<?php 
// TODO: call edit_area_compressor.php only from the combiner: combine.inc.php when constructing the edit_area.js file for the first time.
?>
		<script type="text/javascript">


function confirmation()
{
	var answer = <?php 
echo strpos($cfg['verify_alert'], 'X') !== false ? 'confirm("' . $ccms['lang']['editor']['confirmclose'] . '")' : 'true';
?>
;
	if(answer)
	{
		return !close_mochaUI_window_or_goto_url("<?php 
echo makeAbsoluteURI($cfg['rootdir'] . 'admin/index.php');
?>
", 'sys-tmp_ccms');
	}
	return false;
}


<?php 
$js_files = array($cfg['rootdir'] . 'lib/includes/js/the_goto_guy.js', $cfg['rootdir'] . 'lib/includes/js/mootools-core.js,mootools-more.js');
if ($cfg['USE_JS_DEVELOPMENT_SOURCES']) {
    $js_files[] = $cfg['rootdir'] . 'lib/includes/js/edit_area/edit_area_ccms.js';
} else {
    $js_files[] = $cfg['rootdir'] . 'lib/includes/js/edit_area/edit_area_ccms.js';
}
/*
                    $ownership[$pageID] = '';
                }
                $ownership[$pageID] .= '||' . $userID;
                // add user; we'll trim leading '||' in phase 2
            }
            // blow away the old ownership set for ALL PAGES: we need to do this as the form will only send us those owners who are ASSIGNED (not the ones we REMOVED)
            $values = array();
            $values['user_ids'] = MySQL::SQLValue('', MySQL::SQLVALUE_TEXT);
            if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values)) {
                throw new FbX($db->MyDyingMessage());
            }
            // now update page ownership in the database (phase #2); order doesn't matter
            foreach ($ownership as $page_id => $users) {
                $users = ltrim($users, '|');
                $values = array();
                $values['user_ids'] = MySQL::SQLValue($users, MySQL::SQLVALUE_TEXT);
                if (!$db->UpdateRow($cfg['db_prefix'] . 'pages', $values, array('page_id' => MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER)))) {
                    throw new FbX($db->MyDyingMessage());
                }
            }
            header('Location: ' . makeAbsoluteURI('./content-owners.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['success'])));
            exit;
        } else {
            throw new FbX($ccms['lang']['auth']['featnotallowed']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
Example #3
0
 public function croak_json($info_arr)
 {
     $err = array();
     if (!empty(self::$feedback_url)) {
         $q = self::$url_query_data;
         if (!empty($q)) {
             $q .= '&';
         }
         $extraq = $this->extra_url_query_data;
         if (!empty($extraq)) {
             $extraq .= '&';
         }
         $err['feedback_url'] = makeAbsoluteURI(self::$feedback_url . '?' . $q . $extraq);
     } else {
         // if we get here, this exception class hasn't been set up according to requirements. Barf a hairball.
         $err['hairball'] = __CLASS__ . ": feedback URL missing - a programmer error. INTERNAL ERROR. Happened when reporting the nested exception.";
     }
     if (!empty($info_arr)) {
         $err['info'] = $info_arr;
     }
     $err['message'] = $this->getMessage();
     $err['code'] = $this->getCode();
     $err['file'] = $this->getFile();
     $err['line'] = $this->getLine();
     echo json_encode(array('error' => $err));
     exit;
 }
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !empty($_POST) && checkAuth()) {
    FbX::SetFeedbackLocation("permissions.Manage.php");
    try {
        // (!) Only administrators can change these values
        if ($_SESSION['ccms_userLevel'] >= 4) {
            // Execute UPDATE
            $values = array();
            // [i_a] make sure $values is an empty array to start with here
            foreach ($_POST as $key => $value) {
                $key = filterParam4IdOrNumber($key);
                $setting = filterParam4Number($value);
                if (empty($key) || empty($setting) && $value !== "0") {
                    throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
                }
                $perm->set($key, $value);
            }
            if ($perm->SavePermissions($db, $cfg['db_prefix'], false)) {
                header('Location: ' . makeAbsoluteURI('permissions.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
                exit;
            } else {
                throw new FbX($db->MyDyingMessage());
            }
        } else {
            throw new FbX($ccms['lang']['auth']['featnotallowed']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
        if ($perm->is_level_okay('manageUsers', $_SESSION['ccms_userLevel'])) {
            $total = isset($_POST['userID']) ? count($_POST['userID']) : 0;
            if ($total == 0) {
                throw new FbX($ccms['lang']['system']['error_selection']);
            }
            // Delete details from the database
            $i = 0;
            foreach ($_POST['userID'] as $user_num) {
                $user_num = filterParam4Number($user_num);
                $values = array();
                // [i_a] make sure $values is an empty array to start with here
                $values['userID'] = MySQL::SQLValue($user_num, MySQL::SQLVALUE_NUMBER);
                $result = $db->DeleteRows($cfg['db_prefix'] . 'users', $values);
                $i++;
            }
            // Check for errors
            if ($result && $i == $total) {
                header('Location: ' . makeAbsoluteURI('user-management.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['fullremoved'])));
                exit;
            } else {
                throw new FbX($db->MyDyingMessage());
            }
        } else {
            throw new FbX($ccms['lang']['auth']['featnotallowed']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__, "do_action={$do_action}, checkAuth=" . 1 * checkAuth());
Example #6
0
        }
        die_and_goto_url(null, $logmsg);
    }
    // Unset all of the session variables.
    $_SESSION = array();
    // Destroy session
    if (ini_get('session.use_cookies')) {
        $params = session_get_cookie_params();
        if (!empty($params['ccms_userID'])) {
            setcookie(session_name(), '', time() - 42000, $params['path'], $params['domain'], $params['secure'], $params['httponly']);
        }
    }
    // Generate a new session_id
    session_regenerate_id();
    // Finally, destroy the session.
    if (session_destroy()) {
        header('Location: ' . makeAbsoluteURI($loc));
        exit;
    }
    if (empty($_SESSION['ccms_userID'])) {
        header('Location: ' . makeAbsoluteURI($loc));
        exit;
    }
}
/*
-----------------------------------------------------------------

Further setup/init work for the entire admin section of the site:

-----------------------------------------------------------------
*/
 try {
     if (!empty($page_id)) {
         FbX::SetFeedbackLocation('comment.Manage.php', 'page_id=' . $page_id);
         // Only if current user has the rights
         if ($perm->is_level_okay('manageModComment', $_SESSION['ccms_userLevel'])) {
             $showMessage = getPOSTparam4Number('messages');
             $showLocale = getPOSTparam4IdOrNumber('locale');
             if (!empty($showMessage) && !empty($showLocale)) {
                 $values = array();
                 // [i_a] make sure $values is an empty array to start with here
                 $values['page_id'] = MySQL::SQLValue($page_id, MySQL::SQLVALUE_NUMBER);
                 $values['showMessage'] = MySQL::SQLValue($showMessage, MySQL::SQLVALUE_NUMBER);
                 $values['showLocale'] = MySQL::SQLValue($showLocale, MySQL::SQLVALUE_TEXT);
                 // Insert or update configuration
                 if ($db->AutoInsertUpdate($cfg['db_prefix'] . 'cfgcomment', $values, array('cfgID' => MySQL::BuildSQLValue($cfgID)))) {
                     header('Location: ' . makeAbsoluteURI('comment.Manage.php?page_id=' . $page_id . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved'])));
                     exit;
                 } else {
                     throw new FbX($db->MyDyingMessage());
                 }
             } else {
                 throw new FbX($ccms['lang']['system']['error_forged'] . ' (' . __FILE__ . ', ' . __LINE__ . ')');
             }
         } else {
             throw new FbX($ccms['lang']['auth']['featnotallowed']);
         }
     } else {
         throw new FbX($ccms['lang']['auth']['featnotallowed']);
     }
 } catch (CcmsAjaxFbException $e) {
     $e->croak();
            $fd = @fopen($sqldumpfile, 'w');
            if (!$fd) {
                throw new FbX($ccms['lang']['system']['error_openfile'] . ": " . $sqldumpfile);
            } else {
                $out = fwrite($fd, $sqldump);
                if (!$out) {
                    throw new FbX($ccms['lang']['system']['error_write'] . ": " . $sqldumpfile);
                }
                fclose($fd);
            }
        }
        // else: error has already been registered before, no sweat, mate!
        // and remove the progress info file:
        @unlink($progressfile);
        $msg = $ccms['lang']['backend']['newfilecreated'] . ', <a href="media/files/' . $backupName . '">' . strtolower($ccms['lang']['backup']['download']) . '</a>.';
        echo json_encode(array('url' => makeAbsoluteURI('./backup-restore.Manage.php?status=notice&msg=' . rawurlencode($msg))));
        exit;
    } catch (CcmsAjaxFbException $e) {
        if ($fd) {
            fclose($fd);
        }
        if (!empty($progressfile)) {
            @unlink($progressfile);
        }
        $e->croak_json();
    }
}
/**
 * Report the progress on the current backup in JSON format.
 */
if ($do_action == 'report_backup_progress') {
                            case 'png':
                                //imagepng($tmp_t, $thumbnail, 9);
                                $t = $dest . '/_thumbs/' . basename($f, pathinfo($f, PATHINFO_EXTENSION)) . '.jpg';
                                // could be done as pathinfo($f, PATHINFO_FILENAME), but that's for PHP 5.2+ only!
                                @unlink($t);
                                imagejpeg($tmp_t, $thumbnail, THUMBNAIL_JPEG_QUALITY);
                                break;
                            case 'gif':
                                imagegif($tmp_t, $thumbnail);
                                break;
                            default:
                                break;
                        }
                        imagedestroy($tmp_t);
                        imagedestroy($src);
                    }
                }
                header('Location: ' . makeAbsoluteURI('lightbox.Manage.php?page_id=' . $page_id . '&album=' . $album_name . '&status=notice&msg=' . rawurlencode($ccms['lang']['backend']['fullregenerated'])));
                exit;
            } else {
                throw new FbX($ccms['lang']['auth']['featnotallowed']);
            }
        } else {
            throw new FbX($ccms['lang']['system']['error_forged']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__);
Example #10
0
The real redirect-when-we're-not-the-top-page-itself magicking happens in the jump_if_not_top() function. jump_if_not_top2() is
here to make sure we invoke it only when it is actually available.

This means that EVERY admin page MUST load 'the_goto_guy.js', whether they use it themselves or not: the unlying code may decide
the session is invalid and go through here, where availability is required for suitable action.
*/
?>
function jump_if_not_top2()
{
	if (typeof window.jump_if_not_top == 'function')
	{
		//alert('invoking jump_if_not_top');
		window.jump_if_not_top("<?php 
echo $_SERVER['PHP_SELF'];
?>
", "<?php 
echo makeAbsoluteURI($_SERVER['PHP_SELF']);
?>
");
	}
}

jump_if_not_top2();

</script>
<script type="text/javascript" src="<?php 
echo $cfg['rootdir'];
?>
lib/includes/js/the_goto_guy.js?cb=jump_if_not_top2" charset="utf-8"></script>
</body>
</html>
Example #11
0
        //
        $logmsg = 'INTERNAL ERROR!';
    } else {
        // Set system wide session variables for the 'switched user', but keep track of the existing (admin) user so that we can 'switch back' properly later on!
        $_SESSION['ccms_isSwitchedUser'] = $_SESSION['ccms_userID'] . ':' . $_SESSION['ccms_userLevel'] . ':' . $_SESSION['ccms_userName'];
        $_SESSION['ccms_userID'] = $row['userID'];
        $_SESSION['ccms_userName'] = $row['userName'];
        $_SESSION['ccms_userFirst'] = $row['userFirst'];
        $_SESSION['ccms_userLast'] = $row['userLast'];
        $_SESSION['ccms_userLevel'] = $row['userLevel'];
        // [i_a] fix for session faking/hijack security issue:
        // Setting safety variables as well: used for checkAuth() during the session.
        SetAuthSafety();
        unset($logmsg);
        // Return functions result
        header('Location: ' . makeAbsoluteURI($cfg['rootdir'] . 'admin/index.php'));
        exit;
    }
    die_and_goto_url(null, $logmsg);
}
/*
 * Clear the server-side caches: pages, browscap, combiner/log dumps, etc.
 */
if ($do_action == 'clearcaches' && $_SERVER['REQUEST_METHOD'] == 'GET' && checkAuth()) {
    function recrmdir4cc($dir, $clean_all, $level)
    {
        $count = 0;
        if (is_dir($dir)) {
            $objects = scandir($dir);
            foreach ($objects as $object) {
                if ($object != "." && $object != "..") {
Example #12
0
        }
    }
}
// Start session
check_session_sidpatch_and_start();
// Load MySQL Class and initiate connection
/*MARKER*/
require_once BASE_PATH . '/lib/class/mysql.class.php';
// Load generic functions
/*MARKER*/
require_once BASE_PATH . '/lib/includes/common.inc.php';
// Check first whether installation directory exists
$cfg['install_dir_exists'] = is_dir(BASE_PATH . '/_install/') && is_file(BASE_PATH . '/_install/index.php');
$cfg['install_dir_override'] = $cfg['IN_DEVELOPMENT_ENVIRONMENT'] || is_file(BASE_PATH . '/_install/install_check_override.txt');
if ($cfg['install_dir_exists'] && !$cfg['install_dir_override']) {
    header('Location: ' . makeAbsoluteURI('./_install/index.php'));
    exit;
}
/*
 * initiate database connection; do this AFTER checking for the _install directory, because
 * otherwise error reports from this init will have precedence over the _install-dir-exists
 * error report!
 */
$db = new MySQL();
// LANGUAGE ==
// multilingual support per page through language cfg override:
$language = getGETparam4IdOrNumber('lang');
if (empty($language)) {
    $language = $cfg['language'];
}
// blow away $cfg['language'] to ensure the language file(s) are loaded this time - it's our first anyhow.
Example #13
0
function die_with_forged_failure_msg($filepath = __FILE__, $lineno = __LINE__, $extra = null)
{
    global $ccms;
    global $cfg;
    $filepath = str_replace('\\', '/', $filepath);
    $pos = strpos($filepath, BASE_PATH);
    if ($pos !== false) {
        $filepath = substr($filepath, $pos + strlen(BASE_PATH) + 1);
    }
    if (empty($_SESSION['ccms_userID']) || empty($_SESSION['ccms_userName']) || !checkAuth()) {
        $msg = $ccms['lang']['system']['error_session_expired'] . ' <sub>(' . $filepath . ', ' . $lineno . (!empty($extra) ? ', ' . $extra : '') . ')</sub>';
    } else {
        $msg = $ccms['lang']['system']['error_forged'] . ' <sub>(' . $filepath . ', ' . $lineno . (!empty($extra) ? ', ' . $extra : '') . ')</sub>';
    }
    if (!headers_sent()) {
        header('Location: ' . makeAbsoluteURI($cfg['rootdir'] . 'lib/includes/auth.inc.php?status=error&msg=' . rawurlencode($msg)));
    }
    die($msg);
}
    try {
        // Only if current user has the rights
        if ($perm->is_level_okay('manageTemplate', $_SESSION['ccms_userLevel'])) {
            $filenoext = getGETparam4FullFilePath('template');
            $filename = BASE_PATH . '/lib/templates/' . $filenoext;
            $content = getPOSTparam4RAWCONTENT('content');
            // RAW CONTENT: the template may contain ANYTHING.
            if (is_writable_ex($filename)) {
                if (!($handle = fopen($filename, 'w'))) {
                    throw new FbX($ccms['lang']['system']['error_openfile'] . ' (' . $filename . ').');
                }
                if (fwrite($handle, $content) === FALSE) {
                    fclose($handle);
                    throw new FbX($ccms['lang']['system']['error_write'] . ' (' . $filename . ').');
                }
                // Do on success
                fclose($handle);
                header('Location: ' . makeAbsoluteURI('template-editor.Manage.php?status=notice&msg=' . rawurlencode($ccms['lang']['backend']['settingssaved']) . '&template=' . $filenoext));
                exit;
            } else {
                throw new FbX($ccms['lang']['system']['error_chmod']);
            }
        } else {
            throw new FbX($ccms['lang']['auth']['featnotallowed']);
        }
    } catch (CcmsAjaxFbException $e) {
        $e->croak();
    }
}
// when we get here, an illegal command was fed to us!
die_with_forged_failure_msg(__FILE__, __LINE__, "do_action={$do_action}, checkAuth=" . 1 * checkAuth());