return['error'] . (!empty($return['code']) ? ' (' . $return['code'] . ')' : ''))));
        }
    }
    //  }
    exit;
}
/**
 * Regenerate all thumbnails. This will delete any existing thumbnails!
 */
if ($_SERVER['REQUEST_METHOD'] == 'GET' && $do_action == 'confirm_regen') {
    FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id);
    try {
        $album_name = getGETparam4Filename('album');
        if (!empty($album_name)) {
            FbX::SetFeedbackLocation('lightbox.Manage.php', 'page_id=' . $page_id . '&album=' . $album_name);
            // Only if current user has the rights
            if ($perm->is_level_okay('manageModLightbox', $_SESSION['ccms_userLevel'])) {
                $dest = BASE_PATH . '/media/albums/' . $album_name;
                if (!is_dir($dest) && is_writable_ex($dest)) {
                    throw new FbX($ccms['lang']['system']['error_dirwrite']);
                }
                if (!is_dir($dest . '/_thumbs')) {
                    if (!@mkdir($dest . '/_thumbs')) {
                        throw new FbX($ccms['lang']['system']['error_dirwrite']);
                    }
                }
                foreach (array_diff(scandir($dest), array('.', '..', 'index.html', 'info.txt')) as $f) {
                    if (is_file($dest . '/' . $f)) {
                        $extension = pathinfo($f, PATHINFO_EXTENSION);
                        $uploadedfile = $dest . '/' . $f;
    } catch (CcmsAjaxFbException $e) {
        if ($fd) {
            fclose($fd);
        }
        if (!empty($progressfile)) {
            @unlink($progressfile);
        }
        $e->croak_json();
    }
}
/**
 * Report the progress on the current backup in JSON format.
 */
if ($do_action == 'report_backup_progress') {
    header('Content-type: application/json; charset=UTF-8');
    FbX::SetFeedbackLocation('backup-restore.Manage.php');
    try {
        session_write_close();
        // as per http://stackoverflow.com/questions/6405658/long-request-blocks-other-requests-in-apache-and-php
        $current_user = '******' . preg_replace('/[^a-zA-Z0-9\\-]/', '_', $_SESSION['ccms_userFirst'] . '_' . $_SESSION['ccms_userLast']);
        $progressfile = BASE_PATH . '/' . BACKUP_DIRECTORY . 'progress-data' . $current_user . '.json';
        $json = @file_get_contents($progressfile);
        if (empty($json)) {
            throw new FbX($ccms['lang']['system']['error_openfile'] . ": " . $progressfile);
        }
        die($json);
    } catch (CcmsAjaxFbException $e) {
        $e->croak_json(array('state' => 'error'));
    }
}
// when we get here, an illegal command was fed to us!
// Some security functions
/* make darn sure only authenticated users can get past this point in the code */
if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userName']) || !checkAuth()) {
    // this situation should've caught inside sitemap.php-->security.inc.php above! This is just a safety measure here.
    die_with_forged_failure_msg(__FILE__, __LINE__);
    // $ccms['lang']['auth']['featnotallowed']
}
// Prevent PHP warning by setting default (null) values
$do_action = getGETparam4IdOrNumber('action');
/**
 *
 * Save the edited template and check for authority
 *
 */
if ($do_action == 'save-template' && $_SERVER['REQUEST_METHOD'] == 'POST' && checkAuth()) {
    FbX::SetFeedbackLocation('template-editor.Manage.php');
    try {
        // Only if current user has the rights
        if ($perm->is_level_okay('manageTemplate', $_SESSION['ccms_userLevel'])) {
            $filenoext = getGETparam4FullFilePath('template');
            $filename = BASE_PATH . '/lib/templates/' . $filenoext;
            $content = getPOSTparam4RAWCONTENT('content');
            // RAW CONTENT: the template may contain ANYTHING.
            if (is_writable_ex($filename)) {
                if (!($handle = fopen($filename, 'w'))) {
                    throw new FbX($ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
                }
                if (fwrite($handle, $content) === FALSE) {
                    fclose($handle);
                    throw new FbX($ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
                }