* @license http://www.gnu.org/licenses/gpl-2.0.html */ require '../../../config.php'; $bAdminHeader = FALSE; // suppress to print the header, so no new FTAN will be set $admin = new admin('Pages', 'pages_settings', $bAdminHeader); // check if user can change things to avoid any submission from a logged in not admin user if ($admin->get_permission('pages_modify') == false) { exit; } // Create the Fields from Submission $aFromString = explode("-", $_POST['id']); $sDbField = $aFromString[0]; $iPageId = intval($aFromString[1]); //sanitize new value to update $sNewValue = str_replace(array("[[", "]]", "\n", "\t"), '', htmlspecialchars($admin->add_slashes($admin->get_post('value')))); $aCheckPagesFields = array('page_title', 'description', 'keywords'); // GET TOOL SETTINGS FROM DB (Json Array) $jsonSettings = $database->get_one("SELECT `settings_json` FROM `" . TABLE_PREFIX . "mod_page_seo_tool`"); $aSettings = json_decode($jsonSettings, TRUE); if (!defined('REWRITE_URL') && $aSettings['rewriteUrl']['use'] == TRUE) { define('REWRITE_URL', $aSettings['rewriteUrl']['dbString']); array_push($aCheckPagesFields, REWRITE_URL); } // UPDATE the DB Field if (isset($_POST['value']) && in_array($sDbField, $aCheckPagesFields)) { // Update page settings in the pages table $sUpdateQuery = 'UPDATE `' . TABLE_PREFIX . 'pages` SET `' . $sDbField . '` = "' . $sNewValue . '" WHERE `page_id` = ' . $iPageId; $database->query($sUpdateQuery); } if ($database->is_error() == FALSE) {
} } // end include class.secure.php require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Access', 'users_modify'); // Check if user id is a valid number and doesnt equal 1 if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) { header("Location: index.php"); exit(0); } else { $user_id = $_POST['user_id']; } // Gather details entered $groups_id = isset($_POST['groups']) ? implode(",", $_POST['groups']) : ''; $active = addslashes($_POST['active'][0]); $username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('username_fieldname'), ENT_QUOTES)); $username = $admin->get_post_escaped($username_fieldname); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post('display_name'), ENT_QUOTES)); $email = $admin->get_post_escaped('email'); $home_folder = $admin->get_post_escaped('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], 'index.php'); } if (strlen($username) < 3) { $admin->print_error($MESSAGE['USERS_USERNAME_TOO_SHORT'], 'index.php'); } if (!preg_match('/^[a-z]{1}[a-z0-9@\\._-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'], 'index.php');
if (!defined('WB_PATH')) { require dirname(dirname(__DIR__)) . '/config.php'; } if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } // suppress to print the header, so no new FTAN will be set $admin = new admin('Pages', 'pages_add', false); if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], ADMIN_URL); } // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get values $title = $admin->get_post('title'); $title = htmlspecialchars($title); $module = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('type')); // fix secunia 2010-93-4 $parent = intval($admin->get_post('parent')); // fix secunia 2010-91-2 $visibility = $admin->get_post('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-91-2 $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // Work-out if we should check for existing page_code $field_set = $database->field_exists(TABLE_PREFIX . 'pages', 'page_code'); // add Admin to admin and viewing-groups
} // After check print the header $admin->print_header(); // Check if user id is a valid number and doesnt equal 1 if (!isset($_POST['user_id']) or !is_numeric($_POST['user_id']) or $_POST['user_id'] == 1) { header("Location: index.php"); exit(0); } else { $user_id = $_POST['user_id']; } // Gather details entered $groups_id = isset($_POST['groups']) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; $active = $admin->add_slashes($_POST['active'][0]); $username_fieldname = $admin->get_post_escaped('username_fieldname'); $username = strtolower($admin->get_post_escaped($username_fieldname)); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = $admin->get_post_escaped('display_name'); $email = $admin->get_post_escaped('email'); $home_folder = $admin->get_post_escaped('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); } if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); } if ($password != "") { if (strlen($password) < 2) { $admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back); }
} } // end include class.secure.php // Get page id if (!isset($_POST['page_id']) or !is_numeric($_POST['page_id'])) { header("Location: index.php"); exit(0); } else { $page_id = $_POST['page_id']; } require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_settings'); // Include the functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; // Get values $page_link = htmlspecialchars(addslashes($admin->get_post('link'))); if (version_compare(PHP_VERSION, '5.4.0', '>=')) { $page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET); $menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET); } else { $page_title = htmlspecialchars($admin->get_post_escaped('page_title'), ENT_COMPAT, DEFAULT_CHARSET); $menu_title = htmlspecialchars($admin->get_post_escaped('menu_title'), ENT_COMPAT, DEFAULT_CHARSET); } $description = htmlspecialchars(addslashes($admin->get_post('description'))); $keywords = htmlspecialchars(addslashes($admin->get_post('keywords'))); $page_code = htmlspecialchars(addslashes($admin->get_post('page_code'))); $parent = $admin->get_post_escaped('parent'); $visibility = $admin->get_post_escaped('visibility'); $template = $admin->get_post_escaped('template'); $target = $admin->get_post_escaped('target'); $admin_groups = $admin->get_post_escaped('admin_groups');
} // Load Language file if (!file_exists(WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php')) { require_once WB_PATH . '/modules/capslider/languages/EN.php'; } else { require_once WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php'; } // Include WB admin wrapper script require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; // check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue) $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider'; $admin = new admin('admintools', 'admintools'); // Validate all fields if ($admin->get_post('title') == '') { $admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id); } else { $title = $admin->add_slashes($admin->get_post('title')); $height = $admin->add_slashes($admin->get_post('height')); $width = $admin->add_slashes($admin->get_post('width')); $speed = $admin->add_slashes($admin->get_post('speed')); $delay = $admin->add_slashes($admin->get_post('delay')); $panel = $admin->add_slashes($admin->get_post('panel')); } $gtable = TABLE_PREFIX . 'mod_capslider_groups'; // Update row $database->query("UPDATE " . $gtable . " SET `group_name` = '{$title}',`height` = '{$height}' ,`width` = '{$width}',`speed` = '{$speed}',`delay` = '{$delay}',`panel` = '{$panel}' WHERE group_id = '{$group_id}'"); // Check if there is a db error, otherwise say successful if ($database->is_error()) { $admin->print_error($database->get_error(), WB_URL . '/modules/capslider/modify_group.php?group_id=' . $group_id);
} else { require_once WB_PATH . '/modules/capslider/languages/' . LANGUAGE . '.php'; } // Include WB admin wrapper script require_once WB_PATH . '/framework/class.admin.php'; require_once WB_PATH . '/framework/functions.php'; include_once 'resize_img.php'; // Create Imagedir (/slide is rejected by some add_blockers, use slide inverted $slide_dir = WB_PATH . MEDIA_DIRECTORY . '/slider/'; make_dir($slide_dir); // check website baker platform (with WB 2.7, Admin-Tools were moved out of settings dialogue) $admintool_link = ADMIN_URL . '/admintools/index.php'; $module_edit_link = ADMIN_URL . '/admintools/tool.php?tool=capslider'; $admin = new admin('admintools', 'admintools'); // Validate all fields if ($admin->get_post('comments') == '') { $admin->print_error($MESSAGE['GENERIC']['FILL_IN_ALL'], WB_URL . '/modules/capslider/modify_slide.php?slide_id=' . $slide_id); } else { $active = $admin->get_post('active'); $group = $admin->add_slashes($admin->get_post('group')); $alt = $admin->add_slashes($admin->get_post('alt')); $height = $admin->add_slashes($admin->get_post('height')); $width = $admin->add_slashes($admin->get_post('width')); $image = $admin->add_slashes($admin->get_post('image')); $comments = $admin->add_slashes($admin->get_post('comments')); $modified_when = time(); $modified_by = $admin->get_user_id(); // Check if the user uploaded an image or wants to delete one if (isset($_FILES['newimage']['tmp_name']) && $_FILES['newimage']['tmp_name'] != '') { // Get real filename and set new filename $filename = $_FILES['newimage']['name'];
$allow_empty_values = array('website_header', 'website_footer', 'sec_anchor', 'pages_directory', 'page_spacer', 'wbmailer_smtp_secure'); $disallow_in_fields = array('pages_directory', 'media_directory', 'wb_version'); // Query current settings in the db, then loop through them and update the db with the new value $settings = array(); $old_settings = array(); // Query current settings in the db, then loop through them to get old values $sql = 'SELECT `name`, `value` FROM `' . TABLE_PREFIX . 'settings` ' . 'ORDER BY `name`'; if ($res_settings = $database->query($sql)) { $passed = false; while ($setting = $res_settings->fetchRow(MYSQLI_ASSOC)) { $old_settings[$setting['name']] = $setting['value']; $setting_name = $setting['name']; if ($setting_name == 'wb_version') { continue; } $value = $admin->get_post($setting_name); $value = is_null($value) ? '' : $value; $value = isset($_POST[$setting_name]) ? $value : $old_settings[$setting_name]; switch ($setting_name) { case 'default_timezone': $value = $value * 60 * 60; $passed = true; break; case 'string_dir_mode': $value = $dir_mode; $passed = true; break; case 'string_file_mode': $value = $file_mode; $passed = true; break;
// suppress to print the header, so no new FTAN will be set $admin = new admin('Access', 'users_add', false); // Create a javascript back link $js_back = ADMIN_URL . '/users/index.php'; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // After check print the header $admin->print_header(); $aInputs = array(); $aInputs = array_merge($_POST); // Get details entered $groups_id = isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : ''; $active = intval(is_array($aInputs['active']) ? $aInputs['active'][0] : $aInputs['active']); $username_fieldname = $admin->get_post('username_fieldname'); $username = strtolower($admin->get_post($username_fieldname)); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = $admin->get_post('display_name'); $email = $admin->get_post('email'); $home_folder = $admin->get_post('home_folder'); $default_language = DEFAULT_LANGUAGE; $default_timezone = DEFAULT_TIMEZONE; // Check values if ($groups_id == '') { $admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); } if (!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) { $admin->print_error($MESSAGE['USERS_NAME_INVALID_CHARS'] . ' / ' . $MESSAGE['USERS_USERNAME_TOO_SHORT'], $js_back); }
{ $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS']); } */ if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url); } // After check print the header $admin->print_header(); // Include the WB functions file if (!function_exists('create_access_file')) { require WB_PATH . '/framework/functions.php'; } // Get values $page_title = $admin->StripCodeFromText($admin->get_post('page_title')); $menu_title = $admin->StripCodeFromText($admin->get_post('menu_title')); $page_code = intval($admin->get_post('page_code')); $description = $admin->StripCodeFromText($admin->get_post('description')); $keywords = $admin->StripCodeFromText($admin->get_post('keywords')); $parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3 $visibility = $admin->StripCodeFromText($admin->get_post('visibility')); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-93-3 $template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template')); // fix secunia 2010-93-3 $template = $template == DEFAULT_TEMPLATE ? '' : $template; $target = preg_replace("/\\W/", "", $admin->get_post('target'));
*/ $pagetree_url = ADMIN_URL . '/pages/index.php'; $target_url = ADMIN_URL . '/pages/settings.php?page_id=' . $page_id; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $target_url); } // After check print the header $admin->print_header(); // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // Get values $page_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('page_title'))); $menu_title = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('menu_title'))); $the_link = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->get_post_escaped('link'))); $page_code = intval($admin->get_post('page_code')); $description = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('description')))); $keywords = str_replace(array("[[", "]]"), '', htmlspecialchars($admin->add_slashes($admin->get_post('keywords')))); $parent = intval($admin->get_post('parent')); // fix secunia 2010-91-3 $visibility = $admin->get_post_escaped('visibility'); if (!in_array($visibility, array('public', 'private', 'registered', 'hidden', 'none'))) { $visibility = 'public'; } // fix secunia 2010-93-3 $template = preg_replace('/[^a-z0-9_-]/i', "", $admin->get_post('template')); // fix secunia 2010-93-3 //$template = (($template == DEFAULT_TEMPLATE ) ? '' : $template); $target = preg_replace("/\\W/", "", $admin->get_post('target')); $admin_groups = $admin->get_post_escaped('admin_groups'); $viewing_groups = $admin->get_post_escaped('viewing_groups');
} // end include class.secure.php require_once LEPTON_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_add'); // Include the functions file require_once LEPTON_PATH . '/framework/summary.functions.php'; global $MESSAGE; global $database; // Get values $title = $admin->get_post_escaped('title'); if (version_compare(PHP_VERSION, '5.4.0', '>=')) { $title = htmlspecialchars($title, ENT_COMPAT | ENT_HTML401, DEFAULT_CHARSET); } else { $title = htmlspecialchars($title, ENT_COMPAT, DEFAULT_CHARSET); } $module = $admin->get_post('type'); $parent = $admin->get_post('parent'); $visibility = $admin->get_post('visibility'); $admin_groups = $admin->get_post('admin_groups'); $viewing_groups = $admin->get_post('viewing_groups'); // add Admin and view groups $admin_groups[] = 1; $viewing_groups[] = 1; if ($parent != 0) { if (!$admin->get_page_permission($parent, 'admin')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } } elseif (!$admin->get_permission('pages_add_l0', 'system')) { $admin->print_error($MESSAGE['PAGES_INSUFFICIENT_PERMISSIONS']); } // Validate data
sort($FILE); foreach ($FILE as $name) { $temp_id++; if ($file_id == $temp_id) { $rename_file = $name; $type = 'file'; } } } } $file_id = $admin->getIDKEY($file_id); if (!isset($rename_file)) { $admin->print_error($MESSAGE['MEDIA_FILE_NOT_FOUND'], $dirlink, false); } // Check if they entered a new name if (media_filename($admin->get_post('name')) == "") { $admin->print_error($MESSAGE['MEDIA_BLANK_NAME'], "rename.php?dir={$directory}&id={$file_id}", false); } else { $old_name = $admin->get_post('old_name'); $new_name = media_filename($admin->get_post('name')); } // Check if they entered an extension if ($type == 'file') { if (media_filename($admin->get_post('extension')) == "") { $admin->print_error($MESSAGE['MEDIA_BLANK_EXTENSION'], "rename.php?dir={$directory}&id={$file_id}", false); } else { $extension = media_filename($admin->get_post('extension')); } } else { $extension = ''; }
require dirname(dirname(dirname(__DIR__))) . '/config.php'; if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } // Include WB admin wrapper script $admintool_link = ADMIN_URL . '/admintools/index.php'; $ToolUrl = ADMIN_URL . '/admintools/tool.php?tool=droplets'; $admin = new admin('admintools', 'admintools', false); $droplet_id = intval($admin->checkIDKEY('droplet_id', false, 'post')); if (!$admin->checkFTAN() || !$droplet_id) { $admin->print_header(); $admin->print_error($droplet_id . ' ) ' . $MESSAGE['GENERIC_SECURITY_ACCESS'], $ToolUrl); } $admin->print_header(); // Validate all fields if ($admin->get_post('title') == '') { $admin->print_error($MESSAGE['GENERIC_FILL_IN_ALL'] . ' ( Droplet Name )', $ToolUrl); } else { $title = $admin->add_slashes($admin->get_post('title')); $active = (int) $admin->get_post('active'); $admin_view = (int) $admin->get_post('admin_view'); $admin_edit = (int) $admin->get_post('admin_edit'); $show_wysiwyg = (int) $admin->get_post('show_wysiwyg'); $description = $admin->add_slashes($admin->get_post('description')); $tags = array('<?php', '?>', '<?'); $content = $admin->add_slashes(str_replace($tags, '', $_POST['savecontent'])); $comments = trim($admin->add_slashes($admin->get_post('comments'))); $modified_when = time(); $modified_by = (int) $admin->get_user_id(); } // Update row
*/ // Print admin header require '../../config.php'; require_once WB_PATH . '/framework/class.admin.php'; // suppress to print the header, so no new FTAN will be set $admin = new admin('Access', 'groups_add', false); // Create a javascript back link $js_back = ADMIN_URL . '/groups/index.php'; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // After check print the header $admin->print_header(); // Gather details entered $group_name = $database->escapeString(trim(strip_tags($admin->get_post('group_name')))); // Check values if ($group_name == "") { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back); } $sql = 'SELECT COUNT(*) FROM `' . TABLE_PREFIX . 'groups` ' . 'WHERE `name`=\'' . $group_name . '\''; if ($database->get_one($sql)) { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_EXISTS'], $js_back); } // Get system and module permissions require ADMIN_PATH . '/groups/get_permissions.php'; // Update the database $sql = 'INSERT INTO `' . TABLE_PREFIX . 'groups` ' . 'SET `name`=\'' . $group_name . '\', ' . '`system_permissions`=\'' . $system_permissions . '\', ' . '`module_permissions`=\'' . $module_permissions . '\', ' . '`template_permissions`=\'' . $template_permissions . '\''; if ($database->query($sql)) { $admin->print_success($MESSAGE['GROUPS_ADDED'], ADMIN_URL . '/groups/index.php'); } else {
// Target location $requestMethod = '_' . strtoupper($_SERVER['REQUEST_METHOD']); $target = isset(${$requestMethod}['target']) ? ${$requestMethod}['target'] : ''; // Include the WB functions file $directory = $target == '/' ? '' : $target; $dirlink = 'index.php?dir=' . $directory; $rootlink = 'index.php?dir='; // Check to see if target contains ../ if (!check_media_path($target, false)) { $admin->print_error($MESSAGE['MEDIA_TARGET_DOT_DOT_SLASH']); } // Create relative path of the target location for the file $relative = WB_PATH . $target . '/'; $resizepath = str_replace(array('/', ' '), '_', $target); // Find out whether we should replace files or give an error $overwrite = $admin->get_post('overwrite') != '' ? true : false; // Get list of file types to which we're supposed to append 'txt' $get_result = $database->query("SELECT value FROM " . TABLE_PREFIX . "settings WHERE name='rename_files_on_upload' LIMIT 1"); $file_extension_string = ''; if ($get_result->numRows() > 0) { $fetch_result = $get_result->fetchRow(); $file_extension_string = $fetch_result['value']; } $file_extensions = explode(",", $file_extension_string); // get from settings and add to forbidden list $forbidden_file_types = preg_replace('/\\s*[,;\\|#]\\s*/', '|', RENAME_FILES_ON_UPLOAD); // Loop through the files $good_uploads = 0; $sum_dirs = 0; $sum_files = 0; for ($count = 1; $count <= 10; $count++) {
$admin = new admin('Access', 'groups_modify', false); // Create a javascript back link $js_back = ADMIN_URL . '/groups/index.php'; if (!$admin->checkFTAN()) { $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // Check if group group_id is a valid number and doesnt equal 1 $group_id = intval($admin->checkIDKEY('group_id', 0, $_SERVER['REQUEST_METHOD'])); if ($group_id < 2) { // if($admin_header) { $admin->print_header(); } $admin->print_header(); $admin->print_error($MESSAGE['GENERIC_SECURITY_ACCESS'], $js_back); } // Gather details entered $group_name = $admin->get_post('group_name'); // Check values if ($group_name == "") { $admin->print_error($MESSAGE['GROUPS_GROUP_NAME_BLANK'], $js_back); } // After check print the header $admin->print_header(); $system_permissions = array(); $query = 'SELECT * FROM `' . TABLE_PREFIX . 'groups` WHERE `group_id` = ' . $group_id; if ($oRes = $database->query($query)) { $aRes = $oRes->fetchRow(MYSQLI_ASSOC); $system_permissions = explode(',', $aRes['system_permissions']); } // Get system permissions require ADMIN_PATH . '/groups/get_permissions.php'; // Update the database
require dirname(dirname(__DIR__)) . '/config.php'; } if (!class_exists('admin', false)) { require WB_PATH . '/framework/class.admin.php'; } $admin = new admin('Media', 'media', false); // Include the WB functions file require_once WB_PATH . '/framework/functions.php'; // check if theme language file exists for the language set by the user (e.g. DE, EN) $sAddonName = basename(__DIR__); require WB_PATH . '/modules/' . $sAddonName . '/languages/EN.php'; if (file_exists(WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php')) { require WB_PATH . '/modules/' . $sAddonName . '/languages/' . LANGUAGE . '.php'; } //Save post vars to the parameters file if (!is_null($admin->get_post("save"))) { /* if (!$admin->checkFTAN()) { $admin->print_error('::'.$MESSAGE['GENERIC_SECURITY_ACCESS'],'browse.php',false); } */ if (DEFAULT_THEME != ' wb_theme') { //Check for existing settings entry, if not existing, create a record first! if (!$database->query("SELECT * FROM " . TABLE_PREFIX . "settings where `name`='mediasettings'")) { $database->query("INSERT INTO " . TABLE_PREFIX . "settings (`name`,`value`) VALUES ('mediasettings','')"); } } else { $pathsettings = array(); } $dirs = directory_list(WB_PATH . MEDIA_DIRECTORY);
} // After check print the header $admin->print_header(); $aInputs = array(); $aInputs = array_merge($_POST); // Check if user id is a valid number and doesnt equal 1 if (!isset($aInputs['user_id']) or !is_numeric($aInputs['user_id']) or $aInputs['user_id'] == 1) { header("Location: index.php"); exit(0); } else { $user_id = intval($aInputs['user_id']); } // Gather details entered $groups_id = isset($aInputs['groups']) ? implode(",", $aInputs['groups']) : ''; $active = intval(is_array($aInputs['active']) ? $aInputs['active'][0] : $aInputs['active']); $password = $admin->get_post('password'); $password2 = $admin->get_post('password2'); $display_name = $admin->StripCodeFromText($admin->get_post('display_name')); $email = $admin->get_post('email'); $home_folder = $admin->get_post('home_folder'); // Check values if ($groups_id == "") { $admin->print_error($MESSAGE['USERS_NO_GROUP'], $js_back); } if ($password != "") { if (strlen($password) < 2) { $admin->print_error($MESSAGE['USERS_PASSWORD_TOO_SHORT'], $js_back); } if ($password != $password2) { $admin->print_error($MESSAGE['USERS_PASSWORD_MISMATCH'], $js_back); }