Example #1
0
<?php

// for compatibility with older plugins, include functions that have been factored out of admin_functions.php
$libDir = pathinfo(__FILE__, PATHINFO_DIRNAME);
require_once "{$libDir}/login_functions.php";
// require HTTPS
if (@$SETTINGS['advanced']['requireHTTPS'] && !isHTTPS()) {
    $httpsUrl = preg_replace('/^http:/i', 'https:', thisPageUrl());
    die(sprintf(t("Secure HTTP login required: %s"), "<a href='{$httpsUrl}'>{$httpsUrl}</a>"));
}
// restrict IP access
if (@$SETTINGS['advanced']['restrictByIP'] && !isIpAllowed()) {
    die(sprintf(t("Access is not permitted from your IP address (%s)"), $_SERVER['REMOTE_ADDR']));
}
// install or upgrade if needed
installIfNeeded();
upgradeIfNeeded();
// register if needed
# NOTE: Disabling or modifying licensing or registration code violates your license agreement and is willful copyright infringement.
# NOTE: Copyright infringement can be very expensive: http://en.wikipedia.org/wiki/Statutory_damages_for_copyright_infringement
# NOTE: Please do not steal our software.
registerIfNeeded();
// set current user or show login menu
function adminLoginMenu()
{
    global $CURRENT_USER;
    // login menu actions
    $action = @$_REQUEST['action'];
    if ($action == 'logoff') {
        user_logoff();
        exit;
Example #2
0
}
// Build the array options for the HTML renderer to get the nice file numbering
$rendOptions = array('numbers' => $options['HTML_TABLE_view_source_numbers'], 'tabsize' => $options['HTML_TABLE_view_source_tabsize']);
// Finish parser object creation
$renderer = new Text_Highlighter_Renderer_Html($rendOptions);
$phpHighlighter = Text_Highlighter::factory('PHP');
$phpHighlighter->setRenderer($renderer);
// Now start output, header
$header = str_replace('<title>PEAR::PHP_Debug</title>', '<title>PEAR::PHP_Debug::View_Source::' . $_GET['file'] . '</title>', $options['HTML_TABLE_simple_header']);
echo $header;
echo '
    <link rel="stylesheet" type="text/css" media="screen" href="' . $view_source_options['CSS_ROOT'] . '/view_source.css" />
  </head>
  <body>
';
// Security check
if (isPathAllowed($_GET['file']) && isIpAllowed()) {
    if (file_exists($_GET['file'])) {
        echo '<div>
            <span class="hl-title">' . (get_magic_quotes_gpc() ? stripslashes($_GET['file']) : $_GET['file']) . '
            </span>
        </div>';
        echo $phpHighlighter->highlight(file_get_contents(get_magic_quotes_gpc() ? stripslashes($_GET['file']) : $_GET['file']));
    } else {
        echo '<h2>File does not exists</h2>';
    }
} else {
    echo '<h1>Sorry, your are not allowed to access this path</h1>';
}
// Footer
echo $options['HTML_TABLE_simple_footer'];
Example #3
0
function admin_saveSettings($savePagePath)
{
    global $SETTINGS, $APP;
    // error checking
    clearAlertsAndNotices();
    // so previous alerts won't prevent saving of admin options
    // security checks
    security_dieUnlessPostForm();
    security_dieUnlessInternalReferer();
    security_dieOnInvalidCsrfToken();
    //
    disableInDemoMode('settings', $savePagePath);
    # license error checking
    if (array_key_exists('licenseProductId', $_REQUEST)) {
        if (!isValidProductId($_REQUEST['licenseProductId'])) {
            alert("Invalid Product License ID!");
        } else {
            if ($SETTINGS['licenseProductId'] != $_REQUEST['licenseProductId']) {
                $SETTINGS['licenseCompanyName'] = $_REQUEST['licenseCompanyName'];
                // update settings
                $SETTINGS['licenseDomainName'] = $_REQUEST['licenseDomainName'];
                // ...
                $SETTINGS['licenseProductId'] = $_REQUEST['licenseProductId'];
                // ...
                $isValid = register();
                // validate productId (and save new settings)
                if (!$isValid) {
                    redirectBrowserToURL('?menu=admin', true);
                    exit;
                }
            }
        }
    }
    # program url / adminUrl
    if (array_key_exists('adminUrl', $_REQUEST)) {
        if (!preg_match('/^http/i', $_REQUEST['adminUrl'])) {
            alert("Program URL must start with http:// or https://<br/>\n");
        }
        if (preg_match('/\\?/i', $_REQUEST['adminUrl'])) {
            alert("Program URL can not contain a ?<br/>\n");
        }
    }
    # webPrefixUrl - v2.53
    if (@$_REQUEST['webPrefixUrl'] != '') {
        if (!preg_match("|^(\\w+:/)?/|", $_REQUEST['webPrefixUrl'])) {
            alert(t("Website Prefix URL must start with /") . "<br/>\n");
        }
        if (preg_match("|/\$|", $_REQUEST['webPrefixUrl'])) {
            alert(t("Website Prefix URL cannot end with /") . "<br/>\n");
        }
    }
    # upload url/dir
    if (array_key_exists('uploadDir', $_REQUEST)) {
        #    if      (!preg_match('/\/$/',      $_REQUEST['uploadDir'])) { alert("Upload Directory must end with a slash! (eg: /www/htdocs/uploads/)<br/>\n"); }
    }
    if (array_key_exists('uploadUrl', $_REQUEST)) {
        #    if      (preg_match('/^\w+:\/\//', $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must be the web path only without a domain (eg: /uploads/)<br/>\n"); }
        #    else if (!preg_match('/^\//',      $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must start with a slash! (eg: /uploads/)<br/>\n"); }
        #    if      (!preg_match('/\/$/',      $_REQUEST['uploadUrl'])) { alert("Upload Folder Url must end with a slash! (eg: /uploads/)<br/>\n"); }
        $_REQUEST['uploadUrl'] = chop($_REQUEST['uploadUrl'], '\\\\/');
        // remove trailing slashes
    }
    # admin email
    if (array_key_exists('adminEmail', $_REQUEST) && !isValidEmail($_REQUEST['adminEmail'])) {
        alert("Admin Email must be a valid email (example: user@example.com)<br/>\n");
    }
    // error checking - require HTTPS
    if (@$_REQUEST['requireHTTPS'] && !isHTTPS()) {
        alert("Require HTTPS: You must be logged in with a secure HTTPS url to set this option!<br/>\n");
    }
    // error checking - require HTTPS
    if (@$_REQUEST['restrictByIP'] && !isIpAllowed(true, @$_REQUEST['restrictByIP_allowed'])) {
        alert(t("Restrict IP Access: You current IP address must be in the allowed IP list!") . "<br/>\n");
    }
    // error checking - session values
    $sessionErrors = getCustomSessionErrors(@$_REQUEST['session_cookie_domain'], @$_REQUEST['session_save_path']);
    if ($sessionErrors) {
        alert($sessionErrors);
    }
    # show errors
    if (alert()) {
        showInterface('admin/general.php');
        exit;
    }
    ### update global settings
    $globalSettings =& $SETTINGS;
    foreach (array_keys($globalSettings) as $key) {
        if (array_key_exists($key, $_REQUEST)) {
            $globalSettings[$key] = $_REQUEST[$key];
        }
    }
    # update subsection settings
    $subsections = array('advanced', 'wysiwyg');
    foreach ($subsections as $subsection) {
        $sectionSettings =& $SETTINGS[$subsection];
        foreach (array_keys($sectionSettings) as $key) {
            if (array_key_exists($key, $_REQUEST)) {
                $sectionSettings[$key] = $_REQUEST[$key];
            }
        }
    }
    # save to file
    saveSettings();
    # return to admin home
    notice('Settings have been saved.');
    showInterface($savePagePath);
}