$user_err .= $BL['be_admin_usr_err3'] . "\n";
}
if (!is_valid_email($new_email) && $send_verification) {
$user_err .= $BL['be_admin_usr_err4'] . "\n";
}
if (empty($user_err)) {
//Insert new User
$sql = "INSERT INTO " . DB_PREPEND . "phpwcms_user (usr_login, usr_pass, usr_email, " . "usr_admin, usr_aktiv, usr_name, usr_wysiwyg, usr_fe ) VALUES ('" . aporeplace($new_login) . "', '" . aporeplace(md5(makeCharsetConversion($new_password, PHPWCMS_CHARSET, 'utf-8'))) . "', '" . aporeplace($new_email) . "', '" . $set_user_admin . "', '" . $set_user_aktiv . "', '" . aporeplace($new_name) . "', 1, '" . $set_user_fe . "')";
if (mysql_query($sql, $db) or die('error while creating new user')) {
$new_user_id = mysql_insert_id($db);
$user_ok = 1;
if ($send_verification) {
$emailbody = str_replace('{LOGIN}', $new_login, $BL['be_admin_usr_mailbody']);
$emailbody = str_replace('{PASSWORD}', $new_password, $emailbody);
$emailbody = str_replace('{SITE}', PHPWCMS_URL, $emailbody);
$emailbody = str_replace('{LOGIN_PAGE}', PHPWCMS_URL . get_login_file(), $emailbody);
sendEmail(array('recipient' => $new_email, 'toName' => $new_name, 'subject' => $BL['be_admin_usr_mailsubject'], 'isHTML' => 0, 'text' => $emailbody, 'from' => $phpwcms["admin_email"], 'sender' => $phpwcms["admin_email"]));
}
}
}
}
if (empty($user_ok)) {
?>
<form action="phpwcms.php?do=admin&s=1" method="post" name="edituser"><table border="0" cellpadding="0" cellspacing="0" summary="">
<tr>
<td colspan="2"><table border="0" cellpadding="0" cellspacing="0" summary="">
<tr>
<td><img src="img/usricon/usr_add.gif" alt="" width="19" height="16"></td>
<td class="title"> <?php
echo $BL['be_admin_usr_title'];
?>
function checkLogin($mode = 'REDIRECT')
{
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_in=0, logged_change='" . time() . "' ";
$sql .= "WHERE logged_in=1 AND (" . time() . "-logged_change) > " . intval($GLOBALS['phpwcms']["max_time"]);
_dbQuery($sql, 'UPDATE');
checkLoginCount();
if (empty($_SESSION["wcs_user"])) {
@session_destroy();
$ref_url = '';
if (!empty($_SERVER['QUERY_STRING'])) {
$ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING']));
}
if ($mode == 'REDIRECT') {
// check again if user was logged in and this is a valid redirect request
$sql = 'SELECT COUNT(*) FROM ' . DB_PREPEND . 'phpwcms_userlog WHERE ';
$sql .= "logged_ip=" . _dbEscape(getRemoteIP()) . " AND ";
$sql .= '( ' . time() . ' - logged_change ) < 3600';
$ref_url = _dbCount($sql) > 0 ? get_login_file() . $ref_url : '';
headerRedirect(PHPWCMS_URL . $ref_url);
} else {
return false;
}
}
return true;
}
// check how the content should be rendered based on pagelayout render value
$block["layout"] = intval($block["layout"]);
$sql = "SELECT pagelayout_var FROM " . DB_PREPEND . "phpwcms_pagelayout WHERE pagelayout_trash=0 ";
$sql .= $block["layout"] ? "AND pagelayout_id=" . $block["layout"] : "ORDER BY pagelayout_default DESC";
$sql .= " LIMIT 1";
$result = _dbQuery($sql);
if (isset($result[0]['pagelayout_var'])) {
$pagelayout = @unserialize($result[0]['pagelayout_var']);
// if print action
if ($aktion[2] === 1) {
$pagelayout = array('layout_title' => $pagelayout['layout_title'], 'layout_customblocks' => $pagelayout['layout_customblocks'], 'layout_noborder' => $pagelayout['layout_noborder']);
}
}
if (empty($pagelayout)) {
// if no pagelayout could be found
die('There is no pagelayout available. Please <a href="' . PHPWCMS_URL . get_login_file() . '">login</a> to the admin section and <a href="' . PHPWCMS_URL . 'phpwcms.php?do=admin&p=8">create one here</a>!');
}
// Pagetitle
if (empty($pagelayout["layout_title"])) {
$content["pagetitle"] = '';
} else {
$content["pagetitle"] = $pagelayout["layout_title"];
$content['opengraph']['title'] = $pagelayout["layout_title"];
}
//generate the colspan attribute
$colspan = get_colspan($pagelayout);
// now initialize content blocks like CONTENT, HEADER, LEFT, RIGHT, FOOTER
$content['main'] = '';
// {CONTENT}
$content['CB']['LEFT'] = '';
// {LEFT}
function logout_user($reason = '', $type = '')
{
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
$sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
_dbQuery($sql, 'UPDATE');
$_SESSION = array();
@session_destroy();
$login_url = PHPWCMS_URL . get_login_file();
$get_parameter = array();
if ($reason) {
$get_parameter[] = 'reason=' . rawurlencode($reason);
}
if ($type) {
$get_parameter[] = 'type=' . rawurlencode($type);
}
if (count($get_parameter)) {
$login_url .= '?' . implode('&', $get_parameter);
}
headerRedirect($login_url, 401);
}
<td colspan="3"><img src="../img/leer.gif" alt="" width="1" height="7" /></td>
</tr>
<tr bgcolor="#FFFFFF">
<td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><img src="../img/backend/backend_r3_c1.jpg" alt="" width="15" height="40" /></td>
<td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><table width="740" border="0" cellpadding="0" cellspacing="0" summary="">
<tr>
<td colspan="2"><img src="../img/leer.gif" alt="" width="1" height="9" /></td>
</tr>
<tr>
<td valign="top" class="navtext">PHPWCMS UPGRADE VERSION <?php
echo $phpwcms['release'] . ', RELEASE ' . $phpwcms['release_date'];
?>
</td>
<td align="right" valign="top" class="navtext"><a href="../index.php" target="_top">HOME</a> |
<a href="setup.php">SETUP</a> | <a href="index.php" target="_top">LICENCE</a> | <a href="<?php
echo PHPWCMS_URL . get_login_file();
?>
" target="_top">LOGIN</a></td>
</tr>
</table></td>
<td valign="top" style="background-image:url(../img/backend/backend_r3_c4.jpg); background-repeat:repeat-x; "><img src="../img/backend/backend_r3_c7.jpg" alt="" width="15" height="40" /></td>
</tr>
<tr bgcolor="#FFFFFF">
<td width="15" bgcolor="#FFFFFF" style="background-image:url(../img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;"><img src="../img/leer.gif" alt="" width="15" height="1" /></td>
<td valign="top" bgcolor="#FFFFFF"><table width="100%" border="0" cellpadding="0" cellspacing="0" style="border:1px dotted #7599BB;" summary="">
<tr>
<td colspan="4"><img src="../img/leer.gif" alt="" width="1" height="6" /></td>
</tr>
<tr>
<td width="6" rowspan="10"><img src="../img/leer.gif" alt="" width="6" height="1" /></td>
<td align="right" class="chatlist"> system: </td>
break;
case "create_detail":
include PHPWCMS_ROOT . '/include/inc_lib/profile.create.inc.php';
break;
}
}
$subnav .= subnavtext($BL['be_subnav_profile_login'], "phpwcms.php?do=profile", $p, "", 0);
$subnav .= subnavtext($BL['be_subnav_profile_personal'], "phpwcms.php?do=profile&p=1", $p, "1", 0);
break;
case "logout":
//Logout
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET logged_change=" . _dbEscape(time()) . ", logged_in=0 ";
$sql .= "WHERE logged_user="******"wcs_user"]) . " AND logged_in=1";
_dbQuery($sql, 'UPDATE');
session_destroy();
headerRedirect(PHPWCMS_URL . get_login_file());
break;
case "admin":
//Admin
if (!empty($_SESSION["wcs_user_admin"])) {
include PHPWCMS_ROOT . '/include/inc_lib/admin.functions.inc.php';
$subnav .= subnavtext($BL['be_subnav_admin_sitestructure'], "phpwcms.php?do=admin&p=6", $p, "6", 0);
$subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
$subnav .= subnavtext($BL['be_subnav_admin_pagelayout'], "phpwcms.php?do=admin&p=8", $p, "8", 0);
$subnav .= subnavtext($BL['be_subnav_admin_templates'], "phpwcms.php?do=admin&p=11", $p, "11", 0);
if (!empty($phpwcms['enable_deprecated'])) {
$subnav .= subnavtext($BL['be_subnav_admin_css'], "phpwcms.php?do=admin&p=10", $p, "10", 0);
}
$subnav .= '<tr><td colspan="2"><img src="img/leer.gif" height="5" width="1" alt="" /></td></tr>' . "\n";
$subnav .= subnavtext($BL['be_subnav_admin_users'], "phpwcms.php?do=admin", $p, "", 0);
if (!empty($phpwcms['usergroup_support'])) {
$sql .= "WHERE logged_in = 1 AND ( " . time() . " - logged_change ) > " . intval($phpwcms["max_time"]);
mysql_query($sql, $db);
if (!empty($_SESSION["wcs_user"])) {
$sql = "SELECT COUNT(*) FROM " . DB_PREPEND . "phpwcms_userlog ";
$sql .= "WHERE logged_user="******"wcs_user"]) . " AND ";
$sql .= "logged_in=1";
if (!empty($phpwcms['Login_IPcheck'])) {
$sql .= " AND logged_ip=" . _dbEscape(getRemoteIP());
}
if ($check = mysql_query($sql, $db)) {
if ($row = mysql_fetch_row($check)) {
if ($row[0] == 0) {
unset($_SESSION["wcs_user"]);
} else {
$sql = "UPDATE " . DB_PREPEND . "phpwcms_userlog SET ";
$sql .= "logged_change=" . time() . " WHERE ";
$sql .= "logged_user="******"wcs_user"]) . " AND logged_in=1";
mysql_query($sql, $db);
}
mysql_free_result($check);
}
}
}
if (empty($_SESSION["wcs_user"])) {
@session_destroy();
$ref_url = '';
if (!empty($_SERVER['QUERY_STRING'])) {
$ref_url = '?ref=' . rawurlencode(PHPWCMS_URL . 'phpwcms.php?' . xss_clean($_SERVER['QUERY_STRING']));
}
headerRedirect(PHPWCMS_URL . get_login_file() . $ref_url);
}
