function page_allowed($page, $param = '')
{
// This function determines whether the page passed as parameter $page should be
// displayed in the admin menu for the currently logged on user. After stripping
// any .php suffix, it looks up the page ID and if it doesn't find one, assumes
// that this is a new function (e.g. a 3rd party mod) and inserts the page into
// the admin_files table. Otherwise it checks whether the page is allowed for the
// currently logged on user. If so, it returns 'true'. If not (including for a new
// insertion) it returns 'false'.
global $db;
$page = strip_suffix($page, ".php");
if ($page == 'configuration') {
return check_page($page, $param);
}
$query = "select id from " . TABLE_ADMIN_FILES . " where page = '" . $page . "'";
$included = $db->Execute($query);
if ($included->fields['id'] == '') {
$sql = "insert into " . TABLE_ADMIN_FILES . " set page = '" . $page . "'";
$db->Execute($sql);
} else {
$who_allow = $db->Execute("select admin_id from " . TABLE_ADMIN_ALLOWED_PAGES . " where page_id = '" . $included->fields['id'] . "'");
while (!$who_allow->EOF) {
if ($who_allow->fields['admin_id'] == $_SESSION['admin_id']) {
return 'true';
}
$who_allow->MoveNext();
}
}
return 'false';
}
$smarty->display('banned.tpl');
session_destroy();
exit(1);
}
// Fix for Firefox.
header("Cache-Control: private");
$board_name = boards_check_name($_REQUEST['board']);
if ($board_name === FALSE) {
// Cleanup.
DataExchange::releaseResources();
display_error_page($smarty, kotoba_last_error());
exit(1);
}
$page = 1;
if (isset($_REQUEST['page'])) {
$page = check_page($_REQUEST['page']);
}
$password = NULL;
if (isset($_SESSION['password'])) {
$password = $_SESSION['password'];
}
$board = NULL;
$banners_board_id = NULL;
$posts_attachments = array();
$attachments = array();
$categories = categories_get_all();
$boards = boards_get_visible($_SESSION['user']);
make_category_boards_tree($categories, $boards);
// Конгломерат. Разкомментируйте и отредактируйте.
//array_push(
// $categories,
if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') {
if (substr(DIR_WS_ADMIN, -7) == '/admin/' || substr(DIR_WS_HTTPS_ADMIN, -7) == '/admin/') {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
$check_path = dirname($_SERVER['SCRIPT_FILENAME']) . '/../zc_install';
if (is_dir($check_path)) {
zen_redirect(zen_href_link(FILENAME_ALERT_PAGE));
}
}
}
if (basename($_SERVER['SCRIPT_FILENAME']) != FILENAME_ALERT_PAGE . '.php') {
if (strpos(strtolower($PHP_SELF), FILENAME_PASSWORD_FORGOTTEN . '.php') !== FALSE && substr_count(strtolower($PHP_SELF), '.php') > 1) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
if (!(basename($PHP_SELF) == FILENAME_LOGIN . ".php")) {
$page = basename($PHP_SELF, ".php");
if (!isset($_SESSION['admin_id'])) {
if (!(basename($PHP_SELF) == FILENAME_PASSWORD_FORGOTTEN . '.php')) {
zen_redirect(zen_href_link(FILENAME_LOGIN, 'camefrom=' . basename($PHP_SELF) . '&' . zen_get_all_get_params(), 'SSL'));
}
}
if (!in_array($page, array(FILENAME_DEFAULT, FILENAME_ADMIN_ACCOUNT, FILENAME_LOGOFF, FILENAME_ALERT_PAGE, FILENAME_PASSWORD_FORGOTTEN, FILENAME_DENIED, FILENAME_ALT_NAV)) && !zen_is_superuser()) {
if (check_page($page, $_GET) == FALSE) {
zen_redirect(zen_href_link(FILENAME_DENIED, '', 'SSL'));
}
}
}
if (basename($PHP_SELF) == FILENAME_LOGIN . '.php' && (substr_count(dirname($PHP_SELF), '//') > 0 || substr_count(dirname($PHP_SELF), '.php') > 0)) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
<?php require_once "database.php"; require_once "models/functions.php"; $link = db_connect(); $page_count = 5; //количество переключателей страниц (нечетное!) $page_length = 10; //количество статей на странице $total_pages = total_pages($link, $page_length); //всего сформировано страниц $page = check_page($_GET['page'], $total_pages); $list_news = news_page($link, $page, $page_length); include "views/all_news.php";
<?php
/**
* @package admin
* @copyright Copyright kuroi web design 2006-2007
* @copyright Portions Copyright 2003 osCommerce
* @license http://www.zen-cart.com/license/2_0.txt GNU Public License V2.0
* @version $Id: init_admin_auth.php - amended for Admin Profiles 2007-04-30 by kuroi
*/
if (!defined('IS_ADMIN_FLAG')) {
die('Illegal Access');
}
if (!(basename($PHP_SELF) == FILENAME_LOGIN . ".php")) {
$page = basename($PHP_SELF, ".php");
if ($page != FILENAME_DEFAULT && $page != FILENAME_PRODUCT && $page != FILENAME_LOGOFF && $page != FILENAME_ALT_NAV && $page != FILENAME_PASSWORD_FORGOTTEN && $page != 'denied') {
if (check_page($page) == 'false') {
header("location: denied.php");
}
}
if (!isset($_SESSION['admin_id'])) {
if (!(basename($PHP_SELF) == FILENAME_PASSWORD_FORGOTTEN . '.php')) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
}
}
if (basename($PHP_SELF) == FILENAME_LOGIN . '.php' and (substr_count(dirname($PHP_SELF), '//') > 0 or substr_count(dirname($PHP_SELF), '.php') > 0)) {
zen_redirect(zen_href_link(FILENAME_LOGIN, '', 'SSL'));
}
function getBlock($block, $page)
{
if (preg_match("/\\?/", $_SERVER["REQUEST_URI"]) > 0) {
preg_match("/\\/([^\\/\\?]*\\??[^\\?]*)\$/", $_SERVER["REQUEST_URI"], $matches);
} else {
preg_match("/\\/([^\\/]*)\$/", $_SERVER["REQUEST_URI"], $matches);
}
if (check_page($matches[1])) {
die("<p style='line-height:1.4em; text-align:center; padding-top:10px;'>このページを閲覧するための権限がありません。<br /><a href=" . zen_href_link(FILENAME_DEFAULT, '', 'NONSSL') . ">管理画面トップ</a>に戻って下さい。</p>");
}
global $template;
$return = false;
//クラスメソッドが存在する場合処理(クラス, メソッド)
if (method_exists($this, $block)) {
$module = $this->code;
extract($this->{$block}());
$block_module = $this;
ob_start();
require DIR_FS_CATALOG . $this->_getTemplateDir($block . '.php', $page, 'templates') . '/' . $block . '.php';
$content = ob_get_contents();
ob_end_clean();
if ($content != '') {
ob_start();
require DIR_FS_CATALOG . $this->_getTemplateDir('tpl_block.php', $page, 'common') . '/tpl_block.php';
$return = ob_get_contents();
ob_end_clean();
}
}
return $return;
}
// Make category-boards tree for navigation panel.
foreach ($categories as &$c) {
$c['boards'] = array();
foreach ($boards as $b) {
if ($b['category'] == $c['id'] && !in_array($b['name'], Config::$INVISIBLE_BOARDS)) {
array_push($c['boards'], $b);
}
}
}
// Check input parameters.
if (isset($_REQUEST['search'])) {
$search = $_REQUEST['search'];
}
$page = 1;
if (isset($search['page'])) {
$page = check_page($search['page']);
}
$posts_per_page = 10;
// Count of posts per page.
$pages = array();
$keyword = '';
$posts_html = '';
// Do search.
if (isset($_REQUEST['search'])) {
// Check input parameters.
if (!isset($search['keyword']) || mb_strlen($search['keyword'], Config::MB_ENCODING) < 4) {
// Cleanup
DataExchange::releaseResources();
display_error_page($smarty, new SearchKeywordError());
exit(1);
}
while (!$counter->EOF) {
$counter_startdate = $counter->fields['startdate'];
$counter_startdate_formatted = strftime(DATE_FORMAT_SHORT, mktime(0, 0, 0, substr($counter_startdate, 4, 2), substr($counter_startdate, -2), substr($counter_startdate, 0, 4)));
echo ' <div class="row"><span class="left">' . $counter_startdate_formatted . '</span><span class="rigth"> ' . $counter->fields['session_counter'] . ' - ' . $counter->fields['counter'] . '</span> </div>' . "\n";
$counter->MoveNext();
}
?>
</div>
<?php
}
?>
</div>
<div id="colthree">
<?php
if (zen_is_superuser() || check_page(FILENAME_ORDERS, array())) {
?>
<div class="reportBox">
<div class="header"><?php
echo BOX_ENTRY_NEW_ORDERS;
?>
</div>
<?php
$orders = $db->Execute("select o.orders_id as orders_id, o.customers_name as customers_name, o.customers_id, o.date_purchased as date_purchased, o.currency, o.currency_value, ot.class, ot.text as order_total from " . TABLE_ORDERS . " o left join " . TABLE_ORDERS_TOTAL . " ot on (o.orders_id = ot.orders_id and class = 'ot_total') order by orders_id DESC limit 20");
while (!$orders->EOF) {
// COWOA+ check for full account status
$COWOA_query = "select COWOA_account from " . TABLE_CUSTOMERS . " WHERE customers_id = " . $orders->fields['customers_id'] . " limit 1;";
$COWOA_result = $db->Execute($COWOA_query);
echo ' <div class="row"><span class="left"><a href="' . zen_href_link(FILENAME_ORDERS, 'oID=' . $orders->fields['orders_id'] . '&origin=' . FILENAME_DEFAULT, 'NONSSL') . '" class="contentlink"> ' . $orders->fields['customers_name'] . '</a></span><span class="center">' . $orders->fields['order_total'] . '</span><span class="rigth">' . "\n";
echo zen_date_short($orders->fields['date_purchased']);
// COWOA+
$smarty->assign('reason', $ban['reason']);
$smarty->display('banned.tpl');
session_destroy();
exit(1);
}
// Check permission and write message to log file.
if (!is_admin()) {
// Cleanup.
DataExchange::releaseResources();
display_error_page($smarty, new NotAdminError());
exit(1);
}
call_user_func(Logging::$f['REPORTS_USE']);
$page = 1;
if (isset($_GET['page'])) {
$page = check_page($_GET['page']);
}
$page_max = 1;
$prev_filter_board = '';
if (isset($_POST['prev_filter_board'])) {
if ($_POST['prev_filter_board'] == 'all') {
$prev_filter_board = 'all';
} else {
$prev_filter_board = boards_check_id($_POST['prev_filter_board']);
}
}
$boards = boards_get_all();
$reported_posts = array();
$smarty->assign('show_control', is_admin() || is_mod());
$smarty->assign('boards', $boards);
$smarty->assign('is_admin', is_admin());