Example #1
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Addons', 'modules_uninstall');
$val = CAT_Helper_Validate::getInstance();
$addons = CAT_Helper_Addons::getInstance();
// Get name and type of add on
$type = $val->sanitizePost('type', NULL, true);
$addon_name = $val->sanitizePost('file');
$file = $type == 'language' ? $addon_name . '.php' : $addon_name;
// Check if user selected a module
if (trim($file) == '' || trim($type) == '') {
    header("Location: index.php");
    exit(0);
}
$js_back = CAT_ADMIN_URL . '/addons/index.php';
// Check if the module exists
if (!$addons->isModuleInstalled($addon_name, NULL, preg_replace('~s$~', '', $type))) {
    $backend->print_error('Not installed', $js_back, false);
Example #2
0
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
// =================================
// ! Include the WB functions file
// =================================
include_once CAT_PATH . '/framework/functions.php';
$backend = CAT_Backend::getInstance('Media', 'media', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
$ajax['file'] = $val->sanitizePost('file');
$ajax['file_path'] = $val->sanitizePost('file_path');
if ($ajax['file'] == '' || $ajax['file_path'] == '' || $users->checkPermission('media', 'media_delete') !== true) {
    $ajax = array('message' => 'You don\'t have the permission to delete this file. Check your system settings.', 'success' => false);
    print json_encode($ajax);
    exit;
} else {
    // ============================
    // ! Try to delete file/folder
    // ============================
    $link = CAT_PATH . $ajax['file_path'] . '/' . $ajax['file'];
    if (file_exists($link)) {
Example #3
0
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$val = CAT_Helper_Validate::getInstance();
$perm = 'users_modify';
if ($val->sanitizePost('addUser')) {
    $perm = 'users_add';
}
$backend = CAT_Backend::getInstance('access', $perm, false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', $perm)) {
    $ajax = array('message' => $backend->lang()->translate('You do not have the permission to {{action}} a user.', array('action' => str_replace('users', '', $perm))), 'success' => false);
    print json_encode($ajax);
    exit;
}
$addUser = trim($val->sanitizePost('addUser', NULL, true));
$saveUser = trim($val->sanitizePost('saveUser', NULL, true));
include_once CAT_PATH . '/framework/functions.php';
// Gather details entered
$username_fieldname = str_replace(array("[[", "]]"), '', htmlspecialchars($val->sanitizePost('username_fieldname'), ENT_QUOTES));
$username = trim($val->sanitizePost($username_fieldname, NULL, true));
$display_name = trim(str_replace(array('[[', ']]'), '', htmlspecialchars($val->sanitizePost('display_name'), ENT_QUOTES)));
$user_id = $val->sanitizePost('user_id', NULL, true);
Example #4
0
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
// backend only
$backend = CAT_Backend::getInstance('admintools');
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('admintools', 'admintools');
// check if any editor is set
if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == '') {
    $admin->print_error('No WYSIWYG editor set, please set one first (Settings -&gt; Backend settings -&gt; WYSIWYG Editor)', NULL, false);
}
// check for config driver
$cfg_file = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/c_editor.php');
if (file_exists($cfg_file)) {
    require $cfg_file;
} elseif (file_exists(CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php"))) {
    require_once dirname(__FILE__) . "/driver/" . WYSIWYG_EDITOR . "/c_editor.php";
} else {
Example #5
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Pages', 'pages_delete', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
// Get perms
if (!$users->checkPermission('pages', 'pages_delete', false)) {
    $ajax = array('message' => $backend->lang()->translate('You do not have the permission to delete a page.'), 'success' => false);
    print json_encode($ajax);
    exit;
}
$page_id = $val->sanitizePost('page_id', 'numeric');
// Get page id
if (!$page_id) {
    $ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
    print json_encode($ajax);
    exit;
Example #6
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Addons', 'modules_install', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$success = false;
$message = '';
header('Content-type: application/json');
if (!$users->checkPermission('Addons', 'modules_install')) {
    $message = $backend->lang()->translate("Sorry, but you don't have the permissions for this action");
    printResult();
}
$type = $val->sanitizePost('new_moduletype');
$name = $val->sanitizePost('new_modulename');
$dir = $val->sanitizePost('new_moduledir');
$desc = $val->sanitizePost('new_moduledesc');
$author = $val->sanitizePost('new_moduleauthor');
$func = 'page';
Example #7
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Pages', 'pages_add', false);
$users = CAT_Users::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Pages', 'pages_add')) {
    $ajax = array('message' => $backend->lang()->translate('You do not have the permission to add a page.'), 'success' => false);
    print json_encode($ajax);
    exit;
}
// note: all pages are listed in the dropdown, even hidden / private AND deleted!
$dropdown_list = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(1), 0);
// template / variant
$template = CAT_Helper_Page::properties($val->sanitizePost('parent_id', 'numeric'), 'template');
$variant = CAT_Helper_Page::getPageSettings($val->sanitizePost('parent_id', 'numeric'), 'internal', 'template_variant');
$variants = array();
$info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($val->sanitizePost('parent_id', 'numeric')));
if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
Example #8
0
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true;
$backend = CAT_Backend::getInstance('admintools', 'admintools', $header);
$admin =& $backend;
$val = CAT_Helper_Validate::getInstance();
$get_tool = $val->sanitizeGet('tool', NULL, true);
if ($get_tool == '') {
    $get_tool = $val->sanitizePost('tool', NULL, true);
}
if ($get_tool == '') {
    header("Location: index.php");
    exit(0);
}
// check tool permission
if (!CAT_Users::get_permission($get_tool, 'module')) {
    header("Location: index.php");
    exit(0);
}
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$local = array('pages' => 'backend_pages_modify.js', 'access' => 'backend_users_index.js', 'addons' => 'backend_addons.js', 'media' => 'backend_media.js', 'preferences' => 'backend_preferences.js', 'settings' => array('backend_pages_modify.js', 'backend_settings_index.js'), 'login_index' => 'login.js');
$mod_headers = array('backend' => array('meta' => array(array('name' => 'viewport', 'content' => 'width=device-width, initial-scale=1')), 'css' => array(array('media' => 'screen', 'file' => 'templates/freshcat/css/default/index.css'), array('media' => 'screen', 'file' => 'modules/lib_jquery/plugins/qtip2/qtip2.min.css')), 'jquery' => array(array('core' => true, 'ui' => true, 'all' => array('jquery.highlight', 'jquery.cookies', 'tag-it', 'qtip2', 'jquery.form', 'jquery.livesearch', 'jquery.smarttruncation', 'cattranslate'))), 'js' => array(array('debug.js', 'jquery.fc_set_tab_list.js', 'jquery.fc_toggle_element.js', 'jquery.fc_resize_elements.js', 'jquery.fc_show_popup.js', 'general.js', 'pages_tree.js', 'session.js'))));
// get current backend section to add local JS
$page = strtolower(CAT_Backend::getInstance()->section_name);
if (isset($local[$page])) {
    if (!is_array($local[$page])) {
        $local[$page] = array($local[$page]);
    }
    $mod_headers['backend']['js'][0] = array_merge($mod_headers['backend']['js'][0], $local[$page]);
}
if ($page == 'addons') {
    array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/tabs.css'));
    if (CAT_Helper_Addons::isModuleInstalled('lib_dropzone')) {
        $mod_headers['backend']['js'][0][] = '/modules/lib_dropzone/vendor/dropzone.min.js';
        array_push($mod_headers['backend']['css'], array('file' => 'modules/lib_dropzone/vendor/dropzone.min.css'));
    }
    array_push($mod_headers['backend']['css'], array('file' => 'templates/freshcat/css/default/addons.css'));
}
// check for custom JS for current backend page
Example #10
0
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
global $parser;
$backend = CAT_Backend::getInstance('start');
$user = CAT_Users::getInstance();
$lang = CAT_Helper_I18n::getInstance();
$widget = CAT_Helper_Widget::getInstance();
// this will redirect to the login page if the permission is not set
$user->checkPermission('start', 'start', false);
// ================================================
// ! Check if installation directory still exists
// ================================================
if (file_exists(CAT_PATH . '/install/')) {
    CAT_Helper_Directory::removeDirectory(CAT_PATH . '/install/');
}
// exec initial_page
if ($val->sanitizeGet('initial') || !$user->checkPermission('start', 'start') === true) {
    $page = $user->get_initial_page();
    if ($page) {
Example #11
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('admintools', 'blackcatFilter');
$val = CAT_Helper_Validate::getInstance();
$showit = false;
$errors = array();
$upload_error = NULL;
// new filter?
if ($val->sanitizePost('filter_add')) {
    $data = array();
    foreach (array('module_name', 'name', 'description', 'code', 'active') as $key) {
        if (!$val->sanitizePost('filter_' . $key)) {
            if ($key == 'code' && isset($_FILES['filter_file'])) {
                $data[$key] = '';
                continue;
            }
            $errors[$key] = $backend->lang()->translate('Please fill out the field: {{ name }}', array('name' => $backend->lang()->translate($key)));
        } else {
Example #12
0
//**************************************************************************
if (!defined('SESSION_STARTED')) {
    session_name(APP_NAME . 'sessionid');
    $cookie_settings = session_get_cookie_params();
    session_set_cookie_params(3 * 3600, $cookie_settings["path"], $cookie_settings["domain"], strtolower(substr($_SERVER['SERVER_PROTOCOL'], 0, 5)) === 'https', true);
    unset($cookie_settings);
    session_start();
    CAT_Registry::register('SESSION_STARTED', true, true);
}
if (defined('ENABLED_ASP') && ENABLED_ASP && !isset($_SESSION['session_started'])) {
    $_SESSION['session_started'] = time();
}
//**************************************************************************
// frontend only
//**************************************************************************
if (!CAT_Backend::isBackend() && !defined('CAT_AJAX_CALL') && !defined('CAT_LOGIN_PHASE') && defined('ENABLE_CSRFMAGIC') && true === ENABLE_CSRFMAGIC) {
    CAT_Helper_Protect::getInstance()->enableCSRFMagic();
}
//**************************************************************************
// Get users language
//**************************************************************************
$val = CAT_Helper_Validate::getInstance();
$user_lang = $val->sanitizeGet('lang');
if ($user_lang && $user_lang != '' && !is_numeric($user_lang) && strlen($user_lang) == 2 && file_exists(CAT_PATH . '/languages/' . $user_lang . '.php')) {
    CAT_Registry::register('LANGUAGE', strtoupper($user_lang), true);
}
if (!CAT_Registry::exists('LANGUAGE')) {
    CAT_Registry::register('LANGUAGE', DEFAULT_LANGUAGE, true);
}
// Load Language file
if (!defined('LANGUAGE_LOADED')) {
Example #13
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Pages', 'pages_intro');
$val = CAT_Helper_Validate::getInstance();
// Get page content
$filename = CAT_PATH . PAGES_DIRECTORY . '/intro' . PAGE_EXTENSION;
if (file_exists($filename)) {
    $handle = fopen($filename, "r");
    $content = fread($handle, filesize($filename));
    fclose($handle);
} else {
    $content = '';
}
if ($val->sanitizeGet('wysiwyg') != 'no') {
    if (!defined('WYSIWYG_EDITOR') || WYSIWYG_EDITOR == 'none' || !file_exists(CAT_PATH . '/modules/' . WYSIWYG_EDITOR . '/include.php')) {
        function show_wysiwyg_editor($name, $id, $content, $width, $height)
        {
            echo '<textarea name="' . $name . '" id="' . $id . '" style="width: ' . $width . '; height: ' . $height . ';">' . $content . '</textarea>';
Example #14
0
// =========================================================
// ! Get display name of person who last modified the page
// =========================================================
$user = $users->get_user_details($results_array['modified_by']);
// =================================
// ! Add permissions to $data_dwoo
// =================================
$permission['pages'] = $users->checkPermission('Pages', 'pages') ? true : false;
$permission['pages_add'] = $users->checkPermission('Pages', 'pages_add') ? true : false;
$permission['pages_add_l0'] = $users->checkPermission('Pages', 'pages_add_l0') ? true : false;
$permission['pages_modify'] = $users->checkPermission('Pages', 'pages_modify') ? true : false;
$permission['pages_delete'] = $users->checkPermission('Pages', 'pages_delete') ? true : false;
$permission['pages_settings'] = $users->checkPermission('Pages', 'pages_settings') ? true : false;
$permission['pages_intro'] = $users->checkPermission('Pages', 'pages_intro') != true || INTRO_PAGE != 'enabled' ? false : true;
// list of all pages for dropdown, sorted by parent->child
$pages = CAT_Helper_ListBuilder::sort(CAT_Helper_Page::getPages(CAT_Backend::isBackend()), 0);
// =============================================
// ! Add result_array to the template variable
// =============================================
$ajax = array('description' => $results_array['description'], 'keywords' => $results_array['keywords'], 'language' => $results_array['language'], 'level' => $results_array['level'], 'menu' => $results_array['menu'], 'menu_title' => htmlspecialchars_decode($results_array['menu_title'], ENT_QUOTES), 'modified_when' => $results_array['modified_when'] != 0 ? CAT_Helper_DateTime::getDate($results_array['modified_when']) : 'Unknown', 'page_id' => $results_array['page_id'], 'page_title' => htmlspecialchars_decode($results_array['page_title'], ENT_QUOTES), 'parent' => $results_array['parent'], 'searching' => $results_array['searching'] == 0 ? false : true, 'short_link' => substr($results_array['link'], strripos($results_array['link'], '/') + 1), 'target' => $results_array['target'], 'template' => $results_array['template'], 'visibility' => $results_array['visibility'], 'display_name' => $user['display_name'], 'username' => $user['username'], 'DISPLAY_MENU_LIST' => MULTIPLE_MENUS != false ? true : false, 'DISPLAY_LANGUAGE_LIST' => PAGE_LANGUAGES != false ? true : false, 'DISPLAY_SEARCHING' => SEARCH != false ? true : false, 'admin_groups' => explode(',', str_replace('_', '', $results_array['admin_groups'])), 'viewing_groups' => explode(',', str_replace('_', '', $results_array['viewing_groups'])), 'parent_list' => $pages, 'PAGE_EXTENSION' => $backend->db()->query("SELECT `value` FROM `:prefix:settings` WHERE name = 'page_extension'")->fetchColumn());
$ajax['variants'] = array();
$info = CAT_Helper_Addons::checkInfo(CAT_PATH . '/templates/' . CAT_Helper_Page::getPageTemplate($results_array['page_id']));
if (isset($info['module_variants']) && is_array($info['module_variants']) && count($info['module_variants'])) {
    $ajax['variants'] = $info['module_variants'];
    array_unshift($ajax['variants'], '');
}
$ajax['template_variant'] = CAT_Helper_Page::getPageSettings($results_array['page_id'], 'internal', 'template_variant');
// ====================
// ! Return values
// ====================
print json_encode($ajax);
Example #15
0
/**
 * Check if a output filter is already registered
 *
 * @param string $filter_name
 * @param string $module_directory
 * @return boolean
 */
function is_filter_registered($filter_name, $module_directory)
{
    $backend = CAT_Backend::getInstance('addons', 'modules_install');
    $SQL = sprintf("SELECT `filter_name` FROM `:prefix:mod_filter` WHERE " . "`filter_name`='%s' AND `module_name`='%s'", $filter_name, $module_directory);
    if (false === ($name = $backend->db()->get_one($SQL, MYSQL_ASSOC))) {
        return false;
    }
    return $name == $filter_name;
}
Example #16
0
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
ob_start();
header("Cache-Control: no-cache, must-revalidate");
header("Pragma: no-cache");
header("Content-Type: text/html; charset:utf-8;");
$backend = CAT_Backend::getInstance('Settings', 'settings_basic');
$curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id());
if (!$curr_user_is_admin) {
    echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>";
    exit;
}
$settings = array();
$sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"';
if ($res = $backend->db()->query($sql)) {
    $row = $res->fetchRow(MYSQL_ASSOC);
}
if (!isset($row['value']) || $row['value'] == '') {
    @(require_once CAT_PATH . '/framework/CAT/Object.php');
    $guid = CAT_Object::createGUID();
    $row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL;
    $backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")');
Example #17
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Access', 'users', false, false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('access', 'users')) {
    $ajax = array('message' => $backend->lang()->translate('You do not have the permission to view users'), 'success' => false);
    print json_encode($ajax);
    exit;
}
$user_id = $val->sanitizePost('id', 'numeric');
if (!$user_id || $user_id == 1) {
    $ajax = array('message' => $backend->lang()->translate('You sent an invalid value'), 'success' => false);
    print json_encode($ajax);
    exit;
}
$user = $users->get_user_details($user_id);
Example #18
0
 function print_footer()
 {
     return CAT_Backend::getInstance('')->print_footer();
 }
Example #19
0
        if (empty($sub)) {
            continue;
        }
        $dir .= '/' . $sub;
        if (file_exists($dir . '/framework/class.secure.php')) {
            include $dir . '/framework/class.secure.php';
            $inc = true;
            break;
        }
    }
    if (!$inc) {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
// protect
$backend = CAT_Backend::getInstance('Start', 'start', false, false);
if (!CAT_Users::is_authenticated()) {
    exit;
}
// just to be _really_ sure...
require CAT_PATH . '/framework/CAT/ExceptionHandler.php';
// register exception/error handlers
set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler"));
set_error_handler(array("CAT_ExceptionHandler", "errorHandler"));
register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler"));
include dirname(__FILE__) . '/../data/config.inc.php';
$widget_name = 'Version check';
$error = $version = $newer = $last = $last_version = NULL;
$debug = false;
$doit = true;
if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) {
Example #20
0
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$tpl_data = array();
$backend = CAT_Backend::getInstance('Addons', 'addons');
$users = CAT_Users::getInstance();
$addons = CAT_Helper_Addons::get_addons();
$counter = 0;
$seen_dirs = array();
$tpl_data['addons'] = array();
$tpl_data['not_installed_addons'] = array('modules' => array(), 'templates' => array(), 'languages' => array());
$tpl_data['groups'] = $users->get_groups('', '', false);
$tpl_data['username'] = $users->get_display_name();
// for new addons
global $parser;
foreach ($addons as $addon) {
    // check if the user is allowed to see this item
    if (!$users->get_permission($addon['directory'], $addon['type'])) {
        $seen_dirs[] = $addon['directory'];
        continue;
Example #21
0
/**
 * let the user manage the available backups
 **/
function manage_droplet_backups()
{
    global $parser, $settings, $val, $backend;
    $groups = CAT_Users::get_groups_id();
    if (!CAT_Helper_Droplet::is_allowed('manage_backups', $groups)) {
        $backend->print_error(CAT_Backend::getInstance()->lang()->translate("You don't have the permission to do this"));
    }
    $rows = array();
    $info = NULL;
    $dirh = CAT_Helper_Directory::getInstance();
    // recover
    $recover = $val->get('_REQUEST', 'recover');
    if ($recover && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover))) {
        if (!function_exists('droplets_upload')) {
            @(include_once dirname(__FILE__) . '/include.php');
        }
        $temp_unzip = $dirh->sanitizePath(CAT_PATH . '/temp/unzip/');
        $result = droplets_import($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $recover), $temp_unzip);
        $info = $backend->lang()->translate('Successfully imported [{{count}}] Droplet(s)', array('count' => $result['count']));
    }
    // delete single backup
    $delbackup = $val->get('_REQUEST', 'delbackup');
    if ($delbackup && file_exists($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup))) {
        @unlink($dirh->sanitizePath(dirname(__FILE__) . '/export/' . $delbackup));
        $info = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => $delbackup));
    }
    // delete a list of backups
    // get all marked droplets
    $marked = isset($_POST['markeddroplet']) ? $_POST['markeddroplet'] : array();
    if (count($marked)) {
        $deleted = array();
        foreach ($marked as $file) {
            $file = $dirh->sanitizePath(dirname(__FILE__) . '/export/' . $file);
            if (file_exists($file)) {
                @unlink($file);
                $deleted[] = $backend->lang()->translate('Backup file deleted: {{file}}', array('file' => basename($file)));
            }
        }
        if (count($deleted)) {
            $info = implode('<br />', $deleted);
        }
    }
    $backups = $dirh->scanDirectory($dirh->sanitizePath(dirname(__FILE__) . '/export'), true, true, NULL, array('zip'));
    if (count($backups) > 0) {
        // sort by name
        sort($backups);
        foreach ($backups as $file) {
            // stat
            $stat = stat($file);
            // get zip contents
            $count = CAT_Helper_Zip::getInstance($file)->listContent();
            $rows[] = array('name' => basename($file), 'size' => $stat['size'], 'date' => strftime('%c', $stat['ctime']), 'files' => count($count), 'listfiles' => implode(", ", array_map(create_function('$cnt', 'return $cnt["filename"];'), $count)), 'download' => CAT_Helper_Validate::sanitize_url(CAT_URL . '/modules/droplets/export/' . basename($file)));
        }
    }
    $parser->output('backups', array('rows' => $rows, 'info' => $info, 'backups' => count($backups) ? 1 : NULL));
}
Example #22
0
 *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 *   General Public License for more details.
 *
 *   You should have received a copy of the GNU General Public License
 *   along with this program; if not, see <http://www.gnu.org/licenses/>.
 *
 *   @author          Black Cat Development
 *   @copyright       2013, Black Cat Development
 *   @link            http://blackcat-cms.org
 * @license         http://www.gnu.org/licenses/gpl.html
 *   @category        CAT_Core
 *   @package         CAT_Core
 *
 */
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
CAT_Backend::getInstance('Pages', 'pages_modify')->db()->query(sprintf("DELETE FROM `%smod_wysiwyg` WHERE section_id = '%d'", CAT_TABLE_PREFIX, $section_id));
Example #23
0
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_settings');
if (!$users->checkPermission('pages', 'pages_settings')) {
    $backend->print_error('You do not have permissions to modify this page');
}
// ===============
// ! Get page id
// ===============
$page_id = $val->sanitizePost('page_id', 'numeric');
if (!$page_id) {
    $backend->print_error('Missing page ID!');
}
// Include the WB functions file
require_once CAT_PATH . '/framework/functions.php';
// get form data
$language = $val->sanitizePost('map_language', NULL, true);
$link_page_id = $val->sanitizePost('link_page_id', 'numeric', true);
Example #24
0
 /**
  *
  * @access public
  * @return
  **/
 public static function get_init_pages()
 {
     // frontend pages
     $pages = CAT_Helper_Page::getPages();
     $frontend_pages = array();
     foreach ($pages as $page) {
         $frontend_pages[$page['menu_title']] = 'pages/modify.php?page_id=' . $page['page_id'];
     }
     // admin tools
     $tools = CAT_Helper_Addons::get_addons(NULL, 'module', 'tool');
     $admin_tools = array();
     foreach ($tools as $tool) {
         $admin_tools[$tool['name']] = 'admintools/tool.php?tool=' . $tool['directory'];
     }
     // backend pages
     $backend_pages = CAT_Backend::getPages();
     return array('backend_pages' => $backend_pages, 'frontend_pages' => $frontend_pages, 'admin_tools' => $admin_tools);
 }
Example #25
0
 /**
  * Allows modules to register a file which should be allowed to load the
  * config.php directly.
  *
  * This is only allowed in installation context!
  *
  * @access public
  * @param  string  $module   - module name
  * @param  string  $filepath - relative file path
  **/
 public static function sec_register_file($module, $filepath)
 {
     global $admin;
     if (!CAT_Backend::isBackend() && !is_object($admin) && !defined('CAT_INSTALL')) {
         self::getInstance()->log()->logCrit("sec_register_file() called outside admin context!");
         self::$error = "sec_register_file() called outside admin context!";
         return false;
     }
     // check permissions
     if (!CAT_Users::checkPermission('Addons', 'modules_install') && !defined('CAT_INSTALL')) {
         self::getInstance()->log()->logCrit("sec_register_file() called without modules_install perms!");
         self::$error = "sec_register_file() called without modules_install perms!";
         return false;
     }
     // this will remove ../.. from $filepath
     $filepath = CAT_Helper_Directory::sanitizePath($filepath);
     if (!is_dir(CAT_PATH . '/modules/' . $module)) {
         self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])");
         self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])";
         return false;
     }
     if (!file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/' . $filepath))) {
         self::getInstance()->log()->logCrit("sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])");
         self::$error = "sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])";
         return false;
     }
     $self = self::getInstance();
     $q = $self->db()->query('SELECT * FROM `:prefix:addons` WHERE directory=:dir', array('dir' => $module));
     if (!$q->rowCount()) {
         self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!");
         self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!";
         return false;
     }
     $row = $q->fetchRow();
     // remove trailing / from $filepath
     $filepath = preg_replace('~^/~', '', $filepath);
     $q = $self->db()->query('SELECT * FROM `:prefix:class_secure` WHERE module=:mod AND filepath=:path', array('mod' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
     if (!$q->rowCount()) {
         $self->db()->query('REPLACE INTO `:prefix:class_secure` VALUES ( :id, :path )', array('id' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath));
         return $self->db()->isError() ? false : true;
     }
     return true;
 }
Example #26
0
if (defined('CAT_PATH')) {
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$backend = CAT_Backend::getInstance('Settings', 'settings', false);
$users = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
header('Content-type: application/json');
if (!$users->checkPermission('Settings', 'settings')) {
    $ajax = array('message' => $backend->lang()->translate("Sorry, but you don't have the permissions for this action"), 'success' => false);
    print json_encode($ajax);
    exit;
}
global $err_msg;
$err_msg = array();
require_once dirname(__FILE__) . '/functions.php';
$region = $val->sanitizePost('current_page');
switch ($region) {
    case 'sysinfo':
        // nothing to save here
Example #27
0
    include CAT_PATH . '/framework/class.secure.php';
} else {
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
header('Content-type: application/json');
$backend = CAT_Backend::getInstance('user', 'preferences', false, false);
$user = CAT_Users::getInstance();
$val = CAT_Helper_Validate::getInstance();
$extended = $user->getExtendedOptions();
$err_msg = array();
// =================================================
// ! remove any dangerouse chars from display_name
// =================================================
$display_name = $val->add_slashes(strip_tags(trim($val->sanitizePost('display_name'))));
$display_name = $display_name == '' ? $user->get_display_name() : $display_name;
// ==================================================================================
// ! check that display_name is unique in whole system (prevents from User-faking)
// ==================================================================================
$sql = 'SELECT COUNT(*) FROM `:prefix:users` WHERE `user_id` <> :id AND `display_name` LIKE :name';
if ($backend->db()->query($sql, array('id' => (int) $user->get_user_id(), 'name' => $display_name))->fetchColumn() > 0) {
    $err_msg[] = $backend->lang->translate('The username you entered is already taken');
Example #28
0
/**
 *
 **/
function getPagesList($fieldname, $selected, $add_empty = false)
{
    $pages_list = CAT_Helper_Page::getPages(CAT_Backend::isBackend());
    $deleted = CAT_Helper_Page::getPagesByVisibility('deleted');
    if (count($deleted)) {
        $arrh = CAT_Helper_Array::getInstance();
        foreach ($deleted as $page) {
            $arrh->ArrayRemove($page, $pages_list, 'page_id');
        }
    }
    if ($add_empty) {
        array_unshift($pages_list, array('page_id' => 0, 'parent' => 0, 'level' => 0, 'is_open' => false, 'menu_title' => CAT_Helper_Page::getInstance()->lang()->translate('[none (use internal)]')));
    }
    return CAT_Helper_ListBuilder::getInstance(true)->config(array('space' => '|-- '))->dropdown($fieldname, $pages_list, 0, $selected);
}
Example #29
0
    $root = "../";
    $level = 1;
    while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) {
        $root .= "../";
        $level += 1;
    }
    if (file_exists($root . '/framework/class.secure.php')) {
        include $root . '/framework/class.secure.php';
    } else {
        trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR);
    }
}
$update_when_modified = true;
$val = CAT_Helper_Validate::getInstance();
$user = CAT_Users::getInstance();
$backend = CAT_Backend::getInstance('Pages', 'pages_modify');
// ===============
// ! Get page id
// ===============
$page_id = $val->get('_REQUEST', 'page_id', 'numeric');
$section_id = $val->get('_REQUEST', 'section_id', 'numeric');
if (!$page_id) {
    header("Location: index.php");
    exit(0);
}
// =============
// ! Get perms
// =============
if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) {
    $backend->print_error('You do not have permissions to modify this page!');
}
Example #30
0
 /**
  * returns a list of page_id's containing the children of given parent
  *
  * @access public
  * @param  integer  $parent (default:0)
  * @param  boolean  $add_sections (default:false)
  * @return array
  **/
 public static function getPagesByParent($parent = 0, $add_sections = false)
 {
     if (!count(self::$pages_by_parent)) {
         $pages = self::getPages(CAT_Backend::isBackend());
         foreach ($pages as $page) {
             self::$pages_by_parent[$page['parent']][] = $page['page_id'];
         }
     }
     return isset(self::$pages_by_parent[$parent]) ? self::$pages_by_parent[$parent] : array();
 }