$user_err .= $BL['be_admin_usr_err3'] . "\n"; } if (!is_valid_email($new_email) && $send_verification) { $user_err .= $BL['be_admin_usr_err4'] . "\n"; } if (empty($user_err)) { //Insert new User $sql = "INSERT INTO " . DB_PREPEND . "phpwcms_user (usr_login, usr_pass, usr_email, " . "usr_admin, usr_aktiv, usr_name, usr_wysiwyg, usr_fe ) VALUES ('" . aporeplace($new_login) . "', '" . aporeplace(md5(makeCharsetConversion($new_password, PHPWCMS_CHARSET, 'utf-8'))) . "', '" . aporeplace($new_email) . "', '" . $set_user_admin . "', '" . $set_user_aktiv . "', '" . aporeplace($new_name) . "', 1, '" . $set_user_fe . "')"; if (mysql_query($sql, $db) or die('error while creating new user')) { $new_user_id = mysql_insert_id($db); $user_ok = 1; if ($send_verification) { $emailbody = str_replace('{LOGIN}', $new_login, $BL['be_admin_usr_mailbody']); $emailbody = str_replace('{PASSWORD}', $new_password, $emailbody); $emailbody = str_replace('{SITE}', PHPWCMS_URL, $emailbody); $emailbody = str_replace('{LOGIN_PAGE}', PHPWCMS_URL . get_login_file(), $emailbody); sendEmail(array('recipient' => $new_email, 'toName' => $new_name, 'subject' => $BL['be_admin_usr_mailsubject'], 'isHTML' => 0, 'text' => $emailbody, 'from' => $phpwcms["admin_email"], 'sender' => $phpwcms["admin_email"])); } } } } if (empty($user_ok)) { ?> <form action="phpwcms.php?do=admin&s=1" method="post" name="edituser"><table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><table border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td><img src="img/usricon/usr_add.gif" alt="" width="19" height="16"></td> <td class="title"> <?php echo $BL['be_admin_usr_title']; ?>
function checkLogin($mode = 'REDIRECT') { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' "; $sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]); _dbQuery($sql, 'UPDATE'); checkLoginCount(); if (empty($_SESSION["wcs_user"])) { @session_destroy(); $ref_url = ''; if (!empty($_SERVER['QUERY_STRING'])) { $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING'])); } if ($mode == 'REDIRECT') { // check again if user was logged in and this is a valid redirect request $sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE '; $sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND "; $sql .= '( ' . time() . ' - logged_change ) < 3600'; $ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : ''; headerRedirect(PHPWCMS_URL . $ref_url); } else { return false; } } return true; }
// check how the content should be rendered based on pagelayout render value $block["layout"] = intval($block["layout"]); $sql = "SELECT pagelayout_var FROM " . DB_PREPEND . "phpwcms_pagelayout WHERE pagelayout_trash=0 "; $sql .= $block["layout"] ? "AND pagelayout_id=" . $block["layout"] : "ORDER BY pagelayout_default DESC"; $sql .= " LIMIT 1"; $result = _dbQuery($sql); if (isset($result[0]['pagelayout_var'])) { $pagelayout = @unserialize($result[0]['pagelayout_var']); // if print action if ($aktion[2] === 1) { $pagelayout = array('layout_title' => $pagelayout['layout_title'], 'layout_customblocks' => $pagelayout['layout_customblocks'], 'layout_noborder' => $pagelayout['layout_noborder']); } } if (empty($pagelayout)) { // if no pagelayout could be found die('There is no pagelayout available. Please <a href="' . PHPWCMS_URL . get_login_file() . '">login</a> to the admin section and <a href="' . PHPWCMS_URL . 'phpwcms.php?do=admin&p=8">create one here</a>!'); } // Pagetitle if (empty($pagelayout["layout_title"])) { $content["pagetitle"] = ''; } else { $content["pagetitle"] = $pagelayout["layout_title"]; $content['opengraph']['title'] = $pagelayout["layout_title"]; } //generate the colspan attribute $colspan = get_colspan($pagelayout); // now initialize content blocks like CONTENT, HEADER, LEFT, RIGHT, FOOTER $content['main'] = ''; // {CONTENT} $content['CB']['LEFT'] = ''; // {LEFT}
function logout_user($reason = '', $type = '') { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 "; $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1"; _dbQuery($sql, 'UPDATE'); $_SESSION = array(); @session_destroy(); $login_url = PHPWCMS_URL . get_login_file(); $get_parameter = array(); if ($reason) { $get_parameter[] = 'reason=' . rawurlencode($reason); } if ($type) { $get_parameter[] = 'type=' . rawurlencode($type); } if (count($get_parameter)) { $login_url .= '?' . implode('&', $get_parameter); } headerRedirect($login_url, 401); }
<td colspan="3"><img src="../img/leer.gif" alt="" width="1" height="7" /></td> </tr> <tr bgcolor="#FFFFFF"> <td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><img src="../img/backend/backend_r3_c1.jpg" alt="" width="15" height="40" /></td> <td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><table width="740" border="0" cellpadding="0" cellspacing="0" summary=""> <tr> <td colspan="2"><img src="../img/leer.gif" alt="" width="1" height="9" /></td> </tr> <tr> <td valign="top" class="navtext">PHPWCMS UPGRADE VERSION <?php echo $phpwcms['release'] . ', RELEASE ' . $phpwcms['release_date']; ?> </td> <td align="right" valign="top" class="navtext"><a href="../index.php" target="_top">HOME</a> | <a href="setup.php">SETUP</a> | <a href="index.php" target="_top">LICENCE</a> | <a href="<?php echo PHPWCMS_URL . get_login_file(); ?> " target="_top">LOGIN</a></td> </tr> </table></td> <td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><img src="../img/backend/backend_r3_c7.jpg" alt="" width="15" height="40" /></td> </tr> <tr bgcolor="#FFFFFF"> <td width="15" bgcolor="#FFFFFF" style="background-image:url(../img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;"><img src="../img/leer.gif" alt="" width="15" height="1" /></td> <td valign="top" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="0" style="border:1px dotted #7599BB;" summary=""> <tr> <td colspan="4"><img src="../img/leer.gif" alt="" width="1" height="6" /></td> </tr> <tr> <td width="6" rowspan="10"><img src="../img/leer.gif" alt="" width="6" height="1" /></td> <td align="right" class="chatlist"> system: </td>
break; case "create_detail": include PHPWCMS_ROOT . '/include/inc_lib/profile.create.inc.php'; break; } } $subnav .= subnavtext($BL['be_subnav_profile_login'], "phpwcms.php?do=profile", $p, "", 0); $subnav .= subnavtext($BL['be_subnav_profile_personal'], "phpwcms.php?do=profile&p=1", $p, "1", 0); break; case "logout": //Logout $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 "; $sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1"; _dbQuery($sql, 'UPDATE'); session_destroy(); headerRedirect(PHPWCMS_URL . get_login_file()); break; case "admin": //Admin if (!empty($_SESSION["wcs_user_admin"])) { include PHPWCMS_ROOT . '/include/inc_lib/admin.functions.inc.php'; $subnav .= subnavtext($BL['be_subnav_admin_sitestructure'], "phpwcms.php?do=admin&p=6", $p, "6", 0); $subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n"; $subnav .= subnavtext($BL['be_subnav_admin_pagelayout'], "phpwcms.php?do=admin&p=8", $p, "8", 0); $subnav .= subnavtext($BL['be_subnav_admin_templates'], "phpwcms.php?do=admin&p=11", $p, "11", 0); if (!empty($phpwcms['enable_deprecated'])) { $subnav .= subnavtext($BL['be_subnav_admin_css'], "phpwcms.php?do=admin&p=10", $p, "10", 0); } $subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n"; $subnav .= subnavtext($BL['be_subnav_admin_users'], "phpwcms.php?do=admin", $p, "", 0); if (!empty($phpwcms['usergroup_support'])) {
$sql .= "WHERE logged_in = 1 AND ( " . time() . " - logged_change ) > " . intval($phpwcms["max_time"]); mysql_query($sql, $db); if (!empty($_SESSION["wcs_user"])) { $sql = "SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog "; $sql .= "WHERE logged_user="******"wcs_user"]) . " AND "; $sql .= "logged_in=1"; if (!empty($phpwcms['Login_IPcheck'])) { $sql .= " AND logged_ip=" . _dbEscape(getRemoteIP()); } if ($check = mysql_query($sql, $db)) { if ($row = mysql_fetch_row($check)) { if ($row[0] == 0) { unset($_SESSION["wcs_user"]); } else { $sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET "; $sql .= "logged_change=" . time() . " WHERE "; $sql .= "logged_user="******"wcs_user"]) . " AND logged_in=1"; mysql_query($sql, $db); } mysql_free_result($check); } } } if (empty($_SESSION["wcs_user"])) { @session_destroy(); $ref_url = ''; if (!empty($_SERVER['QUERY_STRING'])) { $ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING'])); } headerRedirect(PHPWCMS_URL . get_login_file() . $ref_url); }