echo 'Unable to delete file';
}
} else {
echo 'File does not exist';
}
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'backuprestore') {
checkacl('restoreb');
include $config['path'] . '/includes/backuprestore.php';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'logout') {
session_unset();
session_destroy();
logevent('User ' . $_SESSION['user'] . ' logged out', 'activity');
header('Location: index.php');
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'runbackup' && isset($_REQUEST['id']) && is_md5($_REQUEST['id'])) {
checkacl('backnow');
logevent('User ' . $_SESSION['user'] . ' ran backup job manually', 'activity');
//making sure backup job is not terminated
ignore_user_abort(true);
set_time_limit(0);
echo 'Backup task has been started, please do not close this window <pre>';
echo shell_exec(escapeshellcmd('php ' . $config['path'] . '/cron.php ' . $_REQUEST['id']));
echo '</pre>';
} elseif (isset($_REQUEST['action']) && $_REQUEST['action'] == 'activitylogs') {
checkacl('alog');
$smarty->display($config['path'] . '/templates/header.tpl');
echo '<h4>Activity Logs</h4>';
$activitylogs = json_decode(file_get_contents($config['path'] . '/db/db-activitylog.json'), true);
$activitylogs = array_reverse($activitylogs);
echo '<table class="table table-bordered table-striped">';
echo '<tr><th>Data</th><th>Time</th><th>IP</th></tr>';
foreach ($activitylogs as $i => $log) {
@mysql_close($link);
exit;
} elseif (isset($killbutton)) {
$result = mysql_query("SELECT email FROM users WHERE id={$id}", $link);
if (mysql_numrows($result) == 1) {
list($email) = mysql_result($result, 0);
$arr = explode(",", $email);
for ($i = 0; $i < count($arr); $i++) {
$result = mysql_query("DELETE FROM mail WHERE rcpt='" . addslashes($arr[$i]) . "'", $link);
}
}
$result = mysql_query("SELECT login FROM users WHERE id={$id}", $link);
$login = mysql_result($result, 0, "login");
$result = mysql_query("DELETE FROM site WHERE u_id={$id}", $link);
$result = mysql_query("DELETE FROM users WHERE id={$id}", $link);
logevent("Удалил пользователя {$login}:{$id}.");
Header("Location: index.php");
@mysql_close($link);
exit;
}
// if ( false ) {
// Header("Location: index.php");
// @mysql_close($link);
// exit;
// }
// else {
// if (isset($loginhidden)) {$login=$loginhidden;};
// $result = mysql_query("SELECT * FROM users WHERE id=$id", $link);
// if ( mysql_numrows($result) == "0" )
// {
// echo "$loginhidden not found";
$cipher = new Crypt_AES(CRYPT_AES_MODE_ECB);
$cipher->setKey($backupjob['encryptionkey']);
file_put_contents($config['path'] . '/files/' . $argv[1] . '.decrypted', $cipher->decrypt(file_get_contents($config['path'] . '/files/' . $argv[1])));
echo 'Transferring the file' . PHP_EOL;
echo $sftp->put($argv[1], $config['path'] . '/files/' . $argv[1] . '.decrypted', NET_SFTP_LOCAL_FILE);
unlink($config['path'] . '/files/' . $argv[1] . '.decrypted');
} else {
echo 'Transferring the file' . PHP_EOL;
echo $sftp->put($argv[1], $config['path'] . '/files/' . $argv[1], NET_SFTP_LOCAL_FILE);
}
$ctid = explode('vzdump-', trim($argv[1]));
$ctid = explode('.tgz', $ctid[1]);
echo $ssh->exec(escapeshellcmd('vzctl stop ' . $ctid[0]));
echo $ssh->exec(escapeshellcmd('vzctl destroy ' . $ctid[0]));
if (strpos($verifyproxmox, 'pve') !== false) {
echo 'ProxMox detected, using vzrestore' . PHP_EOL;
echo $ssh->exec(escapeshellcmd('vzrestore /' . $argv[1] . ' ' . $ctid[0]));
} else {
echo 'Standard OpenVZ detected, using vzdump restore' . PHP_EOL;
echo $ssh->exec(escapeshellcmd('vzdump --restore /' . $argv[1] . ' ' . $ctid[0]));
}
echo $ssh->exec(escapeshellcmd('vzctl start ' . $ctid[0]));
echo $ssh->exec(escapeshellcmd('rm -f /' . $argv[1]));
} elseif ($backupjob['type'] == 'cpanel') {
echo 'CDP.me does not support automatic cPanel backup restores at this moment, however you may download and restore the backup manually.' . PHP_EOL;
} else {
die('Backup type not found');
}
echo 'Success! Backup restored.' . PHP_EOL;
logevent('User restored backup', 'activity');
}
$backups[count($backups)] = array('id' => $backupjob['id'], 'file' => $filename, 'size' => filesize($config['path'] . '/files/' . $filename), 'time' => $cpstarttime);
file_put_contents($config['path'] . '/db/db-backups.json', json_encode($backups));
} else {
$log .= 'Backup failed';
exitcron();
}
} else {
$log .= 'Backup type not valid' . PHP_EOL;
exitcron();
}
$timetaken = time() - $starttime;
$log .= 'Backup completed in ' . $timetaken . ' seconds.' . PHP_EOL;
if (isset($backupjob['expiry'])) {
$backups = json_decode(file_get_contents($config['path'] . '/db/db-backups.json'), true);
$log .= 'Processing backup auto-delete' . PHP_EOL;
$expirecutofftime = time() - 86400 * $backupjob['expiry'];
foreach ($backups as $backupkey => $backup) {
if ($backup['id'] == $backupjob['id'] && $backup['time'] < $expirecutofftime) {
if (file_exists($config['path'] . '/files/' . $backup['file']) && unlink($config['path'] . '/files/' . $backup['file'])) {
unset($backups[$backupkey]);
$log .= 'Successfully removed ' . $backup['file'] . PHP_EOL;
} else {
$log .= 'Error removing ' . $backup['file'] . PHP_EOL;
}
}
}
file_put_contents($config['path'] . '/db/db-backups.json', json_encode($backups));
}
logevent('Backup for ' . $backupserver['host'] . ' completed.', 'backup');
exitcron();
} elseif ($type == "edit") {
# ------------- Нажата кнопка "Сохранить" ----------------
if (isset($savebutton)) {
$login = stripslashes(trim($_GET['nick']));
$group = addslashes(stripslashes(trim($_GET['group'])));
$loginhidden = addslashes(stripslashes(trim($_GET['loginhidden'])));
# ------{ критичный кусок: необходимы проверки, как при создании пользователя
$result = mysql_query("UPDATE admins SET descr='" . addslashes($descr) . "', login='******' WHERE login='******'", $link);
logevent("modify SA {$login}, {$descr})");
Header("Location: index.php?type=edit&login={$login}");
@mysql_close($link);
exit;
# ------конец критичного куска }
} elseif (isset($deletebutton)) {
$result = mysql_query("DELETE FROM admins WHERE login='******'", $link);
logevent("delete SA {$login}");
Header("Location: index.php");
@mysql_close($link);
exit;
}
if (false) {
Header("Location: index.php");
@mysql_close($link);
exit;
} else {
$result = mysql_query("SELECT * FROM {$group} WHERE login='******'", $link);
if (mysql_numrows($result) == 0) {
Header("Location: index.php");
@mysql_close($link);
exit;
}
// de-registers users for the event
$sql = 'DELETE FROM lookup_users_events
WHERE eventID = :eventID';
$s = $pdo->prepare($sql);
$s->bindValue(':eventID', $_POST['id']);
$s->execute();
// removes duty roster items for this event
$sql = 'DELETE FROM duty_roster
WHERE eventID = :eventID';
$s = $pdo->prepare($sql);
$s->bindValue(':eventID', $_POST['id']);
$s->execute();
// delete the event
$sql = 'DELETE FROM events
WHERE id = :id';
$s = $pdo->prepare($sql);
$s->bindValue(':id', $_POST['id']);
$s->execute();
logevent($user_info['id'], $_POST['id'], 'deleted event');
// display confirmation
$title = "Event Deleted";
$longdesc = 'You have successfully deleted an event, de-registered users
from that event, and deleted all duty roster items for that event.';
include '/home/simpleco/demo2/app/pages_eventadmin/confirmation.inc.html.php';
exit;
}
/*
* ----------------------------------------------------------------------------- DEFAULT
*/
header("Location: ." . '?view_events');
exit;
exit;
}
/*
* checks to see if user has required role
*/
if (!userHasRole(6)) {
$title = 'Unauthorized User';
$longdesc = "You do not have permission to access this part of the site.";
include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
exit;
}
/*
* responds to logout attempt
*/
if (isset($_GET['logout'])) {
logevent($user_info['id'], NULL, 'logout');
unset($_SESSION['loggedIn']);
unset($_SESSION['email']);
unset($_SESSION['password']);
$longdesc = "You are now logged out.";
include $siteroot . 'demo2/app/pages_storeadmin/confirmation.inc.html.php';
exit;
}
/*
* --------------------------------------------------------------------
* |
* store |
* |
* --------------------------------------------------------------------
*/
// view items
$title = 'Please Log In';
$longdesc = "You need to log in to comment on an event.";
include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php';
exit;
}
}
// get the user's id from the email stored in session
$userID = userID($_SESSION['email']);
// get the event id from the post data
$eventID = $_POST['id'];
// sanitize the comment
$comment = html($_POST['comment']);
// create the comment
shoutboxComment($eventID, $userID, $comment);
// log the action
logevent($userID, $eventID, 'created comment');
// display confirmation
$title = "Comment Added";
$longdesc = "Your comment was successfully created.";
include $siteroot . 'demo2/app/pages_public/confirmation.inc.html.php';
exit;
}
//////////////////////////////////////////////////////////////////////////
// con store
//////////////////////////////////////////////////////////////////////////
// show store
if (isset($_GET['constore'])) {
$sql = 'SELECT * FROM store_categories';
$s = $pdo->query($sql);
$categories = $s->fetchall(PDO::FETCH_ASSOC);
include $siteroot . 'demo2/app/pages_public/store.inc.html.php';
if (!isset($_REQUEST['encryptionkey'])) {
$_REQUEST['encryptionkey'] = null;
}
$backupjobs[count($backupjobs)] = array('id' => $id, 'source' => $_REQUEST['source'], 'directory' => $_REQUEST['directory'], 'expiry' => $_REQUEST['expiry'], 'encryption' => $_REQUEST['encryption'], 'encryptionkey' => $_REQUEST['encryptionkey'], 'type' => $_REQUEST['type']);
file_put_contents($config['path'] . '/db/db-backupjobs.json', json_encode($backupjobs));
logevent('User ' . $_SESSION['user'] . ' added backup job', 'activity');
header('Location: index.php?action=backupjobs&created=true&id=' . $id);
} elseif ($_REQUEST['backupjob'] == 'remove' && isset($_REQUEST['id'])) {
checkacl('deljob');
foreach ($backupjobs as $key => $backupjob) {
if ($backupjob['id'] == $_REQUEST['id']) {
unset($backupjobs[$key]);
}
}
file_put_contents($config['path'] . '/db/db-backupjobs.json', json_encode($backupjobs));
logevent('User ' . $_SESSION['user'] . ' removed backup job', 'activity');
header('Location: index.php?action=backupjobs');
}
} else {
$fileservers = array();
$sqlservers = array();
$cpanelservers = array();
foreach ($backupservers as $backupserver) {
if ($backupserver['authtype'] == 'password' || $backupserver['authtype'] == 'key') {
$fileservers[count($fileservers)] = $backupserver;
} elseif ($backupserver['authtype'] == 'mysql') {
$sqlservers[count($sqlservers)] = $backupserver;
} elseif ($backupserver['authtype'] == 'cpanel') {
$cpanelservers[count($cpanelservers)] = $backupserver;
}
}
// email admin a backup
if (isset($_POST['action']) and $_POST['action'] == 'backup') {
// create a backup of the mysql database
backupDatabase();
// zip up the csv files
$source = $siteroot . 'public_html/demo2/temp/';
$destination = $siteroot . 'public_html/demo2/temp/backup.zip';
Zip($source, $destination);
// email the backup file
$address = "*****@*****.**";
$subject = "Database Backup";
$body = 'A backup of the convention database is attached to this email.';
$attachment = $siteroot . 'public_html/demo2/temp/backup.zip';
require $siteroot . 'demo2/app/includes_php/send_mail.php';
// get the user id and log the event
logevent($user_info['id'], NULL, 'created backup');
// delete the local backup files
deleteBackup();
// display confirmation
$title = "Backup Complete";
$longdesc = 'A backup file has been sent.';
include $siteroot . 'demo2/app/pages_admin/confirmation.inc.html.php';
exit;
}
//////////////////////////////////////////////////////////////////////////
// advertising
//////////////////////////////////////////////////////////////////////////
// show advertising page
if (isset($_GET['advertising'])) {
$sql = 'SELECT ads_on
FROM static_con_info';
$users[$userkey]['password'] = md5($_REQUEST['password']);
}
}
}
file_put_contents($config['path'] . '/db/db-users.json', json_encode($users));
logevent('User ' . $_SESSION['user'] . ' edited user ' . $_REQUEST['username'], 'activity');
header('Location: index.php?action=users');
} elseif ($_REQUEST['users'] == 'remove' && isset($_REQUEST['id'])) {
checkacl('deluser');
foreach ($users as $userkey => $user) {
if ($user['id'] == $_REQUEST['id']) {
unset($users[$userkey]);
}
}
file_put_contents($config['path'] . '/db/db-users.json', json_encode($users));
logevent('User ' . $_SESSION['user'] . ' removed user', 'activity');
header('Location: index.php?action=users');
}
} else {
$smarty->assign('users', $users);
$smarty->assign('acls', $acls);
if (isset($_REQUEST['id']) && is_array($users)) {
foreach ($users as $user) {
if ($user['id'] == $_REQUEST['id']) {
$smarty->assign('userdetails', $user);
}
}
}
$smarty->display($config['path'] . '/templates/header.tpl');
$smarty->display($config['path'] . '/templates/users.tpl');
$smarty->display($config['path'] . '/templates/footer.tpl');
}
if (isset($userdetails['2fo']) && $userdetails['2fo'] == 'true') {
if (!isset($_POST['2fokey'])) {
$_POST['2fokey'] = 0;
}
require $config['path'] . '/libs/googleauthenticator/GoogleAuthenticator.php';
$ga = new PHPGangsta_GoogleAuthenticator();
if (!$ga->verifyCode($userdetails['2fokey'], $_POST['2fokey'], 2)) {
header('Location: index.php?login=failed&2fofail');
die;
}
}
foreach ($acls as $acl) {
if ($acl['id'] == $user['acl']) {
$_SESSION['acl'] = $acl['perms'];
}
}
$_SESSION['user'] = $_POST['username'];
$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['time'] = time();
logevent('User ' . $_SESSION['user'] . ' logged in', 'activity');
header('Location: index.php');
die;
} else {
header('Location: index.php?login=failed&fail');
}
} else {
$smarty->display($config['path'] . '/templates/header.tpl');
$smarty->display($config['path'] . '/templates/login.tpl');
$smarty->display($config['path'] . '/templates/footer.tpl');
}
if ($acl['id'] == $_REQUEST['aclid']) {
$acls[$aclkey] = array('id' => $_REQUEST['aclid'], 'perms' => $_REQUEST['perms'], 'name' => trim($_REQUEST['name']));
}
}
file_put_contents($config['path'] . '/db/db-acl.json', json_encode($acls));
logevent('User ' . $_SESSION['user'] . ' edited ACL ' . $_REQUEST['aclid'], 'activity');
header('Location: index.php?action=useracl');
} elseif ($_REQUEST['acl'] == 'remove' && isset($_REQUEST['id'])) {
checkacl('delacl');
foreach ($acls as $aclkey => $acl) {
if ($acl['id'] == $_REQUEST['id']) {
unset($acls[$aclkey]);
}
}
file_put_contents($config['path'] . '/db/db-acl.json', json_encode($acls));
logevent('User ' . $_SESSION['user'] . ' removed ACL ' . $_REQUEST['id'], 'activity');
header('Location: index.php?action=useracl');
}
} else {
$smarty->assign('acls', $acls);
$smarty->assign('aclarray', $aclarray);
if (isset($_REQUEST['id']) && is_array($acls)) {
foreach ($acls as $acl) {
if ($acl['id'] == $_REQUEST['id']) {
$smarty->assign('acldetails', $acl);
}
}
}
$smarty->display($config['path'] . '/templates/header.tpl');
$smarty->display($config['path'] . '/templates/useracl.tpl');
$smarty->display($config['path'] . '/templates/footer.tpl');
