</p>';
$content .= '
</div>';
}
}
$content .= '<div style="clear: both;"></div>';
echo $content;
}
function show_upcoming()
{
$this->EJ_mysql->query("SELECT * FROM {$this->EJ_mysql->prefix}module_EJ_events WHERE EJ_eventDate > NOW() and EJ_eventHidden = 0 LIMIT 5");
if ($this->EJ_mysql->numRows() == 0) {
$content .= "<p>No Upcoming Events</p>";
} else {
while ($event = $this->EJ_mysql->getRow()) {
$content .= "\r\n\t\t\t\t\t<div>";
$content .= '
<div class="upcoming">
<p><strong><a href="?module=EJ_events&action=show_event' . $preview . '&eventid=' . $event['EJ_eventId'] . '">' . $event['EJ_eventTitle'] . '</a></strong></p>
<p>' . date("D d M Y", strtotime($event['EJ_eventDate'])) . ' at ' . $event['EJ_eventTime'] . '</p>
<p>' . substr($event['EJ_eventText'], 0, 50) . '... <a href="?module=EJ_events&action=show_event' . $preview . '&eventid=' . $event['EJ_eventId'] . '">more</a></p>
</div>';
$content .= "\r\n\t\t\t\t\t</div>";
}
}
echo $content;
}
}
} else {
EJ_error(41, basename(__FILE__));
}
<?php
require_once 'init.inc.php';
if ($_SESSION['usertype'] < 5) {
header('location: index.php');
die;
}
if (isset($_POST['save'])) {
foreach ($_POST as $setting => $value) {
$EJ_settings['queries'][] = "UPDATE {$EJ_mysql->prefix}settings SET value = '{$value}' WHERE setting = '{$setting}'";
$EJ_settings[$setting] = $value;
}
foreach ($EJ_settings['queries'] as $query) {
error_reporting(E_ALL);
if (!$EJ_mysql->query($query)) {
EJ_error(31);
}
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>EJigsaw Site Administration Suite</title>
<link rel="stylesheet" href="styles/ej_styles_main.php" type="text/css" />
<link rel="stylesheet" href="styles/ej_styles_settings.php" type="text/css" />
</head>
<body>
<div id="frame">
echo $modules_menu;
}
}
echo '<div style="float:right; font-size: 1.2em; font-weight: bold; line-height: 20px; vertical-align: middle; margin-right: 10px; color: #42769B;">' . $EJ_settings['sitename'] . '</div>';
}
/*
** Script Initialisation
*/
//error_reporting(E_ERROR);
set_error_handler("EJ_error", E_ERROR);
require 'config.inc.php';
$EJ_mysql = new EJ_mysql($EJ_settings['mysqlhost'], $EJ_settings['mysqluser'], $EJ_settings['mysqlpass'], $EJ_settings['mysqldb'], $EJ_settings['mysqlprefix']);
// Fetch settings
$EJ_mysql->query("SHOW TABLES LIKE '{$EJ_mysql->prefix}settings'");
if ($EJ_mysql->numRows() == 0) {
EJ_error(2);
}
$EJ_mysql->query("SELECT * FROM {$EJ_mysql->prefix}settings");
while ($EJ_settings['mysqlarray'] = $EJ_mysql->getRow()) {
$EJ_settings[$EJ_settings['mysqlarray']['setting']] = $EJ_settings['mysqlarray']['value'];
}
// Version Checking
$curr_ver = 0.2;
if ($EJ_settings['version'] < $curr_ver) {
$page_errors .= "<p class=\"EJ_user_message\">EJigsaw update detected! Please run <a href=\"install.php\">install.php</a><br/>Installed Version: " . $EJ_settings['version'] . "<br/>Current Version: " . $curr_ver . "</p>";
}
/*
** Page Initialisation
*/
// Clear config.inc.php MYSQL settings for security
unset($EJ_settings['mysqlhost'], $EJ_settings['mysqluser'], $EJ_settings['mysqlpass'], $EJ_settings['mysqldb'], $EJ_settings['mysqlprefix']);
<?php
/*
*** EJigsaw Site Administration Suite
**
*** By Jigsaw Spain - www.jigsawspain.com
**
*** Save Profile AJAX Procedure - File Build 0.1
*/
$EJ_initPage = 'ajax';
require '../init.inc.php';
// Check if user is correctly logged in (cross domain posting prevention)
if (!isset($_SESSION['userid']) or $_POST['key'] != $_SESSION['key'] or empty($_POST['key'])) {
EJ_error(12);
}
// Add new user
$i = 0;
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
$EJ_mysql->query("UPDATE {$EJ_mysql->prefix}users SET email = '{$_POST['email']}', pass = MD5('{$_POST['pass']}') WHERE userid = '{$_SESSION['userid']}'");
// If everything has gone smoothly
echo '<p class="EJ_user_success">Profile Updated</p>';
if ($_POST['type'] >= $_SESSION['usertype'] and $_SESSION['usertype'] != 9) {
EJ_error(13);
}
// Check if user already exists
$EJ_mysql->query("SELECT userid, email FROM {$EJ_mysql->prefix}users WHERE userid = '{$_POST['uname']}' OR email = '{$_POST['email']}'");
if ($EJ_mysql->numRows() != 0) {
EJ_error(21);
}
// Add new user
$i = 0;
$chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789abcdefghijklmnopqrstuvwxyz";
$pass = "";
while ($i < 12) {
$pick = rand(0, strlen($chars) - 1);
$pass .= substr($chars, $pick, 1);
$i++;
}
$EJ_mysql->query("INSERT INTO {$EJ_mysql->prefix}users SET userid = '{$_POST['uname']}', email = '{$_POST['email']}', type = {$_POST['type']}, pass = MD5('{$pass}')");
// Send confirmation to new users email address
$to = $_POST['email'];
$from = $EJ_settings['sitename'] . ' <' . $EJ_settings['siteemail'] . '>';
$subject = "User Account Created";
$message = "<html><p>This email is to confirm that the administrators at {$EJ_settings['sitename']} have created an account for you. The details of the account can be found below:</p><p><strong>Username</strong>: {$_POST['uname']}<br/><strong>Password</strong>: {$pass}</p><p>Although this password has been automatically generated, we strongly recommend you head over to <a href=\"http://{$EJ_settings['siteaddress']}\">http://{$EJ_settings['siteaddress']}</a> to log in and change it immediately.</p><p>If you think you have received this email in error, please hit reply, put 'CANCEL ACCOUNT' in the subject field, and hit send. This will mark the account for cancellation at the earliest opportunity.</p><p>If you should have any further queries, please do not hesitate to contact the Admin Team by replying to this message.</p><p>Kind Regards</p><p>Admin Team<br/><strong>{$EJ_settings['sitename']}</strong></p></html>";
$headers = "From: {$from}" . "\r\n" . "Reply-To: {$from}" . "\r\n" . "Content-Type: text/html; charset=\"iso-8859-1\"" . "\r\n" . 'X-Mailer: PHP/' . phpversion();
if (!mail($to, $subject, $message, $headers)) {
$EJ_mysql->query("DELETE FROM {$EJ_mysql->prefix}users WHERE userid = '{$_POST['uname']}'");
echo $to . "::" . $subject . "::" . $message . "::" . $headers;
EJ_error(22);
}
// If everything has gone smoothly
echo '<p class="EJ_user_success">User Added Successfully</p>';
$EJ_settings['mysqlresult2'] = mysql_query($EJ_settings['mysqlquery2'], $EJ_settings['mysqlconnect']);
if (!$EJ_settings['mysqlresult2']) {
EJ_error(6);
}
if (mysql_num_rows($EJ_settings['mysqlresult']) == 0 or mysql_num_rows($EJ_settings['mysqlresult2']) != 3) {
echo "\r\n\t<p class=\"EJ_instText\">\r\n\t\t> Populating Tables...";
// Set initial User data
$EJ_settings['mysqlquery'] = "INSERT INTO {$EJ_settings['mysqlprefix']}users (userid, pass, email, type) VALUES\r\n\t('admin', MD5('abc123'), '*****@*****.**', 9)\r\n\tON DUPLICATE KEY UPDATE userid = userid";
$EJ_settings['mysqlresult3'] = mysql_query($EJ_settings['mysqlquery'], $EJ_settings['mysqlconnect']);
if (!$EJ_settings['mysqlresult3']) {
EJ_error(7);
}
if (mysql_num_rows($EJ_settings['mysqlresult']) == 0) {
echo "<br/>\r\n\t\tPopulated users table";
}
// Set initial Settings data
$EJ_settings['mysqlquery'] = "INSERT INTO {$EJ_settings['mysqlprefix']}settings (setting, name, value, `desc`) VALUES\r\n\t('siteemail', 'Site Email', '*****@*****.**', 'A contact email address for your site. Automatically generated emails to users will be shown as having been sent from this address.') ,\r\n\t('sitename', 'Site Name', 'EJigsaw Site', 'A short name for your website. This will appear in automatically generated emails to users (e.g. Kind Regards, {Site Name})') ,\r\n\t('siteaddress', 'Site Address', 'www.yourdomain.com', 'The home page address of your site. This should be as you want it to appear on emails and corespondence sent from the site. (Note: do NOT include the \\'http://\\')')\r\n\tON DUPLICATE KEY UPDATE setting = setting";
$EJ_settings['mysqlresult3'] = mysql_query($EJ_settings['mysqlquery'], $EJ_settings['mysqlconnect']);
if (!$EJ_settings['mysqlresult3']) {
EJ_error(7);
}
if (mysql_num_rows($EJ_settings['mysqlresult2']) != 3) {
echo "<br/>\r\n\t\tPopulated settings table";
}
echo "<br/>\r\n\t\t> Done\r\n\t</p>";
}
/*
** Installation Completion
*/
mysql_close($EJ_settings['mysqlconnect']);
echo "\r\n\t<p class=\"EJ_instText\">\r\n\t\t><br/>\r\n\t\t>> Installation / Update Completed Successfully!<br/>\r\n\t\t><br/>\r\n\t\t> Your are now using version {$EJ_settings['ver']}<br/>\r\n\t\t> It is recommended that you now delete the 'install.php' file from your server, or rename it to prevent unauthorised access.<br/>\r\n\t\t>\r\n\t</p>\r\n\t<p class=\"EJ_instText\">\r\n\t\tTo access the control panel, please follow the link below and login.<br/>(default username: admin, password: abc123)<br/>\r\n\t\t<a href=\"{$EJ_settings['instloc']}\">Control Panel</a>\r\n\t</p>\r\n</div>\r\n</body>\r\n</html>";
/*
*** EJigsaw Site Administration Suite
**
*** By Jigsaw Spain - www.jigsawspain.com
**
*** Add User AJAX Procedure - File Build 0.2
*/
$EJ_initPage = 'ajax';
require '../init.inc.php';
// Check if user is correctly logged in (cross domain posting prevention)
if (!isset($_SESSION['userid']) or $_POST['key'] != $_SESSION['key'] or empty($_POST['key'])) {
EJ_error(12);
}
// Check if user exists, if so get user type
$EJ_mysql->query("SELECT type FROM {$EJ_mysql->prefix}users WHERE userid = '{$_POST['uname']}'");
if ($EJ_mysql->numRows() == 0) {
EJ_error(23);
}
$user = $EJ_mysql->getRow();
// Check Authority to delete user
if ($_SESSION['usertype'] <= $user['type'] and $_SESSION['usertype'] != 9) {
EJ_error(15);
}
if ($_POST['uname'] == 'admin') {
EJ_error(14);
}
// Delete the user
$EJ_mysql->query("DELETE FROM {$EJ_mysql->prefix}users WHERE userid = '{$_POST['uname']}'");
// If everything has gone smoothly
echo '<p class="EJ_user_success">User Deleted</p>';
}
}
}
}
closedir($directory);
// Process module/page actions
if (isset($_REQUEST['module'])) {
if ($_REQUEST['key'] != $_SESSION['key']) {
ob_start();
EJ_error(12);
$page_errors .= ob_get_contents();
ob_end_clean();
} else {
if ($EJ_modules[$_REQUEST['module']]['found'] != 1 and $EJ_modules[$_REQUEST['module']]['install'] != 1) {
ob_start();
EJ_error(40);
$page_errors .= ob_get_contents();
ob_end_clean();
} else {
$id = $_REQUEST['module'];
$_vars = $_REQUEST;
unset($_vars['PHPSESSID']);
$module = new $id($EJ_mysql, $_vars);
switch (strtolower($_REQUEST['action'])) {
case 'install':
ob_start();
if ($module->install()) {
unset($EJ_modules[$id]['install']);
$EJ_modules[$id]['found'] = 1;
} else {
echo "<p class=\"EJ_user_error\"><strong>ERROR</strong>: Install Failed!<br/>Please contact creator or Jigsaw Support</p>";