/** * exception handler; allows to remove paths from error messages and show * optional stack trace **/ public static function exceptionHandler($exception) { $exc_class = get_class($exception); try { $logger = CAT_Helper_KLogger::instance(CAT_PATH . '/temp/logs', 2); $logger->logFatal(sprintf('Exception with message [%s] emitted in [%s] line [%s]', $exception->getMessage(), $exception->getFile(), $exception->getLine())); } catch (Exception $e) { } if (isset($exc_class::$exc_trace) && $exc_class::$exc_trace === true) { $traceline = "#%s %s(%s): %s(%s)"; $msg = "Uncaught exception '%s' with message '%s'<br />" . "<div style=\"font-size:smaller;width:80%%;margin:5px auto;text-align:left;\">" . "in %s:%s<br />Stack trace:<br />%s<br />" . "thrown in %s on line %s</div>"; $trace = $exception->getTrace(); foreach ($trace as $key => $stackPoint) { $trace[$key]['args'] = array_map('gettype', $trace[$key]['args']); } // build tracelines $result = array(); foreach ($trace as $key => $stackPoint) { $result[] = sprintf($traceline, $key, isset($stackPoint['file']) ? $stackPoint['file'] : '-', isset($stackPoint['line']) ? $stackPoint['line'] : '-', $stackPoint['function'], implode(', ', $stackPoint['args'])); } // trace always ends with {main} $result[] = '#' . ++$key . ' {main}'; // write tracelines into main template $msg = sprintf($msg, get_class($exception), $exception->getMessage(), $exception->getFile(), $exception->getLine(), implode("<br />", $result), $exception->getFile(), $exception->getLine()); } else { // filter message $message = $exception->getMessage(); $message = str_replace(array(CAT_Helper_Directory::sanitizePath(CAT_PATH), str_replace('/', '\\', CAT_Helper_Directory::sanitizePath(CAT_PATH))), array('[path to]', '[path to]'), $message); $msg = "[{$exc_class}] {$message}"; } // log $logger->logFatal($msg); // show detailed error information to admin only if (CAT_Users::is_authenticated() && CAT_Users::is_root()) { CAT_Object::printFatalError($msg); } else { CAT_Object::printFatalError("An internal error occured. We're sorry for inconvenience."); } }
function Dwoo_Plugin_display_name(Dwoo $dwoo) { return CAT_Users::get_display_name(); }
if (!$page_id) { header("Location: index.php"); exit(0); } // ============= // ! Get perms // ============= if (CAT_Helper_Page::getPagePermission($page_id, 'admin') !== true) { $backend->print_error('You do not have permissions to modify this page!'); } // ================= // ! Get new content // ================= $content = $val->sanitizePost('content' . $section_id); // for non-admins only if (!CAT_Users::getInstance()->ami_group_member(1)) { // if HTMLPurifier is enabled... $r = $backend->db()->get_one('SELECT * FROM `' . CAT_TABLE_PREFIX . 'mod_wysiwyg_admin_v2` WHERE set_name="enable_htmlpurifier" AND set_value="1"'); if ($r) { // use HTMLPurifier to clean up the output $content = CAT_Helper_Protect::getInstance()->purify($content, array('Core.CollectErrors' => true)); } } else { $content = $val->add_slashes($content); } /** * searching in $text will be much easier this way */ $text = umlauts_to_entities(strip_tags($content), strtoupper(DEFAULT_CHARSET), 0); /** * save
// ============================= $query_sections = $backend->db()->query('SELECT `module` FROM `' . CAT_TABLE_PREFIX . 'sections` WHERE `page_id`= ' . $page_id . ' AND `section_id` = ' . $update_section_id); if ($query_sections->numRows() == 1) { if ($section = $query_sections->fetchRow(MYSQL_ASSOC)) { if (!is_numeric(array_search($section['module'], $module_permissions))) { $sql = $block != '' ? '`block` = ' . $backend->add_slashes($block) . ', ' : ''; $sql .= $name != '' ? '`name` = "' . mysql_real_escape_string($name) . '", ' : ''; $date_from = $day_from * $month_from * $year_from > 0 ? mktime($hour_from, $minute_from, 0, $month_from, $day_from, $year_from) : 0; $date_to = $day_to * $month_to * $year_to > 0 ? mktime($hour_to, $minute_to, 0, $month_to, $day_to, $year_to) : 0; if ($date_from > $date_to) { $backend->print_error($backend->lang->translate('Please check your entries for dates'), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } $sql .= '`publ_start` = ' . $date_from . ', '; $sql .= '`publ_end` = ' . $date_to . ', '; $sql .= '`modified_when` = "' . time() . '", '; $sql .= '`modified_by` = ' . CAT_Users::get_user_id(); $backend->db()->query('UPDATE ' . CAT_TABLE_PREFIX . 'sections SET ' . $sql . ' WHERE `page_id`= ' . $page_id . ' AND section_id = ' . $update_section_id . ' LIMIT 1'); } } else { $backend->print_error('You do not have permissions to modify this page', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } } else { $backend->print_error('Section not found', CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } } // ============================================ // ! Check for error or print success message // ============================================ if ($backend->db()->isError()) { $backend->print_error($backend->db()->getError(), CAT_ADMIN_URL . '/pages/modify.php?page_id=' . $page_id); } else {
} else { if (!$user->validatePassword($new_password_1)) { $err_msg[] = $user->getPasswordError(); } } } #$current_password = md5($current_password); $new_password_1 = md5($new_password_1); $new_password_2 = md5($new_password_2); // ======================================================================================= // ! if no validation errors, try to update the database, otherwise return errormessages // ======================================================================================= if (!count($err_msg)) { $user_id = $user->get_user_id(); // check pw if (!CAT_Users::checkUserLogin($user->get_username(), $current_password)) { print json_encode(array('success' => false, 'message' => $backend->lang()->translate('The (current) password you entered is incorrect'))); exit; } // --- save basics --- $sql = sprintf('UPDATE `%susers` SET `display_name` = "%s", ' . '`password` = "%s", ' . '`email` = "%s", ' . '`language` = "%s" ' . 'WHERE `user_id` = %d ' . 'AND `password` = "%s"', CAT_TABLE_PREFIX, $display_name, $new_password_1, $email, $language, $user_id, md5($current_password)); if (($stmt = $backend->db()->query($sql)) !== false) { // update successful // --- save additional settings --- $backend->db()->query('DELETE FROM `' . CAT_TABLE_PREFIX . 'users_options` WHERE `user_id` = ' . $user_id); foreach ($extended as $opt => $check) { $value = $val->sanitizePost($opt); //echo "OPT -$opt- VAL -$value- CHECK -$check- VALID -" . call_user_func($check,$value) . "-\n<br />"; if ($check && !call_user_func($check, $value)) { continue; }
/** * **/ function toggle_active($id) { global $parser, $val, $backend; $groups = CAT_Users::get_groups_id(); if (!CAT_Helper_Droplet::is_allowed('modify_droplets', $groups)) { $backend->print_error($backend->lang()->translate("You don't have the permission to do this")); } $data = CAT_Helper_Droplet::getDroplet($id); $new = $data['active'] == 1 ? 0 : 1; $backend->db()->query('UPDATE `:prefix:mod_droplets` SET active=:active WHERE id=:id', array('active' => $new, 'id' => $id)); return list_droplets(); }
/** * if auth_max_login_length is changed, there must not be any users that have * longer names **/ function check_auth_max_login_length($value, $oldvalue) { global $database, $err_msg; $result = $database->query(sprintf('select count(*) as cnt from `%susers` where char_length(username)>%d', CAT_TABLE_PREFIX, $value)); if ($result->numRows()) { $row = $result->fetchRow(MYSQL_ASSOC); if ($row['cnt'] > 0) { $err_msg[] = CAT_Users::getInstance()->lang()->translate('The max. Login name length could not be saved. There is/are {{ count }} user/s that have longer names.', array('count' => $row['cnt'])); return $oldvalue; } } return $value; }
/** * Install a Droplet from a ZIP file (the ZIP may contain more than one * Droplet) * * @access public * @param string $temp_file - name of the ZIP file * @return array see droplets_import() method * **/ public static function installDroplet($temp_file) { $self = self::getInstance(); $temp_unzip = CAT_PATH . '/temp/droplets_unzip/'; CAT_Helper_Directory::createDirectory($temp_unzip); $errors = array(); $imports = array(); $count = 0; // extract file $list = CAT_Helper_Zip::getInstance($temp_file)->config('Path', $temp_unzip)->extract(); // get .php files $files = CAT_Helper_Directory::getPHPFiles($temp_unzip, $temp_unzip . '/'); // now, open all *.php files and search for the header; // an exported droplet starts with "//:" foreach ($files as $file) { if (pathinfo($file, PATHINFO_FILENAME) !== 'index' && pathinfo($file, PATHINFO_EXTENSION) == 'php') { $description = NULL; $usage = NULL; $code = NULL; // Name of the Droplet = Filename $name = pathinfo($file, PATHINFO_FILENAME); // Slurp file contents $lines = file($temp_unzip . '/' . $file); // First line: Description if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $description = addslashes($match[1]); array_shift($lines); } // Second line: Usage instructions if (preg_match('#^//\\:(.*)$#', $lines[0], $match)) { $usage = addslashes($match[1]); array_shift($lines); } // there may be more comment lines; they will be added to the usage instructions while (preg_match('#^//(.*)$#', $lines[0], $match)) { $usage .= addslashes(trim($match[1])); array_shift($lines); } if (!$description && !$usage) { // invalid file $errors[$file] = CAT_Helper_Directory::getInstance()->lang()->translate('No valid Droplet file (missing description and/or usage instructions)'); continue; } // Remaining: Droplet code $code = implode('', $lines); // replace 'evil' chars in code $tags = array('<?php', '?>', '<?'); //$code = addslashes(str_replace($tags, '', $code)); $code = str_replace($tags, '', $code); // Already in the DB? $stmt = 'INSERT'; $id = NULL; $found = $self->db()->query("SELECT * FROM `:prefix:mod_droplets` WHERE name=:name", array('name' => $name)); if ($found->rowCount()) { $stmt = 'REPLACE'; $id = $found->fetchColumn(); } // execute $q = "{$stmt} INTO `:prefix:mod_droplets` SET " . ($id ? 'id=' . $id . ', ' : '') . '`name`=:name, `code`=:code, `description`=:desc, ' . '`modified_when`=:when, `modified_by`=:userid, ' . '`active`=:active, `comments`=:usage'; $params = array('name' => $name, 'code' => $code, 'desc' => $description, 'when' => time(), 'userid' => CAT_Users::get_user_id(), 'active' => 1, 'usage' => $usage); $result = $self->db()->query($q, $params); if (!$self->db()->isError()) { $count++; $imports[$name] = 1; } else { $errors[$name] = $self->db()->getError(); } } // check for data directory if (file_exists($temp_unzip . '/data')) { // copy all files CAT_Helper_Directory::copyRecursive($temp_unzip . '/data', dirname(__FILE__) . '/data/'); } } // cleanup; ignore errors here CAT_Helper_Directory::removeDirectory($temp_unzip); return array('count' => $count, 'errors' => $errors, 'imported' => $imports); }
$tpl_data['blocks'][$bcnt]['current_block_name'] = $parser->get_template_block_name($current_template, $section['block']) . ' (' . $backend->lang()->translate('Block number') . ': ' . $section['block'] . ')'; $tpl_data['blocks'][$bcnt]['section_id'] = $section['section_id']; $tpl_data['blocks'][$bcnt]['module'] = $section['module']; $tpl_data['blocks'][$bcnt]['name'] = $section['name']; $tpl_data['blocks'][$bcnt]['date_day_from'] = $section['publ_start'] > 0 ? date('d', $section['publ_start']) : ''; $tpl_data['blocks'][$bcnt]['date_month_from'] = $section['publ_start'] > 0 ? date('m', $section['publ_start']) : ''; $tpl_data['blocks'][$bcnt]['date_year_from'] = $section['publ_start'] > 0 ? date('Y', $section['publ_start']) : ''; $tpl_data['blocks'][$bcnt]['date_hour_from'] = $section['publ_start'] > 0 ? date('H', $section['publ_start']) : ''; $tpl_data['blocks'][$bcnt]['date_minute_from'] = $section['publ_start'] > 0 ? date('i', $section['publ_start']) : ''; $tpl_data['blocks'][$bcnt]['date_day_to'] = $section['publ_start'] > 0 ? date('d', $section['publ_end']) : ''; $tpl_data['blocks'][$bcnt]['date_month_to'] = $section['publ_start'] > 0 ? date('m', $section['publ_end']) : ''; $tpl_data['blocks'][$bcnt]['date_year_to'] = $section['publ_start'] > 0 ? date('Y', $section['publ_end']) : ''; $tpl_data['blocks'][$bcnt]['date_hour_to'] = $section['publ_start'] > 0 ? date('H', $section['publ_end']) : ''; $tpl_data['blocks'][$bcnt]['date_minute_to'] = $section['publ_start'] > 0 ? date('i', $section['publ_end']) : ''; $tpl_data['blocks'][$bcnt]['modified_when'] = $section['modified_when'] ? CAT_Helper_DateTime::getDateTime($section['modified_when']) : ''; $tpl_data['blocks'][$bcnt]['modified_by'] = $section['modified_by'] ? (CAT_Users::get_user_details($section['modified_by'], 'display_name') ? CAT_Users::get_user_details($section['modified_by'], 'display_name') : '') . ' (' . CAT_Users::get_user_details($section['modified_by'], 'username') . ')' : ''; // load language file (if any) $langfile = CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages/' . LANGUAGE . '.php'); if (file_exists($langfile)) { if (!$backend->lang()->checkFile($langfile, 'LANG', true)) { // old fashioned language file include $langfile; } else { // modern language file $backend->lang()->addFile(LANGUAGE . '.php', CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/languages')); } } // ====================================================== // ! Include the module and add it to the output buffer // ====================================================== ob_start();
/** * get last DB error * * @access public * @return string **/ public function getError() { // show detailed error message only to global admin if (CAT_Users::is_authenticated() && CAT_Users::is_root()) { return $this->lasterror; } else { return "An internal error occured. We're sorry for inconvenience."; } }
/** * Check whether a page is visible or not * This will check page-visibility, user- and group permissions * * @access public * @param integer $page_id * @return boolean **/ public static function isVisible($page_id) { $show_it = false; $page = self::properties($page_id); switch ($page['visibility']) { // never shown in FE case 'none': case 'deleted': $show_it = false; break; // shown if called, but not in menu // shown if called, but not in menu case 'hidden': if (self::selectPage() == $page_id) { $show_it = true; } break; // always visible // always visible case 'public': $show_it = true; break; // shown if user is allowed // shown if user is allowed case 'private': case 'registered': if (CAT_Users::is_authenticated() == true) { // check language if (CAT_Registry::get('PAGE_LANGUAGES') == 'false' || (self::properties($page_id, 'language') == '' || self::properties($page_id, 'language') == LANGUAGE)) { $show_it = CAT_Users::is_group_match(CAT_Users::get_groups_id(), $page['viewing_groups']) || CAT_Users::is_group_match(CAT_Users::get_user_id(), $page['viewing_users']) || CAT_Users::is_root(); } } else { $show_it = false; } break; } return $show_it; }
function Dwoo_Plugin_user_logged_in(Dwoo $dwoo) { return CAT_Users::is_authenticated(); }
$level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } header('Content-type: application/json'); $backend = CAT_Backend::getInstance('admintools', 'blackcatFilter', false, false); $val = CAT_Helper_Validate::getInstance(); $error = NULL; if (!CAT_Users::getInstance()->checkPermission('admintools', 'blackcatFilter')) { $ajax = array('message' => $backend->lang()->translate('You do not have permissions to modify this page'), 'success' => false); print json_encode($ajax); exit; } $filter = $val->get('_REQUEST', 'filter'); $action = $val->get('_REQUEST', 'action'); // filter to activate/deactivate? if ($action != 'delete') { $value = $action == 'activate' ? 'Y' : 'N'; $backend->db()->query(sprintf("UPDATE `%smod_filter` SET filter_active='%s' WHERE filter_name='%s'", CAT_TABLE_PREFIX, $value, $filter)); if ($backend->db()->isError()) { $error = $backend->db()->getError(); } } else { $res = $backend->db()->query(sprintf("SELECT * FROM `%smod_filter` WHERE filter_name='%s'", CAT_TABLE_PREFIX, $filter));
/** * * @access public * @return **/ public static function updateWhenModified() { global $update_when_modified, $page_id, $section_id; // if changes were made, the var might be set if (isset($update_when_modified) && $update_when_modified == true) { self::getInstance()->db()->query("UPDATE `:prefix:pages` SET modified_when=:mod, modified_by=:by WHERE page_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $page_id)); if ($section_id) { self::getInstance()->db()->query("UPDATE `:prefix:sections` SET modified_when=:mod, modified_by=:by WHERE section_id=:id", array('mod' => time(), 'by' => CAT_Users::get_user_id(), 'id' => $section_id)); } } }
/** * set login error and increase number of login attempts * * @access private * @param string $msg - error message * @return void **/ private static function setLoginError($msg) { self::$loginerror = $msg; self::$lasterror = $msg; self::$errorstack[] = $msg; if (!isset($_SESSION['ATTEMPTS'])) { $_SESSION['ATTEMPTS'] = 0; } else { $_SESSION['ATTEMPTS'] = CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') + 1; } }
* @package CAT_Core * */ define('CAT_LOGIN_PHASE', 1); if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } if (CAT_Helper_Validate::getInstance()->fromSession('ATTEMPTS') > MAX_ATTEMPTS) { $redirect = CAT_URL . '/templates/' . DEFAULT_THEME . '/templates/warning.html'; $ajax = array('url' => $redirect, 'success' => true, 'message' => NULL); } else { #CAT_Helper_Protect::getInstance()->enableCSRFMagic(); $redirect = CAT_Users::getInstance()->handleLogin(); $error = CAT_Users::getInstance()->loginError(); $ajax = array('url' => $redirect, 'success' => CAT_Users::getInstance()->is_authenticated(), 'message' => $redirect === false || $error ? $error : NULL); } header('Content-type: application/json'); print json_encode($ajax); exit;
* */ if (defined('CAT_PATH')) { include CAT_PATH . '/framework/class.secure.php'; } else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $username_fieldname = 'username'; $password_fieldname = 'password'; $redirect = CAT_Users::getInstance()->handleLogin(false); $error = CAT_Users::getInstance()->loginError(); if ($redirect) { header('Location: ' . $redirect); } $redirect_url = $val->sanitizeGet('redirect') != '' ? $val->sanitizeGet('redirect') : $val->sanitizePost('redirect'); global $parser; $parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT')); // if there's a template for this in the current frontend template $parser->setFallbackPath(dirname(__FILE__) . '/templates/default'); // fallback to default dir $parser->output('account_login_form', array('message' => $error, 'username_fieldname' => $username_fieldname, 'password_fieldname' => $password_fieldname, 'redirect_url' => $redirect_url ? $redirect_url : ''));
function Dwoo_Plugin_show_menu(Dwoo $dwoo, $aMenu = 0, $aStart = SM2_ROOT, $aMaxLevel = -1999, $aOptions = SM2_TRIM, $aItemOpen = false, $aItemClose = false, $aMenuOpen = false, $aMenuClose = false, $aTopItemOpen = false, $aTopMenuOpen = false) { if (CAT_Helper_Page::isMaintenance() && !CAT_Users::is_root()) { return false; } if (strpos($aOptions, 'SM2_PRETTY') !== false) { return "<strong>Error:</strong> show_menu() does not support the SM2_PRETTY Flag!"; } // Set variables to replace strings with constants $search_values = array('SM2_ROOT', 'SM2_CURR', 'SM2_ALLMENU', 'SM2_START', 'SM2_MAX', 'SM2_ALLINFO', 'SM2_ALL', 'SM2_TRIM', 'SM2_CRUMB', 'SM2_SIBLING', 'SM2_NUMCLASS', 'SM2_NOCACHE', 'SM2_PRETTY', 'SM2_ESCAPE', 'SM2_NOESCAPE', 'SM2_BUFFER', 'SM2_CURRTREE', 'SM2_SHOWHIDDEN', 'SM2_XHTML_STRICT', 'SM2_NO_TITLE', 'SM2_ARRAY'); $replace_values = array(SM2_ROOT, SM2_CURR, SM2_ALLMENU, SM2_START, SM2_MAX, SM2_ALLINFO, SM2_ALL, SM2_TRIM, SM2_CRUMB, SM2_SIBLING, SM2_NUMCLASS, SM2_NOCACHE, SM2_PRETTY, SM2_ESCAPE, SM2_NOESCAPE, SM2_BUFFER, SM2_CURRTREE, SM2_SHOWHIDDEN, SM2_XHTML_STRICT, SM2_NO_TITLE, ''); // Check if function shall return an array or the menu $direct_output = strpos($aOptions, 'SM2_ARRAY') === false ? true : false; // Check if SM2_BUFFER is set, when SM2_ARRAY is set (otherwise simply replace SM2_ARRAY with SM2_BUFFER $aOptions = !$direct_output && strpos($aOptions, 'SM2_BUFFER') === false ? str_replace('SM2_ARRAY', 'SM2_BUFFER', $aOptions) : $aOptions; // Replace all Strings with constants $aStart = str_replace($search_values, $replace_values, $aStart); $aMaxLevel = str_replace($search_values, $replace_values, $aMaxLevel); $aOptions = str_replace($search_values, $replace_values, $aOptions); // Among all constants get to bit values $Menu = among_constants($aMenu); $Start = among_constants($aStart); $MaxLevel = among_constants($aMaxLevel); $Options = among_constants($aOptions); if ($direct_output) { show_menu2($Menu, $Start, $MaxLevel, $Options, $aItemOpen, $aItemClose, $aMenuOpen, $aMenuClose, $aTopItemOpen, $aTopMenuOpen); } else { $result = show_menu2($Menu, $Start, $MaxLevel, $Options); $search = array('</li><li', '</a><ul', '</li></ul>', '</ul></li>', '</a></li>'); $replace = array('</li>|<li', '</a>|<ul', '</li>|</ul>', '</ul>|</li>', '</a>|</li>'); $result = str_replace($search, $replace, $result); $walk = explode('|', $result); $menu = array(); $level = 0; foreach ($walk as $index => $item) { trim($item); if ($item == '</li>') { $menu[] = array('type' => 'link_end', 'level' => $level); continue; } if ($item == '</ul>') { $menu[] = array('type' => 'level_end', 'level' => $level); $level--; continue; } if (strpos($item, '<ul') !== false) { $ul = substr($item, 0, strpos($item, '<li')); $level++; $link = array(); $link['type'] = 'level_start'; $link['level'] = $level; preg_match_all('/([a-zA-Z]*[a-zA-Z])\\s{0,3}[=]\\s{0,3}("[^"\\r\\n]*)"/', $ul, $attr); foreach ($attr as $attributes) { foreach ($attributes as $attribut) { if (strpos($attribut, "=") !== false) { list($key, $value) = explode("=", $attribut); $value = trim($value); $value = trim(substr($value, 1, strlen($value) - 2)); if (!empty($value)) { $link[$key] = $value; } } } } $menu[] = $link; $item = trim(substr($item, strpos($item, '<li'))); } if (strpos($item, '<li') !== false) { $link = array(); $link['type'] = 'link_start'; $link['level'] = $level; preg_match_all('/([a-zA-Z]*[a-zA-Z])\\s{0,3}[=]\\s{0,3}("[^"\\r\\n]*)"/', $item, $attr); foreach ($attr as $attributes) { foreach ($attributes as $attribut) { if (strpos($attribut, "=") !== false) { list($key, $value) = explode("=", $attribut); $value = trim($value); $value = trim(substr($value, 1, strlen($value) - 2)); $link[$key] = $value; } } } $link['pagename'] = pathinfo($link['href'], PATHINFO_FILENAME); $menu[] = $link; } } return $menu; } // end loop for SM2_ARRAY }
if ($val->sanitizePost('captcha') != $val->fromSession('captcha')) { $errors[] = $val->lang()->translate('The verification number (also known as Captcha) that you entered is incorrect. If you are having problems reading the Captcha, please email to: <a href="mailto:{{SERVER_EMAIL}}">{{SERVER_EMAIL}}</a>', array('SERVER_EMAIL' => SERVER_EMAIL)); } } } /* if ( isset( $_SESSION['captcha'] ) ) { unset( $_SESSION['captcha'] ); } */ if (!count($errors)) { // Generate a random password $new_pass = $users->generateRandomString(8); $md5_password = md5($new_pass); $result = $users->createUser($groups_id, $active, $username, $md5_password, $display_name, $email, CAT_Users::get_home_folder()); if (!is_bool($result)) { $errors[] = $val->lang()->translate('Unable to create user account. Please contact the administrator.'); } else { // Setup email to send $mail_to = $email; $mail_subject = $val->lang()->translate('Your login details...'); $mail_message = $parser->get('account_signup_mail_body', array('LOGIN_DISPLAY_NAME' => $display_name, 'LOGIN_WEBSITE_TITLE' => WEBSITE_TITLE, 'LOGIN_NAME' => $username, 'LOGIN_PASSWORD' => $new_pass, 'SERVER_EMAIL' => SERVER_EMAIL)); // Try sending the email if (!CAT_Helper_Mail::getInstance()->sendMail(SERVER_EMAIL, $mail_to, $mail_subject, $mail_message, CATMAILER_DEFAULT_SENDERNAME)) { $database->query("DELETE FROM `:prefix:users` WHERE username=:name", array('name' => $username)); $errors[] = $val->lang()->translate('Unable to email password, please contact system administrator'); } else { $message = $val->lang()->translate('Registration process completed!<br /><br />You should receive an eMail with your login data. If not, please contact {{SERVER_EMAIL}}.', array('SERVER_EMAIL' => SERVER_EMAIL)); $form = false; }
// no frontend login, no forgot form if (INTRO_PAGE) { die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php')); } else { die(header('Location: ' . CAT_URL . '/index.php')); } } $val = CAT_Helper_Validate::getInstance(); $email = $val->sanitizePost('email', NULL, true); $display_form = true; $msg_class = 'info'; global $parser; $parser->setPath(CAT_PATH . '/templates/' . DEFAULT_TEMPLATE . '/templates/' . CAT_Registry::get('DEFAULT_THEME_VARIANT')); // if there's a template for this in the current frontend template $parser->setFallbackPath(dirname(__FILE__) . '/templates/default'); // fallback to default dir // mailer lib installed? if (count(CAT_Helper_Addons::getLibraries('mail')) == 0) { $parser->output('account_forgot_form', array('message_class' => 'highlight', 'display_form' => false, 'message' => $val->lang()->translate('Sorry, but the system is unable to use mail to send your details. Please contact the administrator.'), 'contact' => CAT_Registry::exists('SERVER_EMAIL', false) && CAT_Registry::get('SERVER_EMAIL') != '*****@*****.**' && $val->validate_email(CAT_Registry::get('SERVER_EMAIL')) ? '<br />[ <a href="mailto:' . CAT_Registry::get('SERVER_EMAIL') . '">' . $val->lang()->translate('Send eMail') . '</a> ]' : '')); exit; } // Check if the user has already submitted the form, otherwise show it if ($email && $val->sanitize_email($email)) { list($result, $message) = CAT_Users::handleForgot($email); } else { $email = ''; } if (!isset($message)) { $message = $val->lang()->translate('Please enter your email address below'); } $parser->output('account_forgot_form', array('message_class' => $msg_class, 'email' => $email, 'display_form' => $display_form, 'message' => $message));
continue; } $dir .= '/' . $sub; if (file_exists($dir . '/framework/class.secure.php')) { include $dir . '/framework/class.secure.php'; $inc = true; break; } } if (!$inc) { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // protect $backend = CAT_Backend::getInstance('Start', 'start', false, false); if (!CAT_Users::is_authenticated()) { exit; } // just to be _really_ sure... require CAT_PATH . '/framework/CAT/ExceptionHandler.php'; // register exception/error handlers set_exception_handler(array("CAT_ExceptionHandler", "exceptionHandler")); set_error_handler(array("CAT_ExceptionHandler", "errorHandler")); register_shutdown_function(array("CAT_ExceptionHandler", "shutdownHandler")); include dirname(__FILE__) . '/../data/config.inc.php'; $widget_name = 'Version check'; $error = $version = $newer = $last = $last_version = NULL; $debug = false; $doit = true; if (!CAT_Helper_Validate::sanitizeGet('blackcat_refresh')) { $file = CAT_Helper_Directory::sanitizePath(dirname(__FILE__) . '/../data/.last');
} } $header = CAT_Helper_Validate::sanitizeGet('ajax') ? false : true; $backend = CAT_Backend::getInstance('admintools', 'admintools', $header); $admin =& $backend; $val = CAT_Helper_Validate::getInstance(); $get_tool = $val->sanitizeGet('tool', NULL, true); if ($get_tool == '') { $get_tool = $val->sanitizePost('tool', NULL, true); } if ($get_tool == '') { header("Location: index.php"); exit(0); } // check tool permission if (!CAT_Users::get_permission($get_tool, 'module')) { header("Location: index.php"); exit(0); } global $parser; $parser->setGlobals('CAT_ADMIN_URL', CAT_ADMIN_URL); // ============================== // ! Check if tool is installed // ============================== if (!CAT_Helper_Addons::isModuleInstalled($get_tool)) { header("Location: index.php"); exit(0); } $tool = CAT_Helper_Addons::getAddonDetails($get_tool); // Set toolname $tpl_data['TOOL_NAME'] = $tool['name'];
/** * Allows modules to register a file which should be allowed to load the * config.php directly. * * This is only allowed in installation context! * * @access public * @param string $module - module name * @param string $filepath - relative file path **/ public static function sec_register_file($module, $filepath) { global $admin; if (!CAT_Backend::isBackend() && !is_object($admin) && !defined('CAT_INSTALL')) { self::getInstance()->log()->logCrit("sec_register_file() called outside admin context!"); self::$error = "sec_register_file() called outside admin context!"; return false; } // check permissions if (!CAT_Users::checkPermission('Addons', 'modules_install') && !defined('CAT_INSTALL')) { self::getInstance()->log()->logCrit("sec_register_file() called without modules_install perms!"); self::$error = "sec_register_file() called without modules_install perms!"; return false; } // this will remove ../.. from $filepath $filepath = CAT_Helper_Directory::sanitizePath($filepath); if (!is_dir(CAT_PATH . '/modules/' . $module)) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])"); self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}])"; return false; } if (!file_exists(CAT_Helper_Directory::sanitizePath(CAT_PATH . '/modules/' . $module . '/' . $filepath))) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])"); self::$error = "sec_register_file() called for non existing file [{$filepath}] (module: [{$module}])"; return false; } $self = self::getInstance(); $q = $self->db()->query('SELECT * FROM `:prefix:addons` WHERE directory=:dir', array('dir' => $module)); if (!$q->rowCount()) { self::getInstance()->log()->logCrit("sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!"); self::$error = "sec_register_file() called for non existing module [{$module}] (path: [{$filepath}]) - not found in addons table!"; return false; } $row = $q->fetchRow(); // remove trailing / from $filepath $filepath = preg_replace('~^/~', '', $filepath); $q = $self->db()->query('SELECT * FROM `:prefix:class_secure` WHERE module=:mod AND filepath=:path', array('mod' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath)); if (!$q->rowCount()) { $self->db()->query('REPLACE INTO `:prefix:class_secure` VALUES ( :id, :path )', array('id' => $row['addon_id'], 'path' => '/modules/' . $module . '/' . $filepath)); return $self->db()->isError() ? false : true; } return true; }
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } ob_start(); header("Cache-Control: no-cache, must-revalidate"); header("Pragma: no-cache"); header("Content-Type: text/html; charset:utf-8;"); $backend = CAT_Backend::getInstance('Settings', 'settings_basic'); $curr_user_is_admin = in_array(1, CAT_Users::getInstance()->get_groups_id()); if (!$curr_user_is_admin) { echo "<div style='border: 2px solid #CC0000; padding: 5px; text-align: center; background-color: #ffbaba;'>You're not allowed to use this function!</div>"; exit; } $settings = array(); $sql = 'SELECT * FROM `' . CAT_TABLE_PREFIX . 'settings` WHERE name="guid"'; if ($res = $backend->db()->query($sql)) { $row = $res->fetchRow(MYSQL_ASSOC); } if (!isset($row['value']) || $row['value'] == '') { @(require_once CAT_PATH . '/framework/CAT/Object.php'); $guid = CAT_Object::createGUID(); $row['setting_id'] = isset($row['setting_id']) ? $row['setting_id'] : NULL; $backend->db()->query('REPLACE INTO `' . CAT_TABLE_PREFIX . 'settings` VALUES("' . $row['setting_id'] . '", "guid", "' . $guid . '")'); } else {
$root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } // this one is only used for the frontend! if (!FRONTEND_LOGIN) { // no frontend login, no preferences if (INTRO_PAGE) { die(header('Location: ' . CAT_URL . PAGES_DIRECTORY . '/index.php')); } else { die(header('Location: ' . CAT_URL . '/index.php')); } } // check if user is authenticated if (CAT_Users::getInstance()->is_authenticated() === false) { die(header('Location: ' . CAT_URL . '/account/login.php')); } CAT_Helper_Page::getVirtualPage('Preferences'); /** * Set the page content include file */ define('PAGE_CONTENT', CAT_PATH . '/account/preferences_form.php'); /** * Include the index (wrapper) file */ require CAT_PATH . '/index.php';
} else { $root = "../"; $level = 1; while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } $print_info_banner = true; $backend = CAT_Backend::getInstance('pages', 'pages_modify'); $_bc_user = CAT_Users::getInstance(); $_bc_val = CAT_Helper_Validate::getInstance(); $page_id = $_bc_val->get('_REQUEST', 'page_id', 'numeric'); // for backward compatibility include CAT_PATH . '/framework/class.admin.php'; $admin = new admin('Pages', 'pages_modify'); if (!$page_id) { header("Location: index.php"); exit(0); } // always enable CSRF protection in backend; does not work with // AJAX so scripts called via AJAX should set this constant if (!defined('CAT_AJAX_CALL')) { CAT_Helper_Protect::getInstance()->enableCSRFMagic(); } $section_id = $_bc_val->get('_REQUEST', 'section_id', 'numeric');
while ($level < 10 && !file_exists($root . '/framework/class.secure.php')) { $root .= "../"; $level += 1; } if (file_exists($root . '/framework/class.secure.php')) { include $root . '/framework/class.secure.php'; } else { trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } include 'functions.php'; header('Content-type: application/json'); // =============== // ! check perms // =============== $users = CAT_Users::getInstance(); if (!$users->checkPermission('pages', 'pages_settings', false) == true) { $ajax = array('message' => $backend->lang()->translate('You do not have the permission to do this.'), 'success' => false); print json_encode($ajax); exit; } // =============== // ! Get page id // =============== $val = CAT_Helper_Validate::getInstance(); $page_id = $val->get('_REQUEST', 'page_id', 'numeric'); if ($page_id == '') { $ajax = array('message' => $backend->lang()->translate('Invalid data!'), 'success' => false); print json_encode($ajax); exit; }
function get_user_details($user_id) { return CAT_Users::get_user_details($user_id); }
} //************************************************************************** // include config.php //************************************************************************** require_once $config_path . '/config.php'; //************************************************************************** // analyze path to auto-protect backend //************************************************************************** if (!defined('CAT_LOGIN_PHASE')) { $path = isset($_SERVER['SCRIPT_FILENAME']) ? CAT_Helper_Directory::sanitizePath($_SERVER['SCRIPT_FILENAME']) : NULL; if ($path) { $check = str_replace('/', '\\/', CAT_Helper_Directory::sanitizePath(CAT_ADMIN_PATH)); if (preg_match('~^' . $check . '~i', $path)) { define('CAT_REQUIRE_ADMIN', true); if (!CAT_Users::getInstance()->is_authenticated()) { CAT_Users::getInstance()->handleLogin(); exit(0); } // always enable CSRF protection in backend; does not work with // AJAX so scripts called via AJAX should set this constant if (!defined('CAT_AJAX_CALL')) { //echo "class.secure is calling enableCSRFMagic<br />"; CAT_Helper_Protect::getInstance()->enableCSRFMagic(); } global $parser; if (!is_object($parser)) { $parser = CAT_Helper_Template::getInstance('Dwoo'); } // initialize template search path $parser->setPath(CAT_THEME_PATH . '/templates'); $parser->setFallbackPath(CAT_THEME_PATH . '/templates');
trigger_error(sprintf("[ <b>%s</b> ] Can't include class.secure.php!", $_SERVER['SCRIPT_NAME']), E_USER_ERROR); } } include 'functions.php'; $val = CAT_Helper_Validate::getInstance(); // =============== // ! Get page id // =============== $page_id = $val->get('_REQUEST', 'page_id', 'numeric'); if (!$page_id) { header("Location: index.php"); exit(0); } $backend = CAT_Backend::getInstance('Pages', 'pages_settings'); $page = CAT_Helper_Page::getPage($page_id); $user = CAT_Users::get_user_details($page['modified_by']); $files = CAT_Helper_Page::getExtraHeaderFiles($page_id); // ================================== // ! Add globals to the template data // ================================== $tpl_data['CUR_TAB'] = 'headers'; $tpl_data['PAGE_HEADER'] = $backend->lang()->translate('Modify header files'); $tpl_data['PAGE_ID'] = $page_id; $tpl_data['PAGE_LINK'] = CAT_Helper_Page::getLink($page['link']); $tpl_data['PAGE_TITLE'] = $page['page_title']; $tpl_data['MODIFIED_BY'] = $user['display_name']; $tpl_data['MODIFIED_BY_USERNAME'] = $user['username']; $tpl_data['MODIFIED_WHEN'] = $page['modified_when'] != 0 ? CAT_Helper_DateTime::getDateTime($page['modified_when']) : false; $tpl_data['page_js'] = isset($files['js']) ? $files['js'] : ''; $tpl_data['page_css'] = isset($files['css']) ? $files['css'] : ''; $tpl_data['use_core'] = isset($files['use_core']) ? $files['use_core'] : NULL;