// not for directly open if (!defined('IN_ADMIN')) { exit; } #turn time-limit off @set_time_limit(0); #get current case $case = false; if (isset($_GET['case'])) { $case = htmlspecialchars($_GET['case']); } #set form ket $GET_FORM_KEY = kleeja_add_form_key_get('REPAIR_FORM_KEY'); //check _GET Csrf token if ($case && in_array($case, array('clearc', 'sync_files', 'sync_images', 'sync_users', 'tables', 'sync_sizes', 'status_file'))) { if (!kleeja_check_form_key_get('REPAIR_FORM_KEY')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH), 2); } } switch ($case) { default: # Get real number from database right now $all_files = get_actual_stats('files'); $all_images = get_actual_stats('imgs'); $all_users = get_actual_stats('users'); $all_sizes = Customfile_size(get_actual_stats('sizes')); #links $del_cache_link = basename(ADMIN_PATH) . '?cp=r_repair&case=clearc&' . $GET_FORM_KEY; $resync_files_link = $config['siteurl'] . 'go.php?go=resync&case=sync_files'; $resync_images_link = $config['siteurl'] . 'go.php?go=resync&case=sync_images'; $resync_users_link = basename(ADMIN_PATH) . '?cp=r_repair&case=sync_users&' . $GET_FORM_KEY;
kleeja_admin_info(sprintf($lang['STYLE_NOW_IS_DEFAULT'], htmlspecialchars($style_id)), true, '', true, basename(ADMIN_PATH) . '?cp=' . (isset($_REQUEST['home']) ? 'start' : basename(__FILE__, '.php'))); break; } } break; case 'style_orders': //style id .. $style_id = str_replace('..', '', htmlspecialchars($_GET['style_id'])); $redirect_to = basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&style_choose=' . $style_id . '&method=1'; if (empty($_GET['tpl_choose'])) { #redirect($redirect_to); } //edit or del tpl if (isset($_GET['tpl_choose']) && !empty($_GET['tpl_choose']) && isset($_GET['style_id']) && isset($_GET['method'])) { //check _GET Csrf token if (!kleeja_check_form_key_get('adm_style_del_edit')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $redirect_to, 2); } //tpl name $tpl_name = str_replace('..', '', htmlspecialchars($_GET['tpl_choose'])); $tpl_path = PATH . 'styles/' . $style_id . '/' . $tpl_name; $d_style_path = PATH . 'styles/' . $style_id; if (!file_exists($tpl_path)) { $text = sprintf($lang['TPL_PATH_NOT_FOUND'], $tpl_path); $_GET['method'] = 0; } else { if (!is_writable($d_style_path)) { $text = sprintf($lang['STYLE_DIR_NOT_WR'], $d_style_path); $_GET['method'] = 0; } }
$xexts .= ($xexts == '' ? '' : ',') . "('" . $SQL->escape($row['ext']) . "', 3, " . $row['user_size'] . ")"; } } $SQL->free($result); #delete prev exts before adding $query_del = array('DELETE' => "{$dbprefix}groups_exts", 'WHERE' => 'group_id=2 OR group_id=3'); $SQL->build($query_del); $SQL->query("INSERT INTO {$dbprefix}groups_exts (ext, group_id, size) VALUES " . $xexts . ";"); add_config('exts_upraded1_5', 'done'); } } #delete ext? $DELETED_EXT = $GE_INFO = false; if (isset($_GET['del'])) { //check _GET Csrf token if (!kleeja_check_form_key_get('adm_users')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, $action, 2); } $req_ext = isset($_GET['del']) ? intval($_GET['del']) : 0; if (!$req_ext) { kleeja_admin_err('ERROR-NO-EXT-ID', true, '', true, $action, 2); } $query_del = array('DELETE' => "{$dbprefix}groups_exts", 'WHERE' => 'ext_id=' . $req_ext); $SQL->build($query_del); #done $DELETED_EXT = $GE_INFO = 2; delete_cache('data_groups'); } #add ext? $ADDED_EXT = false; if (isset($_POST['newext'])) {
if (preg_match('!changes_of_[a-z0-9]+.zip!', $file)) { $changes_files[] = array('file' => $file, 'path' => basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&do_plg=1&m=6&fn=' . str_replace(array('changes_of_', '.zip'), '', $file) . '&' . $GET_FORM_KEY); } } @closedir($dh); } $cache->save('__changes_files__', $changes_files); } $is_there_changes_files = empty($changes_files) ? false : true; //after submit } else { $plg_id = intval($_GET['do_plg']); //check _GET Csrf token //remember to add token at every m=? request ! if ((int) $_GET['m'] != 6 && (int) $_GET['m'] != 4) { if (!kleeja_check_form_key_get('adm_plugins')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php'), 2); } } //handle all m=? switch ($_GET['m']) { case '1': // disable the plguin // disable the plguin case '2': //enable it $action = (int) $_GET['m'] == 1 ? 1 : 0; //check if there is style require this plugin if ($action == 1) { if (($style_info = kleeja_style_info($config['style'])) != false) { $plugins_required = array_map('trim', explode(',', $style_info['plugins_required']));
exit; } //update in 5 steps so we can reduce the load and knows errors when they occurs $v = @unserialize($config['new_version']); if (!version_compare(strtolower(KLEEJA_VERSION), strtolower($v['version_number']), '<')) { //kleeja_admin_err($lang['U_LAST_VER_KLJ']); } #security vars $H_FORM_KEYS = kleeja_add_form_key('adm_aupdate'); $GET_FORM_KEY = kleeja_add_form_key_get('adm_aupdate'); $current_step = isset($_GET['astep']) ? preg_match('![a-z0-9_]!i', trim($_GET['astep'])) ? trim($_GET['astep']) : 'general' : 'general'; $action = basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php') . '&astep=' . $current_step; if ($current_step != 'general') { //check _GET Csrf token //remember to add token at every m=? request ! if (!kleeja_check_form_key_get('adm_aupdate')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH) . '?cp=' . basename(__FILE__, '.php'), 2); } } include PATH . 'includes/update.php'; //for style .. $stylee = 'admin_aupdate'; //$action = basename(ADMIN_PATH) . '?cp=' . basename(__file__, '.php') .'&sty_t=style_orders'; //class $ups = new kupdate(); $is_ftp_supported = $ups->is_ftp_supported; $ftp_info = array('host', 'user', 'pass', 'path', 'port'); if (!empty($config['ftp_info'])) { $ftp_info = @unserialize($config['ftp_info']); } else { //todo : make sure to figure this from OS, and some other things
<?php /** * * @package adm * @version $Id: logout.php 2236 2013-11-30 10:07:23Z saanina $ * @copyright (c) 2007 Kleeja.com * @license http://www.kleeja.com/license * */ // not for directly open if (!defined('IN_ADMIN')) { exit; } //check _GET Csrf token if (!kleeja_check_form_key_get('GLOBAL_FORM_KEY')) { kleeja_admin_err($lang['INVALID_GET_KEY'], true, $lang['ERROR'], true, basename(ADMIN_PATH), 2); } //remove just the administator session if ($usrcp->logout_cp()) { redirect($config['siteurl']); $SQL->close(); exit; }