function startLogin($username) { try { if (checkSession($username)) { $con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD); $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $date = new DateTime(); $token = hash("sha256", $date->format('Y-m-d H:i:s')); $sql = "UPDATE userssession SET token = '{$token}' WHERE username = :username"; $stmt = $con->prepare($sql); $stmt->bindValue("username", $username, PDO::PARAM_STR); $stmt->execute(); $session = loadSession($username); echo $session->getJSON(); } else { // create a new token $con = new PDO(DB_DSN, DB_USERNAME, DB_PASSWORD); $con->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); $date = new DateTime(); $token = hash("sha256", $date->format('Y-m-d H:i:s')); $sql = "INSERT INTO userssession(username,token) VALUES (:username,'{$token}')"; $stmt = $con->prepare($sql); $stmt->bindValue("username", $username, PDO::PARAM_STR); $stmt->execute(); $session = loadSession($username); echo $session->getJSON(); } } catch (PDOException $e) { $e->getMessage(); } }
/** * This is the main dispatcher. Sets up all the available sub-actions, all the tabs and selects * the appropriate one based on the sub-action. * * Requires the admin_forum permission. * Redirects to the appropriate function based on the sub-action. * * @uses edit_settings adminIndex. */ function ModifySettings() { global $context, $txt, $scripturl, $boarddir; // This is just to keep the database password more secure. isAllowedTo('admin_forum'); // Load up all the tabs... $context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['admin_server_settings'], 'help' => 'serversettings', 'description' => $txt['admin_basic_settings']); checkSession('request'); // The settings are in here, I swear! loadLanguage('ManageSettings'); $context['page_title'] = $txt['admin_server_settings']; $context['sub_template'] = 'show_settings'; $subActions = array('general' => 'ModifyGeneralSettings', 'database' => 'ModifyDatabaseSettings', 'cookie' => 'ModifyCookieSettings', 'cache' => 'ModifyCacheSettings', 'loads' => 'ModifyLoadBalancingSettings', 'phpinfo' => 'ShowPHPinfoSettings'); call_integration_hook('integrate_server_settings', array(&$subActions)); // By default we're editing the core settings $_REQUEST['sa'] = isset($_REQUEST['sa']) && isset($subActions[$_REQUEST['sa']]) ? $_REQUEST['sa'] : 'general'; $context['sub_action'] = $_REQUEST['sa']; // Any messages to speak of? $context['settings_message'] = isset($_REQUEST['msg']) && isset($txt[$_REQUEST['msg']]) ? $txt[$_REQUEST['msg']] : ''; // Warn the user if there's any relevant information regarding Settings.php. if ($_REQUEST['sa'] != 'cache') { // Warn the user if the backup of Settings.php failed. $settings_not_writable = !is_writable($boarddir . '/Settings.php'); $settings_backup_fail = !@is_writable($boarddir . '/Settings_bak.php') || !@copy($boarddir . '/Settings.php', $boarddir . '/Settings_bak.php'); if ($settings_not_writable) { $context['settings_message'] = '<div class="centertext"><strong>' . $txt['settings_not_writable'] . '</strong></div><br />'; } elseif ($settings_backup_fail) { $context['settings_message'] = '<div class="centertext"><strong>' . $txt['admin_backup_fail'] . '</strong></div><br />'; } $context['settings_not_writable'] = $settings_not_writable; } // Call the right function for this sub-action. $subActions[$_REQUEST['sa']](); }
/** * Config array for chaning the karma settings * Accessed from ?action=admin;area=featuresettings;sa=karma; * * @param $return_config */ function ModifyKarmaSettings($return_config = false) { global $txt, $scripturl, $context, $modSettings; loadLanguage('Karma+ManageKarma'); if (empty($modSettings['karmaMode'])) { $config_vars = array(array('select', 'karmaMode', explode('|', $txt['karma_options']))); } else { $config_vars = array(array('select', 'karmaMode', explode('|', $txt['karma_options'])), '', array('int', 'karmaMinPosts', 6, 'postinput' => strtolower($txt['posts'])), array('float', 'karmaWaitTime', 6, 'postinput' => $txt['hours']), array('check', 'karmaTimeRestrictAdmins')); } call_integration_hook('integrate_karma_settings', array(&$config_vars)); if ($return_config) { return $config_vars; } // Saving? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_karma_settings'); saveDBSettings($config_vars); $_SESSION['adm-save'] = true; redirectexit('action=admin;area=featuresettings;sa=karma'); } $context['post_url'] = $scripturl . '?action=admin;area=featuresettings;save;sa=karma'; $context['settings_title'] = $txt['karma']; loadLanguage('ManageKarma'); prepareDBSettingContext($config_vars); }
function authenticateUser($redirectUrl) { checkSession(); if (!isUserLoggedIn()) { redirect($redirectUrl); } }
function gplus_unsync() { global $user_info; checkSession('get'); updateMemberData($user_info['id'], array('gpid' => '', 'gpname' => '')); redirectexit('action=profile'); }
function save() { global $boarddir, $context; checkSession('post'); $styleheaders = $_POST['headers']; $stylefooters = $_POST['footers']; $styleheaders = stripslashes($styleheaders); $stylefooters = stripslashes($stylefooters); //Save Headers $filename = $boarddir . '/smfheader.txt'; @chmod($filename, 0644); if (!($handle = fopen($filename, 'w'))) { fatal_error('Can not open' . $filename . '.', false); } // Write the headers to our opened file. if (!fwrite($handle, $styleheaders)) { //fatal_error('Can not write to' . $filename . '.',false); } fclose($handle); //Save Footers $filename = $boarddir . '/smffooter.txt'; @chmod($filename, 0644); if (!($handle = fopen($filename, 'w'))) { fatal_error('Can not open' . $filename . '.', false); } // Write the headers to our opened file. if (!fwrite($handle, $stylefooters)) { //fatal_error('Can not write to' . $filename . '.',false); } fclose($handle); redirectexit('action=globalhf;sesc=' . $context['session_id']); }
/** * This action handler method displays and allows to change avatar settings. * * - Called by index.php?action=admin;area=manageattachments;sa=avatars. * * @uses 'avatars' sub-template. */ public function action_avatarSettings_display() { global $txt, $context, $scripturl; // Initialize the form $this->_initAvatarSettingsForm(); $config_vars = $this->_avatarSettings->settings(); // Saving avatar settings? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_avatar_settings'); // Disable if invalid values would result if (isset($_POST['custom_avatar_enabled']) && $_POST['custom_avatar_enabled'] == 1 && (empty($_POST['custom_avatar_dir']) || empty($_POST['custom_avatar_url']))) { $_POST['custom_avatar_enabled'] = 0; } Settings_Form::save_db($config_vars); redirectexit('action=admin;area=manageattachments;sa=avatars'); } // Attempt to figure out if the admin is trying to break things. $context['settings_save_onclick'] = 'return document.getElementById(\'custom_avatar_enabled\').value == 1 && (document.getElementById(\'custom_avatar_dir\').value == \'\' || document.getElementById(\'custom_avatar_url\').value == \'\') ? confirm(\'' . $txt['custom_avatar_check_empty'] . '\') : true;'; // We need this for the in-line permissions createToken('admin-mp'); // Prepare the context. $context['post_url'] = $scripturl . '?action=admin;area=manageattachments;save;sa=avatars'; Settings_Form::prepare_db($config_vars); // Add a layer for the javascript. Template_Layers::getInstance()->add('avatar_settings'); $context['sub_template'] = 'show_settings'; }
/** * Adminstration page for topics: allows to display and set settings related to topics. * * Requires the admin_forum permission. * Accessed from ?action=admin;area=postsettings;sa=topics. * @uses Admin template, edit_topic_settings sub-template. */ public function action_topicSettings_display() { global $context, $txt, $scripturl; // Initialize the form $this->_initTopicSettingsForm(); // Retrieve the current config settings $config_vars = $this->_topicSettings->settings(); // Setup the template. $context['sub_template'] = 'show_settings'; // Are we saving them - are we?? if (isset($_GET['save'])) { // Security checks checkSession(); // Notify addons and integrations of the settings change. call_integration_hook('integrate_save_topic_settings'); // Save the result! Settings_Form::save_db($config_vars); // We're done here, pal. redirectexit('action=admin;area=postsettings;sa=topics'); } // Set up the template stuff nicely. $context['post_url'] = $scripturl . '?action=admin;area=postsettings;save;sa=topics'; $context['settings_title'] = $txt['manageposts_topic_settings']; // Prepare the settings Settings_Form::prepare_db($config_vars); }
function sportal_admin_state_change() { checkSession('get'); if (!empty($_REQUEST['block_id'])) { $id = (int) $_REQUEST['block_id']; } elseif (!empty($_REQUEST['category_id'])) { $id = (int) $_REQUEST['category_id']; } elseif (!empty($_REQUEST['article_id'])) { $id = (int) $_REQUEST['article_id']; } else { fatal_lang_error('error_sp_id_empty', false); } changeState($_REQUEST['type'], $id); if ($_REQUEST['type'] == 'block') { $sides = array(1 => 'left', 2 => 'top', 3 => 'bottom', 4 => 'right'); $list = !empty($_GET['redirect']) && isset($sides[$_GET['redirect']]) ? $sides[$_GET['redirect']] : 'list'; redirectexit('action=admin;area=portalblocks;sa=' . $list); } elseif ($_REQUEST['type'] == 'category') { redirectexit('action=admin;area=portalarticles;sa=categories'); } elseif ($_REQUEST['type'] == 'article') { redirectexit('action=admin;area=portalarticles;sa=articles'); } else { redirectexit('action=admin;area=portalconfig'); } }
/** * This keeps track of all registered handling functions for auto suggest * functionality and passes execution to them. * Accessed by action=suggest. * @uses Xml template */ public function action_suggest() { global $context; // These are all registered types. $searchTypes = array('member' => array('file' => SUBSDIR . '/Suggest.class.php', 'class' => 'Suggest', 'function' => 'member')); call_integration_hook('integrate_autosuggest', array(&$searchTypes)); checkSession('get'); loadTemplate('Xml'); // Any parameters? $context['search_param'] = isset($_REQUEST['search_param']) ? unserialize(base64_decode($_REQUEST['search_param'])) : array(); if (isset($_REQUEST['suggest_type'], $_REQUEST['search']) && isset($searchTypes[$_REQUEST['suggest_type']])) { // Shortcut $currentSearch = $searchTypes[$_REQUEST['suggest_type']]; // Do we have a file to include? if (!empty($currentSearch['file']) && file_exists($currentSearch['file'])) { require_once $currentSearch['file']; } // If it is a class, let's instantiate it if (!empty($currentSearch['class']) && class_exists($currentSearch['class'])) { $suggest = new $currentSearch['class'](); // Okay, let's at least assume the method exists... *rolleyes* $context['xml_data'] = $suggest->{$currentSearch}['function'](); } elseif (function_exists('action_suggest_' . $currentSearch['function'])) { $function = 'action_suggest_' . $searchTypes[$_REQUEST['suggest_type']]; $context['xml_data'] = $function(); } if (!empty($context['xml_data'])) { $context['sub_template'] = 'generic_xml'; } } }
public function fb_usync() { global $fb_hook_object; checkSession('get'); updateMemberData($fb_hook_object->user_info_id, array('fbname' => '', 'fbid' => '')); $fb_hook_object->update_themes_face_del('face_pro', $fb_hook_object->user_info_id); redirectexit('action=profile;u=' . $fb_hook_object->user_info_id . ';facebook_unsync'); }
function RepairBoards() { global $txt, $scripturl, $db_connection, $context, $sourcedir; global $salvageCatID, $salvageBoardID, $smcFunc, $errorTests; isAllowedTo('admin_forum'); // Try secure more memory. @ini_set('memory_limit', '128M'); // Print out the top of the webpage. $context['page_title'] = $txt['admin_repair']; $context['sub_template'] = 'repair_boards'; $context[$context['admin_menu_name']]['current_subsection'] = 'general'; // Load the language file. loadLanguage('ManageMaintenance'); // Make sure the tabs stay nice. $context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['maintain_title'], 'help' => '', 'description' => $txt['maintain_info'], 'tabs' => array()); // Start displaying errors without fixing them. if (isset($_GET['fixErrors'])) { checkSession('get'); } // Will want this. loadForumTests(); // Giant if/else. The first displays the forum errors if a variable is not set and asks // if you would like to continue, the other fixes the errors. if (!isset($_GET['fixErrors'])) { $context['error_search'] = true; $context['repair_errors'] = array(); $context['to_fix'] = findForumErrors(); if (!empty($context['to_fix'])) { $_SESSION['repairboards_to_fix'] = $context['to_fix']; $_SESSION['repairboards_to_fix2'] = null; if (empty($context['repair_errors'])) { $context['repair_errors'][] = '???'; } } } else { $context['error_search'] = false; $context['to_fix'] = isset($_SESSION['repairboards_to_fix']) ? $_SESSION['repairboards_to_fix'] : array(); require_once $sourcedir . '/Subs-Boards.php'; // Get the MySQL version for future reference. $mysql_version = $smcFunc['db_server_info']($db_connection); // Actually do the fix. findForumErrors(true); // Note that we've changed everything possible ;) updateSettings(array('settings_updated' => time())); updateStats('message'); updateStats('topic'); updateSettings(array('calendar_updated' => time())); if (!empty($salvageBoardID)) { $context['redirect_to_recount'] = true; } $_SESSION['repairboards_to_fix'] = null; $_SESSION['repairboards_to_fix2'] = null; } }
/** * Check if the user is who he/she says he is * Makes sure the user is who they claim to be by requiring a password to be typed in every hour. * Is turned on and off by the securityDisable setting. * Uses the adminLogin() function of Subs-Auth.php if they need to login, which saves all request (post and get) data. * * @param string $type = admin */ function validateSession($type = 'admin') { global $modSettings, $sourcedir, $user_info, $sc, $user_settings; // We don't care if the option is off, because Guests should NEVER get past here. is_not_guest(); // Validate what type of session check this is. $types = array(); call_integration_hook('integrate_validateSession', array($types)); $type = in_array($type, $types) || $type == 'moderate' ? $type : 'admin'; // If we're using XML give an additional ten minutes grace as an admin can't log on in XML mode. $refreshTime = isset($_GET['xml']) ? 4200 : 3600; // Is the security option off? if (!empty($modSettings['securityDisable' . ($type != 'admin' ? '_' . $type : '')])) { return; } // Or are they already logged in?, Moderator or admin sesssion is need for this area if (!empty($_SESSION[$type . '_time']) && $_SESSION[$type . '_time'] + $refreshTime >= time() || !empty($_SESSION['admin_time']) && $_SESSION['admin_time'] + $refreshTime >= time()) { return; } require_once $sourcedir . '/Subs-Auth.php'; // Hashed password, ahoy! if (isset($_POST[$type . '_hash_pass']) && strlen($_POST[$type . '_hash_pass']) == 40) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_hash_pass'], true)), true); if ($good_password || $_POST[$type . '_hash_pass'] == sha1($user_info['passwd'] . $sc)) { $_SESSION[$type . '_time'] = time(); return; } } // Posting the password... check it. if (isset($_POST[$type . '_pass'])) { checkSession(); $good_password = in_array(true, call_integration_hook('integrate_verify_password', array($user_info['username'], $_POST[$type . '_pass'], false)), true); // Password correct? if ($good_password || sha1(strtolower($user_info['username']) . $_POST[$type . '_pass']) == $user_info['passwd']) { $_SESSION[$type . '_time'] = time(); return; } } // OpenID? if (!empty($user_settings['openid_uri'])) { require_once $sourcedir . '/Subs-OpenID.php'; smf_openID_revalidate(); $_SESSION[$type . '_time'] = time(); return; } // Need to type in a password for that, man. if (!isset($_GET['xml'])) { adminLogin($type); } else { return 'session_verify_fail'; } }
public function action_index() { global $user_info; checkSession('get'); $id_notice = isset($_GET['idnotice']) ? (int) $_GET['idnotice'] : 0; if (!empty($id_notice)) { require_once SUBSDIR . '/DismissibleNotices.class.php'; $notice = new Dismissible_Notices(); $notice->disableMemberNotice($id_notice, $user_info['id']); } die; }
/** * Called from a mouse click, * works out what we want to do with attachments and actions it. * Accessed by ?action=attachapprove */ public function action_attachapprove() { global $user_info; // Security is our primary concern... checkSession('get'); // If it approve or delete? $is_approve = !isset($_GET['sa']) || $_GET['sa'] != 'reject' ? true : false; $attachments = array(); require_once SUBSDIR . '/ManageAttachments.subs.php'; // If we are approving all ID's in a message , get the ID's. if ($_GET['sa'] == 'all' && !empty($_GET['mid'])) { $id_msg = (int) $_GET['mid']; $attachments = attachmentsOfMessage($id_msg); } elseif (!empty($_GET['aid'])) { $attachments[] = (int) $_GET['aid']; } if (empty($attachments)) { fatal_lang_error('no_access', false); } // @todo nb: this requires permission to approve posts, not manage attachments // Now we have some ID's cleaned and ready to approve, but first - let's check we have permission! $allowed_boards = !empty($user_info['mod_cache']['ap']) ? $user_info['mod_cache']['ap'] : boardsAllowedTo('approve_posts'); if ($allowed_boards == array(0)) { $approve_query = ''; } elseif (!empty($allowed_boards)) { $approve_query = ' AND m.id_board IN (' . implode(',', $allowed_boards) . ')'; } else { $approve_query = ' AND 0'; } // Validate the attachments exist and have the right approval state. $attachments = validateAttachments($attachments, $approve_query); // Set up a return link based off one of the attachments for this message $attach_home = attachmentBelongsTo($attachments[0]); $redirect = 'topic=' . $attach_home['id_topic'] . '.msg' . $attach_home['id_msg'] . '#msg' . $attach_home['id_msg']; if (empty($attachments)) { fatal_lang_error('no_access', false); } // Finally, we are there. Follow through! if ($is_approve) { // Checked and deemed worthy. approveAttachments($attachments); } else { removeAttachments(array('id_attach' => $attachments, 'do_logging' => true)); } // We approved or removed, either way we reset those numbers cache_put_data('num_menu_errors', null, 900); // Return to the topic.... redirectexit($redirect); }
/** * If you have a general mod setting to add stick it here. */ public function action_addonSettings_display() { // Initialize the form $this->_initAddonSettingsForm(); // Initialize settings $config_vars = $this->_addonSettings->settings(); // Saving? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_general_mod_settings'); Settings_Form::save_db($config_vars); redirectexit('action=admin;area=addonsettings;sa=general'); } Settings_Form::prepare_db($config_vars); }
function CLS_ChangeThemeSettings($return_config = false) { global $txt, $scripturl, $context; $config_vars = array(); $config_vars[] = array('check', 'change_theme_check_top'); $config_vars[] = array('check', 'change_theme_check_bot'); if ($return_config) { return $config_vars; } $context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=cls'; if (isset($_GET['save'])) { checkSession(); saveDBSettings($config_vars); redirectexit('action=admin;area=modsettings;sa=cls'); } prepareDBSettingContext($config_vars); }
public static function installProducts() { global $context; isAllowedTo('admin_forum'); checkSession('get'); $action = isset($_REQUEST['sa']) ? $_REQUEST['sa'] : ''; $pluginlist = isset($_REQUEST['p']) ? explode(',', $_REQUEST['p']) : array(); if (!empty($pluginlist) && ($action === 'install' || $action === 'uninstall')) { foreach ($pluginlist as $plugin) { if ($action === 'install') { self::install($plugin); } else { self::uninstall($plugin); } } } redirectexit('action=admin;area=plugins;' . $context['session_var'] . '=' . $context['session_id']); }
function ArcadeMaintenanceHighscore() { global $sourcedir, $scripturl, $txt, $modSettings, $context, $settings, $smcFunc; if (isset($_REQUEST['score_action'])) { checkSession(); if ($_REQUEST['score_action'] == 'older' && is_numeric($_REQUEST['age'])) { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}arcade_scores WHERE end_time < {int:time}', array('time' => time() - (int) $_REQUEST['age'] * 86400)); } elseif ($_REQUEST['score_action'] == 'all') { $smcFunc['db_query']('', ' DELETE FROM {db_prefix}arcade_scores', array()); } redirectexit('action=admin;area=arcademaintenance;maintenance=fixScores;back=score;' . $context['session_var'] . '=' . $context['session_id']); } // Template $context['sub_template'] = 'arcade_admin_maintenance_highscore'; }
public function createUserHandle($email, $username, $password, $verified, $custom_register_fields, $profile, &$errors) { global $sourcedir, $context, $modSettings, $maintenance, $mmessage, $scripturl; checkSession(); $_POST['emailActivate'] = true; if (empty($password)) { get_error('password cannot be empty'); } if (!($maintenance == 0)) { get_error('Forum is in maintenance model or Tapatalk is disabled by forum administrator.'); } if ($modSettings['registration_method'] == 0) { $register_mode = 'nothing'; } else { if ($modSettings['registration_method'] == 1) { $register_mode = $verified ? 'nothing' : 'activation'; } else { $register_mode = isset($modSettings['auto_approval_tp_user']) && $modSettings['auto_approval_tp_user'] && $verified ? 'nothing' : 'approval'; } } $email = htmltrim__recursive(str_replace(array("\n", "\r"), '', $email)); $username = htmltrim__recursive(str_replace(array("\n", "\r"), '', $username)); $password = htmltrim__recursive(str_replace(array("\n", "\r"), '', $password)); $group = 0; if ($register_mode == 'nothing' && isset($modSettings['tp_iar_usergroup_assignment'])) { $group = $modSettings['tp_iar_usergroup_assignment']; } $regOptions = array('interface' => $register_mode == 'approval' ? 'guest' : 'admin', 'username' => $username, 'email' => $email, 'password' => $password, 'password_check' => $password, 'check_reserved_name' => true, 'check_password_strength' => true, 'check_email_ban' => false, 'send_welcome_email' => isset($_POST['emailPassword']) || empty($password), 'require' => $register_mode, 'memberGroup' => (int) $group); define('mobi_register', 1); require_once $sourcedir . '/Subs-Members.php'; $memberID = registerMember($regOptions); if (!empty($memberID)) { $context['new_member'] = array('id' => $memberID, 'name' => $username, 'href' => $scripturl . '?action=profile;u=' . $memberID, 'link' => '<a href="' . $scripturl . '?action=profile;u=' . $memberID . '">' . $username . '</a>'); $context['registration_done'] = sprintf($txt['admin_register_done'], $context['new_member']['link']); //update profile if (isset($profile) && !empty($profile) && is_array($profile)) { $profile_vars = array('avatar' => $profile['avatar_url']); updateMemberData($memberID, $profile_vars); } return get_user_by_name_or_email($username, false); } return null; }
/** * @param bool $return_config * @return array config vars */ function addMenuButtonWithBoardsListAdminSettings($return_config = false) { global $txt, $scripturl, $context; loadLanguage('MenuButtonWithBoardsList/'); $context['page_title'] = $txt['menu_button_with_boards']; $context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=menu_button_with_boards'; $context['settings_message'] = ''; $config_vars = array(array('title', 'menu_button_with_boards_settings'), array('text', 'menu_button_with_boards_title'), array('text', 'menu_button_with_boards_cats', 'subtext' => $txt['menu_button_with_boards_cats_desc'])); if ($return_config) { return $config_vars; } if (isset($_GET['save'])) { checkSession(); saveDBSettings($config_vars); clean_cache(); redirectexit('action=admin;area=modsettings;sa=menu_button_with_boards'); } prepareDBSettingContext($config_vars); }
/** * Administration page in Posts and Topics > BBC. * * - This method handles displaying and changing which BBC tags are enabled on the forum. * * @uses Admin template, edit_bbc_settings sub-template. */ public function action_bbcSettings_display() { global $context, $txt, $modSettings, $scripturl; // Initialize the form $this->_initBBCSettingsForm(); $config_vars = $this->_bbcSettings->settings(); // Make sure a nifty javascript will enable/disable checkboxes, according to BBC globally set or not. addInlineJavascript(' toggleBBCDisabled(\'disabledBBC\', ' . (empty($modSettings['enableBBC']) ? 'true' : 'false') . ');', true); // We'll need this forprepare_db() and save_db() require_once SUBSDIR . '/SettingsForm.class.php'; // Make sure we check the right tags! $modSettings['bbc_disabled_disabledBBC'] = empty($modSettings['disabledBBC']) ? array() : explode(',', $modSettings['disabledBBC']); // Save page if (isset($_GET['save'])) { checkSession(); // Security: make a pass through all tags and fix them as necessary $bbcTags = array(); foreach (parse_bbc(false) as $tag) { $bbcTags[] = $tag['tag']; } if (!isset($_POST['disabledBBC_enabledTags'])) { $_POST['disabledBBC_enabledTags'] = array(); } elseif (!is_array($_POST['disabledBBC_enabledTags'])) { $_POST['disabledBBC_enabledTags'] = array($_POST['disabledBBC_enabledTags']); } // Work out what is actually disabled! $_POST['disabledBBC'] = implode(',', array_diff($bbcTags, $_POST['disabledBBC_enabledTags'])); // Notify addons and integrations call_integration_hook('integrate_save_bbc_settings', array($bbcTags)); // Save the result Settings_Form::save_db($config_vars); // And we're out of here! redirectexit('action=admin;area=postsettings;sa=bbc'); } // Make sure the template stuff is ready now... $context['sub_template'] = 'show_settings'; $context['page_title'] = $txt['manageposts_bbc_settings_title']; $context['post_url'] = $scripturl . '?action=admin;area=postsettings;save;sa=bbc'; $context['settings_title'] = $txt['manageposts_bbc_settings_title']; Settings_Form::prepare_db($config_vars); }
function pv_delete($memID) { global $smcFunc, $context, $user_info; checkSession('get'); if ($context['user']['is_owner'] && !allowedTo('pv_remove_own')) { isAllowedTo('pv_remove_any_any'); } elseif ($user_info['id'] == $member && !allowedTo('pv_remove_any_own')) { isAllowedTo('pv_remove_any_any'); } $member = !empty($_REQUEST['member']) ? (int) $_REQUEST['member'] : 0; if (empty($member)) { fatal_lang_error('pv_no_member', false); } $smcFunc['db_query']('', ' DELETE FROM {db_prefix}log_Maximum_visitors WHERE id_member = {int:member} AND id_profile = {int:profile} LIMIT 1', array('member' => $member, 'profile' => $memID)); redirectexit('action=profile;u=' . $memID . ';pv'); }
/** * Modify any setting related to drafts. * * - Requires the admin_forum permission. * - Accessed from ?action=admin;area=managedrafts * * @uses Admin template, edit_topic_settings sub-template. */ public function action_draftSettings_display() { global $context, $txt, $scripturl; isAllowedTo('admin_forum'); loadLanguage('Drafts'); // Initialize the form $this->_initDraftSettingsForm(); $config_vars = $this->_draftSettings->settings(); // Setup the template. $context['page_title'] = $txt['managedrafts_settings']; $context['sub_template'] = 'show_settings'; $context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['drafts'], 'help' => '', 'description' => $txt['managedrafts_settings_description']); // Saving them ? if (isset($_GET['save'])) { checkSession(); call_integration_hook('integrate_save_drafts_settings'); // Protect them from themselves. $_POST['drafts_autosave_frequency'] = $_POST['drafts_autosave_frequency'] < 30 ? 30 : $_POST['drafts_autosave_frequency']; Settings_Form::save_db($config_vars); redirectexit('action=admin;area=managedrafts'); } // Some javascript to enable / disable the frequency input box addInlineJavascript(' var autosave = document.getElementById(\'drafts_autosave_enabled\'); createEventListener(autosave); autosave.addEventListener(\'change\', toggle); toggle(); function toggle() { var select_elem = document.getElementById(\'drafts_autosave_frequency\'); select_elem.disabled = !autosave.checked; }', true); // Final settings... $context['post_url'] = $scripturl . '?action=admin;area=managedrafts;save'; $context['settings_title'] = $txt['managedrafts_settings']; // Prepare the settings... Settings_Form::prepare_db($config_vars); }
/** * This is the main dispatcher. Sets up all the available sub-actions, all the tabs and selects * the appropriate one based on the sub-action. * * What it does: * - Requires the admin_forum permission. * - Redirects to the appropriate function based on the sub-action. * * @uses edit_settings adminIndex. * @see Action_Controller::action_index() */ public function action_index() { global $context, $txt; // We're working with them settings here. require_once SUBSDIR . '/SettingsForm.class.php'; // The settings are in here, I swear! loadLanguage('ManageSettings'); // This is just to keep the database password more secure. isAllowedTo('admin_forum'); checkSession('request'); $subActions = array('general' => array($this, 'action_generalSettings_display', 'permission' => 'admin_forum'), 'database' => array($this, 'action_databaseSettings_display', 'permission' => 'admin_forum'), 'cookie' => array($this, 'action_cookieSettings_display', 'permission' => 'admin_forum'), 'cache' => array($this, 'action_cacheSettings_display', 'permission' => 'admin_forum'), 'loads' => array($this, 'action_balancingSettings_display', 'permission' => 'admin_forum'), 'phpinfo' => array($this, 'action_phpinfo', 'permission' => 'admin_forum')); $action = new Action('server_settings'); // Load up all the tabs... $context[$context['admin_menu_name']]['tab_data'] = array('title' => $txt['admin_server_settings'], 'help' => 'serversettings', 'description' => $txt['admin_basic_settings']); // By default we're editing the core settings, call integrate_sa_server_settings $subAction = $action->initialize($subActions, 'general'); // Last things for the template $context['sub_action'] = $subAction; $context['page_title'] = $txt['admin_server_settings']; $context['sub_template'] = 'show_settings'; // Any messages to speak of? $context['settings_message'] = isset($_REQUEST['msg']) && isset($txt[$_REQUEST['msg']]) ? $txt[$_REQUEST['msg']] : ''; // Warn the user if there's any relevant information regarding Settings.php. if ($subAction != 'cache') { // Warn the user if the backup of Settings.php failed. $settings_not_writable = !is_writable(BOARDDIR . '/Settings.php'); $settings_backup_fail = !@is_writable(BOARDDIR . '/Settings_bak.php') || !@copy(BOARDDIR . '/Settings.php', BOARDDIR . '/Settings_bak.php'); if ($settings_not_writable) { $context['settings_message'] = $txt['settings_not_writable']; $context['error_type'] = 'notice'; } elseif ($settings_backup_fail) { $context['settings_message'] = $txt['admin_backup_fail']; $context['error_type'] = 'notice'; } $context['settings_not_writable'] = $settings_not_writable; } // Call the right function for this sub-action. $action->dispatch($subAction); }
function processLogout() { if (!checkSession()) { return; } // Reset Session Values $_SESSION['adminAuth'] = ''; $_SESSION['adminTime'] = ''; // If session exists, unregister all variables that exist and destroy session $exists = false; $session_array = explode(";", session_encode()); for ($x = 0; $x < count($session_array); $x++) { $name = substr($session_array[$x], 0, strpos($session_array[$x], "|")); if (session_is_registered($name)) { session_unregister('$name'); $exists = true; } } if ($exists) { session_destroy(); } }
function ManageShoutbox_Settings2() { global $smcFunc, $smcFunc; checkSession(); $config = array('disable' => 'checkbox', 'startHide' => 'checkbox', 'backgroundColor' => 'text', 'textColor' => 'text', 'boxTitle' => 'text', 'refreshShouts' => 'text', 'startShouts' => 'text', 'keepShouts' => 'text', 'height' => 'text', 'printClass' => 'text', 'timeColor' => 'text', 'timeFormat' => 'text', 'maxMsgLenght' => 'text', 'minMsgLenght' => 'text', 'maxLinkLenght' => 'text', 'fixLongWords' => 'text', 'disableTags' => 'textarea', 'faces' => 'textarea', 'showActions' => 'textarea', 'out_main' => 'textarea', 'showform_down' => 'checkbox', 'showmsg_down' => 'checkbox'); foreach ($config as $s => $t) { if ($t == 'textarea' && isset($_POST[$s])) { $_POST[$s] = str_replace("\n", ',', str_replace(array("\r", "\t", "<br />"), '', $_POST[$s])); } if ($t == 'checkbox') { $v = !isset($_POST[$s]) ? 0 : 1; } else { $v = !isset($_POST[$s]) ? 0 : addslashes($smcFunc['htmlspecialchars']($smcFunc['htmltrim'](stripslashes($_POST[$s])), ENT_QUOTES)); } if (!empty($v)) { $smcFunc['db_insert']('replace', '{db_prefix}shoutbox_settings', array('variable' => 'string', 'value' => 'string'), array($s, $v), array('variable')); } else { $smcFunc['db_query']('', "\r\r\n\t\t\t\tDELETE FROM {db_prefix}shoutbox_settings\r\r\n\t\t\t\tWHERE variable = {string:value} LIMIT 1", array('value' => $s)); } } redirectexit('action=admin;area=shoutbox'); }
function GlobalHFCheckSaving() { if (isset($_POST['global_head'])) { checkSession(); global $smcFunc, $boarddir; $file_fields = array('global_head', 'global_header', 'global_footer'); foreach ($file_fields as $key => $value) { if (isset($_POST[$value])) { $_POST[$value] = $smcFunc['htmltrim']($smcFunc['htmlspecialchars']($_POST[$value], ENT_QUOTES)); file_put_contents($boarddir . '/smfhacks_resources/global-hf-' . str_replace('global_', '', $value) . '.txt', $_POST[$value]); } } $bbc_fields = array('global_header_bbc', 'global_footer_bbc'); foreach ($bbc_fields as $key => $value) { if (isset($_POST[$value])) { $_POST[$value] = (int) $_POST[$value]; $final_arr[$value] = $_POST[$value]; } } updateSettings($final_arr); redirectexit('action=admin;area=globalhf;success=saved'); } }
function ajaxchat_modifySettings($return_config = false) { global $txt, $scripturl, $context, $settings, $sc, $modSettings; $config_vars = array(array('check', 'enableShoutBox'), array('check', 'anyPageShoutBox'), array('check', 'enableChatButtonNo')); if ($return_config) { return $config_vars; } $context['post_url'] = $scripturl . '?action=admin;area=modsettings;save;sa=chat'; $context['settings_title'] = $txt['chat']; // No removing this line you, dirty unwashed mod authors. :p if (empty($config_vars)) { $context['settings_save_dont_show'] = true; $context['settings_message'] = '<div style="text-align: center">' . $txt['modification_no_misc_settings'] . '</div>'; return prepareDBSettingContext($config_vars); } // Saving? if (isset($_GET['save'])) { checkSession(); $save_vars = $config_vars; saveDBSettings($save_vars); redirectexit('action=admin;area=modsettings;sa=chat'); } prepareDBSettingContext($config_vars); }
<?php /* * Copyright (c) Codiad & Kent Safranski (codiad.com), distributed * as-is and without warranty under the MIT License. See * [root]/license.txt for more. This information must remain intact. */ require_once '../../config.php'; ////////////////////////////////////////////////////////////////// // Verify Session or Key ////////////////////////////////////////////////////////////////// checkSession();